1 /* 2 * Copyright 2020, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H 18 #define ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H 19 20 #include <libeic/libeic.h> 21 22 #include "SecureHardwareProxy.h" 23 24 namespace android::hardware::identity { 25 26 // This implementation uses libEmbeddedIC in-process. 27 // 28 class FakeSecureHardwareProvisioningProxy : public SecureHardwareProvisioningProxy { 29 public: 30 FakeSecureHardwareProvisioningProxy() = default; 31 virtual ~FakeSecureHardwareProvisioningProxy(); 32 33 bool initialize(bool testCredential) override; 34 35 bool initializeForUpdate(bool testCredential, const string& docType, 36 const vector<uint8_t>& encryptedCredentialKeys) override; 37 38 bool shutdown() override; 39 40 optional<uint32_t> getId() override; 41 42 // Returns public key certificate. 43 optional<vector<uint8_t>> createCredentialKey(const vector<uint8_t>& challenge, 44 const vector<uint8_t>& applicationId) override; 45 46 optional<vector<uint8_t>> createCredentialKeyUsingRkp( 47 const vector<uint8_t>& challenge, const vector<uint8_t>& applicationId, 48 const vector<uint8_t>& attestationKeyBlob, 49 const vector<uint8_t>& attestationKeyCert) override; 50 51 bool startPersonalization(int accessControlProfileCount, const vector<int>& entryCounts, 52 const string& docType, 53 size_t expectedProofOfProvisioningSize) override; 54 55 // Returns MAC (28 bytes). 56 optional<vector<uint8_t>> addAccessControlProfile(int id, 57 const vector<uint8_t>& readerCertificate, 58 bool userAuthenticationRequired, 59 uint64_t timeoutMillis, 60 uint64_t secureUserId) override; 61 62 bool beginAddEntry(const vector<int>& accessControlProfileIds, const string& nameSpace, 63 const string& name, uint64_t entrySize) override; 64 65 // Returns encryptedContent. 66 optional<vector<uint8_t>> addEntryValue(const vector<int>& accessControlProfileIds, 67 const string& nameSpace, const string& name, 68 const vector<uint8_t>& content) override; 69 70 // Returns signatureOfToBeSigned (EIC_ECDSA_P256_SIGNATURE_SIZE bytes). 71 optional<vector<uint8_t>> finishAddingEntries() override; 72 73 // Returns encryptedCredentialKeys (80 bytes). 74 optional<vector<uint8_t>> finishGetCredentialData(const string& docType) override; 75 76 protected: 77 // See docs for id_. 78 // 79 bool validateId(const string& callerName); 80 81 // We use a singleton libeic object, shared by all proxy instances. This is to 82 // properly simulate a situation where libeic is used on constrained hardware 83 // with only enough RAM for a single instance of the libeic object. 84 // 85 static EicProvisioning ctx_; 86 87 // On the HAL side we keep track of the ID that was assigned to the libeic object 88 // created in secure hardware. For every call into libeic we validate that this 89 // identifier matches what is on the secure side. This is what the validateId() 90 // method does. 91 // 92 uint32_t id_ = 0; 93 }; 94 95 // This implementation uses libEmbeddedIC in-process. 96 // 97 class FakeSecureHardwareSessionProxy : public SecureHardwareSessionProxy { 98 public: 99 FakeSecureHardwareSessionProxy() = default; 100 virtual ~FakeSecureHardwareSessionProxy(); 101 102 bool initialize() override; 103 104 bool shutdown() override; 105 106 optional<uint32_t> getId() override; 107 108 optional<uint64_t> getAuthChallenge() override; 109 110 // Returns private key 111 optional<vector<uint8_t>> getEphemeralKeyPair() override; 112 113 bool setReaderEphemeralPublicKey(const vector<uint8_t>& readerEphemeralPublicKey) override; 114 115 bool setSessionTranscript(const vector<uint8_t>& sessionTranscript) override; 116 117 protected: 118 // See docs for id_. 119 // 120 bool validateId(const string& callerName); 121 122 // We use a singleton libeic object, shared by all proxy instances. This is to 123 // properly simulate a situation where libeic is used on constrained hardware 124 // with only enough RAM for a single instance of the libeic object. 125 // 126 static EicSession ctx_; 127 128 // On the HAL side we keep track of the ID that was assigned to the libeic object 129 // created in secure hardware. For every call into libeic we validate that this 130 // identifier matches what is on the secure side. This is what the validateId() 131 // method does. 132 // 133 uint32_t id_ = 0; 134 }; 135 136 // This implementation uses libEmbeddedIC in-process. 137 // 138 class FakeSecureHardwarePresentationProxy : public SecureHardwarePresentationProxy { 139 public: 140 FakeSecureHardwarePresentationProxy() = default; 141 virtual ~FakeSecureHardwarePresentationProxy(); 142 143 bool initialize(uint32_t sessionId, bool testCredential, const string& docType, 144 const vector<uint8_t>& encryptedCredentialKeys) override; 145 146 bool shutdown() override; 147 148 optional<uint32_t> getId() override; 149 150 // Returns publicKeyCert (1st component) and signingKeyBlob (2nd component) 151 optional<pair<vector<uint8_t>, vector<uint8_t>>> generateSigningKeyPair(const string& docType, 152 time_t now) override; 153 154 // Returns private key 155 optional<vector<uint8_t>> createEphemeralKeyPair() override; 156 157 optional<uint64_t> createAuthChallenge() override; 158 159 bool startRetrieveEntries() override; 160 161 bool setAuthToken(uint64_t challenge, uint64_t secureUserId, uint64_t authenticatorId, 162 int hardwareAuthenticatorType, uint64_t timeStamp, const vector<uint8_t>& mac, 163 uint64_t verificationTokenChallenge, uint64_t verificationTokenTimestamp, 164 int verificationTokenSecurityLevel, 165 const vector<uint8_t>& verificationTokenMac) override; 166 167 bool pushReaderCert(const vector<uint8_t>& certX509) override; 168 169 optional<bool> validateAccessControlProfile(int id, const vector<uint8_t>& readerCertificate, 170 bool userAuthenticationRequired, int timeoutMillis, 171 uint64_t secureUserId, 172 const vector<uint8_t>& mac) override; 173 174 bool validateRequestMessage(const vector<uint8_t>& sessionTranscript, 175 const vector<uint8_t>& requestMessage, int coseSignAlg, 176 const vector<uint8_t>& readerSignatureOfToBeSigned) override; 177 178 bool prepareDeviceAuthentication(const vector<uint8_t>& sessionTranscript, 179 const vector<uint8_t>& readerEphemeralPublicKey, 180 const vector<uint8_t>& signingKeyBlob, const string& docType, 181 unsigned int numNamespacesWithValues, 182 size_t expectedDeviceNamespacesSize) override; 183 184 AccessCheckResult startRetrieveEntryValue( 185 const string& nameSpace, const string& name, unsigned int newNamespaceNumEntries, 186 int32_t entrySize, const vector<int32_t>& accessControlProfileIds) override; 187 188 optional<vector<uint8_t>> retrieveEntryValue( 189 const vector<uint8_t>& encryptedContent, const string& nameSpace, const string& name, 190 const vector<int32_t>& accessControlProfileIds) override; 191 192 optional<vector<uint8_t>> finishRetrieval() override; 193 194 optional<pair<vector<uint8_t>, vector<uint8_t>>> finishRetrievalWithSignature() override; 195 196 optional<vector<uint8_t>> deleteCredential(const string& docType, 197 const vector<uint8_t>& challenge, 198 bool includeChallenge, 199 size_t proofOfDeletionCborSize) override; 200 201 optional<vector<uint8_t>> proveOwnership(const string& docType, bool testCredential, 202 const vector<uint8_t>& challenge, 203 size_t proofOfOwnershipCborSize) override; 204 205 protected: 206 // See docs for id_. 207 // 208 bool validateId(const string& callerName); 209 210 // We use a singleton libeic object, shared by all proxy instances. This is to 211 // properly simulate a situation where libeic is used on constrained hardware 212 // with only enough RAM for a single instance of the libeic object. 213 // 214 static EicPresentation ctx_; 215 216 // On the HAL side we keep track of the ID that was assigned to the libeic object 217 // created in secure hardware. For every call into libeic we validate that this 218 // identifier matches what is on the secure side. This is what the validateId() 219 // method does. 220 // 221 uint32_t id_ = 0; 222 }; 223 224 // Factory implementation. 225 // 226 class FakeSecureHardwareProxyFactory : public SecureHardwareProxyFactory { 227 public: FakeSecureHardwareProxyFactory()228 FakeSecureHardwareProxyFactory() {} ~FakeSecureHardwareProxyFactory()229 virtual ~FakeSecureHardwareProxyFactory() {} 230 createProvisioningProxy()231 sp<SecureHardwareProvisioningProxy> createProvisioningProxy() override { 232 return new FakeSecureHardwareProvisioningProxy(); 233 } 234 createSessionProxy()235 sp<SecureHardwareSessionProxy> createSessionProxy() override { 236 return new FakeSecureHardwareSessionProxy(); 237 } 238 createPresentationProxy()239 sp<SecureHardwarePresentationProxy> createPresentationProxy() override { 240 return new FakeSecureHardwarePresentationProxy(); 241 } 242 }; 243 244 } // namespace android::hardware::identity 245 246 #endif // ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H 247