[pvmfw] Use hkdf from libbssl instead of bssl bindgen
With this cl, the size of pvmfw.bin increases from
497792 bytes to 497952 bytes.
Test: m pvmfw_bin
Bug: 301068421
Change-Id: Ia5149d2609a33013bee0aa8856f460d07de27ed4
diff --git a/pvmfw/Android.bp b/pvmfw/Android.bp
index 523334f..8c21030 100644
--- a/pvmfw/Android.bp
+++ b/pvmfw/Android.bp
@@ -12,6 +12,7 @@
],
rustlibs: [
"libaarch64_paging",
+ "libbssl_avf_nostd",
"libbssl_ffi_nostd",
"libciborium_nostd",
"libciborium_io_nostd",
diff --git a/pvmfw/src/crypto.rs b/pvmfw/src/crypto.rs
index 94714c0..2b3d921 100644
--- a/pvmfw/src/crypto.rs
+++ b/pvmfw/src/crypto.rs
@@ -31,10 +31,8 @@
use bssl_ffi::EVP_AEAD_CTX_seal;
use bssl_ffi::EVP_AEAD_max_overhead;
use bssl_ffi::EVP_aead_aes_256_gcm_randnonce;
-use bssl_ffi::EVP_sha512;
use bssl_ffi::EVP_AEAD;
use bssl_ffi::EVP_AEAD_CTX;
-use bssl_ffi::HKDF;
use vmbase::cstr;
#[derive(Debug)]
@@ -267,36 +265,6 @@
}
}
-pub fn hkdf_sh512<const N: usize>(secret: &[u8], salt: &[u8], info: &[u8]) -> Result<[u8; N]> {
- let mut key = [0; N];
- // SAFETY: The function shouldn't access any Rust variable and the returned value is accepted
- // as a potentially NULL pointer.
- let digest = unsafe { EVP_sha512() };
-
- assert!(!digest.is_null());
- // SAFETY: Only reads from/writes to the provided slices and supports digest was checked not
- // be NULL.
- let result = unsafe {
- HKDF(
- key.as_mut_ptr(),
- key.len(),
- digest,
- secret.as_ptr(),
- secret.len(),
- salt.as_ptr(),
- salt.len(),
- info.as_ptr(),
- info.len(),
- )
- };
-
- if result == 1 {
- Ok(key)
- } else {
- Err(ErrorIterator {})
- }
-}
-
pub fn init() {
// SAFETY: Configures the internal state of the library - may be called multiple times.
unsafe { CRYPTO_library_init() }
diff --git a/pvmfw/src/instance.rs b/pvmfw/src/instance.rs
index f2b34da..75bc3d3 100644
--- a/pvmfw/src/instance.rs
+++ b/pvmfw/src/instance.rs
@@ -15,12 +15,12 @@
//! Support for reading and writing to the instance.img.
use crate::crypto;
-use crate::crypto::hkdf_sh512;
use crate::crypto::AeadCtx;
use crate::dice::PartialInputs;
use crate::gpt;
use crate::gpt::Partition;
use crate::gpt::Partitions;
+use bssl_avf::{self, hkdf, Digester};
use core::fmt;
use core::mem::size_of;
use diced_open_dice::DiceMode;
@@ -63,6 +63,8 @@
UnsupportedEntrySize(usize),
/// Failed to create VirtIO Block device.
VirtIOBlkCreationFailed(virtio_drivers::Error),
+ /// An error happened during the interaction with BoringSSL.
+ BoringSslFailed(bssl_avf::Error),
}
impl fmt::Display for Error {
@@ -95,10 +97,19 @@
Self::VirtIOBlkCreationFailed(e) => {
write!(f, "Failed to create VirtIO Block device: {e}")
}
+ Self::BoringSslFailed(e) => {
+ write!(f, "An error happened during the interaction with BoringSSL: {e}")
+ }
}
}
}
+impl From<bssl_avf::Error> for Error {
+ fn from(e: bssl_avf::Error) -> Self {
+ Self::BoringSslFailed(e)
+ }
+}
+
pub type Result<T> = core::result::Result<T, Error>;
pub fn get_or_generate_instance_salt(
@@ -111,7 +122,7 @@
let entry = locate_entry(&mut instance_img)?;
trace!("Found pvmfw instance.img entry: {entry:?}");
- let key = hkdf_sh512::<32>(secret, /*salt=*/ &[], b"vm-instance");
+ let key = hkdf::<32>(secret, /* salt= */ &[], b"vm-instance", Digester::sha512())?;
let mut blk = [0; BLK_SIZE];
match entry {
PvmfwEntry::Existing { header_index, payload_size } => {
@@ -124,7 +135,6 @@
let payload = &blk[..payload_size];
let mut entry = [0; size_of::<EntryBody>()];
- let key = key.map_err(Error::FailedOpen)?;
let aead = AeadCtx::new_aes_256_gcm_randnonce(&key).map_err(Error::FailedOpen)?;
let decrypted = aead.open(&mut entry, payload).map_err(Error::FailedOpen)?;
@@ -143,7 +153,6 @@
let salt = rand::random_array().map_err(Error::FailedSaltGeneration)?;
let body = EntryBody::new(dice_inputs, &salt);
- let key = key.map_err(Error::FailedSeal)?;
let aead = AeadCtx::new_aes_256_gcm_randnonce(&key).map_err(Error::FailedSeal)?;
// We currently only support single-blk entries.
let plaintext = body.as_bytes();