xref: /aosp_15_r20/system/keymint/hal/src/rpc.rs (revision 9860b7637a5f185913c70aa0caabe3ecb78441e4) 
1*9860b763SAndroid Build Coastguard Worker // Copyright 2022, The Android Open Source Project
2*9860b763SAndroid Build Coastguard Worker //
3*9860b763SAndroid Build Coastguard Worker // Licensed under the Apache License, Version 2.0 (the "License");
4*9860b763SAndroid Build Coastguard Worker // you may not use this file except in compliance with the License.
5*9860b763SAndroid Build Coastguard Worker // You may obtain a copy of the License at
6*9860b763SAndroid Build Coastguard Worker //
7*9860b763SAndroid Build Coastguard Worker //     http://www.apache.org/licenses/LICENSE-2.0
8*9860b763SAndroid Build Coastguard Worker //
9*9860b763SAndroid Build Coastguard Worker // Unless required by applicable law or agreed to in writing, software
10*9860b763SAndroid Build Coastguard Worker // distributed under the License is distributed on an "AS IS" BASIS,
11*9860b763SAndroid Build Coastguard Worker // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12*9860b763SAndroid Build Coastguard Worker // See the License for the specific language governing permissions and
13*9860b763SAndroid Build Coastguard Worker // limitations under the License.
14*9860b763SAndroid Build Coastguard Worker 
15*9860b763SAndroid Build Coastguard Worker //! RemotelyProvisionedComponent HAL device implementation.
16*9860b763SAndroid Build Coastguard Worker 
17*9860b763SAndroid Build Coastguard Worker use super::{ChannelHalService, SerializedChannel};
18*9860b763SAndroid Build Coastguard Worker use crate::binder;
19*9860b763SAndroid Build Coastguard Worker use crate::hal::{rkp, Innto};
20*9860b763SAndroid Build Coastguard Worker use kmr_wire::*;
21*9860b763SAndroid Build Coastguard Worker use std::sync::{Arc, Mutex, MutexGuard};
22*9860b763SAndroid Build Coastguard Worker 
23*9860b763SAndroid Build Coastguard Worker /// `IRemotelyProvisionedComponent` implementation which converts all method invocations to
24*9860b763SAndroid Build Coastguard Worker /// serialized requests that are sent down the associated channel.
25*9860b763SAndroid Build Coastguard Worker pub struct Device<T: SerializedChannel + 'static> {
26*9860b763SAndroid Build Coastguard Worker     channel: Arc<Mutex<T>>,
27*9860b763SAndroid Build Coastguard Worker }
28*9860b763SAndroid Build Coastguard Worker 
29*9860b763SAndroid Build Coastguard Worker impl<T: SerializedChannel + 'static> Device<T> {
30*9860b763SAndroid Build Coastguard Worker     /// Construct a new instance that uses the provided channel.
new(channel: Arc<Mutex<T>>) -> Self31*9860b763SAndroid Build Coastguard Worker     pub fn new(channel: Arc<Mutex<T>>) -> Self {
32*9860b763SAndroid Build Coastguard Worker         Self { channel }
33*9860b763SAndroid Build Coastguard Worker     }
34*9860b763SAndroid Build Coastguard Worker 
35*9860b763SAndroid Build Coastguard Worker     /// Create a new instance wrapped in a proxy object.
new_as_binder( channel: Arc<Mutex<T>>, ) -> binder::Strong<dyn rkp::IRemotelyProvisionedComponent::IRemotelyProvisionedComponent>36*9860b763SAndroid Build Coastguard Worker     pub fn new_as_binder(
37*9860b763SAndroid Build Coastguard Worker         channel: Arc<Mutex<T>>,
38*9860b763SAndroid Build Coastguard Worker     ) -> binder::Strong<dyn rkp::IRemotelyProvisionedComponent::IRemotelyProvisionedComponent> {
39*9860b763SAndroid Build Coastguard Worker         rkp::IRemotelyProvisionedComponent::BnRemotelyProvisionedComponent::new_binder(
40*9860b763SAndroid Build Coastguard Worker             Self::new(channel),
41*9860b763SAndroid Build Coastguard Worker             binder::BinderFeatures::default(),
42*9860b763SAndroid Build Coastguard Worker         )
43*9860b763SAndroid Build Coastguard Worker     }
44*9860b763SAndroid Build Coastguard Worker }
45*9860b763SAndroid Build Coastguard Worker 
46*9860b763SAndroid Build Coastguard Worker impl<T: SerializedChannel> ChannelHalService<T> for Device<T> {
channel(&self) -> MutexGuard<T>47*9860b763SAndroid Build Coastguard Worker     fn channel(&self) -> MutexGuard<T> {
48*9860b763SAndroid Build Coastguard Worker         self.channel.lock().unwrap()
49*9860b763SAndroid Build Coastguard Worker     }
50*9860b763SAndroid Build Coastguard Worker }
51*9860b763SAndroid Build Coastguard Worker 
52*9860b763SAndroid Build Coastguard Worker impl<T: SerializedChannel> binder::Interface for Device<T> {}
53*9860b763SAndroid Build Coastguard Worker 
54*9860b763SAndroid Build Coastguard Worker impl<T: SerializedChannel> rkp::IRemotelyProvisionedComponent::IRemotelyProvisionedComponent
55*9860b763SAndroid Build Coastguard Worker     for Device<T>
56*9860b763SAndroid Build Coastguard Worker {
getHardwareInfo(&self) -> binder::Result<rkp::RpcHardwareInfo::RpcHardwareInfo>57*9860b763SAndroid Build Coastguard Worker     fn getHardwareInfo(&self) -> binder::Result<rkp::RpcHardwareInfo::RpcHardwareInfo> {
58*9860b763SAndroid Build Coastguard Worker         let rsp: GetRpcHardwareInfoResponse = self.execute(GetRpcHardwareInfoRequest {})?;
59*9860b763SAndroid Build Coastguard Worker         Ok(rsp.ret.innto())
60*9860b763SAndroid Build Coastguard Worker     }
generateEcdsaP256KeyPair( &self, testMode: bool, macedPublicKey: &mut rkp::MacedPublicKey::MacedPublicKey, ) -> binder::Result<Vec<u8>>61*9860b763SAndroid Build Coastguard Worker     fn generateEcdsaP256KeyPair(
62*9860b763SAndroid Build Coastguard Worker         &self,
63*9860b763SAndroid Build Coastguard Worker         testMode: bool,
64*9860b763SAndroid Build Coastguard Worker         macedPublicKey: &mut rkp::MacedPublicKey::MacedPublicKey,
65*9860b763SAndroid Build Coastguard Worker     ) -> binder::Result<Vec<u8>> {
66*9860b763SAndroid Build Coastguard Worker         let rsp: GenerateEcdsaP256KeyPairResponse =
67*9860b763SAndroid Build Coastguard Worker             self.execute(GenerateEcdsaP256KeyPairRequest { test_mode: testMode })?;
68*9860b763SAndroid Build Coastguard Worker         *macedPublicKey = rsp.maced_public_key.innto();
69*9860b763SAndroid Build Coastguard Worker         Ok(rsp.ret)
70*9860b763SAndroid Build Coastguard Worker     }
generateCertificateRequest( &self, testMode: bool, keysToSign: &[rkp::MacedPublicKey::MacedPublicKey], endpointEncryptionCertChain: &[u8], challenge: &[u8], deviceInfo: &mut rkp::DeviceInfo::DeviceInfo, protectedData: &mut rkp::ProtectedData::ProtectedData, ) -> binder::Result<Vec<u8>>71*9860b763SAndroid Build Coastguard Worker     fn generateCertificateRequest(
72*9860b763SAndroid Build Coastguard Worker         &self,
73*9860b763SAndroid Build Coastguard Worker         testMode: bool,
74*9860b763SAndroid Build Coastguard Worker         keysToSign: &[rkp::MacedPublicKey::MacedPublicKey],
75*9860b763SAndroid Build Coastguard Worker         endpointEncryptionCertChain: &[u8],
76*9860b763SAndroid Build Coastguard Worker         challenge: &[u8],
77*9860b763SAndroid Build Coastguard Worker         deviceInfo: &mut rkp::DeviceInfo::DeviceInfo,
78*9860b763SAndroid Build Coastguard Worker         protectedData: &mut rkp::ProtectedData::ProtectedData,
79*9860b763SAndroid Build Coastguard Worker     ) -> binder::Result<Vec<u8>> {
80*9860b763SAndroid Build Coastguard Worker         let rsp: GenerateCertificateRequestResponse =
81*9860b763SAndroid Build Coastguard Worker             self.execute(GenerateCertificateRequestRequest {
82*9860b763SAndroid Build Coastguard Worker                 test_mode: testMode,
83*9860b763SAndroid Build Coastguard Worker                 keys_to_sign: keysToSign.iter().map(|k| k.innto()).collect(),
84*9860b763SAndroid Build Coastguard Worker                 endpoint_encryption_cert_chain: endpointEncryptionCertChain.to_vec(),
85*9860b763SAndroid Build Coastguard Worker                 challenge: challenge.to_vec(),
86*9860b763SAndroid Build Coastguard Worker             })?;
87*9860b763SAndroid Build Coastguard Worker         *deviceInfo = rsp.device_info.innto();
88*9860b763SAndroid Build Coastguard Worker         *protectedData = rsp.protected_data.innto();
89*9860b763SAndroid Build Coastguard Worker         Ok(rsp.ret)
90*9860b763SAndroid Build Coastguard Worker     }
generateCertificateRequestV2( &self, keysToSign: &[rkp::MacedPublicKey::MacedPublicKey], challenge: &[u8], ) -> binder::Result<Vec<u8>>91*9860b763SAndroid Build Coastguard Worker     fn generateCertificateRequestV2(
92*9860b763SAndroid Build Coastguard Worker         &self,
93*9860b763SAndroid Build Coastguard Worker         keysToSign: &[rkp::MacedPublicKey::MacedPublicKey],
94*9860b763SAndroid Build Coastguard Worker         challenge: &[u8],
95*9860b763SAndroid Build Coastguard Worker     ) -> binder::Result<Vec<u8>> {
96*9860b763SAndroid Build Coastguard Worker         let rsp: GenerateCertificateRequestV2Response =
97*9860b763SAndroid Build Coastguard Worker             self.execute(GenerateCertificateRequestV2Request {
98*9860b763SAndroid Build Coastguard Worker                 keys_to_sign: keysToSign.iter().map(|k| k.innto()).collect(),
99*9860b763SAndroid Build Coastguard Worker                 challenge: challenge.to_vec(),
100*9860b763SAndroid Build Coastguard Worker             })?;
101*9860b763SAndroid Build Coastguard Worker         Ok(rsp.ret)
102*9860b763SAndroid Build Coastguard Worker     }
103*9860b763SAndroid Build Coastguard Worker }
104