• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef SYSTEM_KEYMASTER_PURE_SOFT_KEYMASTER_CONTEXT_H_
18 #define SYSTEM_KEYMASTER_PURE_SOFT_KEYMASTER_CONTEXT_H_
19 
20 
21 #include <memory>
22 #include <string>
23 
24 #include <keymaster/keymaster_context.h>
25 #include <keymaster/attestation_record.h>
26 #include <keymaster/km_openssl/software_random_source.h>
27 #include <keymaster/km_openssl/soft_keymaster_enforcement.h>
28 #include <keymaster/soft_key_factory.h>
29 #include <keymaster/random_source.h>
30 
31 namespace keymaster {
32 
33 class SoftKeymasterKeyRegistrations;
34 class Keymaster0Engine;
35 class Keymaster1Engine;
36 class Key;
37 
38 /**
39  * SoftKeymasterContext provides the context for a non-secure implementation of AndroidKeymaster.
40  */
41 class PureSoftKeymasterContext: public KeymasterContext,
42         protected SoftwareKeyBlobMaker,
43         AttestationRecordContext,
44         SoftwareRandomSource {
45   public:
46     explicit PureSoftKeymasterContext();
47     ~PureSoftKeymasterContext() override;
48 
49     /*********************************************************************************************
50      * Implement KeymasterContext
51      */
52     keymaster_error_t SetSystemVersion(uint32_t os_version, uint32_t os_patchlevel) override;
53     void GetSystemVersion(uint32_t* os_version, uint32_t* os_patchlevel) const override;
54 
55     KeyFactory* GetKeyFactory(keymaster_algorithm_t algorithm) const override;
56     OperationFactory* GetOperationFactory(keymaster_algorithm_t algorithm,
57                                           keymaster_purpose_t purpose) const override;
58     keymaster_algorithm_t* GetSupportedAlgorithms(size_t* algorithms_count) const override;
59     keymaster_error_t UpgradeKeyBlob(const KeymasterKeyBlob& key_to_upgrade,
60                                      const AuthorizationSet& upgrade_params,
61                                      KeymasterKeyBlob* upgraded_key) const override;
62     keymaster_error_t ParseKeyBlob(const KeymasterKeyBlob& blob,
63                                    const AuthorizationSet& additional_params,
64                                    UniquePtr<Key>* key) const override;
65     keymaster_error_t DeleteKey(const KeymasterKeyBlob& blob) const override;
66     keymaster_error_t DeleteAllKeys() const override;
67     keymaster_error_t AddRngEntropy(const uint8_t* buf, size_t length) const override;
68 
69     keymaster_error_t GenerateAttestation(const Key& key,
70                                           const AuthorizationSet& attest_params,
71                                           CertChainPtr* cert_chain) const override;
72 
73 
enforcement_policy()74     KeymasterEnforcement* enforcement_policy() override {
75         // SoftKeymaster does no enforcement; it's all done by Keystore.
76         return &soft_keymaster_enforcement_;
77     }
78 
79     /*********************************************************************************************
80      * Implement SoftwareKeyBlobMaker
81      */
82     keymaster_error_t CreateKeyBlob(const AuthorizationSet& auths, keymaster_key_origin_t origin,
83                                     const KeymasterKeyBlob& key_material, KeymasterKeyBlob* blob,
84                                     AuthorizationSet* hw_enforced,
85                                     AuthorizationSet* sw_enforced) const override;
86 
87     keymaster_error_t
88     UnwrapKey(const KeymasterKeyBlob& wrapped_key_blob, const KeymasterKeyBlob& wrapping_key_blob,
89               const AuthorizationSet& wrapping_key_params, const KeymasterKeyBlob& masking_key,
90               AuthorizationSet* wrapped_key_params, keymaster_key_format_t* wrapped_key_format,
91               KeymasterKeyBlob* wrapped_key_material) const override;
92 
93   protected:
94     std::unique_ptr<KeyFactory> rsa_factory_;
95     std::unique_ptr<KeyFactory> ec_factory_;
96     std::unique_ptr<KeyFactory> aes_factory_;
97     std::unique_ptr<KeyFactory> tdes_factory_;
98     std::unique_ptr<KeyFactory> hmac_factory_;
99     uint32_t os_version_;
100     uint32_t os_patchlevel_;
101     SoftKeymasterEnforcement soft_keymaster_enforcement_;
102 };
103 
104 }  // namespace keymaster
105 
106 #endif  // SYSTEM_KEYMASTER_PURE_SOFT_KEYMASTER_CONTEXT_H_
107