1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <utility> 20 21 #include <keymaster/km_openssl/aes_key.h> 22 #include <trusty_ipc.h> 23 24 namespace keymaster { 25 26 class TrustyAesKeyFactory : public AesKeyFactory { 27 public: TrustyAesKeyFactory(const SoftwareKeyBlobMaker & blob_maker,const RandomSource & random_source)28 explicit TrustyAesKeyFactory(const SoftwareKeyBlobMaker& blob_maker, 29 const RandomSource& random_source) 30 : AesKeyFactory(blob_maker, random_source), 31 hwwsk_chan_(INVALID_IPC_HANDLE) {} 32 ~TrustyAesKeyFactory()33 ~TrustyAesKeyFactory() { reset_hwwsk_chan(); } 34 35 keymaster_error_t GenerateKey(const AuthorizationSet& key_description, 36 UniquePtr<Key> attestation_signing_key, 37 const KeymasterBlob& issuer_subject, 38 KeymasterKeyBlob* key_blob, 39 AuthorizationSet* hw_enforced, 40 AuthorizationSet* sw_enforced, 41 CertificateChain* cert_chain) const override; 42 43 keymaster_error_t ImportKey( 44 const AuthorizationSet& key_description, 45 keymaster_key_format_t input_key_material_format, 46 const KeymasterKeyBlob& input_key_material, 47 UniquePtr<Key> attestation_signing_key, 48 const KeymasterBlob& issuer_subject, 49 KeymasterKeyBlob* output_key_blob, 50 AuthorizationSet* hw_enforced, 51 AuthorizationSet* sw_enforced, 52 CertificateChain* cert_chain) const override; 53 54 keymaster_error_t LoadKey(KeymasterKeyBlob&& key_material, 55 const AuthorizationSet& additional_params, 56 AuthorizationSet&& hw_enforced, 57 AuthorizationSet&& sw_enforced, 58 UniquePtr<Key>* key) const override; 59 60 handle_t get_hwwsk_chan(void) const; 61 void reset_hwwsk_chan(void) const; 62 63 private: 64 keymaster_error_t CreateHwStorageKeyBlob( 65 const AuthorizationSet& key_description, 66 const KeymasterKeyBlob& input_key_material, 67 KeymasterKeyBlob* output_key_blob, 68 AuthorizationSet* hw_enforced, 69 AuthorizationSet* sw_enforced) const; 70 71 mutable handle_t hwwsk_chan_; 72 }; 73 74 class HwStorageKey : public AesKey { 75 public: HwStorageKey(KeymasterKeyBlob && key_material,AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,const KeyFactory * key_factory)76 HwStorageKey(KeymasterKeyBlob&& key_material, 77 AuthorizationSet&& hw_enforced, 78 AuthorizationSet&& sw_enforced, 79 const KeyFactory* key_factory) 80 : AesKey(std::move(key_material), 81 std::move(hw_enforced), 82 std::move(sw_enforced), 83 key_factory) {} 84 85 keymaster_error_t formatted_key_material(keymaster_key_format_t, 86 UniquePtr<uint8_t[]>*, 87 size_t*) const override; 88 }; 89 90 } // namespace keymaster 91