Merge "keystore2: Add stress test for getting RKPD key"
diff --git a/diced/src/utils.rs b/diced/src/utils.rs
index 03e8969..37f78ac 100644
--- a/diced/src/utils.rs
+++ b/diced/src/utils.rs
@@ -256,18 +256,17 @@
pub fn encode_header(t: u8, n: u64, buffer: &mut dyn Write) -> Result<()> {
match n {
n if n < 24 => {
- let written = buffer
- .write(&u8::to_be_bytes(((t as u8) << 5) | (n as u8 & 0x1F)))
- .with_context(|| {
- format!("In encode_header: Failed to write header ({}, {})", t, n)
- })?;
+ let written =
+ buffer.write(&u8::to_be_bytes((t << 5) | (n as u8 & 0x1F))).with_context(
+ || format!("In encode_header: Failed to write header ({}, {})", t, n),
+ )?;
if written != 1 {
return Err(anyhow!("In encode_header: Buffer to small. ({}, {})", t, n));
}
}
n if n <= 0xFF => {
let written =
- buffer.write(&u8::to_be_bytes(((t as u8) << 5) | (24u8 & 0x1F))).with_context(
+ buffer.write(&u8::to_be_bytes((t << 5) | (24u8 & 0x1F))).with_context(
|| format!("In encode_header: Failed to write header ({}, {})", t, n),
)?;
if written != 1 {
@@ -286,7 +285,7 @@
}
n if n <= 0xFFFF => {
let written =
- buffer.write(&u8::to_be_bytes(((t as u8) << 5) | (25u8 & 0x1F))).with_context(
+ buffer.write(&u8::to_be_bytes((t << 5) | (25u8 & 0x1F))).with_context(
|| format!("In encode_header: Failed to write header ({}, {})", t, n),
)?;
if written != 1 {
@@ -305,7 +304,7 @@
}
n if n <= 0xFFFFFFFF => {
let written =
- buffer.write(&u8::to_be_bytes(((t as u8) << 5) | (26u8 & 0x1F))).with_context(
+ buffer.write(&u8::to_be_bytes((t << 5) | (26u8 & 0x1F))).with_context(
|| format!("In encode_header: Failed to write header ({}, {})", t, n),
)?;
if written != 1 {
@@ -324,13 +323,13 @@
}
n => {
let written =
- buffer.write(&u8::to_be_bytes(((t as u8) << 5) | (27u8 & 0x1F))).with_context(
+ buffer.write(&u8::to_be_bytes((t << 5) | (27u8 & 0x1F))).with_context(
|| format!("In encode_header: Failed to write header ({}, {})", t, n),
)?;
if written != 1 {
return Err(anyhow!("In encode_header: Buffer to small. ({}, {})", t, n));
}
- let written = buffer.write(&u64::to_be_bytes(n as u64)).with_context(|| {
+ let written = buffer.write(&u64::to_be_bytes(n)).with_context(|| {
format!("In encode_header: Failed to write size ({}, {})", t, n)
})?;
if written != 8 {
diff --git a/keystore2/aaid/lib.rs b/keystore2/aaid/lib.rs
index 3187198..8f6a09e 100644
--- a/keystore2/aaid/lib.rs
+++ b/keystore2/aaid/lib.rs
@@ -29,7 +29,7 @@
// in the second pointer argument.
let status = unsafe { aaid_keystore_attestation_id(uid, buffer.as_mut_ptr(), &mut size) };
match status {
- 0 => Ok(buffer[0..size as usize].to_vec()),
+ 0 => Ok(buffer[0..size].to_vec()),
status => Err(status),
}
}
diff --git a/keystore2/apc_compat/apc_compat.rs b/keystore2/apc_compat/apc_compat.rs
index 9f44927..480f14d 100644
--- a/keystore2/apc_compat/apc_compat.rs
+++ b/keystore2/apc_compat/apc_compat.rs
@@ -94,7 +94,7 @@
// If the pointer and size is not nullptr and not 0 respectively, the C/C++
// implementation must pass a valid pointer to an allocation of at least size bytes,
// and the pointer must be valid until this function returns.
- unsafe { slice::from_raw_parts(tbs_message, s as usize) },
+ unsafe { slice::from_raw_parts(tbs_message, s) },
),
};
let confirmation_token = match (confirmation_token.is_null(), confirmation_token_size) {
@@ -104,7 +104,7 @@
// If the pointer and size is not nullptr and not 0 respectively, the C/C++
// implementation must pass a valid pointer to an allocation of at least size bytes,
// and the pointer must be valid until this function returns.
- unsafe { slice::from_raw_parts(confirmation_token, s as usize) },
+ unsafe { slice::from_raw_parts(confirmation_token, s) },
),
};
hal_cb(rc, tbs_message, confirmation_token)
@@ -178,7 +178,7 @@
cb,
prompt_text.as_ptr(),
extra_data.as_ptr(),
- extra_data.len() as usize,
+ extra_data.len(),
locale.as_ptr(),
ui_opts,
)
diff --git a/keystore2/legacykeystore/lib.rs b/keystore2/legacykeystore/lib.rs
index ed5bd4f..464f0a2 100644
--- a/keystore2/legacykeystore/lib.rs
+++ b/keystore2/legacykeystore/lib.rs
@@ -502,10 +502,8 @@
) -> Result<bool> {
let blob = legacy_loader
.read_legacy_keystore_entry(uid, alias, |ciphertext, iv, tag, _salt, _key_size| {
- if let Some(key) = SUPER_KEY
- .read()
- .unwrap()
- .get_per_boot_key_by_user_id(uid_to_android_user(uid as u32))
+ if let Some(key) =
+ SUPER_KEY.read().unwrap().get_per_boot_key_by_user_id(uid_to_android_user(uid))
{
key.decrypt(ciphertext, iv, tag)
} else {
diff --git a/keystore2/src/async_task.rs b/keystore2/src/async_task.rs
index 0515c8f..6548445 100644
--- a/keystore2/src/async_task.rs
+++ b/keystore2/src/async_task.rs
@@ -67,7 +67,7 @@
pub fn get_mut<T: Any + Send + Default>(&mut self) -> &mut T {
self.0
.entry(TypeId::of::<T>())
- .or_insert_with(|| Box::new(T::default()) as Box<dyn Any + Send>)
+ .or_insert_with(|| Box::<T>::default() as Box<dyn Any + Send>)
.downcast_mut::<T>()
.unwrap()
}
diff --git a/keystore2/src/crypto/lib.rs b/keystore2/src/crypto/lib.rs
index 7ba47c8..08b7589 100644
--- a/keystore2/src/crypto/lib.rs
+++ b/keystore2/src/crypto/lib.rs
@@ -360,8 +360,7 @@
// Safety: the key is valid.
// This will not write past the specified length of the buffer; if the
// len above is too short, it returns 0.
- let written_len =
- unsafe { ECKEYMarshalPrivateKey(key.0, buf.as_mut_ptr(), buf.len()) } as usize;
+ let written_len = unsafe { ECKEYMarshalPrivateKey(key.0, buf.as_mut_ptr(), buf.len()) };
if written_len == len {
Ok(buf)
} else {
diff --git a/keystore2/src/database.rs b/keystore2/src/database.rs
index 62fd579..c9c28f6 100644
--- a/keystore2/src/database.rs
+++ b/keystore2/src/database.rs
@@ -830,7 +830,7 @@
pub fn satisfies(&self, user_secure_ids: &[i64], auth_type: HardwareAuthenticatorType) -> bool {
user_secure_ids.iter().any(|&sid| {
(sid == self.auth_token.userId || sid == self.auth_token.authenticatorId)
- && (((auth_type.0 as i32) & (self.auth_token.authenticatorType.0 as i32)) != 0)
+ && ((auth_type.0 & self.auth_token.authenticatorType.0) != 0)
})
}
@@ -1859,7 +1859,8 @@
let (_, hw_info) = get_keymint_dev_by_uuid(km_uuid)
.context("Error in retrieving keymint device by UUID.")?;
log_rkp_error_stats(MetricsRkpError::OUT_OF_KEYS, &hw_info.securityLevel);
- return Err(KsError::Rc(ResponseCode::OUT_OF_KEYS)).context("Out of keys.");
+ return Err(KsError::Rc(ResponseCode::OUT_OF_KEYS_TRANSIENT_ERROR))
+ .context("Out of keys.");
} else if result > 1 {
return Err(KsError::sys())
.context(format!("Expected to update 1 entry, instead updated {}", result));
@@ -4562,7 +4563,7 @@
DESTINATION_UID,
|k, av| {
assert_eq!(Domain::SELINUX, k.domain);
- assert_eq!(DESTINATION_NAMESPACE as i64, k.nspace);
+ assert_eq!(DESTINATION_NAMESPACE, k.nspace);
assert!(av.is_none());
Ok(())
},
diff --git a/keystore2/src/error.rs b/keystore2/src/error.rs
index b60b64f..d1d58a4 100644
--- a/keystore2/src/error.rs
+++ b/keystore2/src/error.rs
@@ -72,9 +72,9 @@
Error::Rc(ResponseCode::PERMISSION_DENIED)
}
- /// Short hand for `Error::Rc(ResponseCode::OUT_OF_KEYS)`
+ /// Short hand for `Error::Rc(ResponseCode::OUT_OF_KEYS_TRANSIENT_ERROR)`
pub fn out_of_keys() -> Self {
- Error::Rc(ResponseCode::OUT_OF_KEYS)
+ Error::Rc(ResponseCode::OUT_OF_KEYS_TRANSIENT_ERROR)
}
}
diff --git a/keystore2/src/legacy_blob.rs b/keystore2/src/legacy_blob.rs
index 7cf1819..2ffcc71 100644
--- a/keystore2/src/legacy_blob.rs
+++ b/keystore2/src/legacy_blob.rs
@@ -321,7 +321,7 @@
acc.push(c as char);
}
c => {
- acc.push((b'+' + (c as u8 >> 6)) as char);
+ acc.push((b'+' + (c >> 6)) as char);
acc.push((b'0' + (c & 0x3F)) as char);
}
};
diff --git a/keystore2/src/remote_provisioning.rs b/keystore2/src/remote_provisioning.rs
index cb2962a..1a83339 100644
--- a/keystore2/src/remote_provisioning.rs
+++ b/keystore2/src/remote_provisioning.rs
@@ -138,8 +138,8 @@
/// (2) if remote provisioning is present and enabled on the system. If these conditions are
/// met, it makes an attempt to fetch the attestation key assigned to the `caller_uid`.
///
- /// It returns the ResponseCode `OUT_OF_KEYS` if there is not one key currently assigned to the
- /// `caller_uid` and there are none available to assign.
+ /// It returns the ResponseCode `OUT_OF_KEYS_TRANSIENT_ERROR` if there is not one key currently
+ /// assigned to the `caller_uid` and there are none available to assign.
pub fn get_remotely_provisioned_attestation_key_and_certs(
&self,
key: &KeyDescriptor,
@@ -490,7 +490,7 @@
/// Fetches a remote provisioning attestation key and certificate chain inside of the
/// returned `CertificateChain` struct if one exists for the given caller_uid. If one has not
/// been assigned, this function will assign it. If there are no signed attestation keys
-/// available to be assigned, it will return the ResponseCode `OUT_OF_KEYS`
+/// available to be assigned, it will return the ResponseCode `OUT_OF_KEYS_TRANSIENT_ERROR`
fn get_rem_prov_attest_key(
domain: Domain,
caller_uid: u32,
@@ -645,7 +645,7 @@
/// Fetches a remotely provisioned certificate chain and key for the given client uid that
/// was provisioned using the IRemotelyProvisionedComponent with the given id. The same key
/// will be returned for a given caller_uid on every request. If there are no attestation keys
- /// available, `OUT_OF_KEYS` is returned.
+ /// available, `OUT_OF_KEYS_TRANSIENT_ERROR` is returned.
fn get_attestation_key(
&self,
db: &mut KeystoreDB,
@@ -671,7 +671,7 @@
}),
// It should be impossible to get `None`, but handle it just in case as a
// precaution against future behavioral changes in `get_rem_prov_attest_key`.
- None => Err(error::Error::Rc(ResponseCode::OUT_OF_KEYS))
+ None => Err(error::Error::Rc(ResponseCode::OUT_OF_KEYS_TRANSIENT_ERROR))
.context(ks_err!("No available attestation keys")),
}
}
@@ -958,7 +958,7 @@
.unwrap_err()
.downcast::<error::Error>()
.unwrap(),
- error::Error::Rc(ResponseCode::OUT_OF_KEYS)
+ error::Error::Rc(ResponseCode::OUT_OF_KEYS_TRANSIENT_ERROR)
);
}
@@ -1023,7 +1023,7 @@
.unwrap_err()
.downcast::<error::Error>()
.unwrap(),
- error::Error::Rc(ResponseCode::OUT_OF_KEYS)
+ error::Error::Rc(ResponseCode::OUT_OF_KEYS_TRANSIENT_ERROR)
);
}
diff --git a/keystore2/src/utils.rs b/keystore2/src/utils.rs
index 1bae75e..7bc548e 100644
--- a/keystore2/src/utils.rs
+++ b/keystore2/src/utils.rs
@@ -209,6 +209,7 @@
parameters.into_iter().map(|p| p.into_authorization()).collect()
}
+#[allow(clippy::unnecessary_cast)]
/// This returns the current time (in milliseconds) as an instance of a monotonic clock,
/// by invoking the system call since Rust does not support getting monotonic time instance
/// as an integer.
diff --git a/keystore2/src/watchdog.rs b/keystore2/src/watchdog.rs
index a26b632..01043c5 100644
--- a/keystore2/src/watchdog.rs
+++ b/keystore2/src/watchdog.rs
@@ -141,7 +141,7 @@
},
);
// Put the groups back into a vector.
- let mut groups: Vec<Vec<(&Index, &Record)>> = groups.into_iter().map(|(_, v)| v).collect();
+ let mut groups: Vec<Vec<(&Index, &Record)>> = groups.into_values().collect();
// Sort the groups by start time of the most recent (.last()) of each group.
// It is panic safe to use unwrap() here because we never add empty vectors to
// the map.