1 /*
2 * Copyright (C) 2022 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 //! Main entrypoint for KeyMint/Rust trusted application (TA) on Trusty.
18
19 use keymint::{
20 AttestationIds, CertSignInfo, SharedSddManager, TrustyKeys, TrustyMonotonicClock, TrustyRng,
21 TrustyRpc, TrustySecureDeletionSecretManager,
22 };
23
24 #[cfg(feature = "with_hwwsk_support")]
25 use keymint::{TrustyAes, TrustyStorageKeyWrapper};
26
27 use kmr_common::crypto;
28 use kmr_crypto_boring::{
29 aes::BoringAes, aes_cmac::BoringAesCmac, des::BoringDes, ec::BoringEc, eq::BoringEq,
30 hmac::BoringHmac, rsa::BoringRsa, sha256::BoringSha256,
31 };
32 use kmr_ta::{HardwareInfo, RpcInfo, RpcInfoV3};
33 use log::debug;
34
log_formatter(record: &log::Record) -> String35 fn log_formatter(record: &log::Record) -> String {
36 // line number should be present, so keeping it simple by just returning a 0.
37 let line = record.line().unwrap_or(0);
38 let file = record.file().unwrap_or("unknown file");
39 format!("{}: {}:{} {}\n", record.level(), file, line, record.args())
40 }
41
main()42 fn main() {
43 let config = trusty_log::TrustyLoggerConfig::default()
44 .with_min_level(log::Level::Info)
45 .format(&log_formatter);
46 trusty_log::init_with_config(config);
47
48 debug!("Hello from Keymint Rust!");
49
50 let hw_info = HardwareInfo {
51 version_number: 3,
52 security_level: kmr_common::wire::keymint::SecurityLevel::TrustedEnvironment,
53 impl_name: "TEE KeyMint in Rust",
54 author_name: "Google",
55 unique_id: "TEE KeyMint TA",
56 };
57
58 let rpc_info_v3 = RpcInfoV3 {
59 author_name: "Google",
60 unique_id: "TEE KeyMint TA",
61 fused: false,
62 supported_num_of_keys_in_csr: kmr_wire::rpc::MINIMUM_SUPPORTED_KEYS_IN_CSR,
63 };
64
65 let rng = TrustyRng::default();
66 let clock = TrustyMonotonicClock;
67 #[cfg(feature = "with_hwwsk_support")]
68 let aes = TrustyAes::default();
69 #[cfg(not(feature = "with_hwwsk_support"))]
70 let aes = BoringAes;
71 let imp = crypto::Implementation {
72 rng: Box::new(rng),
73 clock: Some(Box::new(clock)),
74 compare: Box::new(BoringEq),
75 aes: Box::new(aes),
76 des: Box::new(BoringDes),
77 hmac: Box::new(BoringHmac),
78 rsa: Box::<BoringRsa>::default(),
79 ec: Box::<BoringEc>::default(),
80 ckdf: Box::new(BoringAesCmac),
81 hkdf: Box::new(BoringHmac),
82 sha256: Box::new(BoringSha256),
83 };
84 let sdd_mgr = TrustySecureDeletionSecretManager::new();
85 let shared_sdd_mgr = SharedSddManager::new(sdd_mgr);
86 let legacy_sdd_mgr = shared_sdd_mgr.clone();
87 let legacy_key = keymint::TrustyLegacyKeyBlobHandler {
88 aes: Box::new(BoringAes),
89 hkdf: Box::new(BoringHmac),
90 sdd_mgr: Some(Box::new(legacy_sdd_mgr)),
91 keys: Box::new(TrustyKeys),
92 };
93 let dev = kmr_ta::device::Implementation {
94 keys: Box::new(TrustyKeys),
95 sign_info: Some(Box::new(CertSignInfo)),
96 attest_ids: Some(Box::new(AttestationIds)),
97 sdd_mgr: Some(Box::new(shared_sdd_mgr)),
98 bootloader: Box::new(kmr_ta::device::BootloaderDone),
99 #[cfg(feature = "with_hwwsk_support")]
100 sk_wrapper: Some(Box::new(TrustyStorageKeyWrapper)),
101 #[cfg(not(feature = "with_hwwsk_support"))]
102 sk_wrapper: None,
103 tup: Box::new(kmr_ta::device::TrustedPresenceUnsupported),
104 legacy_key: Some(Box::new(legacy_key)),
105 rpc: Box::new(TrustyRpc),
106 };
107 keymint::handle_port_connections(hw_info, RpcInfo::V3(rpc_info_v3), imp, dev)
108 .expect("handle_port_connections returned an error");
109 }
110