Gitiles
Code Review Sign In
review.blissroms.org / platform_hardware_interfaces / 0442918818c068adc5590f7fa5294dad3e30e5a3 / . / keymaster / 3.0 / default / KeymasterDevice.cpp
blob: 58102bba6223b45554ac81062b5ad1a502128853 [file] [log] [blame]
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]1/*
2 **
3 ** Copyright 2016, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18#define LOG_TAG "android.hardware.keymaster@3.0-impl"
19
20#include "KeymasterDevice.h"
21
22#include <cutils/log.h>
23
24#include <hardware/keymaster_defs.h>
25#include <keymaster/keymaster_configuration.h>
26#include <keymaster/soft_keymaster_device.h>
27
28namespace android {
29namespace hardware {
30namespace keymaster {
31namespace V3_0 {
32namespace implementation {
33
34using ::keymaster::SoftKeymasterDevice;
35
36class SoftwareOnlyHidlKeymasterEnforcement : public ::keymaster::KeymasterEnforcement {
37 public:
38 SoftwareOnlyHidlKeymasterEnforcement() : KeymasterEnforcement(64, 64) {}
39
40 uint32_t get_current_time() const override {
41 struct timespec tp;
42 int err = clock_gettime(CLOCK_MONOTONIC, &tp);
43 if (err || tp.tv_sec < 0) return 0;
44 return static_cast<uint32_t>(tp.tv_sec);
45 }
46
47 bool activation_date_valid(uint64_t) const override { return true; }
48 bool expiration_date_passed(uint64_t) const override { return false; }
49 bool auth_token_timed_out(const hw_auth_token_t&, uint32_t) const override { return false; }
50 bool ValidateTokenSignature(const hw_auth_token_t&) const override { return true; }
51};
52
53class SoftwareOnlyHidlKeymasterContext : public ::keymaster::SoftKeymasterContext {
54 public:
55 SoftwareOnlyHidlKeymasterContext() : enforcement_(new SoftwareOnlyHidlKeymasterEnforcement) {}
56
57 ::keymaster::KeymasterEnforcement* enforcement_policy() override { return enforcement_.get(); }
58
59 private:
60 std::unique_ptr<::keymaster::KeymasterEnforcement> enforcement_;
61};
62
Shawn Willden031b6052017-03-28 00:40:57 +0000[diff] [blame]63static int keymaster0_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]64 assert(mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0);
65 ALOGI("Found keymaster0 module %s, version %x", mod->name, mod->module_api_version);
66
67 UniquePtr<SoftKeymasterDevice> soft_keymaster(new SoftKeymasterDevice);
68 keymaster0_device_t* km0_device = NULL;
69 keymaster_error_t error = KM_ERROR_OK;
70
71 int rc = keymaster0_open(mod, &km0_device);
72 if (rc) {
73 ALOGE("Error opening keystore keymaster0 device.");
74 goto err;
75 }
76
77 if (km0_device->flags & KEYMASTER_SOFTWARE_ONLY) {
78 ALOGI("Keymaster0 module is software-only. Using SoftKeymasterDevice instead.");
79 km0_device->common.close(&km0_device->common);
80 km0_device = NULL;
81 // SoftKeymasterDevice will be deleted by keymaster_device_release()
82 *dev = soft_keymaster.release()->keymaster2_device();
83 return 0;
84 }
85
86 ALOGD("Wrapping keymaster0 module %s with SoftKeymasterDevice", mod->name);
87 error = soft_keymaster->SetHardwareDevice(km0_device);
88 km0_device = NULL; // SoftKeymasterDevice has taken ownership.
89 if (error != KM_ERROR_OK) {
90 ALOGE("Got error %d from SetHardwareDevice", error);
91 rc = error;
92 goto err;
93 }
94
95 // SoftKeymasterDevice will be deleted by keymaster_device_release()
96 *dev = soft_keymaster.release()->keymaster2_device();
97 return 0;
98
99err:
100 if (km0_device) km0_device->common.close(&km0_device->common);
101 *dev = NULL;
102 return rc;
103}
104
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]105static int keymaster1_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev,
106 bool* supports_all_digests) {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]107 assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0);
108 ALOGI("Found keymaster1 module %s, version %x", mod->name, mod->module_api_version);
109
110 UniquePtr<SoftKeymasterDevice> soft_keymaster(new SoftKeymasterDevice);
111 keymaster1_device_t* km1_device = nullptr;
112 keymaster_error_t error = KM_ERROR_OK;
113
114 int rc = keymaster1_open(mod, &km1_device);
115 if (rc) {
116 ALOGE("Error %d opening keystore keymaster1 device", rc);
117 goto err;
118 }
119
120 ALOGD("Wrapping keymaster1 module %s with SofKeymasterDevice", mod->name);
121 error = soft_keymaster->SetHardwareDevice(km1_device);
122 km1_device = nullptr; // SoftKeymasterDevice has taken ownership.
123 if (error != KM_ERROR_OK) {
124 ALOGE("Got error %d from SetHardwareDevice", error);
125 rc = error;
126 goto err;
127 }
128
129 // SoftKeymasterDevice will be deleted by keymaster_device_release()
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]130 *supports_all_digests = soft_keymaster->supports_all_digests();
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]131 *dev = soft_keymaster.release()->keymaster2_device();
132 return 0;
133
134err:
135 if (km1_device) km1_device->common.close(&km1_device->common);
136 *dev = NULL;
137 return rc;
138}
139
Shawn Willden031b6052017-03-28 00:40:57 +0000[diff] [blame]140static int keymaster2_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]141 assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_2_0);
142 ALOGI("Found keymaster2 module %s, version %x", mod->name, mod->module_api_version);
143
144 keymaster2_device_t* km2_device = nullptr;
145
146 int rc = keymaster2_open(mod, &km2_device);
147 if (rc) {
148 ALOGE("Error %d opening keystore keymaster2 device", rc);
149 goto err;
150 }
151
152 *dev = km2_device;
153 return 0;
154
155err:
156 if (km2_device) km2_device->common.close(&km2_device->common);
157 *dev = nullptr;
158 return rc;
159}
160
161static int keymaster_device_initialize(keymaster2_device_t** dev, uint32_t* version,
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]162 bool* supports_ec, bool* supports_all_digests) {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]163 const hw_module_t* mod;
164
165 *supports_ec = true;
166
167 int rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
168 if (rc) {
169 ALOGI("Could not find any keystore module, using software-only implementation.");
170 // SoftKeymasterDevice will be deleted by keymaster_device_release()
171 *dev = (new SoftKeymasterDevice(new SoftwareOnlyHidlKeymasterContext))->keymaster2_device();
172 *version = -1;
173 return 0;
174 }
175
176 if (mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0) {
177 *version = 0;
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]178 *supports_all_digests = false;
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]179 int rc = keymaster0_device_initialize(mod, dev);
180 if (rc == 0 && ((*dev)->flags & KEYMASTER_SUPPORTS_EC) == 0) {
181 *supports_ec = false;
182 }
183 return rc;
184 } else if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
185 *version = 1;
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]186 return keymaster1_device_initialize(mod, dev, supports_all_digests);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]187 } else {
188 *version = 2;
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]189 *supports_all_digests = true;
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]190 return keymaster2_device_initialize(mod, dev);
191 }
192}
193
194KeymasterDevice::~KeymasterDevice() {
195 if (keymaster_device_) keymaster_device_->common.close(&keymaster_device_->common);
196}
197
198static inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
199 return keymaster_tag_get_type(tag);
200}
201
202/**
203 * legacy_enum_conversion converts enums from hidl to keymaster and back. Currently, this is just a
204 * cast to make the compiler happy. One of two thigs should happen though:
205 * TODO The keymaster enums should become aliases for the hidl generated enums so that we have a
206 * single point of truth. Then this cast function can go away.
207 */
208inline static keymaster_tag_t legacy_enum_conversion(const Tag value) {
209 return keymaster_tag_t(value);
210}
211inline static Tag legacy_enum_conversion(const keymaster_tag_t value) {
212 return Tag(value);
213}
214inline static keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) {
215 return keymaster_purpose_t(value);
216}
217inline static keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) {
218 return keymaster_key_format_t(value);
219}
220inline static ErrorCode legacy_enum_conversion(const keymaster_error_t value) {
221 return ErrorCode(value);
222}
223
224class KmParamSet : public keymaster_key_param_set_t {
225 public:
226 KmParamSet(const hidl_vec<KeyParameter>& keyParams) {
227 params = new keymaster_key_param_t[keyParams.size()];
228 length = keyParams.size();
229 for (size_t i = 0; i < keyParams.size(); ++i) {
230 auto tag = legacy_enum_conversion(keyParams[i].tag);
231 switch (typeFromTag(tag)) {
232 case KM_ENUM:
233 case KM_ENUM_REP:
234 params[i] = keymaster_param_enum(tag, keyParams[i].f.integer);
235 break;
236 case KM_UINT:
237 case KM_UINT_REP:
238 params[i] = keymaster_param_int(tag, keyParams[i].f.integer);
239 break;
240 case KM_ULONG:
241 case KM_ULONG_REP:
242 params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger);
243 break;
244 case KM_DATE:
245 params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime);
246 break;
247 case KM_BOOL:
248 if (keyParams[i].f.boolValue)
249 params[i] = keymaster_param_bool(tag);
250 else
251 params[i].tag = KM_TAG_INVALID;
252 break;
253 case KM_BIGNUM:
254 case KM_BYTES:
255 params[i] =
256 keymaster_param_blob(tag, &keyParams[i].blob[0], keyParams[i].blob.size());
257 break;
258 case KM_INVALID:
259 default:
260 params[i].tag = KM_TAG_INVALID;
261 /* just skip */
262 break;
263 }
264 }
265 }
266 KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} {
267 other.length = 0;
268 other.params = nullptr;
269 }
270 KmParamSet(const KmParamSet&) = delete;
271 ~KmParamSet() { delete[] params; }
272};
273
274inline static KmParamSet hidlParams2KmParamSet(const hidl_vec<KeyParameter>& params) {
275 return KmParamSet(params);
276}
277
278inline static keymaster_blob_t hidlVec2KmBlob(const hidl_vec<uint8_t>& blob) {
279 /* hidl unmarshals funny pointers if the the blob is empty */
280 if (blob.size()) return {&blob[0], blob.size()};
281 return {nullptr, 0};
282}
283
284inline static keymaster_key_blob_t hidlVec2KmKeyBlob(const hidl_vec<uint8_t>& blob) {
285 /* hidl unmarshals funny pointers if the the blob is empty */
286 if (blob.size()) return {&blob[0], blob.size()};
287 return {nullptr, 0};
288}
289
290inline static hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_key_blob_t& blob) {
291 hidl_vec<uint8_t> result;
292 result.setToExternal(const_cast<unsigned char*>(blob.key_material), blob.key_material_size);
293 return result;
294}
295inline static hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_blob_t& blob) {
296 hidl_vec<uint8_t> result;
297 result.setToExternal(const_cast<unsigned char*>(blob.data), blob.data_length);
298 return result;
299}
300
301inline static hidl_vec<hidl_vec<uint8_t>>
302kmCertChain2Hidl(const keymaster_cert_chain_t* cert_chain) {
303 hidl_vec<hidl_vec<uint8_t>> result;
304 if (!cert_chain || cert_chain->entry_count == 0 || !cert_chain->entries) return result;
305
306 result.resize(cert_chain->entry_count);
307 for (size_t i = 0; i < cert_chain->entry_count; ++i) {
308 auto& entry = cert_chain->entries[i];
309 result[i] = kmBlob2hidlVec(entry);
310 }
311
312 return result;
313}
314
315static inline hidl_vec<KeyParameter> kmParamSet2Hidl(const keymaster_key_param_set_t& set) {
316 hidl_vec<KeyParameter> result;
317 if (set.length == 0 || set.params == nullptr) return result;
318
319 result.resize(set.length);
320 keymaster_key_param_t* params = set.params;
321 for (size_t i = 0; i < set.length; ++i) {
322 auto tag = params[i].tag;
323 result[i].tag = legacy_enum_conversion(tag);
324 switch (typeFromTag(tag)) {
325 case KM_ENUM:
326 case KM_ENUM_REP:
327 result[i].f.integer = params[i].enumerated;
328 break;
329 case KM_UINT:
330 case KM_UINT_REP:
331 result[i].f.integer = params[i].integer;
332 break;
333 case KM_ULONG:
334 case KM_ULONG_REP:
335 result[i].f.longInteger = params[i].long_integer;
336 break;
337 case KM_DATE:
338 result[i].f.dateTime = params[i].date_time;
339 break;
340 case KM_BOOL:
341 result[i].f.boolValue = params[i].boolean;
342 break;
343 case KM_BIGNUM:
344 case KM_BYTES:
345 result[i].blob.setToExternal(const_cast<unsigned char*>(params[i].blob.data),
346 params[i].blob.data_length);
347 break;
348 case KM_INVALID:
349 default:
350 params[i].tag = KM_TAG_INVALID;
351 /* just skip */
352 break;
353 }
354 }
355 return result;
356}
357
358// Methods from ::android::hardware::keymaster::V3_0::IKeymasterDevice follow.
359Return<void> KeymasterDevice::getHardwareFeatures(getHardwareFeatures_cb _hidl_cb) {
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]360 bool is_secure = !(keymaster_device_->flags & KEYMASTER_SOFTWARE_ONLY);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]361 bool supports_symmetric_cryptography = false;
362 bool supports_attestation = false;
363
364 switch (hardware_version_) {
365 case 2:
366 supports_attestation = true;
367 /* Falls through */
368 case 1:
369 supports_symmetric_cryptography = true;
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]370 break;
371 };
372
373 _hidl_cb(is_secure, hardware_supports_ec_, supports_symmetric_cryptography,
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]374 supports_attestation, hardware_supports_all_digests_,
375 keymaster_device_->common.module->name, keymaster_device_->common.module->author);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]376 return Void();
377}
378
379Return<ErrorCode> KeymasterDevice::addRngEntropy(const hidl_vec<uint8_t>& data) {
Bartosz Fabianowski50624e92017-02-13 16:50:24 +0100[diff] [blame]380 if (!data.size()) return ErrorCode::OK;
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]381 return legacy_enum_conversion(
382 keymaster_device_->add_rng_entropy(keymaster_device_, &data[0], data.size()));
383}
384
385Return<void> KeymasterDevice::generateKey(const hidl_vec<KeyParameter>& keyParams,
386 generateKey_cb _hidl_cb) {
387 // result variables for the wire
388 KeyCharacteristics resultCharacteristics;
389 hidl_vec<uint8_t> resultKeyBlob;
390
391 // result variables the backend understands
392 keymaster_key_blob_t key_blob{nullptr, 0};
393 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}};
394
395 // convert the parameter set to something our backend understands
396 auto kmParams = hidlParams2KmParamSet(keyParams);
397
398 auto rc = keymaster_device_->generate_key(keymaster_device_, &kmParams, &key_blob,
399 &key_characteristics);
400
401 if (rc == KM_ERROR_OK) {
402 // on success convert the result to wire format
403 resultKeyBlob = kmBlob2hidlVec(key_blob);
404 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced);
405 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced);
406 }
407
408 // send results off to the client
409 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob, resultCharacteristics);
410
411 // free buffers that we are responsible for
412 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material));
413 keymaster_free_characteristics(&key_characteristics);
414
415 return Void();
416}
417
418Return<void> KeymasterDevice::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
419 const hidl_vec<uint8_t>& clientId,
420 const hidl_vec<uint8_t>& appData,
421 getKeyCharacteristics_cb _hidl_cb) {
422 // result variables for the wire
423 KeyCharacteristics resultCharacteristics;
424
425 // result variables the backend understands
426 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}};
427
428 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob);
429 auto kmClientId = hidlVec2KmBlob(clientId);
430 auto kmAppData = hidlVec2KmBlob(appData);
431
432 auto rc = keymaster_device_->get_key_characteristics(
433 keymaster_device_, keyBlob.size() ? &kmKeyBlob : nullptr,
434 clientId.size() ? &kmClientId : nullptr, appData.size() ? &kmAppData : nullptr,
435 &key_characteristics);
436
437 if (rc == KM_ERROR_OK) {
438 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced);
439 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced);
440 }
441
442 _hidl_cb(legacy_enum_conversion(rc), resultCharacteristics);
443
444 keymaster_free_characteristics(&key_characteristics);
445
446 return Void();
447}
448
449Return<void> KeymasterDevice::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
450 const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) {
451 // result variables for the wire
452 KeyCharacteristics resultCharacteristics;
453 hidl_vec<uint8_t> resultKeyBlob;
454
455 // result variables the backend understands
456 keymaster_key_blob_t key_blob{nullptr, 0};
457 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}};
458
459 auto kmParams = hidlParams2KmParamSet(params);
460 auto kmKeyData = hidlVec2KmBlob(keyData);
461
462 auto rc = keymaster_device_->import_key(keymaster_device_, &kmParams,
463 legacy_enum_conversion(keyFormat), &kmKeyData,
464 &key_blob, &key_characteristics);
465
466 if (rc == KM_ERROR_OK) {
467 // on success convert the result to wire format
468 // (Can we assume that key_blob is {nullptr, 0} or a valid buffer description?)
469 resultKeyBlob = kmBlob2hidlVec(key_blob);
470 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced);
471 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced);
472 }
473
474 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob, resultCharacteristics);
475
476 // free buffers that we are responsible for
477 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material));
478 keymaster_free_characteristics(&key_characteristics);
479
480 return Void();
481}
482
483Return<void> KeymasterDevice::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
484 const hidl_vec<uint8_t>& clientId,
485 const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) {
486
487 // result variables for the wire
488 hidl_vec<uint8_t> resultKeyBlob;
489
490 // result variables the backend understands
491 keymaster_blob_t out_blob{nullptr, 0};
492
493 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob);
494 auto kmClientId = hidlVec2KmBlob(clientId);
495 auto kmAppData = hidlVec2KmBlob(appData);
496
497 auto rc = keymaster_device_->export_key(keymaster_device_, legacy_enum_conversion(exportFormat),
498 keyBlob.size() ? &kmKeyBlob : nullptr,
499 clientId.size() ? &kmClientId : nullptr,
500 appData.size() ? &kmAppData : nullptr, &out_blob);
501
502 if (rc == KM_ERROR_OK) {
503 // on success convert the result to wire format
504 // (Can we assume that key_blob is {nullptr, 0} or a valid buffer description?)
505 resultKeyBlob = kmBlob2hidlVec(out_blob);
506 }
507
508 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob);
509
510 // free buffers that we are responsible for
511 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data));
512
513 return Void();
514}
515
516Return<void> KeymasterDevice::attestKey(const hidl_vec<uint8_t>& keyToAttest,
517 const hidl_vec<KeyParameter>& attestParams,
518 attestKey_cb _hidl_cb) {
519
520 hidl_vec<hidl_vec<uint8_t>> resultCertChain;
521
Shawn Willdendc996562017-04-12 06:36:08 -0600[diff] [blame]522 bool foundAttestationApplicationId = false;
Bartosz Fabianowskiaac0fc72017-01-23 13:51:10 +0100[diff] [blame]523 for (size_t i = 0; i < attestParams.size(); ++i) {
524 switch (attestParams[i].tag) {
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]525 case Tag::ATTESTATION_ID_BRAND:
526 case Tag::ATTESTATION_ID_DEVICE:
527 case Tag::ATTESTATION_ID_PRODUCT:
528 case Tag::ATTESTATION_ID_SERIAL:
529 case Tag::ATTESTATION_ID_IMEI:
530 case Tag::ATTESTATION_ID_MEID:
531 // Device id attestation may only be supported if the device is able to permanently
532 // destroy its knowledge of the ids. This device is unable to do this, so it must
533 // never perform any device id attestation.
534 _hidl_cb(ErrorCode::CANNOT_ATTEST_IDS, resultCertChain);
535 return Void();
Shawn Willdendc996562017-04-12 06:36:08 -0600[diff] [blame]536
537 case Tag::ATTESTATION_APPLICATION_ID:
538 foundAttestationApplicationId = true;
539 break;
540
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]541 default:
542 break;
Bartosz Fabianowskiaac0fc72017-01-23 13:51:10 +0100[diff] [blame]543 }
544 }
545
Shawn Willdendc996562017-04-12 06:36:08 -0600[diff] [blame]546 // KM3 devices reject missing attest application IDs. KM2 devices do not.
547 if (!foundAttestationApplicationId) {
548 _hidl_cb(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING,
549 resultCertChain);
550 }
551
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]552 keymaster_cert_chain_t cert_chain{nullptr, 0};
553
554 auto kmKeyToAttest = hidlVec2KmKeyBlob(keyToAttest);
555 auto kmAttestParams = hidlParams2KmParamSet(attestParams);
556
557 auto rc = keymaster_device_->attest_key(keymaster_device_, &kmKeyToAttest, &kmAttestParams,
558 &cert_chain);
559
560 if (rc == KM_ERROR_OK) {
561 resultCertChain = kmCertChain2Hidl(&cert_chain);
562 }
563
564 _hidl_cb(legacy_enum_conversion(rc), resultCertChain);
565
566 keymaster_free_cert_chain(&cert_chain);
567
568 return Void();
569}
570
571Return<void> KeymasterDevice::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
572 const hidl_vec<KeyParameter>& upgradeParams,
573 upgradeKey_cb _hidl_cb) {
574
575 // result variables for the wire
576 hidl_vec<uint8_t> resultKeyBlob;
577
578 // result variables the backend understands
579 keymaster_key_blob_t key_blob{nullptr, 0};
580
581 auto kmKeyBlobToUpgrade = hidlVec2KmKeyBlob(keyBlobToUpgrade);
582 auto kmUpgradeParams = hidlParams2KmParamSet(upgradeParams);
583
584 auto rc = keymaster_device_->upgrade_key(keymaster_device_, &kmKeyBlobToUpgrade,
585 &kmUpgradeParams, &key_blob);
586
587 if (rc == KM_ERROR_OK) {
588 // on success convert the result to wire format
589 resultKeyBlob = kmBlob2hidlVec(key_blob);
590 }
591
592 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob);
593
594 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material));
595
596 return Void();
597}
598
599Return<ErrorCode> KeymasterDevice::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
Janis Danisevskisb77dbe32017-03-22 10:28:24 -0700[diff] [blame]600 if (keymaster_device_->delete_key == nullptr) {
601 return ErrorCode::UNIMPLEMENTED;
602 }
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]603 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob);
604 return legacy_enum_conversion(keymaster_device_->delete_key(keymaster_device_, &kmKeyBlob));
605}
606
607Return<ErrorCode> KeymasterDevice::deleteAllKeys() {
Bartosz Fabianowskiaac0fc72017-01-23 13:51:10 +0100[diff] [blame]608 if (keymaster_device_->delete_all_keys == nullptr) {
609 return ErrorCode::UNIMPLEMENTED;
610 }
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]611 return legacy_enum_conversion(keymaster_device_->delete_all_keys(keymaster_device_));
612}
613
Bartosz Fabianowskiaac0fc72017-01-23 13:51:10 +0100[diff] [blame]614Return<ErrorCode> KeymasterDevice::destroyAttestationIds() {
615 return ErrorCode::UNIMPLEMENTED;
616}
617
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]618Return<void> KeymasterDevice::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
619 const hidl_vec<KeyParameter>& inParams, begin_cb _hidl_cb) {
620
621 // result variables for the wire
622 hidl_vec<KeyParameter> resultParams;
623 uint64_t resultOpHandle = 0;
624
625 // result variables the backend understands
626 keymaster_key_param_set_t out_params{nullptr, 0};
627 keymaster_operation_handle_t& operation_handle = resultOpHandle;
628
629 auto kmKey = hidlVec2KmKeyBlob(key);
630 auto kmInParams = hidlParams2KmParamSet(inParams);
631
632 auto rc = keymaster_device_->begin(keymaster_device_, legacy_enum_conversion(purpose), &kmKey,
633 &kmInParams, &out_params, &operation_handle);
634
635 if (rc == KM_ERROR_OK) resultParams = kmParamSet2Hidl(out_params);
636
637 _hidl_cb(legacy_enum_conversion(rc), resultParams, resultOpHandle);
638
639 keymaster_free_param_set(&out_params);
640
641 return Void();
642}
643
644Return<void> KeymasterDevice::update(uint64_t operationHandle,
645 const hidl_vec<KeyParameter>& inParams,
646 const hidl_vec<uint8_t>& input, update_cb _hidl_cb) {
647 // result variables for the wire
648 uint32_t resultConsumed = 0;
649 hidl_vec<KeyParameter> resultParams;
650 hidl_vec<uint8_t> resultBlob;
651
652 // result variables the backend understands
653 size_t consumed = 0;
654 keymaster_key_param_set_t out_params{nullptr, 0};
655 keymaster_blob_t out_blob{nullptr, 0};
656
657 auto kmInParams = hidlParams2KmParamSet(inParams);
658 auto kmInput = hidlVec2KmBlob(input);
659
660 auto rc = keymaster_device_->update(keymaster_device_, operationHandle, &kmInParams, &kmInput,
661 &consumed, &out_params, &out_blob);
662
663 if (rc == KM_ERROR_OK) {
664 resultConsumed = consumed;
665 resultParams = kmParamSet2Hidl(out_params);
666 resultBlob = kmBlob2hidlVec(out_blob);
667 }
668
669 _hidl_cb(legacy_enum_conversion(rc), resultConsumed, resultParams, resultBlob);
670
671 keymaster_free_param_set(&out_params);
672 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data));
673
674 return Void();
675}
676
677Return<void> KeymasterDevice::finish(uint64_t operationHandle,
678 const hidl_vec<KeyParameter>& inParams,
679 const hidl_vec<uint8_t>& input,
680 const hidl_vec<uint8_t>& signature, finish_cb _hidl_cb) {
681 // result variables for the wire
682 hidl_vec<KeyParameter> resultParams;
683 hidl_vec<uint8_t> resultBlob;
684
685 // result variables the backend understands
686 keymaster_key_param_set_t out_params{nullptr, 0};
687 keymaster_blob_t out_blob{nullptr, 0};
688
689 auto kmInParams = hidlParams2KmParamSet(inParams);
690 auto kmInput = hidlVec2KmBlob(input);
691 auto kmSignature = hidlVec2KmBlob(signature);
692
693 auto rc = keymaster_device_->finish(keymaster_device_, operationHandle, &kmInParams, &kmInput,
694 &kmSignature, &out_params, &out_blob);
695
696 if (rc == KM_ERROR_OK) {
697 resultParams = kmParamSet2Hidl(out_params);
698 resultBlob = kmBlob2hidlVec(out_blob);
699 }
700
701 _hidl_cb(legacy_enum_conversion(rc), resultParams, resultBlob);
702
703 keymaster_free_param_set(&out_params);
704 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data));
705
706 return Void();
707}
708
709Return<ErrorCode> KeymasterDevice::abort(uint64_t operationHandle) {
710 return legacy_enum_conversion(keymaster_device_->abort(keymaster_device_, operationHandle));
711}
712
Shawn Willden63e15f02017-03-29 21:27:12 -0600[diff] [blame]713IKeymasterDevice* HIDL_FETCH_IKeymasterDevice(const char* name) {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]714 keymaster2_device_t* dev = nullptr;
715
Shawn Willden63e15f02017-03-29 21:27:12 -0600[diff] [blame]716 ALOGI("Fetching keymaster device name %s", name);
717
718 uint32_t version = -1;
719 bool supports_ec = false;
720 bool supports_all_digests = false;
721
722 if (name && strcmp(name, "softwareonly") == 0) {
723 dev = (new SoftKeymasterDevice(new SoftwareOnlyHidlKeymasterContext))->keymaster2_device();
724 } else if (name && strcmp(name, "default") == 0) {
725 auto rc = keymaster_device_initialize(&dev, &version, &supports_ec, &supports_all_digests);
726 if (rc) return nullptr;
727 }
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]728
729 auto kmrc = ::keymaster::ConfigureDevice(dev);
730 if (kmrc != KM_ERROR_OK) {
731 dev->common.close(&dev->common);
732 return nullptr;
733 }
734
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]735 return new KeymasterDevice(dev, version, supports_ec, supports_all_digests);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]736}
737
738} // namespace implementation
739} // namespace V3_0
740} // namespace keymaster
741} // namespace hardware
742} // namespace android