android10/system/keymaster/contexts/keymaster2_passthrough_context.cpp

/*
**
** Copyright 2017, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
**     http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/

#include <keymaster/contexts/keymaster2_passthrough_context.h>

#include <keymaster/legacy_support/keymaster_passthrough_key.h>
#include <keymaster/legacy_support/keymaster_passthrough_engine.h>

namespace keymaster {

Keymaster2PassthroughContext::Keymaster2PassthroughContext(keymaster2_device_t* dev)
        : device_(dev), engine_(KeymasterPassthroughEngine::createInstance(dev)) {

}

keymaster_error_t Keymaster2PassthroughContext::SetSystemVersion(uint32_t os_version,
        uint32_t os_patchlevel) {
    os_version_ = os_version;
    os_patchlevel_ = os_patchlevel;
    return KM_ERROR_OK;
}

void Keymaster2PassthroughContext::GetSystemVersion(uint32_t* os_version,
        uint32_t* os_patchlevel) const {
    if (os_version) *os_version = os_version_;
    if (os_patchlevel) *os_patchlevel = os_patchlevel_;
}

KeyFactory* Keymaster2PassthroughContext::GetKeyFactory(keymaster_algorithm_t algorithm) const {
    auto& result = factories_[algorithm];
    if (!result) {
        result.reset(new KeymasterPassthroughKeyFactory(engine_.get(), algorithm));
    }
    return result.get();
}
OperationFactory* Keymaster2PassthroughContext::GetOperationFactory(keymaster_algorithm_t algorithm,
        keymaster_purpose_t purpose) const {
    auto keyfactory = GetKeyFactory(algorithm);
    return keyfactory->GetOperationFactory(purpose);
}
keymaster_algorithm_t* Keymaster2PassthroughContext::GetSupportedAlgorithms(
        size_t* algorithms_count) const {
    if (algorithms_count) *algorithms_count = 0;
    return nullptr;
}

keymaster_error_t Keymaster2PassthroughContext::UpgradeKeyBlob(
        const KeymasterKeyBlob& key_to_upgrade, const AuthorizationSet& upgrade_params,
        KeymasterKeyBlob* upgraded_key) const {
    if (!upgraded_key) return KM_ERROR_UNEXPECTED_NULL_POINTER;
    *upgraded_key = {};
    return device_->upgrade_key(device_, &key_to_upgrade, &upgrade_params, upgraded_key);
}

keymaster_error_t Keymaster2PassthroughContext::ParseKeyBlob(const KeymasterKeyBlob& blob,
        const AuthorizationSet& additional_params, UniquePtr<Key>* key) const {
    keymaster_key_characteristics_t characteristics = {};
    keymaster_blob_t clientId;
    keymaster_blob_t applicationData;
    keymaster_blob_t* clientIdPtr = &clientId;
    keymaster_blob_t* applicationDataPtr = &applicationData;
    if (!additional_params.GetTagValue(TAG_APPLICATION_ID, clientIdPtr)) {
        clientIdPtr = nullptr;
    }
    if (!additional_params.GetTagValue(TAG_APPLICATION_DATA, applicationDataPtr)) {
        applicationDataPtr = nullptr;
    }

    auto rc = device_->get_key_characteristics(device_, &blob, clientIdPtr, applicationDataPtr,
                                               &characteristics);

    if (rc != KM_ERROR_OK) return rc;

    AuthorizationSet hw_enforced;
    AuthorizationSet sw_enforced;

    hw_enforced.Reinitialize(characteristics.hw_enforced);
    sw_enforced.Reinitialize(characteristics.sw_enforced);

    keymaster_free_characteristics(&characteristics);

    // GetKeyFactory
    keymaster_algorithm_t algorithm;
    if (!hw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm) &&
        !sw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm)) {
        return KM_ERROR_INVALID_ARGUMENT;
    }

    KeymasterKeyBlob key_material = blob;
    auto factory = GetKeyFactory(algorithm);
    return factory->LoadKey(move(key_material), additional_params, move(hw_enforced),
                            move(sw_enforced), key);
}

keymaster_error_t Keymaster2PassthroughContext::DeleteKey(const KeymasterKeyBlob& blob) const {
    return device_->delete_key(device_, &blob);
}

keymaster_error_t Keymaster2PassthroughContext::DeleteAllKeys() const {
    return device_->delete_all_keys(device_);
}

keymaster_error_t Keymaster2PassthroughContext::AddRngEntropy(const uint8_t* buf,
        size_t length) const {
    return device_->add_rng_entropy(device_, buf, length);
}


KeymasterEnforcement* Keymaster2PassthroughContext::enforcement_policy() {
    return nullptr;
}

keymaster_error_t Keymaster2PassthroughContext::GenerateAttestation(const Key& key,
        const AuthorizationSet& attest_params, CertChainPtr* cert_chain) const {
    if (!cert_chain) return KM_ERROR_UNEXPECTED_NULL_POINTER;

    keymaster_cert_chain_t cchain{};

    auto rc = device_->attest_key(device_, &key.key_material(), &attest_params, &cchain);
    if (rc == KM_ERROR_OK) {
        cert_chain->reset(new keymaster_cert_chain_t);
        **cert_chain = { new keymaster_blob_t[cchain.entry_count], cchain.entry_count };
        for (size_t i = 0; i < cchain.entry_count; ++i) {
            (*cert_chain)->entries[i] = { dup_array(cchain.entries[i].data,
                                              cchain.entries[i].data_length),
                                          cchain.entries[i].data_length };
            free(const_cast<uint8_t*>(cchain.entries[i].data));
        }
        free(cchain.entries);
    }
    return rc;
}

keymaster_error_t Keymaster2PassthroughContext::UnwrapKey(
    const KeymasterKeyBlob&, const KeymasterKeyBlob&, const AuthorizationSet&,
    const KeymasterKeyBlob&, AuthorizationSet*, keymaster_key_format_t*, KeymasterKeyBlob*) const {
    return KM_ERROR_UNIMPLEMENTED;
}

} // namespace keymaster