blob: 6852c1a9795744f571a623b5c19a91a7c1a74d74 [file] [log] [blame]
David Zeuthen630de2a2020-05-11 14:04:54 -04001/*
2 * Copyright 2020, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H
18#define ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H
19
20#include <libeic/libeic.h>
21
22#include "SecureHardwareProxy.h"
23
24namespace android::hardware::identity {
25
26// This implementation uses libEmbeddedIC in-process.
27//
28class FakeSecureHardwareProvisioningProxy : public SecureHardwareProvisioningProxy {
29 public:
30 FakeSecureHardwareProvisioningProxy();
31 virtual ~FakeSecureHardwareProvisioningProxy();
32
33 bool initialize(bool testCredential) override;
34
David Zeuthen49f2d252020-10-16 11:27:24 -040035 bool initializeForUpdate(bool testCredential, string docType,
36 vector<uint8_t> encryptedCredentialKeys) override;
37
David Zeuthen630de2a2020-05-11 14:04:54 -040038 bool shutdown() override;
39
40 // Returns public key certificate.
41 optional<vector<uint8_t>> createCredentialKey(const vector<uint8_t>& challenge,
42 const vector<uint8_t>& applicationId) override;
43
44 bool startPersonalization(int accessControlProfileCount, vector<int> entryCounts,
45 const string& docType,
46 size_t expectedProofOfProvisioningSize) override;
47
48 // Returns MAC (28 bytes).
49 optional<vector<uint8_t>> addAccessControlProfile(int id,
50 const vector<uint8_t>& readerCertificate,
51 bool userAuthenticationRequired,
52 uint64_t timeoutMillis,
53 uint64_t secureUserId) override;
54
55 bool beginAddEntry(const vector<int>& accessControlProfileIds, const string& nameSpace,
56 const string& name, uint64_t entrySize) override;
57
58 // Returns encryptedContent.
59 optional<vector<uint8_t>> addEntryValue(const vector<int>& accessControlProfileIds,
60 const string& nameSpace, const string& name,
61 const vector<uint8_t>& content) override;
62
63 // Returns signatureOfToBeSigned (EIC_ECDSA_P256_SIGNATURE_SIZE bytes).
64 optional<vector<uint8_t>> finishAddingEntries() override;
65
66 // Returns encryptedCredentialKeys (80 bytes).
67 optional<vector<uint8_t>> finishGetCredentialData(const string& docType) override;
68
69 protected:
70 EicProvisioning ctx_;
71};
72
73// This implementation uses libEmbeddedIC in-process.
74//
75class FakeSecureHardwarePresentationProxy : public SecureHardwarePresentationProxy {
76 public:
77 FakeSecureHardwarePresentationProxy();
78 virtual ~FakeSecureHardwarePresentationProxy();
79
80 bool initialize(bool testCredential, string docType,
81 vector<uint8_t> encryptedCredentialKeys) override;
82
83 // Returns publicKeyCert (1st component) and signingKeyBlob (2nd component)
84 optional<pair<vector<uint8_t>, vector<uint8_t>>> generateSigningKeyPair(string docType,
85 time_t now) override;
86
87 // Returns private key
88 optional<vector<uint8_t>> createEphemeralKeyPair() override;
89
90 optional<uint64_t> createAuthChallenge() override;
91
92 bool startRetrieveEntries() override;
93
94 bool setAuthToken(uint64_t challenge, uint64_t secureUserId, uint64_t authenticatorId,
95 int hardwareAuthenticatorType, uint64_t timeStamp, const vector<uint8_t>& mac,
96 uint64_t verificationTokenChallenge, uint64_t verificationTokenTimestamp,
97 int verificationTokenSecurityLevel,
98 const vector<uint8_t>& verificationTokenMac) override;
99
100 bool pushReaderCert(const vector<uint8_t>& certX509) override;
101
102 optional<bool> validateAccessControlProfile(int id, const vector<uint8_t>& readerCertificate,
103 bool userAuthenticationRequired, int timeoutMillis,
104 uint64_t secureUserId,
105 const vector<uint8_t>& mac) override;
106
107 bool validateRequestMessage(const vector<uint8_t>& sessionTranscript,
108 const vector<uint8_t>& requestMessage, int coseSignAlg,
109 const vector<uint8_t>& readerSignatureOfToBeSigned) override;
110
111 bool calcMacKey(const vector<uint8_t>& sessionTranscript,
112 const vector<uint8_t>& readerEphemeralPublicKey,
113 const vector<uint8_t>& signingKeyBlob, const string& docType,
114 unsigned int numNamespacesWithValues,
115 size_t expectedProofOfProvisioningSize) override;
116
117 AccessCheckResult startRetrieveEntryValue(
118 const string& nameSpace, const string& name, unsigned int newNamespaceNumEntries,
119 int32_t entrySize, const vector<int32_t>& accessControlProfileIds) override;
120
121 optional<vector<uint8_t>> retrieveEntryValue(
122 const vector<uint8_t>& encryptedContent, const string& nameSpace, const string& name,
123 const vector<int32_t>& accessControlProfileIds) override;
124
125 optional<vector<uint8_t>> finishRetrieval() override;
126
127 optional<vector<uint8_t>> deleteCredential(const string& docType,
David Zeuthen49f2d252020-10-16 11:27:24 -0400128 const vector<uint8_t>& challenge,
129 bool includeChallenge,
David Zeuthen630de2a2020-05-11 14:04:54 -0400130 size_t proofOfDeletionCborSize) override;
131
David Zeuthen49f2d252020-10-16 11:27:24 -0400132 optional<vector<uint8_t>> proveOwnership(const string& docType, bool testCredential,
133 const vector<uint8_t>& challenge,
134 size_t proofOfOwnershipCborSize) override;
135
David Zeuthen630de2a2020-05-11 14:04:54 -0400136 bool shutdown() override;
137
138 protected:
139 EicPresentation ctx_;
140};
141
142// Factory implementation.
143//
144class FakeSecureHardwareProxyFactory : public SecureHardwareProxyFactory {
145 public:
146 FakeSecureHardwareProxyFactory() {}
147 virtual ~FakeSecureHardwareProxyFactory() {}
148
149 sp<SecureHardwareProvisioningProxy> createProvisioningProxy() override {
150 return new FakeSecureHardwareProvisioningProxy();
151 }
152
153 sp<SecureHardwarePresentationProxy> createPresentationProxy() override {
154 return new FakeSecureHardwarePresentationProxy();
155 }
156};
157
158} // namespace android::hardware::identity
159
160#endif // ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H