xref: /aosp_15_r20/system/keymaster/contexts/keymaster2_passthrough_context.cpp (revision 789431f29546679ab5188a97751fb38e3018d44d) 
1 /*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 **     http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17 
18 #include <keymaster/contexts/keymaster2_passthrough_context.h>
19 
20 #include <utility>
21 
22 #include <keymaster/legacy_support/keymaster_passthrough_engine.h>
23 #include <keymaster/legacy_support/keymaster_passthrough_key.h>
24 
25 namespace keymaster {
26 
Keymaster2PassthroughContext(KmVersion version,keymaster2_device_t * dev)27 Keymaster2PassthroughContext::Keymaster2PassthroughContext(KmVersion version,
28                                                            keymaster2_device_t* dev)
29     : device_(dev), engine_(KeymasterPassthroughEngine::createInstance(dev)), version_(version) {}
30 
SetSystemVersion(uint32_t os_version,uint32_t os_patchlevel)31 keymaster_error_t Keymaster2PassthroughContext::SetSystemVersion(uint32_t os_version,
32                                                                  uint32_t os_patchlevel) {
33     os_version_ = os_version;
34     os_patchlevel_ = os_patchlevel;
35     return KM_ERROR_OK;
36 }
37 
GetSystemVersion(uint32_t * os_version,uint32_t * os_patchlevel) const38 void Keymaster2PassthroughContext::GetSystemVersion(uint32_t* os_version,
39                                                     uint32_t* os_patchlevel) const {
40     if (os_version) *os_version = os_version_;
41     if (os_patchlevel) *os_patchlevel = os_patchlevel_;
42 }
43 
GetKeyFactory(keymaster_algorithm_t algorithm) const44 KeyFactory* Keymaster2PassthroughContext::GetKeyFactory(keymaster_algorithm_t algorithm) const {
45     auto& result = factories_[algorithm];
46     if (!result) {
47         result.reset(new (std::nothrow) KeymasterPassthroughKeyFactory(engine_.get(), algorithm));
48     }
49     return result.get();
50 }
51 OperationFactory*
GetOperationFactory(keymaster_algorithm_t algorithm,keymaster_purpose_t purpose) const52 Keymaster2PassthroughContext::GetOperationFactory(keymaster_algorithm_t algorithm,
53                                                   keymaster_purpose_t purpose) const {
54     auto keyfactory = GetKeyFactory(algorithm);
55     return keyfactory->GetOperationFactory(purpose);
56 }
57 keymaster_algorithm_t*
GetSupportedAlgorithms(size_t * algorithms_count) const58 Keymaster2PassthroughContext::GetSupportedAlgorithms(size_t* algorithms_count) const {
59     if (algorithms_count) *algorithms_count = 0;
60     return nullptr;
61 }
62 
63 keymaster_error_t
UpgradeKeyBlob(const KeymasterKeyBlob & key_to_upgrade,const AuthorizationSet & upgrade_params,KeymasterKeyBlob * upgraded_key) const64 Keymaster2PassthroughContext::UpgradeKeyBlob(const KeymasterKeyBlob& key_to_upgrade,
65                                              const AuthorizationSet& upgrade_params,
66                                              KeymasterKeyBlob* upgraded_key) const {
67     if (!upgraded_key) return KM_ERROR_UNEXPECTED_NULL_POINTER;
68     *upgraded_key = {};
69     return device_->upgrade_key(device_, &key_to_upgrade, &upgrade_params, upgraded_key);
70 }
71 
72 keymaster_error_t
ParseKeyBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & additional_params,UniquePtr<Key> * key) const73 Keymaster2PassthroughContext::ParseKeyBlob(const KeymasterKeyBlob& blob,
74                                            const AuthorizationSet& additional_params,
75                                            UniquePtr<Key>* key) const {
76     keymaster_key_characteristics_t characteristics = {};
77     keymaster_blob_t clientId;
78     keymaster_blob_t applicationData;
79     keymaster_blob_t* clientIdPtr = &clientId;
80     keymaster_blob_t* applicationDataPtr = &applicationData;
81     if (!additional_params.GetTagValue(TAG_APPLICATION_ID, clientIdPtr)) {
82         clientIdPtr = nullptr;
83     }
84     if (!additional_params.GetTagValue(TAG_APPLICATION_DATA, applicationDataPtr)) {
85         applicationDataPtr = nullptr;
86     }
87 
88     auto rc = device_->get_key_characteristics(device_, &blob, clientIdPtr, applicationDataPtr,
89                                                &characteristics);
90 
91     if (rc != KM_ERROR_OK) return rc;
92 
93     AuthorizationSet hw_enforced;
94     AuthorizationSet sw_enforced;
95 
96     hw_enforced.Reinitialize(characteristics.hw_enforced);
97     sw_enforced.Reinitialize(characteristics.sw_enforced);
98 
99     keymaster_free_characteristics(&characteristics);
100 
101     // GetKeyFactory
102     keymaster_algorithm_t algorithm;
103     if (!hw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm) &&
104         !sw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm)) {
105         return KM_ERROR_INVALID_ARGUMENT;
106     }
107 
108     KeymasterKeyBlob key_material = blob;
109     auto factory = GetKeyFactory(algorithm);
110     return factory->LoadKey(std::move(key_material), additional_params, std::move(hw_enforced),
111                             std::move(sw_enforced), key);
112 }
113 
DeleteKey(const KeymasterKeyBlob & blob) const114 keymaster_error_t Keymaster2PassthroughContext::DeleteKey(const KeymasterKeyBlob& blob) const {
115     return device_->delete_key(device_, &blob);
116 }
117 
DeleteAllKeys() const118 keymaster_error_t Keymaster2PassthroughContext::DeleteAllKeys() const {
119     return device_->delete_all_keys(device_);
120 }
121 
AddRngEntropy(const uint8_t * buf,size_t length) const122 keymaster_error_t Keymaster2PassthroughContext::AddRngEntropy(const uint8_t* buf,
123                                                               size_t length) const {
124     return device_->add_rng_entropy(device_, buf, length);
125 }
126 
enforcement_policy()127 KeymasterEnforcement* Keymaster2PassthroughContext::enforcement_policy() {
128     return nullptr;
129 }
130 
GenerateAttestation(const Key & key,const AuthorizationSet & attest_params,UniquePtr<Key>,const KeymasterBlob &,keymaster_error_t * error) const131 CertificateChain Keymaster2PassthroughContext::GenerateAttestation(
132     const Key& key, const AuthorizationSet& attest_params, UniquePtr<Key> /* attest_key */,
133     const KeymasterBlob& /* issuer_subject */, keymaster_error_t* error) const {
134     keymaster_cert_chain_t cchain{};
135     auto rc = device_->attest_key(device_, &key.key_material(), &attest_params, &cchain);
136     if (rc != KM_ERROR_OK) {
137         *error = rc;
138         return {};
139     }
140 
141     CertificateChain retval = CertificateChain::clone(cchain);
142     keymaster_free_cert_chain(&cchain);
143     return retval;
144 }
145 
UnwrapKey(const KeymasterKeyBlob &,const KeymasterKeyBlob &,const AuthorizationSet &,const KeymasterKeyBlob &,AuthorizationSet *,keymaster_key_format_t *,KeymasterKeyBlob *) const146 keymaster_error_t Keymaster2PassthroughContext::UnwrapKey(
147     const KeymasterKeyBlob&, const KeymasterKeyBlob&, const AuthorizationSet&,
148     const KeymasterKeyBlob&, AuthorizationSet*, keymaster_key_format_t*, KeymasterKeyBlob*) const {
149     return KM_ERROR_UNIMPLEMENTED;
150 }
151 
152 }  // namespace keymaster
153