Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 1 | // Copyright 2019 The Chromium OS Authors. All rights reserved. |
Edman Anjos | 80c7b00 | 2018-11-16 15:01:24 +0100 | [diff] [blame] | 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef ARC_KEYMASTER_KEYMASTER_SERVER_H_ |
| 6 | #define ARC_KEYMASTER_KEYMASTER_SERVER_H_ |
| 7 | |
Edman Anjos | ebbef00 | 2020-05-15 17:20:20 +0200 | [diff] [blame] | 8 | #include <memory> |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 9 | #include <vector> |
| 10 | |
Edman Anjos | ebbef00 | 2020-05-15 17:20:20 +0200 | [diff] [blame] | 11 | #include <base/location.h> |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 12 | #include <base/macros.h> |
Edman Anjos | 44934ea | 2020-02-10 16:35:26 +0100 | [diff] [blame] | 13 | #include <base/memory/scoped_refptr.h> |
Edman Anjos | ebbef00 | 2020-05-15 17:20:20 +0200 | [diff] [blame] | 14 | #include <base/threading/thread.h> |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 15 | #include <keymaster/android_keymaster.h> |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 16 | #include <mojo/keymaster.mojom.h> |
Edman Anjos | 80c7b00 | 2018-11-16 15:01:24 +0100 | [diff] [blame] | 17 | |
Edman Anjos | 44934ea | 2020-02-10 16:35:26 +0100 | [diff] [blame] | 18 | #include "arc/keymaster/context/arc_keymaster_context.h" |
| 19 | |
Edman Anjos | 80c7b00 | 2018-11-16 15:01:24 +0100 | [diff] [blame] | 20 | namespace arc { |
| 21 | namespace keymaster { |
| 22 | |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 23 | // KeymasterServer is a Mojo implementation of the Keymaster 3 HIDL interface. |
Edman Anjos | ebbef00 | 2020-05-15 17:20:20 +0200 | [diff] [blame] | 24 | // It fulfills requests using the reference Android Keymaster implementation. |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 25 | class KeymasterServer : public arc::mojom::KeymasterServer { |
| 26 | public: |
Edman Anjos | ebbef00 | 2020-05-15 17:20:20 +0200 | [diff] [blame] | 27 | KeymasterServer(); |
| 28 | // Not copyable nor assignable. |
| 29 | KeymasterServer(const KeymasterServer&) = delete; |
| 30 | KeymasterServer& operator=(const KeymasterServer&) = delete; |
| 31 | ~KeymasterServer() override; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 32 | |
| 33 | void SetSystemVersion(uint32_t osVersion, uint32_t osPatchLevel) override; |
| 34 | |
| 35 | void AddRngEntropy(const std::vector<uint8_t>& data, |
Qijiang Fan | c013ae3 | 2020-04-16 02:18:03 +0900 | [diff] [blame] | 36 | AddRngEntropyCallback callback) override; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 37 | |
| 38 | void GetKeyCharacteristics( |
| 39 | ::arc::mojom::GetKeyCharacteristicsRequestPtr request, |
Qijiang Fan | c013ae3 | 2020-04-16 02:18:03 +0900 | [diff] [blame] | 40 | GetKeyCharacteristicsCallback callback) override; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 41 | |
| 42 | void GenerateKey(std::vector<mojom::KeyParameterPtr> key_params, |
Qijiang Fan | c013ae3 | 2020-04-16 02:18:03 +0900 | [diff] [blame] | 43 | GenerateKeyCallback callback) override; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 44 | |
| 45 | void ImportKey(arc::mojom::ImportKeyRequestPtr request, |
Qijiang Fan | c013ae3 | 2020-04-16 02:18:03 +0900 | [diff] [blame] | 46 | ImportKeyCallback callback) override; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 47 | |
| 48 | void ExportKey(arc::mojom::ExportKeyRequestPtr request, |
Qijiang Fan | c013ae3 | 2020-04-16 02:18:03 +0900 | [diff] [blame] | 49 | ExportKeyCallback callback) override; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 50 | |
| 51 | void AttestKey(arc::mojom::AttestKeyRequestPtr request, |
Qijiang Fan | c013ae3 | 2020-04-16 02:18:03 +0900 | [diff] [blame] | 52 | AttestKeyCallback callback) override; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 53 | |
| 54 | void UpgradeKey(arc::mojom::UpgradeKeyRequestPtr request, |
Qijiang Fan | c013ae3 | 2020-04-16 02:18:03 +0900 | [diff] [blame] | 55 | UpgradeKeyCallback callback) override; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 56 | |
| 57 | void DeleteKey(const std::vector<uint8_t>& key_blob, |
Qijiang Fan | c013ae3 | 2020-04-16 02:18:03 +0900 | [diff] [blame] | 58 | DeleteKeyCallback callback) override; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 59 | |
Qijiang Fan | c013ae3 | 2020-04-16 02:18:03 +0900 | [diff] [blame] | 60 | void DeleteAllKeys(DeleteKeyCallback callback) override; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 61 | |
| 62 | void Begin(arc::mojom::BeginRequestPtr request, |
Qijiang Fan | c013ae3 | 2020-04-16 02:18:03 +0900 | [diff] [blame] | 63 | BeginCallback callback) override; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 64 | |
| 65 | void Update(arc::mojom::UpdateRequestPtr request, |
Qijiang Fan | c013ae3 | 2020-04-16 02:18:03 +0900 | [diff] [blame] | 66 | UpdateCallback callback) override; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 67 | |
| 68 | void Finish(arc::mojom::FinishRequestPtr request, |
Qijiang Fan | c013ae3 | 2020-04-16 02:18:03 +0900 | [diff] [blame] | 69 | FinishCallback callback) override; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 70 | |
Qijiang Fan | c013ae3 | 2020-04-16 02:18:03 +0900 | [diff] [blame] | 71 | void Abort(uint64_t operationHandle, AbortCallback callback) override; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 72 | |
| 73 | private: |
Edman Anjos | ebbef00 | 2020-05-15 17:20:20 +0200 | [diff] [blame] | 74 | class Backend { |
| 75 | public: |
| 76 | Backend(); |
| 77 | // Not copyable nor assignable. |
| 78 | Backend(const Backend&) = delete; |
| 79 | Backend& operator=(const Backend&) = delete; |
| 80 | ~Backend(); |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 81 | |
Edman Anjos | ebbef00 | 2020-05-15 17:20:20 +0200 | [diff] [blame] | 82 | context::ArcKeymasterContext* context() { return context_; } |
| 83 | |
| 84 | ::keymaster::AndroidKeymaster* keymaster() { return &keymaster_; } |
| 85 | |
| 86 | private: |
| 87 | // Owned by |keymaster_|. |
| 88 | context::ArcKeymasterContext* context_; |
| 89 | ::keymaster::AndroidKeymaster keymaster_; |
| 90 | }; |
| 91 | |
| 92 | // Runs the AndroidKeymaster operation |member| with |request| as input in the |
| 93 | // background |backend_thread_|. |
| 94 | // |
| 95 | // The given |callback| is run with the output of the keymaster operation, |
| 96 | // after being posted to the original task runner that called this method. |
| 97 | template <typename KmMember, typename KmRequest, typename KmResponse> |
| 98 | void RunKeymasterRequest( |
| 99 | const base::Location& location, |
| 100 | KmMember member, |
| 101 | std::unique_ptr<KmRequest> request, |
| 102 | base::OnceCallback<void(std::unique_ptr<KmResponse>)> callback); |
| 103 | |
| 104 | // Encapsulates all fields that should only be accessed from the background |
| 105 | // |backend_thread_|. |
| 106 | // |
| 107 | // This must be created before |backend_thread_| and outlive it. There are no |
| 108 | // other thread safety requirements during construction or destruction. |
| 109 | Backend backend_; |
| 110 | |
| 111 | // Thread where Keymaster operations are executed. |
| 112 | // |
| 113 | // |base::Thread| guarantees that destruction waits until any leftover tasks |
| 114 | // are executed, so this must be destroyed before |backend_| is. |
| 115 | base::Thread backend_thread_; |
Edman Anjos | 9103e27 | 2019-04-15 18:32:47 +0200 | [diff] [blame] | 116 | }; |
Edman Anjos | 80c7b00 | 2018-11-16 15:01:24 +0100 | [diff] [blame] | 117 | |
| 118 | } // namespace keymaster |
| 119 | } // namespace arc |
| 120 | |
| 121 | #endif // ARC_KEYMASTER_KEYMASTER_SERVER_H_ |