android13/hardware/interfaces/identity/aidl/default/FakeSecureHardwareProxy.h

/*
 * Copyright 2020, The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H
#define ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H

#include <libeic/libeic.h>

#include "SecureHardwareProxy.h"

namespace android::hardware::identity {

// This implementation uses libEmbeddedIC in-process.
//
class FakeSecureHardwareProvisioningProxy : public SecureHardwareProvisioningProxy {
  public:
    FakeSecureHardwareProvisioningProxy() = default;
    virtual ~FakeSecureHardwareProvisioningProxy();

    bool initialize(bool testCredential) override;

    bool initializeForUpdate(bool testCredential, const string& docType,
                             const vector<uint8_t>& encryptedCredentialKeys) override;

    bool shutdown() override;

    optional<uint32_t> getId() override;

    // Returns public key certificate.
    optional<vector<uint8_t>> createCredentialKey(const vector<uint8_t>& challenge,
                                                  const vector<uint8_t>& applicationId) override;

    optional<vector<uint8_t>> createCredentialKeyUsingRkp(
            const vector<uint8_t>& challenge, const vector<uint8_t>& applicationId,
            const vector<uint8_t>& attestationKeyBlob,
            const vector<uint8_t>& attestationKeyCert) override;

    bool startPersonalization(int accessControlProfileCount, const vector<int>& entryCounts,
                              const string& docType,
                              size_t expectedProofOfProvisioningSize) override;

    // Returns MAC (28 bytes).
    optional<vector<uint8_t>> addAccessControlProfile(int id,
                                                      const vector<uint8_t>& readerCertificate,
                                                      bool userAuthenticationRequired,
                                                      uint64_t timeoutMillis,
                                                      uint64_t secureUserId) override;

    bool beginAddEntry(const vector<int>& accessControlProfileIds, const string& nameSpace,
                       const string& name, uint64_t entrySize) override;

    // Returns encryptedContent.
    optional<vector<uint8_t>> addEntryValue(const vector<int>& accessControlProfileIds,
                                            const string& nameSpace, const string& name,
                                            const vector<uint8_t>& content) override;

    // Returns signatureOfToBeSigned (EIC_ECDSA_P256_SIGNATURE_SIZE bytes).
    optional<vector<uint8_t>> finishAddingEntries() override;

    // Returns encryptedCredentialKeys (80 bytes).
    optional<vector<uint8_t>> finishGetCredentialData(const string& docType) override;

  protected:
    // See docs for id_.
    //
    bool validateId(const string& callerName);

    // We use a singleton libeic object, shared by all proxy instances.  This is to
    // properly simulate a situation where libeic is used on constrained hardware
    // with only enough RAM for a single instance of the libeic object.
    //
    static EicProvisioning ctx_;

    // On the HAL side we keep track of the ID that was assigned to the libeic object
    // created in secure hardware. For every call into libeic we validate that this
    // identifier matches what is on the secure side. This is what the validateId()
    // method does.
    //
    uint32_t id_ = 0;
};

// This implementation uses libEmbeddedIC in-process.
//
class FakeSecureHardwareSessionProxy : public SecureHardwareSessionProxy {
  public:
    FakeSecureHardwareSessionProxy() = default;
    virtual ~FakeSecureHardwareSessionProxy();

    bool initialize() override;

    bool shutdown() override;

    optional<uint32_t> getId() override;

    optional<uint64_t> getAuthChallenge() override;

    // Returns private key
    optional<vector<uint8_t>> getEphemeralKeyPair() override;

    bool setReaderEphemeralPublicKey(const vector<uint8_t>& readerEphemeralPublicKey) override;

    bool setSessionTranscript(const vector<uint8_t>& sessionTranscript) override;

  protected:
    // See docs for id_.
    //
    bool validateId(const string& callerName);

    // We use a singleton libeic object, shared by all proxy instances.  This is to
    // properly simulate a situation where libeic is used on constrained hardware
    // with only enough RAM for a single instance of the libeic object.
    //
    static EicSession ctx_;

    // On the HAL side we keep track of the ID that was assigned to the libeic object
    // created in secure hardware. For every call into libeic we validate that this
    // identifier matches what is on the secure side. This is what the validateId()
    // method does.
    //
    uint32_t id_ = 0;
};

// This implementation uses libEmbeddedIC in-process.
//
class FakeSecureHardwarePresentationProxy : public SecureHardwarePresentationProxy {
  public:
    FakeSecureHardwarePresentationProxy() = default;
    virtual ~FakeSecureHardwarePresentationProxy();

    bool initialize(uint32_t sessionId, bool testCredential, const string& docType,
                    const vector<uint8_t>& encryptedCredentialKeys) override;

    bool shutdown() override;

    optional<uint32_t> getId() override;

    // Returns publicKeyCert (1st component) and signingKeyBlob (2nd component)
    optional<pair<vector<uint8_t>, vector<uint8_t>>> generateSigningKeyPair(const string& docType,
                                                                            time_t now) override;

    // Returns private key
    optional<vector<uint8_t>> createEphemeralKeyPair() override;

    optional<uint64_t> createAuthChallenge() override;

    bool startRetrieveEntries() override;

    bool setAuthToken(uint64_t challenge, uint64_t secureUserId, uint64_t authenticatorId,
                      int hardwareAuthenticatorType, uint64_t timeStamp, const vector<uint8_t>& mac,
                      uint64_t verificationTokenChallenge, uint64_t verificationTokenTimestamp,
                      int verificationTokenSecurityLevel,
                      const vector<uint8_t>& verificationTokenMac) override;

    bool pushReaderCert(const vector<uint8_t>& certX509) override;

    optional<bool> validateAccessControlProfile(int id, const vector<uint8_t>& readerCertificate,
                                                bool userAuthenticationRequired, int timeoutMillis,
                                                uint64_t secureUserId,
                                                const vector<uint8_t>& mac) override;

    bool validateRequestMessage(const vector<uint8_t>& sessionTranscript,
                                const vector<uint8_t>& requestMessage, int coseSignAlg,
                                const vector<uint8_t>& readerSignatureOfToBeSigned) override;

    bool calcMacKey(const vector<uint8_t>& sessionTranscript,
                    const vector<uint8_t>& readerEphemeralPublicKey,
                    const vector<uint8_t>& signingKeyBlob, const string& docType,
                    unsigned int numNamespacesWithValues,
                    size_t expectedProofOfProvisioningSize) override;

    AccessCheckResult startRetrieveEntryValue(
            const string& nameSpace, const string& name, unsigned int newNamespaceNumEntries,
            int32_t entrySize, const vector<int32_t>& accessControlProfileIds) override;

    optional<vector<uint8_t>> retrieveEntryValue(
            const vector<uint8_t>& encryptedContent, const string& nameSpace, const string& name,
            const vector<int32_t>& accessControlProfileIds) override;

    optional<vector<uint8_t>> finishRetrieval() override;

    optional<vector<uint8_t>> deleteCredential(const string& docType,
                                               const vector<uint8_t>& challenge,
                                               bool includeChallenge,
                                               size_t proofOfDeletionCborSize) override;

    optional<vector<uint8_t>> proveOwnership(const string& docType, bool testCredential,
                                             const vector<uint8_t>& challenge,
                                             size_t proofOfOwnershipCborSize) override;

  protected:
    // See docs for id_.
    //
    bool validateId(const string& callerName);

    // We use a singleton libeic object, shared by all proxy instances.  This is to
    // properly simulate a situation where libeic is used on constrained hardware
    // with only enough RAM for a single instance of the libeic object.
    //
    static EicPresentation ctx_;

    // On the HAL side we keep track of the ID that was assigned to the libeic object
    // created in secure hardware. For every call into libeic we validate that this
    // identifier matches what is on the secure side. This is what the validateId()
    // method does.
    //
    uint32_t id_ = 0;
};

// Factory implementation.
//
class FakeSecureHardwareProxyFactory : public SecureHardwareProxyFactory {
  public:
    FakeSecureHardwareProxyFactory() {}
    virtual ~FakeSecureHardwareProxyFactory() {}

    sp<SecureHardwareProvisioningProxy> createProvisioningProxy() override {
        return new FakeSecureHardwareProvisioningProxy();
    }

    sp<SecureHardwareSessionProxy> createSessionProxy() override {
        return new FakeSecureHardwareSessionProxy();
    }

    sp<SecureHardwarePresentationProxy> createPresentationProxy() override {
        return new FakeSecureHardwarePresentationProxy();
    }
};

}  // namespace android::hardware::identity

#endif  // ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H
initial 2024-06-22 08:45:49 -04:00			`/*`
			`* Copyright 2020, The Android Open Source Project`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

			`#ifndef ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H`
			`#define ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H`

			`#include <libeic/libeic.h>`

			`#include "SecureHardwareProxy.h"`

			`namespace android::hardware::identity {`

			`// This implementation uses libEmbeddedIC in-process.`
			`//`
			`class FakeSecureHardwareProvisioningProxy : public SecureHardwareProvisioningProxy {`
			`public:`
			`FakeSecureHardwareProvisioningProxy() = default;`
			`virtual ~FakeSecureHardwareProvisioningProxy();`

			`bool initialize(bool testCredential) override;`

			`bool initializeForUpdate(bool testCredential, const string& docType,`
			`const vector<uint8_t>& encryptedCredentialKeys) override;`

			`bool shutdown() override;`

			`optional<uint32_t> getId() override;`

			`// Returns public key certificate.`
			`optional<vector<uint8_t>> createCredentialKey(const vector<uint8_t>& challenge,`
			`const vector<uint8_t>& applicationId) override;`

			`optional<vector<uint8_t>> createCredentialKeyUsingRkp(`
			`const vector<uint8_t>& challenge, const vector<uint8_t>& applicationId,`
			`const vector<uint8_t>& attestationKeyBlob,`
			`const vector<uint8_t>& attestationKeyCert) override;`

			`bool startPersonalization(int accessControlProfileCount, const vector<int>& entryCounts,`
			`const string& docType,`
			`size_t expectedProofOfProvisioningSize) override;`

			`// Returns MAC (28 bytes).`
			`optional<vector<uint8_t>> addAccessControlProfile(int id,`
			`const vector<uint8_t>& readerCertificate,`
			`bool userAuthenticationRequired,`
			`uint64_t timeoutMillis,`
			`uint64_t secureUserId) override;`

			`bool beginAddEntry(const vector<int>& accessControlProfileIds, const string& nameSpace,`
			`const string& name, uint64_t entrySize) override;`

			`// Returns encryptedContent.`
			`optional<vector<uint8_t>> addEntryValue(const vector<int>& accessControlProfileIds,`
			`const string& nameSpace, const string& name,`
			`const vector<uint8_t>& content) override;`

			`// Returns signatureOfToBeSigned (EIC_ECDSA_P256_SIGNATURE_SIZE bytes).`
			`optional<vector<uint8_t>> finishAddingEntries() override;`

			`// Returns encryptedCredentialKeys (80 bytes).`
			`optional<vector<uint8_t>> finishGetCredentialData(const string& docType) override;`

			`protected:`
			`// See docs for id_.`
			`//`
			`bool validateId(const string& callerName);`

			`// We use a singleton libeic object, shared by all proxy instances. This is to`
			`// properly simulate a situation where libeic is used on constrained hardware`
			`// with only enough RAM for a single instance of the libeic object.`
			`//`
			`static EicProvisioning ctx_;`

			`// On the HAL side we keep track of the ID that was assigned to the libeic object`
			`// created in secure hardware. For every call into libeic we validate that this`
			`// identifier matches what is on the secure side. This is what the validateId()`
			`// method does.`
			`//`
			`uint32_t id_ = 0;`
			`};`

			`// This implementation uses libEmbeddedIC in-process.`
			`//`
			`class FakeSecureHardwareSessionProxy : public SecureHardwareSessionProxy {`
			`public:`
			`FakeSecureHardwareSessionProxy() = default;`
			`virtual ~FakeSecureHardwareSessionProxy();`

			`bool initialize() override;`

			`bool shutdown() override;`

			`optional<uint32_t> getId() override;`

			`optional<uint64_t> getAuthChallenge() override;`

			`// Returns private key`
			`optional<vector<uint8_t>> getEphemeralKeyPair() override;`

			`bool setReaderEphemeralPublicKey(const vector<uint8_t>& readerEphemeralPublicKey) override;`

			`bool setSessionTranscript(const vector<uint8_t>& sessionTranscript) override;`

			`protected:`
			`// See docs for id_.`
			`//`
			`bool validateId(const string& callerName);`

			`// We use a singleton libeic object, shared by all proxy instances. This is to`
			`// properly simulate a situation where libeic is used on constrained hardware`
			`// with only enough RAM for a single instance of the libeic object.`
			`//`
			`static EicSession ctx_;`

			`// On the HAL side we keep track of the ID that was assigned to the libeic object`
			`// created in secure hardware. For every call into libeic we validate that this`
			`// identifier matches what is on the secure side. This is what the validateId()`
			`// method does.`
			`//`
			`uint32_t id_ = 0;`
			`};`

			`// This implementation uses libEmbeddedIC in-process.`
			`//`
			`class FakeSecureHardwarePresentationProxy : public SecureHardwarePresentationProxy {`
			`public:`
			`FakeSecureHardwarePresentationProxy() = default;`
			`virtual ~FakeSecureHardwarePresentationProxy();`

			`bool initialize(uint32_t sessionId, bool testCredential, const string& docType,`
			`const vector<uint8_t>& encryptedCredentialKeys) override;`

			`bool shutdown() override;`

			`optional<uint32_t> getId() override;`

			`// Returns publicKeyCert (1st component) and signingKeyBlob (2nd component)`
			`optional<pair<vector<uint8_t>, vector<uint8_t>>> generateSigningKeyPair(const string& docType,`
			`time_t now) override;`

			`// Returns private key`
			`optional<vector<uint8_t>> createEphemeralKeyPair() override;`

			`optional<uint64_t> createAuthChallenge() override;`

			`bool startRetrieveEntries() override;`

			`bool setAuthToken(uint64_t challenge, uint64_t secureUserId, uint64_t authenticatorId,`
			`int hardwareAuthenticatorType, uint64_t timeStamp, const vector<uint8_t>& mac,`
			`uint64_t verificationTokenChallenge, uint64_t verificationTokenTimestamp,`
			`int verificationTokenSecurityLevel,`
			`const vector<uint8_t>& verificationTokenMac) override;`

			`bool pushReaderCert(const vector<uint8_t>& certX509) override;`

			`optional<bool> validateAccessControlProfile(int id, const vector<uint8_t>& readerCertificate,`
			`bool userAuthenticationRequired, int timeoutMillis,`
			`uint64_t secureUserId,`
			`const vector<uint8_t>& mac) override;`

			`bool validateRequestMessage(const vector<uint8_t>& sessionTranscript,`
			`const vector<uint8_t>& requestMessage, int coseSignAlg,`
			`const vector<uint8_t>& readerSignatureOfToBeSigned) override;`

			`bool calcMacKey(const vector<uint8_t>& sessionTranscript,`
			`const vector<uint8_t>& readerEphemeralPublicKey,`
			`const vector<uint8_t>& signingKeyBlob, const string& docType,`
			`unsigned int numNamespacesWithValues,`
			`size_t expectedProofOfProvisioningSize) override;`

			`AccessCheckResult startRetrieveEntryValue(`
			`const string& nameSpace, const string& name, unsigned int newNamespaceNumEntries,`
			`int32_t entrySize, const vector<int32_t>& accessControlProfileIds) override;`

			`optional<vector<uint8_t>> retrieveEntryValue(`
			`const vector<uint8_t>& encryptedContent, const string& nameSpace, const string& name,`
			`const vector<int32_t>& accessControlProfileIds) override;`

			`optional<vector<uint8_t>> finishRetrieval() override;`

			`optional<vector<uint8_t>> deleteCredential(const string& docType,`
			`const vector<uint8_t>& challenge,`
			`bool includeChallenge,`
			`size_t proofOfDeletionCborSize) override;`

			`optional<vector<uint8_t>> proveOwnership(const string& docType, bool testCredential,`
			`const vector<uint8_t>& challenge,`
			`size_t proofOfOwnershipCborSize) override;`

			`protected:`
			`// See docs for id_.`
			`//`
			`bool validateId(const string& callerName);`

			`// We use a singleton libeic object, shared by all proxy instances. This is to`
			`// properly simulate a situation where libeic is used on constrained hardware`
			`// with only enough RAM for a single instance of the libeic object.`
			`//`
			`static EicPresentation ctx_;`

			`// On the HAL side we keep track of the ID that was assigned to the libeic object`
			`// created in secure hardware. For every call into libeic we validate that this`
			`// identifier matches what is on the secure side. This is what the validateId()`
			`// method does.`
			`//`
			`uint32_t id_ = 0;`
			`};`

			`// Factory implementation.`
			`//`
			`class FakeSecureHardwareProxyFactory : public SecureHardwareProxyFactory {`
			`public:`
			`FakeSecureHardwareProxyFactory() {}`
			`virtual ~FakeSecureHardwareProxyFactory() {}`

			`sp<SecureHardwareProvisioningProxy> createProvisioningProxy() override {`
			`return new FakeSecureHardwareProvisioningProxy();`
			`}`

			`sp<SecureHardwareSessionProxy> createSessionProxy() override {`
			`return new FakeSecureHardwareSessionProxy();`
			`}`

			`sp<SecureHardwarePresentationProxy> createPresentationProxy() override {`
			`return new FakeSecureHardwarePresentationProxy();`
			`}`
			`};`

			`} // namespace android::hardware::identity`

			`#endif // ANDROID_HARDWARE_IDENTITY_FAKESECUREHARDWAREPROXY_H`