Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ac3f49f3 authored by Treehugger Robot's avatar Treehugger Robot Committed by Gerrit Code Review
Browse files

Merge changes I924d6fc8,Iee20a2b1,I4070aade,I55331da0 into main 

* changes:
  hwcryptohal: Service delegator fixes
  hwcryptohal: Adding maps cleanup
  hwcryptohal: Adding hwcrypto operations tests
  hwcryptohal: Adding hwcrypto operations to hwcrypto service
parents 3cf9806a c9ca2b8c

security/see/hwcrypto/aidl/vts/functional/Android.bp

+16 −0
Original line number Diff line number Diff line
@@ -65,3 +65,19 @@ rust_test { 
        "vts",

    ],

}



rust_test {

    name: "VtsAidlHwCryptoOperationsTests",

    srcs: ["hwcrypto_operations_tests.rs"],

    require_root: true,

    defaults: [

        "hw_crypto_hal_aidl_rust_defaults",

    ],

    rustlibs: [

        "libhwcryptohal_vts_test",

    ],

    test_suites: [

        "general-tests",

        "vts",

    ],

}

security/see/hwcrypto/aidl/vts/functional/hwcrypto_operations_tests.rs

0 → 100644
+586 −0

File added.

Preview size limit exceeded, changes collapsed.

security/see/hwcrypto/aidl/vts/functional/lib.rs

+0 −50
Original line number Diff line number Diff line
@@ -17,61 +17,11 @@ 
//! VTS test library for HwCrypto functionality.

//! It provides the base clases necessaries to write HwCrypto VTS tests



#[cfg(target_arch = "x86_64")]

use anyhow::Context;

use anyhow::Result;

#[cfg(target_arch = "x86_64")]

use binder::{ExceptionCode, FromIBinder, IntoBinderResult, ParcelFileDescriptor};

#[cfg(target_arch = "x86_64")]

use rpcbinder::RpcSession;

#[cfg(target_arch = "x86_64")]

use vsock::VsockStream;

#[cfg(target_arch = "x86_64")]

use std::os::fd::{FromRawFd, IntoRawFd};

#[cfg(target_arch = "x86_64")]

use std::fs::File;

#[cfg(target_arch = "x86_64")]

use std::io::Read;

#[cfg(target_arch = "x86_64")]

use rustutils::system_properties;

#[cfg(target_arch = "aarch64")]

use android_hardware_security_see_hwcrypto::aidl::android::hardware::security::see::hwcrypto::IHwCryptoKey::BpHwCryptoKey;

use android_hardware_security_see_hwcrypto::aidl::android::hardware::security::see::hwcrypto::IHwCryptoKey::IHwCryptoKey;



#[cfg(target_arch = "x86_64")]

const HWCRYPTO_SERVICE_PORT: u32 = 4;



/// Local function to connect to service

#[cfg(target_arch = "x86_64")]

pub fn connect_service<T: FromIBinder + ?Sized>(

    cid: u32,

    port: u32,

) -> Result<binder::Strong<T>, binder::StatusCode> {

    RpcSession::new().setup_preconnected_client(|| {

        let mut stream = VsockStream::connect_with_cid_port(cid, port).ok()?;

        let mut buffer = [0];

        let _ = stream.read(&mut buffer);

        // SAFETY: ownership is transferred from stream to f

        let f = unsafe { File::from_raw_fd(stream.into_raw_fd()) };

        Some(ParcelFileDescriptor::new(f).into_raw_fd())

    })

}



/// Get a HwCryptoKey binder service object using a direct vsock connection

#[cfg(target_arch = "x86_64")]

pub fn get_hwcryptokey() -> Result<binder::Strong<dyn IHwCryptoKey>, binder::Status> {

    let cid = system_properties::read("trusty.test_vm.vm_cid")

        .context("couldn't get vm cid")

        .or_binder_exception(ExceptionCode::ILLEGAL_STATE)?

        .ok_or(ExceptionCode::ILLEGAL_STATE)?

        .parse::<u32>()

        .context("couldn't parse vm cid")

        .or_binder_exception(ExceptionCode::ILLEGAL_ARGUMENT)?;

    Ok(connect_service(cid, HWCRYPTO_SERVICE_PORT)?)

}



/// Get a HwCryptoKey binder service object using the service manager

#[cfg(target_arch = "aarch64")]

pub fn get_hwcryptokey() -> Result<binder::Strong<dyn IHwCryptoKey>, binder::Status> {

    let interface_name = <BpHwCryptoKey as IHwCryptoKey>::get_descriptor().to_owned() + "/default";

    Ok(binder::get_interface(&interface_name)?)

security/see/hwcrypto/default/hwcryptokeyimpl.h

+18 −14
Original line number Diff line number Diff line
@@ -46,30 +46,33 @@ class HwCryptoKey : public ndk_hwcrypto::BnHwCryptoKey { 


    ndk::ScopedAStatus deriveCurrentDicePolicyBoundKey(

            const ndk_hwcrypto::IHwCryptoKey::DiceBoundDerivationKey& derivationKey,

            ndk_hwcrypto::IHwCryptoKey::DiceCurrentBoundKeyResult* aidl_return);

            ndk_hwcrypto::IHwCryptoKey::DiceCurrentBoundKeyResult* aidl_return) override;



    ndk::ScopedAStatus deriveDicePolicyBoundKey(

            const ndk_hwcrypto::IHwCryptoKey::DiceBoundDerivationKey& derivationKey,

            const ::std::vector<uint8_t>& dicePolicyForKeyVersion,

            ndk_hwcrypto::IHwCryptoKey::DiceBoundKeyResult* aidl_return);

            ndk_hwcrypto::IHwCryptoKey::DiceBoundKeyResult* aidl_return) override;

    ndk::ScopedAStatus deriveKey(const ndk_hwcrypto::IHwCryptoKey::DerivedKeyParameters& parameters,

                                 ndk_hwcrypto::IHwCryptoKey::DerivedKey* aidl_return);

                                 ndk_hwcrypto::IHwCryptoKey::DerivedKey* aidl_return) override;



    ndk::ScopedAStatus getHwCryptoOperations(

            std::shared_ptr<ndk_hwcrypto::IHwCryptoOperations>* aidl_return);

            std::shared_ptr<ndk_hwcrypto::IHwCryptoOperations>* aidl_return) override;



    ndk::ScopedAStatus importClearKey(const ndk_hwcrypto::types::ExplicitKeyMaterial& keyMaterial,

    ndk::ScopedAStatus importClearKey(

            const ndk_hwcrypto::types::ExplicitKeyMaterial& keyMaterial,

            const ndk_hwcrypto::KeyPolicy& newKeyPolicy,

                                      std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return);

            std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return) override;



    ndk::ScopedAStatus getCurrentDicePolicy(std::vector<uint8_t>* aidl_return);

    ndk::ScopedAStatus getCurrentDicePolicy(std::vector<uint8_t>* aidl_return) override;



    ndk::ScopedAStatus keyTokenImport(const ndk_hwcrypto::types::OpaqueKeyToken& requestedKey,

    ndk::ScopedAStatus keyTokenImport(

            const ndk_hwcrypto::types::OpaqueKeyToken& requestedKey,

            const ::std::vector<uint8_t>& sealingDicePolicy,

                                      std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return);

            std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return) override;



    ndk::ScopedAStatus getKeyslotData(ndk_hwcrypto::IHwCryptoKey::KeySlot slotId,

                                      std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return);

    ndk::ScopedAStatus getKeyslotData(

            ndk_hwcrypto::IHwCryptoKey::KeySlot slotId,

            std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return) override;

};



template <typename LHP, typename RHP>
@@ -79,9 +82,10 @@ LHP convertKeyPolicy(const RHP& policyToConvert) { 
    policy.keyLifetime = static_cast<decltype(policy.keyLifetime)>(policyToConvert.keyLifetime);

    policy.keyType = static_cast<decltype(policy.keyType)>(policyToConvert.keyType);

    policy.keyManagementKey = policyToConvert.keyManagementKey;

    policy.keyPermissions.reserve(policyToConvert.keyPermissions.size());

    for (auto permission : policyToConvert.keyPermissions) {

        policy.keyPermissions.push_back(

                std::move(reinterpret_cast<decltype(policy.keyPermissions[0])>(permission)));

                std::move(static_cast<decltype(policy.keyPermissions)::value_type>(permission)));

    }

    return policy;

}

security/see/hwcrypto/default/hwcryptolib.cpp

+414 −12

File changed.

Preview size limit exceeded, changes collapsed.