[Secretkeeper] In-memory KeyValueStore
We introduce InMemoryStore, an implementation of KeyValueStore trait.
This can be used for implementing backends that VTS can run against.
Bug: 291224769
Test: atest VtsSecretkeeperTargetTest
Change-Id: Id109ee3bd38ec0979953b6285019c97d418172ef
diff --git a/security/secretkeeper/default/Android.bp b/security/secretkeeper/default/Android.bp
index 6612ea2..08cc67a 100644
--- a/security/secretkeeper/default/Android.bp
+++ b/security/secretkeeper/default/Android.bp
@@ -35,6 +35,7 @@
"libauthgraph_hal",
"libbinder_rs",
"liblog_rust",
+ "libsecretkeeper_comm_nostd",
"libsecretkeeper_core_nostd",
"libsecretkeeper_hal",
],
diff --git a/security/secretkeeper/default/src/main.rs b/security/secretkeeper/default/src/main.rs
index a291017..c8c1521 100644
--- a/security/secretkeeper/default/src/main.rs
+++ b/security/secretkeeper/default/src/main.rs
@@ -15,17 +15,21 @@
*/
//! Non-secure implementation of the Secretkeeper HAL.
+mod store;
-use log::{error, info, Level};
-use std::sync::{Arc, Mutex};
use authgraph_boringssl as boring;
-use authgraph_core::ta::{Role, AuthGraphTa};
-use authgraph_core::keyexchange::{MAX_OPENED_SESSIONS, AuthGraphParticipant};
+use authgraph_core::keyexchange::{AuthGraphParticipant, MAX_OPENED_SESSIONS};
+use authgraph_core::ta::{AuthGraphTa, Role};
+use authgraph_hal::channel::SerializedChannel;
+use log::{error, info, Level};
use secretkeeper_core::ta::SecretkeeperTa;
use secretkeeper_hal::SecretkeeperService;
-use authgraph_hal::channel::SerializedChannel;
+use std::sync::Arc;
+use std::sync::Mutex;
+use store::InMemoryStore;
+
use android_hardware_security_secretkeeper::aidl::android::hardware::security::secretkeeper::ISecretkeeper::{
- ISecretkeeper, BpSecretkeeper,
+ BpSecretkeeper, ISecretkeeper,
};
use std::cell::RefCell;
use std::rc::Rc;
@@ -53,8 +57,9 @@
// The TA code expects to run single threaded, so spawn a thread to run it in.
std::thread::spawn(move || {
let mut crypto_impls = boring::crypto_trait_impls();
+ let storage_impl = Box::new(InMemoryStore::default());
let sk_ta = Rc::new(RefCell::new(
- SecretkeeperTa::new(&mut crypto_impls)
+ SecretkeeperTa::new(&mut crypto_impls, storage_impl)
.expect("Failed to create local Secretkeeper TA"),
));
let mut ag_ta = AuthGraphTa::new(
diff --git a/security/secretkeeper/default/src/store.rs b/security/secretkeeper/default/src/store.rs
new file mode 100644
index 0000000..7b2d0b9
--- /dev/null
+++ b/security/secretkeeper/default/src/store.rs
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+use secretkeeper_comm::data_types::error::Error;
+use secretkeeper_core::store::KeyValueStore;
+use std::collections::HashMap;
+
+/// An in-memory implementation of KeyValueStore. Please note that this is entirely for
+/// testing purposes. Refer to the documentation of `PolicyGatedStorage` & Secretkeeper HAL for
+/// persistence requirements.
+#[derive(Default)]
+pub struct InMemoryStore(HashMap<Vec<u8>, Vec<u8>>);
+impl KeyValueStore for InMemoryStore {
+ fn store(&mut self, key: &[u8], val: &[u8]) -> Result<(), Error> {
+ // This will overwrite the value if key is already present.
+ let _ = self.0.insert(key.to_vec(), val.to_vec());
+ Ok(())
+ }
+
+ fn get(&self, key: &[u8]) -> Result<Option<Vec<u8>>, Error> {
+ let optional_val = self.0.get(key);
+ Ok(optional_val.cloned())
+ }
+}