remote_provisioning/hwtrust/src/main.rs - platform/tools/security - Git at Google

 //! A tool for handling data related to the hardware root-of-trust.

 use anyhow::Result;
 use clap::{Parser, Subcommand};
 use hwtrust::dice;
 use std::fs;

 #[derive(Parser)]
 /// A tool for handling data related to the hardware root-of-trust
 #[clap(name = "hwtrust")]
 struct Args {
     #[clap(subcommand)]
     action: Action,
 }

 #[derive(Subcommand)]
 enum Action {
     VerifyDiceChain(VerifyDiceChainArgs),
 }

 #[derive(Parser)]
 /// Verify that a DICE chain is well-formed
 ///
 /// DICE chains are expected to follow the specification of the RKP HAL [1] which is based on the
 /// Open Profile for DICE [2].
 ///
 /// [1] -- https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
 /// [2] -- https://pigweed.googlesource.com/open-dice/+/refs/heads/main/docs/specification.md
 struct VerifyDiceChainArgs {
     /// Dump the DICE chain on the standard output
     #[clap(long)]
     dump: bool,

     /// Path to a file containing a DICE chain
     chain: String,
 }

 fn main() -> Result<()> {
     let args = Args::parse();
     let Action::VerifyDiceChain(sub_args) = args.action;
     let chain = dice::Chain::from_cbor(&fs::read(sub_args.chain)?)?;
     println!("Success!");
     if sub_args.dump {
         print!("{}", chain);
     }
     Ok(())
 }

 #[cfg(test)]
 mod tests {
     use super::*;
     use clap::CommandFactory;

     #[test]
     fn verify_command() {
         Args::command().debug_assert();
     }
 }
	//! A tool for handling data related to the hardware root-of-trust.

	use anyhow::Result;
	use clap::{Parser, Subcommand};
	use hwtrust::dice;
	use std::fs;

	#[derive(Parser)]
	/// A tool for handling data related to the hardware root-of-trust
	#[clap(name = "hwtrust")]
	struct Args {
	#[clap(subcommand)]
	action: Action,
	}

	#[derive(Subcommand)]
	enum Action {
	VerifyDiceChain(VerifyDiceChainArgs),
	}

	#[derive(Parser)]
	/// Verify that a DICE chain is well-formed
	///
	/// DICE chains are expected to follow the specification of the RKP HAL [1] which is based on the
	/// Open Profile for DICE [2].
	///
	/// [1] -- https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/rkp/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl
	/// [2] -- https://pigweed.googlesource.com/open-dice/+/refs/heads/main/docs/specification.md
	struct VerifyDiceChainArgs {
	/// Dump the DICE chain on the standard output
	#[clap(long)]
	dump: bool,

	/// Path to a file containing a DICE chain
	chain: String,
	}

	fn main() -> Result<()> {
	let args = Args::parse();
	let Action::VerifyDiceChain(sub_args) = args.action;
	let chain = dice::Chain::from_cbor(&fs::read(sub_args.chain)?)?;
	println!("Success!");
	if sub_args.dump {
	print!("{}", chain);
	}
	Ok(())
	}

	#[cfg(test)]
	mod tests {
	use super::*;
	use clap::CommandFactory;

	#[test]
	fn verify_command() {
	Args::command().debug_assert();
	}
	}