Add HIDL backend to keystore service

This CL adds variants of the public key retrieval and signing routine which use the WiFi Keystore HIDL for the backend. The Android.mk has been modified to build a second variant of the library to expose this HIDL backend. While here, add guards to all headers. Bug: 34603782 Test: Able to connect to wifi passpoint networks. Change-Id: I444ef383e4d3fdabc10c3e44c1bae9747613c8cf
2017-03-09 00:00:23 -08:00 · 2017-03-09 00:00:23 -08:00 · 657356c169
commit 657356c169
parent ac0ffbf62c
6 changed files with 168 additions and 2 deletions
--- a/keystore-engine/Android.mk
+++ b/keystore-engine/Android.mk
@ -37,3 +37,29 @@ LOCAL_SHARED_LIBRARIES += \
 LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk

 include $(BUILD_SHARED_LIBRARY)
+
+include $(CLEAR_VARS)
+
+# This builds a variant of libkeystore-engine that uses a HIDL HAL
+# owned by the WiFi user to perform signing operations.
+LOCAL_MODULE := libkeystore-engine-wifi
+
+LOCAL_SRC_FILES := \
+	android_engine.cpp \
+	keystore_backend_hidl.cpp
+
+LOCAL_MODULE_TAGS := optional
+LOCAL_CFLAGS := -fvisibility=hidden -Wall -Werror -DBACKEND_WIFI_HIDL
+
+LOCAL_SHARED_LIBRARIES += \
+	android.system.wifi.keystore@1.0 \
+	libcrypto \
+	liblog \
+	libhidlbase \
+	libhidltransport \
+	libcutils \
+	libutils
+
+LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk
+
+include $(BUILD_SHARED_LIBRARY)
--- a/keystore-engine/android_engine.cpp
+++ b/keystore-engine/android_engine.cpp
@ -21,8 +21,6 @@
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */

 #define LOG_TAG "keystore-engine"
-#include "keystore_backend_binder.h"
-
 #include <UniquePtr.h>

 #include <pthread.h>
@ -42,6 +40,12 @@
 #include <openssl/rsa.h>
 #include <openssl/x509.h>

+#ifndef BACKEND_WIFI_HIDL
+#include "keystore_backend_binder.h"
+#else
+#include "keystore_backend_hidl.h"
+#endif
+
 namespace {
 extern const RSA_METHOD keystore_rsa_method;
 extern const ECDSA_METHOD keystore_ecdsa_method;
@ -112,7 +116,11 @@ KeystoreBackend *g_keystore_backend;
 * should only be called by |pthread_once|. */
 void init_keystore_engine() {
    g_keystore_engine = new KeystoreEngine;
+#ifndef BACKEND_WIFI_HIDL
    g_keystore_backend = new KeystoreBackendBinder;
+#else
+    g_keystore_backend = new KeystoreBackendHidl;
+#endif
 }

 /* ensure_keystore_engine ensures that |g_keystore_engine| is pointing to a
--- a/keystore-engine/keystore_backend.h
+++ b/keystore-engine/keystore_backend.h
@ -20,6 +20,9 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */

+#ifndef ANDROID_KEYSTORE_BACKEND_H
+#define ANDROID_KEYSTORE_BACKEND_H
+
 #include <stdint.h>

 class KeystoreBackend {
@ -31,3 +34,4 @@ class KeystoreBackend {
                               size_t* reply_len) = 0;
 };

+#endif  // ANDROID_KEYSTORE_BACKEND_H
--- a/keystore-engine/keystore_backend_binder.h
+++ b/keystore-engine/keystore_backend_binder.h
@ -20,6 +20,9 @@
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */

+#ifndef ANDROID_KEYSTORE_BACKEND_BINDER_H
+#define ANDROID_KEYSTORE_BACKEND_BINDER_H
+
 #include "keystore_backend.h"

 class KeystoreBackendBinder : public KeystoreBackend {
@ -32,3 +35,4 @@ class KeystoreBackendBinder : public KeystoreBackend {
                     size_t* reply_len) override;
 };

+#endif  // ANDROID_KEYSTORE_BACKEND_BINDER_H
--- a/keystore-engine/keystore_backend_hidl.cpp
+++ b/keystore-engine/keystore_backend_hidl.cpp
@ -0,0 +1,86 @@
+/* Copyright 2017 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#include "keystore_backend_hidl.h"
+
+#include <android/system/wifi/keystore/1.0/IKeystore.h>
+
+using android::hardware::hidl_vec;
+using android::hardware::Return;
+using android::sp;
+using android::system::wifi::keystore::V1_0::IKeystore;
+
+int32_t KeystoreBackendHidl::sign(
+        const char *key_id, const uint8_t* in, size_t len, uint8_t** reply,
+        size_t* reply_len) {
+    if (key_id == NULL || in == NULL || reply == NULL || reply_len == NULL) {
+        ALOGE("Null pointer argument passed");
+        return -1;
+    }
+
+    sp<IKeystore> service = IKeystore::getService();
+
+    if (service == NULL) {
+        ALOGE("could not contact keystore");
+        return -1;
+    }
+
+    bool success = false;
+    auto cb = [&](IKeystore::KeystoreStatusCode status,
+                  hidl_vec<uint8_t> signedData) {
+      if (status == IKeystore::KeystoreStatusCode::SUCCESS) {
+          *reply_len = signedData.size();
+          *reply = signedData.releaseData();
+          success = true;
+      }
+    };
+    Return<void> ret = service->sign(
+        key_id, std::vector<uint8_t>(in, in + len), cb);
+    return ret.isOk() && success;
+}
+
+int32_t KeystoreBackendHidl::get_pubkey(
+        const char *key_id, uint8_t** pubkey, size_t* pubkey_len) {
+    if (key_id == NULL || pubkey == NULL || pubkey_len == NULL) {
+        ALOGE("Null pointer argument passed");
+        return -1;
+    }
+
+    sp<IKeystore> service = IKeystore::getService();
+
+    if (service == NULL) {
+        ALOGE("could not contact keystore");
+        return -1;
+    }
+
+    bool success = false;
+    auto cb = [&](IKeystore::KeystoreStatusCode status,
+                  hidl_vec<uint8_t> publicKey) {
+      if (status == IKeystore::KeystoreStatusCode::SUCCESS) {
+          *pubkey_len = publicKey.size();
+          *pubkey = publicKey.releaseData();
+          success = true;
+      }
+    };
+    Return<void> ret = service->getPublicKey(key_id, cb);
+    return ret.isOk() && success;
+}
--- a/keystore-engine/keystore_backend_hidl.h
+++ b/keystore-engine/keystore_backend_hidl.h
@ -0,0 +1,38 @@
+/* Copyright 2017 The Android Open Source Project
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+ * DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY
+ * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */
+
+#ifndef ANDROID_KEYSTORE_BACKEND_HIDL_H
+#define ANDROID_KEYSTORE_BACKEND_HIDL_H
+
+#include "keystore_backend.h"
+
+class KeystoreBackendHidl : public KeystoreBackend {
+  public:
+    KeystoreBackendHidl() {}
+    virtual ~KeystoreBackendHidl() {}
+    int32_t sign(const char *key_id, const uint8_t* in, size_t len,
+                 uint8_t** reply, size_t* reply_len) override;
+    int32_t get_pubkey(const char *key_id, uint8_t** pubkey,
+                     size_t* reply_len) override;
+};
+
+#endif  // ANDROID_KEYSTORE_BACKEND_HIDL_H