1 /*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 **     http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17 
18 #include <keymaster/contexts/keymaster2_passthrough_context.h>
19 
20 #include <keymaster/legacy_support/keymaster_passthrough_engine.h>
21 #include <keymaster/legacy_support/keymaster_passthrough_key.h>
22 
23 namespace keymaster {
24 
Keymaster2PassthroughContext(KmVersion version,keymaster2_device_t * dev)25 Keymaster2PassthroughContext::Keymaster2PassthroughContext(KmVersion version,
26                                                            keymaster2_device_t* dev)
27     : device_(dev), engine_(KeymasterPassthroughEngine::createInstance(dev)), version_(version) {}
28 
SetSystemVersion(uint32_t os_version,uint32_t os_patchlevel)29 keymaster_error_t Keymaster2PassthroughContext::SetSystemVersion(uint32_t os_version,
30                                                                  uint32_t os_patchlevel) {
31     os_version_ = os_version;
32     os_patchlevel_ = os_patchlevel;
33     return KM_ERROR_OK;
34 }
35 
GetSystemVersion(uint32_t * os_version,uint32_t * os_patchlevel) const36 void Keymaster2PassthroughContext::GetSystemVersion(uint32_t* os_version,
37                                                     uint32_t* os_patchlevel) const {
38     if (os_version) *os_version = os_version_;
39     if (os_patchlevel) *os_patchlevel = os_patchlevel_;
40 }
41 
GetKeyFactory(keymaster_algorithm_t algorithm) const42 KeyFactory* Keymaster2PassthroughContext::GetKeyFactory(keymaster_algorithm_t algorithm) const {
43     auto& result = factories_[algorithm];
44     if (!result) {
45         result.reset(new KeymasterPassthroughKeyFactory(engine_.get(), algorithm));
46     }
47     return result.get();
48 }
49 OperationFactory*
GetOperationFactory(keymaster_algorithm_t algorithm,keymaster_purpose_t purpose) const50 Keymaster2PassthroughContext::GetOperationFactory(keymaster_algorithm_t algorithm,
51                                                   keymaster_purpose_t purpose) const {
52     auto keyfactory = GetKeyFactory(algorithm);
53     return keyfactory->GetOperationFactory(purpose);
54 }
55 keymaster_algorithm_t*
GetSupportedAlgorithms(size_t * algorithms_count) const56 Keymaster2PassthroughContext::GetSupportedAlgorithms(size_t* algorithms_count) const {
57     if (algorithms_count) *algorithms_count = 0;
58     return nullptr;
59 }
60 
61 keymaster_error_t
UpgradeKeyBlob(const KeymasterKeyBlob & key_to_upgrade,const AuthorizationSet & upgrade_params,KeymasterKeyBlob * upgraded_key) const62 Keymaster2PassthroughContext::UpgradeKeyBlob(const KeymasterKeyBlob& key_to_upgrade,
63                                              const AuthorizationSet& upgrade_params,
64                                              KeymasterKeyBlob* upgraded_key) const {
65     if (!upgraded_key) return KM_ERROR_UNEXPECTED_NULL_POINTER;
66     *upgraded_key = {};
67     return device_->upgrade_key(device_, &key_to_upgrade, &upgrade_params, upgraded_key);
68 }
69 
70 keymaster_error_t
ParseKeyBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & additional_params,UniquePtr<Key> * key) const71 Keymaster2PassthroughContext::ParseKeyBlob(const KeymasterKeyBlob& blob,
72                                            const AuthorizationSet& additional_params,
73                                            UniquePtr<Key>* key) const {
74     keymaster_key_characteristics_t characteristics = {};
75     keymaster_blob_t clientId;
76     keymaster_blob_t applicationData;
77     keymaster_blob_t* clientIdPtr = &clientId;
78     keymaster_blob_t* applicationDataPtr = &applicationData;
79     if (!additional_params.GetTagValue(TAG_APPLICATION_ID, clientIdPtr)) {
80         clientIdPtr = nullptr;
81     }
82     if (!additional_params.GetTagValue(TAG_APPLICATION_DATA, applicationDataPtr)) {
83         applicationDataPtr = nullptr;
84     }
85 
86     auto rc = device_->get_key_characteristics(device_, &blob, clientIdPtr, applicationDataPtr,
87                                                &characteristics);
88 
89     if (rc != KM_ERROR_OK) return rc;
90 
91     AuthorizationSet hw_enforced;
92     AuthorizationSet sw_enforced;
93 
94     hw_enforced.Reinitialize(characteristics.hw_enforced);
95     sw_enforced.Reinitialize(characteristics.sw_enforced);
96 
97     keymaster_free_characteristics(&characteristics);
98 
99     // GetKeyFactory
100     keymaster_algorithm_t algorithm;
101     if (!hw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm) &&
102         !sw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm)) {
103         return KM_ERROR_INVALID_ARGUMENT;
104     }
105 
106     KeymasterKeyBlob key_material = blob;
107     auto factory = GetKeyFactory(algorithm);
108     return factory->LoadKey(move(key_material), additional_params, move(hw_enforced),
109                             move(sw_enforced), key);
110 }
111 
DeleteKey(const KeymasterKeyBlob & blob) const112 keymaster_error_t Keymaster2PassthroughContext::DeleteKey(const KeymasterKeyBlob& blob) const {
113     return device_->delete_key(device_, &blob);
114 }
115 
DeleteAllKeys() const116 keymaster_error_t Keymaster2PassthroughContext::DeleteAllKeys() const {
117     return device_->delete_all_keys(device_);
118 }
119 
AddRngEntropy(const uint8_t * buf,size_t length) const120 keymaster_error_t Keymaster2PassthroughContext::AddRngEntropy(const uint8_t* buf,
121                                                               size_t length) const {
122     return device_->add_rng_entropy(device_, buf, length);
123 }
124 
enforcement_policy()125 KeymasterEnforcement* Keymaster2PassthroughContext::enforcement_policy() {
126     return nullptr;
127 }
128 
GenerateAttestation(const Key & key,const AuthorizationSet & attest_params,UniquePtr<Key>,const KeymasterBlob &,keymaster_error_t * error) const129 CertificateChain Keymaster2PassthroughContext::GenerateAttestation(
130     const Key& key, const AuthorizationSet& attest_params, UniquePtr<Key> /* attest_key */,
131     const KeymasterBlob& /* issuer_subject */, keymaster_error_t* error) const {
132     keymaster_cert_chain_t cchain{};
133     auto rc = device_->attest_key(device_, &key.key_material(), &attest_params, &cchain);
134     if (rc != KM_ERROR_OK) {
135         *error = rc;
136         return {};
137     }
138 
139     CertificateChain retval = CertificateChain::clone(cchain);
140     keymaster_free_cert_chain(&cchain);
141     return retval;
142 }
143 
UnwrapKey(const KeymasterKeyBlob &,const KeymasterKeyBlob &,const AuthorizationSet &,const KeymasterKeyBlob &,AuthorizationSet *,keymaster_key_format_t *,KeymasterKeyBlob *) const144 keymaster_error_t Keymaster2PassthroughContext::UnwrapKey(
145     const KeymasterKeyBlob&, const KeymasterKeyBlob&, const AuthorizationSet&,
146     const KeymasterKeyBlob&, AuthorizationSet*, keymaster_key_format_t*, KeymasterKeyBlob*) const {
147     return KM_ERROR_UNIMPLEMENTED;
148 }
149 
150 }  // namespace keymaster
151