/*
* Copyright 2014 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include <keymaster/km_openssl/symmetric_key.h>
#include <assert.h>
#include <openssl/err.h>
#include <openssl/rand.h>
#include <keymaster/android_keymaster_utils.h>
#include <keymaster/keymaster_context.h>
#include <keymaster/km_openssl/aes_key.h>
#include <keymaster/km_openssl/hmac_key.h>
#include <keymaster/km_openssl/openssl_err.h>
#include <keymaster/logger.h>
namespace keymaster {
keymaster_error_t SymmetricKeyFactory::GenerateKey(const AuthorizationSet& key_description,
KeymasterKeyBlob* key_blob,
AuthorizationSet* hw_enforced,
AuthorizationSet* sw_enforced) const {
if (!key_blob || !hw_enforced || !sw_enforced)
return KM_ERROR_OUTPUT_PARAMETER_NULL;
uint32_t key_size_bits;
if (!key_description.GetTagValue(TAG_KEY_SIZE, &key_size_bits) ||
!key_size_supported(key_size_bits))
return KM_ERROR_UNSUPPORTED_KEY_SIZE;
keymaster_error_t error = validate_algorithm_specific_new_key_params(key_description);
if (error != KM_ERROR_OK)
return error;
size_t key_data_size = key_size_bytes(key_size_bits);
KeymasterKeyBlob key_material(key_data_size);
if (!key_material.key_material)
return KM_ERROR_MEMORY_ALLOCATION_FAILED;
error = random_source_.GenerateRandom(key_material.writable_data(), key_data_size);
if (error != KM_ERROR_OK) {
LOG_E("Error generating %d bit symmetric key", key_size_bits);
return error;
}
return blob_maker_.CreateKeyBlob(key_description, KM_ORIGIN_GENERATED, key_material, key_blob,
hw_enforced, sw_enforced);
}
keymaster_error_t SymmetricKeyFactory::ImportKey(const AuthorizationSet& key_description,
keymaster_key_format_t input_key_material_format,
const KeymasterKeyBlob& input_key_material,
KeymasterKeyBlob* output_key_blob,
AuthorizationSet* hw_enforced,
AuthorizationSet* sw_enforced) const {
if (!output_key_blob || !hw_enforced || !sw_enforced)
return KM_ERROR_OUTPUT_PARAMETER_NULL;
AuthorizationSet authorizations(key_description);
uint32_t key_bits;
if (!authorizations.GetTagValue(TAG_KEY_SIZE, &key_bits)) {
// Determine key size if not provided.
key_bits = key_size_bits(input_key_material.key_material_size);
authorizations.push_back(TAG_KEY_SIZE, key_bits);
}
keymaster_error_t error = validate_algorithm_specific_new_key_params(key_description);
if (error != KM_ERROR_OK) return error;
if (!key_size_supported(key_bits)) return KM_ERROR_UNSUPPORTED_KEY_SIZE;
if (input_key_material_format != KM_KEY_FORMAT_RAW) return KM_ERROR_UNSUPPORTED_KEY_FORMAT;
if (key_bits != key_size_bits(input_key_material.key_material_size)) {
LOG_E("Expected %d-bit key data but got %d-bit key", key_bits,
key_size_bits(input_key_material.key_material_size));
return KM_ERROR_INVALID_KEY_BLOB;
}
return blob_maker_.CreateKeyBlob(authorizations, KM_ORIGIN_IMPORTED, input_key_material,
output_key_blob, hw_enforced, sw_enforced);
}
static const keymaster_key_format_t supported_import_formats[] = {KM_KEY_FORMAT_RAW};
const keymaster_key_format_t*
SymmetricKeyFactory::SupportedImportFormats(size_t* format_count) const {
*format_count = array_length(supported_import_formats);
return supported_import_formats;
}
SymmetricKey::SymmetricKey(KeymasterKeyBlob&& key_material,
AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced,
const KeyFactory* key_factory)
: Key(move(hw_enforced), move(sw_enforced), key_factory) {
key_material_ = move(key_material);
}
SymmetricKey::~SymmetricKey() {}
} // namespace keymaster