Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / b17178a1a4a67340c1529f77d3983ac2185edb63 / . / keymaster / 3.0 / default / KeymasterDevice.cpp
blob: 8c905e971f5422de40afe2ce8133448da56c8fb8 [file] [log] [blame]
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]1/*
2 **
3 ** Copyright 2016, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18#define LOG_TAG "android.hardware.keymaster@3.0-impl"
19
20#include "KeymasterDevice.h"
21
22#include <cutils/log.h>
23
24#include <hardware/keymaster_defs.h>
25#include <keymaster/keymaster_configuration.h>
Janis Danisevskis957b1dc2017-05-11 12:35:00 -0700[diff] [blame]26#include <keymaster/km_openssl/soft_keymaster_enforcement.h>
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]27#include <keymaster/soft_keymaster_device.h>
28
29namespace android {
30namespace hardware {
31namespace keymaster {
32namespace V3_0 {
33namespace implementation {
34
35using ::keymaster::SoftKeymasterDevice;
36
Janis Danisevskis957b1dc2017-05-11 12:35:00 -0700[diff] [blame]37class SoftwareOnlyHidlKeymasterEnforcement : public ::keymaster::SoftKeymasterEnforcement {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]38 public:
Janis Danisevskis957b1dc2017-05-11 12:35:00 -0700[diff] [blame]39 SoftwareOnlyHidlKeymasterEnforcement() : SoftKeymasterEnforcement(64, 64) {}
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]40
41 uint32_t get_current_time() const override {
42 struct timespec tp;
43 int err = clock_gettime(CLOCK_MONOTONIC, &tp);
44 if (err || tp.tv_sec < 0) return 0;
45 return static_cast<uint32_t>(tp.tv_sec);
46 }
47
48 bool activation_date_valid(uint64_t) const override { return true; }
49 bool expiration_date_passed(uint64_t) const override { return false; }
50 bool auth_token_timed_out(const hw_auth_token_t&, uint32_t) const override { return false; }
51 bool ValidateTokenSignature(const hw_auth_token_t&) const override { return true; }
52};
53
54class SoftwareOnlyHidlKeymasterContext : public ::keymaster::SoftKeymasterContext {
55 public:
56 SoftwareOnlyHidlKeymasterContext() : enforcement_(new SoftwareOnlyHidlKeymasterEnforcement) {}
57
58 ::keymaster::KeymasterEnforcement* enforcement_policy() override { return enforcement_.get(); }
59
60 private:
61 std::unique_ptr<::keymaster::KeymasterEnforcement> enforcement_;
62};
63
Shawn Willden031b6052017-03-28 00:40:57 +0000[diff] [blame]64static int keymaster0_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]65 assert(mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0);
66 ALOGI("Found keymaster0 module %s, version %x", mod->name, mod->module_api_version);
67
Janis Danisevskis85e15db2017-04-26 15:05:37 -0700[diff] [blame]68 std::unique_ptr<SoftKeymasterDevice> soft_keymaster(new SoftKeymasterDevice);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]69 keymaster0_device_t* km0_device = NULL;
70 keymaster_error_t error = KM_ERROR_OK;
71
72 int rc = keymaster0_open(mod, &km0_device);
73 if (rc) {
74 ALOGE("Error opening keystore keymaster0 device.");
75 goto err;
76 }
77
78 if (km0_device->flags & KEYMASTER_SOFTWARE_ONLY) {
79 ALOGI("Keymaster0 module is software-only. Using SoftKeymasterDevice instead.");
80 km0_device->common.close(&km0_device->common);
81 km0_device = NULL;
82 // SoftKeymasterDevice will be deleted by keymaster_device_release()
83 *dev = soft_keymaster.release()->keymaster2_device();
84 return 0;
85 }
86
87 ALOGD("Wrapping keymaster0 module %s with SoftKeymasterDevice", mod->name);
88 error = soft_keymaster->SetHardwareDevice(km0_device);
89 km0_device = NULL; // SoftKeymasterDevice has taken ownership.
90 if (error != KM_ERROR_OK) {
91 ALOGE("Got error %d from SetHardwareDevice", error);
92 rc = error;
93 goto err;
94 }
95
96 // SoftKeymasterDevice will be deleted by keymaster_device_release()
97 *dev = soft_keymaster.release()->keymaster2_device();
98 return 0;
99
100err:
101 if (km0_device) km0_device->common.close(&km0_device->common);
102 *dev = NULL;
103 return rc;
104}
105
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]106static int keymaster1_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev,
107 bool* supports_all_digests) {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]108 assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0);
109 ALOGI("Found keymaster1 module %s, version %x", mod->name, mod->module_api_version);
110
Janis Danisevskis85e15db2017-04-26 15:05:37 -0700[diff] [blame]111 std::unique_ptr<SoftKeymasterDevice> soft_keymaster(new SoftKeymasterDevice);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]112 keymaster1_device_t* km1_device = nullptr;
113 keymaster_error_t error = KM_ERROR_OK;
114
115 int rc = keymaster1_open(mod, &km1_device);
116 if (rc) {
117 ALOGE("Error %d opening keystore keymaster1 device", rc);
118 goto err;
119 }
120
121 ALOGD("Wrapping keymaster1 module %s with SofKeymasterDevice", mod->name);
122 error = soft_keymaster->SetHardwareDevice(km1_device);
123 km1_device = nullptr; // SoftKeymasterDevice has taken ownership.
124 if (error != KM_ERROR_OK) {
125 ALOGE("Got error %d from SetHardwareDevice", error);
126 rc = error;
127 goto err;
128 }
129
130 // SoftKeymasterDevice will be deleted by keymaster_device_release()
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]131 *supports_all_digests = soft_keymaster->supports_all_digests();
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]132 *dev = soft_keymaster.release()->keymaster2_device();
133 return 0;
134
135err:
136 if (km1_device) km1_device->common.close(&km1_device->common);
137 *dev = NULL;
138 return rc;
139}
140
Shawn Willden031b6052017-03-28 00:40:57 +0000[diff] [blame]141static int keymaster2_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]142 assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_2_0);
143 ALOGI("Found keymaster2 module %s, version %x", mod->name, mod->module_api_version);
144
145 keymaster2_device_t* km2_device = nullptr;
146
147 int rc = keymaster2_open(mod, &km2_device);
148 if (rc) {
149 ALOGE("Error %d opening keystore keymaster2 device", rc);
150 goto err;
151 }
152
153 *dev = km2_device;
154 return 0;
155
156err:
157 if (km2_device) km2_device->common.close(&km2_device->common);
158 *dev = nullptr;
159 return rc;
160}
161
162static int keymaster_device_initialize(keymaster2_device_t** dev, uint32_t* version,
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]163 bool* supports_ec, bool* supports_all_digests) {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]164 const hw_module_t* mod;
165
166 *supports_ec = true;
167
168 int rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
169 if (rc) {
170 ALOGI("Could not find any keystore module, using software-only implementation.");
171 // SoftKeymasterDevice will be deleted by keymaster_device_release()
172 *dev = (new SoftKeymasterDevice(new SoftwareOnlyHidlKeymasterContext))->keymaster2_device();
173 *version = -1;
174 return 0;
175 }
176
177 if (mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0) {
178 *version = 0;
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]179 *supports_all_digests = false;
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]180 int rc = keymaster0_device_initialize(mod, dev);
181 if (rc == 0 && ((*dev)->flags & KEYMASTER_SUPPORTS_EC) == 0) {
182 *supports_ec = false;
183 }
184 return rc;
185 } else if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) {
186 *version = 1;
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]187 return keymaster1_device_initialize(mod, dev, supports_all_digests);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]188 } else {
189 *version = 2;
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]190 *supports_all_digests = true;
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]191 return keymaster2_device_initialize(mod, dev);
192 }
193}
194
195KeymasterDevice::~KeymasterDevice() {
196 if (keymaster_device_) keymaster_device_->common.close(&keymaster_device_->common);
197}
198
199static inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
200 return keymaster_tag_get_type(tag);
201}
202
203/**
204 * legacy_enum_conversion converts enums from hidl to keymaster and back. Currently, this is just a
205 * cast to make the compiler happy. One of two thigs should happen though:
206 * TODO The keymaster enums should become aliases for the hidl generated enums so that we have a
207 * single point of truth. Then this cast function can go away.
208 */
209inline static keymaster_tag_t legacy_enum_conversion(const Tag value) {
210 return keymaster_tag_t(value);
211}
212inline static Tag legacy_enum_conversion(const keymaster_tag_t value) {
213 return Tag(value);
214}
215inline static keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) {
216 return keymaster_purpose_t(value);
217}
218inline static keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) {
219 return keymaster_key_format_t(value);
220}
221inline static ErrorCode legacy_enum_conversion(const keymaster_error_t value) {
222 return ErrorCode(value);
223}
224
225class KmParamSet : public keymaster_key_param_set_t {
226 public:
227 KmParamSet(const hidl_vec<KeyParameter>& keyParams) {
228 params = new keymaster_key_param_t[keyParams.size()];
229 length = keyParams.size();
230 for (size_t i = 0; i < keyParams.size(); ++i) {
231 auto tag = legacy_enum_conversion(keyParams[i].tag);
232 switch (typeFromTag(tag)) {
233 case KM_ENUM:
234 case KM_ENUM_REP:
235 params[i] = keymaster_param_enum(tag, keyParams[i].f.integer);
236 break;
237 case KM_UINT:
238 case KM_UINT_REP:
239 params[i] = keymaster_param_int(tag, keyParams[i].f.integer);
240 break;
241 case KM_ULONG:
242 case KM_ULONG_REP:
243 params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger);
244 break;
245 case KM_DATE:
246 params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime);
247 break;
248 case KM_BOOL:
249 if (keyParams[i].f.boolValue)
250 params[i] = keymaster_param_bool(tag);
251 else
252 params[i].tag = KM_TAG_INVALID;
253 break;
254 case KM_BIGNUM:
255 case KM_BYTES:
256 params[i] =
257 keymaster_param_blob(tag, &keyParams[i].blob[0], keyParams[i].blob.size());
258 break;
259 case KM_INVALID:
260 default:
261 params[i].tag = KM_TAG_INVALID;
262 /* just skip */
263 break;
264 }
265 }
266 }
267 KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} {
268 other.length = 0;
269 other.params = nullptr;
270 }
271 KmParamSet(const KmParamSet&) = delete;
272 ~KmParamSet() { delete[] params; }
273};
274
275inline static KmParamSet hidlParams2KmParamSet(const hidl_vec<KeyParameter>& params) {
276 return KmParamSet(params);
277}
278
279inline static keymaster_blob_t hidlVec2KmBlob(const hidl_vec<uint8_t>& blob) {
280 /* hidl unmarshals funny pointers if the the blob is empty */
281 if (blob.size()) return {&blob[0], blob.size()};
282 return {nullptr, 0};
283}
284
285inline static keymaster_key_blob_t hidlVec2KmKeyBlob(const hidl_vec<uint8_t>& blob) {
286 /* hidl unmarshals funny pointers if the the blob is empty */
287 if (blob.size()) return {&blob[0], blob.size()};
288 return {nullptr, 0};
289}
290
291inline static hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_key_blob_t& blob) {
292 hidl_vec<uint8_t> result;
293 result.setToExternal(const_cast<unsigned char*>(blob.key_material), blob.key_material_size);
294 return result;
295}
296inline static hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_blob_t& blob) {
297 hidl_vec<uint8_t> result;
298 result.setToExternal(const_cast<unsigned char*>(blob.data), blob.data_length);
299 return result;
300}
301
302inline static hidl_vec<hidl_vec<uint8_t>>
303kmCertChain2Hidl(const keymaster_cert_chain_t* cert_chain) {
304 hidl_vec<hidl_vec<uint8_t>> result;
305 if (!cert_chain || cert_chain->entry_count == 0 || !cert_chain->entries) return result;
306
307 result.resize(cert_chain->entry_count);
308 for (size_t i = 0; i < cert_chain->entry_count; ++i) {
309 auto& entry = cert_chain->entries[i];
310 result[i] = kmBlob2hidlVec(entry);
311 }
312
313 return result;
314}
315
316static inline hidl_vec<KeyParameter> kmParamSet2Hidl(const keymaster_key_param_set_t& set) {
317 hidl_vec<KeyParameter> result;
318 if (set.length == 0 || set.params == nullptr) return result;
319
320 result.resize(set.length);
321 keymaster_key_param_t* params = set.params;
322 for (size_t i = 0; i < set.length; ++i) {
323 auto tag = params[i].tag;
324 result[i].tag = legacy_enum_conversion(tag);
325 switch (typeFromTag(tag)) {
326 case KM_ENUM:
327 case KM_ENUM_REP:
328 result[i].f.integer = params[i].enumerated;
329 break;
330 case KM_UINT:
331 case KM_UINT_REP:
332 result[i].f.integer = params[i].integer;
333 break;
334 case KM_ULONG:
335 case KM_ULONG_REP:
336 result[i].f.longInteger = params[i].long_integer;
337 break;
338 case KM_DATE:
339 result[i].f.dateTime = params[i].date_time;
340 break;
341 case KM_BOOL:
342 result[i].f.boolValue = params[i].boolean;
343 break;
344 case KM_BIGNUM:
345 case KM_BYTES:
346 result[i].blob.setToExternal(const_cast<unsigned char*>(params[i].blob.data),
347 params[i].blob.data_length);
348 break;
349 case KM_INVALID:
350 default:
351 params[i].tag = KM_TAG_INVALID;
352 /* just skip */
353 break;
354 }
355 }
356 return result;
357}
358
359// Methods from ::android::hardware::keymaster::V3_0::IKeymasterDevice follow.
360Return<void> KeymasterDevice::getHardwareFeatures(getHardwareFeatures_cb _hidl_cb) {
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]361 bool is_secure = !(keymaster_device_->flags & KEYMASTER_SOFTWARE_ONLY);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]362 bool supports_symmetric_cryptography = false;
363 bool supports_attestation = false;
364
365 switch (hardware_version_) {
366 case 2:
367 supports_attestation = true;
368 /* Falls through */
369 case 1:
370 supports_symmetric_cryptography = true;
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]371 break;
372 };
373
374 _hidl_cb(is_secure, hardware_supports_ec_, supports_symmetric_cryptography,
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]375 supports_attestation, hardware_supports_all_digests_,
376 keymaster_device_->common.module->name, keymaster_device_->common.module->author);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]377 return Void();
378}
379
380Return<ErrorCode> KeymasterDevice::addRngEntropy(const hidl_vec<uint8_t>& data) {
Bartosz Fabianowski50624e92017-02-13 16:50:24 +0100[diff] [blame]381 if (!data.size()) return ErrorCode::OK;
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]382 return legacy_enum_conversion(
383 keymaster_device_->add_rng_entropy(keymaster_device_, &data[0], data.size()));
384}
385
386Return<void> KeymasterDevice::generateKey(const hidl_vec<KeyParameter>& keyParams,
387 generateKey_cb _hidl_cb) {
388 // result variables for the wire
389 KeyCharacteristics resultCharacteristics;
390 hidl_vec<uint8_t> resultKeyBlob;
391
392 // result variables the backend understands
393 keymaster_key_blob_t key_blob{nullptr, 0};
394 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}};
395
396 // convert the parameter set to something our backend understands
397 auto kmParams = hidlParams2KmParamSet(keyParams);
398
399 auto rc = keymaster_device_->generate_key(keymaster_device_, &kmParams, &key_blob,
400 &key_characteristics);
401
402 if (rc == KM_ERROR_OK) {
403 // on success convert the result to wire format
404 resultKeyBlob = kmBlob2hidlVec(key_blob);
405 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced);
406 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced);
407 }
408
409 // send results off to the client
410 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob, resultCharacteristics);
411
412 // free buffers that we are responsible for
413 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material));
414 keymaster_free_characteristics(&key_characteristics);
415
416 return Void();
417}
418
419Return<void> KeymasterDevice::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
420 const hidl_vec<uint8_t>& clientId,
421 const hidl_vec<uint8_t>& appData,
422 getKeyCharacteristics_cb _hidl_cb) {
423 // result variables for the wire
424 KeyCharacteristics resultCharacteristics;
425
426 // result variables the backend understands
427 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}};
428
429 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob);
430 auto kmClientId = hidlVec2KmBlob(clientId);
431 auto kmAppData = hidlVec2KmBlob(appData);
432
433 auto rc = keymaster_device_->get_key_characteristics(
434 keymaster_device_, keyBlob.size() ? &kmKeyBlob : nullptr,
435 clientId.size() ? &kmClientId : nullptr, appData.size() ? &kmAppData : nullptr,
436 &key_characteristics);
437
438 if (rc == KM_ERROR_OK) {
439 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced);
440 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced);
441 }
442
443 _hidl_cb(legacy_enum_conversion(rc), resultCharacteristics);
444
445 keymaster_free_characteristics(&key_characteristics);
446
447 return Void();
448}
449
450Return<void> KeymasterDevice::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
451 const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) {
452 // result variables for the wire
453 KeyCharacteristics resultCharacteristics;
454 hidl_vec<uint8_t> resultKeyBlob;
455
456 // result variables the backend understands
457 keymaster_key_blob_t key_blob{nullptr, 0};
458 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}};
459
460 auto kmParams = hidlParams2KmParamSet(params);
461 auto kmKeyData = hidlVec2KmBlob(keyData);
462
463 auto rc = keymaster_device_->import_key(keymaster_device_, &kmParams,
464 legacy_enum_conversion(keyFormat), &kmKeyData,
465 &key_blob, &key_characteristics);
466
467 if (rc == KM_ERROR_OK) {
468 // on success convert the result to wire format
469 // (Can we assume that key_blob is {nullptr, 0} or a valid buffer description?)
470 resultKeyBlob = kmBlob2hidlVec(key_blob);
471 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced);
472 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced);
473 }
474
475 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob, resultCharacteristics);
476
477 // free buffers that we are responsible for
478 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material));
479 keymaster_free_characteristics(&key_characteristics);
480
481 return Void();
482}
483
484Return<void> KeymasterDevice::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
485 const hidl_vec<uint8_t>& clientId,
486 const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) {
487
488 // result variables for the wire
489 hidl_vec<uint8_t> resultKeyBlob;
490
491 // result variables the backend understands
492 keymaster_blob_t out_blob{nullptr, 0};
493
494 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob);
495 auto kmClientId = hidlVec2KmBlob(clientId);
496 auto kmAppData = hidlVec2KmBlob(appData);
497
498 auto rc = keymaster_device_->export_key(keymaster_device_, legacy_enum_conversion(exportFormat),
499 keyBlob.size() ? &kmKeyBlob : nullptr,
500 clientId.size() ? &kmClientId : nullptr,
501 appData.size() ? &kmAppData : nullptr, &out_blob);
502
503 if (rc == KM_ERROR_OK) {
504 // on success convert the result to wire format
505 // (Can we assume that key_blob is {nullptr, 0} or a valid buffer description?)
506 resultKeyBlob = kmBlob2hidlVec(out_blob);
507 }
508
509 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob);
510
511 // free buffers that we are responsible for
512 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data));
513
514 return Void();
515}
516
517Return<void> KeymasterDevice::attestKey(const hidl_vec<uint8_t>& keyToAttest,
518 const hidl_vec<KeyParameter>& attestParams,
519 attestKey_cb _hidl_cb) {
520
521 hidl_vec<hidl_vec<uint8_t>> resultCertChain;
522
Shawn Willdendc996562017-04-12 06:36:08 -0600[diff] [blame]523 bool foundAttestationApplicationId = false;
Bartosz Fabianowskiaac0fc72017-01-23 13:51:10 +0100[diff] [blame]524 for (size_t i = 0; i < attestParams.size(); ++i) {
525 switch (attestParams[i].tag) {
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]526 case Tag::ATTESTATION_ID_BRAND:
527 case Tag::ATTESTATION_ID_DEVICE:
528 case Tag::ATTESTATION_ID_PRODUCT:
529 case Tag::ATTESTATION_ID_SERIAL:
530 case Tag::ATTESTATION_ID_IMEI:
531 case Tag::ATTESTATION_ID_MEID:
Bartosz Fabianowski8304a902017-04-20 04:47:40 +0200[diff] [blame]532 case Tag::ATTESTATION_ID_MANUFACTURER:
533 case Tag::ATTESTATION_ID_MODEL:
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]534 // Device id attestation may only be supported if the device is able to permanently
535 // destroy its knowledge of the ids. This device is unable to do this, so it must
536 // never perform any device id attestation.
537 _hidl_cb(ErrorCode::CANNOT_ATTEST_IDS, resultCertChain);
538 return Void();
Shawn Willdendc996562017-04-12 06:36:08 -0600[diff] [blame]539
540 case Tag::ATTESTATION_APPLICATION_ID:
541 foundAttestationApplicationId = true;
542 break;
543
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]544 default:
545 break;
Bartosz Fabianowskiaac0fc72017-01-23 13:51:10 +0100[diff] [blame]546 }
547 }
548
Shawn Willdendc996562017-04-12 06:36:08 -0600[diff] [blame]549 // KM3 devices reject missing attest application IDs. KM2 devices do not.
550 if (!foundAttestationApplicationId) {
551 _hidl_cb(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING,
552 resultCertChain);
Shawn Willdenfa67c8f2017-04-24 08:10:55 -0600[diff] [blame]553 return Void();
Shawn Willdendc996562017-04-12 06:36:08 -0600[diff] [blame]554 }
555
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]556 keymaster_cert_chain_t cert_chain{nullptr, 0};
557
558 auto kmKeyToAttest = hidlVec2KmKeyBlob(keyToAttest);
559 auto kmAttestParams = hidlParams2KmParamSet(attestParams);
560
561 auto rc = keymaster_device_->attest_key(keymaster_device_, &kmKeyToAttest, &kmAttestParams,
562 &cert_chain);
563
564 if (rc == KM_ERROR_OK) {
565 resultCertChain = kmCertChain2Hidl(&cert_chain);
566 }
567
568 _hidl_cb(legacy_enum_conversion(rc), resultCertChain);
569
570 keymaster_free_cert_chain(&cert_chain);
571
572 return Void();
573}
574
575Return<void> KeymasterDevice::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
576 const hidl_vec<KeyParameter>& upgradeParams,
577 upgradeKey_cb _hidl_cb) {
578
579 // result variables for the wire
580 hidl_vec<uint8_t> resultKeyBlob;
581
582 // result variables the backend understands
583 keymaster_key_blob_t key_blob{nullptr, 0};
584
585 auto kmKeyBlobToUpgrade = hidlVec2KmKeyBlob(keyBlobToUpgrade);
586 auto kmUpgradeParams = hidlParams2KmParamSet(upgradeParams);
587
588 auto rc = keymaster_device_->upgrade_key(keymaster_device_, &kmKeyBlobToUpgrade,
589 &kmUpgradeParams, &key_blob);
590
591 if (rc == KM_ERROR_OK) {
592 // on success convert the result to wire format
593 resultKeyBlob = kmBlob2hidlVec(key_blob);
594 }
595
596 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob);
597
598 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material));
599
600 return Void();
601}
602
603Return<ErrorCode> KeymasterDevice::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
Janis Danisevskisb77dbe32017-03-22 10:28:24 -0700[diff] [blame]604 if (keymaster_device_->delete_key == nullptr) {
605 return ErrorCode::UNIMPLEMENTED;
606 }
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]607 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob);
Janis Danisevskis0c3dd482017-04-12 09:16:38 -0700[diff] [blame]608 auto rc = legacy_enum_conversion(
609 keymaster_device_->delete_key(keymaster_device_, &kmKeyBlob));
610 // Keymaster 3.0 requires deleteKey to return ErrorCode::OK if the key
611 // blob is unusable after the call. This is equally true if the key blob was
612 // unusable before.
613 if (rc == ErrorCode::INVALID_KEY_BLOB) return ErrorCode::OK;
614 return rc;
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]615}
616
617Return<ErrorCode> KeymasterDevice::deleteAllKeys() {
Bartosz Fabianowskiaac0fc72017-01-23 13:51:10 +0100[diff] [blame]618 if (keymaster_device_->delete_all_keys == nullptr) {
619 return ErrorCode::UNIMPLEMENTED;
620 }
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]621 return legacy_enum_conversion(keymaster_device_->delete_all_keys(keymaster_device_));
622}
623
Bartosz Fabianowskiaac0fc72017-01-23 13:51:10 +0100[diff] [blame]624Return<ErrorCode> KeymasterDevice::destroyAttestationIds() {
625 return ErrorCode::UNIMPLEMENTED;
626}
627
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]628Return<void> KeymasterDevice::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
629 const hidl_vec<KeyParameter>& inParams, begin_cb _hidl_cb) {
630
631 // result variables for the wire
632 hidl_vec<KeyParameter> resultParams;
633 uint64_t resultOpHandle = 0;
634
635 // result variables the backend understands
636 keymaster_key_param_set_t out_params{nullptr, 0};
637 keymaster_operation_handle_t& operation_handle = resultOpHandle;
638
639 auto kmKey = hidlVec2KmKeyBlob(key);
640 auto kmInParams = hidlParams2KmParamSet(inParams);
641
642 auto rc = keymaster_device_->begin(keymaster_device_, legacy_enum_conversion(purpose), &kmKey,
643 &kmInParams, &out_params, &operation_handle);
644
645 if (rc == KM_ERROR_OK) resultParams = kmParamSet2Hidl(out_params);
646
647 _hidl_cb(legacy_enum_conversion(rc), resultParams, resultOpHandle);
648
649 keymaster_free_param_set(&out_params);
650
651 return Void();
652}
653
654Return<void> KeymasterDevice::update(uint64_t operationHandle,
655 const hidl_vec<KeyParameter>& inParams,
656 const hidl_vec<uint8_t>& input, update_cb _hidl_cb) {
657 // result variables for the wire
658 uint32_t resultConsumed = 0;
659 hidl_vec<KeyParameter> resultParams;
660 hidl_vec<uint8_t> resultBlob;
661
662 // result variables the backend understands
663 size_t consumed = 0;
664 keymaster_key_param_set_t out_params{nullptr, 0};
665 keymaster_blob_t out_blob{nullptr, 0};
666
667 auto kmInParams = hidlParams2KmParamSet(inParams);
668 auto kmInput = hidlVec2KmBlob(input);
669
670 auto rc = keymaster_device_->update(keymaster_device_, operationHandle, &kmInParams, &kmInput,
671 &consumed, &out_params, &out_blob);
672
673 if (rc == KM_ERROR_OK) {
674 resultConsumed = consumed;
675 resultParams = kmParamSet2Hidl(out_params);
676 resultBlob = kmBlob2hidlVec(out_blob);
677 }
678
679 _hidl_cb(legacy_enum_conversion(rc), resultConsumed, resultParams, resultBlob);
680
681 keymaster_free_param_set(&out_params);
682 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data));
683
684 return Void();
685}
686
687Return<void> KeymasterDevice::finish(uint64_t operationHandle,
688 const hidl_vec<KeyParameter>& inParams,
689 const hidl_vec<uint8_t>& input,
690 const hidl_vec<uint8_t>& signature, finish_cb _hidl_cb) {
691 // result variables for the wire
692 hidl_vec<KeyParameter> resultParams;
693 hidl_vec<uint8_t> resultBlob;
694
695 // result variables the backend understands
696 keymaster_key_param_set_t out_params{nullptr, 0};
697 keymaster_blob_t out_blob{nullptr, 0};
698
699 auto kmInParams = hidlParams2KmParamSet(inParams);
700 auto kmInput = hidlVec2KmBlob(input);
701 auto kmSignature = hidlVec2KmBlob(signature);
702
703 auto rc = keymaster_device_->finish(keymaster_device_, operationHandle, &kmInParams, &kmInput,
704 &kmSignature, &out_params, &out_blob);
705
706 if (rc == KM_ERROR_OK) {
707 resultParams = kmParamSet2Hidl(out_params);
708 resultBlob = kmBlob2hidlVec(out_blob);
709 }
710
711 _hidl_cb(legacy_enum_conversion(rc), resultParams, resultBlob);
712
713 keymaster_free_param_set(&out_params);
714 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data));
715
716 return Void();
717}
718
719Return<ErrorCode> KeymasterDevice::abort(uint64_t operationHandle) {
720 return legacy_enum_conversion(keymaster_device_->abort(keymaster_device_, operationHandle));
721}
722
Shawn Willden63e15f02017-03-29 21:27:12 -0600[diff] [blame]723IKeymasterDevice* HIDL_FETCH_IKeymasterDevice(const char* name) {
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]724 keymaster2_device_t* dev = nullptr;
725
Shawn Willden63e15f02017-03-29 21:27:12 -0600[diff] [blame]726 ALOGI("Fetching keymaster device name %s", name);
727
728 uint32_t version = -1;
729 bool supports_ec = false;
730 bool supports_all_digests = false;
731
732 if (name && strcmp(name, "softwareonly") == 0) {
733 dev = (new SoftKeymasterDevice(new SoftwareOnlyHidlKeymasterContext))->keymaster2_device();
734 } else if (name && strcmp(name, "default") == 0) {
735 auto rc = keymaster_device_initialize(&dev, &version, &supports_ec, &supports_all_digests);
736 if (rc) return nullptr;
737 }
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]738
739 auto kmrc = ::keymaster::ConfigureDevice(dev);
740 if (kmrc != KM_ERROR_OK) {
741 dev->common.close(&dev->common);
742 return nullptr;
743 }
744
Shawn Willdend4417fb2017-02-23 11:01:49 -0700[diff] [blame]745 return new KeymasterDevice(dev, version, supports_ec, supports_all_digests);
Janis Danisevskis0f35e5a2016-10-12 11:33:13 +0100[diff] [blame]746}
747
748} // namespace implementation
749} // namespace V3_0
750} // namespace keymaster
751} // namespace hardware
752} // namespace android