From 9a83e61dad2c2025adc9c6cabb7bde1a17aba08b Mon Sep 17 00:00:00 2001
From: David Brazdil <dbrazdil@google.com>
Date: Tue, 27 Sep 2022 17:38:10 +0000
Subject: [PATCH] Add libopen_dice nostd wrapper and test it in vmbase_example

This integrates libopen_dice into vmbase_example and performs basic
integration tests.

Bug: 237372981
Test: atest vmbase_example.integration_test
Change-Id: I67f11094cac04c7d72d19497b8b705386d1f0fe1
---
 libs/dice/Android.bp       | 23 ++++++++++++
 libs/dice/src/lib.rs       | 77 ++++++++++++++++++++++++++++++++++++++
 vmbase/example/Android.bp  |  1 +
 vmbase/example/src/main.rs | 16 ++++++++
 4 files changed, 117 insertions(+)
 create mode 100644 libs/dice/Android.bp
 create mode 100644 libs/dice/src/lib.rs

diff --git a/libs/dice/Android.bp b/libs/dice/Android.bp
new file mode 100644
index 00000000..7cb68a5c
--- /dev/null
+++ b/libs/dice/Android.bp
@@ -0,0 +1,23 @@
+package {
+    default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_library_rlib {
+    name: "libdice_nostd",
+    crate_name: "dice",
+    srcs: ["src/lib.rs"],
+    edition: "2021",
+    no_stdlibs: true,
+    prefer_rlib: true,
+    stdlibs: ["libcore.rust_sysroot"],
+    rustlibs: [
+        "libopen_dice_cbor_bindgen",
+        "libopen_dice_bcc_bindgen",
+    ],
+    whole_static_libs: [
+        "libopen_dice_bcc",
+        "libopen_dice_cbor",
+        "libcrypto_baremetal",
+    ],
+    apex_available: ["com.android.virt"],
+}
diff --git a/libs/dice/src/lib.rs b/libs/dice/src/lib.rs
new file mode 100644
index 00000000..9e39436a
--- /dev/null
+++ b/libs/dice/src/lib.rs
@@ -0,0 +1,77 @@
+/*
+ * Copyright 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Bare metal wrapper around libopen_dice.
+
+#![no_std]
+
+use core::fmt::{self, Debug};
+use open_dice_cbor_bindgen::{
+    DiceHash, DiceResult, DiceResult_kDiceResultBufferTooSmall as DICE_RESULT_BUFFER_TOO_SMALL,
+    DiceResult_kDiceResultInvalidInput as DICE_RESULT_INVALID_INPUT,
+    DiceResult_kDiceResultOk as DICE_RESULT_OK,
+    DiceResult_kDiceResultPlatformError as DICE_RESULT_PLATFORM_ERROR,
+};
+
+const HASH_SIZE: usize = open_dice_cbor_bindgen::DICE_HASH_SIZE as usize;
+
+/// Array type of hashes used by DICE.
+pub type Hash = [u8; HASH_SIZE];
+
+/// Error type used by DICE.
+pub enum Error {
+    /// Provided input was invalid.
+    InvalidInput,
+    /// Provided buffer was too small.
+    BufferTooSmall,
+    /// Unexpected platform error.
+    PlatformError,
+    /// Unexpected return value.
+    Unknown(DiceResult),
+}
+
+impl Debug for Error {
+    fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+        match self {
+            Error::InvalidInput => write!(f, "invalid input"),
+            Error::BufferTooSmall => write!(f, "buffer too small"),
+            Error::PlatformError => write!(f, "platform error"),
+            Error::Unknown(n) => write!(f, "unknown error: {}", n),
+        }
+    }
+}
+
+fn check_call(ret: DiceResult) -> Result<(), Error> {
+    match ret {
+        DICE_RESULT_OK => Ok(()),
+        DICE_RESULT_INVALID_INPUT => Err(Error::InvalidInput),
+        DICE_RESULT_BUFFER_TOO_SMALL => Err(Error::BufferTooSmall),
+        DICE_RESULT_PLATFORM_ERROR => Err(Error::PlatformError),
+        n => Err(Error::Unknown(n)),
+    }
+}
+
+fn ctx() -> *mut core::ffi::c_void {
+    core::ptr::null_mut()
+}
+
+/// Hash the provided input using DICE's default hash function.
+pub fn hash(bytes: &[u8]) -> Result<Hash, Error> {
+    let mut output: Hash = [0; HASH_SIZE];
+    // SAFETY - DiceHash takes a sized input buffer and writes to a constant-sized output buffer.
+    check_call(unsafe { DiceHash(ctx(), bytes.as_ptr(), bytes.len(), output.as_mut_ptr()) })?;
+    Ok(output)
+}
diff --git a/vmbase/example/Android.bp b/vmbase/example/Android.bp
index 4e620900..e9a3f984 100644
--- a/vmbase/example/Android.bp
+++ b/vmbase/example/Android.bp
@@ -11,6 +11,7 @@ rust_ffi_static {
     rustlibs: [
         "libaarch64_paging",
         "libbuddy_system_allocator",
+        "libdice_nostd",
         "liblog_rust_nostd",
         "libvmbase",
     ],
diff --git a/vmbase/example/src/main.rs b/vmbase/example/src/main.rs
index 9b362b2a..d6a966c2 100644
--- a/vmbase/example/src/main.rs
+++ b/vmbase/example/src/main.rs
@@ -94,6 +94,7 @@ pub fn main(arg0: u64, arg1: u64, arg2: u64, arg3: u64) {
     info!("Activated.");
 
     check_data();
+    check_dice();
 }
 
 fn check_stack_guard() {
@@ -148,3 +149,18 @@ fn check_alloc() {
     assert_eq!(vector[2], 42);
     info!("Vec seems to work.");
 }
+
+fn check_dice() {
+    info!("Testing DICE integration...");
+    let hash = dice::hash("hello world".as_bytes()).expect("DiceHash failed");
+    assert_eq!(
+        hash,
+        [
+            0x30, 0x9e, 0xcc, 0x48, 0x9c, 0x12, 0xd6, 0xeb, 0x4c, 0xc4, 0x0f, 0x50, 0xc9, 0x02,
+            0xf2, 0xb4, 0xd0, 0xed, 0x77, 0xee, 0x51, 0x1a, 0x7c, 0x7a, 0x9b, 0xcd, 0x3c, 0xa8,
+            0x6d, 0x4c, 0xd8, 0x6f, 0x98, 0x9d, 0xd3, 0x5b, 0xc5, 0xff, 0x49, 0x96, 0x70, 0xda,
+            0x34, 0x25, 0x5b, 0x45, 0xb0, 0xcf, 0xd8, 0x30, 0xe8, 0x1f, 0x60, 0x5d, 0xcf, 0x7d,
+            0xc5, 0x54, 0x2e, 0x93, 0xae, 0x9c, 0xd7, 0x6f
+        ]
+    );
+}