From 2759df0d3cfade4954acc03899569d52d2cda82f Mon Sep 17 00:00:00 2001
From: Shikha Panwar <shikhapanwar@google.com>
Date: Mon, 27 Nov 2023 22:00:42 +0000
Subject: [PATCH] [Secretkeeper] In-memory KeyValueStore

We introduce InMemoryStore, an implementation of KeyValueStore trait.
This can be used for implementing backends that VTS can run against.

Bug: 291224769
Test: atest VtsSecretkeeperTargetTest
Change-Id: Id109ee3bd38ec0979953b6285019c97d418172ef
---
 security/secretkeeper/default/Android.bp   |  1 +
 security/secretkeeper/default/src/main.rs  | 19 +++++++-----
 security/secretkeeper/default/src/store.rs | 36 ++++++++++++++++++++++
 3 files changed, 49 insertions(+), 7 deletions(-)
 create mode 100644 security/secretkeeper/default/src/store.rs

diff --git a/security/secretkeeper/default/Android.bp b/security/secretkeeper/default/Android.bp
index 6612ea2f82..08cc67a5d0 100644
--- a/security/secretkeeper/default/Android.bp
+++ b/security/secretkeeper/default/Android.bp
@@ -35,6 +35,7 @@ rust_binary {
         "libauthgraph_hal",
         "libbinder_rs",
         "liblog_rust",
+        "libsecretkeeper_comm_nostd",
         "libsecretkeeper_core_nostd",
         "libsecretkeeper_hal",
     ],
diff --git a/security/secretkeeper/default/src/main.rs b/security/secretkeeper/default/src/main.rs
index a2910179a9..c8c15215c2 100644
--- a/security/secretkeeper/default/src/main.rs
+++ b/security/secretkeeper/default/src/main.rs
@@ -15,17 +15,21 @@
  */
 
 //! Non-secure implementation of the Secretkeeper HAL.
+mod store;
 
-use log::{error, info, Level};
-use std::sync::{Arc, Mutex};
 use authgraph_boringssl as boring;
-use authgraph_core::ta::{Role, AuthGraphTa};
-use authgraph_core::keyexchange::{MAX_OPENED_SESSIONS, AuthGraphParticipant};
+use authgraph_core::keyexchange::{AuthGraphParticipant, MAX_OPENED_SESSIONS};
+use authgraph_core::ta::{AuthGraphTa, Role};
+use authgraph_hal::channel::SerializedChannel;
+use log::{error, info, Level};
 use secretkeeper_core::ta::SecretkeeperTa;
 use secretkeeper_hal::SecretkeeperService;
-use authgraph_hal::channel::SerializedChannel;
+use std::sync::Arc;
+use std::sync::Mutex;
+use store::InMemoryStore;
+
 use android_hardware_security_secretkeeper::aidl::android::hardware::security::secretkeeper::ISecretkeeper::{
-    ISecretkeeper, BpSecretkeeper,
+    BpSecretkeeper, ISecretkeeper,
 };
 use std::cell::RefCell;
 use std::rc::Rc;
@@ -53,8 +57,9 @@ impl LocalTa {
         // The TA code expects to run single threaded, so spawn a thread to run it in.
         std::thread::spawn(move || {
             let mut crypto_impls = boring::crypto_trait_impls();
+            let storage_impl = Box::new(InMemoryStore::default());
             let sk_ta = Rc::new(RefCell::new(
-                SecretkeeperTa::new(&mut crypto_impls)
+                SecretkeeperTa::new(&mut crypto_impls, storage_impl)
                     .expect("Failed to create local Secretkeeper TA"),
             ));
             let mut ag_ta = AuthGraphTa::new(
diff --git a/security/secretkeeper/default/src/store.rs b/security/secretkeeper/default/src/store.rs
new file mode 100644
index 0000000000..7b2d0b94d6
--- /dev/null
+++ b/security/secretkeeper/default/src/store.rs
@@ -0,0 +1,36 @@
+/*
+ * Copyright (C) 2023 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+use secretkeeper_comm::data_types::error::Error;
+use secretkeeper_core::store::KeyValueStore;
+use std::collections::HashMap;
+
+/// An in-memory implementation of KeyValueStore. Please note that this is entirely for
+/// testing purposes. Refer to the documentation of `PolicyGatedStorage` & Secretkeeper HAL for
+/// persistence requirements.
+#[derive(Default)]
+pub struct InMemoryStore(HashMap<Vec<u8>, Vec<u8>>);
+impl KeyValueStore for InMemoryStore {
+    fn store(&mut self, key: &[u8], val: &[u8]) -> Result<(), Error> {
+        // This will overwrite the value if key is already present.
+        let _ = self.0.insert(key.to_vec(), val.to_vec());
+        Ok(())
+    }
+
+    fn get(&self, key: &[u8]) -> Result<Option<Vec<u8>>, Error> {
+        let optional_val = self.0.get(key);
+        Ok(optional_val.cloned())
+    }
+}