Snap for 11227258 from 68758c7da3a7e738cc1ff588cc090090612be6fa to 24Q2-release
Change-Id: Ie08f6a40fccaec7b891f7acbb71d7bb077642c56
diff --git a/docs/android.md b/docs/android.md
index fd65f12..8c40f27 100644
--- a/docs/android.md
+++ b/docs/android.md
@@ -76,12 +76,16 @@
Unless explicitly stated as required in the [versions](#versions) section, each
field is optional. If no fields are relevant, an empty map should be encoded.
-Name | Key | Value type | Meaning
+Name | Key | Value type | Meaning
--- | --- | --- | ---
Component name | -70002 | tstr | Name of the component
Component version | -70003 | int / tstr | Version of the component
Resettable | -70004 | null | If present, key changes on factory reset
-Security version | -70005 | uint | Machine-comparable, monotonically increasing version of the component where a greater value indicates a newer version, for example, the anti-rollback counter
+Security version | -70005 | uint | Machine-comparable, monotonically increasing version of the component where a greater value indicates a newer version. This value must increment for every update that changes the code hash, for example by using the timestamp of the version's release.
+[RKP VM][rkp-vm] marker | -70006 | null | See the [Android HAL documentation][rkp-hal-readme] for precise semantics, as they vary by Android version.
+
+[rkp-vm]: https://android.googlesource.com/platform/packages/modules/Virtualization/+/main/service_vm/README.md#rkp-vm-remote-key-provisioning-virtual-machine
+[rkp-hal-readme]: https://android.googlesource.com/platform/hardware/interfaces/+/main/security/rkp/README.md
### Versions
diff --git a/include/dice/android.h b/include/dice/android.h
index 7a64cc6..7ca1df8 100644
--- a/include/dice/android.h
+++ b/include/dice/android.h
@@ -27,6 +27,7 @@
#define DICE_ANDROID_CONFIG_COMPONENT_VERSION (1 << 1)
#define DICE_ANDROID_CONFIG_RESETTABLE (1 << 2)
#define DICE_ANDROID_CONFIG_SECURITY_VERSION (1 << 3)
+#define DICE_ANDROID_CONFIG_RKP_VM_MARKER (1 << 4)
// Contains the input values used to construct the Android Profile for DICE
// configuration descriptor. The fields to include in the configuration
diff --git a/src/android.c b/src/android.c
index 39ee7d0..cf540db 100644
--- a/src/android.c
+++ b/src/android.c
@@ -37,7 +37,8 @@
static const int64_t kComponentNameLabel = -70002;
static const int64_t kComponentVersionLabel = -70003;
static const int64_t kResettableLabel = -70004;
- static const int64_t kSecurityVersion = -70005;
+ static const int64_t kSecurityVersionLabel = -70005;
+ static const int64_t kRkpVmMarkerLabel = -70006;
// AndroidConfigDescriptor = {
// ? -70002 : tstr, ; Component name
@@ -61,9 +62,13 @@
CborWriteNull(&out);
}
if (config_values->configs & DICE_ANDROID_CONFIG_SECURITY_VERSION) {
- CborWriteInt(kSecurityVersion, &out);
+ CborWriteInt(kSecurityVersionLabel, &out);
CborWriteUint(config_values->security_version, &out);
}
+ if (config_values->configs & DICE_ANDROID_CONFIG_RKP_VM_MARKER) {
+ CborWriteInt(kRkpVmMarkerLabel, &out);
+ CborWriteNull(&out);
+ }
*actual_size = CborOutSize(&out);
if (CborOutOverflowed(&out)) {
return kDiceResultBufferTooSmall;
@@ -117,22 +122,23 @@
struct CborOut out;
CborOutInit(buffer, buffer_size, &out);
CborWriteArray(chain_item_count + 1, &out);
+ size_t new_chain_prefix_size = CborOutSize(&out);
if (CborOutOverflowed(&out) ||
- chain_items_size > buffer_size - CborOutSize(&out)) {
+ chain_items_size > buffer_size - new_chain_prefix_size) {
// Continue with an empty buffer to measure the required size.
buffer_size = 0;
} else {
- memcpy(buffer + CborOutSize(&out), chain + chain_items_offset,
+ memcpy(buffer + new_chain_prefix_size, chain + chain_items_offset,
chain_items_size);
- buffer += CborOutSize(&out) + chain_items_size;
- buffer_size -= CborOutSize(&out) + chain_items_size;
+ buffer += new_chain_prefix_size + chain_items_size;
+ buffer_size -= new_chain_prefix_size + chain_items_size;
}
size_t certificate_size;
result = DiceMainFlow(context, current_cdi_attest, current_cdi_seal,
input_values, buffer_size, buffer, &certificate_size,
next_cdi_attest, next_cdi_seal);
- *actual_size = CborOutSize(&out) + chain_items_size + certificate_size;
+ *actual_size = new_chain_prefix_size + chain_items_size + certificate_size;
return result;
}
diff --git a/src/android_test.cc b/src/android_test.cc
index c90bed1..86e1cb5 100644
--- a/src/android_test.cc
+++ b/src/android_test.cc
@@ -45,7 +45,8 @@
.configs = DICE_ANDROID_CONFIG_COMPONENT_NAME |
DICE_ANDROID_CONFIG_COMPONENT_VERSION |
DICE_ANDROID_CONFIG_RESETTABLE |
- DICE_ANDROID_CONFIG_SECURITY_VERSION,
+ DICE_ANDROID_CONFIG_SECURITY_VERSION |
+ DICE_ANDROID_CONFIG_RKP_VM_MARKER,
.component_name = "Test Component Name",
.component_version = 0x232a13dec90f42b5,
.security_version = 0xfab777c1,
@@ -56,16 +57,17 @@
EXPECT_EQ(kDiceResultBufferTooSmall, result);
std::vector<uint8_t> buffer(buffer_size);
const uint8_t expected[] = {
- 0xa4, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x73, 'T', 'e', 's', 't', ' ',
- 'C', 'o', 'm', 'p', 'o', 'n', 'e', 'n', 't', ' ', 'N', 'a',
- 'm', 'e', 0x3a, 0x00, 0x01, 0x11, 0x72, 0x1b, 0x23, 0x2a, 0x13, 0xde,
- 0xc9, 0x0f, 0x42, 0xb5, 0x3a, 0x00, 0x01, 0x11, 0x73, 0xf6, 0x3a, 0x00,
- 0x01, 0x11, 0x74, 0x1a, 0xfa, 0xb7, 0x77, 0xc1};
+ 0xa5, 0x3a, 0x00, 0x01, 0x11, 0x71, 0x73, 'T', 'e', 's', 't',
+ ' ', 'C', 'o', 'm', 'p', 'o', 'n', 'e', 'n', 't', ' ',
+ 'N', 'a', 'm', 'e', 0x3a, 0x00, 0x01, 0x11, 0x72, 0x1b, 0x23,
+ 0x2a, 0x13, 0xde, 0xc9, 0x0f, 0x42, 0xb5, 0x3a, 0x00, 0x01, 0x11,
+ 0x73, 0xf6, 0x3a, 0x00, 0x01, 0x11, 0x74, 0x1a, 0xfa, 0xb7, 0x77,
+ 0xc1, 0x3a, 0x00, 0x01, 0x11, 0x75, 0xf6};
EXPECT_EQ(sizeof(expected), buffer.size());
result = DiceAndroidFormatConfigDescriptor(&config_values, buffer.size(),
buffer.data(), &buffer_size);
EXPECT_EQ(sizeof(expected), buffer_size);
- EXPECT_EQ(0, memcmp(expected, buffer.data(), buffer.size()));
+ EXPECT_EQ(0, memcmp(expected, buffer.data(), sizeof(expected)));
}
TEST(DiceAndroidTest, PreservesPreviousEntries) {
diff --git a/src/boringssl_p384_ops.c b/src/boringssl_p384_ops.c
index ca5e88b..d5a0d0c 100644
--- a/src/boringssl_p384_ops.c
+++ b/src/boringssl_p384_ops.c
@@ -12,8 +12,7 @@
// License for the specific language governing permissions and limitations under
// the License.
-// This is an implementation of the crypto operations that uses boringssl. The
-// algorithms used are SHA512, HKDF-SHA512, and Ed25519-SHA512.
+// This is an implementation of P-384 signature operations using boringssl.
#include <stdint.h>
#include <stdio.h>
diff --git a/src/cbor_p384_cert_op.c b/src/cbor_p384_cert_op.c
index a263573..8e9df7a 100644
--- a/src/cbor_p384_cert_op.c
+++ b/src/cbor_p384_cert_op.c
@@ -13,7 +13,7 @@
// the License.
// This is a DiceGenerateCertificate implementation that generates a CWT-style
-// CBOR certificate using the ED25519-SHA512 signature scheme.
+// CBOR certificate using the P-384 signature algorithm.
#include <stddef.h>
#include <stdint.h>