1 /*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 **     http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17 
18 #ifndef SYSTEM_KEYMASTER_KEYMASTER_PASSTHROUGH_KEY_H_
19 #define SYSTEM_KEYMASTER_KEYMASTER_PASSTHROUGH_KEY_H_
20 
21 #include <keymaster/key.h>
22 #include <keymaster/android_keymaster_utils.h>
23 #include <keymaster/logger.h>
24 #include <keymaster/key_factory.h>
25 #include <keymaster/authorization_set.h>
26 
27 #include "keymaster_passthrough_engine.h"
28 
29 namespace keymaster {
30 
31 //class SoftKeymasterContext;
32 
33 /**
34  * KeymasterPassthroughKeyFactory is a KeyFactory that creates and loads keys which are actually backed
35  * by a hardware keymaster2 module.
36  */
37 class KeymasterPassthroughKeyFactory : public KeyFactory {
38     using engine_t = KeymasterPassthroughEngine;
39   public:
KeymasterPassthroughKeyFactory(const engine_t * engine,keymaster_algorithm_t algorithm)40     KeymasterPassthroughKeyFactory(const engine_t* engine, keymaster_algorithm_t algorithm)
41           : KeyFactory(), engine_(engine), algorithm_(algorithm) {}
42 
GenerateKey(const AuthorizationSet & key_description,KeymasterKeyBlob * key_blob,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced)43     keymaster_error_t GenerateKey(const AuthorizationSet& key_description,
44                                   KeymasterKeyBlob* key_blob, AuthorizationSet* hw_enforced,
45                                   AuthorizationSet* sw_enforced) const override {
46         return engine_->GenerateKey(key_description, key_blob, hw_enforced, sw_enforced);
47     }
48 
ImportKey(const AuthorizationSet & key_description,keymaster_key_format_t input_key_material_format,const KeymasterKeyBlob & input_key_material,KeymasterKeyBlob * output_key_blob,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced)49     keymaster_error_t ImportKey(const AuthorizationSet& key_description,
50                                 keymaster_key_format_t input_key_material_format,
51                                 const KeymasterKeyBlob& input_key_material,
52                                 KeymasterKeyBlob* output_key_blob, AuthorizationSet* hw_enforced,
53                                 AuthorizationSet* sw_enforced) const override {
54         return engine_->ImportKey(key_description, input_key_material_format, input_key_material,
55                                   output_key_blob, hw_enforced, sw_enforced);
56     }
57 
58     keymaster_error_t LoadKey(KeymasterKeyBlob&& key_material,
59                               const AuthorizationSet& additional_params,
60                               AuthorizationSet&& hw_enforced,
61                               AuthorizationSet&& sw_enforced,
62                               UniquePtr<Key>* key) const override;
63 
GetOperationFactory(keymaster_purpose_t purpose)64     OperationFactory* GetOperationFactory(keymaster_purpose_t purpose) const override {
65         return engine_->GetOperationFactory(purpose, algorithm_);
66     }
67 
68     const keymaster_key_format_t* SupportedImportFormats(size_t* format_count) const override;
69     const keymaster_key_format_t* SupportedExportFormats(size_t* format_count) const override;
70 
71   private:
72     const engine_t* engine_;
73     keymaster_algorithm_t algorithm_;
74 };
75 
76 class KeymasterPassthroughKey : public Key {
77   public:
KeymasterPassthroughKey(KeymasterKeyBlob && key_material,AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,const KeyFactory * key_factory,keymaster_error_t * error,const AuthorizationSet & additional_parameters,const KeymasterPassthroughEngine * engine)78     KeymasterPassthroughKey(KeymasterKeyBlob&& key_material, AuthorizationSet&& hw_enforced,
79                        AuthorizationSet&& sw_enforced,
80                        const KeyFactory* key_factory, keymaster_error_t* error,
81                        const AuthorizationSet& additional_parameters,
82                        const KeymasterPassthroughEngine* engine)
83         : Key(move(hw_enforced), move(sw_enforced), key_factory),
84           additional_parameters_(additional_parameters), engine_(engine) {
85         key_material_ = move(key_material);
86         if (*error != KM_ERROR_OK) return;
87         if (additional_parameters.is_valid() != additional_parameters_.is_valid()
88                 && additional_parameters_.is_valid() == AuthorizationSet::ALLOCATION_FAILURE) {
89             *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
90         }
91     }
92 
93     keymaster_error_t formatted_key_material(keymaster_key_format_t format,
94                                              UniquePtr<uint8_t[]>* material,
95                                              size_t* size) const override;
96 
97   protected:
98     AuthorizationSet additional_parameters_;
99     const KeymasterPassthroughEngine* engine_;
100 };
101 
102 }  // namespace keymaster
103 
104 #endif  // SYSTEM_KEYMASTER_KEYMASTER_PASSTHROUGH_KEY_H_
105