• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2025 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <aidl/android/hardware/security/see/hwcrypto/BnHwCryptoKey.h>
20 #include <aidl/android/hardware/security/see/hwcrypto/IHwCryptoKey.h>
21 #include <aidl/android/hardware/security/see/hwcrypto/types/HalErrorCode.h>
22 #include <android-base/logging.h>
23 #include <android-base/result.h>
24 #include <android/hardware/security/see/hwcrypto/IHwCryptoKey.h>
25 #include <binder/RpcSession.h>
26 
27 // We use cpp interfaces to talk to Trusty, and ndk interfaces for the platform
28 namespace cpp_hwcrypto = android::hardware::security::see::hwcrypto;
29 namespace ndk_hwcrypto = aidl::android::hardware::security::see::hwcrypto;
30 
31 namespace android {
32 namespace trusty {
33 namespace hwcryptohalservice {
34 
35 class HwCryptoKey : public ndk_hwcrypto::BnHwCryptoKey {
36   private:
37     sp<cpp_hwcrypto::IHwCryptoKey> mHwCryptoServer;
38     sp<IBinder> mRoot;
39     sp<RpcSession> mSession;
40     android::base::Result<void> connectToTrusty(const char* tipcDev);
41 
42   public:
43     HwCryptoKey();
44 
45     static std::shared_ptr<HwCryptoKey> Create(const char* tipcDev);
46 
47     ndk::ScopedAStatus deriveCurrentDicePolicyBoundKey(
48             const ndk_hwcrypto::IHwCryptoKey::DiceBoundDerivationKey& derivationKey,
49             ndk_hwcrypto::IHwCryptoKey::DiceCurrentBoundKeyResult* aidl_return) override;
50 
51     ndk::ScopedAStatus deriveDicePolicyBoundKey(
52             const ndk_hwcrypto::IHwCryptoKey::DiceBoundDerivationKey& derivationKey,
53             const ::std::vector<uint8_t>& dicePolicyForKeyVersion,
54             ndk_hwcrypto::IHwCryptoKey::DiceBoundKeyResult* aidl_return) override;
55     ndk::ScopedAStatus deriveKey(const ndk_hwcrypto::IHwCryptoKey::DerivedKeyParameters& parameters,
56                                  ndk_hwcrypto::IHwCryptoKey::DerivedKey* aidl_return) override;
57 
58     ndk::ScopedAStatus getHwCryptoOperations(
59             std::shared_ptr<ndk_hwcrypto::IHwCryptoOperations>* aidl_return) override;
60 
61     ndk::ScopedAStatus importClearKey(
62             const ndk_hwcrypto::types::ExplicitKeyMaterial& keyMaterial,
63             const ndk_hwcrypto::KeyPolicy& newKeyPolicy,
64             std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return) override;
65 
66     ndk::ScopedAStatus getCurrentDicePolicy(std::vector<uint8_t>* aidl_return) override;
67 
68     ndk::ScopedAStatus keyTokenImport(
69             const ndk_hwcrypto::types::OpaqueKeyToken& requestedKey,
70             const ::std::vector<uint8_t>& sealingDicePolicy,
71             std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return) override;
72 
73     ndk::ScopedAStatus getKeyslotData(
74             ndk_hwcrypto::IHwCryptoKey::KeySlot slotId,
75             std::shared_ptr<ndk_hwcrypto::IOpaqueKey>* aidl_return) override;
76 };
77 
78 template <typename LHP, typename RHP>
convertKeyPolicy(const RHP & policyToConvert)79 LHP convertKeyPolicy(const RHP& policyToConvert) {
80     LHP policy = LHP();
81     policy.usage = static_cast<decltype(policy.usage)>(policyToConvert.usage);
82     policy.keyLifetime = static_cast<decltype(policy.keyLifetime)>(policyToConvert.keyLifetime);
83     policy.keyType = static_cast<decltype(policy.keyType)>(policyToConvert.keyType);
84     policy.keyManagementKey = policyToConvert.keyManagementKey;
85     policy.keyPermissions.reserve(policyToConvert.keyPermissions.size());
86     for (auto permission : policyToConvert.keyPermissions) {
87         policy.keyPermissions.push_back(
88                 std::move(static_cast<decltype(policy.keyPermissions)::value_type>(permission)));
89     }
90     return policy;
91 }
92 
93 template <typename CPP, typename NDK,
94           std::map<std::weak_ptr<NDK>, wp<CPP>, std::owner_less<>>& mapping>
retrieveCppBinder(const std::shared_ptr<NDK> & ndkBinder)95 sp<CPP> retrieveCppBinder(const std::shared_ptr<NDK>& ndkBinder) {
96     if (ndkBinder == nullptr) {
97         return nullptr;
98     }
99     if (mapping.find(ndkBinder) == mapping.end()) {
100         LOG(ERROR) << "couldn't find wrapped key";
101         return nullptr;
102     }
103     auto cppBbinder = mapping[ndkBinder];
104     return cppBbinder.promote();
105 }
106 
107 template <typename CPP_BINDER, typename NDK_BINDER, typename NDK_BASE,
108           std::map<std::weak_ptr<NDK_BINDER>, wp<CPP_BINDER>, std::owner_less<>>& mapping>
insertBinderMapping(const sp<CPP_BINDER> & cppBinder,std::shared_ptr<NDK_BINDER> * ndkBinder)109 void insertBinderMapping(const sp<CPP_BINDER>& cppBinder, std::shared_ptr<NDK_BINDER>* ndkBinder) {
110     std::shared_ptr<NDK_BINDER> spNdkBinder = NDK_BASE::Create(cppBinder);
111     std::weak_ptr<NDK_BINDER> wptrNdkBinder = spNdkBinder;
112     wp<CPP_BINDER> wpCppBinder = cppBinder;
113     mapping.insert({wptrNdkBinder, wpCppBinder});
114     *ndkBinder = spNdkBinder;
115 }
116 
117 }  // namespace hwcryptohalservice
118 }  // namespace trusty
119 }  // namespace android
120