Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 1ae66d80848cbaa6cb2bf9459f49d073e499022f / . / keymaster / 4.0 / support / Keymaster3.cpp
blob: b2cdbd92635fe9b328aeef3c830357a4ce982c5e [file] [log] [blame]
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]1/*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18#include <keymasterV4_0/Keymaster3.h>
19
20#include <android-base/logging.h>
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]21#include <keymasterV4_0/keymaster_utils.h>
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]22
23namespace android {
24namespace hardware {
25namespace keymaster {
26namespace V4_0 {
27namespace support {
28
29using android::hardware::details::StatusOf;
30
31namespace {
32
33ErrorCode convert(V3_0::ErrorCode error) {
34 return static_cast<ErrorCode>(error);
35}
36
37V3_0::KeyPurpose convert(KeyPurpose purpose) {
38 return static_cast<V3_0::KeyPurpose>(purpose);
39}
40
41V3_0::KeyFormat convert(KeyFormat purpose) {
42 return static_cast<V3_0::KeyFormat>(purpose);
43}
44
45V3_0::KeyParameter convert(const KeyParameter& param) {
46 V3_0::KeyParameter converted;
47 converted.tag = static_cast<V3_0::Tag>(param.tag);
48 static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
49 memcpy(&converted.f, &param.f, sizeof(param.f));
50 converted.blob = param.blob;
51 return converted;
52}
53
54KeyParameter convert(const V3_0::KeyParameter& param) {
55 KeyParameter converted;
56 converted.tag = static_cast<Tag>(param.tag);
57 static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
58 memcpy(&converted.f, &param.f, sizeof(param.f));
59 converted.blob = param.blob;
60 return converted;
61}
62
63hidl_vec<V3_0::KeyParameter> convert(const hidl_vec<KeyParameter>& params) {
Brian Young1ae66d82018-03-29 16:36:22 +0000[diff] [blame^]64 hidl_vec<V3_0::KeyParameter> converted(params.size());
65 for (size_t i = 0; i < params.size(); ++i) {
66 converted[i] = convert(params[i]);
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]67 }
68 return converted;
69}
70
71hidl_vec<KeyParameter> convert(const hidl_vec<V3_0::KeyParameter>& params) {
72 hidl_vec<KeyParameter> converted(params.size());
73 for (size_t i = 0; i < params.size(); ++i) {
74 converted[i] = convert(params[i]);
75 }
76 return converted;
77}
78
79template <typename T, typename OutIter>
80inline static OutIter copy_bytes_to_iterator(const T& value, OutIter dest) {
81 const uint8_t* value_ptr = reinterpret_cast<const uint8_t*>(&value);
82 return std::copy(value_ptr, value_ptr + sizeof(value), dest);
83}
84
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]85hidl_vec<V3_0::KeyParameter> convertAndAddAuthToken(const hidl_vec<KeyParameter>& params,
86 const HardwareAuthToken& authToken) {
87 hidl_vec<V3_0::KeyParameter> converted(params.size() + 1);
88 for (size_t i = 0; i < params.size(); ++i) {
89 converted[i] = convert(params[i]);
90 }
91 converted[params.size()].tag = V3_0::Tag::AUTH_TOKEN;
92 converted[params.size()].blob = authToken2HidlVec(authToken);
93
94 return converted;
95}
96
97KeyCharacteristics convert(const V3_0::KeyCharacteristics& chars) {
98 KeyCharacteristics converted;
99 converted.hardwareEnforced = convert(chars.teeEnforced);
100 converted.softwareEnforced = convert(chars.softwareEnforced);
101 return converted;
102}
103
104} // namespace
105
106void Keymaster3::getVersionIfNeeded() {
107 if (haveVersion_) return;
108
109 auto rc = km3_dev_->getHardwareFeatures(
110 [&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
111 bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName,
112 const hidl_string& keymasterAuthorName) {
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]113 version_ = {keymasterName, keymasterAuthorName, 0 /* major version, filled below */,
114 isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE,
115 supportsEllipticCurve};
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]116 supportsSymmetricCryptography_ = supportsSymmetricCryptography;
117 supportsAttestation_ = supportsAttestation;
118 supportsAllDigests_ = supportsAllDigests;
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]119 });
120
121 CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features";
122
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]123 if (version_.securityLevel == SecurityLevel::SOFTWARE) {
124 version_.majorVersion = 3;
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]125 } else if (supportsAttestation_) {
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]126 version_.majorVersion = 3; // Could be 2, doesn't matter.
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]127 } else if (supportsSymmetricCryptography_) {
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]128 version_.majorVersion = 1;
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]129 } else {
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]130 version_.majorVersion = 0;
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]131 }
132}
133
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]134Return<void> Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb) {
135 getVersionIfNeeded();
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]136 _hidl_cb(version_.securityLevel,
137 std::string(version_.keymasterName) + " (wrapped by keystore::Keymaster3)",
138 version_.authorName);
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]139 return Void();
140}
141
142Return<ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) {
143 auto rc = km3_dev_->addRngEntropy(data);
144 if (!rc.isOk()) {
145 return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
146 }
147 return convert(rc);
148}
149
150Return<void> Keymaster3::generateKey(const hidl_vec<KeyParameter>& keyParams,
151 generateKey_cb _hidl_cb) {
152 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
153 const V3_0::KeyCharacteristics& characteristics) {
154 _hidl_cb(convert(error), keyBlob, convert(characteristics));
155 };
156 auto rc = km3_dev_->generateKey(convert(keyParams), cb);
157 rc.isOk(); // move ctor prereq
158 return rc;
159}
160
161Return<void> Keymaster3::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
162 const hidl_vec<uint8_t>& clientId,
163 const hidl_vec<uint8_t>& appData,
164 getKeyCharacteristics_cb _hidl_cb) {
165 auto cb = [&](V3_0::ErrorCode error, const V3_0::KeyCharacteristics& chars) {
166 _hidl_cb(convert(error), convert(chars));
167 };
168
169 auto rc = km3_dev_->getKeyCharacteristics(keyBlob, clientId, appData, cb);
170 rc.isOk(); // move ctor prereq
171 return rc;
172}
173
174Return<void> Keymaster3::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
175 const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) {
176 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
177 const V3_0::KeyCharacteristics& chars) {
178 _hidl_cb(convert(error), keyBlob, convert(chars));
179 };
180 auto rc = km3_dev_->importKey(convert(params), convert(keyFormat), keyData, cb);
181 rc.isOk(); // move ctor prereq
182 return rc;
183}
184
185Return<void> Keymaster3::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
186 const hidl_vec<uint8_t>& clientId,
187 const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) {
188 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyMaterial) {
189 _hidl_cb(convert(error), keyMaterial);
190 };
191 auto rc = km3_dev_->exportKey(convert(exportFormat), keyBlob, clientId, appData, cb);
192 rc.isOk(); // move ctor prereq
193 return rc;
194}
195
196Return<void> Keymaster3::attestKey(const hidl_vec<uint8_t>& keyToAttest,
197 const hidl_vec<KeyParameter>& attestParams,
198 attestKey_cb _hidl_cb) {
199 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<hidl_vec<uint8_t>>& certChain) {
200 _hidl_cb(convert(error), certChain);
201 };
202 auto rc = km3_dev_->attestKey(keyToAttest, convert(attestParams), cb);
203 rc.isOk(); // move ctor prereq
204 return rc;
205}
206
207Return<void> Keymaster3::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
208 const hidl_vec<KeyParameter>& upgradeParams,
209 upgradeKey_cb _hidl_cb) {
210 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& upgradedKeyBlob) {
211 _hidl_cb(convert(error), upgradedKeyBlob);
212 };
213 auto rc = km3_dev_->upgradeKey(keyBlobToUpgrade, convert(upgradeParams), cb);
214 rc.isOk(); // move ctor prereq
215 return rc;
216}
217
218Return<ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
219 auto rc = km3_dev_->deleteKey(keyBlob);
220 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
221 return convert(rc);
222}
223
224Return<ErrorCode> Keymaster3::deleteAllKeys() {
225 auto rc = km3_dev_->deleteAllKeys();
226 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
227 return convert(rc);
228}
229
230Return<ErrorCode> Keymaster3::destroyAttestationIds() {
231 auto rc = km3_dev_->destroyAttestationIds();
232 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
233 return convert(rc);
234}
235
236Return<void> Keymaster3::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
237 const hidl_vec<KeyParameter>& inParams,
238 const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
239 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<V3_0::KeyParameter>& outParams,
240 OperationHandle operationHandle) {
241 _hidl_cb(convert(error), convert(outParams), operationHandle);
242 };
243
244 auto rc =
245 km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb);
246 rc.isOk(); // move ctor prereq
247 return rc;
248}
249
250Return<void> Keymaster3::update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
251 const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
252 const VerificationToken& /* verificationToken */,
253 update_cb _hidl_cb) {
254 auto cb = [&](V3_0::ErrorCode error, uint32_t inputConsumed,
255 const hidl_vec<V3_0::KeyParameter>& outParams, const hidl_vec<uint8_t>& output) {
256 _hidl_cb(convert(error), inputConsumed, convert(outParams), output);
257 };
258
259 auto rc =
260 km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input, cb);
261 rc.isOk(); // move ctor prereq
262 return rc;
263}
264
265Return<void> Keymaster3::finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
266 const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
267 const HardwareAuthToken& authToken,
268 const VerificationToken& /* verificationToken */,
269 finish_cb _hidl_cb) {
270 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<V3_0::KeyParameter>& outParams,
271 const hidl_vec<uint8_t>& output) {
272 _hidl_cb(convert(error), convert(outParams), output);
273 };
274
275 auto rc = km3_dev_->finish(operationHandle, convertAndAddAuthToken(inParams, authToken), input,
276 signature, cb);
277 rc.isOk(); // move ctor prereq
278 return rc;
279}
280
281Return<ErrorCode> Keymaster3::abort(uint64_t operationHandle) {
282 auto rc = km3_dev_->abort(operationHandle);
283 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
284 return convert(rc);
285}
286
287} // namespace support
288} // namespace V4_0
289} // namespace keymaster
290} // namespace hardware
291} // namespace android