1 /* 2 * Copyright 2020, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H 18 #define ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H 19 20 #include <libeic/libeic.h> 21 22 #include "SecureHardwareProxy.h" 23 24 namespace android::hardware::identity { 25 26 // This implementation uses libEmbeddedIC in-process. 27 // 28 class FakeSecureHardwareProvisioningProxy : public SecureHardwareProvisioningProxy { 29 public: 30 FakeSecureHardwareProvisioningProxy(); 31 virtual ~FakeSecureHardwareProvisioningProxy(); 32 33 bool initialize(bool testCredential) override; 34 35 bool initializeForUpdate(bool testCredential, string docType, 36 vector<uint8_t> encryptedCredentialKeys) override; 37 38 bool shutdown() override; 39 40 // Returns public key certificate. 41 optional<vector<uint8_t>> createCredentialKey(const vector<uint8_t>& challenge, 42 const vector<uint8_t>& applicationId) override; 43 44 bool startPersonalization(int accessControlProfileCount, vector<int> entryCounts, 45 const string& docType, 46 size_t expectedProofOfProvisioningSize) override; 47 48 // Returns MAC (28 bytes). 49 optional<vector<uint8_t>> addAccessControlProfile(int id, 50 const vector<uint8_t>& readerCertificate, 51 bool userAuthenticationRequired, 52 uint64_t timeoutMillis, 53 uint64_t secureUserId) override; 54 55 bool beginAddEntry(const vector<int>& accessControlProfileIds, const string& nameSpace, 56 const string& name, uint64_t entrySize) override; 57 58 // Returns encryptedContent. 59 optional<vector<uint8_t>> addEntryValue(const vector<int>& accessControlProfileIds, 60 const string& nameSpace, const string& name, 61 const vector<uint8_t>& content) override; 62 63 // Returns signatureOfToBeSigned (EIC_ECDSA_P256_SIGNATURE_SIZE bytes). 64 optional<vector<uint8_t>> finishAddingEntries() override; 65 66 // Returns encryptedCredentialKeys (80 bytes). 67 optional<vector<uint8_t>> finishGetCredentialData(const string& docType) override; 68 69 protected: 70 EicProvisioning ctx_; 71 }; 72 73 // This implementation uses libEmbeddedIC in-process. 74 // 75 class FakeSecureHardwarePresentationProxy : public SecureHardwarePresentationProxy { 76 public: 77 FakeSecureHardwarePresentationProxy(); 78 virtual ~FakeSecureHardwarePresentationProxy(); 79 80 bool initialize(bool testCredential, string docType, 81 vector<uint8_t> encryptedCredentialKeys) override; 82 83 // Returns publicKeyCert (1st component) and signingKeyBlob (2nd component) 84 optional<pair<vector<uint8_t>, vector<uint8_t>>> generateSigningKeyPair(string docType, 85 time_t now) override; 86 87 // Returns private key 88 optional<vector<uint8_t>> createEphemeralKeyPair() override; 89 90 optional<uint64_t> createAuthChallenge() override; 91 92 bool startRetrieveEntries() override; 93 94 bool setAuthToken(uint64_t challenge, uint64_t secureUserId, uint64_t authenticatorId, 95 int hardwareAuthenticatorType, uint64_t timeStamp, const vector<uint8_t>& mac, 96 uint64_t verificationTokenChallenge, uint64_t verificationTokenTimestamp, 97 int verificationTokenSecurityLevel, 98 const vector<uint8_t>& verificationTokenMac) override; 99 100 bool pushReaderCert(const vector<uint8_t>& certX509) override; 101 102 optional<bool> validateAccessControlProfile(int id, const vector<uint8_t>& readerCertificate, 103 bool userAuthenticationRequired, int timeoutMillis, 104 uint64_t secureUserId, 105 const vector<uint8_t>& mac) override; 106 107 bool validateRequestMessage(const vector<uint8_t>& sessionTranscript, 108 const vector<uint8_t>& requestMessage, int coseSignAlg, 109 const vector<uint8_t>& readerSignatureOfToBeSigned) override; 110 111 bool calcMacKey(const vector<uint8_t>& sessionTranscript, 112 const vector<uint8_t>& readerEphemeralPublicKey, 113 const vector<uint8_t>& signingKeyBlob, const string& docType, 114 unsigned int numNamespacesWithValues, 115 size_t expectedProofOfProvisioningSize) override; 116 117 AccessCheckResult startRetrieveEntryValue( 118 const string& nameSpace, const string& name, unsigned int newNamespaceNumEntries, 119 int32_t entrySize, const vector<int32_t>& accessControlProfileIds) override; 120 121 optional<vector<uint8_t>> retrieveEntryValue( 122 const vector<uint8_t>& encryptedContent, const string& nameSpace, const string& name, 123 const vector<int32_t>& accessControlProfileIds) override; 124 125 optional<vector<uint8_t>> finishRetrieval() override; 126 127 optional<vector<uint8_t>> deleteCredential(const string& docType, 128 const vector<uint8_t>& challenge, 129 bool includeChallenge, 130 size_t proofOfDeletionCborSize) override; 131 132 optional<vector<uint8_t>> proveOwnership(const string& docType, bool testCredential, 133 const vector<uint8_t>& challenge, 134 size_t proofOfOwnershipCborSize) override; 135 136 bool shutdown() override; 137 138 protected: 139 EicPresentation ctx_; 140 }; 141 142 // Factory implementation. 143 // 144 class FakeSecureHardwareProxyFactory : public SecureHardwareProxyFactory { 145 public: FakeSecureHardwareProxyFactory()146 FakeSecureHardwareProxyFactory() {} ~FakeSecureHardwareProxyFactory()147 virtual ~FakeSecureHardwareProxyFactory() {} 148 createProvisioningProxy()149 sp<SecureHardwareProvisioningProxy> createProvisioningProxy() override { 150 return new FakeSecureHardwareProvisioningProxy(); 151 } 152 createPresentationProxy()153 sp<SecureHardwarePresentationProxy> createPresentationProxy() override { 154 return new FakeSecureHardwarePresentationProxy(); 155 } 156 }; 157 158 } // namespace android::hardware::identity 159 160 #endif // ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H 161