1 /*
2 * Copyright 2020, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #pragma once
18
19 #include <aidl/android/hardware/security/keymint/Certificate.h>
20 #include <aidl/android/hardware/security/keymint/HardwareAuthToken.h>
21 #include <aidl/android/hardware/security/keymint/HardwareAuthenticatorType.h>
22 #include <aidl/android/hardware/security/keymint/KeyFormat.h>
23 #include <aidl/android/hardware/security/keymint/KeyParameter.h>
24 #include <aidl/android/hardware/security/keymint/KeyPurpose.h>
25 #include <aidl/android/hardware/security/keymint/SecurityLevel.h>
26 #include <aidl/android/hardware/security/keymint/Tag.h>
27
28 #include <keymaster/keymaster_enforcement.h>
29
30 namespace aidl::android::hardware::security::keymint::km_utils {
31
32 using ::ndk::ScopedAStatus;
33 using std::vector;
34
legacy_enum_conversion(const Tag value)35 inline keymaster_tag_t legacy_enum_conversion(const Tag value) {
36 return static_cast<keymaster_tag_t>(value);
37 }
38
legacy_enum_conversion(const keymaster_tag_t value)39 inline Tag legacy_enum_conversion(const keymaster_tag_t value) {
40 return static_cast<Tag>(value);
41 }
42
legacy_enum_conversion(const KeyPurpose value)43 inline keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) {
44 return static_cast<keymaster_purpose_t>(value);
45 }
46
legacy_enum_conversion(const KeyFormat value)47 inline keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) {
48 return static_cast<keymaster_key_format_t>(value);
49 }
50
legacy_enum_conversion(const keymaster_security_level_t value)51 inline SecurityLevel legacy_enum_conversion(const keymaster_security_level_t value) {
52 return static_cast<SecurityLevel>(value);
53 }
54
legacy_enum_conversion(const HardwareAuthenticatorType value)55 inline hw_authenticator_type_t legacy_enum_conversion(const HardwareAuthenticatorType value) {
56 return static_cast<hw_authenticator_type_t>(value);
57 }
58
kmError2ScopedAStatus(const keymaster_error_t value)59 inline ScopedAStatus kmError2ScopedAStatus(const keymaster_error_t value) {
60 return (value == KM_ERROR_OK
61 ? ScopedAStatus::ok()
62 : ScopedAStatus(AStatus_fromServiceSpecificError(static_cast<int32_t>(value))));
63 }
64
typeFromTag(const keymaster_tag_t tag)65 inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
66 return keymaster_tag_get_type(tag);
67 }
68
69 KeyParameter kmParam2Aidl(const keymaster_key_param_t& param);
70 vector<KeyParameter> kmParamSet2Aidl(const keymaster_key_param_set_t& set);
71 keymaster_key_param_set_t aidlKeyParams2Km(const vector<KeyParameter>& keyParams);
72
73 class KmParamSet : public keymaster_key_param_set_t {
74 public:
KmParamSet(const vector<KeyParameter> & keyParams)75 explicit KmParamSet(const vector<KeyParameter>& keyParams)
76 : keymaster_key_param_set_t(aidlKeyParams2Km(keyParams)) {}
77
KmParamSet(KmParamSet && other)78 KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} {
79 other.length = 0;
80 other.params = nullptr;
81 }
82
83 KmParamSet(const KmParamSet&) = delete;
~KmParamSet()84 ~KmParamSet() { keymaster_free_param_set(this); }
85 };
86
kmBlob2vector(const keymaster_key_blob_t & blob)87 inline vector<uint8_t> kmBlob2vector(const keymaster_key_blob_t& blob) {
88 vector<uint8_t> result(blob.key_material, blob.key_material + blob.key_material_size);
89 return result;
90 }
91
kmBlob2vector(const keymaster_blob_t & blob)92 inline vector<uint8_t> kmBlob2vector(const keymaster_blob_t& blob) {
93 vector<uint8_t> result(blob.data, blob.data + blob.data_length);
94 return result;
95 }
96
kmBuffer2vector(const::keymaster::Buffer & buf)97 inline vector<uint8_t> kmBuffer2vector(const ::keymaster::Buffer& buf) {
98 vector<uint8_t> result(buf.peek_read(), buf.peek_read() + buf.available_read());
99 return result;
100 }
101
kmCertChain2Aidl(const keymaster_cert_chain_t & cert_chain)102 inline vector<Certificate> kmCertChain2Aidl(const keymaster_cert_chain_t& cert_chain) {
103 vector<Certificate> result;
104 if (!cert_chain.entry_count || !cert_chain.entries) return result;
105
106 result.resize(cert_chain.entry_count);
107 for (size_t i = 0; i < cert_chain.entry_count; ++i) {
108 result[i].encodedCertificate = kmBlob2vector(cert_chain.entries[i]);
109 }
110
111 return result;
112 }
113
114 template <typename T, typename OutIter>
copy_bytes_to_iterator(const T & value,OutIter dest)115 inline OutIter copy_bytes_to_iterator(const T& value, OutIter dest) {
116 const uint8_t* value_ptr = reinterpret_cast<const uint8_t*>(&value);
117 return std::copy(value_ptr, value_ptr + sizeof(value), dest);
118 }
119
120 vector<uint8_t> authToken2AidlVec(const std::optional<HardwareAuthToken>& token);
121
addClientAndAppData(const vector<uint8_t> & clientId,const vector<uint8_t> & appData,::keymaster::AuthorizationSet * params)122 inline void addClientAndAppData(const vector<uint8_t>& clientId, const vector<uint8_t>& appData,
123 ::keymaster::AuthorizationSet* params) {
124 params->Clear();
125 if (clientId.size()) {
126 params->push_back(::keymaster::TAG_APPLICATION_ID, clientId.data(), clientId.size());
127 }
128 if (appData.size()) {
129 params->push_back(::keymaster::TAG_APPLICATION_DATA, appData.data(), appData.size());
130 }
131 }
132
133 } // namespace aidl::android::hardware::security::keymint::km_utils
134