Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 2759df0d authored by Shikha Panwar's avatar Shikha Panwar
Browse files

[Secretkeeper] In-memory KeyValueStore 

We introduce InMemoryStore, an implementation of KeyValueStore trait.
This can be used for implementing backends that VTS can run against.

Bug: 291224769
Test: atest VtsSecretkeeperTargetTest
Change-Id: Id109ee3bd38ec0979953b6285019c97d418172ef
parent 3d3dab48

security/secretkeeper/default/Android.bp

+1 −0
Original line number Diff line number Diff line
@@ -35,6 +35,7 @@ rust_binary { 
        "libauthgraph_hal",

        "libbinder_rs",

        "liblog_rust",

        "libsecretkeeper_comm_nostd",

        "libsecretkeeper_core_nostd",

        "libsecretkeeper_hal",

    ],

security/secretkeeper/default/src/main.rs

+12 −7
Original line number Diff line number Diff line
@@ -15,17 +15,21 @@ 
 */



//! Non-secure implementation of the Secretkeeper HAL.

mod store;



use log::{error, info, Level};

use std::sync::{Arc, Mutex};

use authgraph_boringssl as boring;

use authgraph_core::ta::{Role, AuthGraphTa};

use authgraph_core::keyexchange::{MAX_OPENED_SESSIONS, AuthGraphParticipant};

use authgraph_core::keyexchange::{AuthGraphParticipant, MAX_OPENED_SESSIONS};

use authgraph_core::ta::{AuthGraphTa, Role};

use authgraph_hal::channel::SerializedChannel;

use log::{error, info, Level};

use secretkeeper_core::ta::SecretkeeperTa;

use secretkeeper_hal::SecretkeeperService;

use authgraph_hal::channel::SerializedChannel;

use std::sync::Arc;

use std::sync::Mutex;

use store::InMemoryStore;



use android_hardware_security_secretkeeper::aidl::android::hardware::security::secretkeeper::ISecretkeeper::{

    ISecretkeeper, BpSecretkeeper,

    BpSecretkeeper, ISecretkeeper,

};

use std::cell::RefCell;

use std::rc::Rc;
@@ -53,8 +57,9 @@ impl LocalTa { 
        // The TA code expects to run single threaded, so spawn a thread to run it in.

        std::thread::spawn(move || {

            let mut crypto_impls = boring::crypto_trait_impls();

            let storage_impl = Box::new(InMemoryStore::default());

            let sk_ta = Rc::new(RefCell::new(

                SecretkeeperTa::new(&mut crypto_impls)

                SecretkeeperTa::new(&mut crypto_impls, storage_impl)

                    .expect("Failed to create local Secretkeeper TA"),

            ));

            let mut ag_ta = AuthGraphTa::new(

security/secretkeeper/default/src/store.rs

0 → 100644
+36 −0
Original line number Diff line number Diff line 
/*

 * Copyright (C) 2023 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

use secretkeeper_comm::data_types::error::Error;

use secretkeeper_core::store::KeyValueStore;

use std::collections::HashMap;



/// An in-memory implementation of KeyValueStore. Please note that this is entirely for

/// testing purposes. Refer to the documentation of `PolicyGatedStorage` & Secretkeeper HAL for

/// persistence requirements.

#[derive(Default)]

pub struct InMemoryStore(HashMap<Vec<u8>, Vec<u8>>);

impl KeyValueStore for InMemoryStore {

    fn store(&mut self, key: &[u8], val: &[u8]) -> Result<(), Error> {

        // This will overwrite the value if key is already present.

        let _ = self.0.insert(key.to_vec(), val.to_vec());

        Ok(())

    }



    fn get(&self, key: &[u8]) -> Result<Option<Vec<u8>>, Error> {

        let optional_val = self.0.get(key);

        Ok(optional_val.cloned())

    }

}