• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2021, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h>
20 #include <aidl/android/hardware/security/keymint/RpcHardwareInfo.h>
21 #include <aidl/android/hardware/security/keymint/SecurityLevel.h>
22 #include <cppbor.h>
23 #include <keymaster/UniquePtr.h>
24 #include <keymaster/android_keymaster.h>
25 
26 #include "CborConverter.h"
27 #include "JavacardSecureElement.h"
28 
29 namespace aidl::android::hardware::security::keymint {
30 using namespace ::keymint::javacard;
31 using ndk::ScopedAStatus;
32 
33 class JavacardRemotelyProvisionedComponentDevice
34     : public BnRemotelyProvisionedComponent {
35  public:
JavacardRemotelyProvisionedComponentDevice(shared_ptr<JavacardSecureElement> card)36   explicit JavacardRemotelyProvisionedComponentDevice(
37       shared_ptr<JavacardSecureElement> card)
38       : card_(card) {}
39 
40   virtual ~JavacardRemotelyProvisionedComponentDevice() = default;
41 
42   ScopedAStatus getHardwareInfo(RpcHardwareInfo* info) override;
43 
44   ScopedAStatus generateEcdsaP256KeyPair(
45       bool testMode, MacedPublicKey* macedPublicKey,
46       std::vector<uint8_t>* privateKeyHandle) override;
47 
48   ScopedAStatus generateCertificateRequest(
49       bool testMode, const std::vector<MacedPublicKey>& keysToSign,
50       const std::vector<uint8_t>& endpointEncCertChain,
51       const std::vector<uint8_t>& challenge, DeviceInfo* deviceInfo,
52       ProtectedData* protectedData,
53       std::vector<uint8_t>* keysToSignMac) override;
54 
55  private:
56   ScopedAStatus beginSendData(bool testMode,
57                               const std::vector<MacedPublicKey>& keysToSign);
58 
59   ScopedAStatus updateMacedKey(const std::vector<MacedPublicKey>& keysToSign);
60 
61   ScopedAStatus updateChallenge(const std::vector<uint8_t>& challenge);
62 
63   ScopedAStatus updateEEK(const std::vector<uint8_t>& endpointEncCertChain);
64 
65   ScopedAStatus finishSendData(std::vector<uint8_t>* keysToSignMac,
66                                DeviceInfo* deviceInfo,
67                                std::vector<uint8_t>& coseEncryptProtectedHeader,
68                                cppbor::Map& coseEncryptUnProtectedHeader,
69                                std::vector<uint8_t>& partialCipheredData,
70                                uint32_t& respFlag);
71 
72   ScopedAStatus getResponse(std::vector<uint8_t>& partialCipheredData,
73                             cppbor::Array& recipientStructure,
74                             uint32_t& respFlag);
75   std::shared_ptr<JavacardSecureElement> card_;
76   CborConverter cbor_;
77 };
78 
79 }  // namespace aidl::android::hardware::security::keymint
80