/* * Copyright 2020, The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #ifndef ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H #define ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H #include #include "SecureHardwareProxy.h" namespace android::hardware::identity { // This implementation uses libEmbeddedIC in-process. // class FakeSecureHardwareProvisioningProxy : public SecureHardwareProvisioningProxy { public: FakeSecureHardwareProvisioningProxy() = default; virtual ~FakeSecureHardwareProvisioningProxy(); bool initialize(bool testCredential) override; bool initializeForUpdate(bool testCredential, const string& docType, const vector& encryptedCredentialKeys) override; bool shutdown() override; optional getId() override; // Returns public key certificate. optional> createCredentialKey(const vector& challenge, const vector& applicationId) override; optional> createCredentialKeyUsingRkp( const vector& challenge, const vector& applicationId, const vector& attestationKeyBlob, const vector& attestationKeyCert) override; bool startPersonalization(int accessControlProfileCount, const vector& entryCounts, const string& docType, size_t expectedProofOfProvisioningSize) override; // Returns MAC (28 bytes). optional> addAccessControlProfile(int id, const vector& readerCertificate, bool userAuthenticationRequired, uint64_t timeoutMillis, uint64_t secureUserId) override; bool beginAddEntry(const vector& accessControlProfileIds, const string& nameSpace, const string& name, uint64_t entrySize) override; // Returns encryptedContent. optional> addEntryValue(const vector& accessControlProfileIds, const string& nameSpace, const string& name, const vector& content) override; // Returns signatureOfToBeSigned (EIC_ECDSA_P256_SIGNATURE_SIZE bytes). optional> finishAddingEntries() override; // Returns encryptedCredentialKeys (80 bytes). optional> finishGetCredentialData(const string& docType) override; protected: // See docs for id_. // bool validateId(const string& callerName); // We use a singleton libeic object, shared by all proxy instances. This is to // properly simulate a situation where libeic is used on constrained hardware // with only enough RAM for a single instance of the libeic object. // static EicProvisioning ctx_; // On the HAL side we keep track of the ID that was assigned to the libeic object // created in secure hardware. For every call into libeic we validate that this // identifier matches what is on the secure side. This is what the validateId() // method does. // uint32_t id_ = 0; }; // This implementation uses libEmbeddedIC in-process. // class FakeSecureHardwareSessionProxy : public SecureHardwareSessionProxy { public: FakeSecureHardwareSessionProxy() = default; virtual ~FakeSecureHardwareSessionProxy(); bool initialize() override; bool shutdown() override; optional getId() override; optional getAuthChallenge() override; // Returns private key optional> getEphemeralKeyPair() override; bool setReaderEphemeralPublicKey(const vector& readerEphemeralPublicKey) override; bool setSessionTranscript(const vector& sessionTranscript) override; protected: // See docs for id_. // bool validateId(const string& callerName); // We use a singleton libeic object, shared by all proxy instances. This is to // properly simulate a situation where libeic is used on constrained hardware // with only enough RAM for a single instance of the libeic object. // static EicSession ctx_; // On the HAL side we keep track of the ID that was assigned to the libeic object // created in secure hardware. For every call into libeic we validate that this // identifier matches what is on the secure side. This is what the validateId() // method does. // uint32_t id_ = 0; }; // This implementation uses libEmbeddedIC in-process. // class FakeSecureHardwarePresentationProxy : public SecureHardwarePresentationProxy { public: FakeSecureHardwarePresentationProxy() = default; virtual ~FakeSecureHardwarePresentationProxy(); bool initialize(uint32_t sessionId, bool testCredential, const string& docType, const vector& encryptedCredentialKeys) override; bool shutdown() override; optional getId() override; // Returns publicKeyCert (1st component) and signingKeyBlob (2nd component) optional, vector>> generateSigningKeyPair(const string& docType, time_t now) override; // Returns private key optional> createEphemeralKeyPair() override; optional createAuthChallenge() override; bool startRetrieveEntries() override; bool setAuthToken(uint64_t challenge, uint64_t secureUserId, uint64_t authenticatorId, int hardwareAuthenticatorType, uint64_t timeStamp, const vector& mac, uint64_t verificationTokenChallenge, uint64_t verificationTokenTimestamp, int verificationTokenSecurityLevel, const vector& verificationTokenMac) override; bool pushReaderCert(const vector& certX509) override; optional validateAccessControlProfile(int id, const vector& readerCertificate, bool userAuthenticationRequired, int timeoutMillis, uint64_t secureUserId, const vector& mac) override; bool validateRequestMessage(const vector& sessionTranscript, const vector& requestMessage, int coseSignAlg, const vector& readerSignatureOfToBeSigned) override; bool prepareDeviceAuthentication(const vector& sessionTranscript, const vector& readerEphemeralPublicKey, const vector& signingKeyBlob, const string& docType, unsigned int numNamespacesWithValues, size_t expectedDeviceNamespacesSize) override; AccessCheckResult startRetrieveEntryValue( const string& nameSpace, const string& name, unsigned int newNamespaceNumEntries, int32_t entrySize, const vector& accessControlProfileIds) override; optional> retrieveEntryValue( const vector& encryptedContent, const string& nameSpace, const string& name, const vector& accessControlProfileIds) override; optional> finishRetrieval() override; optional, vector>> finishRetrievalWithSignature() override; optional> deleteCredential(const string& docType, const vector& challenge, bool includeChallenge, size_t proofOfDeletionCborSize) override; optional> proveOwnership(const string& docType, bool testCredential, const vector& challenge, size_t proofOfOwnershipCborSize) override; protected: // See docs for id_. // bool validateId(const string& callerName); // We use a singleton libeic object, shared by all proxy instances. This is to // properly simulate a situation where libeic is used on constrained hardware // with only enough RAM for a single instance of the libeic object. // static EicPresentation ctx_; // On the HAL side we keep track of the ID that was assigned to the libeic object // created in secure hardware. For every call into libeic we validate that this // identifier matches what is on the secure side. This is what the validateId() // method does. // uint32_t id_ = 0; }; // Factory implementation. // class FakeSecureHardwareProxyFactory : public SecureHardwareProxyFactory { public: FakeSecureHardwareProxyFactory() {} virtual ~FakeSecureHardwareProxyFactory() {} sp createProvisioningProxy() override { return new FakeSecureHardwareProvisioningProxy(); } sp createSessionProxy() override { return new FakeSecureHardwareSessionProxy(); } sp createPresentationProxy() override { return new FakeSecureHardwarePresentationProxy(); } }; } // namespace android::hardware::identity #endif // ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H