Blame - security/keymint/aidl/default/RemotelyProvisionedComponent.h - android_hardware_interfaces

blob: e8d2343091325f90532884bc071d96633a4baabb [file] [log] [blame]

Shawn Willden	274bb55	2020-09-30 22:39:22 -0600	[diff] [blame]	1	/*
				2	* Copyright (C) 2020 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
				17	#pragma once
				18
				19	#include <AndroidKeyMintDevice.h>
				20	#include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h>
				21	#include <aidl/android/hardware/security/keymint/SecurityLevel.h>
				22	#include <cppbor.h>
				23	#include <keymaster/UniquePtr.h>
				24	#include <keymaster/android_keymaster.h>
				25
				26	namespace aidl::android::hardware::security::keymint {
				27
				28	using ::ndk::ScopedAStatus;
				29
				30	class RemotelyProvisionedComponent : public BnRemotelyProvisionedComponent {
				31	public:
				32	explicit RemotelyProvisionedComponent(std::shared_ptr<keymint::AndroidKeyMintDevice> keymint);
				33	virtual ~RemotelyProvisionedComponent();
				34
				35	ScopedAStatus generateEcdsaP256KeyPair(bool testMode, MacedPublicKey* macedPublicKey,
				36	std::vector<uint8_t>* privateKeyHandle) override;
				37
				38	ScopedAStatus generateCertificateRequest(bool testMode,
				39	const std::vector<MacedPublicKey>& keysToSign,
				40	const std::vector<uint8_t>& endpointEncCertChain,
				41	const std::vector<uint8_t>& challenge,
				42	std::vector<uint8_t>* keysToSignMac,
				43	ProtectedData* protectedData) override;
				44
				45	private:
				46	// TODO(swillden): Move these into an appropriate Context class.
				47	std::vector<uint8_t> deriveBytesFromHbk(const std::string& context, size_t numBytes) const;
				48	std::vector<uint8_t> createDeviceInfo() const;
				49	std::pair<std::vector<uint8_t>, cppbor::Array> generateBcc();
				50
				51	std::vector<uint8_t> macKey_ = deriveBytesFromHbk("Key to MAC public keys", 32);
				52	std::vector<uint8_t> devicePrivKey_;
				53	cppbor::Array bcc_;
				54	std::shared_ptr<::keymaster::AndroidKeymaster> impl_;
				55	};
				56
				57	} // namespace aidl::android::hardware::security::keymint