[bssl] Add no_std compatible BoringSSL wrapper library for AVF
Bug: 301068421
Test: atest rialto_test
Change-Id: I8af77d457f7a956b0bc88ba4a0498483651426b0
diff --git a/libs/bssl/Android.bp b/libs/bssl/Android.bp
new file mode 100644
index 0000000..5eda389
--- /dev/null
+++ b/libs/bssl/Android.bp
@@ -0,0 +1,30 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_defaults {
+ name: "libbssl_avf_defaults",
+ crate_name: "bssl_avf",
+ srcs: ["src/lib.rs"],
+ prefer_rlib: true,
+ apex_available: [
+ "com.android.virt",
+ ],
+}
+
+rust_library_rlib {
+ name: "libbssl_avf_nostd",
+ defaults: ["libbssl_avf_defaults"],
+ no_stdlibs: true,
+ stdlibs: [
+ "libcompiler_builtins.rust_sysroot",
+ "libcore.rust_sysroot",
+ ],
+ static_libs: [
+ "libcrypto_baremetal",
+ ],
+ rustlibs: [
+ "libbssl_avf_error_nostd",
+ "libbssl_ffi_nostd",
+ ],
+}
diff --git a/libs/bssl/error/Android.bp b/libs/bssl/error/Android.bp
new file mode 100644
index 0000000..dc2902e
--- /dev/null
+++ b/libs/bssl/error/Android.bp
@@ -0,0 +1,37 @@
+package {
+ default_applicable_licenses: ["Android-Apache-2.0"],
+}
+
+rust_defaults {
+ name: "libbssl_avf_error_defaults",
+ crate_name: "bssl_avf_error",
+ srcs: ["src/lib.rs"],
+ prefer_rlib: true,
+ apex_available: [
+ "com.android.virt",
+ ],
+}
+
+rust_library_rlib {
+ name: "libbssl_avf_error_nostd",
+ defaults: ["libbssl_avf_error_defaults"],
+ no_stdlibs: true,
+ stdlibs: [
+ "libcompiler_builtins.rust_sysroot",
+ "libcore.rust_sysroot",
+ ],
+ rustlibs: [
+ "libserde_nostd",
+ ],
+}
+
+rust_library {
+ name: "libbssl_avf_error",
+ defaults: ["libbssl_avf_error_defaults"],
+ features: [
+ "std",
+ ],
+ rustlibs: [
+ "libserde",
+ ],
+}
diff --git a/libs/bssl/error/src/lib.rs b/libs/bssl/error/src/lib.rs
new file mode 100644
index 0000000..73afbc2
--- /dev/null
+++ b/libs/bssl/error/src/lib.rs
@@ -0,0 +1,60 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Errors and relating structs thrown by the BoringSSL wrapper library.
+
+#![cfg_attr(not(feature = "std"), no_std)]
+
+use core::{fmt, result};
+use serde::{Deserialize, Serialize};
+
+/// libbssl_avf result type.
+pub type Result<T> = result::Result<T, Error>;
+
+/// Error type used by libbssl_avf.
+#[derive(Clone, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub enum Error {
+ /// Failed to invoke a BoringSSL API.
+ CallFailed(ApiName),
+}
+
+impl fmt::Display for Error {
+ fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
+ match self {
+ Self::CallFailed(api_name) => {
+ write!(f, "Failed to invoke the BoringSSL API: {api_name:?}")
+ }
+ }
+ }
+}
+
+/// BoringSSL API names.
+#[allow(missing_docs)]
+#[allow(non_camel_case_types)]
+#[derive(Clone, Copy, Debug, PartialEq, Eq, Serialize, Deserialize)]
+pub enum ApiName {
+ BN_new,
+ BN_bn2bin_padded,
+ CBB_flush,
+ CBB_len,
+ EC_KEY_check_key,
+ EC_KEY_generate_key,
+ EC_KEY_get0_group,
+ EC_KEY_get0_public_key,
+ EC_KEY_marshal_private_key,
+ EC_KEY_new_by_curve_name,
+ EC_POINT_get_affine_coordinates,
+ EVP_sha256,
+ HMAC,
+}
diff --git a/libs/bssl/src/cbb.rs b/libs/bssl/src/cbb.rs
new file mode 100644
index 0000000..9b5f7fe
--- /dev/null
+++ b/libs/bssl/src/cbb.rs
@@ -0,0 +1,53 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Helpers for using BoringSSL CBB (crypto byte builder) objects.
+
+use bssl_ffi::{CBB_init_fixed, CBB};
+use core::marker::PhantomData;
+use core::mem::MaybeUninit;
+
+/// Wraps a CBB that references a existing fixed-sized buffer; no memory is allocated, but the
+/// buffer cannot grow.
+pub struct CbbFixed<'a> {
+ cbb: CBB,
+ /// The CBB contains a mutable reference to the buffer, disguised as a pointer.
+ /// Make sure the borrow checker knows that.
+ _buffer: PhantomData<&'a mut [u8]>,
+}
+
+impl<'a> CbbFixed<'a> {
+ /// Create a new CBB that writes to the given buffer.
+ pub fn new(buffer: &'a mut [u8]) -> Self {
+ let mut cbb = MaybeUninit::uninit();
+ // SAFETY: `CBB_init_fixed()` is infallible and always returns one.
+ // The buffer remains valid during the lifetime of `cbb`.
+ unsafe { CBB_init_fixed(cbb.as_mut_ptr(), buffer.as_mut_ptr(), buffer.len()) };
+ // SAFETY: `cbb` has just been initialized by `CBB_init_fixed()`.
+ let cbb = unsafe { cbb.assume_init() };
+ Self { cbb, _buffer: PhantomData }
+ }
+}
+
+impl<'a> AsRef<CBB> for CbbFixed<'a> {
+ fn as_ref(&self) -> &CBB {
+ &self.cbb
+ }
+}
+
+impl<'a> AsMut<CBB> for CbbFixed<'a> {
+ fn as_mut(&mut self) -> &mut CBB {
+ &mut self.cbb
+ }
+}
diff --git a/libs/bssl/src/lib.rs b/libs/bssl/src/lib.rs
new file mode 100644
index 0000000..a4e00f0
--- /dev/null
+++ b/libs/bssl/src/lib.rs
@@ -0,0 +1,22 @@
+// Copyright 2023, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Safe wrappers around the BoringSSL API.
+
+#![cfg_attr(not(feature = "std"), no_std)]
+
+mod cbb;
+
+pub use bssl_avf_error::{ApiName, Error, Result};
+pub use cbb::CbbFixed;