diff options
| author | David Zeuthen <zeuthen@google.com> | 2020-05-11 14:04:54 -0400 |
|---|---|---|
| committer | David Zeuthen <zeuthen@google.com> | 2021-01-05 18:30:59 -0500 |
| commit | 630de2a93e48d8f9ed2a23806d46b7a7a6b46c74 (patch) | |
| tree | 7af50ea784609a5f340dd82ae7c386aae610668c /identity/aidl/default/service.cpp | |
| parent | 19086060541a2a812e76921d3d6a6bdb4f97c521 (diff) | |
Identity Credential: Switch default implementation to use libeic.
Introduce platform-neutral C library ("libeic") which can be used to
implement an Identity Credential Trusted Application/Applet in Secure
Hardware.
The libeic library is intentionally low-level, has no dependencies
(not even libc), uses very little run-time memory (less than 500 bytes
during a provisioning or presentation session), and doesn't
dynamically allocate any memory. Crypto routines are provided by the
library user through a simple crypto interface defined in EicOps.
Also provide an Android-side HAL implementation designed to
communicate with libeic running in Secure Hardware outside
Android. Abstract out communications between HAL and TA in a couple of
SecureHardwareProxy* classes which mimic libeic 1:1.
The default implementation of the HAL is a combination of the
aforementioned HAL using libeic in-process backed by BoringSSL for the
crypto bits.
Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Bug: 170146643
Change-Id: I3bf43fa7fd9362f94023052591801f2094a04607
Diffstat (limited to 'identity/aidl/default/service.cpp')
| -rw-r--r-- | identity/aidl/default/service.cpp | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/identity/aidl/default/service.cpp b/identity/aidl/default/service.cpp index bf95df523a..c290c0827e 100644 --- a/identity/aidl/default/service.cpp +++ b/identity/aidl/default/service.cpp @@ -22,20 +22,26 @@ #include "IdentityCredentialStore.h" +#include "FakeSecureHardwareProxy.h" + +using ::android::sp; using ::android::base::InitLogging; using ::android::base::StderrLogger; -using aidl::android::hardware::identity::IdentityCredentialStore; +using ::aidl::android::hardware::identity::IdentityCredentialStore; +using ::android::hardware::identity::FakeSecureHardwareProxyFactory; +using ::android::hardware::identity::SecureHardwareProxyFactory; int main(int /*argc*/, char* argv[]) { InitLogging(argv, StderrLogger); + sp<SecureHardwareProxyFactory> hwProxyFactory = new FakeSecureHardwareProxyFactory(); + ABinderProcess_setThreadPoolMaxThreadCount(0); std::shared_ptr<IdentityCredentialStore> store = - ndk::SharedRefBase::make<IdentityCredentialStore>(); + ndk::SharedRefBase::make<IdentityCredentialStore>(hwProxyFactory); const std::string instance = std::string() + IdentityCredentialStore::descriptor + "/default"; - LOG(INFO) << "instance: " << instance; binder_status_t status = AServiceManager_addService(store->asBinder().get(), instance.c_str()); CHECK(status == STATUS_OK); |