/* * Copyright 2015 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "ec_keymaster1_key.h" #include <memory> #include <keymaster/logger.h> #include "ecdsa_keymaster1_operation.h" #include "ecdsa_operation.h" using std::unique_ptr; namespace keymaster { EcdsaKeymaster1KeyFactory::EcdsaKeymaster1KeyFactory(const SoftKeymasterContext* context, const Keymaster1Engine* engine) : EcKeyFactory(context), engine_(engine), sign_factory_(new EcdsaKeymaster1OperationFactory(KM_PURPOSE_SIGN, engine)), // For pubkey ops we can use the normal operation factories. verify_factory_(new EcdsaVerifyOperationFactory) {} static bool is_supported(uint32_t digest) { return digest == KM_DIGEST_NONE || digest == KM_DIGEST_SHA_2_256; } static void UpdateToWorkAroundUnsupportedDigests(const AuthorizationSet& key_description, AuthorizationSet* new_description) { bool have_unsupported_digests = false; bool have_digest_none = false; for (const keymaster_key_param_t& entry : key_description) { new_description->push_back(entry); if (entry.tag == TAG_DIGEST) { if (entry.enumerated == KM_DIGEST_NONE) { have_digest_none = true; } else if (!is_supported(entry.enumerated)) { LOG_D("Found request for unsupported digest %u", entry.enumerated); have_unsupported_digests = true; } } } if (have_unsupported_digests && !have_digest_none) { LOG_I("Adding KM_DIGEST_NONE to key authorization, to enable software digesting", 0); new_description->push_back(TAG_DIGEST, KM_DIGEST_NONE); } } keymaster_error_t EcdsaKeymaster1KeyFactory::GenerateKey(const AuthorizationSet& key_description, KeymasterKeyBlob* key_blob, AuthorizationSet* hw_enforced, AuthorizationSet* sw_enforced) const { AuthorizationSet key_params_copy; UpdateToWorkAroundUnsupportedDigests(key_description, &key_params_copy); return engine_->GenerateKey(key_params_copy, key_blob, hw_enforced, sw_enforced); } keymaster_error_t EcdsaKeymaster1KeyFactory::ImportKey( const AuthorizationSet& key_description, keymaster_key_format_t input_key_material_format, const KeymasterKeyBlob& input_key_material, KeymasterKeyBlob* output_key_blob, AuthorizationSet* hw_enforced, AuthorizationSet* sw_enforced) const { AuthorizationSet key_params_copy; UpdateToWorkAroundUnsupportedDigests(key_description, &key_params_copy); return engine_->ImportKey(key_params_copy, input_key_material_format, input_key_material, output_key_blob, hw_enforced, sw_enforced); } keymaster_error_t EcdsaKeymaster1KeyFactory::LoadKey(const KeymasterKeyBlob& key_material, const AuthorizationSet& additional_params, const AuthorizationSet& hw_enforced, const AuthorizationSet& sw_enforced, UniquePtr<Key>* key) const { if (!key) return KM_ERROR_OUTPUT_PARAMETER_NULL; keymaster_error_t error; unique_ptr<EC_KEY, EC_KEY_Delete> ecdsa( engine_->BuildEcKey(key_material, additional_params, &error)); if (!ecdsa) return error; key->reset(new (std::nothrow) EcdsaKeymaster1Key(ecdsa.release(), hw_enforced, sw_enforced, &error)); if (!key->get()) error = KM_ERROR_MEMORY_ALLOCATION_FAILED; if (error != KM_ERROR_OK) return error; return KM_ERROR_OK; } OperationFactory* EcdsaKeymaster1KeyFactory::GetOperationFactory(keymaster_purpose_t purpose) const { switch (purpose) { case KM_PURPOSE_SIGN: return sign_factory_.get(); case KM_PURPOSE_VERIFY: return verify_factory_.get(); default: return nullptr; } } } // namespace keymaster