xref: /aosp_15_r20/system/keymaster/contexts/keymaster2_passthrough_context.cpp (revision 789431f29546679ab5188a97751fb38e3018d44d) 
1*789431f2SAndroid Build Coastguard Worker /*
2*789431f2SAndroid Build Coastguard Worker **
3*789431f2SAndroid Build Coastguard Worker ** Copyright 2017, The Android Open Source Project
4*789431f2SAndroid Build Coastguard Worker **
5*789431f2SAndroid Build Coastguard Worker ** Licensed under the Apache License, Version 2.0 (the "License");
6*789431f2SAndroid Build Coastguard Worker ** you may not use this file except in compliance with the License.
7*789431f2SAndroid Build Coastguard Worker ** You may obtain a copy of the License at
8*789431f2SAndroid Build Coastguard Worker **
9*789431f2SAndroid Build Coastguard Worker **     http://www.apache.org/licenses/LICENSE-2.0
10*789431f2SAndroid Build Coastguard Worker **
11*789431f2SAndroid Build Coastguard Worker ** Unless required by applicable law or agreed to in writing, software
12*789431f2SAndroid Build Coastguard Worker ** distributed under the License is distributed on an "AS IS" BASIS,
13*789431f2SAndroid Build Coastguard Worker ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14*789431f2SAndroid Build Coastguard Worker ** See the License for the specific language governing permissions and
15*789431f2SAndroid Build Coastguard Worker ** limitations under the License.
16*789431f2SAndroid Build Coastguard Worker */
17*789431f2SAndroid Build Coastguard Worker 
18*789431f2SAndroid Build Coastguard Worker #include <keymaster/contexts/keymaster2_passthrough_context.h>
19*789431f2SAndroid Build Coastguard Worker 
20*789431f2SAndroid Build Coastguard Worker #include <utility>
21*789431f2SAndroid Build Coastguard Worker 
22*789431f2SAndroid Build Coastguard Worker #include <keymaster/legacy_support/keymaster_passthrough_engine.h>
23*789431f2SAndroid Build Coastguard Worker #include <keymaster/legacy_support/keymaster_passthrough_key.h>
24*789431f2SAndroid Build Coastguard Worker 
25*789431f2SAndroid Build Coastguard Worker namespace keymaster {
26*789431f2SAndroid Build Coastguard Worker 
Keymaster2PassthroughContext(KmVersion version,keymaster2_device_t * dev)27*789431f2SAndroid Build Coastguard Worker Keymaster2PassthroughContext::Keymaster2PassthroughContext(KmVersion version,
28*789431f2SAndroid Build Coastguard Worker                                                            keymaster2_device_t* dev)
29*789431f2SAndroid Build Coastguard Worker     : device_(dev), engine_(KeymasterPassthroughEngine::createInstance(dev)), version_(version) {}
30*789431f2SAndroid Build Coastguard Worker 
SetSystemVersion(uint32_t os_version,uint32_t os_patchlevel)31*789431f2SAndroid Build Coastguard Worker keymaster_error_t Keymaster2PassthroughContext::SetSystemVersion(uint32_t os_version,
32*789431f2SAndroid Build Coastguard Worker                                                                  uint32_t os_patchlevel) {
33*789431f2SAndroid Build Coastguard Worker     os_version_ = os_version;
34*789431f2SAndroid Build Coastguard Worker     os_patchlevel_ = os_patchlevel;
35*789431f2SAndroid Build Coastguard Worker     return KM_ERROR_OK;
36*789431f2SAndroid Build Coastguard Worker }
37*789431f2SAndroid Build Coastguard Worker 
GetSystemVersion(uint32_t * os_version,uint32_t * os_patchlevel) const38*789431f2SAndroid Build Coastguard Worker void Keymaster2PassthroughContext::GetSystemVersion(uint32_t* os_version,
39*789431f2SAndroid Build Coastguard Worker                                                     uint32_t* os_patchlevel) const {
40*789431f2SAndroid Build Coastguard Worker     if (os_version) *os_version = os_version_;
41*789431f2SAndroid Build Coastguard Worker     if (os_patchlevel) *os_patchlevel = os_patchlevel_;
42*789431f2SAndroid Build Coastguard Worker }
43*789431f2SAndroid Build Coastguard Worker 
GetKeyFactory(keymaster_algorithm_t algorithm) const44*789431f2SAndroid Build Coastguard Worker KeyFactory* Keymaster2PassthroughContext::GetKeyFactory(keymaster_algorithm_t algorithm) const {
45*789431f2SAndroid Build Coastguard Worker     auto& result = factories_[algorithm];
46*789431f2SAndroid Build Coastguard Worker     if (!result) {
47*789431f2SAndroid Build Coastguard Worker         result.reset(new (std::nothrow) KeymasterPassthroughKeyFactory(engine_.get(), algorithm));
48*789431f2SAndroid Build Coastguard Worker     }
49*789431f2SAndroid Build Coastguard Worker     return result.get();
50*789431f2SAndroid Build Coastguard Worker }
51*789431f2SAndroid Build Coastguard Worker OperationFactory*
GetOperationFactory(keymaster_algorithm_t algorithm,keymaster_purpose_t purpose) const52*789431f2SAndroid Build Coastguard Worker Keymaster2PassthroughContext::GetOperationFactory(keymaster_algorithm_t algorithm,
53*789431f2SAndroid Build Coastguard Worker                                                   keymaster_purpose_t purpose) const {
54*789431f2SAndroid Build Coastguard Worker     auto keyfactory = GetKeyFactory(algorithm);
55*789431f2SAndroid Build Coastguard Worker     return keyfactory->GetOperationFactory(purpose);
56*789431f2SAndroid Build Coastguard Worker }
57*789431f2SAndroid Build Coastguard Worker keymaster_algorithm_t*
GetSupportedAlgorithms(size_t * algorithms_count) const58*789431f2SAndroid Build Coastguard Worker Keymaster2PassthroughContext::GetSupportedAlgorithms(size_t* algorithms_count) const {
59*789431f2SAndroid Build Coastguard Worker     if (algorithms_count) *algorithms_count = 0;
60*789431f2SAndroid Build Coastguard Worker     return nullptr;
61*789431f2SAndroid Build Coastguard Worker }
62*789431f2SAndroid Build Coastguard Worker 
63*789431f2SAndroid Build Coastguard Worker keymaster_error_t
UpgradeKeyBlob(const KeymasterKeyBlob & key_to_upgrade,const AuthorizationSet & upgrade_params,KeymasterKeyBlob * upgraded_key) const64*789431f2SAndroid Build Coastguard Worker Keymaster2PassthroughContext::UpgradeKeyBlob(const KeymasterKeyBlob& key_to_upgrade,
65*789431f2SAndroid Build Coastguard Worker                                              const AuthorizationSet& upgrade_params,
66*789431f2SAndroid Build Coastguard Worker                                              KeymasterKeyBlob* upgraded_key) const {
67*789431f2SAndroid Build Coastguard Worker     if (!upgraded_key) return KM_ERROR_UNEXPECTED_NULL_POINTER;
68*789431f2SAndroid Build Coastguard Worker     *upgraded_key = {};
69*789431f2SAndroid Build Coastguard Worker     return device_->upgrade_key(device_, &key_to_upgrade, &upgrade_params, upgraded_key);
70*789431f2SAndroid Build Coastguard Worker }
71*789431f2SAndroid Build Coastguard Worker 
72*789431f2SAndroid Build Coastguard Worker keymaster_error_t
ParseKeyBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & additional_params,UniquePtr<Key> * key) const73*789431f2SAndroid Build Coastguard Worker Keymaster2PassthroughContext::ParseKeyBlob(const KeymasterKeyBlob& blob,
74*789431f2SAndroid Build Coastguard Worker                                            const AuthorizationSet& additional_params,
75*789431f2SAndroid Build Coastguard Worker                                            UniquePtr<Key>* key) const {
76*789431f2SAndroid Build Coastguard Worker     keymaster_key_characteristics_t characteristics = {};
77*789431f2SAndroid Build Coastguard Worker     keymaster_blob_t clientId;
78*789431f2SAndroid Build Coastguard Worker     keymaster_blob_t applicationData;
79*789431f2SAndroid Build Coastguard Worker     keymaster_blob_t* clientIdPtr = &clientId;
80*789431f2SAndroid Build Coastguard Worker     keymaster_blob_t* applicationDataPtr = &applicationData;
81*789431f2SAndroid Build Coastguard Worker     if (!additional_params.GetTagValue(TAG_APPLICATION_ID, clientIdPtr)) {
82*789431f2SAndroid Build Coastguard Worker         clientIdPtr = nullptr;
83*789431f2SAndroid Build Coastguard Worker     }
84*789431f2SAndroid Build Coastguard Worker     if (!additional_params.GetTagValue(TAG_APPLICATION_DATA, applicationDataPtr)) {
85*789431f2SAndroid Build Coastguard Worker         applicationDataPtr = nullptr;
86*789431f2SAndroid Build Coastguard Worker     }
87*789431f2SAndroid Build Coastguard Worker 
88*789431f2SAndroid Build Coastguard Worker     auto rc = device_->get_key_characteristics(device_, &blob, clientIdPtr, applicationDataPtr,
89*789431f2SAndroid Build Coastguard Worker                                                &characteristics);
90*789431f2SAndroid Build Coastguard Worker 
91*789431f2SAndroid Build Coastguard Worker     if (rc != KM_ERROR_OK) return rc;
92*789431f2SAndroid Build Coastguard Worker 
93*789431f2SAndroid Build Coastguard Worker     AuthorizationSet hw_enforced;
94*789431f2SAndroid Build Coastguard Worker     AuthorizationSet sw_enforced;
95*789431f2SAndroid Build Coastguard Worker 
96*789431f2SAndroid Build Coastguard Worker     hw_enforced.Reinitialize(characteristics.hw_enforced);
97*789431f2SAndroid Build Coastguard Worker     sw_enforced.Reinitialize(characteristics.sw_enforced);
98*789431f2SAndroid Build Coastguard Worker 
99*789431f2SAndroid Build Coastguard Worker     keymaster_free_characteristics(&characteristics);
100*789431f2SAndroid Build Coastguard Worker 
101*789431f2SAndroid Build Coastguard Worker     // GetKeyFactory
102*789431f2SAndroid Build Coastguard Worker     keymaster_algorithm_t algorithm;
103*789431f2SAndroid Build Coastguard Worker     if (!hw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm) &&
104*789431f2SAndroid Build Coastguard Worker         !sw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm)) {
105*789431f2SAndroid Build Coastguard Worker         return KM_ERROR_INVALID_ARGUMENT;
106*789431f2SAndroid Build Coastguard Worker     }
107*789431f2SAndroid Build Coastguard Worker 
108*789431f2SAndroid Build Coastguard Worker     KeymasterKeyBlob key_material = blob;
109*789431f2SAndroid Build Coastguard Worker     auto factory = GetKeyFactory(algorithm);
110*789431f2SAndroid Build Coastguard Worker     return factory->LoadKey(std::move(key_material), additional_params, std::move(hw_enforced),
111*789431f2SAndroid Build Coastguard Worker                             std::move(sw_enforced), key);
112*789431f2SAndroid Build Coastguard Worker }
113*789431f2SAndroid Build Coastguard Worker 
DeleteKey(const KeymasterKeyBlob & blob) const114*789431f2SAndroid Build Coastguard Worker keymaster_error_t Keymaster2PassthroughContext::DeleteKey(const KeymasterKeyBlob& blob) const {
115*789431f2SAndroid Build Coastguard Worker     return device_->delete_key(device_, &blob);
116*789431f2SAndroid Build Coastguard Worker }
117*789431f2SAndroid Build Coastguard Worker 
DeleteAllKeys() const118*789431f2SAndroid Build Coastguard Worker keymaster_error_t Keymaster2PassthroughContext::DeleteAllKeys() const {
119*789431f2SAndroid Build Coastguard Worker     return device_->delete_all_keys(device_);
120*789431f2SAndroid Build Coastguard Worker }
121*789431f2SAndroid Build Coastguard Worker 
AddRngEntropy(const uint8_t * buf,size_t length) const122*789431f2SAndroid Build Coastguard Worker keymaster_error_t Keymaster2PassthroughContext::AddRngEntropy(const uint8_t* buf,
123*789431f2SAndroid Build Coastguard Worker                                                               size_t length) const {
124*789431f2SAndroid Build Coastguard Worker     return device_->add_rng_entropy(device_, buf, length);
125*789431f2SAndroid Build Coastguard Worker }
126*789431f2SAndroid Build Coastguard Worker 
enforcement_policy()127*789431f2SAndroid Build Coastguard Worker KeymasterEnforcement* Keymaster2PassthroughContext::enforcement_policy() {
128*789431f2SAndroid Build Coastguard Worker     return nullptr;
129*789431f2SAndroid Build Coastguard Worker }
130*789431f2SAndroid Build Coastguard Worker 
GenerateAttestation(const Key & key,const AuthorizationSet & attest_params,UniquePtr<Key>,const KeymasterBlob &,keymaster_error_t * error) const131*789431f2SAndroid Build Coastguard Worker CertificateChain Keymaster2PassthroughContext::GenerateAttestation(
132*789431f2SAndroid Build Coastguard Worker     const Key& key, const AuthorizationSet& attest_params, UniquePtr<Key> /* attest_key */,
133*789431f2SAndroid Build Coastguard Worker     const KeymasterBlob& /* issuer_subject */, keymaster_error_t* error) const {
134*789431f2SAndroid Build Coastguard Worker     keymaster_cert_chain_t cchain{};
135*789431f2SAndroid Build Coastguard Worker     auto rc = device_->attest_key(device_, &key.key_material(), &attest_params, &cchain);
136*789431f2SAndroid Build Coastguard Worker     if (rc != KM_ERROR_OK) {
137*789431f2SAndroid Build Coastguard Worker         *error = rc;
138*789431f2SAndroid Build Coastguard Worker         return {};
139*789431f2SAndroid Build Coastguard Worker     }
140*789431f2SAndroid Build Coastguard Worker 
141*789431f2SAndroid Build Coastguard Worker     CertificateChain retval = CertificateChain::clone(cchain);
142*789431f2SAndroid Build Coastguard Worker     keymaster_free_cert_chain(&cchain);
143*789431f2SAndroid Build Coastguard Worker     return retval;
144*789431f2SAndroid Build Coastguard Worker }
145*789431f2SAndroid Build Coastguard Worker 
UnwrapKey(const KeymasterKeyBlob &,const KeymasterKeyBlob &,const AuthorizationSet &,const KeymasterKeyBlob &,AuthorizationSet *,keymaster_key_format_t *,KeymasterKeyBlob *) const146*789431f2SAndroid Build Coastguard Worker keymaster_error_t Keymaster2PassthroughContext::UnwrapKey(
147*789431f2SAndroid Build Coastguard Worker     const KeymasterKeyBlob&, const KeymasterKeyBlob&, const AuthorizationSet&,
148*789431f2SAndroid Build Coastguard Worker     const KeymasterKeyBlob&, AuthorizationSet*, keymaster_key_format_t*, KeymasterKeyBlob*) const {
149*789431f2SAndroid Build Coastguard Worker     return KM_ERROR_UNIMPLEMENTED;
150*789431f2SAndroid Build Coastguard Worker }
151*789431f2SAndroid Build Coastguard Worker 
152*789431f2SAndroid Build Coastguard Worker }  // namespace keymaster
153