1 /* 2 * Copyright 2021, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 /****************************************************************************** 17 * 18 * The original Work has been changed by NXP. 19 * 20 * Licensed under the Apache License, Version 2.0 (the "License"); 21 * you may not use this file except in compliance with the License. 22 * You may obtain a copy of the License at 23 * 24 * http://www.apache.org/licenses/LICENSE-2.0 25 * 26 * Unless required by applicable law or agreed to in writing, software 27 * distributed under the License is distributed on an "AS IS" BASIS, 28 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 29 * See the License for the specific language governing permissions and 30 * limitations under the License. 31 * 32 * Copyright 2022-2023 NXP 33 * 34 ******************************************************************************/ 35 36 #pragma once 37 38 #include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h> 39 #include <aidl/android/hardware/security/keymint/RpcHardwareInfo.h> 40 #include <aidl/android/hardware/security/keymint/SecurityLevel.h> 41 #include <cppbor.h> 42 #include <keymaster/UniquePtr.h> 43 #include <keymaster/android_keymaster.h> 44 45 #include "CborConverter.h" 46 #include "JavacardSecureElement.h" 47 48 namespace aidl::android::hardware::security::keymint { 49 using ::keymint::javacard::CborConverter; 50 using ::keymint::javacard::JavacardSecureElement; 51 using ndk::ScopedAStatus; 52 using std::shared_ptr; 53 54 class JavacardRemotelyProvisionedComponentDevice 55 : public BnRemotelyProvisionedComponent { 56 public: JavacardRemotelyProvisionedComponentDevice(shared_ptr<JavacardSecureElement> card)57 explicit JavacardRemotelyProvisionedComponentDevice( 58 shared_ptr<JavacardSecureElement> card) 59 : card_(std::move(card)) {} 60 61 virtual ~JavacardRemotelyProvisionedComponentDevice() = default; 62 63 // Methods from ::ndk::ICInterface follow. 64 binder_status_t dump(int fd, const char **args, uint32_t num_args) override; 65 66 ScopedAStatus getHardwareInfo(RpcHardwareInfo *info) override; 67 68 ScopedAStatus 69 generateEcdsaP256KeyPair(bool testMode, MacedPublicKey *macedPublicKey, 70 std::vector<uint8_t> *privateKeyHandle) override; 71 72 ScopedAStatus generateCertificateRequest( 73 bool testMode, const std::vector<MacedPublicKey> &keysToSign, 74 const std::vector<uint8_t> &endpointEncCertChain, 75 const std::vector<uint8_t> &challenge, DeviceInfo *deviceInfo, 76 ProtectedData *protectedData, 77 std::vector<uint8_t> *keysToSignMac) override; 78 79 private: 80 ScopedAStatus beginSendData(bool testMode, 81 const std::vector<MacedPublicKey>& keysToSign); 82 83 ScopedAStatus updateMacedKey(const std::vector<MacedPublicKey>& keysToSign); 84 85 ScopedAStatus updateChallenge(const std::vector<uint8_t>& challenge); 86 87 ScopedAStatus updateEEK(const std::vector<uint8_t>& endpointEncCertChain); 88 89 ScopedAStatus finishSendData(std::vector<uint8_t>* keysToSignMac, 90 DeviceInfo* deviceInfo, 91 std::vector<uint8_t>& coseEncryptProtectedHeader, 92 cppbor::Map& coseEncryptUnProtectedHeader, 93 std::vector<uint8_t>& partialCipheredData, 94 uint32_t& respFlag); 95 96 ScopedAStatus getResponse(std::vector<uint8_t>& partialCipheredData, 97 cppbor::Array& recipientStructure, 98 uint32_t& respFlag); 99 std::shared_ptr<JavacardSecureElement> card_; 100 CborConverter cbor_; 101 }; 102 103 } // namespace aidl::android::hardware::security::keymint 104