Merge changes from topic "fsverity-init-cleanup" into main
* changes:
fsverity_init: remove unneeded functionality
fsverity_init: cleanly support kernels without builtin sig support
Revert "fsverity_init: refactor into library + binary"
diff --git a/diced/open_dice/src/bcc.rs b/diced/open_dice/src/bcc.rs
index f9c6a34..ca2136f 100644
--- a/diced/open_dice/src/bcc.rs
+++ b/diced/open_dice/src/bcc.rs
@@ -48,9 +48,9 @@
};
let mut buffer_size = 0;
- // SAFETY: The function writes to the buffer, within the given bounds, and only reads the
- // input values. It writes its result to buffer_size.
check_result(
+ // SAFETY: The function writes to the buffer, within the given bounds, and only reads the
+ // input values. It writes its result to buffer_size.
unsafe {
BccFormatConfigDescriptor(&values, buffer.len(), buffer.as_mut_ptr(), &mut buffer_size)
},
@@ -72,11 +72,11 @@
next_bcc: &mut [u8],
) -> Result<usize> {
let mut next_bcc_size = 0;
- // SAFETY: `BccMainFlow` only reads the current `bcc` and CDI values and writes
- // to `next_bcc` and next CDI values within its bounds. It also reads
- // `input_values` as a constant input and doesn't store any pointer.
- // The first argument can be null and is not used in the current implementation.
check_result(
+ // SAFETY: `BccMainFlow` only reads the current `bcc` and CDI values and writes
+ // to `next_bcc` and next CDI values within its bounds. It also reads
+ // `input_values` as a constant input and doesn't store any pointer.
+ // The first argument can be null and is not used in the current implementation.
unsafe {
BccMainFlow(
ptr::null_mut(), // context
@@ -108,11 +108,11 @@
next_bcc_handover: &mut [u8],
) -> Result<usize> {
let mut next_bcc_handover_size = 0;
- // SAFETY - The function only reads `current_bcc_handover` and writes to `next_bcc_handover`
- // within its bounds,
- // It also reads `input_values` as a constant input and doesn't store any pointer.
- // The first argument can be null and is not used in the current implementation.
check_result(
+ // SAFETY: The function only reads `current_bcc_handover` and writes to `next_bcc_handover`
+ // within its bounds,
+ // It also reads `input_values` as a constant input and doesn't store any pointer.
+ // The first argument can be null and is not used in the current implementation.
unsafe {
BccHandoverMainFlow(
ptr::null_mut(), // context
@@ -165,9 +165,9 @@
let mut cdi_seal: *const u8 = ptr::null();
let mut bcc: *const u8 = ptr::null();
let mut bcc_size = 0;
- // SAFETY: The `bcc_handover` is only read and never stored and the returned pointers should all
- // point within the address range of the `bcc_handover` or be NULL.
check_result(
+ // SAFETY: The `bcc_handover` is only read and never stored and the returned pointers should
+ // all point within the address range of the `bcc_handover` or be NULL.
unsafe {
BccHandoverParse(
bcc_handover.as_ptr(),
diff --git a/diced/open_dice/src/dice.rs b/diced/open_dice/src/dice.rs
index 0704d21..e42e373 100644
--- a/diced/open_dice/src/dice.rs
+++ b/diced/open_dice/src/dice.rs
@@ -217,9 +217,9 @@
/// Derives a CDI private key seed from a `cdi_attest` value.
pub fn derive_cdi_private_key_seed(cdi_attest: &Cdi) -> Result<PrivateKeySeed> {
let mut seed = PrivateKeySeed::default();
- // SAFETY: The function writes to the buffer within the given bounds, and only reads the
- // input values. The first argument context is not used in this function.
check_result(
+ // SAFETY: The function writes to the buffer within the given bounds, and only reads the
+ // input values. The first argument context is not used in this function.
unsafe {
DiceDeriveCdiPrivateKeySeed(
ptr::null_mut(), // context
@@ -235,9 +235,9 @@
/// Derives an ID from the given `cdi_public_key` value.
pub fn derive_cdi_certificate_id(cdi_public_key: &[u8]) -> Result<DiceId> {
let mut id = [0u8; ID_SIZE];
- // SAFETY: The function writes to the buffer within the given bounds, and only reads the
- // input values. The first argument context is not used in this function.
check_result(
+ // SAFETY: The function writes to the buffer within the given bounds, and only reads the
+ // input values. The first argument context is not used in this function.
unsafe {
DiceDeriveCdiCertificateId(
ptr::null_mut(), // context
@@ -264,10 +264,10 @@
next_cdi_values: &mut CdiValues,
) -> Result<usize> {
let mut next_cdi_certificate_actual_size = 0;
- // SAFETY: The function only reads the current CDI values and inputs and writes
- // to `next_cdi_certificate` and next CDI values within its bounds.
- // The first argument can be null and is not used in the current implementation.
check_result(
+ // SAFETY: The function only reads the current CDI values and inputs and writes
+ // to `next_cdi_certificate` and next CDI values within its bounds.
+ // The first argument can be null and is not used in the current implementation.
unsafe {
DiceMainFlow(
ptr::null_mut(), // context
diff --git a/diced/open_dice/src/ops.rs b/diced/open_dice/src/ops.rs
index d978f86..6b9202a 100644
--- a/diced/open_dice/src/ops.rs
+++ b/diced/open_dice/src/ops.rs
@@ -29,9 +29,9 @@
/// Hashes the provided input using DICE's hash function `DiceHash`.
pub fn hash(input: &[u8]) -> Result<Hash> {
let mut output: Hash = [0; HASH_SIZE];
- // SAFETY: DiceHash takes a sized input buffer and writes to a constant-sized output buffer.
- // The first argument context is not used in this function.
check_result(
+ // SAFETY: DiceHash takes a sized input buffer and writes to a constant-sized output buffer.
+ // The first argument context is not used in this function.
unsafe {
DiceHash(
ptr::null_mut(), // context
@@ -48,9 +48,9 @@
/// An implementation of HKDF-SHA512. Derives a key of `derived_key.len()` bytes from `ikm`, `salt`,
/// and `info`. The derived key is written to the `derived_key`.
pub fn kdf(ikm: &[u8], salt: &[u8], info: &[u8], derived_key: &mut [u8]) -> Result<()> {
- // SAFETY: The function writes to the `derived_key`, within the given bounds, and only reads the
- // input values. The first argument context is not used in this function.
check_result(
+ // SAFETY: The function writes to the `derived_key`, within the given bounds, and only reads
+ // the input values. The first argument context is not used in this function.
unsafe {
DiceKdf(
ptr::null_mut(), // context
@@ -74,9 +74,10 @@
pub fn keypair_from_seed(seed: &[u8; PRIVATE_KEY_SEED_SIZE]) -> Result<(PublicKey, PrivateKey)> {
let mut public_key = [0u8; PUBLIC_KEY_SIZE];
let mut private_key = PrivateKey::default();
- // SAFETY: The function writes to the `public_key` and `private_key` within the given bounds,
- // and only reads the `seed`. The first argument context is not used in this function.
check_result(
+ // SAFETY: The function writes to the `public_key` and `private_key` within the given
+ // bounds, and only reads the `seed`. The first argument context is not used in this
+ // function.
unsafe {
DiceKeypairFromSeed(
ptr::null_mut(), // context
@@ -93,9 +94,9 @@
/// Signs the `message` with the give `private_key` using `DiceSign`.
pub fn sign(message: &[u8], private_key: &[u8; PRIVATE_KEY_SIZE]) -> Result<Signature> {
let mut signature = [0u8; SIGNATURE_SIZE];
- // SAFETY: The function writes to the `signature` within the given bounds, and only reads the
- // message and the private key. The first argument context is not used in this function.
check_result(
+ // SAFETY: The function writes to the `signature` within the given bounds, and only reads
+ // the message and the private key. The first argument context is not used in this function.
unsafe {
DiceSign(
ptr::null_mut(), // context
@@ -112,9 +113,9 @@
/// Verifies the `signature` of the `message` with the given `public_key` using `DiceVerify`.
pub fn verify(message: &[u8], signature: &Signature, public_key: &PublicKey) -> Result<()> {
- // SAFETY: only reads the messages, signature and public key as constant values.
- // The first argument context is not used in this function.
check_result(
+ // SAFETY: only reads the messages, signature and public key as constant values.
+ // The first argument context is not used in this function.
unsafe {
DiceVerify(
ptr::null_mut(), // context
@@ -140,9 +141,10 @@
certificate: &mut [u8],
) -> Result<usize> {
let mut certificate_actual_size = 0;
- // SAFETY: The function writes to the `certificate` within the given bounds, and only reads the
- // input values and the key seeds. The first argument context is not used in this function.
check_result(
+ // SAFETY: The function writes to the `certificate` within the given bounds, and only reads
+ // the input values and the key seeds. The first argument context is not used in this
+ // function.
unsafe {
DiceGenerateCertificate(
ptr::null_mut(), // context
diff --git a/identity/CredentialData.cpp b/identity/CredentialData.cpp
index 803e671..ecf2258 100644
--- a/identity/CredentialData.cpp
+++ b/identity/CredentialData.cpp
@@ -527,7 +527,6 @@
return nullptr;
}
- int n = 0;
for (AuthKeyData& data : authKeyDatas_) {
if (nowMilliSeconds > data.expirationDateMillisSinceEpoch) {
if (!allowUsingExpiredKeys) {
@@ -540,7 +539,6 @@
candidate = &data;
}
}
- n++;
}
if (candidate == nullptr) {
diff --git a/keystore2/src/apc.rs b/keystore2/src/apc.rs
index 5d2083d..fbf9464 100644
--- a/keystore2/src/apc.rs
+++ b/keystore2/src/apc.rs
@@ -244,7 +244,7 @@
// If cancelled by the user or if aborted by the client.
(ResponseCode::CANCELLED, _, _) | (ResponseCode::ABORTED, true, _) => {
// Penalize.
- let mut rate_info = state.rate_limiting.entry(uid).or_default();
+ let rate_info = state.rate_limiting.entry(uid).or_default();
rate_info.counter += 1;
rate_info.timestamp = start;
}
diff --git a/keystore2/src/entropy.rs b/keystore2/src/entropy.rs
index de38187..1dcdc86 100644
--- a/keystore2/src/entropy.rs
+++ b/keystore2/src/entropy.rs
@@ -29,7 +29,7 @@
/// Register the entropy feeder as an idle callback.
pub fn register_feeder() {
crate::globals::ASYNC_TASK.add_idle(|shelf| {
- let mut info = shelf.get_mut::<FeederInfo>();
+ let info = shelf.get_mut::<FeederInfo>();
let now = Instant::now();
let feed_needed = match info.last_feed {
None => true,
diff --git a/keystore2/src/super_key.rs b/keystore2/src/super_key.rs
index 2e8b60f..7fc3ed4 100644
--- a/keystore2/src/super_key.rs
+++ b/keystore2/src/super_key.rs
@@ -823,7 +823,7 @@
unlocking_sids: &[i64],
) {
log::info!("Locking screen bound for user {} sids {:?}", user_id, unlocking_sids);
- let mut entry = self.data.user_keys.entry(user_id).or_default();
+ let entry = self.data.user_keys.entry(user_id).or_default();
if !unlocking_sids.is_empty() {
if let (Some(aes), Some(ecdh)) = (
entry.screen_lock_bound.as_ref().cloned(),
@@ -899,7 +899,7 @@
db: &mut KeystoreDB,
user_id: UserId,
) -> Result<()> {
- let mut entry = self.data.user_keys.entry(user_id).or_default();
+ let entry = self.data.user_keys.entry(user_id).or_default();
if let Some(biometric) = entry.biometric_unlock.as_ref() {
let (key_id_guard, key_entry) = db
.load_key_entry(
diff --git a/provisioner/Android.bp b/provisioner/Android.bp
index 7d3549e..5c1956c 100644
--- a/provisioner/Android.bp
+++ b/provisioner/Android.bp
@@ -29,18 +29,20 @@
"keymint_use_latest_hal_aidl_ndk_static",
],
shared_libs: [
- "libbinder",
"libbinder_ndk",
"libcrypto",
"liblog",
],
static_libs: [
+ "android.hardware.common-V2-ndk",
+ "android.hardware.drm-V1-ndk",
"android.hardware.security.rkp-V3-ndk",
"libbase",
"libcppbor_external",
"libcppcose_rkp",
"libjsoncpp",
"libkeymint_remote_prov_support",
+ "libmediadrmrkp",
],
}
@@ -90,7 +92,6 @@
suffix: "64",
},
},
- stl: "libc++_static",
target: {
android_arm: {
dist: {
diff --git a/provisioner/rkp_factory_extraction_tool.cpp b/provisioner/rkp_factory_extraction_tool.cpp
index 5ba777e..5765e05 100644
--- a/provisioner/rkp_factory_extraction_tool.cpp
+++ b/provisioner/rkp_factory_extraction_tool.cpp
@@ -14,6 +14,7 @@
* limitations under the License.
*/
+#include <aidl/android/hardware/drm/IDrmFactory.h>
#include <aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.h>
#include <android/binder_manager.h>
#include <cppbor.h>
@@ -26,8 +27,10 @@
#include <string>
#include <vector>
+#include "DrmRkpAdapter.h"
#include "rkp_factory_extraction_lib.h"
+using aidl::android::hardware::drm::IDrmFactory;
using aidl::android::hardware::security::keymint::IRemotelyProvisionedComponent;
using aidl::android::hardware::security::keymint::remote_prov::jsonEncodeCsrWithBuild;
@@ -47,6 +50,10 @@
constexpr std::string_view kBuildPlusCsr = "build+csr"; // Text-encoded (JSON) build
// fingerprint plus CSR.
+std::string getFullServiceName(const char* descriptor, const char* name) {
+ return std::string(descriptor) + "/" + name;
+}
+
void writeOutput(const std::string instance_name, const Array& csr) {
if (FLAGS_output_format == kBinaryCsrOutput) {
auto bytes = csr.encode();
@@ -67,12 +74,21 @@
}
}
+void getCsrForIRpc(const char* descriptor, const char* name, IRemotelyProvisionedComponent* irpc) {
+ auto [request, errMsg] = getCsr(name, irpc, FLAGS_self_test);
+ auto fullName = getFullServiceName(descriptor, name);
+ if (!request) {
+ std::cerr << "Unable to build CSR for '" << fullName << ": " << errMsg << std::endl;
+ exit(-1);
+ }
+
+ writeOutput(std::string(name), *request);
+}
+
// Callback for AServiceManager_forEachDeclaredInstance that writes out a CSR
// for every IRemotelyProvisionedComponent.
void getCsrForInstance(const char* name, void* /*context*/) {
- const std::vector<uint8_t> challenge = generateChallenge();
-
- auto fullName = std::string(IRemotelyProvisionedComponent::descriptor) + "/" + name;
+ auto fullName = getFullServiceName(IRemotelyProvisionedComponent::descriptor, name);
AIBinder* rkpAiBinder = AServiceManager_getService(fullName.c_str());
::ndk::SpAIBinder rkp_binder(rkpAiBinder);
auto rkp_service = IRemotelyProvisionedComponent::fromBinder(rkp_binder);
@@ -81,13 +97,7 @@
exit(-1);
}
- auto [request, errMsg] = getCsr(name, rkp_service.get(), FLAGS_self_test);
- if (!request) {
- std::cerr << "Unable to build CSR for '" << fullName << ": " << errMsg << std::endl;
- exit(-1);
- }
-
- writeOutput(std::string(name), *request);
+ getCsrForIRpc(IRemotelyProvisionedComponent::descriptor, name, rkp_service.get());
}
} // namespace
@@ -98,5 +108,10 @@
AServiceManager_forEachDeclaredInstance(IRemotelyProvisionedComponent::descriptor,
/*context=*/nullptr, getCsrForInstance);
+ // Append drm csr's
+ for (auto const& e : android::mediadrm::getDrmRemotelyProvisionedComponents()) {
+ getCsrForIRpc(IDrmFactory::descriptor, e.first.c_str(), e.second.get());
+ }
+
return 0;
}