/* * Copyright (C) 2022 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ //! Main entrypoint for KeyMint/Rust trusted application (TA) on Trusty. use keymint::{ CertSignInfo, SharedSddManager, TrustyKeys, TrustyMonotonicClock, TrustyRng, TrustyRpc, TrustySecureDeletionSecretManager, }; #[cfg(feature = "with_hwwsk_support")] use keymint::{TrustyAes, TrustyStorageKeyWrapper}; use kmr_common::crypto; use kmr_crypto_boring::{ aes::BoringAes, aes_cmac::BoringAesCmac, des::BoringDes, ec::BoringEc, eq::BoringEq, hmac::BoringHmac, rsa::BoringRsa, sha256::BoringSha256, }; use kmr_ta::{HardwareInfo, RpcInfo, RpcInfoV3}; use log::debug; fn log_formatter(record: &log::Record) -> String { // line number should be present, so keeping it simple by just returning a 0. let line = record.line().unwrap_or(0); let file = record.file().unwrap_or("unknown file"); format!("{}: {}:{} {}\n", record.level(), file, line, record.args()) } fn main() { let config = trusty_log::TrustyLoggerConfig::default() .with_min_level(log::Level::Info) .format(&log_formatter); trusty_log::init_with_config(config); debug!("Hello from Keymint Rust!"); let hw_info = HardwareInfo { version_number: 3, security_level: kmr_common::wire::keymint::SecurityLevel::TrustedEnvironment, impl_name: "TEE KeyMint in Rust", author_name: "Google", unique_id: "TEE KeyMint TA", }; let rpc_info_v3 = RpcInfoV3 { author_name: "Google", unique_id: "TEE KeyMint TA", fused: false, supported_num_of_keys_in_csr: kmr_wire::rpc::MINIMUM_SUPPORTED_KEYS_IN_CSR, }; let rng = TrustyRng::default(); let clock = TrustyMonotonicClock; #[cfg(feature = "with_hwwsk_support")] let aes = TrustyAes::default(); #[cfg(not(feature = "with_hwwsk_support"))] let aes = BoringAes; let imp = crypto::Implementation { rng: Box::new(rng), clock: Some(Box::new(clock)), compare: Box::new(BoringEq), aes: Box::new(aes), des: Box::new(BoringDes), hmac: Box::new(BoringHmac), rsa: Box::::default(), ec: Box::::default(), ckdf: Box::new(BoringAesCmac), hkdf: Box::new(BoringHmac), sha256: Box::new(BoringSha256), }; let sdd_mgr = TrustySecureDeletionSecretManager::new(); let shared_sdd_mgr = SharedSddManager::new(sdd_mgr); let legacy_sdd_mgr = shared_sdd_mgr.clone(); let legacy_key = keymint::TrustyLegacyKeyBlobHandler { aes: Box::new(BoringAes), hkdf: Box::new(BoringHmac), sdd_mgr: Some(Box::new(legacy_sdd_mgr)), keys: Box::new(TrustyKeys), }; let dev = kmr_ta::device::Implementation { keys: Box::new(TrustyKeys), sign_info: Some(Box::new(CertSignInfo)), #[cfg(feature = "vm_nonsecure")] attest_ids: None, #[cfg(not(feature = "vm_nonsecure"))] attest_ids: Some(Box::new(keymint::AttestationIds)), sdd_mgr: Some(Box::new(shared_sdd_mgr)), bootloader: Box::new(kmr_ta::device::BootloaderDone), #[cfg(feature = "with_hwwsk_support")] sk_wrapper: Some(Box::new(TrustyStorageKeyWrapper)), #[cfg(not(feature = "with_hwwsk_support"))] sk_wrapper: None, tup: Box::new(kmr_ta::device::TrustedPresenceUnsupported), legacy_key: Some(Box::new(legacy_key)), rpc: Box::new(TrustyRpc), }; keymint::handle_port_connections(hw_info, RpcInfo::V3(rpc_info_v3), imp, dev) .expect("handle_port_connections returned an error"); }