AuthGraph: move code into library
Use the core library's new service implementation, which wraps a
channel to the TA.
In this nonsecure case, the TA is local in-process, so use the core
library's AuthGraphTa, and implement the SerializedChannel as just
a direct invocation of the TA.
Move this code into a _nonsecure library, so the main.rs just has
the code needed to start the executable and register the service.
Test: VtsAidlAuthGraphSessionTest
Bug: 284470121
Change-Id: I738d3876872a8cd248f0ebec708676d1173b6e37
diff --git a/security/authgraph/default/src/main.rs b/security/authgraph/default/src/main.rs
index dc4a8e4..873eb4e 100644
--- a/security/authgraph/default/src/main.rs
+++ b/security/authgraph/default/src/main.rs
@@ -22,18 +22,10 @@
//! expose an entrypoint that allowed retrieval of the specific IAuthGraphKeyExchange instance that
//! is correlated with the component).
-use android_hardware_security_authgraph::aidl::android::hardware::security::authgraph::{
- Arc::Arc, IAuthGraphKeyExchange::BnAuthGraphKeyExchange,
- IAuthGraphKeyExchange::IAuthGraphKeyExchange, Identity::Identity, KeInitResult::KeInitResult,
- Key::Key, PubKey::PubKey, SessionIdSignature::SessionIdSignature, SessionInfo::SessionInfo,
- SessionInitiationInfo::SessionInitiationInfo,
-};
-use authgraph_boringssl as boring;
-use authgraph_core::{key::MillisecondsSinceEpoch, keyexchange as ke, traits};
-use authgraph_hal::{errcode_to_binder, Innto, TryInnto};
+use authgraph_hal::service;
+use authgraph_nonsecure::LocalTa;
use log::{error, info};
-use std::ffi::CString;
-use std::sync::Mutex;
+use std::sync::{Arc, Mutex};
static SERVICE_NAME: &str = "android.hardware.security.authgraph.IAuthGraphKeyExchange";
static SERVICE_INSTANCE: &str = "nonsecure";
@@ -73,7 +65,8 @@
binder::ProcessState::start_thread_pool();
// Register the service
- let service = AuthGraphService::new_as_binder();
+ let local_ta = LocalTa::new();
+ let service = service::AuthGraphService::new_as_binder(Arc::new(Mutex::new(local_ta)));
let service_name = format!("{}/{}", SERVICE_NAME, SERVICE_INSTANCE);
binder::add_service(&service_name, service.as_binder()).map_err(|e| {
format!(
@@ -87,148 +80,3 @@
info!("AuthGraph HAL service is terminating."); // should not reach here
Ok(())
}
-
-/// Non-secure implementation of the AuthGraph key exchange service.
-struct AuthGraphService {
- imp: Mutex<traits::TraitImpl>,
-}
-
-impl AuthGraphService {
- /// Create a new instance.
- fn new() -> Self {
- Self {
- imp: Mutex::new(traits::TraitImpl {
- aes_gcm: Box::new(boring::BoringAes),
- ecdh: Box::new(boring::BoringEcDh),
- ecdsa: Box::new(boring::BoringEcDsa),
- hmac: Box::new(boring::BoringHmac),
- hkdf: Box::new(boring::BoringHkdf),
- sha256: Box::new(boring::BoringSha256),
- rng: Box::new(boring::BoringRng),
- device: Box::<boring::test_device::AgDevice>::default(),
- clock: Some(Box::new(StdClock)),
- }),
- }
- }
-
- /// Create a new instance wrapped in a proxy object.
- pub fn new_as_binder() -> binder::Strong<dyn IAuthGraphKeyExchange> {
- BnAuthGraphKeyExchange::new_binder(Self::new(), binder::BinderFeatures::default())
- }
-}
-
-impl binder::Interface for AuthGraphService {}
-
-/// Extract (and require) an unsigned public key as bytes from a [`PubKey`].
-fn unsigned_pub_key(pub_key: &PubKey) -> binder::Result<&[u8]> {
- match pub_key {
- PubKey::PlainKey(key) => Ok(&key.plainPubKey),
- PubKey::SignedKey(_) => Err(binder::Status::new_exception(
- binder::ExceptionCode::ILLEGAL_ARGUMENT,
- Some(&CString::new("expected unsigned public key").unwrap()),
- )),
- }
-}
-
-fn err_to_binder(err: authgraph_core::error::Error) -> binder::Status {
- if err.0 != authgraph_wire::ErrorCode::Ok && !err.1.is_empty() {
- error!("failure {:?} message: '{}'", err.0, err.1);
- }
- errcode_to_binder(err.0)
-}
-
-/// This nonsecure implementation of the AuthGraph HAL interface directly calls the AuthGraph
-/// reference implementation library code; a real implementation requires the AuthGraph
-/// code to run in a secure environment, not within Android.
-impl IAuthGraphKeyExchange for AuthGraphService {
- fn create(&self) -> binder::Result<SessionInitiationInfo> {
- info!("create()");
- let mut imp = self.imp.lock().unwrap();
- let info = ke::create(&mut *imp).map_err(err_to_binder)?;
- Ok(info.innto())
- }
- fn init(
- &self,
- peer_pub_key: &PubKey,
- peer_id: &Identity,
- peer_nonce: &[u8],
- peer_version: i32,
- ) -> binder::Result<KeInitResult> {
- info!("init(v={peer_version})");
- let mut imp = self.imp.lock().unwrap();
- let peer_pub_key = unsigned_pub_key(peer_pub_key)?;
- let result = ke::init(
- &mut *imp,
- peer_pub_key,
- &peer_id.identity,
- &peer_nonce,
- peer_version,
- )
- .map_err(err_to_binder)?;
- Ok(result.innto())
- }
-
- fn finish(
- &self,
- peer_pub_key: &PubKey,
- peer_id: &Identity,
- peer_signature: &SessionIdSignature,
- peer_nonce: &[u8],
- peer_version: i32,
- own_key: &Key,
- ) -> binder::Result<SessionInfo> {
- info!("finish(v={peer_version})");
- let mut imp = self.imp.lock().unwrap();
- let peer_pub_key = unsigned_pub_key(peer_pub_key)?;
- let own_key: Key = own_key.clone();
- let own_key: authgraph_core::key::Key = own_key.try_innto()?;
- let session_info = ke::finish(
- &mut *imp,
- peer_pub_key,
- &peer_id.identity,
- &peer_signature.signature,
- &peer_nonce,
- peer_version,
- own_key,
- )
- .map_err(err_to_binder)?;
- Ok(session_info.innto())
- }
-
- fn authenticationComplete(
- &self,
- peer_signature: &SessionIdSignature,
- shared_keys: &[Arc; 2],
- ) -> binder::Result<[Arc; 2]> {
- info!("authComplete()");
- let mut imp = self.imp.lock().unwrap();
- let shared_keys = [shared_keys[0].arc.clone(), shared_keys[1].arc.clone()];
- let arcs = ke::authentication_complete(&mut *imp, &peer_signature.signature, shared_keys)
- .map_err(err_to_binder)?;
- Ok(arcs.map(|arc| Arc { arc }))
- }
-}
-
-/// Monotonic clock.
-#[derive(Default)]
-pub struct StdClock;
-
-impl traits::MonotonicClock for StdClock {
- fn now(&self) -> authgraph_core::key::MillisecondsSinceEpoch {
- let mut time = libc::timespec {
- tv_sec: 0, // libc::time_t
- tv_nsec: 0, // libc::c_long
- };
- let rc =
- // Safety: `time` is a valid structure.
- unsafe { libc::clock_gettime(libc::CLOCK_BOOTTIME, &mut time as *mut libc::timespec) };
- if rc < 0 {
- log::warn!("failed to get time!");
- return MillisecondsSinceEpoch(0);
- }
- // The types in `libc::timespec` may be different on different architectures,
- // so allow conversion to `i64`.
- #[allow(clippy::unnecessary_cast)]
- MillisecondsSinceEpoch((time.tv_sec as i64 * 1000) + (time.tv_nsec as i64 / 1000 / 1000))
- }
-}