Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit c074a562 authored by David Drysdale's avatar David Drysdale Committed by Automerger Merge Worker
Browse files

Merge "Secretkeeper: add AuthGraph key exchange" into main am: 986e92e0 

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/2824792



Change-Id: I5f6c0773a48b1ce9f911bc689fc32360049f2e88
Signed-off-by: default avatarAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
parents 9a9f9eb4 986e92e0

security/authgraph/aidl/Android.bp

+1 −1
Original line number Diff line number Diff line
@@ -34,7 +34,7 @@ aidl_interface { 
            platform_apis: true,

        },

        ndk: {

            apps_enabled: false,

            enabled: true,

        },

        rust: {

            enabled: true,

security/authgraph/aidl/vts/functional/lib.rs

+2 −1
Original line number Diff line number Diff line
@@ -26,6 +26,7 @@ use android_hardware_security_authgraph::aidl::android::hardware::security::auth 
use authgraph_boringssl as boring;

use authgraph_core::{error::Error as AgError, keyexchange as ke};

use coset::CborSerializable;

use std::{cell::RefCell, rc::Rc};



pub mod sink;

pub mod source;
@@ -34,7 +35,7 @@ pub mod source; 
pub fn test_ag_participant() -> Result<ke::AuthGraphParticipant, AgError> {

    Ok(ke::AuthGraphParticipant::new(

        boring::crypto_trait_impls(),

        Box::<boring::test_device::AgDevice>::default(),

        Rc::new(RefCell::new(boring::test_device::AgDevice::default())),

        ke::MAX_OPENED_SESSIONS,

    )?)

}

security/authgraph/default/src/fuzzer.rs

+1 −2
Original line number Diff line number Diff line
@@ -22,10 +22,9 @@ use authgraph_hal::service::AuthGraphService; 
use authgraph_nonsecure::LocalTa;

use binder_random_parcel_rs::fuzz_service;

use libfuzzer_sys::fuzz_target;

use std::sync::{Arc, Mutex};



fuzz_target!(|data: &[u8]| {

    let local_ta = LocalTa::new().expect("Failed to create an AuthGraph local TA.");

    let service = AuthGraphService::new_as_binder(Arc::new(Mutex::new(local_ta)));

    let service = AuthGraphService::new_as_binder(local_ta);

    fuzz_service(&mut service.as_binder(), data);

});

security/authgraph/default/src/lib.rs

+37 −11
Original line number Diff line number Diff line
@@ -22,36 +22,62 @@ use authgraph_core::{ 
    ta::{AuthGraphTa, Role},

};

use authgraph_hal::channel::SerializedChannel;

use std::sync::{Arc, Mutex};

use std::cell::RefCell;

use std::rc::Rc;

use std::sync::{mpsc, Mutex};



/// Implementation of the AuthGraph TA that runs locally in-process (and which is therefore

/// insecure).

pub struct LocalTa {

    ta: Arc<Mutex<AuthGraphTa>>,

    channels: Mutex<Channels>,

}



struct Channels {

    in_tx: mpsc::Sender<Vec<u8>>,

    out_rx: mpsc::Receiver<Vec<u8>>,

}



impl LocalTa {

    /// Create a new instance.

    pub fn new() -> Result<Self, error::Error> {

        Ok(Self {

            ta: Arc::new(Mutex::new(AuthGraphTa::new(

        // Create a pair of channels to communicate with the TA thread.

        let (in_tx, in_rx) = mpsc::channel();

        let (out_tx, out_rx) = mpsc::channel();



        // The TA code expects to run single threaded, so spawn a thread to run it in.

        std::thread::spawn(move || {

            let mut ta = AuthGraphTa::new(

                keyexchange::AuthGraphParticipant::new(

                    boring::crypto_trait_impls(),

                    Box::<boring::test_device::AgDevice>::default(),

                    Rc::new(RefCell::new(boring::test_device::AgDevice::default())),

                    keyexchange::MAX_OPENED_SESSIONS,

                )?,

                )

                .expect("failed to create AG participant"),

                Role::Both,

            ))),

            );

            // Loop forever processing request messages.

            loop {

                let req_data: Vec<u8> = in_rx.recv().expect("failed to receive next req");

                let rsp_data = ta.process(&req_data);

                out_tx.send(rsp_data).expect("failed to send out rsp");

            }

        });

        Ok(Self {

            channels: Mutex::new(Channels { in_tx, out_rx }),

        })

    }

}



/// Pretend to be a serialized channel to the TA, but actually just directly invoke the TA with

/// incoming requests.

impl SerializedChannel for LocalTa {

    const MAX_SIZE: usize = usize::MAX;



    fn execute(&mut self, req_data: &[u8]) -> binder::Result<Vec<u8>> {

        Ok(self.ta.lock().unwrap().process(req_data))

    fn execute(&self, req_data: &[u8]) -> binder::Result<Vec<u8>> {

        // Serialize across both request and response.

        let channels = self.channels.lock().unwrap();

        channels

            .in_tx

            .send(req_data.to_vec())

            .expect("failed to send in request");

        Ok(channels.out_rx.recv().expect("failed to receive response"))

    }

}

security/authgraph/default/src/main.rs

+2 −4
Original line number Diff line number Diff line
@@ -25,7 +25,6 @@ 
use authgraph_hal::service;

use authgraph_nonsecure::LocalTa;

use log::{error, info};

use std::sync::{Arc, Mutex};



static SERVICE_NAME: &str = "android.hardware.security.authgraph.IAuthGraphKeyExchange";

static SERVICE_INSTANCE: &str = "nonsecure";
@@ -65,9 +64,8 @@ fn inner_main() -> Result<(), HalServiceError> { 
    binder::ProcessState::start_thread_pool();



    // Register the service

    let local_ta =

        LocalTa::new().map_err(|e| format!("Failed to create the TA because: {e:?}"))?;

    let service = service::AuthGraphService::new_as_binder(Arc::new(Mutex::new(local_ta)));

    let local_ta = LocalTa::new().map_err(|e| format!("Failed to create the TA because: {e:?}"))?;

    let service = service::AuthGraphService::new_as_binder(local_ta);

    let service_name = format!("{}/{}", SERVICE_NAME, SERVICE_INSTANCE);

    binder::add_service(&service_name, service.as_binder()).map_err(|e| {

        format!(