Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / eafa06164d1e1bafbe20562d540ab5420bb0f825 / . / identity / aidl / default / FakeSecureHardwareProxy.h
blob: b858dd409d7b79b7cf3547320cfd983ab182c267 [file] [log] [blame]
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]1/*
2 * Copyright 2020, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H
18#define ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H
19
20#include <libeic/libeic.h>
21
22#include "SecureHardwareProxy.h"
23
24namespace android::hardware::identity {
25
26// This implementation uses libEmbeddedIC in-process.
27//
28class FakeSecureHardwareProvisioningProxy : public SecureHardwareProvisioningProxy {
29 public:
30 FakeSecureHardwareProvisioningProxy();
31 virtual ~FakeSecureHardwareProvisioningProxy();
32
33 bool initialize(bool testCredential) override;
34
35 bool shutdown() override;
36
37 // Returns public key certificate.
38 optional<vector<uint8_t>> createCredentialKey(const vector<uint8_t>& challenge,
39 const vector<uint8_t>& applicationId) override;
40
41 bool startPersonalization(int accessControlProfileCount, vector<int> entryCounts,
42 const string& docType,
43 size_t expectedProofOfProvisioningSize) override;
44
45 // Returns MAC (28 bytes).
46 optional<vector<uint8_t>> addAccessControlProfile(int id,
47 const vector<uint8_t>& readerCertificate,
48 bool userAuthenticationRequired,
49 uint64_t timeoutMillis,
50 uint64_t secureUserId) override;
51
52 bool beginAddEntry(const vector<int>& accessControlProfileIds, const string& nameSpace,
53 const string& name, uint64_t entrySize) override;
54
55 // Returns encryptedContent.
56 optional<vector<uint8_t>> addEntryValue(const vector<int>& accessControlProfileIds,
57 const string& nameSpace, const string& name,
58 const vector<uint8_t>& content) override;
59
60 // Returns signatureOfToBeSigned (EIC_ECDSA_P256_SIGNATURE_SIZE bytes).
61 optional<vector<uint8_t>> finishAddingEntries() override;
62
63 // Returns encryptedCredentialKeys (80 bytes).
64 optional<vector<uint8_t>> finishGetCredentialData(const string& docType) override;
65
66 protected:
67 EicProvisioning ctx_;
68};
69
70// This implementation uses libEmbeddedIC in-process.
71//
72class FakeSecureHardwarePresentationProxy : public SecureHardwarePresentationProxy {
73 public:
74 FakeSecureHardwarePresentationProxy();
75 virtual ~FakeSecureHardwarePresentationProxy();
76
77 bool initialize(bool testCredential, string docType,
78 vector<uint8_t> encryptedCredentialKeys) override;
79
80 // Returns publicKeyCert (1st component) and signingKeyBlob (2nd component)
81 optional<pair<vector<uint8_t>, vector<uint8_t>>> generateSigningKeyPair(string docType,
82 time_t now) override;
83
84 // Returns private key
85 optional<vector<uint8_t>> createEphemeralKeyPair() override;
86
87 optional<uint64_t> createAuthChallenge() override;
88
89 bool startRetrieveEntries() override;
90
91 bool setAuthToken(uint64_t challenge, uint64_t secureUserId, uint64_t authenticatorId,
92 int hardwareAuthenticatorType, uint64_t timeStamp, const vector<uint8_t>& mac,
93 uint64_t verificationTokenChallenge, uint64_t verificationTokenTimestamp,
94 int verificationTokenSecurityLevel,
95 const vector<uint8_t>& verificationTokenMac) override;
96
97 bool pushReaderCert(const vector<uint8_t>& certX509) override;
98
99 optional<bool> validateAccessControlProfile(int id, const vector<uint8_t>& readerCertificate,
100 bool userAuthenticationRequired, int timeoutMillis,
101 uint64_t secureUserId,
102 const vector<uint8_t>& mac) override;
103
104 bool validateRequestMessage(const vector<uint8_t>& sessionTranscript,
105 const vector<uint8_t>& requestMessage, int coseSignAlg,
106 const vector<uint8_t>& readerSignatureOfToBeSigned) override;
107
108 bool calcMacKey(const vector<uint8_t>& sessionTranscript,
109 const vector<uint8_t>& readerEphemeralPublicKey,
110 const vector<uint8_t>& signingKeyBlob, const string& docType,
111 unsigned int numNamespacesWithValues,
112 size_t expectedProofOfProvisioningSize) override;
113
114 AccessCheckResult startRetrieveEntryValue(
115 const string& nameSpace, const string& name, unsigned int newNamespaceNumEntries,
116 int32_t entrySize, const vector<int32_t>& accessControlProfileIds) override;
117
118 optional<vector<uint8_t>> retrieveEntryValue(
119 const vector<uint8_t>& encryptedContent, const string& nameSpace, const string& name,
120 const vector<int32_t>& accessControlProfileIds) override;
121
122 optional<vector<uint8_t>> finishRetrieval() override;
123
124 optional<vector<uint8_t>> deleteCredential(const string& docType,
125 size_t proofOfDeletionCborSize) override;
126
127 bool shutdown() override;
128
129 protected:
130 EicPresentation ctx_;
131};
132
133// Factory implementation.
134//
135class FakeSecureHardwareProxyFactory : public SecureHardwareProxyFactory {
136 public:
137 FakeSecureHardwareProxyFactory() {}
138 virtual ~FakeSecureHardwareProxyFactory() {}
139
140 sp<SecureHardwareProvisioningProxy> createProvisioningProxy() override {
141 return new FakeSecureHardwareProvisioningProxy();
142 }
143
144 sp<SecureHardwarePresentationProxy> createPresentationProxy() override {
145 return new FakeSecureHardwarePresentationProxy();
146 }
147};
148
149} // namespace android::hardware::identity
150
151#endif // ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H