1*4d7e907cSAndroid Build Coastguard Worker /* 2*4d7e907cSAndroid Build Coastguard Worker * Copyright 2020, The Android Open Source Project 3*4d7e907cSAndroid Build Coastguard Worker * 4*4d7e907cSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*4d7e907cSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*4d7e907cSAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*4d7e907cSAndroid Build Coastguard Worker * 8*4d7e907cSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*4d7e907cSAndroid Build Coastguard Worker * 10*4d7e907cSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*4d7e907cSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*4d7e907cSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*4d7e907cSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*4d7e907cSAndroid Build Coastguard Worker * limitations under the License. 15*4d7e907cSAndroid Build Coastguard Worker */ 16*4d7e907cSAndroid Build Coastguard Worker 17*4d7e907cSAndroid Build Coastguard Worker #ifndef ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H 18*4d7e907cSAndroid Build Coastguard Worker #define ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H 19*4d7e907cSAndroid Build Coastguard Worker 20*4d7e907cSAndroid Build Coastguard Worker #include <libeic/libeic.h> 21*4d7e907cSAndroid Build Coastguard Worker 22*4d7e907cSAndroid Build Coastguard Worker #include "SecureHardwareProxy.h" 23*4d7e907cSAndroid Build Coastguard Worker 24*4d7e907cSAndroid Build Coastguard Worker namespace android::hardware::identity { 25*4d7e907cSAndroid Build Coastguard Worker 26*4d7e907cSAndroid Build Coastguard Worker // This implementation uses libEmbeddedIC in-process. 27*4d7e907cSAndroid Build Coastguard Worker // 28*4d7e907cSAndroid Build Coastguard Worker class FakeSecureHardwareProvisioningProxy : public SecureHardwareProvisioningProxy { 29*4d7e907cSAndroid Build Coastguard Worker public: 30*4d7e907cSAndroid Build Coastguard Worker FakeSecureHardwareProvisioningProxy() = default; 31*4d7e907cSAndroid Build Coastguard Worker virtual ~FakeSecureHardwareProvisioningProxy(); 32*4d7e907cSAndroid Build Coastguard Worker 33*4d7e907cSAndroid Build Coastguard Worker bool initialize(bool testCredential) override; 34*4d7e907cSAndroid Build Coastguard Worker 35*4d7e907cSAndroid Build Coastguard Worker bool initializeForUpdate(bool testCredential, const string& docType, 36*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& encryptedCredentialKeys) override; 37*4d7e907cSAndroid Build Coastguard Worker 38*4d7e907cSAndroid Build Coastguard Worker bool shutdown() override; 39*4d7e907cSAndroid Build Coastguard Worker 40*4d7e907cSAndroid Build Coastguard Worker optional<uint32_t> getId() override; 41*4d7e907cSAndroid Build Coastguard Worker 42*4d7e907cSAndroid Build Coastguard Worker // Returns public key certificate. 43*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> createCredentialKey(const vector<uint8_t>& challenge, 44*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& applicationId) override; 45*4d7e907cSAndroid Build Coastguard Worker 46*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> createCredentialKeyUsingRkp( 47*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& challenge, const vector<uint8_t>& applicationId, 48*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& attestationKeyBlob, 49*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& attestationKeyCert) override; 50*4d7e907cSAndroid Build Coastguard Worker 51*4d7e907cSAndroid Build Coastguard Worker bool startPersonalization(int accessControlProfileCount, const vector<int>& entryCounts, 52*4d7e907cSAndroid Build Coastguard Worker const string& docType, 53*4d7e907cSAndroid Build Coastguard Worker size_t expectedProofOfProvisioningSize) override; 54*4d7e907cSAndroid Build Coastguard Worker 55*4d7e907cSAndroid Build Coastguard Worker // Returns MAC (28 bytes). 56*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> addAccessControlProfile(int id, 57*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& readerCertificate, 58*4d7e907cSAndroid Build Coastguard Worker bool userAuthenticationRequired, 59*4d7e907cSAndroid Build Coastguard Worker uint64_t timeoutMillis, 60*4d7e907cSAndroid Build Coastguard Worker uint64_t secureUserId) override; 61*4d7e907cSAndroid Build Coastguard Worker 62*4d7e907cSAndroid Build Coastguard Worker bool beginAddEntry(const vector<int>& accessControlProfileIds, const string& nameSpace, 63*4d7e907cSAndroid Build Coastguard Worker const string& name, uint64_t entrySize) override; 64*4d7e907cSAndroid Build Coastguard Worker 65*4d7e907cSAndroid Build Coastguard Worker // Returns encryptedContent. 66*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> addEntryValue(const vector<int>& accessControlProfileIds, 67*4d7e907cSAndroid Build Coastguard Worker const string& nameSpace, const string& name, 68*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& content) override; 69*4d7e907cSAndroid Build Coastguard Worker 70*4d7e907cSAndroid Build Coastguard Worker // Returns signatureOfToBeSigned (EIC_ECDSA_P256_SIGNATURE_SIZE bytes). 71*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> finishAddingEntries() override; 72*4d7e907cSAndroid Build Coastguard Worker 73*4d7e907cSAndroid Build Coastguard Worker // Returns encryptedCredentialKeys (80 bytes). 74*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> finishGetCredentialData(const string& docType) override; 75*4d7e907cSAndroid Build Coastguard Worker 76*4d7e907cSAndroid Build Coastguard Worker protected: 77*4d7e907cSAndroid Build Coastguard Worker // See docs for id_. 78*4d7e907cSAndroid Build Coastguard Worker // 79*4d7e907cSAndroid Build Coastguard Worker bool validateId(const string& callerName); 80*4d7e907cSAndroid Build Coastguard Worker 81*4d7e907cSAndroid Build Coastguard Worker // We use a singleton libeic object, shared by all proxy instances. This is to 82*4d7e907cSAndroid Build Coastguard Worker // properly simulate a situation where libeic is used on constrained hardware 83*4d7e907cSAndroid Build Coastguard Worker // with only enough RAM for a single instance of the libeic object. 84*4d7e907cSAndroid Build Coastguard Worker // 85*4d7e907cSAndroid Build Coastguard Worker static EicProvisioning ctx_; 86*4d7e907cSAndroid Build Coastguard Worker 87*4d7e907cSAndroid Build Coastguard Worker // On the HAL side we keep track of the ID that was assigned to the libeic object 88*4d7e907cSAndroid Build Coastguard Worker // created in secure hardware. For every call into libeic we validate that this 89*4d7e907cSAndroid Build Coastguard Worker // identifier matches what is on the secure side. This is what the validateId() 90*4d7e907cSAndroid Build Coastguard Worker // method does. 91*4d7e907cSAndroid Build Coastguard Worker // 92*4d7e907cSAndroid Build Coastguard Worker uint32_t id_ = 0; 93*4d7e907cSAndroid Build Coastguard Worker }; 94*4d7e907cSAndroid Build Coastguard Worker 95*4d7e907cSAndroid Build Coastguard Worker // This implementation uses libEmbeddedIC in-process. 96*4d7e907cSAndroid Build Coastguard Worker // 97*4d7e907cSAndroid Build Coastguard Worker class FakeSecureHardwareSessionProxy : public SecureHardwareSessionProxy { 98*4d7e907cSAndroid Build Coastguard Worker public: 99*4d7e907cSAndroid Build Coastguard Worker FakeSecureHardwareSessionProxy() = default; 100*4d7e907cSAndroid Build Coastguard Worker virtual ~FakeSecureHardwareSessionProxy(); 101*4d7e907cSAndroid Build Coastguard Worker 102*4d7e907cSAndroid Build Coastguard Worker bool initialize() override; 103*4d7e907cSAndroid Build Coastguard Worker 104*4d7e907cSAndroid Build Coastguard Worker bool shutdown() override; 105*4d7e907cSAndroid Build Coastguard Worker 106*4d7e907cSAndroid Build Coastguard Worker optional<uint32_t> getId() override; 107*4d7e907cSAndroid Build Coastguard Worker 108*4d7e907cSAndroid Build Coastguard Worker optional<uint64_t> getAuthChallenge() override; 109*4d7e907cSAndroid Build Coastguard Worker 110*4d7e907cSAndroid Build Coastguard Worker // Returns private key 111*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> getEphemeralKeyPair() override; 112*4d7e907cSAndroid Build Coastguard Worker 113*4d7e907cSAndroid Build Coastguard Worker bool setReaderEphemeralPublicKey(const vector<uint8_t>& readerEphemeralPublicKey) override; 114*4d7e907cSAndroid Build Coastguard Worker 115*4d7e907cSAndroid Build Coastguard Worker bool setSessionTranscript(const vector<uint8_t>& sessionTranscript) override; 116*4d7e907cSAndroid Build Coastguard Worker 117*4d7e907cSAndroid Build Coastguard Worker protected: 118*4d7e907cSAndroid Build Coastguard Worker // See docs for id_. 119*4d7e907cSAndroid Build Coastguard Worker // 120*4d7e907cSAndroid Build Coastguard Worker bool validateId(const string& callerName); 121*4d7e907cSAndroid Build Coastguard Worker 122*4d7e907cSAndroid Build Coastguard Worker // We use a singleton libeic object, shared by all proxy instances. This is to 123*4d7e907cSAndroid Build Coastguard Worker // properly simulate a situation where libeic is used on constrained hardware 124*4d7e907cSAndroid Build Coastguard Worker // with only enough RAM for a single instance of the libeic object. 125*4d7e907cSAndroid Build Coastguard Worker // 126*4d7e907cSAndroid Build Coastguard Worker static EicSession ctx_; 127*4d7e907cSAndroid Build Coastguard Worker 128*4d7e907cSAndroid Build Coastguard Worker // On the HAL side we keep track of the ID that was assigned to the libeic object 129*4d7e907cSAndroid Build Coastguard Worker // created in secure hardware. For every call into libeic we validate that this 130*4d7e907cSAndroid Build Coastguard Worker // identifier matches what is on the secure side. This is what the validateId() 131*4d7e907cSAndroid Build Coastguard Worker // method does. 132*4d7e907cSAndroid Build Coastguard Worker // 133*4d7e907cSAndroid Build Coastguard Worker uint32_t id_ = 0; 134*4d7e907cSAndroid Build Coastguard Worker }; 135*4d7e907cSAndroid Build Coastguard Worker 136*4d7e907cSAndroid Build Coastguard Worker // This implementation uses libEmbeddedIC in-process. 137*4d7e907cSAndroid Build Coastguard Worker // 138*4d7e907cSAndroid Build Coastguard Worker class FakeSecureHardwarePresentationProxy : public SecureHardwarePresentationProxy { 139*4d7e907cSAndroid Build Coastguard Worker public: 140*4d7e907cSAndroid Build Coastguard Worker FakeSecureHardwarePresentationProxy() = default; 141*4d7e907cSAndroid Build Coastguard Worker virtual ~FakeSecureHardwarePresentationProxy(); 142*4d7e907cSAndroid Build Coastguard Worker 143*4d7e907cSAndroid Build Coastguard Worker bool initialize(uint32_t sessionId, bool testCredential, const string& docType, 144*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& encryptedCredentialKeys) override; 145*4d7e907cSAndroid Build Coastguard Worker 146*4d7e907cSAndroid Build Coastguard Worker bool shutdown() override; 147*4d7e907cSAndroid Build Coastguard Worker 148*4d7e907cSAndroid Build Coastguard Worker optional<uint32_t> getId() override; 149*4d7e907cSAndroid Build Coastguard Worker 150*4d7e907cSAndroid Build Coastguard Worker // Returns publicKeyCert (1st component) and signingKeyBlob (2nd component) 151*4d7e907cSAndroid Build Coastguard Worker optional<pair<vector<uint8_t>, vector<uint8_t>>> generateSigningKeyPair(const string& docType, 152*4d7e907cSAndroid Build Coastguard Worker time_t now) override; 153*4d7e907cSAndroid Build Coastguard Worker 154*4d7e907cSAndroid Build Coastguard Worker // Returns private key 155*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> createEphemeralKeyPair() override; 156*4d7e907cSAndroid Build Coastguard Worker 157*4d7e907cSAndroid Build Coastguard Worker optional<uint64_t> createAuthChallenge() override; 158*4d7e907cSAndroid Build Coastguard Worker 159*4d7e907cSAndroid Build Coastguard Worker bool startRetrieveEntries() override; 160*4d7e907cSAndroid Build Coastguard Worker 161*4d7e907cSAndroid Build Coastguard Worker bool setAuthToken(uint64_t challenge, uint64_t secureUserId, uint64_t authenticatorId, 162*4d7e907cSAndroid Build Coastguard Worker int hardwareAuthenticatorType, uint64_t timeStamp, const vector<uint8_t>& mac, 163*4d7e907cSAndroid Build Coastguard Worker uint64_t verificationTokenChallenge, uint64_t verificationTokenTimestamp, 164*4d7e907cSAndroid Build Coastguard Worker int verificationTokenSecurityLevel, 165*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& verificationTokenMac) override; 166*4d7e907cSAndroid Build Coastguard Worker 167*4d7e907cSAndroid Build Coastguard Worker bool pushReaderCert(const vector<uint8_t>& certX509) override; 168*4d7e907cSAndroid Build Coastguard Worker 169*4d7e907cSAndroid Build Coastguard Worker optional<bool> validateAccessControlProfile(int id, const vector<uint8_t>& readerCertificate, 170*4d7e907cSAndroid Build Coastguard Worker bool userAuthenticationRequired, int timeoutMillis, 171*4d7e907cSAndroid Build Coastguard Worker uint64_t secureUserId, 172*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& mac) override; 173*4d7e907cSAndroid Build Coastguard Worker 174*4d7e907cSAndroid Build Coastguard Worker bool validateRequestMessage(const vector<uint8_t>& sessionTranscript, 175*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& requestMessage, int coseSignAlg, 176*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& readerSignatureOfToBeSigned) override; 177*4d7e907cSAndroid Build Coastguard Worker 178*4d7e907cSAndroid Build Coastguard Worker bool prepareDeviceAuthentication(const vector<uint8_t>& sessionTranscript, 179*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& readerEphemeralPublicKey, 180*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& signingKeyBlob, const string& docType, 181*4d7e907cSAndroid Build Coastguard Worker unsigned int numNamespacesWithValues, 182*4d7e907cSAndroid Build Coastguard Worker size_t expectedDeviceNamespacesSize) override; 183*4d7e907cSAndroid Build Coastguard Worker 184*4d7e907cSAndroid Build Coastguard Worker AccessCheckResult startRetrieveEntryValue( 185*4d7e907cSAndroid Build Coastguard Worker const string& nameSpace, const string& name, unsigned int newNamespaceNumEntries, 186*4d7e907cSAndroid Build Coastguard Worker int32_t entrySize, const vector<int32_t>& accessControlProfileIds) override; 187*4d7e907cSAndroid Build Coastguard Worker 188*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> retrieveEntryValue( 189*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& encryptedContent, const string& nameSpace, const string& name, 190*4d7e907cSAndroid Build Coastguard Worker const vector<int32_t>& accessControlProfileIds) override; 191*4d7e907cSAndroid Build Coastguard Worker 192*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> finishRetrieval() override; 193*4d7e907cSAndroid Build Coastguard Worker 194*4d7e907cSAndroid Build Coastguard Worker optional<pair<vector<uint8_t>, vector<uint8_t>>> finishRetrievalWithSignature() override; 195*4d7e907cSAndroid Build Coastguard Worker 196*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> deleteCredential(const string& docType, 197*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& challenge, 198*4d7e907cSAndroid Build Coastguard Worker bool includeChallenge, 199*4d7e907cSAndroid Build Coastguard Worker size_t proofOfDeletionCborSize) override; 200*4d7e907cSAndroid Build Coastguard Worker 201*4d7e907cSAndroid Build Coastguard Worker optional<vector<uint8_t>> proveOwnership(const string& docType, bool testCredential, 202*4d7e907cSAndroid Build Coastguard Worker const vector<uint8_t>& challenge, 203*4d7e907cSAndroid Build Coastguard Worker size_t proofOfOwnershipCborSize) override; 204*4d7e907cSAndroid Build Coastguard Worker 205*4d7e907cSAndroid Build Coastguard Worker protected: 206*4d7e907cSAndroid Build Coastguard Worker // See docs for id_. 207*4d7e907cSAndroid Build Coastguard Worker // 208*4d7e907cSAndroid Build Coastguard Worker bool validateId(const string& callerName); 209*4d7e907cSAndroid Build Coastguard Worker 210*4d7e907cSAndroid Build Coastguard Worker // We use a singleton libeic object, shared by all proxy instances. This is to 211*4d7e907cSAndroid Build Coastguard Worker // properly simulate a situation where libeic is used on constrained hardware 212*4d7e907cSAndroid Build Coastguard Worker // with only enough RAM for a single instance of the libeic object. 213*4d7e907cSAndroid Build Coastguard Worker // 214*4d7e907cSAndroid Build Coastguard Worker static EicPresentation ctx_; 215*4d7e907cSAndroid Build Coastguard Worker 216*4d7e907cSAndroid Build Coastguard Worker // On the HAL side we keep track of the ID that was assigned to the libeic object 217*4d7e907cSAndroid Build Coastguard Worker // created in secure hardware. For every call into libeic we validate that this 218*4d7e907cSAndroid Build Coastguard Worker // identifier matches what is on the secure side. This is what the validateId() 219*4d7e907cSAndroid Build Coastguard Worker // method does. 220*4d7e907cSAndroid Build Coastguard Worker // 221*4d7e907cSAndroid Build Coastguard Worker uint32_t id_ = 0; 222*4d7e907cSAndroid Build Coastguard Worker }; 223*4d7e907cSAndroid Build Coastguard Worker 224*4d7e907cSAndroid Build Coastguard Worker // Factory implementation. 225*4d7e907cSAndroid Build Coastguard Worker // 226*4d7e907cSAndroid Build Coastguard Worker class FakeSecureHardwareProxyFactory : public SecureHardwareProxyFactory { 227*4d7e907cSAndroid Build Coastguard Worker public: FakeSecureHardwareProxyFactory()228*4d7e907cSAndroid Build Coastguard Worker FakeSecureHardwareProxyFactory() {} ~FakeSecureHardwareProxyFactory()229*4d7e907cSAndroid Build Coastguard Worker virtual ~FakeSecureHardwareProxyFactory() {} 230*4d7e907cSAndroid Build Coastguard Worker createProvisioningProxy()231*4d7e907cSAndroid Build Coastguard Worker sp<SecureHardwareProvisioningProxy> createProvisioningProxy() override { 232*4d7e907cSAndroid Build Coastguard Worker return new FakeSecureHardwareProvisioningProxy(); 233*4d7e907cSAndroid Build Coastguard Worker } 234*4d7e907cSAndroid Build Coastguard Worker createSessionProxy()235*4d7e907cSAndroid Build Coastguard Worker sp<SecureHardwareSessionProxy> createSessionProxy() override { 236*4d7e907cSAndroid Build Coastguard Worker return new FakeSecureHardwareSessionProxy(); 237*4d7e907cSAndroid Build Coastguard Worker } 238*4d7e907cSAndroid Build Coastguard Worker createPresentationProxy()239*4d7e907cSAndroid Build Coastguard Worker sp<SecureHardwarePresentationProxy> createPresentationProxy() override { 240*4d7e907cSAndroid Build Coastguard Worker return new FakeSecureHardwarePresentationProxy(); 241*4d7e907cSAndroid Build Coastguard Worker } 242*4d7e907cSAndroid Build Coastguard Worker }; 243*4d7e907cSAndroid Build Coastguard Worker 244*4d7e907cSAndroid Build Coastguard Worker } // namespace android::hardware::identity 245*4d7e907cSAndroid Build Coastguard Worker 246*4d7e907cSAndroid Build Coastguard Worker #endif // ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H 247