1 //
2 // Copyright (C) 2020 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 //      http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15 
16 #pragma once
17 
18 #include <map>
19 #include <vector>
20 
21 #include <keymaster/key.h>
22 #include <keymaster/keymaster_context.h>
23 #include <keymaster/km_openssl/attestation_record.h>
24 
25 #include "tpm_attestation_record.h"
26 
27 namespace cuttlefish {
28 
29 class TpmAttestationRecordContext;
30 class TpmResourceManager;
31 class TpmKeyBlobMaker;
32 class TpmRandomSource;
33 class TpmRemoteProvisioningContext;
34 
35 /**
36  * Implementation of KeymasterContext that proxies to another implementation.
37  *
38  * Because AndroidKeymaster wraps a KeymasterContext and puts it into a unique
39  * pointer, it doesn't let the implementer manage the lifetime of the
40  * KeymasterContext implementation. This proxy breaks that relationship, and
41  * allows the lifetimes to be distinct as long as the KeymasterContext instance
42  * outlives the AndroidKeymaster instance.
43  */
44 class ProxyKeymasterContext : public keymaster::KeymasterContext {
45  public:
ProxyKeymasterContext(KeymasterContext & wrapped)46   ProxyKeymasterContext(KeymasterContext& wrapped) : wrapped_(wrapped) {}
47   ~ProxyKeymasterContext() = default;
48 
GetKmVersion()49   keymaster::KmVersion GetKmVersion() const override {
50     return wrapped_.GetKmVersion();
51   }
52 
SetSystemVersion(uint32_t os_version,uint32_t os_patchlevel)53   keymaster_error_t SetSystemVersion(uint32_t os_version,
54                                      uint32_t os_patchlevel) override {
55     return wrapped_.SetSystemVersion(os_version, os_patchlevel);
56   }
GetSystemVersion(uint32_t * os_version,uint32_t * os_patchlevel)57   void GetSystemVersion(uint32_t* os_version,
58                         uint32_t* os_patchlevel) const override {
59     return wrapped_.GetSystemVersion(os_version, os_patchlevel);
60   }
61 
GetKeyFactory(keymaster_algorithm_t algorithm)62   const keymaster::KeyFactory* GetKeyFactory(
63       keymaster_algorithm_t algorithm) const override {
64     return wrapped_.GetKeyFactory(algorithm);
65   }
GetOperationFactory(keymaster_algorithm_t algorithm,keymaster_purpose_t purpose)66   const keymaster::OperationFactory* GetOperationFactory(
67       keymaster_algorithm_t algorithm,
68       keymaster_purpose_t purpose) const override {
69     return wrapped_.GetOperationFactory(algorithm, purpose);
70   }
GetSupportedAlgorithms(size_t * algorithms_count)71   const keymaster_algorithm_t* GetSupportedAlgorithms(
72       size_t* algorithms_count) const override {
73     return wrapped_.GetSupportedAlgorithms(algorithms_count);
74   }
75 
UpgradeKeyBlob(const keymaster::KeymasterKeyBlob & key_to_upgrade,const keymaster::AuthorizationSet & upgrade_params,keymaster::KeymasterKeyBlob * upgraded_key)76   keymaster_error_t UpgradeKeyBlob(
77       const keymaster::KeymasterKeyBlob& key_to_upgrade,
78       const keymaster::AuthorizationSet& upgrade_params,
79       keymaster::KeymasterKeyBlob* upgraded_key) const override {
80     return wrapped_.UpgradeKeyBlob(key_to_upgrade, upgrade_params,
81                                    upgraded_key);
82   }
83 
ParseKeyBlob(const keymaster::KeymasterKeyBlob & blob,const keymaster::AuthorizationSet & additional_params,keymaster::UniquePtr<keymaster::Key> * key)84   keymaster_error_t ParseKeyBlob(
85       const keymaster::KeymasterKeyBlob& blob,
86       const keymaster::AuthorizationSet& additional_params,
87       keymaster::UniquePtr<keymaster::Key>* key) const override {
88     return wrapped_.ParseKeyBlob(blob, additional_params, key);
89   }
90 
AddRngEntropy(const uint8_t * buf,size_t length)91   keymaster_error_t AddRngEntropy(const uint8_t* buf,
92                                   size_t length) const override {
93     return wrapped_.AddRngEntropy(buf, length);
94   }
95 
enforcement_policy()96   keymaster::KeymasterEnforcement* enforcement_policy() override {
97     return wrapped_.enforcement_policy();
98   }
99 
attestation_context()100   keymaster::AttestationContext* attestation_context() override {
101     return wrapped_.attestation_context();
102   }
103 
GenerateAttestation(const keymaster::Key & key,const keymaster::AuthorizationSet & attest_params,keymaster::UniquePtr<keymaster::Key> attest_key,const keymaster::KeymasterBlob & issuer_subject,keymaster_error_t * error)104   keymaster::CertificateChain GenerateAttestation(
105       const keymaster::Key& key,
106       const keymaster::AuthorizationSet& attest_params,
107       keymaster::UniquePtr<keymaster::Key> attest_key,
108       const keymaster::KeymasterBlob& issuer_subject,
109       keymaster_error_t* error) const override {
110     return wrapped_.GenerateAttestation(
111         key, attest_params, std::move(attest_key), issuer_subject, error);
112   }
113 
GenerateSelfSignedCertificate(const keymaster::Key & key,const keymaster::AuthorizationSet & cert_params,bool fake_signature,keymaster_error_t * error)114   keymaster::CertificateChain GenerateSelfSignedCertificate(
115       const keymaster::Key& key, const keymaster::AuthorizationSet& cert_params,
116       bool fake_signature, keymaster_error_t* error) const override {
117     return wrapped_.GenerateSelfSignedCertificate(key, cert_params,
118                                                   fake_signature, error);
119   }
120 
UnwrapKey(const keymaster::KeymasterKeyBlob & wrapped_key_blob,const keymaster::KeymasterKeyBlob & wrapping_key_blob,const keymaster::AuthorizationSet & wrapping_key_params,const keymaster::KeymasterKeyBlob & masking_key,keymaster::AuthorizationSet * wrapped_key_params,keymaster_key_format_t * wrapped_key_format,keymaster::KeymasterKeyBlob * wrapped_key_material)121   keymaster_error_t UnwrapKey(
122       const keymaster::KeymasterKeyBlob& wrapped_key_blob,
123       const keymaster::KeymasterKeyBlob& wrapping_key_blob,
124       const keymaster::AuthorizationSet& wrapping_key_params,
125       const keymaster::KeymasterKeyBlob& masking_key,
126       keymaster::AuthorizationSet* wrapped_key_params,
127       keymaster_key_format_t* wrapped_key_format,
128       keymaster::KeymasterKeyBlob* wrapped_key_material) const override {
129     return wrapped_.UnwrapKey(
130         wrapped_key_blob, wrapping_key_blob, wrapping_key_params, masking_key,
131         wrapped_key_params, wrapped_key_format, wrapped_key_material);
132   }
133 
CheckConfirmationToken(const std::uint8_t * input_data,size_t input_data_size,const uint8_t confirmation_token[keymaster::kConfirmationTokenSize])134   keymaster_error_t CheckConfirmationToken(
135       const std::uint8_t* input_data, size_t input_data_size,
136       const uint8_t confirmation_token[keymaster::kConfirmationTokenSize])
137       const {
138     return wrapped_.CheckConfirmationToken(input_data, input_data_size,
139                                            confirmation_token);
140   }
141 
GetRemoteProvisioningContext()142   keymaster::RemoteProvisioningContext* GetRemoteProvisioningContext()
143       const override {
144     return wrapped_.GetRemoteProvisioningContext();
145   }
146 
SetVendorPatchlevel(uint32_t vendor_patchlevel)147   keymaster_error_t SetVendorPatchlevel(uint32_t vendor_patchlevel) override {
148     return wrapped_.SetVendorPatchlevel(vendor_patchlevel);
149   }
SetBootPatchlevel(uint32_t boot_patchlevel)150   keymaster_error_t SetBootPatchlevel(uint32_t boot_patchlevel) override {
151     return wrapped_.SetBootPatchlevel(boot_patchlevel);
152   }
SetVerifiedBootInfo(std::string_view verified_boot_state,std::string_view bootloader_state,const std::vector<uint8_t> & vbmeta_digest)153   keymaster_error_t SetVerifiedBootInfo(
154       std::string_view verified_boot_state, std::string_view bootloader_state,
155       const std::vector<uint8_t>& vbmeta_digest) {
156     return wrapped_.SetVerifiedBootInfo(verified_boot_state, bootloader_state,
157                                         vbmeta_digest);
158   }
GetVendorPatchlevel()159   std::optional<uint32_t> GetVendorPatchlevel() const override {
160     return wrapped_.GetVendorPatchlevel();
161   }
GetBootPatchlevel()162   std::optional<uint32_t> GetBootPatchlevel() const override {
163     return wrapped_.GetBootPatchlevel();
164   }
165 
SetAttestationIds(const keymaster::SetAttestationIdsRequest & request)166   keymaster_error_t SetAttestationIds(
167       const keymaster::SetAttestationIdsRequest& request) override {
168     return wrapped_.SetAttestationIds(request);
169   }
170 
SetAttestationIdsKM3(const keymaster::SetAttestationIdsKM3Request & request)171   keymaster_error_t SetAttestationIdsKM3(
172       const keymaster::SetAttestationIdsKM3Request& request) override {
173     return wrapped_.SetAttestationIdsKM3(request);
174   }
175 
176  private:
177   KeymasterContext& wrapped_;
178 };
179 
180 }  // namespace cuttlefish
181