Add HIDL backend to keystore service am: 657356c169
am: 86050dcfc6
Change-Id: I6e927be5e4ccf54399cfd9ceaf5257fd4ac2c221
diff --git a/keystore-engine/Android.mk b/keystore-engine/Android.mk
index 955508b..2264390 100644
--- a/keystore-engine/Android.mk
+++ b/keystore-engine/Android.mk
@@ -37,3 +37,29 @@
LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
include $(BUILD_SHARED_LIBRARY)
+
+include $(CLEAR_VARS)
+
+# This builds a variant of libkeystore-engine that uses a HIDL HAL
+# owned by the WiFi user to perform signing operations.
+LOCAL_MODULE := libkeystore-engine-wifi
+
+LOCAL_SRC_FILES := \
+ android_engine.cpp \
+ keystore_backend_hidl.cpp
+
+LOCAL_MODULE_TAGS := optional
+LOCAL_CFLAGS := -fvisibility=hidden -Wall -Werror -DBACKEND_WIFI_HIDL
+
+LOCAL_SHARED_LIBRARIES += \
+ android.system.wifi.keystore@1.0 \
+ libcrypto \
+ liblog \
+ libhidlbase \
+ libhidltransport \
+ libcutils \
+ libutils
+
+LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
+
+include $(BUILD_SHARED_LIBRARY)
diff --git a/keystore-engine/android_engine.cpp b/keystore-engine/android_engine.cpp
index 8324b55..71f369f 100644
--- a/keystore-engine/android_engine.cpp
+++ b/keystore-engine/android_engine.cpp
@@ -21,8 +21,6 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
#define LOG_TAG "keystore-engine"
-#include "keystore_backend_binder.h"
-
#include <UniquePtr.h>
#include <pthread.h>
@@ -42,6 +40,12 @@
#include <openssl/rsa.h>
#include <openssl/x509.h>
+#ifndef BACKEND_WIFI_HIDL
+#include "keystore_backend_binder.h"
+#else
+#include "keystore_backend_hidl.h"
+#endif
+
namespace {
extern const RSA_METHOD keystore_rsa_method;
extern const ECDSA_METHOD keystore_ecdsa_method;
@@ -112,7 +116,11 @@
* should only be called by |pthread_once|. */
void init_keystore_engine() {
g_keystore_engine = new KeystoreEngine;
+#ifndef BACKEND_WIFI_HIDL
g_keystore_backend = new KeystoreBackendBinder;
+#else
+ g_keystore_backend = new KeystoreBackendHidl;
+#endif
}
/* ensure_keystore_engine ensures that |g_keystore_engine| is pointing to a
diff --git a/keystore-engine/keystore_backend.h b/keystore-engine/keystore_backend.h
index 19fc183..88c94b3 100644
--- a/keystore-engine/keystore_backend.h
+++ b/keystore-engine/keystore_backend.h
@@ -20,6 +20,9 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+#ifndef ANDROID_KEYSTORE_BACKEND_H
+#define ANDROID_KEYSTORE_BACKEND_H
+
#include <stdint.h>
class KeystoreBackend {
@@ -31,3 +34,4 @@
size_t* reply_len) = 0;
};
+#endif // ANDROID_KEYSTORE_BACKEND_H
diff --git a/keystore-engine/keystore_backend_binder.h b/keystore-engine/keystore_backend_binder.h
index 0fcf8de..1db90f7 100644
--- a/keystore-engine/keystore_backend_binder.h
+++ b/keystore-engine/keystore_backend_binder.h
@@ -20,6 +20,9 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+#ifndef ANDROID_KEYSTORE_BACKEND_BINDER_H
+#define ANDROID_KEYSTORE_BACKEND_BINDER_H
+
#include "keystore_backend.h"
class KeystoreBackendBinder : public KeystoreBackend {
@@ -32,3 +35,4 @@
size_t* reply_len) override;
};
+#endif // ANDROID_KEYSTORE_BACKEND_BINDER_H
diff --git a/keystore-engine/keystore_backend_hidl.cpp b/keystore-engine/keystore_backend_hidl.cpp
new file mode 100644
index 0000000..b791afa
--- /dev/null
+++ b/keystore-engine/keystore_backend_hidl.cpp
@@ -0,0 +1,86 @@
+/* Copyright 2017 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "keystore_backend_hidl.h"
+
+#include <android/system/wifi/keystore/1.0/IKeystore.h>
+
+using android::hardware::hidl_vec;
+using android::hardware::Return;
+using android::sp;
+using android::system::wifi::keystore::V1_0::IKeystore;
+
+int32_t KeystoreBackendHidl::sign(
+ const char *key_id, const uint8_t* in, size_t len, uint8_t** reply,
+ size_t* reply_len) {
+ if (key_id == NULL || in == NULL || reply == NULL || reply_len == NULL) {
+ ALOGE("Null pointer argument passed");
+ return -1;
+ }
+
+ sp<IKeystore> service = IKeystore::getService();
+
+ if (service == NULL) {
+ ALOGE("could not contact keystore");
+ return -1;
+ }
+
+ bool success = false;
+ auto cb = [&](IKeystore::KeystoreStatusCode status,
+ hidl_vec<uint8_t> signedData) {
+ if (status == IKeystore::KeystoreStatusCode::SUCCESS) {
+ *reply_len = signedData.size();
+ *reply = signedData.releaseData();
+ success = true;
+ }
+ };
+ Return<void> ret = service->sign(
+ key_id, std::vector<uint8_t>(in, in + len), cb);
+ return ret.isOk() && success;
+}
+
+int32_t KeystoreBackendHidl::get_pubkey(
+ const char *key_id, uint8_t** pubkey, size_t* pubkey_len) {
+ if (key_id == NULL || pubkey == NULL || pubkey_len == NULL) {
+ ALOGE("Null pointer argument passed");
+ return -1;
+ }
+
+ sp<IKeystore> service = IKeystore::getService();
+
+ if (service == NULL) {
+ ALOGE("could not contact keystore");
+ return -1;
+ }
+
+ bool success = false;
+ auto cb = [&](IKeystore::KeystoreStatusCode status,
+ hidl_vec<uint8_t> publicKey) {
+ if (status == IKeystore::KeystoreStatusCode::SUCCESS) {
+ *pubkey_len = publicKey.size();
+ *pubkey = publicKey.releaseData();
+ success = true;
+ }
+ };
+ Return<void> ret = service->getPublicKey(key_id, cb);
+ return ret.isOk() && success;
+}
diff --git a/keystore-engine/keystore_backend_hidl.h b/keystore-engine/keystore_backend_hidl.h
new file mode 100644
index 0000000..fd38f69
--- /dev/null
+++ b/keystore-engine/keystore_backend_hidl.h
@@ -0,0 +1,38 @@
+/* Copyright 2017 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#ifndef ANDROID_KEYSTORE_BACKEND_HIDL_H
+#define ANDROID_KEYSTORE_BACKEND_HIDL_H
+
+#include "keystore_backend.h"
+
+class KeystoreBackendHidl : public KeystoreBackend {
+ public:
+ KeystoreBackendHidl() {}
+ virtual ~KeystoreBackendHidl() {}
+ int32_t sign(const char *key_id, const uint8_t* in, size_t len,
+ uint8_t** reply, size_t* reply_len) override;
+ int32_t get_pubkey(const char *key_id, uint8_t** pubkey,
+ size_t* reply_len) override;
+};
+
+#endif // ANDROID_KEYSTORE_BACKEND_HIDL_H