Merge "Make batch attestation keys/certs optional" into main
diff --git a/boringssl/Cargo.toml b/boringssl/Cargo.toml
index 65fd513..c56aba4 100644
--- a/boringssl/Cargo.toml
+++ b/boringssl/Cargo.toml
@@ -1,8 +1,12 @@
+# Note that Cargo is not an officially supported build tool (Android's Soong is the official
+# tool). This Cargo.toml file is included purely for the convenience of KeyMint developers.
+
[package]
name = "kmr-crypto-boring"
authors = ["David Drysdale <drysdale@google.com>"]
version = "0.1.0"
edition = "2021"
+license = "Apache-2.0"
[dependencies]
ffi = { package = "openssl-sys", version = "^0.9.75" }
diff --git a/common/Cargo.toml b/common/Cargo.toml
index 8f25033..6e086c8 100644
--- a/common/Cargo.toml
+++ b/common/Cargo.toml
@@ -1,8 +1,12 @@
+# Note that Cargo is not an officially supported build tool (Android's Soong is the official
+# tool). This Cargo.toml file is included purely for the convenience of KeyMint developers.
+
[package]
name = "kmr-common"
version = "0.1.0"
authors = ["David Drysdale <drysdale@google.com>"]
edition = "2021"
+license = "Apache-2.0"
[dependencies]
cddl-cat = { version = "^0.6.1", optional = true }
diff --git a/derive/Cargo.toml b/derive/Cargo.toml
index 2feb5a4..fefeadb 100644
--- a/derive/Cargo.toml
+++ b/derive/Cargo.toml
@@ -1,8 +1,12 @@
+# Note that Cargo is not an officially supported build tool (Android's Soong is the official
+# tool). This Cargo.toml file is included purely for the convenience of KeyMint developers.
+
[package]
name = "kmr-derive"
version = "0.1.0"
authors = ["David Drysdale <drysdale@google.com>"]
edition = "2021"
+license = "Apache-2.0"
[lib]
proc-macro = true
diff --git a/ta/Cargo.toml b/ta/Cargo.toml
index ad8fc09..8b65a77 100644
--- a/ta/Cargo.toml
+++ b/ta/Cargo.toml
@@ -1,8 +1,12 @@
+# Note that Cargo is not an officially supported build tool (Android's Soong is the official
+# tool). This Cargo.toml file is included purely for the convenience of KeyMint developers.
+
[package]
name = "kmr-ta"
version = "0.1.0"
authors = ["David Drysdale <drysdale@google.com>"]
edition = "2021"
+license = "Apache-2.0"
[dependencies]
ciborium = { version = "^0.2.0", default-features = false }
diff --git a/ta/src/operation.rs b/ta/src/operation.rs
index 186d7d6..ea245ee 100644
--- a/ta/src/operation.rs
+++ b/ta/src/operation.rs
@@ -158,10 +158,6 @@
}
}
-/// Newtype holding a [`keymint::HardwareAuthToken`] that has already been authenticated.
-#[derive(Debug, Clone)]
-struct HardwareAuthenticatedToken(pub HardwareAuthToken);
-
impl crate::KeyMintTa {
pub(crate) fn begin_operation(
&mut self,
@@ -673,7 +669,7 @@
now: Option<Timestamp>,
timeout_secs: Option<u32>,
challenge: Option<i64>,
- ) -> Result<HardwareAuthenticatedToken, Error> {
+ ) -> Result<(), Error> {
// Common check: confirm the HMAC tag in the token is valid.
let mac_input = crate::hardware_auth_token_mac_input(&auth_token)?;
if !self.verify_device_hmac(&mac_input, &auth_token.mac)? {
@@ -720,7 +716,7 @@
return Err(km_err!(KeyUserNotAuthenticated, "challenge mismatch"));
}
}
- Ok(HardwareAuthenticatedToken(auth_token))
+ Ok(())
}
/// Verify that an optional confirmation token matches the provided `data`.
diff --git a/tests/Cargo.toml b/tests/Cargo.toml
index cf2f1f7..f252d75 100644
--- a/tests/Cargo.toml
+++ b/tests/Cargo.toml
@@ -1,8 +1,12 @@
+# Note that Cargo is not an officially supported build tool (Android's Soong is the official
+# tool). This Cargo.toml file is included purely for the convenience of KeyMint developers.
+
[package]
name = "kmr-tests"
version = "0.1.0"
authors = ["David Drysdale <drysdale@google.com>"]
edition = "2021"
+license = "Apache-2.0"
[dependencies]
ciborium = { version = "^0.2.0", default-features = false }
diff --git a/wire/Android.bp b/wire/Android.bp
index 19b8f54..23e037d 100644
--- a/wire/Android.bp
+++ b/wire/Android.bp
@@ -145,7 +145,27 @@
rustlibs: ["libkmr_wire"],
host_supported: true,
fuzz_config: {
- cc: ["drysdale@google.com", "hasinitg@google.com"],
+ cc: [
+ "drysdale@google.com",
+ "hasinitg@google.com",
+ ],
+ componentid: 1084733,
+ hotlists: ["4271696"],
+ fuzz_on_haiku_device: true,
+ fuzz_on_haiku_host: true,
+ },
+}
+
+rust_fuzz {
+ name: "libkmr_wire_fuzz_legacy_message",
+ srcs: ["fuzz/fuzz_targets/legacy_message.rs"],
+ rustlibs: ["libkmr_wire"],
+ host_supported: true,
+ fuzz_config: {
+ cc: [
+ "drysdale@google.com",
+ "hasinitg@google.com",
+ ],
componentid: 1084733,
hotlists: ["4271696"],
fuzz_on_haiku_device: true,
diff --git a/wire/Cargo.toml b/wire/Cargo.toml
index 5616631..8160b75 100644
--- a/wire/Cargo.toml
+++ b/wire/Cargo.toml
@@ -1,8 +1,12 @@
+# Note that Cargo is not an officially supported build tool (Android's Soong is the official
+# tool). This Cargo.toml file is included purely for the convenience of KeyMint developers.
+
[package]
name = "kmr-wire"
version = "0.1.0"
authors = ["David Drysdale <drysdale@google.com>"]
edition = "2021"
+license = "Apache-2.0"
[features]
default = ["hal_v2", "hal_v3"]
diff --git a/wire/fuzz/Cargo.toml b/wire/fuzz/Cargo.toml
index 425f565..a2e0ab3 100644
--- a/wire/fuzz/Cargo.toml
+++ b/wire/fuzz/Cargo.toml
@@ -24,5 +24,11 @@
test = false
doc = false
+[[bin]]
+name = "legacy_message"
+path = "fuzz_targets/legacy_message.rs"
+test = false
+doc = false
+
[patch.crates-io]
kmr-derive = { path = "../../derive" }
diff --git a/wire/fuzz/fuzz_targets/legacy_message.rs b/wire/fuzz/fuzz_targets/legacy_message.rs
new file mode 100644
index 0000000..cf1d7c9
--- /dev/null
+++ b/wire/fuzz/fuzz_targets/legacy_message.rs
@@ -0,0 +1,23 @@
+// Copyright 2024, The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+//! Fuzzer for legacy request message parsing.
+
+#![no_main]
+use libfuzzer_sys::fuzz_target;
+
+fuzz_target!(|data: &[u8]| {
+ // `data` allegedly holds a legacy request message arrived from the non-secure world.
+ let _ = kmr_wire::legacy::deserialize_trusty_req(data);
+});
