| /* |
| * Copyright 2019, The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #include "trusty_operation.h" |
| #include <secure_input/secure_input_proto.h> |
| #include <teeui/msg_formatting.h> |
| |
| #include <stdio.h> |
| |
| #include <openssl/hmac.h> |
| #include <openssl/sha.h> |
| |
| #include <trusty_log.h> |
| |
| #define TLOG_TAG "confirmationui" |
| |
| using teeui::AuthTokenKey; |
| using teeui::ByteBufferProxy; |
| using teeui::Hmac; |
| using teeui::optional; |
| using teeui::Protocol; |
| using teeui::read; |
| using teeui::ReadStream; |
| using teeui::ResponseCode; |
| using teeui::write; |
| using teeui::WriteStream; |
| |
| using teeui::Command; |
| using teeui::Message; |
| using teeui::TestModeCommands; |
| |
| using secure_input::InputResponse; |
| |
| optional<Hmac> TrustyOperation::hmac256( |
| const AuthTokenKey& key, |
| std::initializer_list<ByteBufferProxy> buffers) { |
| HMAC_CTX hmacCtx; |
| HMAC_CTX_init(&hmacCtx); |
| if (!HMAC_Init_ex(&hmacCtx, key.data(), key.size(), EVP_sha256(), |
| nullptr)) { |
| return {}; |
| } |
| for (auto& buffer : buffers) { |
| if (!HMAC_Update(&hmacCtx, buffer.data(), buffer.size())) { |
| return {}; |
| } |
| } |
| Hmac result; |
| if (!HMAC_Final(&hmacCtx, result.data(), nullptr)) { |
| return {}; |
| } |
| return result; |
| } |
| |
| int TrustyOperation::handleMsg(void* msg, |
| uint32_t msglen, |
| void* reponse, |
| uint32_t* responselen) { |
| ReadStream in(reinterpret_cast<uint8_t*>(msg), msglen); |
| WriteStream out(reinterpret_cast<uint8_t*>(reponse), *responselen); |
| |
| TLOGI("proto: %u cmd: %u\n", reinterpret_cast<uint32_t*>(msg)[0], |
| reinterpret_cast<uint32_t*>(msg)[1]); |
| |
| auto result = dispatchCommandMessage(in, out); |
| if (!result) { |
| /* |
| * We failed to serialize the response, |
| * Make an attempt to write an error code to the stream, indicating that |
| * serialization failed. |
| */ |
| TLOGE("response buffer to small\n"); |
| result = write(Message<ResponseCode>(), out, ResponseCode::SystemError); |
| } |
| *responselen = result.pos() - reinterpret_cast<uint8_t*>(reponse); |
| return 0; |
| } |
| |
| ResponseCode TrustyOperation::initHook() { |
| auto rc = gui_.start(getPrompt().data(), languageIdBuffer_, |
| invertedColorModeRequested_, maginifiedViewRequested_); |
| if (rc != ResponseCode::OK) { |
| TLOGE("GUI start returned: %d\n", rc); |
| } else { |
| input_tracker_.newSession(); |
| } |
| TLOGI("initHook: %u\n", rc); |
| return rc; |
| } |
| |
| void TrustyOperation::abortHook() { |
| input_tracker_.abort(); |
| gui_.stop(); |
| } |
| |
| void TrustyOperation::finalizeHook() { |
| gui_.stop(); |
| } |
| |
| ResponseCode TrustyOperation::testCommandHook(TestModeCommands testCmd) { |
| switch (testCmd) { |
| case TestModeCommands::OK_EVENT: |
| return input_tracker_.reportVerifiedInput( |
| InputTracker::InputEvent::UserConfirm); |
| case TestModeCommands::CANCEL_EVENT: |
| return input_tracker_.reportVerifiedInput( |
| InputTracker::InputEvent::UserCancel); |
| default: |
| /* we don't want to veto any unknown test commands. */ |
| return ResponseCode::OK; |
| } |
| } |
| |
| WriteStream TrustyOperation::extendedProtocolHook(Protocol proto, |
| ReadStream in, |
| WriteStream out) { |
| using namespace secure_input; |
| if (proto != kSecureInputProto) { |
| /* this write ResponseCodeU::Unimplemented to the output stream */ |
| return this->Operation::extendedProtocolHook(proto, in, out); |
| } |
| auto [in_cmd, cmd] = teeui::readCmd<SecureInputCommand>(in); |
| switch (cmd) { |
| case SecureInputCommand::InputHandshake: { |
| auto [rc, nonce] = input_tracker_.beginHandshake(); |
| if (rc != ResponseCode::OK) { |
| TLOGE("beginHandshake failed\n"); |
| abort(); |
| } else if ((rc = gui_.showInstructions(true /*enable*/)) != |
| ResponseCode::OK) { |
| TLOGE("showInstructions failed\n"); |
| abort(); |
| } |
| return write(InputHandshakeResponse(), out, rc, nonce); |
| } |
| case SecureInputCommand::FinalizeInputSession: { |
| auto [in_msg, nCi, signature] = |
| read(FinalizeInputSessionHandshake(), in_cmd); |
| auto rc = ResponseCode::Unexpected; |
| if (in_msg) { |
| rc = input_tracker_.finalizeHandshake(nCi, signature, *hmacKey()); |
| } else { |
| TLOGE("Message Parse Error\n"); |
| } |
| if (rc != ResponseCode::OK) |
| abort(); |
| return write(FinalizeInputSessionHandshakeResponse(), out, rc); |
| } |
| case SecureInputCommand::DeliverInputEvent: { |
| auto [in_msg, event, signature] = read(DeliverInputEvent(), in_cmd); |
| InputResponse ir; |
| auto rc = ResponseCode::Unexpected; |
| if (in_msg) { |
| std::tie(rc, ir) = input_tracker_.processInputEvent( |
| event, signature, *hmacKey()); |
| } |
| if (rc != ResponseCode::OK) |
| abort(); |
| else if (ir == InputResponse::OK) { |
| switch (input_tracker_.fetchInputEvent()) { |
| case ResponseCode::OK: |
| signConfirmation(*hmacKey()); |
| break; |
| case ResponseCode::Canceled: |
| userCancel(); |
| break; |
| default: |
| break; |
| } |
| } |
| return write(DeliverInputEventResponse(), out, rc, ir); |
| } |
| case SecureInputCommand::Invalid: |
| default: |
| return write(Message<ResponseCode>(), out, ResponseCode::Unimplemented); |
| } |
| } |
