tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_hardware_interfaces/identity/aidl/default/EicOpsImpl.h
David Zeuthen 630de2a93e Identity Credential: Switch default implementation to use libeic. 
Introduce platform-neutral C library ("libeic") which can be used to
implement an Identity Credential Trusted Application/Applet in Secure
Hardware.

The libeic library is intentionally low-level, has no dependencies
(not even libc), uses very little run-time memory (less than 500 bytes
during a provisioning or presentation session), and doesn't
dynamically allocate any memory. Crypto routines are provided by the
library user through a simple crypto interface defined in EicOps.

Also provide an Android-side HAL implementation designed to
communicate with libeic running in Secure Hardware outside
Android. Abstract out communications between HAL and TA in a couple of
SecureHardwareProxy* classes which mimic libeic 1:1.

The default implementation of the HAL is a combination of the
aforementioned HAL using libeic in-process backed by BoringSSL for the
crypto bits.

Test: atest VtsHalIdentityTargetTest
Test: atest android.security.identity.cts
Bug: 170146643
Change-Id: I3bf43fa7fd9362f94023052591801f2094a04607
2021-01-05 18:30:59 -05:00

46 lines
1.2 KiB
C
Raw Blame History

/*
* Copyright 2020, The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef ANDROID_HARDWARE_IDENTITY_EIC_OPS_IMPL_H
#define ANDROID_HARDWARE_IDENTITY_EIC_OPS_IMPL_H
#include <stdbool.h>
#include <stddef.h>
#include <stdlib.h>
// Add whatever includes are needed for definitions below.
//
#include <openssl/hmac.h>
#include <openssl/sha.h>
#ifdef __cplusplus
extern "C" {
#endif
// Set the following defines to match the implementation of the supplied
// eicOps*() operations. See EicOps.h for details.
//
#define EIC_SHA256_CONTEXT_SIZE sizeof(SHA256_CTX)
#define EIC_HMAC_SHA256_CONTEXT_SIZE sizeof(HMAC_CTX)
#ifdef __cplusplus
}
#endif
#endif // ANDROID_HARDWARE_IDENTITY_EMBEDDED_IC_H
Reference in a new issue View git blame Copy permalink