1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef SYSTEM_KEYMASTER_OPERATION_H_ 18 #define SYSTEM_KEYMASTER_OPERATION_H_ 19 20 #include <assert.h> 21 #include <stdint.h> 22 #include <stdlib.h> 23 24 #include <hardware/keymaster_defs.h> 25 #include <keymaster/android_keymaster_utils.h> 26 #include <keymaster/authorization_set.h> 27 #include <keymaster/logger.h> 28 29 namespace keymaster { 30 31 class AuthorizationSet; 32 class Key; 33 class Operation; 34 35 class OperationFactory { 36 public: ~OperationFactory()37 virtual ~OperationFactory() {} 38 39 // Required for registry 40 struct KeyType { KeyTypeKeyType41 KeyType(keymaster_algorithm_t alg, keymaster_purpose_t purp) 42 : algorithm(alg), purpose(purp) {} 43 44 keymaster_algorithm_t algorithm; 45 keymaster_purpose_t purpose; 46 47 bool operator==(const KeyType& rhs) const { 48 return algorithm == rhs.algorithm && purpose == rhs.purpose; 49 } 50 }; 51 virtual KeyType registry_key() const = 0; 52 53 // Factory methods 54 virtual Operation* CreateOperation(const Key& key, const AuthorizationSet& begin_params, 55 keymaster_error_t* error) = 0; 56 57 // Informational methods. The returned arrays reference static memory and must not be 58 // deallocated or modified. SupportedPaddingModes(size_t * padding_count)59 virtual const keymaster_padding_t* SupportedPaddingModes(size_t* padding_count) const { 60 *padding_count = 0; 61 return NULL; 62 } SupportedBlockModes(size_t * block_mode_count)63 virtual const keymaster_block_mode_t* SupportedBlockModes(size_t* block_mode_count) const { 64 *block_mode_count = 0; 65 return NULL; 66 } SupportedDigests(size_t * digest_count)67 virtual const keymaster_digest_t* SupportedDigests(size_t* digest_count) const { 68 *digest_count = 0; 69 return NULL; 70 } 71 72 // Convenience methods 73 bool supported(keymaster_padding_t padding) const; 74 bool supported(keymaster_block_mode_t padding) const; 75 bool supported(keymaster_digest_t padding) const; 76 77 bool is_public_key_operation() const; 78 79 bool GetAndValidatePadding(const AuthorizationSet& begin_params, const Key& key, 80 keymaster_padding_t* padding, keymaster_error_t* error) const; 81 bool GetAndValidateDigest(const AuthorizationSet& begin_params, const Key& key, 82 keymaster_digest_t* digest, keymaster_error_t* error) const; 83 }; 84 85 /** 86 * Abstract base for all cryptographic operations. 87 */ 88 class Operation { 89 public: Operation(keymaster_purpose_t purpose)90 explicit Operation(keymaster_purpose_t purpose) : purpose_(purpose) {} ~Operation()91 virtual ~Operation() {} 92 purpose()93 keymaster_purpose_t purpose() const { return purpose_; } 94 set_key_id(uint64_t key_id)95 void set_key_id(uint64_t key_id) { key_id_ = key_id; } key_id()96 uint64_t key_id() const { return key_id_; } 97 SetAuthorizations(const AuthorizationSet & auths)98 void SetAuthorizations(const AuthorizationSet& auths) { 99 key_auths_.Reinitialize(auths.data(), auths.size()); 100 } authorizations()101 const AuthorizationSet authorizations() { return key_auths_; } 102 103 virtual keymaster_error_t Begin(const AuthorizationSet& input_params, 104 AuthorizationSet* output_params) = 0; 105 virtual keymaster_error_t Update(const AuthorizationSet& input_params, const Buffer& input, 106 AuthorizationSet* output_params, Buffer* output, 107 size_t* input_consumed) = 0; 108 virtual keymaster_error_t Finish(const AuthorizationSet& input_params, const Buffer& input, 109 const Buffer& signature, AuthorizationSet* output_params, 110 Buffer* output) = 0; 111 virtual keymaster_error_t Abort() = 0; 112 113 protected: 114 // Helper function for implementing Finish() methods that need to call Update() to process 115 // input, but don't expect any output. 116 keymaster_error_t UpdateForFinish(const AuthorizationSet& input_params, const Buffer& input); 117 118 private: 119 const keymaster_purpose_t purpose_; 120 AuthorizationSet key_auths_; 121 uint64_t key_id_; 122 }; 123 124 } // namespace keymaster 125 126 #endif // SYSTEM_KEYMASTER_OPERATION_H_ 127