1 /*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 **     http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17 
18 #pragma once
19 
20 #include <keymaster/android_keymaster_utils.h>
21 #include <keymaster/authorization_set.h>
22 #include <keymaster/key.h>
23 #include <keymaster/key_factory.h>
24 #include <keymaster/logger.h>
25 
26 #include "keymaster_passthrough_engine.h"
27 
28 namespace keymaster {
29 
30 // class SoftKeymasterContext;
31 
32 /**
33  * KeymasterPassthroughKeyFactory is a KeyFactory that creates and loads keys which are actually
34  * backed by a hardware keymaster2 module.
35  */
36 class KeymasterPassthroughKeyFactory : public KeyFactory {
37     using engine_t = KeymasterPassthroughEngine;
38 
39   public:
KeymasterPassthroughKeyFactory(const engine_t * engine,keymaster_algorithm_t algorithm)40     KeymasterPassthroughKeyFactory(const engine_t* engine, keymaster_algorithm_t algorithm)
41         : KeyFactory(), engine_(engine), algorithm_(algorithm) {}
42 
GenerateKey(const AuthorizationSet & key_description,UniquePtr<Key>,const KeymasterBlob &,KeymasterKeyBlob * key_blob,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced,CertificateChain *)43     keymaster_error_t GenerateKey(const AuthorizationSet& key_description,
44                                   UniquePtr<Key> /* attest_key */,
45                                   const KeymasterBlob& /* issuer_subject */,
46                                   KeymasterKeyBlob* key_blob, AuthorizationSet* hw_enforced,
47                                   AuthorizationSet* sw_enforced,
48                                   CertificateChain* /* cert_chain */) const override {
49         return engine_->GenerateKey(key_description, key_blob, hw_enforced, sw_enforced);
50     }
51 
ImportKey(const AuthorizationSet & key_description,keymaster_key_format_t input_key_material_format,const KeymasterKeyBlob & input_key_material,UniquePtr<Key>,const KeymasterBlob &,KeymasterKeyBlob * output_key_blob,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced,CertificateChain *)52     keymaster_error_t ImportKey(const AuthorizationSet& key_description,
53                                 keymaster_key_format_t input_key_material_format,
54                                 const KeymasterKeyBlob& input_key_material,
55                                 UniquePtr<Key> /* attest_key */,
56                                 const KeymasterBlob& /* issuer_subject */,
57                                 KeymasterKeyBlob* output_key_blob, AuthorizationSet* hw_enforced,
58                                 AuthorizationSet* sw_enforced,
59                                 CertificateChain* /* cert_chain */) const override {
60         return engine_->ImportKey(key_description, input_key_material_format, input_key_material,
61                                   output_key_blob, hw_enforced, sw_enforced);
62     }
63 
64     keymaster_error_t LoadKey(KeymasterKeyBlob&& key_material,
65                               const AuthorizationSet& additional_params,
66                               AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced,
67                               UniquePtr<Key>* key) const override;
68 
GetOperationFactory(keymaster_purpose_t purpose)69     OperationFactory* GetOperationFactory(keymaster_purpose_t purpose) const override {
70         return engine_->GetOperationFactory(purpose, algorithm_);
71     }
72 
73     const keymaster_key_format_t* SupportedImportFormats(size_t* format_count) const override;
74     const keymaster_key_format_t* SupportedExportFormats(size_t* format_count) const override;
75 
76   private:
77     const engine_t* engine_;
78     keymaster_algorithm_t algorithm_;
79 };
80 
81 class KeymasterPassthroughKey : public Key {
82   public:
KeymasterPassthroughKey(KeymasterKeyBlob && key_material,AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,const KeyFactory * key_factory,keymaster_error_t * error,const AuthorizationSet & additional_parameters,const KeymasterPassthroughEngine * engine)83     KeymasterPassthroughKey(KeymasterKeyBlob&& key_material, AuthorizationSet&& hw_enforced,
84                             AuthorizationSet&& sw_enforced, const KeyFactory* key_factory,
85                             keymaster_error_t* error, const AuthorizationSet& additional_parameters,
86                             const KeymasterPassthroughEngine* engine)
87         : Key(move(hw_enforced), move(sw_enforced), key_factory),
88           additional_parameters_(additional_parameters), engine_(engine) {
89         key_material_ = move(key_material);
90         if (*error != KM_ERROR_OK) return;
91         if (additional_parameters.is_valid() != additional_parameters_.is_valid() &&
92             additional_parameters_.is_valid() == AuthorizationSet::ALLOCATION_FAILURE) {
93             *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
94         }
95     }
96 
97     keymaster_error_t formatted_key_material(keymaster_key_format_t format,
98                                              UniquePtr<uint8_t[]>* material,
99                                              size_t* size) const override;
100 
101   protected:
102     AuthorizationSet additional_parameters_;
103     const KeymasterPassthroughEngine* engine_;
104 };
105 
106 }  // namespace keymaster
107