1 // 2 // Copyright (C) 2020 The Android Open Source Project 3 // 4 // Licensed under the Apache License, Version 2.0 (the "License"); 5 // you may not use this file except in compliance with the License. 6 // You may obtain a copy of the License at 7 // 8 // http://www.apache.org/licenses/LICENSE-2.0 9 // 10 // Unless required by applicable law or agreed to in writing, software 11 // distributed under the License is distributed on an "AS IS" BASIS, 12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 // See the License for the specific language governing permissions and 14 // limitations under the License. 15 16 #pragma once 17 18 #include <map> 19 #include <vector> 20 21 #include <keymaster/attestation_record.h> 22 #include <keymaster/keymaster_context.h> 23 24 class TpmAttestationRecordContext; 25 class TpmResourceManager; 26 class TpmKeyBlobMaker; 27 class TpmRandomSource; 28 29 /** 30 * Implementation of KeymasterContext that wraps its keys with a TPM. 31 * 32 * See the parent class for details: 33 * https://cs.android.com/android/platform/superproject/+/master:system/keymaster/include/keymaster/keymaster_context.h;drc=821acb74d7febb886a9b7cefee4ee3df4cc8c556 34 */ 35 class TpmKeymasterContext : public keymaster::KeymasterContext { 36 private: 37 TpmResourceManager* resource_manager_; 38 std::unique_ptr<TpmKeyBlobMaker> key_blob_maker_; 39 std::unique_ptr<TpmRandomSource> random_source_; 40 std::unique_ptr<keymaster::KeymasterEnforcement> enforcement_; 41 std::unique_ptr<TpmAttestationRecordContext> attestation_context_; 42 std::map<keymaster_algorithm_t, std::unique_ptr<keymaster::KeyFactory>> key_factories_; 43 std::vector<keymaster_algorithm_t> supported_algorithms_; 44 uint32_t os_version_; 45 uint32_t os_patchlevel_; 46 public: 47 TpmKeymasterContext(TpmResourceManager* resource_manager); 48 ~TpmKeymasterContext() = default; 49 50 keymaster_error_t SetSystemVersion( 51 uint32_t os_version, uint32_t os_patchlevel) override; 52 void GetSystemVersion( 53 uint32_t* os_version, uint32_t* os_patchlevel) const override; 54 55 const keymaster::KeyFactory* GetKeyFactory( 56 keymaster_algorithm_t algorithm) const override; 57 const keymaster::OperationFactory* GetOperationFactory( 58 keymaster_algorithm_t algorithm, 59 keymaster_purpose_t purpose) const override; 60 const keymaster_algorithm_t* GetSupportedAlgorithms( 61 size_t* algorithms_count) const override; 62 63 keymaster_error_t UpgradeKeyBlob( 64 const keymaster::KeymasterKeyBlob& key_to_upgrade, 65 const keymaster::AuthorizationSet& upgrade_params, 66 keymaster::KeymasterKeyBlob* upgraded_key) const override; 67 68 keymaster_error_t ParseKeyBlob( 69 const keymaster::KeymasterKeyBlob& blob, 70 const keymaster::AuthorizationSet& additional_params, 71 keymaster::UniquePtr<keymaster::Key>* key) const override; 72 73 keymaster_error_t AddRngEntropy( 74 const uint8_t* buf, size_t length) const override; 75 76 keymaster::KeymasterEnforcement* enforcement_policy() override; 77 78 keymaster_error_t GenerateAttestation( 79 const keymaster::Key& key, 80 const keymaster::AuthorizationSet& attest_params, 81 keymaster::CertChainPtr* cert_chain) const override; 82 83 keymaster_error_t UnwrapKey( 84 const keymaster::KeymasterKeyBlob& wrapped_key_blob, 85 const keymaster::KeymasterKeyBlob& wrapping_key_blob, 86 const keymaster::AuthorizationSet& wrapping_key_params, 87 const keymaster::KeymasterKeyBlob& masking_key, 88 keymaster::AuthorizationSet* wrapped_key_params, 89 keymaster_key_format_t* wrapped_key_format, 90 keymaster::KeymasterKeyBlob* wrapped_key_material) const override; 91 }; 92