Pass entropy through to trusty_rng
Behave the same as the C++ code and pass added entropy to
trusty_rng_add_entropy.
Bug: 242839096
Test: VtsAidlKeyMintTargetTest
Change-Id: I82e6b5f0945227f845bc02871a68d17f343415d5
diff --git a/bindings.h b/bindings.h
index 5e7c9bf..a1e0392 100644
--- a/bindings.h
+++ b/bindings.h
@@ -15,4 +15,5 @@
*/
// Definitions on this file will be processed during the Rust build to generate
// a version of it that can be directly accessed from Rust code
-#include <interface/keybox/keybox.h>
\ No newline at end of file
+#include <interface/keybox/keybox.h>
+#include <lib/rng/trusty_rng.h>
diff --git a/ffi_bindings.rs b/ffi_bindings.rs
index 14c422e..75af333 100644
--- a/ffi_bindings.rs
+++ b/ffi_bindings.rs
@@ -28,9 +28,20 @@
use core::mem;
use kmr_common::try_to_vec;
use kmr_wire::legacy::InnerSerialize;
-use log::error;
+use log::{error, warn};
use tipc::{Deserialize, Handle, Serialize, Serializer, TipcError};
+/// Add entropy to Trusty's RNG.
+pub fn trusty_rng_add_entropy(data: &[u8]) {
+ let rc = unsafe {
+ // Safety: `data` is a valid slice
+ sys::trusty_rng_add_entropy(data.as_ptr(), data.len())
+ };
+ if rc != 0 {
+ warn!("trusty_rng_add_entropy() failed, {}", rc)
+ }
+}
+
pub(crate) const KEYBOX_PORT: &'static [u8; 28] = sys::KEYBOX_PORT;
type KeyboxReqHdr = sys::keybox_req;
diff --git a/lib.rs b/lib.rs
index 8e140e7..f31dbf7 100644
--- a/lib.rs
+++ b/lib.rs
@@ -24,6 +24,7 @@
mod keymaster_attributes;
mod keys;
mod monotonic_clock;
+mod rng;
mod rpc;
mod secure_deletion_secret_manager;
mod secure_storage_manager;
@@ -33,6 +34,7 @@
pub use keys::legacy::TrustyLegacyKeyBlobHandler;
pub use keys::TrustyKeys;
pub use monotonic_clock::TrustyMonotonicClock;
+pub use rng::TrustyRng;
pub use rpc::TrustyRpc;
pub use secure_deletion_secret_manager::{SharedSddManager, TrustySecureDeletionSecretManager};
pub use secure_storage_manager::{AttestationIds, CertSignInfo};
diff --git a/main.rs b/main.rs
index 66d859c..3b875d2 100644
--- a/main.rs
+++ b/main.rs
@@ -18,12 +18,12 @@
use keymint::{
AttestationIds, CertSignInfo, SharedSddManager, TrustyAes, TrustyKeys, TrustyMonotonicClock,
- TrustyRpc, TrustySecureDeletionSecretManager, TrustyStorageKeyWrapper,
+ TrustyRng, TrustyRpc, TrustySecureDeletionSecretManager, TrustyStorageKeyWrapper,
};
use kmr_common::crypto;
use kmr_crypto_boring::{
aes::BoringAes, aes_cmac::BoringAesCmac, des::BoringDes, ec::BoringEc, eq::BoringEq,
- hmac::BoringHmac, rng::BoringRng, rsa::BoringRsa,
+ hmac::BoringHmac, rsa::BoringRsa,
};
use kmr_ta::{HardwareInfo, RpcInfo, RpcInfoV3};
use log::info;
@@ -58,7 +58,7 @@
supported_num_of_keys_in_csr: kmr_wire::rpc::MINIMUM_SUPPORTED_KEYS_IN_CSR,
};
- let mut rng = BoringRng::default();
+ let mut rng = TrustyRng::default();
let clock = TrustyMonotonicClock;
let aes = TrustyAes::default();
let imp = crypto::Implementation {
diff --git a/rng.rs b/rng.rs
new file mode 100644
index 0000000..3c3f036
--- /dev/null
+++ b/rng.rs
@@ -0,0 +1,31 @@
+/*
+ * Copyright (C) 2022 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+//! Trusty implementation of `kmr_common::crypto::Rng`.
+use crate::ffi_bindings::trusty_rng_add_entropy;
+use kmr_common::crypto;
+
+/// [`crypto::Rng`] implementation for Trusty.
+#[derive(Default)]
+pub struct TrustyRng;
+
+impl crypto::Rng for TrustyRng {
+ fn add_entropy(&mut self, data: &[u8]) {
+ trusty_rng_add_entropy(data);
+ }
+ fn fill_bytes(&mut self, dest: &mut [u8]) {
+ openssl::rand::rand_bytes(dest).unwrap(); // safe: BoringSSL's RAND_bytes() never fails
+ }
+}
diff --git a/rules.mk b/rules.mk
index f4a0f08..fded814 100644
--- a/rules.mk
+++ b/rules.mk
@@ -55,6 +55,9 @@
MODULE_BINDGEN_ALLOW_TYPES := \
keybox.* \
+MODULE_BINDGEN_ALLOW_FUNCTIONS := \
+ trusty_rng_.* \
+
MODULE_BINDGEN_ALLOW_VARS := \
KEYBOX.* \