1/*
2 * Copyright 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef SYSTEM_KEYMASTER_SOFT_KEYMASTER_CONTEXT_H_
18#define SYSTEM_KEYMASTER_SOFT_KEYMASTER_CONTEXT_H_
19
20#include <memory>
21
22#include <openssl/evp.h>
23
24#include <hardware/keymaster0.h>
25#include <keymaster/keymaster_context.h>
26
27namespace keymaster {
28
29class SoftKeymasterKeyRegistrations;
30class Keymaster0Engine;
31
32/**
33 * SoftKeymasterContext provides the context for a non-secure implementation of AndroidKeymaster.
34 */
35class SoftKeymasterContext : public KeymasterContext {
36  public:
37    SoftKeymasterContext(keymaster0_device_t* keymaster0_device);
38
39    KeyFactory* GetKeyFactory(keymaster_algorithm_t algorithm) const override;
40    OperationFactory* GetOperationFactory(keymaster_algorithm_t algorithm,
41                                          keymaster_purpose_t purpose) const override;
42    keymaster_algorithm_t* GetSupportedAlgorithms(size_t* algorithms_count) const override;
43    keymaster_error_t CreateKeyBlob(const AuthorizationSet& auths, keymaster_key_origin_t origin,
44                                    const KeymasterKeyBlob& key_material, KeymasterKeyBlob* blob,
45                                    AuthorizationSet* hw_enforced,
46                                    AuthorizationSet* sw_enforced) const override;
47
48    keymaster_error_t ParseKeyBlob(const KeymasterKeyBlob& blob,
49                                   const AuthorizationSet& additional_params,
50                                   KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced,
51                                   AuthorizationSet* sw_enforced) const override;
52    keymaster_error_t AddRngEntropy(const uint8_t* buf, size_t length) const override;
53    keymaster_error_t GenerateRandom(uint8_t* buf, size_t length) const override;
54
55    KeymasterEnforcement* enforcement_policy() override {
56        // SoftKeymaster does no enforcement; it's all done by Keystore.
57        return nullptr;
58    }
59
60  private:
61    keymaster_error_t ParseOldSoftkeymasterBlob(const KeymasterKeyBlob& blob,
62                                                KeymasterKeyBlob* key_material,
63                                                AuthorizationSet* hw_enforced,
64                                                AuthorizationSet* sw_enforced) const;
65    keymaster_error_t FakeKeyAuthorizations(EVP_PKEY* pubkey, AuthorizationSet* hw_enforced,
66                                            AuthorizationSet* sw_enforced) const;
67
68    std::unique_ptr<Keymaster0Engine> engine_;
69    std::unique_ptr<KeyFactory> rsa_factory_;
70    std::unique_ptr<KeyFactory> ec_factory_;
71    std::unique_ptr<KeyFactory> aes_factory_;
72    std::unique_ptr<KeyFactory> hmac_factory_;
73};
74
75}  // namespace keymaster
76
77#endif  // SYSTEM_KEYMASTER_SOFT_KEYMASTER_CONTEXT_H_
78