Initial Empty Trusty implementation for HWCryptoDeviceKeyAccess

Trusty AIDL empty implementation for HWCryptoDeviceKeyAccess.
Currently all functions panic when called.

Bug: 284156656
Test: build & unit test to connect to server
Change-Id: I2a3ee1733cdfb5ff6ae1c538e7f07e1a89552ffd

13 files changed, 505 insertions, 0 deletions

diff --git a/hwcryptohal/aidl/rust/rules.mk b/hwcryptohal/aidl/rust/rules.mk
new file mode 100644
index 0000000..8feadf7
--- /dev/null
+++ b/hwcryptohal/aidl/rust/rules.mk
@@ -0,0 +1,62 @@
+# Copyright (C) 2023 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+LOCAL_DIR := $(GET_LOCAL_DIR)
+
+MODULE := $(LOCAL_DIR)
+
+HWCRYPTO_AIDL_DIR = hardware/interfaces/staging/security/see/hwcrypto/aidl
+
+MODULE_CRATE_NAME := android_hardware_security_see
+
+MODULE_AIDL_LANGUAGE := rust
+
+MODULE_AIDL_PACKAGE := android/hardware/security/see/hwcrypto
+
+MODULE_AIDL_INCLUDES := \
+	-I $(HWCRYPTO_AIDL_DIR) \
+
+MODULE_AIDLS := \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/CryptoOperation.aidl                        \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/CryptoOperationErrorAdditionalInfo.aidl     \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/CryptoOperationResult.aidl                  \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/CryptoOperationSet.aidl                     \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/ICryptoOperationContext.aidl                \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/IHwCryptoKey.aidl                           \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/IHwCryptoOperations.aidl                    \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/IOpaqueKey.aidl                             \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/KeyPolicy.aidl                              \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/MemoryBufferParameter.aidl                  \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/OperationParameters.aidl                    \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/PatternParameters.aidl                      \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/AesCipherMode.aidl                    \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/AesGcmMode.aidl                       \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/CipherModeParameters.aidl             \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/HalErrorCode.aidl                     \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/KeyLifetime.aidl                      \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/KeyPermissions.aidl                   \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/KeyType.aidl                          \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/KeyUse.aidl                           \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/MemoryBufferReference.aidl            \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/OperationData.aidl                    \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/OperationType.aidl                    \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/SymmetricAuthCryptoParameters.aidl    \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/SymmetricAuthOperationParameters.aidl \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/SymmetricCryptoParameters.aidl        \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/SymmetricOperation.aidl               \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/SymmetricOperationParameters.aidl     \
+    $(HWCRYPTO_AIDL_DIR)/$(MODULE_AIDL_PACKAGE)/types/Void.aidl                             \
+
+include make/aidl.mk
diff --git a/hwcryptohal/common/err.rs b/hwcryptohal/common/err.rs
new file mode 100644
index 0000000..50192b9
--- /dev/null
+++ b/hwcryptohal/common/err.rs
@@ -0,0 +1,104 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! HwCrypto error handling code and related structures
+
+use alloc::{collections::TryReserveError, ffi::CString};
+pub use android_hardware_security_see::aidl::android::hardware::security::see::hwcrypto::types::HalErrorCode;
+use android_hardware_security_see::binder;
+use core::array::TryFromSliceError;
+use coset::CoseError;
+
+/// Macro used to create a `HwCryptoError::HalError` by providing the AIDL `HalErrorCode` and a
+/// message: `hwcrypto_err!(UNSUPPORTED, "unsupported operation")`
+#[macro_export]
+macro_rules! hwcrypto_err {
+    { $error_code:ident, $($arg:tt)+ } => {
+        $crate::err::HwCryptoError::HalError {
+                code: $crate::err::HalErrorCode::$error_code,
+                file: std::file!(),
+                line: std::line!(),
+                message: alloc::format!("{}",std::format_args!($($arg)+)),
+        }
+    };
+}
+
+/// Base Error type for HwCrypto library.
+#[derive(Debug)]
+pub enum HwCryptoError {
+    /// HwCrypto library native error
+    HalError { code: i32, file: &'static str, line: u32, message: String },
+    /// Error generated by a keymint library
+    KmError(kmr_common::Error),
+    /// Error when (de)serializing CBOR objects
+    CborError(kmr_wire::CborError),
+}
+
+impl From<kmr_wire::CborError> for HwCryptoError {
+    fn from(e: kmr_wire::CborError) -> Self {
+        HwCryptoError::CborError(e)
+    }
+}
+
+impl From<kmr_common::Error> for HwCryptoError {
+    fn from(e: kmr_common::Error) -> Self {
+        HwCryptoError::KmError(e)
+    }
+}
+
+impl From<CoseError> for HwCryptoError {
+    fn from(e: CoseError) -> Self {
+        hwcrypto_err!(SERIALIZATION_ERROR, "Deserialization error: {}", e)
+    }
+}
+
+impl From<TryReserveError> for HwCryptoError {
+    fn from(e: TryReserveError) -> Self {
+        hwcrypto_err!(ALLOCATION_ERROR, "error allocating: {}", e)
+    }
+}
+
+impl From<TryFromSliceError> for HwCryptoError {
+    fn from(e: TryFromSliceError) -> Self {
+        hwcrypto_err!(ALLOCATION_ERROR, "error allocating from slice: {}", e)
+    }
+}
+
+impl From<HwCryptoError> for binder::Status {
+    fn from(e: HwCryptoError) -> Self {
+        match e {
+            HwCryptoError::KmError(e) => {
+                let msg = CString::new(format!("KM error {:?}", e).as_str()).unwrap();
+                binder::Status::new_service_specific_error(HalErrorCode::GENERIC_ERROR, Some(&msg))
+            }
+            HwCryptoError::HalError { code, file, line, message } => {
+                let msg = CString::new(
+                    format!("HWCrypto error on {}:{}: {}", file, line, message).as_str(),
+                )
+                .unwrap();
+                binder::Status::new_service_specific_error(code, Some(&msg))
+            }
+            HwCryptoError::CborError(e) => {
+                let msg =
+                    CString::new(format!("CBOR serialization error {:?}", e).as_str()).unwrap();
+                binder::Status::new_service_specific_error(
+                    HalErrorCode::SERIALIZATION_ERROR,
+                    Some(&msg),
+                )
+            }
+        }
+    }
+}
diff --git a/hwcryptohal/common/lib.rs b/hwcryptohal/common/lib.rs
new file mode 100644
index 0000000..6dfa221
--- /dev/null
+++ b/hwcryptohal/common/lib.rs
@@ -0,0 +1,19 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Library implementing common client and server HWCrypto functionality.
+
+pub mod err;
diff --git a/hwcryptohal/common/rules.mk b/hwcryptohal/common/rules.mk
new file mode 100644
index 0000000..78a062c
--- /dev/null
+++ b/hwcryptohal/common/rules.mk
@@ -0,0 +1,32 @@
+# Copyright (C) 2024 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+LOCAL_DIR := $(GET_LOCAL_DIR)
+
+MODULE := $(LOCAL_DIR)
+
+MODULE_SRCS += \
+	$(LOCAL_DIR)/lib.rs \
+
+MODULE_CRATE_NAME := hwcryptohal_common
+
+MODULE_LIBRARY_DEPS += \
+	trusty/user/app/sample/hwcryptohal/aidl/rust  \
+	trusty/user/base/lib/keymint-rust/common \
+	trusty/user/base/lib/tipc/rust \
+	trusty/user/base/lib/trusty-sys \
+	$(call FIND_CRATE,log) \
+
+include make/library.mk
diff --git a/hwcryptohal/server/app/main.rs b/hwcryptohal/server/app/main.rs
new file mode 100644
index 0000000..f2eb758
--- /dev/null
+++ b/hwcryptohal/server/app/main.rs
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+use hwcryptohalserver::hwcrypto_ipc_server;
+use log::info;
+
+fn main() {
+    trusty_log::init();
+    info!("starting HWCrypto server");
+
+    hwcrypto_ipc_server::main_loop().expect("main loop failed, should never happen");
+
+    //Unreachable code
+    unreachable!("HWCrypto server mainloop terminated");
+}
diff --git a/hwcryptohal/server/app/manifest.json b/hwcryptohal/server/app/manifest.json
new file mode 100644
index 0000000..53bfebd
--- /dev/null
+++ b/hwcryptohal/server/app/manifest.json
@@ -0,0 +1,6 @@
+{
+    "app_name": "hwcryptohalserver_app",
+    "uuid": "f49e28c4-d8b0-41c2-8197-11f27402c0f8",
+    "min_heap": 114688,
+    "min_stack": 32768
+}
diff --git a/hwcryptohal/server/app/rules.mk b/hwcryptohal/server/app/rules.mk
new file mode 100644
index 0000000..acba345
--- /dev/null
+++ b/hwcryptohal/server/app/rules.mk
@@ -0,0 +1,35 @@
+# Copyright (C) 2024 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+LOCAL_DIR := $(GET_LOCAL_DIR)
+
+MODULE := $(LOCAL_DIR)
+
+MANIFEST := $(LOCAL_DIR)/manifest.json
+
+MODULE_SRCS += \
+	$(LOCAL_DIR)/main.rs \
+
+MODULE_CRATE_NAME := hwcryptohalserver_app
+
+MODULE_LIBRARY_DEPS += \
+	trusty/user/app/sample/hwcryptohal/server \
+	trusty/user/base/lib/tipc/rust \
+	trusty/user/base/lib/trusty-sys \
+	trusty/user/base/lib/trusty-std \
+	$(call FIND_CRATE,log) \
+	trusty/user/base/lib/trusty-log \
+
+include make/trusted_app.mk
diff --git a/hwcryptohal/server/hwcrypto_device_key.rs b/hwcryptohal/server/hwcrypto_device_key.rs
new file mode 100644
index 0000000..0a65036
--- /dev/null
+++ b/hwcryptohal/server/hwcrypto_device_key.rs
@@ -0,0 +1,75 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Implementation of the `IHwCryptoKey` AIDL interface. It can be use to generate and
+//! retrieve device specific keys.
+
+use android_hardware_security_see::aidl::android::hardware::security::see::hwcrypto::{
+    IHwCryptoKey::BnHwCryptoKey,
+    IHwCryptoKey::{
+        DerivedKey::DerivedKey, DerivedKeyParameters::DerivedKeyParameters,
+        DiceBoundDerivationKey::DiceBoundDerivationKey, DiceBoundKeyResult::DiceBoundKeyResult,
+        DiceCurrentBoundKeyResult::DiceCurrentBoundKeyResult, IHwCryptoKey,
+    },
+};
+use android_hardware_security_see::binder;
+use tipc::Uuid;
+
+/// The `IHwCryptoKey` implementation.
+#[derive(Debug)]
+pub struct HwCryptoKey {
+    #[allow(dead_code)]
+    uuid: Uuid,
+}
+
+impl binder::Interface for HwCryptoKey {}
+
+impl HwCryptoKey {
+    pub(crate) fn new_binder(uuid: Uuid) -> binder::Strong<dyn IHwCryptoKey> {
+        let hwcrypto_device_key = HwCryptoKey { uuid };
+        BnHwCryptoKey::new_binder(hwcrypto_device_key, binder::BinderFeatures::default())
+    }
+}
+
+impl IHwCryptoKey for HwCryptoKey {
+    fn deriveCurrentDicePolicyBoundKey(
+        &self,
+        _derivation_key: &DiceBoundDerivationKey,
+    ) -> binder::Result<DiceCurrentBoundKeyResult> {
+        Err(binder::Status::new_exception_str(
+            binder::ExceptionCode::UNSUPPORTED_OPERATION,
+            Some("operation has not been implemented yet"),
+        ))
+    }
+
+    fn deriveDicePolicyBoundKey(
+        &self,
+        _derivation_key: &DiceBoundDerivationKey,
+        _dice_policy_for_key_version: &[u8],
+    ) -> binder::Result<DiceBoundKeyResult> {
+        Err(binder::Status::new_exception_str(
+            binder::ExceptionCode::UNSUPPORTED_OPERATION,
+            Some("operation has not been implemented yet"),
+        ))
+    }
+
+    fn deriveKey(&self, _parameters: &DerivedKeyParameters) -> binder::Result<DerivedKey> {
+        Err(binder::Status::new_exception_str(
+            binder::ExceptionCode::UNSUPPORTED_OPERATION,
+            Some("operation has not been implemented yet"),
+        ))
+    }
+}
diff --git a/hwcryptohal/server/hwcrypto_ipc_server.rs b/hwcryptohal/server/hwcrypto_ipc_server.rs
new file mode 100644
index 0000000..4248abe
--- /dev/null
+++ b/hwcryptohal/server/hwcrypto_ipc_server.rs
@@ -0,0 +1,68 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! AIDL IPC Server code.
+use crate::hwcrypto_device_key;
+use binder::SpIBinder;
+use core::ffi::CStr;
+use hwcryptohal_common::{err::HwCryptoError, hwcrypto_err};
+use rpcbinder::RpcServer;
+use tipc::{Manager, PortCfg, Uuid};
+
+const RUST_SERVICE_PORT: &CStr = c"com.android.trusty.rust.hwcryptohal.V1";
+
+fn create_device_key_service(uuid: Uuid) -> Option<SpIBinder> {
+    Some(hwcrypto_device_key::HwCryptoKey::new_binder(uuid).as_binder())
+}
+
+pub fn main_loop() -> Result<(), HwCryptoError> {
+    let hwdk_rpc_server = RpcServer::new_per_session(create_device_key_service);
+
+    let cfg = PortCfg::new(RUST_SERVICE_PORT.to_str().expect("should not happen, valid utf-8"))
+        .map_err(|e| {
+            hwcrypto_err!(
+                GENERIC_ERROR,
+                "could not create port config for {:?}: {:?}",
+                RUST_SERVICE_PORT,
+                e
+            )
+        })?
+        .allow_ta_connect()
+        .allow_ns_connect();
+
+    let manager = Manager::<_, _, 1, 4>::new_unbuffered(hwdk_rpc_server, cfg)
+        .map_err(|e| hwcrypto_err!(GENERIC_ERROR, "could not create service manager: {:?}", e))?;
+
+    manager
+        .run_event_loop()
+        .map_err(|e| hwcrypto_err!(GENERIC_ERROR, "service manager received error: {:?}", e))
+}
+
+#[cfg(test)]
+mod tests {
+    use android_hardware_security_see::aidl::android::hardware::security::see::hwcrypto::IHwCryptoKey::IHwCryptoKey;
+    use rpcbinder::RpcSession;
+    use binder::{IBinder, Strong};
+    use test::expect_eq;
+    use super::*;
+
+    #[test]
+    fn connect_server() {
+        let session: Strong<dyn IHwCryptoKey> =
+            RpcSession::new().setup_trusty_client(RUST_SERVICE_PORT).expect("Failed to connect");
+        expect_eq!(session.as_binder().ping_binder(), Ok(()));
+    }
+}
diff --git a/hwcryptohal/server/lib.rs b/hwcryptohal/server/lib.rs
new file mode 100644
index 0000000..a07e837
--- /dev/null
+++ b/hwcryptohal/server/lib.rs
@@ -0,0 +1,28 @@
+/*
+ * Copyright (C) 2024 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+//! Library implementing the different `IHwCrypto` AIDL interfaces.
+
+#![feature(c_str_literals)]
+
+pub mod hwcrypto_ipc_server;
+
+mod hwcrypto_device_key;
+
+#[cfg(test)]
+mod tests {
+    test::init!();
+}
diff --git a/hwcryptohal/server/manifest.json b/hwcryptohal/server/manifest.json
new file mode 100644
index 0000000..965452d
--- /dev/null
+++ b/hwcryptohal/server/manifest.json
@@ -0,0 +1,6 @@
+{
+    "app_name": "hwcryptohalserver_lib",
+    "uuid": "f41a7796-975a-4279-8cc4-b73f8820430d",
+    "min_heap": 118784,
+    "min_stack": 32768
+}
diff --git a/hwcryptohal/server/rules.mk b/hwcryptohal/server/rules.mk
new file mode 100644
index 0000000..64f2d29
--- /dev/null
+++ b/hwcryptohal/server/rules.mk
@@ -0,0 +1,40 @@
+# Copyright (C) 2024 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+LOCAL_DIR := $(GET_LOCAL_DIR)
+
+MODULE := $(LOCAL_DIR)
+
+MANIFEST := $(LOCAL_DIR)/manifest.json
+
+MODULE_SRCS += \
+	$(LOCAL_DIR)/lib.rs \
+
+MODULE_CRATE_NAME := hwcryptohalserver
+
+MODULE_LIBRARY_DEPS += \
+	frameworks/native/libs/binder/trusty/rust \
+	frameworks/native/libs/binder/trusty/rust/binder_rpc_server \
+	frameworks/native/libs/binder/trusty/rust/rpcbinder \
+	trusty/user/app/sample/hwcryptohal/aidl/rust  \
+	trusty/user/app/sample/hwcryptohal/common  \
+	trusty/user/base/lib/tipc/rust \
+	trusty/user/base/lib/trusty-sys \
+	$(call FIND_CRATE,log) \
+	trusty/user/base/lib/trusty-log \
+
+MODULE_RUST_TESTS := true
+
+include make/library.mk
diff --git a/usertests-inc.mk b/usertests-inc.mk
index d81dd05..59efb3d 100644
--- a/usertests-inc.mk
+++ b/usertests-inc.mk
@@ -16,6 +16,7 @@
 include trusty/user/app/sample/stats-test/usertests-inc.mk
 
 TRUSTY_USER_TESTS += \
+	trusty/user/app/sample/hwcryptohal/server/app \
 	trusty/user/app/sample/app-mgmt-test/client\
 	trusty/user/app/sample/binder-test/client \
 	trusty/user/app/sample/binder-test/service \
@@ -34,6 +35,7 @@ TRUSTY_USER_TESTS += \
 	trusty/user/app/sample/rust_no_std \
 
 TRUSTY_RUST_USER_TESTS += \
+	trusty/user/app/sample/hwcryptohal/server \
 	trusty/user/app/sample/memref-test/rust \
 	trusty/user/app/sample/rust-hello-world \