Evolution-x/hardware_interfaces
1
0
Fork 0
mirror of https://github.com/Evolution-X/hardware_interfaces synced 2026-02-08 12:38:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
77c246444bd00a2c7ab514bcdce080b441a02ba5
hardware_interfaces/security/keymint/aidl/default/ta/lib.rs
David Drysdale fe5f33a61e Make batch attestation keys/certs optional 
Test: VtsKeyMintTargetTest
Bug: 329399923
Bug: 329269183
Change-Id: I4ef49fcbda7a69ea5623c084e276eb64d34c5813
2024-04-05 16:54:31 +00:00

110 lines
3.7 KiB
Rust
Raw Blame History

/*
* Copyright (C) 2023 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
//! Local in-process implementation of the KeyMint TA. This is insecure and should
//! only be used for testing purposes.
// This crate is `std` using, but some of the code uses macros from a `no_std` world.
extern crate alloc;
use kmr_common::crypto;
use kmr_crypto_boring::{
aes::BoringAes, aes_cmac::BoringAesCmac, des::BoringDes, ec::BoringEc, eq::BoringEq,
hmac::BoringHmac, rng::BoringRng, rsa::BoringRsa, sha256::BoringSha256,
};
use kmr_ta::device::{
BootloaderDone, CsrSigningAlgorithm, Implementation, TrustedPresenceUnsupported,
};
use kmr_ta::{HardwareInfo, KeyMintTa, RpcInfo, RpcInfoV3};
use kmr_wire::keymint::SecurityLevel;
use kmr_wire::rpc::MINIMUM_SUPPORTED_KEYS_IN_CSR;
use log::info;
pub mod attest;
pub mod clock;
pub mod rpc;
pub mod soft;
/// Build a set of crypto trait implementations based around BoringSSL and the standard library
/// clock.
pub fn boringssl_crypto_impls() -> crypto::Implementation {
let rng = BoringRng;
let clock = clock::StdClock::new();
let rsa = BoringRsa::default();
let ec = BoringEc::default();
crypto::Implementation {
rng: Box::new(rng),
clock: Some(Box::new(clock)),
compare: Box::new(BoringEq),
aes: Box::new(BoringAes),
des: Box::new(BoringDes),
hmac: Box::new(BoringHmac),
rsa: Box::new(rsa),
ec: Box::new(ec),
ckdf: Box::new(BoringAesCmac),
hkdf: Box::new(BoringHmac),
sha256: Box::new(BoringSha256),
}
}
/// Build a [`kmr_ta::KeyMintTa`] instance for nonsecure use.
pub fn build_ta() -> kmr_ta::KeyMintTa {
info!("Building NON-SECURE KeyMint Rust TA");
let hw_info = HardwareInfo {
version_number: 1,
security_level: SecurityLevel::TrustedEnvironment,
impl_name: "Rust reference implementation",
author_name: "Google",
unique_id: "NON-SECURE KeyMint TA",
};
let rpc_sign_algo = CsrSigningAlgorithm::EdDSA;
let rpc_info_v3 = RpcInfoV3 {
author_name: "Google",
unique_id: "NON-SECURE KeyMint TA",
fused: false,
supported_num_of_keys_in_csr: MINIMUM_SUPPORTED_KEYS_IN_CSR,
};
let sign_info = attest::CertSignInfo::new();
let keys: Box<dyn kmr_ta::device::RetrieveKeyMaterial> = Box::new(soft::Keys);
let rpc: Box<dyn kmr_ta::device::RetrieveRpcArtifacts> = Box::new(soft::RpcArtifacts::new(
soft::Derive::default(),
rpc_sign_algo,
));
let dev = Implementation {
keys,
sign_info: Some(Box::new(sign_info)),
// HAL populates attestation IDs from properties.
attest_ids: None,
sdd_mgr: None,
// `BOOTLOADER_ONLY` keys not supported.
bootloader: Box::new(BootloaderDone),
// `STORAGE_KEY` keys not supported.
sk_wrapper: None,
// `TRUSTED_USER_PRESENCE_REQUIRED` keys not supported
tup: Box::new(TrustedPresenceUnsupported),
// No support for converting previous implementation's keyblobs.
legacy_key: None,
rpc,
};
KeyMintTa::new(
hw_info,
RpcInfo::V3(rpc_info_v3),
boringssl_crypto_impls(),
dev,
)
}
Reference in New Issue View Git Blame Copy Permalink