Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / refs/heads/android-15 / . / identity / aidl / default / FakeSecureHardwareProxy.h
blob: b56ab9344c964e0754051a9e5f688fc5a23dbd46 [file] [log] [blame]
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]1/*
2 * Copyright 2020, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H
18#define ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H
19
20#include <libeic/libeic.h>
21
22#include "SecureHardwareProxy.h"
23
24namespace android::hardware::identity {
25
26// This implementation uses libEmbeddedIC in-process.
27//
28class FakeSecureHardwareProvisioningProxy : public SecureHardwareProvisioningProxy {
29 public:
David Zeuthen1eb12b22021-09-11 13:59:43 -0400[diff] [blame]30 FakeSecureHardwareProvisioningProxy() = default;
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]31 virtual ~FakeSecureHardwareProvisioningProxy();
32
33 bool initialize(bool testCredential) override;
34
David Zeuthen1eb12b22021-09-11 13:59:43 -0400[diff] [blame]35 bool initializeForUpdate(bool testCredential, const string& docType,
36 const vector<uint8_t>& encryptedCredentialKeys) override;
David Zeuthen49f2d252020-10-16 11:27:24 -0400[diff] [blame]37
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]38 bool shutdown() override;
39
David Zeuthen1eb12b22021-09-11 13:59:43 -0400[diff] [blame]40 optional<uint32_t> getId() override;
41
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]42 // Returns public key certificate.
43 optional<vector<uint8_t>> createCredentialKey(const vector<uint8_t>& challenge,
44 const vector<uint8_t>& applicationId) override;
45
Seth Moore1bf823c2022-01-25 23:04:37 +0000[diff] [blame]46 optional<vector<uint8_t>> createCredentialKeyUsingRkp(
47 const vector<uint8_t>& challenge, const vector<uint8_t>& applicationId,
48 const vector<uint8_t>& attestationKeyBlob,
49 const vector<uint8_t>& attestationKeyCert) override;
50
David Zeuthen1eb12b22021-09-11 13:59:43 -0400[diff] [blame]51 bool startPersonalization(int accessControlProfileCount, const vector<int>& entryCounts,
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]52 const string& docType,
53 size_t expectedProofOfProvisioningSize) override;
54
55 // Returns MAC (28 bytes).
56 optional<vector<uint8_t>> addAccessControlProfile(int id,
57 const vector<uint8_t>& readerCertificate,
58 bool userAuthenticationRequired,
59 uint64_t timeoutMillis,
60 uint64_t secureUserId) override;
61
62 bool beginAddEntry(const vector<int>& accessControlProfileIds, const string& nameSpace,
63 const string& name, uint64_t entrySize) override;
64
65 // Returns encryptedContent.
66 optional<vector<uint8_t>> addEntryValue(const vector<int>& accessControlProfileIds,
67 const string& nameSpace, const string& name,
68 const vector<uint8_t>& content) override;
69
70 // Returns signatureOfToBeSigned (EIC_ECDSA_P256_SIGNATURE_SIZE bytes).
71 optional<vector<uint8_t>> finishAddingEntries() override;
72
73 // Returns encryptedCredentialKeys (80 bytes).
74 optional<vector<uint8_t>> finishGetCredentialData(const string& docType) override;
75
76 protected:
David Zeuthen1eb12b22021-09-11 13:59:43 -0400[diff] [blame]77 // See docs for id_.
78 //
79 bool validateId(const string& callerName);
80
81 // We use a singleton libeic object, shared by all proxy instances. This is to
82 // properly simulate a situation where libeic is used on constrained hardware
83 // with only enough RAM for a single instance of the libeic object.
84 //
85 static EicProvisioning ctx_;
86
87 // On the HAL side we keep track of the ID that was assigned to the libeic object
88 // created in secure hardware. For every call into libeic we validate that this
89 // identifier matches what is on the secure side. This is what the validateId()
90 // method does.
91 //
92 uint32_t id_ = 0;
93};
94
95// This implementation uses libEmbeddedIC in-process.
96//
97class FakeSecureHardwareSessionProxy : public SecureHardwareSessionProxy {
98 public:
99 FakeSecureHardwareSessionProxy() = default;
100 virtual ~FakeSecureHardwareSessionProxy();
101
102 bool initialize() override;
103
104 bool shutdown() override;
105
106 optional<uint32_t> getId() override;
107
108 optional<uint64_t> getAuthChallenge() override;
109
110 // Returns private key
111 optional<vector<uint8_t>> getEphemeralKeyPair() override;
112
113 bool setReaderEphemeralPublicKey(const vector<uint8_t>& readerEphemeralPublicKey) override;
114
115 bool setSessionTranscript(const vector<uint8_t>& sessionTranscript) override;
116
117 protected:
118 // See docs for id_.
119 //
120 bool validateId(const string& callerName);
121
122 // We use a singleton libeic object, shared by all proxy instances. This is to
123 // properly simulate a situation where libeic is used on constrained hardware
124 // with only enough RAM for a single instance of the libeic object.
125 //
126 static EicSession ctx_;
127
128 // On the HAL side we keep track of the ID that was assigned to the libeic object
129 // created in secure hardware. For every call into libeic we validate that this
130 // identifier matches what is on the secure side. This is what the validateId()
131 // method does.
132 //
133 uint32_t id_ = 0;
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]134};
135
136// This implementation uses libEmbeddedIC in-process.
137//
138class FakeSecureHardwarePresentationProxy : public SecureHardwarePresentationProxy {
139 public:
David Zeuthen1eb12b22021-09-11 13:59:43 -0400[diff] [blame]140 FakeSecureHardwarePresentationProxy() = default;
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]141 virtual ~FakeSecureHardwarePresentationProxy();
142
David Zeuthen1eb12b22021-09-11 13:59:43 -0400[diff] [blame]143 bool initialize(uint32_t sessionId, bool testCredential, const string& docType,
144 const vector<uint8_t>& encryptedCredentialKeys) override;
145
146 bool shutdown() override;
147
148 optional<uint32_t> getId() override;
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]149
150 // Returns publicKeyCert (1st component) and signingKeyBlob (2nd component)
David Zeuthen1eb12b22021-09-11 13:59:43 -0400[diff] [blame]151 optional<pair<vector<uint8_t>, vector<uint8_t>>> generateSigningKeyPair(const string& docType,
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]152 time_t now) override;
153
154 // Returns private key
155 optional<vector<uint8_t>> createEphemeralKeyPair() override;
156
157 optional<uint64_t> createAuthChallenge() override;
158
159 bool startRetrieveEntries() override;
160
161 bool setAuthToken(uint64_t challenge, uint64_t secureUserId, uint64_t authenticatorId,
162 int hardwareAuthenticatorType, uint64_t timeStamp, const vector<uint8_t>& mac,
163 uint64_t verificationTokenChallenge, uint64_t verificationTokenTimestamp,
164 int verificationTokenSecurityLevel,
165 const vector<uint8_t>& verificationTokenMac) override;
166
167 bool pushReaderCert(const vector<uint8_t>& certX509) override;
168
169 optional<bool> validateAccessControlProfile(int id, const vector<uint8_t>& readerCertificate,
170 bool userAuthenticationRequired, int timeoutMillis,
171 uint64_t secureUserId,
172 const vector<uint8_t>& mac) override;
173
174 bool validateRequestMessage(const vector<uint8_t>& sessionTranscript,
175 const vector<uint8_t>& requestMessage, int coseSignAlg,
176 const vector<uint8_t>& readerSignatureOfToBeSigned) override;
177
David Zeuthenf3e06002022-10-04 13:17:14 -0400[diff] [blame]178 bool prepareDeviceAuthentication(const vector<uint8_t>& sessionTranscript,
179 const vector<uint8_t>& readerEphemeralPublicKey,
180 const vector<uint8_t>& signingKeyBlob, const string& docType,
181 unsigned int numNamespacesWithValues,
182 size_t expectedDeviceNamespacesSize) override;
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]183
184 AccessCheckResult startRetrieveEntryValue(
185 const string& nameSpace, const string& name, unsigned int newNamespaceNumEntries,
186 int32_t entrySize, const vector<int32_t>& accessControlProfileIds) override;
187
188 optional<vector<uint8_t>> retrieveEntryValue(
189 const vector<uint8_t>& encryptedContent, const string& nameSpace, const string& name,
190 const vector<int32_t>& accessControlProfileIds) override;
191
192 optional<vector<uint8_t>> finishRetrieval() override;
193
David Zeuthenf3e06002022-10-04 13:17:14 -0400[diff] [blame]194 optional<pair<vector<uint8_t>, vector<uint8_t>>> finishRetrievalWithSignature() override;
195
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]196 optional<vector<uint8_t>> deleteCredential(const string& docType,
David Zeuthen49f2d252020-10-16 11:27:24 -0400[diff] [blame]197 const vector<uint8_t>& challenge,
198 bool includeChallenge,
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]199 size_t proofOfDeletionCborSize) override;
200
David Zeuthen49f2d252020-10-16 11:27:24 -0400[diff] [blame]201 optional<vector<uint8_t>> proveOwnership(const string& docType, bool testCredential,
202 const vector<uint8_t>& challenge,
203 size_t proofOfOwnershipCborSize) override;
204
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]205 protected:
David Zeuthen1eb12b22021-09-11 13:59:43 -0400[diff] [blame]206 // See docs for id_.
207 //
208 bool validateId(const string& callerName);
209
210 // We use a singleton libeic object, shared by all proxy instances. This is to
211 // properly simulate a situation where libeic is used on constrained hardware
212 // with only enough RAM for a single instance of the libeic object.
213 //
214 static EicPresentation ctx_;
215
216 // On the HAL side we keep track of the ID that was assigned to the libeic object
217 // created in secure hardware. For every call into libeic we validate that this
218 // identifier matches what is on the secure side. This is what the validateId()
219 // method does.
220 //
221 uint32_t id_ = 0;
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]222};
223
224// Factory implementation.
225//
226class FakeSecureHardwareProxyFactory : public SecureHardwareProxyFactory {
227 public:
228 FakeSecureHardwareProxyFactory() {}
229 virtual ~FakeSecureHardwareProxyFactory() {}
230
231 sp<SecureHardwareProvisioningProxy> createProvisioningProxy() override {
232 return new FakeSecureHardwareProvisioningProxy();
233 }
234
David Zeuthen1eb12b22021-09-11 13:59:43 -0400[diff] [blame]235 sp<SecureHardwareSessionProxy> createSessionProxy() override {
236 return new FakeSecureHardwareSessionProxy();
237 }
238
David Zeuthen630de2a2020-05-11 14:04:54 -0400[diff] [blame]239 sp<SecureHardwarePresentationProxy> createPresentationProxy() override {
240 return new FakeSecureHardwarePresentationProxy();
241 }
242};
243
244} // namespace android::hardware::identity
245
246#endif // ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H