Merge remote-tracking branch 'aosp/upstream-main' into HEAD
Test: mmm external/open-dice
Test: (cd external/open-dice && atest --host-unit-test-only)
Change-Id: I3fb4cad4807efd2b133a1831a3958285f84ce97b
diff --git a/.gitmodules b/.gitmodules
deleted file mode 100644
index ceed45f..0000000
--- a/.gitmodules
+++ /dev/null
@@ -1,20 +0,0 @@
-[submodule "boringssl"]
- path = third_party/boringssl/src
- url = https://pigweed.googlesource.com/third_party/boringssl/boringssl
- branch = main
-[submodule "mbedtls"]
- path = third_party/mbedtls/src
- url = https://pigweed.googlesource.com/third_party/github/ARMmbed/mbedtls.git
- branch = main
-[submodule "cn-cbor"]
- path = third_party/cn-cbor/src
- url = https://pigweed.googlesource.com/third_party/github/jimsch/cn-cbor.git
- branch = main
-[submodule "cose-c"]
- path = third_party/cose-c/src
- url = https://pigweed.googlesource.com/third_party/github/cose-wg/COSE-C.git
- branch = main
-[submodule "pigweed"]
- path = third_party/pigweed/src
- url = https://pigweed.googlesource.com/pigweed/pigweed
- branch = main
diff --git a/Android.bp b/Android.bp
new file mode 100644
index 0000000..1a8fbf9
--- /dev/null
+++ b/Android.bp
@@ -0,0 +1,268 @@
+package {
+ default_applicable_licenses: ["external_open_dice_license"],
+}
+
+license {
+ name: "external_open_dice_license",
+ visibility: [":__subpackages__"],
+ license_kinds: ["SPDX-license-identifier-Apache-2.0"],
+ license_text: ["LICENSE"],
+}
+
+cc_defaults {
+ name: "libopen_dice.cc_defaults",
+ defaults_visibility: ["//visibility:private"],
+ host_supported: true,
+ vendor_available: true,
+ apex_available: [
+ "//apex_available:platform",
+ "com.android.compos",
+ "com.android.virt",
+ ],
+}
+
+rust_defaults {
+ name: "libopen_dice.rust_defaults",
+ defaults_visibility: ["//visibility:private"],
+ host_supported: true,
+ vendor_available: true,
+ apex_available: [
+ "//apex_available:platform",
+ "com.android.compos",
+ "com.android.virt",
+ ],
+}
+
+cc_library_headers {
+ name: "libopen_dice_headers",
+ defaults: ["libopen_dice.cc_defaults"],
+ export_include_dirs: ["include"],
+}
+
+cc_library_headers {
+ name: "libopen_dice_boringssl_ed25519_headers",
+ defaults: ["libopen_dice.cc_defaults"],
+ export_include_dirs: ["include/dice/config/boringssl_ed25519"],
+}
+
+cc_library_static {
+ name: "libopen_dice_cbor",
+ defaults: ["libopen_dice.cc_defaults"],
+ srcs: [
+ "src/boringssl_hash_kdf_ops.c",
+ "src/boringssl_ed25519_ops.c",
+ "src/cbor_cert_op.c",
+ "src/cbor_writer.c",
+ "src/clear_memory.c",
+ "src/dice.c",
+ "src/utils.c",
+ ],
+ header_libs: [
+ "libopen_dice_boringssl_ed25519_headers",
+ "libopen_dice_headers",
+ ],
+ export_header_lib_headers: [
+ "libopen_dice_boringssl_ed25519_headers",
+ "libopen_dice_headers",
+ ],
+ shared_libs: ["libcrypto"],
+}
+
+cc_library_static {
+ name: "libopen_dice_bcc",
+ defaults: ["libopen_dice.cc_defaults"],
+ srcs: [
+ "src/cbor_reader.c",
+ "src/android/bcc.c",
+ ],
+ static_libs: ["libopen_dice_cbor"],
+ export_static_lib_headers: ["libopen_dice_cbor"],
+ shared_libs: ["libcrypto"],
+}
+
+cc_test {
+ name: "libopen_dice_test",
+ host_supported: true,
+ cflags: ["-DDICE_USE_GTEST"],
+ srcs: [
+ "src/clear_memory.c",
+ "src/dice_test.cc",
+ "src/dice.c",
+ "src/utils.c",
+ ],
+ header_libs: [
+ "libopen_dice_boringssl_ed25519_headers",
+ "libopen_dice_headers",
+ ],
+ shared_libs: ["libcrypto"],
+}
+
+cc_test {
+ name: "libopen_dice_cbor_writer_test",
+ host_supported: true,
+ cflags: ["-DDICE_USE_GTEST"],
+ srcs: ["src/cbor_writer_test.cc"],
+ static_libs: ["libopen_dice_cbor"],
+}
+
+cc_test {
+ name: "libopen_dice_cbor_reader_test",
+ host_supported: true,
+ cflags: ["-DDICE_USE_GTEST"],
+ srcs: ["src/cbor_reader_test.cc"],
+ static_libs: ["libopen_dice_bcc"],
+}
+
+cc_test {
+ name: "libopen_dice_bcc_test",
+ host_supported: true,
+ cflags: ["-DDICE_USE_GTEST"],
+ srcs: ["src/android/bcc_test.cc"],
+ static_libs: [
+ "libopen_dice_bcc",
+ "libopen_dice_cbor",
+ ],
+ shared_libs: ["libcrypto"],
+}
+
+// TODO: cbor_cert_op_test after resolving COSE dependency
+
+cc_fuzz {
+ name: "libopen_dice_cbor_writer_fuzzer",
+ host_supported: true,
+ srcs: ["src/cbor_writer_fuzzer.cc"],
+ static_libs: ["libopen_dice_cbor"],
+}
+
+cc_fuzz {
+ name: "libopen_dice_cbor_reader_fuzzer",
+ host_supported: true,
+ srcs: ["src/cbor_reader_fuzzer.cc"],
+ static_libs: ["libopen_dice_bcc"],
+}
+
+cc_fuzz {
+ name: "libopen_dice_cbor_fuzzer",
+ host_supported: true,
+ srcs: ["src/fuzzer.cc"],
+ static_libs: ["libopen_dice_cbor"],
+ shared_libs: ["libcrypto"],
+}
+
+cc_fuzz {
+ name: "libopen_dice_bcc_fuzzer",
+ host_supported: true,
+ srcs: ["src/android/bcc_fuzzer.cc"],
+ static_libs: [
+ "libopen_dice_bcc",
+ "libopen_dice_cbor",
+ ],
+ shared_libs: ["libcrypto"],
+}
+
+rust_bindgen {
+ name: "libopen_dice_cbor_bindgen",
+ defaults: ["libopen_dice.rust_defaults"],
+ wrapper_src: "rust/dice.h",
+ crate_name: "open_dice_cbor_bindgen",
+ source_stem: "bindings",
+ header_libs: [
+ "libopen_dice_boringssl_ed25519_headers",
+ "libopen_dice_headers",
+ ],
+
+ // Generate bindings only for the symbols that are actually exported (see exported.map.txt).
+ // This makes the generated bindings much more concise and improves compilation
+ // time.
+ bindgen_flags: [
+ "--size_t-is-usize",
+
+ "--allowlist-function=DiceDeriveCdiPrivateKeySeed",
+ "--allowlist-function=DiceDeriveCdiCertificateId",
+ "--allowlist-function=DiceMainFlow",
+ "--allowlist-function=DiceHash",
+ "--allowlist-function=DiceKdf",
+ "--allowlist-function=DiceKeypairFromSeed",
+ "--allowlist-function=DiceSign",
+ "--allowlist-function=DiceVerify",
+ "--allowlist-function=DiceGenerateCertificate",
+
+ // We also need some constants in addition to the functions.
+ "--allowlist-var=DICE_CDI_SIZE",
+ "--allowlist-var=DICE_HASH_SIZE",
+ "--allowlist-var=DICE_HIDDEN_SIZE",
+ "--allowlist-var=DICE_INLINE_CONFIG_SIZE",
+ "--allowlist-var=DICE_PRIVATE_KEY_SEED_SIZE",
+ "--allowlist-var=DICE_ID_SIZE",
+ "--allowlist-var=DICE_PUBLIC_KEY_SIZE",
+ "--allowlist-var=DICE_PRIVATE_KEY_SIZE",
+ "--allowlist-var=DICE_SIGNATURE_SIZE",
+ ],
+}
+
+rust_bindgen {
+ name: "libopen_dice_bcc_bindgen",
+ defaults: ["libopen_dice.rust_defaults"],
+ wrapper_src: "rust/android/bcc.h",
+ crate_name: "open_dice_bcc_bindgen",
+ source_stem: "bindings",
+ header_libs: [
+ "libopen_dice_headers",
+ ],
+
+ // Generate bindings only for the symbols that are actually exported (see exported.map.txt).
+ // This makes the generated bindings much more concise and improves compilation
+ // time.
+ bindgen_flags: [
+ "--size_t-is-usize",
+
+ "--allowlist-function=BccFormatConfigDescriptor",
+ "--allowlist-function=BccMainFlow",
+ "--allowlist-function=BccHandoverMainFlow",
+
+ // We also need some constants in addition to the functions.
+ "--allowlist-var=BCC_INPUT_COMPONENT_NAME",
+ "--allowlist-var=BCC_INPUT_COMPONENT_VERSION",
+ "--allowlist-var=BCC_INPUT_RESETTABLE",
+
+ // Prevent DiceInputValues from being generated a second time and
+ // import it instead from open_dice_cbor_bindgen.
+ "--blocklist-type=DiceInputValues_",
+ "--blocklist-type=DiceInputValues",
+ "--raw-line",
+ "pub use open_dice_cbor_bindgen::DiceInputValues;",
+ ],
+
+ rustlibs: [
+ "libopen_dice_cbor_bindgen",
+ ],
+}
+
+rust_test {
+ name: "libopen_dice_cbor_bindgen_test",
+ srcs: [
+ ":libopen_dice_cbor_bindgen",
+ ],
+ crate_name: "open_dice_cbor_bindgen_test",
+ test_suites: ["general-tests"],
+ auto_gen_config: true,
+ clippy_lints: "none",
+ lints: "none",
+}
+
+rust_test {
+ name: "libopen_dice_bcc_bindgen_test",
+ srcs: [
+ ":libopen_dice_bcc_bindgen",
+ ],
+ crate_name: "open_dice_bcc_bindgen_test",
+
+ rustlibs: [
+ "libopen_dice_cbor_bindgen",
+ ],
+
+ test_suites: ["general-tests"],
+ auto_gen_config: true,
+ clippy_lints: "none",
+ lints: "none",
+}
diff --git a/METADATA b/METADATA
new file mode 100644
index 0000000..d114f8a
--- /dev/null
+++ b/METADATA
@@ -0,0 +1,14 @@
+name: "open-dice"
+description: "Open Profile for DICE"
+third_party {
+ url {
+ type: HOMEPAGE
+ value: "https://pigweed.googlesource.com/open-dice/"
+ }
+ url {
+ type: GIT
+ value: "https://pigweed.googlesource.com/open-dice"
+ }
+ version: "bf2b2b3e951ca78956cabcb94e60fdaf5d83e017"
+ last_upgrade_date { year: 2021 month: 7 day: 16 }
+}
diff --git a/MODULE_LICENSE_APACHE2 b/MODULE_LICENSE_APACHE2
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/MODULE_LICENSE_APACHE2
diff --git a/PREUPLOAD.cfg b/PREUPLOAD.cfg
new file mode 100644
index 0000000..0f3c468
--- /dev/null
+++ b/PREUPLOAD.cfg
@@ -0,0 +1,6 @@
+[Builtin Hooks]
+android_test_mapping_format = true
+bpfmt = true
+
+[Hook Scripts]
+aosp_hook = ${REPO_ROOT}/frameworks/base/tools/aosp/aosp_sha.sh ${PREUPLOAD_COMMIT} "."
diff --git a/TEST_MAPPING b/TEST_MAPPING
new file mode 100644
index 0000000..507c7f5
--- /dev/null
+++ b/TEST_MAPPING
@@ -0,0 +1,10 @@
+{
+ "presubmit": [
+ {
+ "name": "libopen_dice_cbor_bindgen_test"
+ },
+ {
+ "name": "libopen_dice_bcc_bindgen_test"
+ }
+ ]
+}
diff --git a/merge_upstream.sh b/merge_upstream.sh
new file mode 100755
index 0000000..ffe1b92
--- /dev/null
+++ b/merge_upstream.sh
@@ -0,0 +1,20 @@
+# Copyright 2021 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may not
+# use this file except in compliance with the License. You may obtain a copy of
+# the License at
+#
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations under
+# the License.
+
+# Fetches and merges upstream changes. Upload the resulting tree will produce a
+# single merge CL despite appearing as though there will be a CL for each
+# commit.
+
+git fetch aosp upstream-main
+git merge aosp/upstream-main
diff --git a/rules.mk b/rules.mk
new file mode 100644
index 0000000..46d8759
--- /dev/null
+++ b/rules.mk
@@ -0,0 +1,39 @@
+# Copyright (C) 2021 The Android Open Source Project.
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+# This file is not used in the Android build process! It's used only by Trusty.
+
+LOCAL_DIR := $(GET_LOCAL_DIR)
+
+MODULE := $(LOCAL_DIR)
+
+MODULE_SRCS := \
+ $(LOCAL_DIR)/src/android/bcc.c \
+ $(LOCAL_DIR)/src/boringssl_hash_kdf_ops.c \
+ $(LOCAL_DIR)/src/boringssl_ed25519_ops.c \
+ $(LOCAL_DIR)/src/cbor_cert_op.c \
+ $(LOCAL_DIR)/src/cbor_reader.c \
+ $(LOCAL_DIR)/src/cbor_writer.c \
+ $(LOCAL_DIR)/src/clear_memory.c \
+ $(LOCAL_DIR)/src/dice.c \
+ $(LOCAL_DIR)/src/utils.c \
+
+MODULE_EXPORT_INCLUDES += \
+ $(LOCAL_DIR)/include/ \
+ $(LOCAL_DIR)/include/dice/config/boringssl_ed25519 \
+
+MODULE_LIBRARY_DEPS := \
+ external/boringssl \
+
+include make/library.mk
diff --git a/rust/android/bcc.h b/rust/android/bcc.h
new file mode 100644
index 0000000..4dfc862
--- /dev/null
+++ b/rust/android/bcc.h
@@ -0,0 +1,17 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy of
+// the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+
+#pragma once
+
+#include <dice/android/bcc.h>
diff --git a/rust/dice.h b/rust/dice.h
new file mode 100644
index 0000000..47fe911
--- /dev/null
+++ b/rust/dice.h
@@ -0,0 +1,18 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License"); you may not
+// use this file except in compliance with the License. You may obtain a copy of
+// the License at
+//
+// https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+// WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+// License for the specific language governing permissions and limitations under
+// the License.
+
+#pragma once
+
+#include <dice/dice.h>
+#include <dice/ops.h>
diff --git a/third_party/boringssl/src b/third_party/boringssl/src
deleted file mode 160000
index 3a667d1..0000000
--- a/third_party/boringssl/src
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 3a667d10e94186fd503966f5638e134fe9fb4080
diff --git a/third_party/cn-cbor/src b/third_party/cn-cbor/src
deleted file mode 160000
index f713bf6..0000000
--- a/third_party/cn-cbor/src
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit f713bf67bcf3e076d47e474ce060252ef8be48c7
diff --git a/third_party/cose-c/src b/third_party/cose-c/src
deleted file mode 160000
index 97d1805..0000000
--- a/third_party/cose-c/src
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 97d1805e71b7a6770093c5e6790d46611680d563
diff --git a/third_party/mbedtls/src b/third_party/mbedtls/src
deleted file mode 160000
index 1c54b54..0000000
--- a/third_party/mbedtls/src
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 1c54b5410fd48d6bcada97e30cac417c5c7eea67
diff --git a/third_party/pigweed/src b/third_party/pigweed/src
deleted file mode 160000
index 05d860d..0000000
--- a/third_party/pigweed/src
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit 05d860d647f5d0c70d2cc9627f54c1adfa8a825d
