Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / 3414222e3ae3507681edb30cbd2a7527ed2946e4 / . / keymaster / 4.0 / support / Keymaster.cpp
blob: e8db0744e10fba54744f41e79a3d08e78ceaca78 [file] [log] [blame]
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]1/*
2 ** Copyright 2018, The Android Open Source Project
3 **
4 ** Licensed under the Apache License, Version 2.0 (the "License");
5 ** you may not use this file except in compliance with the License.
6 ** You may obtain a copy of the License at
7 **
8 ** http://www.apache.org/licenses/LICENSE-2.0
9 **
10 ** Unless required by applicable law or agreed to in writing, software
11 ** distributed under the License is distributed on an "AS IS" BASIS,
12 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 ** See the License for the specific language governing permissions and
14 ** limitations under the License.
15 */
16
17#include <keymasterV4_0/Keymaster.h>
18
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame]19#include <iomanip>
20
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]21#include <android-base/logging.h>
22#include <android/hidl/manager/1.0/IServiceManager.h>
23#include <keymasterV4_0/Keymaster3.h>
24#include <keymasterV4_0/Keymaster4.h>
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame]25#include <keymasterV4_0/key_param_output.h>
26#include <keymasterV4_0/keymaster_utils.h>
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]27
28namespace android {
29namespace hardware {
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame]30
31template <class T>
32std::ostream& operator<<(std::ostream& os, const hidl_vec<T>& vec) {
33 os << "{ ";
34 if (vec.size()) {
35 for (size_t i = 0; i < vec.size() - 1; ++i) os << vec[i] << ", ";
36 os << vec[vec.size() - 1];
37 }
38 os << " }";
39 return os;
40}
41
42std::ostream& operator<<(std::ostream& os, const hidl_vec<uint8_t>& vec) {
43 std::ios_base::fmtflags flags(os.flags());
44 os << std::setw(2) << std::setfill('0') << std::hex;
45 for (uint8_t c : vec) os << static_cast<int>(c);
46 os.flags(flags);
47 return os;
48}
49
50template <size_t N>
51std::ostream& operator<<(std::ostream& os, const hidl_array<uint8_t, N>& vec) {
52 std::ios_base::fmtflags flags(os.flags());
53 os << std::setw(2) << std::setfill('0') << std::hex;
54 for (size_t i = 0; i < N; ++i) os << static_cast<int>(vec[i]);
55 os.flags(flags);
56 return os;
57}
58
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]59namespace keymaster {
60namespace V4_0 {
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame]61
62std::ostream& operator<<(std::ostream& os, const HmacSharingParameters& params) {
63 // Note that by design, although seed and nonce are used to compute a secret, they are
64 // not secrets and it's just fine to log them.
65 os << "(seed: " << params.seed << ", nonce: " << params.nonce << ')';
66 return os;
67}
68
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]69namespace support {
70
71using ::android::sp;
72using ::android::hidl::manager::V1_0::IServiceManager;
73
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame]74std::ostream& operator<<(std::ostream& os, const Keymaster& keymaster) {
75 auto& version = keymaster.halVersion();
76 os << version.keymasterName << " from " << version.authorName
77 << " SecurityLevel: " << toString(version.securityLevel)
78 << " HAL: " << keymaster.descriptor() << "/" << keymaster.instanceName();
79 return os;
80}
81
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]82template <typename Wrapper>
83std::vector<std::unique_ptr<Keymaster>> enumerateDevices(
84 const sp<IServiceManager>& serviceManager) {
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame]85 Keymaster::KeymasterSet result;
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]86
87 bool foundDefault = false;
88 auto& descriptor = Wrapper::WrappedIKeymasterDevice::descriptor;
89 serviceManager->listByInterface(descriptor, [&](const hidl_vec<hidl_string>& names) {
90 for (auto& name : names) {
91 if (name == "default") foundDefault = true;
nagendra modadugu9c36c912018-03-30 17:07:55 -0700[diff] [blame]92 auto device = Wrapper::WrappedIKeymasterDevice::getService(name);
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]93 CHECK(device) << "Failed to get service for " << descriptor << " with interface name "
94 << name;
95 result.push_back(std::unique_ptr<Keymaster>(new Wrapper(device, name)));
96 }
97 });
98
99 if (!foundDefault) {
100 // "default" wasn't provided by listByInterface. Maybe there's a passthrough
101 // implementation.
102 auto device = Wrapper::WrappedIKeymasterDevice::getService("default");
103 if (device) result.push_back(std::unique_ptr<Keymaster>(new Wrapper(device, "default")));
104 }
105
106 return result;
107}
108
Janis Danisevskis34142222019-03-14 15:35:48 -0700[diff] [blame^]109void Keymaster::logIfKeymasterVendorError(ErrorCode ec) const {
110 static constexpr int32_t k_keymaster_vendor_error_code_range_max = -10000;
111 if (static_cast<int32_t>(ec) <= k_keymaster_vendor_error_code_range_max) {
112 const auto& versionInfo = halVersion();
113 LOG(ERROR) << "Keymaster reported error: " << static_cast<int32_t>(ec) << "\n"
114 << "NOTE: This is an error in the vendor specific error range.\n"
115 << " Refer to the vendor of the implementation for details.\n"
116 << " Implementation name: " << versionInfo.keymasterName << "\n"
117 << " Vendor name: " << versionInfo.authorName << "\n"
118 << " MajorVersion: " << versionInfo.majorVersion;
119 }
120}
121
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame]122Keymaster::KeymasterSet Keymaster::enumerateAvailableDevices() {
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]123 auto serviceManager = IServiceManager::getService();
124 CHECK(serviceManager) << "Could not retrieve ServiceManager";
125
126 auto km4s = enumerateDevices<Keymaster4>(serviceManager);
127 auto km3s = enumerateDevices<Keymaster3>(serviceManager);
128
129 auto result = std::move(km4s);
130 result.insert(result.end(), std::make_move_iterator(km3s.begin()),
131 std::make_move_iterator(km3s.end()));
132
133 std::sort(result.begin(), result.end(),
134 [](auto& a, auto& b) { return a->halVersion() > b->halVersion(); });
135
136 size_t i = 1;
137 LOG(INFO) << "List of Keymaster HALs found:";
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame]138 for (auto& hal : result) LOG(INFO) << "Keymaster HAL #" << i++ << ": " << *hal;
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]139
140 return result;
141}
142
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame]143static hidl_vec<HmacSharingParameters> getHmacParameters(
144 const Keymaster::KeymasterSet& keymasters) {
145 std::vector<HmacSharingParameters> params_vec;
146 params_vec.reserve(keymasters.size());
147 for (auto& keymaster : keymasters) {
148 if (keymaster->halVersion().majorVersion < 4) continue;
149 auto rc = keymaster->getHmacSharingParameters([&](auto error, auto& params) {
150 CHECK(error == ErrorCode::OK)
151 << "Failed to get HMAC parameters from " << *keymaster << " error " << error;
152 params_vec.push_back(params);
153 });
154 CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster
155 << " error: " << rc.description();
156 }
157 std::sort(params_vec.begin(), params_vec.end());
158
159 return params_vec;
160}
161
162static void computeHmac(const Keymaster::KeymasterSet& keymasters,
163 const hidl_vec<HmacSharingParameters>& params) {
164 if (!params.size()) return;
165
166 hidl_vec<uint8_t> sharingCheck;
167 bool firstKeymaster = true;
168 LOG(DEBUG) << "Computing HMAC with params " << params;
169 for (auto& keymaster : keymasters) {
170 if (keymaster->halVersion().majorVersion < 4) continue;
171 LOG(DEBUG) << "Computing HMAC for " << *keymaster;
Shawn Willden6dad2b32018-05-23 05:33:44 -0600[diff] [blame]172 auto rc = keymaster->computeSharedHmac(
173 params, [&](ErrorCode error, const hidl_vec<uint8_t>& curSharingCheck) {
174 CHECK(error == ErrorCode::OK)
175 << "Failed to get HMAC parameters from " << *keymaster << " error " << error;
176 if (firstKeymaster) {
177 sharingCheck = curSharingCheck;
178 firstKeymaster = false;
179 }
Janis Danisevskisa1c4e0e2018-06-19 19:08:15 -0700[diff] [blame]180 if (curSharingCheck != sharingCheck)
181 LOG(WARNING) << "HMAC computation failed for " << *keymaster //
182 << " Expected: " << sharingCheck //
183 << " got: " << curSharingCheck;
Shawn Willden6dad2b32018-05-23 05:33:44 -0600[diff] [blame]184 });
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame]185 CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster
186 << " error: " << rc.description();
187 }
188}
189
190void Keymaster::performHmacKeyAgreement(const KeymasterSet& keymasters) {
191 computeHmac(keymasters, getHmacParameters(keymasters));
192}
193
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]194} // namespace support
195} // namespace V4_0
196} // namespace keymaster
197} // namespace hardware
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame]198} // namespace android