• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 **     http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17 
18 #pragma once
19 
20 #include <utility>
21 
22 #include <keymaster/android_keymaster_utils.h>
23 #include <keymaster/authorization_set.h>
24 #include <keymaster/key.h>
25 #include <keymaster/key_factory.h>
26 #include <keymaster/logger.h>
27 
28 #include "keymaster_passthrough_engine.h"
29 
30 namespace keymaster {
31 
32 // class SoftKeymasterContext;
33 
34 /**
35  * KeymasterPassthroughKeyFactory is a KeyFactory that creates and loads keys which are actually
36  * backed by a hardware keymaster2 module.
37  */
38 class KeymasterPassthroughKeyFactory : public KeyFactory {
39     using engine_t = KeymasterPassthroughEngine;
40 
41   public:
KeymasterPassthroughKeyFactory(const engine_t * engine,keymaster_algorithm_t algorithm)42     KeymasterPassthroughKeyFactory(const engine_t* engine, keymaster_algorithm_t algorithm)
43         : KeyFactory(), engine_(engine), algorithm_(algorithm) {}
44 
GenerateKey(const AuthorizationSet & key_description,UniquePtr<Key>,const KeymasterBlob &,KeymasterKeyBlob * key_blob,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced,CertificateChain *)45     keymaster_error_t GenerateKey(const AuthorizationSet& key_description,
46                                   UniquePtr<Key> /* attest_key */,
47                                   const KeymasterBlob& /* issuer_subject */,
48                                   KeymasterKeyBlob* key_blob, AuthorizationSet* hw_enforced,
49                                   AuthorizationSet* sw_enforced,
50                                   CertificateChain* /* cert_chain */) const override {
51         return engine_->GenerateKey(key_description, key_blob, hw_enforced, sw_enforced);
52     }
53 
ImportKey(const AuthorizationSet & key_description,keymaster_key_format_t input_key_material_format,const KeymasterKeyBlob & input_key_material,UniquePtr<Key>,const KeymasterBlob &,KeymasterKeyBlob * output_key_blob,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced,CertificateChain *)54     keymaster_error_t ImportKey(const AuthorizationSet& key_description,
55                                 keymaster_key_format_t input_key_material_format,
56                                 const KeymasterKeyBlob& input_key_material,
57                                 UniquePtr<Key> /* attest_key */,
58                                 const KeymasterBlob& /* issuer_subject */,
59                                 KeymasterKeyBlob* output_key_blob, AuthorizationSet* hw_enforced,
60                                 AuthorizationSet* sw_enforced,
61                                 CertificateChain* /* cert_chain */) const override {
62         return engine_->ImportKey(key_description, input_key_material_format, input_key_material,
63                                   output_key_blob, hw_enforced, sw_enforced);
64     }
65 
66     keymaster_error_t LoadKey(KeymasterKeyBlob&& key_material,
67                               const AuthorizationSet& additional_params,
68                               AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced,
69                               UniquePtr<Key>* key) const override;
70 
GetOperationFactory(keymaster_purpose_t purpose)71     OperationFactory* GetOperationFactory(keymaster_purpose_t purpose) const override {
72         return engine_->GetOperationFactory(purpose, algorithm_);
73     }
74 
75     const keymaster_key_format_t* SupportedImportFormats(size_t* format_count) const override;
76     const keymaster_key_format_t* SupportedExportFormats(size_t* format_count) const override;
77 
78   private:
79     const engine_t* engine_;
80     keymaster_algorithm_t algorithm_;
81 };
82 
83 class KeymasterPassthroughKey : public Key {
84   public:
KeymasterPassthroughKey(KeymasterKeyBlob && key_material,AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,const KeyFactory * key_factory,keymaster_error_t * error,const AuthorizationSet & additional_parameters,const KeymasterPassthroughEngine * engine)85     KeymasterPassthroughKey(KeymasterKeyBlob&& key_material, AuthorizationSet&& hw_enforced,
86                             AuthorizationSet&& sw_enforced, const KeyFactory* key_factory,
87                             keymaster_error_t* error, const AuthorizationSet& additional_parameters,
88                             const KeymasterPassthroughEngine* engine)
89         : Key(std::move(hw_enforced), std::move(sw_enforced), key_factory),
90           additional_parameters_(additional_parameters), engine_(engine) {
91         key_material_ = std::move(key_material);
92         if (*error != KM_ERROR_OK) return;
93         if (additional_parameters.is_valid() != additional_parameters_.is_valid() &&
94             additional_parameters_.is_valid() == AuthorizationSet::ALLOCATION_FAILURE) {
95             *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
96         }
97     }
98 
99     keymaster_error_t formatted_key_material(keymaster_key_format_t format,
100                                              UniquePtr<uint8_t[]>* material,
101                                              size_t* size) const override;
102 
103   protected:
104     AuthorizationSet additional_parameters_;
105     const KeymasterPassthroughEngine* engine_;
106 };
107 
108 }  // namespace keymaster
109