1 /*
2  * Copyright 2021, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef ANDROID_HARDWARE_IDENTITY_PRESENTATIONSESSION_H
18 #define ANDROID_HARDWARE_IDENTITY_PRESENTATIONSESSION_H
19 
20 #include <aidl/android/hardware/identity/BnPresentationSession.h>
21 #include <android/hardware/identity/support/IdentityCredentialSupport.h>
22 
23 #include <vector>
24 
25 #include <cppbor.h>
26 
27 #include "IdentityCredentialStore.h"
28 #include "SecureHardwareProxy.h"
29 
30 namespace aidl::android::hardware::identity {
31 
32 using ::aidl::android::hardware::keymaster::HardwareAuthToken;
33 using ::aidl::android::hardware::keymaster::VerificationToken;
34 using ::android::sp;
35 using ::android::hardware::identity::SecureHardwareSessionProxy;
36 using ::std::vector;
37 
38 class PresentationSession : public BnPresentationSession {
39   public:
PresentationSession(sp<SecureHardwareProxyFactory> hwProxyFactory,sp<SecureHardwareSessionProxy> hwProxy,HardwareInformation hardwareInformation)40     PresentationSession(sp<SecureHardwareProxyFactory> hwProxyFactory,
41                         sp<SecureHardwareSessionProxy> hwProxy,
42                         HardwareInformation hardwareInformation)
43         : hwProxyFactory_(std::move(hwProxyFactory)),
44           hwProxy_(std::move(hwProxy)),
45           hardwareInformation_(std::move(hardwareInformation)) {}
46 
47     virtual ~PresentationSession();
48 
49     // Creates ephemeral key and auth-challenge in TA. Returns a status code from
50     // IIdentityCredentialStore. Must be called right after construction.
51     int initialize();
52 
53     uint64_t getSessionId();
54 
55     vector<uint8_t> getSessionTranscript();
56     vector<uint8_t> getReaderEphemeralPublicKey();
57 
58     // Methods from IPresentationSession follow.
59     ndk::ScopedAStatus getEphemeralKeyPair(vector<uint8_t>* outKeyPair) override;
60     ndk::ScopedAStatus getAuthChallenge(int64_t* outChallenge) override;
61     ndk::ScopedAStatus setReaderEphemeralPublicKey(const vector<uint8_t>& publicKey) override;
62     ndk::ScopedAStatus setSessionTranscript(const vector<uint8_t>& sessionTranscript) override;
63 
64     ndk::ScopedAStatus getCredential(const vector<uint8_t>& credentialData,
65                                      shared_ptr<IIdentityCredential>* outCredential) override;
66 
67   private:
68     // Set by constructor
69     sp<SecureHardwareProxyFactory> hwProxyFactory_;
70     sp<SecureHardwareSessionProxy> hwProxy_;
71     HardwareInformation hardwareInformation_;
72 
73     // Set by initialize()
74     uint64_t id_;
75     uint64_t authChallenge_;
76 
77     // Set by getEphemeralKeyPair()
78     vector<uint8_t> ephemeralKeyPair_;
79 
80     // Set by setReaderEphemeralPublicKey()
81     vector<uint8_t> readerPublicKey_;
82 
83     // Set by setSessionTranscript()
84     vector<uint8_t> sessionTranscript_;
85 };
86 
87 }  // namespace aidl::android::hardware::identity
88 
89 #endif  // ANDROID_HARDWARE_IDENTITY_PRESENTATIONSESSION_H
90