1/* 2** 3** Copyright 2017, The Android Open Source Project 4** 5** Licensed under the Apache License, Version 2.0 (the "License"); 6** you may not use this file except in compliance with the License. 7** You may obtain a copy of the License at 8** 9** http://www.apache.org/licenses/LICENSE-2.0 10** 11** Unless required by applicable law or agreed to in writing, software 12** distributed under the License is distributed on an "AS IS" BASIS, 13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14** See the License for the specific language governing permissions and 15** limitations under the License. 16*/ 17 18#include <keymaster/contexts/keymaster2_passthrough_context.h> 19 20#include <keymaster/legacy_support/keymaster_passthrough_key.h> 21#include <keymaster/legacy_support/keymaster_passthrough_engine.h> 22 23namespace keymaster { 24 25Keymaster2PassthroughContext::Keymaster2PassthroughContext(keymaster2_device_t* dev) 26 : device_(dev), engine_(KeymasterPassthroughEngine::createInstance(dev)) { 27 28} 29 30keymaster_error_t Keymaster2PassthroughContext::SetSystemVersion(uint32_t os_version, 31 uint32_t os_patchlevel) { 32 os_version_ = os_version; 33 os_patchlevel_ = os_patchlevel; 34 return KM_ERROR_OK; 35} 36 37void Keymaster2PassthroughContext::GetSystemVersion(uint32_t* os_version, 38 uint32_t* os_patchlevel) const { 39 if (os_version) *os_version = os_version_; 40 if (os_patchlevel) *os_patchlevel = os_patchlevel_; 41} 42 43KeyFactory* Keymaster2PassthroughContext::GetKeyFactory(keymaster_algorithm_t algorithm) const { 44 auto& result = factories_[algorithm]; 45 if (!result) { 46 result.reset(new KeymasterPassthroughKeyFactory(engine_.get(), algorithm)); 47 } 48 return result.get(); 49} 50OperationFactory* Keymaster2PassthroughContext::GetOperationFactory(keymaster_algorithm_t algorithm, 51 keymaster_purpose_t purpose) const { 52 auto keyfactory = GetKeyFactory(algorithm); 53 return keyfactory->GetOperationFactory(purpose); 54} 55keymaster_algorithm_t* Keymaster2PassthroughContext::GetSupportedAlgorithms( 56 size_t* algorithms_count) const { 57 if (algorithms_count) *algorithms_count = 0; 58 return nullptr; 59} 60 61keymaster_error_t Keymaster2PassthroughContext::UpgradeKeyBlob( 62 const KeymasterKeyBlob& key_to_upgrade, const AuthorizationSet& upgrade_params, 63 KeymasterKeyBlob* upgraded_key) const { 64 if (!upgraded_key) return KM_ERROR_UNEXPECTED_NULL_POINTER; 65 *upgraded_key = {}; 66 return device_->upgrade_key(device_, &key_to_upgrade, &upgrade_params, upgraded_key); 67} 68 69keymaster_error_t Keymaster2PassthroughContext::ParseKeyBlob(const KeymasterKeyBlob& blob, 70 const AuthorizationSet& additional_params, UniquePtr<Key>* key) const { 71 keymaster_key_characteristics_t characteristics = {}; 72 keymaster_blob_t clientId; 73 keymaster_blob_t applicationData; 74 keymaster_blob_t* clientIdPtr = &clientId; 75 keymaster_blob_t* applicationDataPtr = &applicationData; 76 if (!additional_params.GetTagValue(TAG_APPLICATION_ID, clientIdPtr)) { 77 clientIdPtr = nullptr; 78 } 79 if (!additional_params.GetTagValue(TAG_APPLICATION_DATA, applicationDataPtr)) { 80 applicationDataPtr = nullptr; 81 } 82 83 auto rc = device_->get_key_characteristics(device_, &blob, clientIdPtr, applicationDataPtr, 84 &characteristics); 85 86 if (rc != KM_ERROR_OK) return rc; 87 88 AuthorizationSet hw_enforced; 89 AuthorizationSet sw_enforced; 90 91 hw_enforced.Reinitialize(characteristics.hw_enforced); 92 sw_enforced.Reinitialize(characteristics.sw_enforced); 93 94 keymaster_free_characteristics(&characteristics); 95 96 // GetKeyFactory 97 keymaster_algorithm_t algorithm; 98 if (!hw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm) && 99 !sw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm)) { 100 return KM_ERROR_INVALID_ARGUMENT; 101 } 102 103 KeymasterKeyBlob key_material = blob; 104 auto factory = GetKeyFactory(algorithm); 105 return factory->LoadKey(move(key_material), additional_params, move(hw_enforced), 106 move(sw_enforced), key); 107} 108 109keymaster_error_t Keymaster2PassthroughContext::DeleteKey(const KeymasterKeyBlob& blob) const { 110 return device_->delete_key(device_, &blob); 111} 112 113keymaster_error_t Keymaster2PassthroughContext::DeleteAllKeys() const { 114 return device_->delete_all_keys(device_); 115} 116 117keymaster_error_t Keymaster2PassthroughContext::AddRngEntropy(const uint8_t* buf, 118 size_t length) const { 119 return device_->add_rng_entropy(device_, buf, length); 120} 121 122 123KeymasterEnforcement* Keymaster2PassthroughContext::enforcement_policy() { 124 return nullptr; 125} 126 127keymaster_error_t Keymaster2PassthroughContext::GenerateAttestation(const Key& key, 128 const AuthorizationSet& attest_params, CertChainPtr* cert_chain) const { 129 if (!cert_chain) return KM_ERROR_UNEXPECTED_NULL_POINTER; 130 131 keymaster_cert_chain_t cchain{}; 132 133 auto rc = device_->attest_key(device_, &key.key_material(), &attest_params, &cchain); 134 if (rc == KM_ERROR_OK) { 135 cert_chain->reset(new keymaster_cert_chain_t); 136 **cert_chain = { new keymaster_blob_t[cchain.entry_count], cchain.entry_count }; 137 for (size_t i = 0; i < cchain.entry_count; ++i) { 138 (*cert_chain)->entries[i] = { dup_array(cchain.entries[i].data, 139 cchain.entries[i].data_length), 140 cchain.entries[i].data_length }; 141 free(const_cast<uint8_t*>(cchain.entries[i].data)); 142 } 143 free(cchain.entries); 144 } 145 return rc; 146} 147 148keymaster_error_t Keymaster2PassthroughContext::UnwrapKey( 149 const KeymasterKeyBlob&, const KeymasterKeyBlob&, const AuthorizationSet&, 150 const KeymasterKeyBlob&, AuthorizationSet*, keymaster_key_format_t*, KeymasterKeyBlob*) const { 151 return KM_ERROR_UNIMPLEMENTED; 152} 153 154} // namespace keymaster 155