ng/include/KeyMintUtils.h

/*
 * Copyright 2020, The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#pragma once

#include <aidl/android/hardware/security/keymint/Certificate.h>
#include <aidl/android/hardware/security/keymint/HardwareAuthToken.h>
#include <aidl/android/hardware/security/keymint/HardwareAuthenticatorType.h>
#include <aidl/android/hardware/security/keymint/KeyFormat.h>
#include <aidl/android/hardware/security/keymint/KeyParameter.h>
#include <aidl/android/hardware/security/keymint/KeyPurpose.h>
#include <aidl/android/hardware/security/keymint/SecurityLevel.h>
#include <aidl/android/hardware/security/keymint/Tag.h>

#include <keymaster/keymaster_enforcement.h>

namespace aidl::android::hardware::security::keymint::km_utils {

using ::ndk::ScopedAStatus;
using std::vector;

inline keymaster_tag_t legacy_enum_conversion(const Tag value) {
    return static_cast<keymaster_tag_t>(value);
}

inline Tag legacy_enum_conversion(const keymaster_tag_t value) {
    return static_cast<Tag>(value);
}

inline keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) {
    return static_cast<keymaster_purpose_t>(value);
}

inline keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) {
    return static_cast<keymaster_key_format_t>(value);
}

inline SecurityLevel legacy_enum_conversion(const keymaster_security_level_t value) {
    return static_cast<SecurityLevel>(value);
}

inline hw_authenticator_type_t legacy_enum_conversion(const HardwareAuthenticatorType value) {
    return static_cast<hw_authenticator_type_t>(value);
}

inline ScopedAStatus kmError2ScopedAStatus(const keymaster_error_t value) {
    return (value == KM_ERROR_OK
                ? ScopedAStatus::ok()
                : ScopedAStatus(AStatus_fromServiceSpecificError(static_cast<int32_t>(value))));
}

inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
    return keymaster_tag_get_type(tag);
}

KeyParameter kmParam2Aidl(const keymaster_key_param_t& param);
vector<KeyParameter> kmParamSet2Aidl(const keymaster_key_param_set_t& set);
keymaster_key_param_set_t aidlKeyParams2Km(const vector<KeyParameter>& keyParams);

class KmParamSet : public keymaster_key_param_set_t {
  public:
    explicit KmParamSet(const vector<KeyParameter>& keyParams)
        : keymaster_key_param_set_t(aidlKeyParams2Km(keyParams)) {}

    KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} {
        other.length = 0;
        other.params = nullptr;
    }

    KmParamSet(const KmParamSet&) = delete;
    ~KmParamSet() { keymaster_free_param_set(this); }
};

inline vector<uint8_t> kmBlob2vector(const keymaster_key_blob_t& blob) {
    vector<uint8_t> result(blob.key_material, blob.key_material + blob.key_material_size);
    return result;
}

inline vector<uint8_t> kmBlob2vector(const keymaster_blob_t& blob) {
    vector<uint8_t> result(blob.data, blob.data + blob.data_length);
    return result;
}

inline vector<uint8_t> kmBuffer2vector(const ::keymaster::Buffer& buf) {
    vector<uint8_t> result(buf.peek_read(), buf.peek_read() + buf.available_read());
    return result;
}

inline vector<Certificate> kmCertChain2Aidl(const keymaster_cert_chain_t& cert_chain) {
    vector<Certificate> result;
    if (!cert_chain.entry_count || !cert_chain.entries) return result;

    result.resize(cert_chain.entry_count);
    for (size_t i = 0; i < cert_chain.entry_count; ++i) {
        result[i].encodedCertificate = kmBlob2vector(cert_chain.entries[i]);
    }

    return result;
}

template <typename T, typename OutIter>
inline OutIter copy_bytes_to_iterator(const T& value, OutIter dest) {
    const uint8_t* value_ptr = reinterpret_cast<const uint8_t*>(&value);
    return std::copy(value_ptr, value_ptr + sizeof(value), dest);
}

vector<uint8_t> authToken2AidlVec(const std::optional<HardwareAuthToken>& token);

inline void addClientAndAppData(const vector<uint8_t>& clientId, const vector<uint8_t>& appData,
                                ::keymaster::AuthorizationSet* params) {
    params->Clear();
    if (clientId.size()) {
        params->push_back(::keymaster::TAG_APPLICATION_ID, clientId.data(), clientId.size());
    }
    if (appData.size()) {
        params->push_back(::keymaster::TAG_APPLICATION_DATA, appData.data(), appData.size());
    }
}

}  // namespace aidl::android::hardware::security::keymint::km_utils