1 // 2 // Copyright (C) 2020 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 16 #pragma once 17 18 #include <map> 19 #include <vector> 20 21 #include <keymaster/key.h> 22 #include <keymaster/keymaster_context.h> 23 #include <keymaster/km_openssl/attestation_record.h> 24 25 #include "tpm_attestation_record.h" 26 27 namespace cuttlefish { 28 29 class TpmAttestationRecordContext; 30 class TpmResourceManager; 31 class TpmKeyBlobMaker; 32 class TpmRandomSource; 33 class TpmRemoteProvisioningContext; 34 35 /** 36 * Implementation of KeymasterContext that proxies to another implementation. 37 * 38 * Because AndroidKeymaster wraps a KeymasterContext and puts it into a unique 39 * pointer, it doesn't let the implementor manage the lifetime of the 40 * KeymasterContext implementation. This proxy breaks that relationship, and 41 * allows the lifetimes to be distinct as long as the KeymasterContext instance 42 * outlives the AndroidKeymaster instance. 43 */ 44 class ProxyKeymasterContext : public keymaster::KeymasterContext { 45 public: ProxyKeymasterContext(KeymasterContext & wrapped)46 ProxyKeymasterContext(KeymasterContext& wrapped) : wrapped_(wrapped) {} 47 ~ProxyKeymasterContext() = default; 48 GetKmVersion()49 keymaster::KmVersion GetKmVersion() const override { 50 return wrapped_.GetKmVersion(); 51 } 52 SetSystemVersion(uint32_t os_version,uint32_t os_patchlevel)53 keymaster_error_t SetSystemVersion(uint32_t os_version, 54 uint32_t os_patchlevel) override { 55 return wrapped_.SetSystemVersion(os_version, os_patchlevel); 56 } GetSystemVersion(uint32_t * os_version,uint32_t * os_patchlevel)57 void GetSystemVersion(uint32_t* os_version, 58 uint32_t* os_patchlevel) const override { 59 return wrapped_.GetSystemVersion(os_version, os_patchlevel); 60 } 61 GetKeyFactory(keymaster_algorithm_t algorithm)62 const keymaster::KeyFactory* GetKeyFactory( 63 keymaster_algorithm_t algorithm) const override { 64 return wrapped_.GetKeyFactory(algorithm); 65 } GetOperationFactory(keymaster_algorithm_t algorithm,keymaster_purpose_t purpose)66 const keymaster::OperationFactory* GetOperationFactory( 67 keymaster_algorithm_t algorithm, 68 keymaster_purpose_t purpose) const override { 69 return wrapped_.GetOperationFactory(algorithm, purpose); 70 } GetSupportedAlgorithms(size_t * algorithms_count)71 const keymaster_algorithm_t* GetSupportedAlgorithms( 72 size_t* algorithms_count) const override { 73 return wrapped_.GetSupportedAlgorithms(algorithms_count); 74 } 75 UpgradeKeyBlob(const keymaster::KeymasterKeyBlob & key_to_upgrade,const keymaster::AuthorizationSet & upgrade_params,keymaster::KeymasterKeyBlob * upgraded_key)76 keymaster_error_t UpgradeKeyBlob( 77 const keymaster::KeymasterKeyBlob& key_to_upgrade, 78 const keymaster::AuthorizationSet& upgrade_params, 79 keymaster::KeymasterKeyBlob* upgraded_key) const override { 80 return wrapped_.UpgradeKeyBlob(key_to_upgrade, upgrade_params, 81 upgraded_key); 82 } 83 ParseKeyBlob(const keymaster::KeymasterKeyBlob & blob,const keymaster::AuthorizationSet & additional_params,keymaster::UniquePtr<keymaster::Key> * key)84 keymaster_error_t ParseKeyBlob( 85 const keymaster::KeymasterKeyBlob& blob, 86 const keymaster::AuthorizationSet& additional_params, 87 keymaster::UniquePtr<keymaster::Key>* key) const override { 88 return wrapped_.ParseKeyBlob(blob, additional_params, key); 89 } 90 AddRngEntropy(const uint8_t * buf,size_t length)91 keymaster_error_t AddRngEntropy(const uint8_t* buf, 92 size_t length) const override { 93 return wrapped_.AddRngEntropy(buf, length); 94 } 95 enforcement_policy()96 keymaster::KeymasterEnforcement* enforcement_policy() override { 97 return wrapped_.enforcement_policy(); 98 } 99 attestation_context()100 keymaster::AttestationContext* attestation_context() override { 101 return wrapped_.attestation_context(); 102 } 103 GenerateAttestation(const keymaster::Key & key,const keymaster::AuthorizationSet & attest_params,keymaster::UniquePtr<keymaster::Key> attest_key,const keymaster::KeymasterBlob & issuer_subject,keymaster_error_t * error)104 keymaster::CertificateChain GenerateAttestation( 105 const keymaster::Key& key, 106 const keymaster::AuthorizationSet& attest_params, 107 keymaster::UniquePtr<keymaster::Key> attest_key, 108 const keymaster::KeymasterBlob& issuer_subject, 109 keymaster_error_t* error) const override { 110 return wrapped_.GenerateAttestation( 111 key, attest_params, std::move(attest_key), issuer_subject, error); 112 } 113 GenerateSelfSignedCertificate(const keymaster::Key & key,const keymaster::AuthorizationSet & cert_params,bool fake_signature,keymaster_error_t * error)114 keymaster::CertificateChain GenerateSelfSignedCertificate( 115 const keymaster::Key& key, const keymaster::AuthorizationSet& cert_params, 116 bool fake_signature, keymaster_error_t* error) const override { 117 return wrapped_.GenerateSelfSignedCertificate(key, cert_params, 118 fake_signature, error); 119 } 120 UnwrapKey(const keymaster::KeymasterKeyBlob & wrapped_key_blob,const keymaster::KeymasterKeyBlob & wrapping_key_blob,const keymaster::AuthorizationSet & wrapping_key_params,const keymaster::KeymasterKeyBlob & masking_key,keymaster::AuthorizationSet * wrapped_key_params,keymaster_key_format_t * wrapped_key_format,keymaster::KeymasterKeyBlob * wrapped_key_material)121 keymaster_error_t UnwrapKey( 122 const keymaster::KeymasterKeyBlob& wrapped_key_blob, 123 const keymaster::KeymasterKeyBlob& wrapping_key_blob, 124 const keymaster::AuthorizationSet& wrapping_key_params, 125 const keymaster::KeymasterKeyBlob& masking_key, 126 keymaster::AuthorizationSet* wrapped_key_params, 127 keymaster_key_format_t* wrapped_key_format, 128 keymaster::KeymasterKeyBlob* wrapped_key_material) const override { 129 return wrapped_.UnwrapKey( 130 wrapped_key_blob, wrapping_key_blob, wrapping_key_params, masking_key, 131 wrapped_key_params, wrapped_key_format, wrapped_key_material); 132 } 133 GetRemoteProvisioningContext()134 keymaster::RemoteProvisioningContext* GetRemoteProvisioningContext() 135 const override { 136 return wrapped_.GetRemoteProvisioningContext(); 137 } 138 SetVendorPatchlevel(uint32_t vendor_patchlevel)139 keymaster_error_t SetVendorPatchlevel(uint32_t vendor_patchlevel) override { 140 return wrapped_.SetVendorPatchlevel(vendor_patchlevel); 141 } SetBootPatchlevel(uint32_t boot_patchlevel)142 keymaster_error_t SetBootPatchlevel(uint32_t boot_patchlevel) override { 143 return wrapped_.SetBootPatchlevel(boot_patchlevel); 144 } SetVerifiedBootInfo(std::string_view verified_boot_state,std::string_view bootloader_state,const std::vector<uint8_t> & vbmeta_digest)145 keymaster_error_t SetVerifiedBootInfo( 146 std::string_view verified_boot_state, std::string_view bootloader_state, 147 const std::vector<uint8_t>& vbmeta_digest) { 148 return wrapped_.SetVerifiedBootInfo(verified_boot_state, bootloader_state, 149 vbmeta_digest); 150 } GetVendorPatchlevel()151 std::optional<uint32_t> GetVendorPatchlevel() const override { 152 return wrapped_.GetVendorPatchlevel(); 153 } GetBootPatchlevel()154 std::optional<uint32_t> GetBootPatchlevel() const override { 155 return wrapped_.GetBootPatchlevel(); 156 } 157 158 private: 159 KeymasterContext& wrapped_; 160 }; 161 162 } // namespace cuttlefish 163