Gitiles
Code Review Sign In
review.blissroms.org / platform_hardware_interfaces / 62f63c7ddbd08737e298a97975754225e5da0126 / . / keymaster / 3.0 / default / KeymasterDevice.cpp
blob: b2baa2bc9c0f4e4dc8ca256fd3047aae8e5d7da0 [file] [log] [blame]
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]1/*
2 **
3 ** Copyright 2016, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18#define LOG_TAG "android.hardware.keymaster@3.0-impl"
19
20#include "KeymasterDevice.h"
21
22#include <cutils/log.h>
23
24#include <hardware/keymaster_defs.h>
25#include <keymaster/keymaster_configuration.h>
26#include <keymaster/soft_keymaster_device.h>
27
28namespace android {
29namespace hardware {
30namespace keymaster {
31namespace V3_0 {
32namespace implementation {
33
34using ::keymaster::SoftKeymasterDevice;
35
Shawn Willden62f63c72017-02-17 12:23:51 -0700[diff] [blame^]36namespace {
37
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]38class SoftwareOnlyHidlKeymasterEnforcement : public ::keymaster::KeymasterEnforcement {
39 public:
40 SoftwareOnlyHidlKeymasterEnforcement() : KeymasterEnforcement(64, 64) {}
41
42 uint32_t get_current_time() const override {
43 struct timespec tp;
44 int err = clock_gettime(CLOCK_MONOTONIC, &tp);
45 if (err || tp.tv_sec < 0) return 0;
46 return static_cast<uint32_t>(tp.tv_sec);
47 }
48
49 bool activation_date_valid(uint64_t) const override { return true; }
50 bool expiration_date_passed(uint64_t) const override { return false; }
51 bool auth_token_timed_out(const hw_auth_token_t&, uint32_t) const override { return false; }
52 bool ValidateTokenSignature(const hw_auth_token_t&) const override { return true; }
53};
54
55class SoftwareOnlyHidlKeymasterContext : public ::keymaster::SoftKeymasterContext {
56 public:
57 SoftwareOnlyHidlKeymasterContext() : enforcement_(new SoftwareOnlyHidlKeymasterEnforcement) {}
58
59 ::keymaster::KeymasterEnforcement* enforcement_policy() override { return enforcement_.get(); }
60
61 private:
62 std::unique_ptr<::keymaster::KeymasterEnforcement> enforcement_;
63};
64
Shawn Willden62f63c72017-02-17 12:23:51 -0700[diff] [blame^]65int keymaster0_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]66 assert(mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0);
67 ALOGI("Found keymaster0 module %s, version %x", mod->name, mod->module_api_version);
68
69 UniquePtr<SoftKeymasterDevice> soft_keymaster(new SoftKeymasterDevice);
70 keymaster0_device_t* km0_device = NULL;
71 keymaster_error_t error = KM_ERROR_OK;
72
73 int rc = keymaster0_open(mod, &km0_device);
74 if (rc) {
75 ALOGE("Error opening keystore keymaster0 device.");
76 goto err;
77 }
78
79 if (km0_device->flags & KEYMASTER_SOFTWARE_ONLY) {
80 ALOGI("Keymaster0 module is software-only. Using SoftKeymasterDevice instead.");
81 km0_device->common.close(&km0_device->common);
82 km0_device = NULL;
83 // SoftKeymasterDevice will be deleted by keymaster_device_release()
84 *dev = soft_keymaster.release()->keymaster2_device();
85 return 0;
86 }
87
88 ALOGD("Wrapping keymaster0 module %s with SoftKeymasterDevice", mod->name);
89 error = soft_keymaster->SetHardwareDevice(km0_device);
90 km0_device = NULL; // SoftKeymasterDevice has taken ownership.
91 if (error != KM_ERROR_OK) {
92 ALOGE("Got error %d from SetHardwareDevice", error);
93 rc = error;
94 goto err;
95 }
96
97 // SoftKeymasterDevice will be deleted by keymaster_device_release()
98 *dev = soft_keymaster.release()->keymaster2_device();
99 return 0;
100
101err:
102 if (km0_device) km0_device->common.close(&km0_device->common);
103 *dev = NULL;
104 return rc;
105}
106
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]107static int keymaster1_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev,
108 bool* supports_all_digests) {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]109 assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0);
110 ALOGI("Found keymaster1 module %s, version %x", mod->name, mod->module_api_version);
111
112 UniquePtr<SoftKeymasterDevice> soft_keymaster(new SoftKeymasterDevice);
113 keymaster1_device_t* km1_device = nullptr;
114 keymaster_error_t error = KM_ERROR_OK;
115
116 int rc = keymaster1_open(mod, &km1_device);
117 if (rc) {
118 ALOGE("Error %d opening keystore keymaster1 device", rc);
119 goto err;
120 }
121
122 ALOGD("Wrapping keymaster1 module %s with SofKeymasterDevice", mod->name);
123 error = soft_keymaster->SetHardwareDevice(km1_device);
124 km1_device = nullptr; // SoftKeymasterDevice has taken ownership.
125 if (error != KM_ERROR_OK) {
126 ALOGE("Got error %d from SetHardwareDevice", error);
127 rc = error;
128 goto err;
129 }
130
131 // SoftKeymasterDevice will be deleted by keymaster_device_release()
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]132 *supports_all_digests = soft_keymaster->supports_all_digests();
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]133 *dev = soft_keymaster.release()->keymaster2_device();
134 return 0;
135
136err:
137 if (km1_device) km1_device->common.close(&km1_device->common);
138 *dev = NULL;
139 return rc;
140}
141
Shawn Willden62f63c72017-02-17 12:23:51 -0700[diff] [blame^]142int keymaster2_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]143 assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_2_0);
144 ALOGI("Found keymaster2 module %s, version %x", mod->name, mod->module_api_version);
145
146 keymaster2_device_t* km2_device = nullptr;
147
148 int rc = keymaster2_open(mod, &km2_device);
149 if (rc) {
150 ALOGE("Error %d opening keystore keymaster2 device", rc);
151 goto err;
152 }
153
154 *dev = km2_device;
155 return 0;
156
157err:
158 if (km2_device) km2_device->common.close(&km2_device->common);
159 *dev = nullptr;
160 return rc;
161}
162
163static int keymaster_device_initialize(keymaster2_device_t** dev, uint32_t* version,
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]164 bool* supports_ec, bool* supports_all_digests) {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]165 const hw_module_t* mod;
166
167 *supports_ec = true;
168
169 int rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
170 if (rc) {
171 ALOGI("Could not find any keystore module, using software-only implementation.");
172 // SoftKeymasterDevice will be deleted by keymaster_device_release()
173 *dev = (new SoftKeymasterDevice(new SoftwareOnlyHidlKeymasterContext))->keymaster2_device();
174 *version = -1;
175 return 0;
176 }
177
178 if (mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0) {
179 *version = 0;
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]180 *supports_all_digests = false;
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]181 int rc = keymaster0_device_initialize(mod, dev);
182 if (rc == 0 && ((*dev)->flags & KEYMASTER_SUPPORTS_EC) == 0) {
183 *supports_ec = false;
184 }
185 return rc;
186 } else if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
187 *version = 1;
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]188 return keymaster1_device_initialize(mod, dev, supports_all_digests);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]189 } else {
190 *version = 2;
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]191 *supports_all_digests = true;
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]192 return keymaster2_device_initialize(mod, dev);
193 }
194}
195
Shawn Willden62f63c72017-02-17 12:23:51 -0700[diff] [blame^]196template <typename IntType, uint32_t byteOrder> struct choose_ntoh;
197
198template <typename IntType> struct choose_ntoh<IntType, __ORDER_LITTLE_ENDIAN__> {
199 inline static IntType ntoh(const IntType& value) {
200 IntType result = 0;
201 const unsigned char* inbytes = reinterpret_cast<const unsigned char*>(&value);
202 unsigned char* outbytes = reinterpret_cast<unsigned char*>(&result);
203 for (int i = sizeof(IntType) - 1; i >= 0; --i) {
204 *(outbytes++) = inbytes[i];
205 }
206 return result;
207 }
208};
209
210template <typename IntType> struct choose_ntoh<IntType, __ORDER_BIG_ENDIAN__> {
211 inline static IntType hton(const IntType& value) { return value; }
212};
213
214template <typename IntType> inline IntType ntoh(const IntType& value) {
215 return choose_ntoh<IntType, __BYTE_ORDER__>::ntoh(value);
216}
217
218} // anonymous namespace
219
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]220KeymasterDevice::~KeymasterDevice() {
221 if (keymaster_device_) keymaster_device_->common.close(&keymaster_device_->common);
222}
223
224static inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
225 return keymaster_tag_get_type(tag);
226}
227
228/**
229 * legacy_enum_conversion converts enums from hidl to keymaster and back. Currently, this is just a
230 * cast to make the compiler happy. One of two thigs should happen though:
231 * TODO The keymaster enums should become aliases for the hidl generated enums so that we have a
232 * single point of truth. Then this cast function can go away.
233 */
234inline static keymaster_tag_t legacy_enum_conversion(const Tag value) {
235 return keymaster_tag_t(value);
236}
237inline static Tag legacy_enum_conversion(const keymaster_tag_t value) {
238 return Tag(value);
239}
240inline static keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) {
241 return keymaster_purpose_t(value);
242}
243inline static keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) {
244 return keymaster_key_format_t(value);
245}
246inline static ErrorCode legacy_enum_conversion(const keymaster_error_t value) {
247 return ErrorCode(value);
248}
249
250class KmParamSet : public keymaster_key_param_set_t {
251 public:
252 KmParamSet(const hidl_vec<KeyParameter>& keyParams) {
253 params = new keymaster_key_param_t[keyParams.size()];
254 length = keyParams.size();
255 for (size_t i = 0; i < keyParams.size(); ++i) {
256 auto tag = legacy_enum_conversion(keyParams[i].tag);
257 switch (typeFromTag(tag)) {
258 case KM_ENUM:
259 case KM_ENUM_REP:
260 params[i] = keymaster_param_enum(tag, keyParams[i].f.integer);
261 break;
262 case KM_UINT:
263 case KM_UINT_REP:
264 params[i] = keymaster_param_int(tag, keyParams[i].f.integer);
265 break;
266 case KM_ULONG:
267 case KM_ULONG_REP:
268 params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger);
269 break;
270 case KM_DATE:
271 params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime);
272 break;
273 case KM_BOOL:
274 if (keyParams[i].f.boolValue)
275 params[i] = keymaster_param_bool(tag);
276 else
277 params[i].tag = KM_TAG_INVALID;
278 break;
279 case KM_BIGNUM:
280 case KM_BYTES:
281 params[i] =
282 keymaster_param_blob(tag, &keyParams[i].blob[0], keyParams[i].blob.size());
283 break;
284 case KM_INVALID:
285 default:
286 params[i].tag = KM_TAG_INVALID;
287 /* just skip */
288 break;
289 }
290 }
291 }
292 KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} {
293 other.length = 0;
294 other.params = nullptr;
295 }
296 KmParamSet(const KmParamSet&) = delete;
297 ~KmParamSet() { delete[] params; }
298};
299
300inline static KmParamSet hidlParams2KmParamSet(const hidl_vec<KeyParameter>& params) {
301 return KmParamSet(params);
302}
303
304inline static keymaster_blob_t hidlVec2KmBlob(const hidl_vec<uint8_t>& blob) {
305 /* hidl unmarshals funny pointers if the the blob is empty */
306 if (blob.size()) return {&blob[0], blob.size()};
307 return {nullptr, 0};
308}
309
310inline static keymaster_key_blob_t hidlVec2KmKeyBlob(const hidl_vec<uint8_t>& blob) {
311 /* hidl unmarshals funny pointers if the the blob is empty */
312 if (blob.size()) return {&blob[0], blob.size()};
313 return {nullptr, 0};
314}
315
316inline static hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_key_blob_t& blob) {
317 hidl_vec<uint8_t> result;
318 result.setToExternal(const_cast<unsigned char*>(blob.key_material), blob.key_material_size);
319 return result;
320}
321inline static hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_blob_t& blob) {
322 hidl_vec<uint8_t> result;
323 result.setToExternal(const_cast<unsigned char*>(blob.data), blob.data_length);
324 return result;
325}
326
327inline static hidl_vec<hidl_vec<uint8_t>>
328kmCertChain2Hidl(const keymaster_cert_chain_t* cert_chain) {
329 hidl_vec<hidl_vec<uint8_t>> result;
330 if (!cert_chain || cert_chain->entry_count == 0 || !cert_chain->entries) return result;
331
332 result.resize(cert_chain->entry_count);
333 for (size_t i = 0; i < cert_chain->entry_count; ++i) {
334 auto& entry = cert_chain->entries[i];
335 result[i] = kmBlob2hidlVec(entry);
336 }
337
338 return result;
339}
340
341static inline hidl_vec<KeyParameter> kmParamSet2Hidl(const keymaster_key_param_set_t& set) {
342 hidl_vec<KeyParameter> result;
343 if (set.length == 0 || set.params == nullptr) return result;
344
345 result.resize(set.length);
346 keymaster_key_param_t* params = set.params;
347 for (size_t i = 0; i < set.length; ++i) {
348 auto tag = params[i].tag;
349 result[i].tag = legacy_enum_conversion(tag);
350 switch (typeFromTag(tag)) {
351 case KM_ENUM:
352 case KM_ENUM_REP:
353 result[i].f.integer = params[i].enumerated;
354 break;
355 case KM_UINT:
356 case KM_UINT_REP:
357 result[i].f.integer = params[i].integer;
358 break;
359 case KM_ULONG:
360 case KM_ULONG_REP:
361 result[i].f.longInteger = params[i].long_integer;
362 break;
363 case KM_DATE:
364 result[i].f.dateTime = params[i].date_time;
365 break;
366 case KM_BOOL:
367 result[i].f.boolValue = params[i].boolean;
368 break;
369 case KM_BIGNUM:
370 case KM_BYTES:
371 result[i].blob.setToExternal(const_cast<unsigned char*>(params[i].blob.data),
372 params[i].blob.data_length);
373 break;
374 case KM_INVALID:
375 default:
376 params[i].tag = KM_TAG_INVALID;
377 /* just skip */
378 break;
379 }
380 }
381 return result;
382}
383
384// Methods from ::android::hardware::keymaster::V3_0::IKeymasterDevice follow.
385Return<void> KeymasterDevice::getHardwareFeatures(getHardwareFeatures_cb _hidl_cb) {
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]386 bool is_secure = !(keymaster_device_->flags & KEYMASTER_SOFTWARE_ONLY);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]387 bool supports_symmetric_cryptography = false;
388 bool supports_attestation = false;
389
390 switch (hardware_version_) {
391 case 2:
392 supports_attestation = true;
393 /* Falls through */
394 case 1:
395 supports_symmetric_cryptography = true;
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]396 break;
397 };
398
399 _hidl_cb(is_secure, hardware_supports_ec_, supports_symmetric_cryptography,
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]400 supports_attestation, hardware_supports_all_digests_,
401 keymaster_device_->common.module->name, keymaster_device_->common.module->author);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]402 return Void();
403}
404
Shawn Willden62f63c72017-02-17 12:23:51 -0700[diff] [blame^]405Return<void> KeymasterDevice::parseHardwareAuthToken(const hidl_vec<uint8_t>& token,
406 parseHardwareAuthToken_cb _hidl_cb) {
407 HardwareAuthTokenInfo parsedToken;
408 if (token.size() != sizeof(hw_auth_token_t)) {
409 ALOGE("Received auth token of length %zu, expected %zu", token.size(),
410 sizeof(hw_auth_token_t));
411 _hidl_cb(ErrorCode::INVALID_ARGUMENT, parsedToken);
412 return Void();
413 }
414
415 const hw_auth_token_t* authToken = reinterpret_cast<const hw_auth_token_t*>(token.data());
416 if (authToken->version != 0) {
417 ALOGE("Auth token version %u, expected version ", authToken->version);
418 _hidl_cb(ErrorCode::INVALID_ARGUMENT, parsedToken);
419 return Void();
420 }
421
422 parsedToken.challenge = authToken->challenge;
423 parsedToken.userId = authToken->user_id;
424 parsedToken.authenticatorId = authToken->authenticator_id;
425 parsedToken.authenticatorType =
426 static_cast<HardwareAuthenticatorType>(ntoh(authToken->authenticator_type));
427 parsedToken.timestamp = ntoh(authToken->timestamp);
428
429 _hidl_cb(ErrorCode::OK, parsedToken);
430 return Void();
431}
432
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]433Return<ErrorCode> KeymasterDevice::addRngEntropy(const hidl_vec<uint8_t>& data) {
Bartosz Fabianowski50624e92017-02-13 16:50:24 +0100[diff] [blame]434 if (!data.size()) return ErrorCode::OK;
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]435 return legacy_enum_conversion(
436 keymaster_device_->add_rng_entropy(keymaster_device_, &data[0], data.size()));
437}
438
439Return<void> KeymasterDevice::generateKey(const hidl_vec<KeyParameter>& keyParams,
440 generateKey_cb _hidl_cb) {
441 // result variables for the wire
442 KeyCharacteristics resultCharacteristics;
443 hidl_vec<uint8_t> resultKeyBlob;
444
445 // result variables the backend understands
446 keymaster_key_blob_t key_blob{nullptr, 0};
447 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}};
448
449 // convert the parameter set to something our backend understands
450 auto kmParams = hidlParams2KmParamSet(keyParams);
451
452 auto rc = keymaster_device_->generate_key(keymaster_device_, &kmParams, &key_blob,
453 &key_characteristics);
454
455 if (rc == KM_ERROR_OK) {
456 // on success convert the result to wire format
457 resultKeyBlob = kmBlob2hidlVec(key_blob);
458 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced);
459 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced);
460 }
461
462 // send results off to the client
463 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob, resultCharacteristics);
464
465 // free buffers that we are responsible for
466 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material));
467 keymaster_free_characteristics(&key_characteristics);
468
469 return Void();
470}
471
472Return<void> KeymasterDevice::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
473 const hidl_vec<uint8_t>& clientId,
474 const hidl_vec<uint8_t>& appData,
475 getKeyCharacteristics_cb _hidl_cb) {
476 // result variables for the wire
477 KeyCharacteristics resultCharacteristics;
478
479 // result variables the backend understands
480 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}};
481
482 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob);
483 auto kmClientId = hidlVec2KmBlob(clientId);
484 auto kmAppData = hidlVec2KmBlob(appData);
485
486 auto rc = keymaster_device_->get_key_characteristics(
487 keymaster_device_, keyBlob.size() ? &kmKeyBlob : nullptr,
488 clientId.size() ? &kmClientId : nullptr, appData.size() ? &kmAppData : nullptr,
489 &key_characteristics);
490
491 if (rc == KM_ERROR_OK) {
492 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced);
493 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced);
494 }
495
496 _hidl_cb(legacy_enum_conversion(rc), resultCharacteristics);
497
498 keymaster_free_characteristics(&key_characteristics);
499
500 return Void();
501}
502
503Return<void> KeymasterDevice::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
504 const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) {
505 // result variables for the wire
506 KeyCharacteristics resultCharacteristics;
507 hidl_vec<uint8_t> resultKeyBlob;
508
509 // result variables the backend understands
510 keymaster_key_blob_t key_blob{nullptr, 0};
511 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}};
512
513 auto kmParams = hidlParams2KmParamSet(params);
514 auto kmKeyData = hidlVec2KmBlob(keyData);
515
516 auto rc = keymaster_device_->import_key(keymaster_device_, &kmParams,
517 legacy_enum_conversion(keyFormat), &kmKeyData,
518 &key_blob, &key_characteristics);
519
520 if (rc == KM_ERROR_OK) {
521 // on success convert the result to wire format
522 // (Can we assume that key_blob is {nullptr, 0} or a valid buffer description?)
523 resultKeyBlob = kmBlob2hidlVec(key_blob);
524 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced);
525 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced);
526 }
527
528 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob, resultCharacteristics);
529
530 // free buffers that we are responsible for
531 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material));
532 keymaster_free_characteristics(&key_characteristics);
533
534 return Void();
535}
536
537Return<void> KeymasterDevice::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
538 const hidl_vec<uint8_t>& clientId,
539 const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) {
540
541 // result variables for the wire
542 hidl_vec<uint8_t> resultKeyBlob;
543
544 // result variables the backend understands
545 keymaster_blob_t out_blob{nullptr, 0};
546
547 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob);
548 auto kmClientId = hidlVec2KmBlob(clientId);
549 auto kmAppData = hidlVec2KmBlob(appData);
550
551 auto rc = keymaster_device_->export_key(keymaster_device_, legacy_enum_conversion(exportFormat),
552 keyBlob.size() ? &kmKeyBlob : nullptr,
553 clientId.size() ? &kmClientId : nullptr,
554 appData.size() ? &kmAppData : nullptr, &out_blob);
555
556 if (rc == KM_ERROR_OK) {
557 // on success convert the result to wire format
558 // (Can we assume that key_blob is {nullptr, 0} or a valid buffer description?)
559 resultKeyBlob = kmBlob2hidlVec(out_blob);
560 }
561
562 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob);
563
564 // free buffers that we are responsible for
565 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data));
566
567 return Void();
568}
569
570Return<void> KeymasterDevice::attestKey(const hidl_vec<uint8_t>& keyToAttest,
571 const hidl_vec<KeyParameter>& attestParams,
572 attestKey_cb _hidl_cb) {
573
574 hidl_vec<hidl_vec<uint8_t>> resultCertChain;
575
Bartosz Fabianowskiaac0fc72017-01-23 13:51:10 +0100[diff] [blame]576 for (size_t i = 0; i < attestParams.size(); ++i) {
577 switch (attestParams[i].tag) {
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]578 case Tag::ATTESTATION_ID_BRAND:
579 case Tag::ATTESTATION_ID_DEVICE:
580 case Tag::ATTESTATION_ID_PRODUCT:
581 case Tag::ATTESTATION_ID_SERIAL:
582 case Tag::ATTESTATION_ID_IMEI:
583 case Tag::ATTESTATION_ID_MEID:
584 // Device id attestation may only be supported if the device is able to permanently
585 // destroy its knowledge of the ids. This device is unable to do this, so it must
586 // never perform any device id attestation.
587 _hidl_cb(ErrorCode::CANNOT_ATTEST_IDS, resultCertChain);
588 return Void();
589 default:
590 break;
Bartosz Fabianowskiaac0fc72017-01-23 13:51:10 +0100[diff] [blame]591 }
592 }
593
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]594 keymaster_cert_chain_t cert_chain{nullptr, 0};
595
596 auto kmKeyToAttest = hidlVec2KmKeyBlob(keyToAttest);
597 auto kmAttestParams = hidlParams2KmParamSet(attestParams);
598
599 auto rc = keymaster_device_->attest_key(keymaster_device_, &kmKeyToAttest, &kmAttestParams,
600 &cert_chain);
601
602 if (rc == KM_ERROR_OK) {
603 resultCertChain = kmCertChain2Hidl(&cert_chain);
604 }
605
606 _hidl_cb(legacy_enum_conversion(rc), resultCertChain);
607
608 keymaster_free_cert_chain(&cert_chain);
609
610 return Void();
611}
612
613Return<void> KeymasterDevice::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
614 const hidl_vec<KeyParameter>& upgradeParams,
615 upgradeKey_cb _hidl_cb) {
616
617 // result variables for the wire
618 hidl_vec<uint8_t> resultKeyBlob;
619
620 // result variables the backend understands
621 keymaster_key_blob_t key_blob{nullptr, 0};
622
623 auto kmKeyBlobToUpgrade = hidlVec2KmKeyBlob(keyBlobToUpgrade);
624 auto kmUpgradeParams = hidlParams2KmParamSet(upgradeParams);
625
626 auto rc = keymaster_device_->upgrade_key(keymaster_device_, &kmKeyBlobToUpgrade,
627 &kmUpgradeParams, &key_blob);
628
629 if (rc == KM_ERROR_OK) {
630 // on success convert the result to wire format
631 resultKeyBlob = kmBlob2hidlVec(key_blob);
632 }
633
634 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob);
635
636 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material));
637
638 return Void();
639}
640
641Return<ErrorCode> KeymasterDevice::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
Janis Danisevskisb77dbe32017-03-22 10:28:24 -0700[diff] [blame]642 if (keymaster_device_->delete_key == nullptr) {
643 return ErrorCode::UNIMPLEMENTED;
644 }
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]645 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob);
646 return legacy_enum_conversion(keymaster_device_->delete_key(keymaster_device_, &kmKeyBlob));
647}
648
649Return<ErrorCode> KeymasterDevice::deleteAllKeys() {
Bartosz Fabianowskiaac0fc72017-01-23 13:51:10 +0100[diff] [blame]650 if (keymaster_device_->delete_all_keys == nullptr) {
651 return ErrorCode::UNIMPLEMENTED;
652 }
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]653 return legacy_enum_conversion(keymaster_device_->delete_all_keys(keymaster_device_));
654}
655
Bartosz Fabianowskiaac0fc72017-01-23 13:51:10 +0100[diff] [blame]656Return<ErrorCode> KeymasterDevice::destroyAttestationIds() {
657 return ErrorCode::UNIMPLEMENTED;
658}
659
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]660Return<void> KeymasterDevice::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
661 const hidl_vec<KeyParameter>& inParams, begin_cb _hidl_cb) {
662
663 // result variables for the wire
664 hidl_vec<KeyParameter> resultParams;
665 uint64_t resultOpHandle = 0;
666
667 // result variables the backend understands
668 keymaster_key_param_set_t out_params{nullptr, 0};
669 keymaster_operation_handle_t& operation_handle = resultOpHandle;
670
671 auto kmKey = hidlVec2KmKeyBlob(key);
672 auto kmInParams = hidlParams2KmParamSet(inParams);
673
674 auto rc = keymaster_device_->begin(keymaster_device_, legacy_enum_conversion(purpose), &kmKey,
675 &kmInParams, &out_params, &operation_handle);
676
677 if (rc == KM_ERROR_OK) resultParams = kmParamSet2Hidl(out_params);
678
679 _hidl_cb(legacy_enum_conversion(rc), resultParams, resultOpHandle);
680
681 keymaster_free_param_set(&out_params);
682
683 return Void();
684}
685
686Return<void> KeymasterDevice::update(uint64_t operationHandle,
687 const hidl_vec<KeyParameter>& inParams,
688 const hidl_vec<uint8_t>& input, update_cb _hidl_cb) {
689 // result variables for the wire
690 uint32_t resultConsumed = 0;
691 hidl_vec<KeyParameter> resultParams;
692 hidl_vec<uint8_t> resultBlob;
693
694 // result variables the backend understands
695 size_t consumed = 0;
696 keymaster_key_param_set_t out_params{nullptr, 0};
697 keymaster_blob_t out_blob{nullptr, 0};
698
699 auto kmInParams = hidlParams2KmParamSet(inParams);
700 auto kmInput = hidlVec2KmBlob(input);
701
702 auto rc = keymaster_device_->update(keymaster_device_, operationHandle, &kmInParams, &kmInput,
703 &consumed, &out_params, &out_blob);
704
705 if (rc == KM_ERROR_OK) {
706 resultConsumed = consumed;
707 resultParams = kmParamSet2Hidl(out_params);
708 resultBlob = kmBlob2hidlVec(out_blob);
709 }
710
711 _hidl_cb(legacy_enum_conversion(rc), resultConsumed, resultParams, resultBlob);
712
713 keymaster_free_param_set(&out_params);
714 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data));
715
716 return Void();
717}
718
719Return<void> KeymasterDevice::finish(uint64_t operationHandle,
720 const hidl_vec<KeyParameter>& inParams,
721 const hidl_vec<uint8_t>& input,
722 const hidl_vec<uint8_t>& signature, finish_cb _hidl_cb) {
723 // result variables for the wire
724 hidl_vec<KeyParameter> resultParams;
725 hidl_vec<uint8_t> resultBlob;
726
727 // result variables the backend understands
728 keymaster_key_param_set_t out_params{nullptr, 0};
729 keymaster_blob_t out_blob{nullptr, 0};
730
731 auto kmInParams = hidlParams2KmParamSet(inParams);
732 auto kmInput = hidlVec2KmBlob(input);
733 auto kmSignature = hidlVec2KmBlob(signature);
734
735 auto rc = keymaster_device_->finish(keymaster_device_, operationHandle, &kmInParams, &kmInput,
736 &kmSignature, &out_params, &out_blob);
737
738 if (rc == KM_ERROR_OK) {
739 resultParams = kmParamSet2Hidl(out_params);
740 resultBlob = kmBlob2hidlVec(out_blob);
741 }
742
743 _hidl_cb(legacy_enum_conversion(rc), resultParams, resultBlob);
744
745 keymaster_free_param_set(&out_params);
746 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data));
747
748 return Void();
749}
750
751Return<ErrorCode> KeymasterDevice::abort(uint64_t operationHandle) {
752 return legacy_enum_conversion(keymaster_device_->abort(keymaster_device_, operationHandle));
753}
754
755IKeymasterDevice* HIDL_FETCH_IKeymasterDevice(const char* /* name */) {
756 keymaster2_device_t* dev = nullptr;
757
758 uint32_t version;
759 bool supports_ec;
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]760 bool supports_all_digests;
761 auto rc = keymaster_device_initialize(&dev, &version, &supports_ec, &supports_all_digests);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]762 if (rc) return nullptr;
763
764 auto kmrc = ::keymaster::ConfigureDevice(dev);
765 if (kmrc != KM_ERROR_OK) {
766 dev->common.close(&dev->common);
767 return nullptr;
768 }
769
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]770 return new KeymasterDevice(dev, version, supports_ec, supports_all_digests);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]771}
772
773} // namespace implementation
774} // namespace V3_0
775} // namespace keymaster
776} // namespace hardware
777} // namespace android