Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / d98dcfb331c8e81a4aff2d61252f8bb1965e4920 / . / keymaster / 4.0 / support / Keymaster3.cpp
blob: 84b3ee1f600d73febd40c44c871554ba1aabd3d8 [file] [log] [blame]
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]1/*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18#include <keymasterV4_0/Keymaster3.h>
19
20#include <android-base/logging.h>
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]21#include <keymasterV4_0/keymaster_utils.h>
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]22
23namespace android {
24namespace hardware {
25namespace keymaster {
26namespace V4_0 {
27namespace support {
28
29using android::hardware::details::StatusOf;
30
31namespace {
32
33ErrorCode convert(V3_0::ErrorCode error) {
34 return static_cast<ErrorCode>(error);
35}
36
37V3_0::KeyPurpose convert(KeyPurpose purpose) {
38 return static_cast<V3_0::KeyPurpose>(purpose);
39}
40
41V3_0::KeyFormat convert(KeyFormat purpose) {
42 return static_cast<V3_0::KeyFormat>(purpose);
43}
44
45V3_0::KeyParameter convert(const KeyParameter& param) {
46 V3_0::KeyParameter converted;
47 converted.tag = static_cast<V3_0::Tag>(param.tag);
48 static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
49 memcpy(&converted.f, &param.f, sizeof(param.f));
50 converted.blob = param.blob;
51 return converted;
52}
53
54KeyParameter convert(const V3_0::KeyParameter& param) {
55 KeyParameter converted;
56 converted.tag = static_cast<Tag>(param.tag);
57 static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
58 memcpy(&converted.f, &param.f, sizeof(param.f));
59 converted.blob = param.blob;
60 return converted;
61}
62
63hidl_vec<V3_0::KeyParameter> convert(const hidl_vec<KeyParameter>& params) {
Brian C. Youngd98dcfb2018-03-27 17:31:29 -0700[diff] [blame^]64 std::vector<V3_0::KeyParameter> converted;
65 converted.reserve(params.size());
66 for (const auto& param : params) {
67 // Qualcomm's Keymaster3 implementation behaves oddly if Tag::USER_ID is provided. Filter it
68 // out. Revert this change when b/73286437 is fixed.
69 if (param.tag != Tag::USER_ID) converted.push_back(convert(param));
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]70 }
71 return converted;
72}
73
74hidl_vec<KeyParameter> convert(const hidl_vec<V3_0::KeyParameter>& params) {
75 hidl_vec<KeyParameter> converted(params.size());
76 for (size_t i = 0; i < params.size(); ++i) {
77 converted[i] = convert(params[i]);
78 }
79 return converted;
80}
81
82template <typename T, typename OutIter>
83inline static OutIter copy_bytes_to_iterator(const T& value, OutIter dest) {
84 const uint8_t* value_ptr = reinterpret_cast<const uint8_t*>(&value);
85 return std::copy(value_ptr, value_ptr + sizeof(value), dest);
86}
87
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]88hidl_vec<V3_0::KeyParameter> convertAndAddAuthToken(const hidl_vec<KeyParameter>& params,
89 const HardwareAuthToken& authToken) {
90 hidl_vec<V3_0::KeyParameter> converted(params.size() + 1);
91 for (size_t i = 0; i < params.size(); ++i) {
92 converted[i] = convert(params[i]);
93 }
94 converted[params.size()].tag = V3_0::Tag::AUTH_TOKEN;
95 converted[params.size()].blob = authToken2HidlVec(authToken);
96
97 return converted;
98}
99
100KeyCharacteristics convert(const V3_0::KeyCharacteristics& chars) {
101 KeyCharacteristics converted;
102 converted.hardwareEnforced = convert(chars.teeEnforced);
103 converted.softwareEnforced = convert(chars.softwareEnforced);
104 return converted;
105}
106
107} // namespace
108
109void Keymaster3::getVersionIfNeeded() {
110 if (haveVersion_) return;
111
112 auto rc = km3_dev_->getHardwareFeatures(
113 [&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
114 bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName,
115 const hidl_string& keymasterAuthorName) {
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]116 version_ = {keymasterName, keymasterAuthorName, 0 /* major version, filled below */,
117 isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE,
118 supportsEllipticCurve};
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]119 supportsSymmetricCryptography_ = supportsSymmetricCryptography;
120 supportsAttestation_ = supportsAttestation;
121 supportsAllDigests_ = supportsAllDigests;
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]122 });
123
124 CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features";
125
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]126 if (version_.securityLevel == SecurityLevel::SOFTWARE) {
127 version_.majorVersion = 3;
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]128 } else if (supportsAttestation_) {
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]129 version_.majorVersion = 3; // Could be 2, doesn't matter.
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]130 } else if (supportsSymmetricCryptography_) {
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]131 version_.majorVersion = 1;
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]132 } else {
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]133 version_.majorVersion = 0;
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]134 }
135}
136
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]137Return<void> Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb) {
138 getVersionIfNeeded();
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]139 _hidl_cb(version_.securityLevel,
140 std::string(version_.keymasterName) + " (wrapped by keystore::Keymaster3)",
141 version_.authorName);
Shawn Willden7d339812018-01-18 15:36:46 -0700[diff] [blame]142 return Void();
143}
144
145Return<ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) {
146 auto rc = km3_dev_->addRngEntropy(data);
147 if (!rc.isOk()) {
148 return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
149 }
150 return convert(rc);
151}
152
153Return<void> Keymaster3::generateKey(const hidl_vec<KeyParameter>& keyParams,
154 generateKey_cb _hidl_cb) {
155 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
156 const V3_0::KeyCharacteristics& characteristics) {
157 _hidl_cb(convert(error), keyBlob, convert(characteristics));
158 };
159 auto rc = km3_dev_->generateKey(convert(keyParams), cb);
160 rc.isOk(); // move ctor prereq
161 return rc;
162}
163
164Return<void> Keymaster3::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
165 const hidl_vec<uint8_t>& clientId,
166 const hidl_vec<uint8_t>& appData,
167 getKeyCharacteristics_cb _hidl_cb) {
168 auto cb = [&](V3_0::ErrorCode error, const V3_0::KeyCharacteristics& chars) {
169 _hidl_cb(convert(error), convert(chars));
170 };
171
172 auto rc = km3_dev_->getKeyCharacteristics(keyBlob, clientId, appData, cb);
173 rc.isOk(); // move ctor prereq
174 return rc;
175}
176
177Return<void> Keymaster3::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
178 const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) {
179 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
180 const V3_0::KeyCharacteristics& chars) {
181 _hidl_cb(convert(error), keyBlob, convert(chars));
182 };
183 auto rc = km3_dev_->importKey(convert(params), convert(keyFormat), keyData, cb);
184 rc.isOk(); // move ctor prereq
185 return rc;
186}
187
188Return<void> Keymaster3::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
189 const hidl_vec<uint8_t>& clientId,
190 const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) {
191 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyMaterial) {
192 _hidl_cb(convert(error), keyMaterial);
193 };
194 auto rc = km3_dev_->exportKey(convert(exportFormat), keyBlob, clientId, appData, cb);
195 rc.isOk(); // move ctor prereq
196 return rc;
197}
198
199Return<void> Keymaster3::attestKey(const hidl_vec<uint8_t>& keyToAttest,
200 const hidl_vec<KeyParameter>& attestParams,
201 attestKey_cb _hidl_cb) {
202 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<hidl_vec<uint8_t>>& certChain) {
203 _hidl_cb(convert(error), certChain);
204 };
205 auto rc = km3_dev_->attestKey(keyToAttest, convert(attestParams), cb);
206 rc.isOk(); // move ctor prereq
207 return rc;
208}
209
210Return<void> Keymaster3::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
211 const hidl_vec<KeyParameter>& upgradeParams,
212 upgradeKey_cb _hidl_cb) {
213 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& upgradedKeyBlob) {
214 _hidl_cb(convert(error), upgradedKeyBlob);
215 };
216 auto rc = km3_dev_->upgradeKey(keyBlobToUpgrade, convert(upgradeParams), cb);
217 rc.isOk(); // move ctor prereq
218 return rc;
219}
220
221Return<ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
222 auto rc = km3_dev_->deleteKey(keyBlob);
223 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
224 return convert(rc);
225}
226
227Return<ErrorCode> Keymaster3::deleteAllKeys() {
228 auto rc = km3_dev_->deleteAllKeys();
229 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
230 return convert(rc);
231}
232
233Return<ErrorCode> Keymaster3::destroyAttestationIds() {
234 auto rc = km3_dev_->destroyAttestationIds();
235 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
236 return convert(rc);
237}
238
239Return<void> Keymaster3::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
240 const hidl_vec<KeyParameter>& inParams,
241 const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
242 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<V3_0::KeyParameter>& outParams,
243 OperationHandle operationHandle) {
244 _hidl_cb(convert(error), convert(outParams), operationHandle);
245 };
246
247 auto rc =
248 km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb);
249 rc.isOk(); // move ctor prereq
250 return rc;
251}
252
253Return<void> Keymaster3::update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
254 const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
255 const VerificationToken& /* verificationToken */,
256 update_cb _hidl_cb) {
257 auto cb = [&](V3_0::ErrorCode error, uint32_t inputConsumed,
258 const hidl_vec<V3_0::KeyParameter>& outParams, const hidl_vec<uint8_t>& output) {
259 _hidl_cb(convert(error), inputConsumed, convert(outParams), output);
260 };
261
262 auto rc =
263 km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input, cb);
264 rc.isOk(); // move ctor prereq
265 return rc;
266}
267
268Return<void> Keymaster3::finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
269 const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
270 const HardwareAuthToken& authToken,
271 const VerificationToken& /* verificationToken */,
272 finish_cb _hidl_cb) {
273 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<V3_0::KeyParameter>& outParams,
274 const hidl_vec<uint8_t>& output) {
275 _hidl_cb(convert(error), convert(outParams), output);
276 };
277
278 auto rc = km3_dev_->finish(operationHandle, convertAndAddAuthToken(inParams, authToken), input,
279 signature, cb);
280 rc.isOk(); // move ctor prereq
281 return rc;
282}
283
284Return<ErrorCode> Keymaster3::abort(uint64_t operationHandle) {
285 auto rc = km3_dev_->abort(operationHandle);
286 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
287 return convert(rc);
288}
289
290} // namespace support
291} // namespace V4_0
292} // namespace keymaster
293} // namespace hardware
294} // namespace android