Blame - include/keymaster/operation.h - platform_system_keymaster

blob: 564359501022110e83ebac41624c1b9bc6b1123d [file] [log] [blame]

Shawn Willden	0a4df7e	2014-08-28 16:09:05 -0600	[diff] [blame]	1	/*
				2	* Copyright 2014 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
				17	#ifndef SYSTEM_KEYMASTER_OPERATION_H_
				18	#define SYSTEM_KEYMASTER_OPERATION_H_
				19
T.J. Mercier	aed61b1	2022-07-26 23:20:07 +0000	[diff] [blame]	20	#include <utility>
				21
Shawn Willden	0a4df7e	2014-08-28 16:09:05 -0600	[diff] [blame]	22	#include <assert.h>
				23	#include <stdint.h>
				24	#include <stdlib.h>
				25
Shawn Willden	b9d584d	2015-01-22 16:35:00 -0700	[diff] [blame]	26	#include <hardware/keymaster_defs.h>
Shawn Willden	ada4850	2015-06-25 06:26:05 -0700	[diff] [blame]	27	#include <keymaster/android_keymaster_utils.h>
				28	#include <keymaster/authorization_set.h>
Shawn Willden	f6ca3a3	2014-09-11 15:11:32 -0600	[diff] [blame]	29	#include <keymaster/logger.h>
Shawn Willden	0a4df7e	2014-08-28 16:09:05 -0600	[diff] [blame]	30
				31	namespace keymaster {
				32
Shawn Willden	111edb3	2015-02-05 22:44:24 -0700	[diff] [blame]	33	class AuthorizationSet;
Shawn Willden	63ac043	2014-12-29 14:07:08 -0700	[diff] [blame]	34	class Key;
				35	class Operation;
Janis Danisevskis	dc877ae	2017-05-15 13:57:25 -0700	[diff] [blame]	36	using OperationPtr = UniquePtr<Operation>;
				37
Shawn Willden	63ac043	2014-12-29 14:07:08 -0700	[diff] [blame]	38	class OperationFactory {
				39	public:
				40	virtual ~OperationFactory() {}
				41
				42	// Required for registry
				43	struct KeyType {
				44	KeyType(keymaster_algorithm_t alg, keymaster_purpose_t purp)
				45	: algorithm(alg), purpose(purp) {}
				46
				47	keymaster_algorithm_t algorithm;
				48	keymaster_purpose_t purpose;
				49
				50	bool operator==(const KeyType& rhs) const {
				51	return algorithm == rhs.algorithm && purpose == rhs.purpose;
				52	}
				53	};
				54	virtual KeyType registry_key() const = 0;
				55
				56	// Factory methods
Shawn Willden	deffcb7	2018-01-07 23:34:58 -0700	[diff] [blame]	57	virtual OperationPtr CreateOperation(Key&& key, const AuthorizationSet& begin_params,
Matthew Maurer	a47727e	2019-04-04 00:09:39 +0000	[diff] [blame]	58	keymaster_error_t* error) = 0;
Shawn Willden	63ac043	2014-12-29 14:07:08 -0700	[diff] [blame]	59
				60	// Informational methods. The returned arrays reference static memory and must not be
				61	// deallocated or modified.
				62	virtual const keymaster_padding_t* SupportedPaddingModes(size_t* padding_count) const {
				63	*padding_count = 0;
Yi Kong	3712b27	2018-07-30 15:53:23 -0700	[diff] [blame]	64	return nullptr;
Shawn Willden	63ac043	2014-12-29 14:07:08 -0700	[diff] [blame]	65	}
				66	virtual const keymaster_block_mode_t* SupportedBlockModes(size_t* block_mode_count) const {
				67	*block_mode_count = 0;
Yi Kong	3712b27	2018-07-30 15:53:23 -0700	[diff] [blame]	68	return nullptr;
Shawn Willden	63ac043	2014-12-29 14:07:08 -0700	[diff] [blame]	69	}
				70	virtual const keymaster_digest_t* SupportedDigests(size_t* digest_count) const {
				71	*digest_count = 0;
Yi Kong	3712b27	2018-07-30 15:53:23 -0700	[diff] [blame]	72	return nullptr;
Shawn Willden	63ac043	2014-12-29 14:07:08 -0700	[diff] [blame]	73	}
Shawn Willden	d92591d	2014-12-30 18:19:10 -0700	[diff] [blame]	74
				75	// Convenience methods
				76	bool supported(keymaster_padding_t padding) const;
				77	bool supported(keymaster_block_mode_t padding) const;
				78	bool supported(keymaster_digest_t padding) const;
Shawn Willden	117a0cc	2015-06-01 07:05:41 -0600	[diff] [blame]	79
Shawn Willden	294a2db	2015-06-17 11:20:56 -0600	[diff] [blame]	80	bool is_public_key_operation() const;
				81
Shawn Willden	117a0cc	2015-06-01 07:05:41 -0600	[diff] [blame]	82	bool GetAndValidatePadding(const AuthorizationSet& begin_params, const Key& key,
				83	keymaster_padding_t* padding, keymaster_error_t* error) const;
				84	bool GetAndValidateDigest(const AuthorizationSet& begin_params, const Key& key,
				85	keymaster_digest_t* digest, keymaster_error_t* error) const;
Matthew Maurer	90174bd	2019-05-10 16:31:00 -0700	[diff] [blame]	86	bool GetAndValidateDigest(const AuthorizationSet& begin_params, const Key& key,
				87	keymaster_digest_t* digest, keymaster_error_t* error,
				88	bool require_explicit_digest) const;
Shawn Willden	63ac043	2014-12-29 14:07:08 -0700	[diff] [blame]	89	};
				90
Shawn Willden	0a4df7e	2014-08-28 16:09:05 -0600	[diff] [blame]	91	/**
				92	* Abstract base for all cryptographic operations.
				93	*/
				94	class Operation {
				95	public:
Shawn Willden	deffcb7	2018-01-07 23:34:58 -0700	[diff] [blame]	96	explicit Operation(keymaster_purpose_t purpose, AuthorizationSet&& hw_enforced,
				97	AuthorizationSet&& sw_enforced)
T.J. Mercier	aed61b1	2022-07-26 23:20:07 +0000	[diff] [blame]	98	: purpose_(purpose), hw_enforced_(std::move(hw_enforced)),
				99	sw_enforced_(std::move(sw_enforced)) {}
Shawn Willden	f6ca3a3	2014-09-11 15:11:32 -0600	[diff] [blame]	100	virtual ~Operation() {}
Shawn Willden	0a4df7e	2014-08-28 16:09:05 -0600	[diff] [blame]	101
Shawn Willden	deffcb7	2018-01-07 23:34:58 -0700	[diff] [blame]	102	Operation(const Operation&) = delete;
				103	void operator=(const Operation&) = delete;
				104
Shawn Willden	f6ca3a3	2014-09-11 15:11:32 -0600	[diff] [blame]	105	keymaster_purpose_t purpose() const { return purpose_; }
				106
Shawn Willden	ada4850	2015-06-25 06:26:05 -0700	[diff] [blame]	107	void set_key_id(uint64_t key_id) { key_id_ = key_id; }
				108	uint64_t key_id() const { return key_id_; }
Shawn Willden	2865c25	2021-07-31 15:34:12 -0600	[diff] [blame]	109	void set_secure_deletion_slot(uint32_t secure_deletion_slot) {
				110	secure_deletion_slot_ = secure_deletion_slot;
				111	}
				112	uint32_t secure_deletion_slot() const { return secure_deletion_slot_; }
Janis Danisevskis	f3dc0b8	2017-05-15 11:19:44 -0700	[diff] [blame]	113	virtual keymaster_operation_handle_t operation_handle() const { return operation_handle_; }
Shawn Willden	ada4850	2015-06-25 06:26:05 -0700	[diff] [blame]	114
Shawn Willden	deffcb7	2018-01-07 23:34:58 -0700	[diff] [blame]	115	AuthProxy authorizations() const { return AuthProxy(hw_enforced_, sw_enforced_); }
Qi Wu	d8b7921	2021-02-08 01:18:52 +0800	[diff] [blame]	116	AuthorizationSet hw_enforced() const { return hw_enforced_; }
				117	AuthorizationSet sw_enforced() const { return sw_enforced_; }
Shawn Willden	ada4850	2015-06-25 06:26:05 -0700	[diff] [blame]	118
David Zeuthen	1755a6c	2021-03-15 12:33:01 -0400	[diff] [blame]	119	// Creates and initializes \|confirmation_verifier_buffer_\| that can be retrieved with
				120	// get_confirmation_verifier_buffer().
				121	//
				122	// Returns false on allocation failure.
				123	bool create_confirmation_verifier_buffer() {
				124	if (!confirmation_verifier_buffer_) {
				125	Buffer* buffer = new (std::nothrow)
				126	Buffer(kConfirmationTokenMessageTag, kConfirmationTokenMessageTagSize);
				127	if (buffer == nullptr) {
				128	return false;
				129	}
				130	confirmation_verifier_buffer_.reset(buffer);
				131	}
				132	return true;
				133	}
				134
				135	// If a Buffer for ConfirmationUI verification was created with
				136	// create_confirmation_verifier_buffer(), returns it. If not, returns \|nullptr\|.
				137	Buffer* get_confirmation_verifier_buffer() { return confirmation_verifier_buffer_.get(); }
				138
Shawn Willden	111edb3	2015-02-05 22:44:24 -0700	[diff] [blame]	139	virtual keymaster_error_t Begin(const AuthorizationSet& input_params,
				140	AuthorizationSet* output_params) = 0;
Shawn Willden	ded8e7d	2015-06-01 15:29:12 -0600	[diff] [blame]	141	virtual keymaster_error_t Update(const AuthorizationSet& input_params, const Buffer& input,
				142	AuthorizationSet* output_params, Buffer* output,
				143	size_t* input_consumed) = 0;
Shawn Willden	cb647fe	2016-01-27 12:59:13 -0700	[diff] [blame]	144	virtual keymaster_error_t Finish(const AuthorizationSet& input_params, const Buffer& input,
				145	const Buffer& signature, AuthorizationSet* output_params,
				146	Buffer* output) = 0;
Shawn Willden	0a4df7e	2014-08-28 16:09:05 -0600	[diff] [blame]	147	virtual keymaster_error_t Abort() = 0;
				148
Shawn Willden	deffcb7	2018-01-07 23:34:58 -0700	[diff] [blame]	149	protected:
Shawn Willden	cb647fe	2016-01-27 12:59:13 -0700	[diff] [blame]	150	// Helper function for implementing Finish() methods that need to call Update() to process
				151	// input, but don't expect any output.
				152	keymaster_error_t UpdateForFinish(const AuthorizationSet& input_params, const Buffer& input);
Janis Danisevskis	f3dc0b8	2017-05-15 11:19:44 -0700	[diff] [blame]	153	keymaster_operation_handle_t operation_handle_;
Shawn Willden	cb647fe	2016-01-27 12:59:13 -0700	[diff] [blame]	154
Shawn Willden	0a4df7e	2014-08-28 16:09:05 -0600	[diff] [blame]	155	private:
				156	const keymaster_purpose_t purpose_;
Shawn Willden	deffcb7	2018-01-07 23:34:58 -0700	[diff] [blame]	157	AuthorizationSet hw_enforced_;
				158	AuthorizationSet sw_enforced_;
Shawn Willden	ada4850	2015-06-25 06:26:05 -0700	[diff] [blame]	159	uint64_t key_id_;
Shawn Willden	2865c25	2021-07-31 15:34:12 -0600	[diff] [blame]	160	uint32_t secure_deletion_slot_ = 0;
David Zeuthen	1755a6c	2021-03-15 12:33:01 -0400	[diff] [blame]	161	UniquePtr<Buffer> confirmation_verifier_buffer_;
Shawn Willden	0a4df7e	2014-08-28 16:09:05 -0600	[diff] [blame]	162	};
				163
				164	} // namespace keymaster
				165
				166	#endif // SYSTEM_KEYMASTER_OPERATION_H_