Shawn Willden | 98b998b | 2018-01-20 11:48:53 -0700 | [diff] [blame] | 1 | /* |
| 2 | ** Copyright 2018, The Android Open Source Project |
| 3 | ** |
| 4 | ** Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | ** you may not use this file except in compliance with the License. |
| 6 | ** You may obtain a copy of the License at |
| 7 | ** |
| 8 | ** http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | ** |
| 10 | ** Unless required by applicable law or agreed to in writing, software |
| 11 | ** distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | ** See the License for the specific language governing permissions and |
| 14 | ** limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include <keymasterV4_0/Keymaster.h> |
| 18 | |
Shawn Willden | f0f05d4 | 2018-05-01 17:08:39 -0600 | [diff] [blame] | 19 | #include <iomanip> |
| 20 | |
Shawn Willden | 98b998b | 2018-01-20 11:48:53 -0700 | [diff] [blame] | 21 | #include <android-base/logging.h> |
| 22 | #include <android/hidl/manager/1.0/IServiceManager.h> |
| 23 | #include <keymasterV4_0/Keymaster3.h> |
| 24 | #include <keymasterV4_0/Keymaster4.h> |
Shawn Willden | f0f05d4 | 2018-05-01 17:08:39 -0600 | [diff] [blame] | 25 | #include <keymasterV4_0/key_param_output.h> |
| 26 | #include <keymasterV4_0/keymaster_utils.h> |
Shawn Willden | 98b998b | 2018-01-20 11:48:53 -0700 | [diff] [blame] | 27 | |
| 28 | namespace android { |
| 29 | namespace hardware { |
Shawn Willden | f0f05d4 | 2018-05-01 17:08:39 -0600 | [diff] [blame] | 30 | |
| 31 | template <class T> |
| 32 | std::ostream& operator<<(std::ostream& os, const hidl_vec<T>& vec) { |
| 33 | os << "{ "; |
| 34 | if (vec.size()) { |
| 35 | for (size_t i = 0; i < vec.size() - 1; ++i) os << vec[i] << ", "; |
| 36 | os << vec[vec.size() - 1]; |
| 37 | } |
| 38 | os << " }"; |
| 39 | return os; |
| 40 | } |
| 41 | |
| 42 | std::ostream& operator<<(std::ostream& os, const hidl_vec<uint8_t>& vec) { |
| 43 | std::ios_base::fmtflags flags(os.flags()); |
| 44 | os << std::setw(2) << std::setfill('0') << std::hex; |
| 45 | for (uint8_t c : vec) os << static_cast<int>(c); |
| 46 | os.flags(flags); |
| 47 | return os; |
| 48 | } |
| 49 | |
| 50 | template <size_t N> |
| 51 | std::ostream& operator<<(std::ostream& os, const hidl_array<uint8_t, N>& vec) { |
| 52 | std::ios_base::fmtflags flags(os.flags()); |
| 53 | os << std::setw(2) << std::setfill('0') << std::hex; |
| 54 | for (size_t i = 0; i < N; ++i) os << static_cast<int>(vec[i]); |
| 55 | os.flags(flags); |
| 56 | return os; |
| 57 | } |
| 58 | |
Shawn Willden | 98b998b | 2018-01-20 11:48:53 -0700 | [diff] [blame] | 59 | namespace keymaster { |
| 60 | namespace V4_0 { |
Shawn Willden | f0f05d4 | 2018-05-01 17:08:39 -0600 | [diff] [blame] | 61 | |
| 62 | std::ostream& operator<<(std::ostream& os, const HmacSharingParameters& params) { |
| 63 | // Note that by design, although seed and nonce are used to compute a secret, they are |
| 64 | // not secrets and it's just fine to log them. |
| 65 | os << "(seed: " << params.seed << ", nonce: " << params.nonce << ')'; |
| 66 | return os; |
| 67 | } |
| 68 | |
Shawn Willden | 98b998b | 2018-01-20 11:48:53 -0700 | [diff] [blame] | 69 | namespace support { |
| 70 | |
| 71 | using ::android::sp; |
| 72 | using ::android::hidl::manager::V1_0::IServiceManager; |
| 73 | |
Shawn Willden | f0f05d4 | 2018-05-01 17:08:39 -0600 | [diff] [blame] | 74 | std::ostream& operator<<(std::ostream& os, const Keymaster& keymaster) { |
| 75 | auto& version = keymaster.halVersion(); |
| 76 | os << version.keymasterName << " from " << version.authorName |
| 77 | << " SecurityLevel: " << toString(version.securityLevel) |
| 78 | << " HAL: " << keymaster.descriptor() << "/" << keymaster.instanceName(); |
| 79 | return os; |
| 80 | } |
| 81 | |
Shawn Willden | 98b998b | 2018-01-20 11:48:53 -0700 | [diff] [blame] | 82 | template <typename Wrapper> |
| 83 | std::vector<std::unique_ptr<Keymaster>> enumerateDevices( |
| 84 | const sp<IServiceManager>& serviceManager) { |
Shawn Willden | f0f05d4 | 2018-05-01 17:08:39 -0600 | [diff] [blame] | 85 | Keymaster::KeymasterSet result; |
Shawn Willden | 98b998b | 2018-01-20 11:48:53 -0700 | [diff] [blame] | 86 | |
| 87 | bool foundDefault = false; |
| 88 | auto& descriptor = Wrapper::WrappedIKeymasterDevice::descriptor; |
| 89 | serviceManager->listByInterface(descriptor, [&](const hidl_vec<hidl_string>& names) { |
| 90 | for (auto& name : names) { |
| 91 | if (name == "default") foundDefault = true; |
nagendra modadugu | 9c36c91 | 2018-03-30 17:07:55 -0700 | [diff] [blame] | 92 | auto device = Wrapper::WrappedIKeymasterDevice::getService(name); |
Shawn Willden | 98b998b | 2018-01-20 11:48:53 -0700 | [diff] [blame] | 93 | CHECK(device) << "Failed to get service for " << descriptor << " with interface name " |
| 94 | << name; |
| 95 | result.push_back(std::unique_ptr<Keymaster>(new Wrapper(device, name))); |
| 96 | } |
| 97 | }); |
| 98 | |
| 99 | if (!foundDefault) { |
| 100 | // "default" wasn't provided by listByInterface. Maybe there's a passthrough |
| 101 | // implementation. |
| 102 | auto device = Wrapper::WrappedIKeymasterDevice::getService("default"); |
| 103 | if (device) result.push_back(std::unique_ptr<Keymaster>(new Wrapper(device, "default"))); |
| 104 | } |
| 105 | |
| 106 | return result; |
| 107 | } |
| 108 | |
Janis Danisevskis | c7a8b86 | 2019-03-14 15:35:48 -0700 | [diff] [blame] | 109 | void Keymaster::logIfKeymasterVendorError(ErrorCode ec) const { |
| 110 | static constexpr int32_t k_keymaster_vendor_error_code_range_max = -10000; |
| 111 | if (static_cast<int32_t>(ec) <= k_keymaster_vendor_error_code_range_max) { |
| 112 | const auto& versionInfo = halVersion(); |
| 113 | LOG(ERROR) << "Keymaster reported error: " << static_cast<int32_t>(ec) << "\n" |
| 114 | << "NOTE: This is an error in the vendor specific error range.\n" |
| 115 | << " Refer to the vendor of the implementation for details.\n" |
| 116 | << " Implementation name: " << versionInfo.keymasterName << "\n" |
| 117 | << " Vendor name: " << versionInfo.authorName << "\n" |
| 118 | << " MajorVersion: " << versionInfo.majorVersion; |
| 119 | } |
| 120 | } |
| 121 | |
Shawn Willden | f0f05d4 | 2018-05-01 17:08:39 -0600 | [diff] [blame] | 122 | Keymaster::KeymasterSet Keymaster::enumerateAvailableDevices() { |
Shawn Willden | 98b998b | 2018-01-20 11:48:53 -0700 | [diff] [blame] | 123 | auto serviceManager = IServiceManager::getService(); |
| 124 | CHECK(serviceManager) << "Could not retrieve ServiceManager"; |
| 125 | |
| 126 | auto km4s = enumerateDevices<Keymaster4>(serviceManager); |
| 127 | auto km3s = enumerateDevices<Keymaster3>(serviceManager); |
| 128 | |
| 129 | auto result = std::move(km4s); |
| 130 | result.insert(result.end(), std::make_move_iterator(km3s.begin()), |
| 131 | std::make_move_iterator(km3s.end())); |
| 132 | |
| 133 | std::sort(result.begin(), result.end(), |
| 134 | [](auto& a, auto& b) { return a->halVersion() > b->halVersion(); }); |
| 135 | |
| 136 | size_t i = 1; |
| 137 | LOG(INFO) << "List of Keymaster HALs found:"; |
Shawn Willden | f0f05d4 | 2018-05-01 17:08:39 -0600 | [diff] [blame] | 138 | for (auto& hal : result) LOG(INFO) << "Keymaster HAL #" << i++ << ": " << *hal; |
Shawn Willden | 98b998b | 2018-01-20 11:48:53 -0700 | [diff] [blame] | 139 | |
| 140 | return result; |
| 141 | } |
| 142 | |
Shawn Willden | f0f05d4 | 2018-05-01 17:08:39 -0600 | [diff] [blame] | 143 | static hidl_vec<HmacSharingParameters> getHmacParameters( |
| 144 | const Keymaster::KeymasterSet& keymasters) { |
| 145 | std::vector<HmacSharingParameters> params_vec; |
| 146 | params_vec.reserve(keymasters.size()); |
| 147 | for (auto& keymaster : keymasters) { |
| 148 | if (keymaster->halVersion().majorVersion < 4) continue; |
| 149 | auto rc = keymaster->getHmacSharingParameters([&](auto error, auto& params) { |
| 150 | CHECK(error == ErrorCode::OK) |
| 151 | << "Failed to get HMAC parameters from " << *keymaster << " error " << error; |
| 152 | params_vec.push_back(params); |
| 153 | }); |
| 154 | CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster |
| 155 | << " error: " << rc.description(); |
| 156 | } |
| 157 | std::sort(params_vec.begin(), params_vec.end()); |
| 158 | |
| 159 | return params_vec; |
| 160 | } |
| 161 | |
| 162 | static void computeHmac(const Keymaster::KeymasterSet& keymasters, |
| 163 | const hidl_vec<HmacSharingParameters>& params) { |
| 164 | if (!params.size()) return; |
| 165 | |
| 166 | hidl_vec<uint8_t> sharingCheck; |
| 167 | bool firstKeymaster = true; |
| 168 | LOG(DEBUG) << "Computing HMAC with params " << params; |
| 169 | for (auto& keymaster : keymasters) { |
| 170 | if (keymaster->halVersion().majorVersion < 4) continue; |
| 171 | LOG(DEBUG) << "Computing HMAC for " << *keymaster; |
Shawn Willden | 6dad2b3 | 2018-05-23 05:33:44 -0600 | [diff] [blame] | 172 | auto rc = keymaster->computeSharedHmac( |
| 173 | params, [&](ErrorCode error, const hidl_vec<uint8_t>& curSharingCheck) { |
| 174 | CHECK(error == ErrorCode::OK) |
| 175 | << "Failed to get HMAC parameters from " << *keymaster << " error " << error; |
| 176 | if (firstKeymaster) { |
| 177 | sharingCheck = curSharingCheck; |
| 178 | firstKeymaster = false; |
| 179 | } |
Janis Danisevskis | a1c4e0e | 2018-06-19 19:08:15 -0700 | [diff] [blame] | 180 | if (curSharingCheck != sharingCheck) |
| 181 | LOG(WARNING) << "HMAC computation failed for " << *keymaster // |
| 182 | << " Expected: " << sharingCheck // |
| 183 | << " got: " << curSharingCheck; |
Shawn Willden | 6dad2b3 | 2018-05-23 05:33:44 -0600 | [diff] [blame] | 184 | }); |
Shawn Willden | f0f05d4 | 2018-05-01 17:08:39 -0600 | [diff] [blame] | 185 | CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster |
| 186 | << " error: " << rc.description(); |
| 187 | } |
| 188 | } |
| 189 | |
| 190 | void Keymaster::performHmacKeyAgreement(const KeymasterSet& keymasters) { |
| 191 | computeHmac(keymasters, getHmacParameters(keymasters)); |
| 192 | } |
| 193 | |
Shawn Willden | 98b998b | 2018-01-20 11:48:53 -0700 | [diff] [blame] | 194 | } // namespace support |
| 195 | } // namespace V4_0 |
| 196 | } // namespace keymaster |
| 197 | } // namespace hardware |
Shawn Willden | f0f05d4 | 2018-05-01 17:08:39 -0600 | [diff] [blame] | 198 | } // namespace android |