/* * Copyright 2020, The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ /****************************************************************************** * * The original Work has been changed by NXP. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Copyright 2022-2023 NXP * ******************************************************************************/ #pragma once #include "CborConverter.h" #include "JavacardSecureElement.h" #include #include #include #include namespace aidl::android::hardware::security::keymint { using cppbor::Item; using ::keymint::javacard::CborConverter; using ::keymint::javacard::JavacardSecureElement; using ndk::ScopedAStatus; using secureclock::TimeStampToken; using std::optional; using std::shared_ptr; using std::vector; class JavacardKeyMintDevice : public BnKeyMintDevice { public: explicit JavacardKeyMintDevice(shared_ptr card) : securitylevel_(SecurityLevel::STRONGBOX), card_(std::move(card)), isEarlyBootEventPending(true) { card_->initializeJavacard(); } virtual ~JavacardKeyMintDevice() {} // Methods from ::ndk::ICInterface follow. binder_status_t dump(int fd, const char** args, uint32_t num_args) override; ScopedAStatus getHardwareInfo(KeyMintHardwareInfo* info) override; ScopedAStatus addRngEntropy(const vector& data) override; ScopedAStatus generateKey(const vector& keyParams, const optional& attestationKey, KeyCreationResult* creationResult) override; ScopedAStatus importKey(const vector& keyParams, KeyFormat keyFormat, const vector& keyData, const optional& attestationKey, KeyCreationResult* creationResult) override; ScopedAStatus importWrappedKey(const vector& wrappedKeyData, const vector& wrappingKeyBlob, const vector& maskingKey, const vector& unwrappingParams, int64_t passwordSid, int64_t biometricSid, KeyCreationResult* creationResult) override; ScopedAStatus upgradeKey(const vector& keyBlobToUpgrade, const vector& upgradeParams, vector* keyBlob) override; ScopedAStatus deleteKey(const vector& keyBlob) override; ScopedAStatus deleteAllKeys() override; ScopedAStatus destroyAttestationIds() override; virtual ScopedAStatus begin(KeyPurpose in_purpose, const std::vector& in_keyBlob, const std::vector& in_params, const std::optional& in_authToken, BeginResult* _aidl_return) override; ScopedAStatus deviceLocked(bool passwordOnly, const optional& timestampToken) override; ScopedAStatus earlyBootEnded() override; ScopedAStatus getKeyCharacteristics(const std::vector& in_keyBlob, const std::vector& in_appId, const std::vector& in_appData, std::vector* _aidl_return) override; ScopedAStatus convertStorageKeyToEphemeral(const std::vector& storageKeyBlob, std::vector* ephemeralKeyBlob) override; ScopedAStatus getRootOfTrustChallenge(std::array* _aidl_return) override; ScopedAStatus getRootOfTrust(const std::array& in_challenge, std::vector* _aidl_return) override; ScopedAStatus sendRootOfTrust(const std::vector& in_rootOfTrust) override; private: keymaster_error_t parseWrappedKey(const vector& wrappedKeyData, std::vector& iv, std::vector& transitKey, std::vector& secureKey, std::vector& tag, vector& authList, KeyFormat& keyFormat, std::vector& wrappedKeyDescription); std::tuple, keymaster_error_t> sendBeginImportWrappedKeyCmd( const std::vector& transitKey, const std::vector& wrappingKeyBlob, const std::vector& maskingKey, const vector& unwrappingParams); std::tuple, keymaster_error_t> sendFinishImportWrappedKeyCmd(const vector& keyParams, KeyFormat keyFormat, const std::vector& secureKey, const std::vector& tag, const std::vector& iv, const std::vector& wrappedKeyDescription, int64_t passwordSid, int64_t biometricSid); ScopedAStatus defaultHwInfo(KeyMintHardwareInfo* info); void handleSendEarlyBootEndedEvent(); const SecurityLevel securitylevel_; const shared_ptr card_; CborConverter cbor_; bool isEarlyBootEventPending; }; } // namespace aidl::android::hardware::security::keymint