1 /*
2  * Copyright 2014 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <utility>
20 
21 #include <keymaster/km_openssl/aes_key.h>
22 #include <trusty_ipc.h>
23 
24 namespace keymaster {
25 
26 class TrustyAesKeyFactory : public AesKeyFactory {
27 public:
TrustyAesKeyFactory(const SoftwareKeyBlobMaker & blob_maker,const RandomSource & random_source)28     explicit TrustyAesKeyFactory(const SoftwareKeyBlobMaker& blob_maker,
29                                  const RandomSource& random_source)
30             : AesKeyFactory(blob_maker, random_source),
31               hwwsk_chan_(INVALID_IPC_HANDLE) {}
32 
~TrustyAesKeyFactory()33     ~TrustyAesKeyFactory() { reset_hwwsk_chan(); }
34 
35     keymaster_error_t GenerateKey(const AuthorizationSet& key_description,
36                                   UniquePtr<Key> attestation_signing_key,
37                                   const KeymasterBlob& issuer_subject,
38                                   KeymasterKeyBlob* key_blob,
39                                   AuthorizationSet* hw_enforced,
40                                   AuthorizationSet* sw_enforced,
41                                   CertificateChain* cert_chain) const override;
42 
43     keymaster_error_t ImportKey(
44             const AuthorizationSet& key_description,
45             keymaster_key_format_t input_key_material_format,
46             const KeymasterKeyBlob& input_key_material,
47             UniquePtr<Key> attestation_signing_key,
48             const KeymasterBlob& issuer_subject,
49             KeymasterKeyBlob* output_key_blob,
50             AuthorizationSet* hw_enforced,
51             AuthorizationSet* sw_enforced,
52             CertificateChain* cert_chain) const override;
53 
54     keymaster_error_t LoadKey(KeymasterKeyBlob&& key_material,
55                               const AuthorizationSet& additional_params,
56                               AuthorizationSet&& hw_enforced,
57                               AuthorizationSet&& sw_enforced,
58                               UniquePtr<Key>* key) const override;
59 
60     handle_t get_hwwsk_chan(void) const;
61     void reset_hwwsk_chan(void) const;
62 
63 private:
64     keymaster_error_t CreateHwStorageKeyBlob(
65             const AuthorizationSet& key_description,
66             const KeymasterKeyBlob& input_key_material,
67             KeymasterKeyBlob* output_key_blob,
68             AuthorizationSet* hw_enforced,
69             AuthorizationSet* sw_enforced) const;
70 
71     mutable handle_t hwwsk_chan_;
72 };
73 
74 class HwStorageKey : public AesKey {
75 public:
HwStorageKey(KeymasterKeyBlob && key_material,AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,const KeyFactory * key_factory)76     HwStorageKey(KeymasterKeyBlob&& key_material,
77                  AuthorizationSet&& hw_enforced,
78                  AuthorizationSet&& sw_enforced,
79                  const KeyFactory* key_factory)
80             : AesKey(std::move(key_material),
81                      std::move(hw_enforced),
82                      std::move(sw_enforced),
83                      key_factory) {}
84 
85     keymaster_error_t formatted_key_material(keymaster_key_format_t,
86                                              UniquePtr<uint8_t[]>*,
87                                              size_t*) const override;
88 };
89 
90 }  // namespace keymaster
91