Merge remote-tracking branch 'aosp/upstream-main' into HEAD
Bug: 268592034
Test: mmm external/open-dice
Change-Id: If2f8dea90582da00103b58f1639414b01e2e7467
diff --git a/.gitmodules b/.gitmodules
deleted file mode 100644
index 50b3395..0000000
--- a/.gitmodules
+++ /dev/null
@@ -1,25 +0,0 @@
-# These paths may transform when this repo is mirrored. For example, the github
-# mirror of this repo should reference the github mirror of submodules.
-#
-# transformation version: 1
-#
-[submodule "boringssl"]
- path = third_party/boringssl/src
- url = https://pigweed.googlesource.com/third_party/boringssl/boringssl
- branch = main
-[submodule "mbedtls"]
- path = third_party/mbedtls/src
- url = https://pigweed.googlesource.com/third_party/github/ARMmbed/mbedtls.git
- branch = main
-[submodule "cn-cbor"]
- path = third_party/cn-cbor/src
- url = https://pigweed.googlesource.com/third_party/github/jimsch/cn-cbor.git
- branch = main
-[submodule "cose-c"]
- path = third_party/cose-c/src
- url = https://pigweed.googlesource.com/third_party/github/cose-wg/COSE-C.git
- branch = main
-[submodule "pigweed"]
- path = third_party/pigweed/src
- url = https://pigweed.googlesource.com/pigweed/pigweed
- branch = main
diff --git a/Android.bp b/Android.bp
new file mode 100644
index 0000000..a0043a0
--- /dev/null
+++ b/Android.bp
@@ -0,0 +1,291 @@
+package {
+ default_applicable_licenses: ["external_open_dice_license"],
+}
+
+license {
+ name: "external_open_dice_license",
+ visibility: [":__subpackages__"],
+ license_kinds: ["SPDX-license-identifier-Apache-2.0"],
+ license_text: ["LICENSE"],
+}
+
+cc_defaults {
+ name: "libopen_dice.cc_defaults",
+ defaults_visibility: ["//visibility:private"],
+ host_supported: true,
+ vendor_available: true,
+ apex_available: [
+ "//apex_available:platform",
+ "com.android.compos",
+ "com.android.virt",
+ ],
+}
+
+cc_library_headers {
+ name: "libopen_dice_headers",
+ defaults: ["libopen_dice.cc_defaults"],
+ export_include_dirs: ["include"],
+}
+
+cc_library_headers {
+ name: "libopen_dice_boringssl_ed25519_headers",
+ defaults: ["libopen_dice.cc_defaults"],
+ export_include_dirs: ["include/dice/config/boringssl_ed25519"],
+}
+
+cc_library_headers {
+ name: "libopen_dice_boringssl_ecdsa_p384_headers",
+ defaults: ["libopen_dice.cc_defaults"],
+ export_include_dirs: ["include/dice/config/boringssl_ecdsa_p384"],
+}
+
+cc_defaults {
+ name: "libopen_dice_cbor.cc_defaults",
+ defaults: ["libopen_dice.cc_defaults"],
+ srcs: [
+ "src/boringssl_hash_kdf_ops.c",
+ "src/boringssl_ed25519_ops.c",
+ "src/cbor_cert_op.c",
+ "src/cbor_ed25519_cert_op.c",
+ "src/cbor_writer.c",
+ "src/dice.c",
+ "src/utils.c",
+ ],
+ header_libs: [
+ "libopen_dice_boringssl_ed25519_headers",
+ "libopen_dice_headers",
+ ],
+ export_header_lib_headers: [
+ "libopen_dice_boringssl_ed25519_headers",
+ "libopen_dice_headers",
+ ],
+}
+
+cc_library {
+ name: "libopen_dice_cbor",
+ defaults: ["libopen_dice_cbor.cc_defaults"],
+ srcs: [
+ "src/clear_memory.c",
+ ],
+ shared_libs: ["libcrypto"],
+}
+
+cc_library_static {
+ name: "libopen_dice_cbor_p384",
+ defaults: ["libopen_dice.cc_defaults"],
+ srcs: [
+ "src/boringssl_hash_kdf_ops.c",
+ "src/boringssl_ecdsa_utils.c",
+ "src/boringssl_p384_ops.c",
+ "src/cbor_cert_op.c",
+ "src/cbor_p384_cert_op.c",
+ "src/cbor_writer.c",
+ "src/clear_memory.c",
+ "src/dice.c",
+ "src/utils.c",
+ ],
+ header_libs: [
+ "libopen_dice_boringssl_ecdsa_p384_headers",
+ "libopen_dice_headers",
+ ],
+ export_header_lib_headers: [
+ "libopen_dice_boringssl_ecdsa_p384_headers",
+ "libopen_dice_headers",
+ ],
+ shared_libs: ["libcrypto"],
+}
+
+// Version of the library missing DiceClearMemory, for baremetal client code.
+cc_library_static {
+ name: "libopen_dice_cbor_baremetal",
+ defaults: ["libopen_dice_cbor.cc_defaults"],
+ allow_undefined_symbols: true,
+ static_libs: ["libcrypto_baremetal"],
+}
+
+cc_defaults {
+ name: "libopen_dice_bcc.cc_defaults",
+ defaults: ["libopen_dice.cc_defaults"],
+ srcs: [
+ "src/cbor_reader.c",
+ "src/android/bcc.c",
+ ],
+}
+
+cc_library {
+ name: "libopen_dice_bcc",
+ defaults: ["libopen_dice_bcc.cc_defaults"],
+ export_shared_lib_headers: ["libopen_dice_cbor"],
+ shared_libs: [
+ "libcrypto",
+ "libopen_dice_cbor",
+ ],
+}
+
+cc_library_static {
+ name: "libopen_dice_bcc_baremetal",
+ defaults: ["libopen_dice_bcc.cc_defaults"],
+ export_static_lib_headers: ["libopen_dice_cbor_baremetal"],
+ static_libs: [
+ "libcrypto_baremetal",
+ "libopen_dice_cbor_baremetal",
+ ],
+}
+
+cc_library_static {
+ name: "libopen_dice_bcc_p384",
+ defaults: ["libopen_dice.cc_defaults"],
+ srcs: [
+ "src/cbor_reader.c",
+ "src/android/bcc.c",
+ ],
+ static_libs: ["libopen_dice_cbor_p384"],
+ export_static_lib_headers: ["libopen_dice_cbor_p384"],
+ shared_libs: ["libcrypto"],
+}
+
+cc_test {
+ name: "libopen_dice_test",
+ host_supported: true,
+ cflags: ["-DDICE_USE_GTEST"],
+ srcs: [
+ "src/clear_memory.c",
+ "src/dice_test.cc",
+ "src/dice.c",
+ "src/utils.c",
+ ],
+ header_libs: [
+ "libopen_dice_boringssl_ed25519_headers",
+ "libopen_dice_headers",
+ ],
+ shared_libs: ["libcrypto"],
+}
+
+cc_test {
+ name: "libopen_dice_p384_test",
+ host_supported: true,
+ cflags: ["-DDICE_USE_GTEST"],
+ srcs: [
+ "src/clear_memory.c",
+ "src/dice_test.cc",
+ "src/dice.c",
+ "src/utils.c",
+ ],
+ header_libs: [
+ "libopen_dice_boringssl_ecdsa_p384_headers",
+ "libopen_dice_headers",
+ ],
+ shared_libs: ["libcrypto"],
+}
+
+cc_test {
+ name: "libopen_dice_cbor_writer_test",
+ host_supported: true,
+ cflags: ["-DDICE_USE_GTEST"],
+ srcs: ["src/cbor_writer_test.cc"],
+ static_libs: ["libopen_dice_cbor"],
+}
+
+cc_test {
+ name: "libopen_dice_cbor_writer_p384_test",
+ host_supported: true,
+ cflags: ["-DDICE_USE_GTEST"],
+ srcs: ["src/cbor_writer_test.cc"],
+ static_libs: ["libopen_dice_cbor_p384"],
+}
+
+cc_test {
+ name: "libopen_dice_cbor_reader_test",
+ host_supported: true,
+ cflags: ["-DDICE_USE_GTEST"],
+ srcs: ["src/cbor_reader_test.cc"],
+ static_libs: ["libopen_dice_bcc"],
+}
+
+cc_test {
+ name: "libopen_dice_cbor_reader_p384_test",
+ host_supported: true,
+ cflags: ["-DDICE_USE_GTEST"],
+ srcs: ["src/cbor_reader_test.cc"],
+ static_libs: ["libopen_dice_bcc_p384"],
+}
+
+cc_test {
+ name: "libopen_dice_bcc_test",
+ host_supported: true,
+ cflags: ["-DDICE_USE_GTEST"],
+ srcs: ["src/android/bcc_test.cc"],
+ static_libs: [
+ "libopen_dice_bcc",
+ "libopen_dice_cbor",
+ ],
+ shared_libs: ["libcrypto"],
+}
+
+// TODO: cbor_cert_op_test after resolving COSE dependency
+
+cc_fuzz {
+ name: "libopen_dice_cbor_writer_fuzzer",
+ host_supported: true,
+ srcs: ["src/cbor_writer_fuzzer.cc"],
+ static_libs: ["libopen_dice_cbor"],
+}
+
+cc_fuzz {
+ name: "libopen_dice_cbor_writer_p384_fuzzer",
+ host_supported: true,
+ srcs: ["src/cbor_writer_fuzzer.cc"],
+ static_libs: ["libopen_dice_cbor_p384"],
+}
+
+cc_fuzz {
+ name: "libopen_dice_cbor_reader_fuzzer",
+ host_supported: true,
+ srcs: ["src/cbor_reader_fuzzer.cc"],
+ static_libs: ["libopen_dice_bcc"],
+}
+
+cc_fuzz {
+ name: "libopen_dice_cbor_reader_p384_fuzzer",
+ host_supported: true,
+ srcs: ["src/cbor_reader_fuzzer.cc"],
+ static_libs: ["libopen_dice_bcc_p384"],
+}
+
+cc_fuzz {
+ name: "libopen_dice_cbor_fuzzer",
+ host_supported: true,
+ srcs: ["src/fuzzer.cc"],
+ static_libs: ["libopen_dice_cbor"],
+ shared_libs: ["libcrypto"],
+}
+
+cc_fuzz {
+ name: "libopen_dice_cbor_p384_fuzzer",
+ host_supported: true,
+ srcs: ["src/fuzzer.cc"],
+ static_libs: ["libopen_dice_cbor_p384"],
+ shared_libs: ["libcrypto"],
+}
+
+cc_fuzz {
+ name: "libopen_dice_bcc_fuzzer",
+ host_supported: true,
+ srcs: ["src/android/bcc_fuzzer.cc"],
+ static_libs: [
+ "libopen_dice_bcc",
+ "libopen_dice_cbor",
+ ],
+ shared_libs: ["libcrypto"],
+}
+
+cc_fuzz {
+ name: "libopen_dice_bcc_p384_fuzzer",
+ host_supported: true,
+ srcs: ["src/android/bcc_fuzzer.cc"],
+ static_libs: [
+ "libopen_dice_bcc_p384",
+ "libopen_dice_cbor_p384",
+ ],
+ shared_libs: ["libcrypto"],
+}
diff --git a/METADATA b/METADATA
new file mode 100644
index 0000000..d114f8a
--- /dev/null
+++ b/METADATA
@@ -0,0 +1,14 @@
+name: "open-dice"
+description: "Open Profile for DICE"
+third_party {
+ url {
+ type: HOMEPAGE
+ value: "https://pigweed.googlesource.com/open-dice/"
+ }
+ url {
+ type: GIT
+ value: "https://pigweed.googlesource.com/open-dice"
+ }
+ version: "bf2b2b3e951ca78956cabcb94e60fdaf5d83e017"
+ last_upgrade_date { year: 2021 month: 7 day: 16 }
+}
diff --git a/MODULE_LICENSE_APACHE2 b/MODULE_LICENSE_APACHE2
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/MODULE_LICENSE_APACHE2
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
new file mode 100644
index 0000000..0f3c468
--- /dev/null
+++ b/PREUPLOAD.cfg
@@ -0,0 +1,6 @@
+[Builtin Hooks]
+android_test_mapping_format = true
+bpfmt = true
+
+[Hook Scripts]
+aosp_hook = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} "."
diff --git a/merge_upstream.sh b/merge_upstream.sh
new file mode 100755
index 0000000..ffe1b92
--- /dev/null
+++ b/merge_upstream.sh
@@ -0,0 +1,20 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+# Fetches and merges upstream changes. Upload the resulting tree will produce a
+# single merge CL despite appearing as though there will be a CL for each
+# commit.
+
+git fetch aosp upstream-main
+git merge aosp/upstream-main
diff --git a/rules.mk b/rules.mk
new file mode 100644
index 0000000..f76d557
--- /dev/null
+++ b/rules.mk
@@ -0,0 +1,40 @@
+# Copyright (C) 2021 The Android Open Source Project.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+# This file is not used in the Android build process! It's used only by Trusty.
+
+LOCAL_DIR := $(GET_LOCAL_DIR)
+
+MODULE := $(LOCAL_DIR)
+
+MODULE_SRCS := \
+ $(LOCAL_DIR)/src/android/bcc.c \
+ $(LOCAL_DIR)/src/boringssl_hash_kdf_ops.c \
+ $(LOCAL_DIR)/src/boringssl_ed25519_ops.c \
+ $(LOCAL_DIR)/src/cbor_cert_op.c \
+ $(LOCAL_DIR)/src/cbor_ed25519_cert_op.c \
+ $(LOCAL_DIR)/src/cbor_reader.c \
+ $(LOCAL_DIR)/src/cbor_writer.c \
+ $(LOCAL_DIR)/src/clear_memory.c \
+ $(LOCAL_DIR)/src/dice.c \
+ $(LOCAL_DIR)/src/utils.c \
+
+MODULE_EXPORT_INCLUDES += \
+ $(LOCAL_DIR)/include/ \
+ $(LOCAL_DIR)/include/dice/config/boringssl_ed25519 \
+
+MODULE_LIBRARY_DEPS := \
+ external/boringssl \
+
+include make/library.mk
diff --git a/third_party/boringssl/src b/third_party/boringssl/src
deleted file mode 160000
index 396625d..0000000
--- a/third_party/boringssl/src
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 396625d50212143bc03517c9fdd21b1c965b3f45
diff --git a/third_party/cn-cbor/src b/third_party/cn-cbor/src
deleted file mode 160000
index f713bf6..0000000
--- a/third_party/cn-cbor/src
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit f713bf67bcf3e076d47e474ce060252ef8be48c7
diff --git a/third_party/cose-c/src b/third_party/cose-c/src
deleted file mode 160000
index 97d1805..0000000
--- a/third_party/cose-c/src
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 97d1805e71b7a6770093c5e6790d46611680d563
diff --git a/third_party/mbedtls/src b/third_party/mbedtls/src
deleted file mode 160000
index 8c89224..0000000
--- a/third_party/mbedtls/src
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 8c89224991adff88d53cd380f42a2baa36f91454
diff --git a/third_party/pigweed/src b/third_party/pigweed/src
deleted file mode 160000
index 02c2e12..0000000
--- a/third_party/pigweed/src
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 02c2e12242a68c6a66ad45c7a99c11aad45e3227
