Add RKP VM marker support

Add the ability to include this marker in a config descriptor. Update the tests to test it. (And to not break quite so badly when they fail.) Bug: 312171054 Change-Id: I079203c337adee261be1307e78eb4b4d2e6890dd Reviewed-on: https://pigweed-review.googlesource.com/c/open-dice/+/181690 Reviewed-by: Andrew Scull <ascull@google.com> Presubmit-Verified: CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> Commit-Queue: Alan Stokes <alanstokes@google.com>
author: Alan Stokes <alanstokes@google.com> 2023-11-21 10:57:36 +0000
committer: CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com> 2023-11-21 10:57:36 +0000
commit: 9c7394cad96a0a22793ec334fe520cd39277ab3b (patch)
tree: 6ab455a6660a0fbe8bf25027e0763037e9882fdc
parent: 0d3f2b4639226c2b0870c1468cb88945db2b0f91 (diff)
download: open-dice-9c7394cad96a0a22793ec334fe520cd39277ab3b.tar.gz
3 files changed, 17 insertions, 9 deletions
diff --git a/include/dice/android.h b/include/dice/android.h
index 7a64cc6..7ca1df8 100644
--- a/include/dice/android.h
+++ b/include/dice/android.h
@@ -27,6 +27,7 @@ extern "C" {
 #define DICE_ANDROID_CONFIG_COMPONENT_VERSION (1 << 1)
 #define DICE_ANDROID_CONFIG_RESETTABLE (1 << 2)
 #define DICE_ANDROID_CONFIG_SECURITY_VERSION (1 << 3)
+#define DICE_ANDROID_CONFIG_RKP_VM_MARKER (1 << 4)
 
 // Contains the input values used to construct the Android Profile for DICE
 // configuration descriptor. The fields to include in the configuration
diff --git a/src/android.c b/src/android.c
index ec94f9c..cf540db 100644
--- a/src/android.c
+++ b/src/android.c
@@ -37,7 +37,8 @@ DiceResult DiceAndroidFormatConfigDescriptor(
   static const int64_t kComponentNameLabel = -70002;
   static const int64_t kComponentVersionLabel = -70003;
   static const int64_t kResettableLabel = -70004;
-  static const int64_t kSecurityVersion = -70005;
+  static const int64_t kSecurityVersionLabel = -70005;
+  static const int64_t kRkpVmMarkerLabel = -70006;
 
   // AndroidConfigDescriptor = {
   //   ? -70002 : tstr,     ; Component name
@@ -61,9 +62,13 @@ DiceResult DiceAndroidFormatConfigDescriptor(
     CborWriteNull(&out);
   }
   if (config_values->configs & DICE_ANDROID_CONFIG_SECURITY_VERSION) {
-    CborWriteInt(kSecurityVersion, &out);
+    CborWriteInt(kSecurityVersionLabel, &out);
     CborWriteUint(config_values->security_version, &out);
   }
+  if (config_values->configs & DICE_ANDROID_CONFIG_RKP_VM_MARKER) {
+    CborWriteInt(kRkpVmMarkerLabel, &out);
+    CborWriteNull(&out);
+  }
   *actual_size = CborOutSize(&out);
   if (CborOutOverflowed(&out)) {
     return kDiceResultBufferTooSmall;
diff --git a/src/android_test.cc b/src/android_test.cc
index c90bed1..86e1cb5 100644
--- a/src/android_test.cc
+++ b/src/android_test.cc
@@ -45,7 +45,8 @@ TEST(DiceAndroidConfigTest, AllConfigFields) {
       .configs = DICE_ANDROID_CONFIG_COMPONENT_NAME |
                  DICE_ANDROID_CONFIG_COMPONENT_VERSION |
                  DICE_ANDROID_CONFIG_RESETTABLE |
-                 DICE_ANDROID_CONFIG_SECURITY_VERSION,
+                 DICE_ANDROID_CONFIG_SECURITY_VERSION |
+                 DICE_ANDROID_CONFIG_RKP_VM_MARKER,
       .component_name = "Test Component Name",
       .component_version = 0x232a13dec90f42b5,
       .security_version = 0xfab777c1,
@@ -56,16 +57,17 @@ TEST(DiceAndroidConfigTest, AllConfigFields) {
   EXPECT_EQ(kDiceResultBufferTooSmall, result);
   std::vector<uint8_t> buffer(buffer_size);
   const uint8_t expected[] = {
-      0xa4, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x73, 'T',  'e',  's',  't',  ' ',
-      'C',  'o',  'm',  'p',  'o',  'n',  'e',  'n',  't',  ' ',  'N',  'a',
-      'm',  'e',  0x3a, 0x00, 0x01, 0x11, 0x72, 0x1b, 0x23, 0x2a, 0x13, 0xde,
-      0xc9, 0x0f, 0x42, 0xb5, 0x3a, 0x00, 0x01, 0x11, 0x73, 0xf6, 0x3a, 0x00,
-      0x01, 0x11, 0x74, 0x1a, 0xfa, 0xb7, 0x77, 0xc1};
+      0xa5, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x73, 'T',  'e',  's',  't',
+      ' ',  'C',  'o',  'm',  'p',  'o',  'n',  'e',  'n',  't',  ' ',
+      'N',  'a',  'm',  'e',  0x3a, 0x00, 0x01, 0x11, 0x72, 0x1b, 0x23,
+      0x2a, 0x13, 0xde, 0xc9, 0x0f, 0x42, 0xb5, 0x3a, 0x00, 0x01, 0x11,
+      0x73, 0xf6, 0x3a, 0x00, 0x01, 0x11, 0x74, 0x1a, 0xfa, 0xb7, 0x77,
+      0xc1, 0x3a, 0x00, 0x01, 0x11, 0x75, 0xf6};
   EXPECT_EQ(sizeof(expected), buffer.size());
   result = DiceAndroidFormatConfigDescriptor(&config_values, buffer.size(),
                                              buffer.data(), &buffer_size);
   EXPECT_EQ(sizeof(expected), buffer_size);
-  EXPECT_EQ(0, memcmp(expected, buffer.data(), buffer.size()));
+  EXPECT_EQ(0, memcmp(expected, buffer.data(), sizeof(expected)));
 }
 
 TEST(DiceAndroidTest, PreservesPreviousEntries) {
author	Alan Stokes <alanstokes@google.com>	2023-11-21 10:57:36 +0000
committer	CQ Bot Account <pigweed-scoped@luci-project-accounts.iam.gserviceaccount.com>	2023-11-21 10:57:36 +0000
commit	9c7394cad96a0a22793ec334fe520cd39277ab3b (patch)
tree	6ab455a6660a0fbe8bf25027e0763037e9882fdc
parent	0d3f2b4639226c2b0870c1468cb88945db2b0f91 (diff)
download	open-dice-9c7394cad96a0a22793ec334fe520cd39277ab3b.tar.gz