Merge "Run rustfmt and add rustfmt.toml to directory"
diff --git a/fsverity/Android.bp b/fsverity/Android.bp
index 040c99b..ce3b499 100644
--- a/fsverity/Android.bp
+++ b/fsverity/Android.bp
@@ -32,14 +32,6 @@
proto: {
canonical_path_from_root: false,
},
- version: {
- py2: {
- enabled: true,
- },
- py3: {
- enabled: true,
- },
- },
}
python_binary_host {
diff --git a/fsverity/TEST_MAPPING b/fsverity/TEST_MAPPING
new file mode 100644
index 0000000..b327cb8
--- /dev/null
+++ b/fsverity/TEST_MAPPING
@@ -0,0 +1,7 @@
+{
+ "presubmit": [
+ {
+ "name": "ComposHostTestCases"
+ }
+ ]
+}
diff --git a/fsverity/fsverity_manifest_generator.py b/fsverity/fsverity_manifest_generator.py
index 0b01a55..79be591 100644
--- a/fsverity/fsverity_manifest_generator.py
+++ b/fsverity/fsverity_manifest_generator.py
@@ -58,7 +58,6 @@
for f in sorted(args.inputs):
# f is a full path for now; make it relative so it starts with {mount_point}/
digest = digests.digests[os.path.relpath(f, args.base_dir)]
- print(f"{os.path.relpath(f, args.base_dir)}")
digest.digest = _digest(args.fsverity_path, f)
digest.hash_alg = HASH_ALGORITHM
diff --git a/identity/Android.bp b/identity/Android.bp
index 512e3ad..4e4b79a 100644
--- a/identity/Android.bp
+++ b/identity/Android.bp
@@ -26,6 +26,7 @@
name: "credstore",
defaults: [
"identity_defaults",
+ "identity_use_latest_hal_aidl_cpp_static",
"keymint_use_latest_hal_aidl_ndk_shared",
"keymint_use_latest_hal_aidl_cpp_static",
],
@@ -58,7 +59,6 @@
"libutilscallstack",
],
static_libs: [
- "android.hardware.identity-V4-cpp",
"android.hardware.keymaster-V3-cpp",
"libcppbor_external",
],
diff --git a/identity/util/src/java/com/android/security/identity/internal/Iso18013.java b/identity/util/src/java/com/android/security/identity/internal/Iso18013.java
index 2561fcc..b47009b 100644
--- a/identity/util/src/java/com/android/security/identity/internal/Iso18013.java
+++ b/identity/util/src/java/com/android/security/identity/internal/Iso18013.java
@@ -146,36 +146,9 @@
ByteArrayOutputStream baos = new ByteArrayOutputStream();
try {
baos.write(new byte[]{41});
- ECPoint w = ((ECPublicKey) ephemeralKeyPair.getPublic()).getW();
- // Each coordinate may be encoded in 33*, 32, or fewer bytes.
- //
- // * : it can be 33 bytes because toByteArray() guarantees "The array will contain the
- // minimum number of bytes required to represent this BigInteger, including at
- // least one sign bit, which is (ceil((this.bitLength() + 1)/8))" which means that
- // the MSB is always 0x00. This is taken care of by calling calling
- // stripLeadingZeroes().
- //
- // We need the encoding to be exactly 32 bytes since according to RFC 5480 section 2.2
- // and SEC 1: Elliptic Curve Cryptography section 2.3.3 the encoding is 0x04 | X | Y
- // where X and Y are encoded in exactly 32 byte, big endian integer values each.
- //
- byte[] xBytes = stripLeadingZeroes(w.getAffineX().toByteArray());
- if (xBytes.length > 32) {
- throw new RuntimeException("xBytes is " + xBytes.length + " which is unexpected");
- }
- for (int n = 0; n < 32 - xBytes.length; n++) {
- baos.write(0x00);
- }
- baos.write(xBytes);
- byte[] yBytes = stripLeadingZeroes(w.getAffineY().toByteArray());
- if (yBytes.length > 32) {
- throw new RuntimeException("yBytes is " + yBytes.length + " which is unexpected");
- }
- for (int n = 0; n < 32 - yBytes.length; n++) {
- baos.write(0x00);
- }
- baos.write(yBytes);
+ ECPoint w = ((ECPublicKey) ephemeralKeyPair.getPublic()).getW();
+ baos.write(Util.convertP256PublicKeyToDERFormat(w));
baos.write(new byte[]{42, 44});
} catch (IOException e) {
@@ -303,18 +276,4 @@
throw new IllegalStateException("Error performing key agreement", e);
}
}
-
- private static byte[] stripLeadingZeroes(byte[] value) {
- int n = 0;
- while (n < value.length && value[n] == 0) {
- n++;
- }
- int newLen = value.length - n;
- byte[] ret = new byte[newLen];
- int m = 0;
- while (n < value.length) {
- ret[m++] = value[n++];
- }
- return ret;
- }
}
diff --git a/identity/util/src/java/com/android/security/identity/internal/Util.java b/identity/util/src/java/com/android/security/identity/internal/Util.java
index 94d7d15..ee12cd0 100644
--- a/identity/util/src/java/com/android/security/identity/internal/Util.java
+++ b/identity/util/src/java/com/android/security/identity/internal/Util.java
@@ -1130,6 +1130,48 @@
Log.e(TAG, name + ": dumping " + data.length + " bytes\n" + fmt.toString());
}
+ // Convert EC P256 public key to DER format binary format
+ public static byte[] convertP256PublicKeyToDERFormat(ECPoint w) {
+ byte[] ret = new byte[64];
+
+ // Each coordinate may be encoded in 33*, 32, or fewer bytes.
+ //
+ // * : it can be 33 bytes because toByteArray() guarantees "The array will contain the
+ // minimum number of bytes required to represent this BigInteger, including at
+ // least one sign bit, which is (ceil((this.bitLength() + 1)/8))" which means that
+ // the MSB is always 0x00. This is taken care of by calling calling
+ // stripLeadingZeroes().
+ //
+ // We need the encoding to be exactly 32 bytes since according to RFC 5480 section 2.2
+ // and SEC 1: Elliptic Curve Cryptography section 2.3.3 the encoding is 0x04 | X | Y
+ // where X and Y are encoded in exactly 32 byte, big endian integer values each.
+ //
+ byte[] xBytes = stripLeadingZeroes(w.getAffineX().toByteArray());
+ if (xBytes.length > 32) {
+ throw new RuntimeException("xBytes is " + xBytes.length + " which is unexpected");
+ }
+ int numLeadingZeroBytes = 32 - xBytes.length;
+ for (int n = 0; n < numLeadingZeroBytes; n++) {
+ ret[n] = 0x00;
+ }
+ for (int n = 0; n < xBytes.length; n++) {
+ ret[numLeadingZeroBytes + n] = xBytes[n];
+ }
+
+ byte[] yBytes = stripLeadingZeroes(w.getAffineY().toByteArray());
+ if (yBytes.length > 32) {
+ throw new RuntimeException("yBytes is " + yBytes.length + " which is unexpected");
+ }
+ numLeadingZeroBytes = 32 - yBytes.length;
+ for (int n = 0; n < numLeadingZeroBytes; n++) {
+ ret[32 + n] = 0x00;
+ }
+ for (int n = 0; n < yBytes.length; n++) {
+ ret[32 + numLeadingZeroBytes + n] = yBytes[n];
+ }
+
+ return ret;
+ }
// This returns a SessionTranscript which satisfy the requirement
// that the uncompressed X and Y coordinates of the public key for the
@@ -1142,36 +1184,9 @@
ByteArrayOutputStream baos = new ByteArrayOutputStream();
try {
baos.write(new byte[]{42});
- ECPoint w = ((ECPublicKey) ephemeralKeyPair.getPublic()).getW();
- // Each coordinate may be encoded in 33*, 32, or fewer bytes.
- //
- // * : it can be 33 bytes because toByteArray() guarantees "The array will contain the
- // minimum number of bytes required to represent this BigInteger, including at
- // least one sign bit, which is (ceil((this.bitLength() + 1)/8))" which means that
- // the MSB is always 0x00. This is taken care of by calling calling
- // stripLeadingZeroes().
- //
- // We need the encoding to be exactly 32 bytes since according to RFC 5480 section 2.2
- // and SEC 1: Elliptic Curve Cryptography section 2.3.3 the encoding is 0x04 | X | Y
- // where X and Y are encoded in exactly 32 byte, big endian integer values each.
- //
- byte[] xBytes = stripLeadingZeroes(w.getAffineX().toByteArray());
- if (xBytes.length > 32) {
- throw new RuntimeException("xBytes is " + xBytes.length + " which is unexpected");
- }
- for (int n = 0; n < 32 - xBytes.length; n++) {
- baos.write(0x00);
- }
- baos.write(xBytes);
- byte[] yBytes = stripLeadingZeroes(w.getAffineY().toByteArray());
- if (yBytes.length > 32) {
- throw new RuntimeException("yBytes is " + yBytes.length + " which is unexpected");
- }
- for (int n = 0; n < 32 - yBytes.length; n++) {
- baos.write(0x00);
- }
- baos.write(yBytes);
+ ECPoint w = ((ECPublicKey) ephemeralKeyPair.getPublic()).getW();
+ baos.write(convertP256PublicKeyToDERFormat(w));
baos.write(new byte[]{43, 44});
} catch (IOException e) {
diff --git a/keystore2/Android.bp b/keystore2/Android.bp
index 43419b7..0e5afd9 100644
--- a/keystore2/Android.bp
+++ b/keystore2/Android.bp
@@ -27,6 +27,7 @@
srcs: ["src/lib.rs"],
defaults: [
"keymint_use_latest_hal_aidl_rust",
+ "keystore2_use_latest_aidl_rust",
],
rustlibs: [
@@ -39,7 +40,6 @@
"android.security.maintenance-rust",
"android.security.metrics-rust",
"android.security.remoteprovisioning-rust",
- "android.system.keystore2-V2-rust",
"libanyhow",
"libbinder_rs",
"libkeystore2_aaid-rust",
@@ -79,9 +79,11 @@
name: "libkeystore2_test_utils",
crate_name: "keystore2_test_utils",
srcs: ["test_utils/lib.rs"],
- defaults: ["keymint_use_latest_hal_aidl_rust"],
+ defaults: [
+ "keymint_use_latest_hal_aidl_rust",
+ "keystore2_use_latest_aidl_rust",
+ ],
rustlibs: [
- "android.system.keystore2-V2-rust",
"libbinder_rs",
"libkeystore2_selinux",
"liblog_rust",
@@ -89,8 +91,8 @@
"librand",
"libserde",
"libserde_cbor",
- "libthiserror",
- "libanyhow",
+ "libthiserror",
+ "libanyhow",
],
}
@@ -110,13 +112,15 @@
rust_test {
name: "keystore2_test_utils_test",
srcs: ["test_utils/lib.rs"],
- defaults: ["keymint_use_latest_hal_aidl_rust"],
+ defaults: [
+ "keymint_use_latest_hal_aidl_rust",
+ "keystore2_use_latest_aidl_rust",
+ ],
test_suites: ["general-tests"],
require_root: true,
auto_gen_config: true,
compile_multilib: "first",
rustlibs: [
- "android.system.keystore2-V2-rust",
"libbinder_rs",
"libkeystore2_selinux",
"liblog_rust",
@@ -124,8 +128,8 @@
"librand",
"libserde",
"libserde_cbor",
- "libthiserror",
- "libanyhow",
+ "libthiserror",
+ "libanyhow",
],
}
diff --git a/keystore2/legacykeystore/lib.rs b/keystore2/legacykeystore/lib.rs
index 95f917a..ed5bd4f 100644
--- a/keystore2/legacykeystore/lib.rs
+++ b/keystore2/legacykeystore/lib.rs
@@ -393,7 +393,7 @@
let uid = Self::get_effective_uid(uid).context("In list.")?;
let mut result = self.list_legacy(uid).context("In list.")?;
result.append(&mut db.list(uid).context("In list: Trying to get list of entries.")?);
- result = result.into_iter().filter(|s| s.starts_with(prefix)).collect();
+ result.retain(|s| s.starts_with(prefix));
result.sort_unstable();
result.dedup();
Ok(result)
diff --git a/keystore2/tests/legacy_blobs/Android.bp b/keystore2/tests/legacy_blobs/Android.bp
index 9322a41..92f2cc3 100644
--- a/keystore2/tests/legacy_blobs/Android.bp
+++ b/keystore2/tests/legacy_blobs/Android.bp
@@ -33,8 +33,6 @@
rustlibs: [
"libkeystore2_with_test_utils",
"libkeystore2_crypto_rust",
- "android.system.keystore2-V2-rust",
- "android.hardware.security.keymint-V2-rust",
"android.security.maintenance-rust",
"android.security.authorization-rust",
"librustutils",
@@ -47,5 +45,9 @@
"libserde",
"libthiserror",
],
+ defaults: [
+ "keymint_use_latest_hal_aidl_rust",
+ "keystore2_use_latest_aidl_rust",
+ ],
require_root: true,
}