1 /*
2  * Copyright 2015 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef SYSTEM_KEYMASTER_SOFT_KEYMASTER_CONTEXT_H_
18 #define SYSTEM_KEYMASTER_SOFT_KEYMASTER_CONTEXT_H_
19 
20 #include <memory>
21 
22 #include <openssl/evp.h>
23 
24 #include <hardware/keymaster0.h>
25 #include <keymaster/keymaster_context.h>
26 
27 namespace keymaster {
28 
29 class SoftKeymasterKeyRegistrations;
30 class Keymaster0Engine;
31 
32 /**
33  * SoftKeymasterContext provides the context for a non-secure implementation of AndroidKeymaster.
34  */
35 class SoftKeymasterContext : public KeymasterContext {
36   public:
37     SoftKeymasterContext(keymaster0_device_t* keymaster0_device);
38 
39     KeyFactory* GetKeyFactory(keymaster_algorithm_t algorithm) const override;
40     OperationFactory* GetOperationFactory(keymaster_algorithm_t algorithm,
41                                           keymaster_purpose_t purpose) const override;
42     keymaster_algorithm_t* GetSupportedAlgorithms(size_t* algorithms_count) const override;
43     keymaster_error_t CreateKeyBlob(const AuthorizationSet& auths, keymaster_key_origin_t origin,
44                                     const KeymasterKeyBlob& key_material, KeymasterKeyBlob* blob,
45                                     AuthorizationSet* hw_enforced,
46                                     AuthorizationSet* sw_enforced) const override;
47 
48     keymaster_error_t ParseKeyBlob(const KeymasterKeyBlob& blob,
49                                    const AuthorizationSet& additional_params,
50                                    KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced,
51                                    AuthorizationSet* sw_enforced) const override;
52     keymaster_error_t AddRngEntropy(const uint8_t* buf, size_t length) const override;
53     keymaster_error_t GenerateRandom(uint8_t* buf, size_t length) const override;
54 
enforcement_policy()55     KeymasterEnforcement* enforcement_policy() override {
56         // SoftKeymaster does no enforcement; it's all done by Keystore.
57         return nullptr;
58     }
59 
60   private:
61     keymaster_error_t ParseOldSoftkeymasterBlob(const KeymasterKeyBlob& blob,
62                                                 KeymasterKeyBlob* key_material,
63                                                 AuthorizationSet* hw_enforced,
64                                                 AuthorizationSet* sw_enforced) const;
65     keymaster_error_t FakeKeyAuthorizations(EVP_PKEY* pubkey, AuthorizationSet* hw_enforced,
66                                             AuthorizationSet* sw_enforced) const;
67 
68     std::unique_ptr<Keymaster0Engine> engine_;
69     std::unique_ptr<KeyFactory> rsa_factory_;
70     std::unique_ptr<KeyFactory> ec_factory_;
71     std::unique_ptr<KeyFactory> aes_factory_;
72     std::unique_ptr<KeyFactory> hmac_factory_;
73 };
74 
75 }  // namespace keymaster
76 
77 #endif  // SYSTEM_KEYMASTER_SOFT_KEYMASTER_CONTEXT_H_
78