Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 8b8e6e642eb5d4e277ae9911f91dd5f842479cd7^! / . / libs / bssl / src
commit8b8e6e642eb5d4e277ae9911f91dd5f842479cd7[log] [tgz]
authorAlice Wang <aliceywang@google.com>Mon Oct 02 09:10:13 2023 +0000
committerAlice Wang <aliceywang@google.com>Fri Oct 06 11:48:36 2023 +0000
tree12fa0f92ced4e61ab679ade32cefce8017519a70
parentfacc2b82cfd8935532a591a5bf09218e6f2a754f [diff]
[rkp] Encrypt/decrypt the private key with AES-256-GCM

This cl implements the private key encryption and decryption
with AES-256-GCM.
The KEK is derived from the sealing CDI with a random salt
generated with TRNG.

The test is added to the busy town config at cl/570947834.

Bug: 279425980
Test: atest rialto_test
Test: atest libservice_vm_requests.test
Change-Id: I214ee37c64cb8508083b02376c8a398ca6049e3b

diff --git a/libs/bssl/src/aead.rs b/libs/bssl/src/aead.rs
index a7d03b9..74bde84 100644
--- a/libs/bssl/src/aead.rs
+++ b/libs/bssl/src/aead.rs

@@ -23,6 +23,11 @@
 };
 use core::ptr::NonNull;
 
+/// BoringSSL spec recommends to use 12-byte nonces.
+///
+/// https://commondatastorage.googleapis.com/chromium-boringssl-docs/aead.h.html#EVP_aead_aes_256_gcm
+pub const AES_GCM_NONCE_LENGTH: usize = 12;
+
 /// Magic value indicating that the default tag length for an AEAD should be used to
 /// initialize `AeadCtx`.
 const AEAD_DEFAULT_TAG_LENGTH: usize = EVP_AEAD_DEFAULT_TAG_LENGTH as usize;

diff --git a/libs/bssl/src/lib.rs b/libs/bssl/src/lib.rs
index 898e16c..ba4ec1f 100644
--- a/libs/bssl/src/lib.rs
+++ b/libs/bssl/src/lib.rs

@@ -25,13 +25,15 @@
 mod err;
 mod hkdf;
 mod hmac;
+mod rand;
 mod util;
 
 pub use bssl_avf_error::{ApiName, CipherError, Error, ReasonCode, Result};
 
-pub use aead::{Aead, AeadCtx};
+pub use aead::{Aead, AeadCtx, AES_GCM_NONCE_LENGTH};
 pub use cbb::CbbFixed;
 pub use digest::Digester;
 pub use ec_key::{EcKey, ZVec};
 pub use hkdf::hkdf;
 pub use hmac::hmac_sha256;
+pub use rand::rand_bytes;

diff --git a/libs/bssl/src/rand.rs b/libs/bssl/src/rand.rs
new file mode 100644
index 0000000..9343284
--- /dev/null
+++ b/libs/bssl/src/rand.rs

@@ -0,0 +1,26 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Wrappers of the randon number generations functions in BoringSSL rand.h.
+
+use crate::util::check_int_result;
+use bssl_avf_error::{ApiName, Result};
+use bssl_ffi::RAND_bytes;
+
+/// Fills the given `dest` with random data.
+pub fn rand_bytes(dest: &mut [u8]) -> Result<()> {
+    // SAFETY: This function only writes to the given buffer within its bounds.
+    let ret = unsafe { RAND_bytes(dest.as_mut_ptr(), dest.len()) };
+    check_int_result(ret, ApiName::RAND_bytes)
+}