Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 630de2a93e48d8f9ed2a23806d46b7a7a6b46c74^! / . / identity / aidl / default / service.cpp
commit630de2a93e48d8f9ed2a23806d46b7a7a6b46c74[log] [tgz]
authorDavid Zeuthen <zeuthen@google.com>Mon May 11 14:04:54 2020 -0400
committerDavid Zeuthen <zeuthen@google.com>Tue Jan 05 18:30:59 2021 -0500
tree7af50ea784609a5f340dd82ae7c386aae610668c
parent19086060541a2a812e76921d3d6a6bdb4f97c521 [diff] [blame]
Identity Credential: Switch default implementation to use libeic.

Introduce platform-neutral C library ("libeic") which can be used to
implement an Identity Credential Trusted Application/Applet in Secure
Hardware.

The libeic library is intentionally low-level, has no dependencies
(not even libc), uses very little run-time memory (less than 500 bytes
during a provisioning or presentation session), and doesn't
dynamically allocate any memory. Crypto routines are provided by the
library user through a simple crypto interface defined in EicOps.

Also provide an Android-side HAL implementation designed to
communicate with libeic running in Secure Hardware outside
Android. Abstract out communications between HAL and TA in a couple of
SecureHardwareProxy* classes which mimic libeic 1:1.

The default implementation of the HAL is a combination of the
aforementioned HAL using libeic in-process backed by BoringSSL for the
crypto bits.

Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Bug: 170146643
Change-Id: I3bf43fa7fd9362f94023052591801f2094a04607

diff --git a/identity/aidl/default/service.cpp b/identity/aidl/default/service.cpp
index bf95df5..c290c08 100644
--- a/identity/aidl/default/service.cpp
+++ b/identity/aidl/default/service.cpp

@@ -22,20 +22,26 @@
 
 #include "IdentityCredentialStore.h"
 
+#include "FakeSecureHardwareProxy.h"
+
+using ::android::sp;
 using ::android::base::InitLogging;
 using ::android::base::StderrLogger;
 
-using aidl::android::hardware::identity::IdentityCredentialStore;
+using ::aidl::android::hardware::identity::IdentityCredentialStore;
+using ::android::hardware::identity::FakeSecureHardwareProxyFactory;
+using ::android::hardware::identity::SecureHardwareProxyFactory;
 
 int main(int /*argc*/, char* argv[]) {
     InitLogging(argv, StderrLogger);
 
+    sp<SecureHardwareProxyFactory> hwProxyFactory = new FakeSecureHardwareProxyFactory();
+
     ABinderProcess_setThreadPoolMaxThreadCount(0);
     std::shared_ptr<IdentityCredentialStore> store =
-            ndk::SharedRefBase::make<IdentityCredentialStore>();
+            ndk::SharedRefBase::make<IdentityCredentialStore>(hwProxyFactory);
 
     const std::string instance = std::string() + IdentityCredentialStore::descriptor + "/default";
-    LOG(INFO) << "instance: " << instance;
     binder_status_t status = AServiceManager_addService(store->asBinder().get(), instance.c_str());
     CHECK(status == STATUS_OK);