blob: d2840bbf58a762f08a67641be967a5cc2aba35d0 [file] [log] [blame]
// Copyright 2020 The Chromium OS Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <memory>
#include <string>
#include <base/macros.h>
#include <base/memory/ref_counted.h>
#include <base/memory/weak_ptr.h>
#include <brillo/secure_blob.h>
#include <chaps/pkcs11/cryptoki.h>
#include <hardware/keymaster_defs.h>
#include <keymaster/key.h>
#include <keymaster/key_factory.h>
#include <keymaster/operation.h>
#include "arc/keymaster/context/chaps_client.h"
#include "arc/keymaster/context/context_adaptor.h"
#include "arc/keymaster/context/crypto_operation.h"
#include "arc/keymaster/key_data.pb.h"
namespace arc {
namespace keymaster {
namespace context {
class CrosOperationFactory;
class CrosKeyFactory : public ::keymaster::KeyFactory {
CrosKeyFactory(base::WeakPtr<ContextAdaptor> context_adaptor,
keymaster_algorithm_t algorithm);
// Not copyable nor assignable.
CrosKeyFactory(const CrosKeyFactory&) = delete;
CrosKeyFactory& operator=(const CrosKeyFactory&) = delete;
// Creates a ::keymaster::Key object given an instance of KeyData.
// If the blob was generated by arc-keymasterd for a CrOS key (like chaps
// keys), this method will load it with the configuration necessary to execute
// operations on the original key in chaps.
// Returns error otherwise as the blob was either generated by Android or is
// invalid.
keymaster_error_t LoadKey(
KeyData&& key_data,
::keymaster::AuthorizationSet&& hw_enforced,
::keymaster::AuthorizationSet&& sw_enforced,
::keymaster::UniquePtr<::keymaster::Key>* key) const;
// Needed to implement pure virtual function in parent class and will return
// error. Should never be called.
keymaster_error_t LoadKey(
::keymaster::KeymasterKeyBlob&& key_material,
const ::keymaster::AuthorizationSet& additional_params,
::keymaster::AuthorizationSet&& hw_enforced,
::keymaster::AuthorizationSet&& sw_enforced,
::keymaster::UniquePtr<::keymaster::Key>* key) const override;
// Retrieve the operation factory for CrOS keys.
::keymaster::OperationFactory* GetOperationFactory(
keymaster_purpose_t purpose) const override;
// Key generation is not handled by this factory and will return error. Should
// never be called.
keymaster_error_t GenerateKey(
const ::keymaster::AuthorizationSet& key_description,
::keymaster::KeymasterKeyBlob* key_blob,
::keymaster::AuthorizationSet* hw_enforced,
::keymaster::AuthorizationSet* sw_enforced) const override;
// Key import is not handled by this factory and will return error. This
// method should never be called.
keymaster_error_t ImportKey(
const ::keymaster::AuthorizationSet& key_description,
keymaster_key_format_t input_key_material_format,
const ::keymaster::KeymasterKeyBlob& input_key_material,
::keymaster::KeymasterKeyBlob* output_key_blob,
::keymaster::AuthorizationSet* hw_enforced,
::keymaster::AuthorizationSet* sw_enforced) const override;
// Key import is not handled by this factory and this will return error. This
// method should never be called.
const keymaster_key_format_t* SupportedImportFormats(
size_t* format_count) const override;
// Key export is not handled by this factory and this will return error. This
// method should never be called.
const keymaster_key_format_t* SupportedExportFormats(
size_t* format_count) const override;
// Expose the dbus adaptor object to be used by operations.
const base::WeakPtr<ContextAdaptor>& context_adaptor() const {
return context_adaptor_;
base::WeakPtr<ContextAdaptor> context_adaptor_;
mutable std::unique_ptr<CrosOperationFactory> sign_factory_;
// Base class for Chrome OS keys.
class CrosKey : public ::keymaster::Key {
CrosKey(::keymaster::AuthorizationSet&& hw_enforced,
::keymaster::AuthorizationSet&& sw_enforced,
const CrosKeyFactory* key_factory,
KeyData&& key_data);
~CrosKey() override;
// Not copyable nor assignable.
CrosKey(const CrosKey&) = delete;
CrosKey& operator=(const CrosKey&) = delete;
const CrosKeyFactory* cros_key_factory() const {
return static_cast<const CrosKeyFactory*>(key_factory_);
const KeyData& key_data() const { return key_data_; }
KeyData key_data_;
class CrosOperationFactory : public ::keymaster::OperationFactory {
CrosOperationFactory(keymaster_algorithm_t algorithm,
keymaster_purpose_t purpose);
~CrosOperationFactory() override;
// Not copyable nor assignable.
CrosOperationFactory(const CrosOperationFactory&) = delete;
CrosOperationFactory& operator=(const CrosOperationFactory&) = delete;
// Informs what type of cryptographic operation this factory can handle.
KeyType registry_key() const override;
// Returns a |CrosOperation|.for the given key.
::keymaster::OperationPtr CreateOperation(
::keymaster::Key&& key,
const ::keymaster::AuthorizationSet& begin_params,
keymaster_error_t* error) override;
keymaster_algorithm_t algorithm_;
keymaster_purpose_t purpose_;
class CrosOperation : public ::keymaster::Operation {
CrosOperation(keymaster_purpose_t purpose, CrosKey&& key);
~CrosOperation() override;
// Not copyable nor assignable.
CrosOperation(const CrosOperation&) = delete;
CrosOperation& operator=(const CrosOperation&) = delete;
// Begins the operation.
keymaster_error_t Begin(
const ::keymaster::AuthorizationSet& /* input_params */,
::keymaster::AuthorizationSet* /* output_params */) override;
// Updates the operation with intermediate input and maybe produces
// intermediate output.
keymaster_error_t Update(
const ::keymaster::AuthorizationSet& /* input_params */,
const ::keymaster::Buffer& input,
::keymaster::AuthorizationSet* /* output_params */,
::keymaster::Buffer* /* output */,
size_t* input_consumed) override;
// Finishes the operation, possibly given a last piece of input and producing
// the final output.
keymaster_error_t Finish(
const ::keymaster::AuthorizationSet& /* input_params */,
const ::keymaster::Buffer& input,
const ::keymaster::Buffer& /* signature */,
::keymaster::AuthorizationSet* /* output_params */,
::keymaster::Buffer* output) override;
// Aborts the operation.
keymaster_error_t Abort() override;
std::unique_ptr<CryptoOperation> operation_;
} // namespace context
} // namespace keymaster
} // namespace arc