1 /*
2  * Copyright 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <hardware/keymaster_defs.h>
20 #include <keymaster/remote_provisioning_context.h>
21 
22 #include <cppbor.h>
23 
24 #include <cstdint>
25 #include <mutex>
26 #include <string>
27 #include <string_view>
28 #include <vector>
29 
30 namespace keymaster {
31 
32 /**
33  * SoftKeymasterContext provides the context for a non-secure implementation of AndroidKeymaster.
34  */
35 class PureSoftRemoteProvisioningContext : public RemoteProvisioningContext {
36   public:
37     explicit PureSoftRemoteProvisioningContext(keymaster_security_level_t security_level);
38     ~PureSoftRemoteProvisioningContext() override = default;
39     std::vector<uint8_t> DeriveBytesFromHbk(const std::string& context,
40                                             size_t numBytes) const override;
41     std::unique_ptr<cppbor::Map> CreateDeviceInfo(uint32_t csrVersion) const override;
42     cppcose::ErrMsgOr<std::vector<uint8_t>>
43     BuildProtectedDataPayload(bool isTestMode,                     //
44                               const std::vector<uint8_t>& macKey,  //
45                               const std::vector<uint8_t>& aad) const override;
46     std::optional<cppcose::HmacSha256>
47     GenerateHmacSha256(const cppcose::bytevec& input) const override;
48     void GetHwInfo(GetHwInfoResponse* hwInfo) const override;
49     cppcose::ErrMsgOr<cppbor::Array> BuildCsr(const std::vector<uint8_t>& challenge,
50                                               cppbor::Array keysToSign) const override;
51 
52     void SetSystemVersion(uint32_t os_version, uint32_t os_patchlevel);
53     void SetVendorPatchlevel(uint32_t vendor_patchlevel);
54     void SetBootPatchlevel(uint32_t boot_patchlevel);
55     void SetVerifiedBootInfo(std::string_view boot_state, std::string_view bootloader_state,
56                              const std::vector<uint8_t>& vbmeta_digest);
57 
58   private:
59     // Initialize the BCC if it has not yet happened.
60     void LazyInitProdBcc() const;
61 
62     std::pair<std::vector<uint8_t>, cppbor::Array> GenerateBcc(bool testMode) const;
63 
64     keymaster_security_level_t security_level_;
65     std::optional<uint32_t> os_version_;
66     std::optional<uint32_t> os_patchlevel_;
67     std::optional<uint32_t> vendor_patchlevel_;
68     std::optional<uint32_t> boot_patchlevel_;
69     std::optional<std::string> verified_boot_state_;
70     std::optional<std::string> bootloader_state_;
71     std::optional<std::vector<uint8_t>> vbmeta_digest_;
72 
73     mutable std::once_flag bccInitFlag_;
74 
75     // Always call LazyInitProdBcc before accessing these values, as they are
76     // lazy-initialized.
77     mutable std::vector<uint8_t> devicePrivKey_;
78     mutable cppbor::Array bcc_;
79 };
80 
81 }  // namespace keymaster
82