Gitiles
Code Review Sign In
gerrit.omnirom.org / android_hardware_interfaces / f0f05d4052347dabe063f034956df3b6ed2ad5e1 / . / keymaster / 4.0 / support / Keymaster.cpp
blob: 066bca41004d373ae1df5248a3bf81c2fb738df3 [file] [log] [blame]
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]1/*
2 ** Copyright 2018, The Android Open Source Project
3 **
4 ** Licensed under the Apache License, Version 2.0 (the "License");
5 ** you may not use this file except in compliance with the License.
6 ** You may obtain a copy of the License at
7 **
8 ** http://www.apache.org/licenses/LICENSE-2.0
9 **
10 ** Unless required by applicable law or agreed to in writing, software
11 ** distributed under the License is distributed on an "AS IS" BASIS,
12 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 ** See the License for the specific language governing permissions and
14 ** limitations under the License.
15 */
16
17#include <keymasterV4_0/Keymaster.h>
18
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame^]19#include <iomanip>
20
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]21#include <android-base/logging.h>
22#include <android/hidl/manager/1.0/IServiceManager.h>
23#include <keymasterV4_0/Keymaster3.h>
24#include <keymasterV4_0/Keymaster4.h>
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame^]25#include <keymasterV4_0/key_param_output.h>
26#include <keymasterV4_0/keymaster_utils.h>
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]27
28namespace android {
29namespace hardware {
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame^]30
31template <class T>
32std::ostream& operator<<(std::ostream& os, const hidl_vec<T>& vec) {
33 os << "{ ";
34 if (vec.size()) {
35 for (size_t i = 0; i < vec.size() - 1; ++i) os << vec[i] << ", ";
36 os << vec[vec.size() - 1];
37 }
38 os << " }";
39 return os;
40}
41
42std::ostream& operator<<(std::ostream& os, const hidl_vec<uint8_t>& vec) {
43 std::ios_base::fmtflags flags(os.flags());
44 os << std::setw(2) << std::setfill('0') << std::hex;
45 for (uint8_t c : vec) os << static_cast<int>(c);
46 os.flags(flags);
47 return os;
48}
49
50template <size_t N>
51std::ostream& operator<<(std::ostream& os, const hidl_array<uint8_t, N>& vec) {
52 std::ios_base::fmtflags flags(os.flags());
53 os << std::setw(2) << std::setfill('0') << std::hex;
54 for (size_t i = 0; i < N; ++i) os << static_cast<int>(vec[i]);
55 os.flags(flags);
56 return os;
57}
58
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]59namespace keymaster {
60namespace V4_0 {
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame^]61
62std::ostream& operator<<(std::ostream& os, const HmacSharingParameters& params) {
63 // Note that by design, although seed and nonce are used to compute a secret, they are
64 // not secrets and it's just fine to log them.
65 os << "(seed: " << params.seed << ", nonce: " << params.nonce << ')';
66 return os;
67}
68
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]69namespace support {
70
71using ::android::sp;
72using ::android::hidl::manager::V1_0::IServiceManager;
73
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame^]74std::ostream& operator<<(std::ostream& os, const Keymaster& keymaster) {
75 auto& version = keymaster.halVersion();
76 os << version.keymasterName << " from " << version.authorName
77 << " SecurityLevel: " << toString(version.securityLevel)
78 << " HAL: " << keymaster.descriptor() << "/" << keymaster.instanceName();
79 return os;
80}
81
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]82template <typename Wrapper>
83std::vector<std::unique_ptr<Keymaster>> enumerateDevices(
84 const sp<IServiceManager>& serviceManager) {
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame^]85 Keymaster::KeymasterSet result;
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]86
87 bool foundDefault = false;
88 auto& descriptor = Wrapper::WrappedIKeymasterDevice::descriptor;
89 serviceManager->listByInterface(descriptor, [&](const hidl_vec<hidl_string>& names) {
90 for (auto& name : names) {
91 if (name == "default") foundDefault = true;
nagendra modadugu9c36c912018-03-30 17:07:55 -0700[diff] [blame]92 auto device = Wrapper::WrappedIKeymasterDevice::getService(name);
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]93 CHECK(device) << "Failed to get service for " << descriptor << " with interface name "
94 << name;
95 result.push_back(std::unique_ptr<Keymaster>(new Wrapper(device, name)));
96 }
97 });
98
99 if (!foundDefault) {
100 // "default" wasn't provided by listByInterface. Maybe there's a passthrough
101 // implementation.
102 auto device = Wrapper::WrappedIKeymasterDevice::getService("default");
103 if (device) result.push_back(std::unique_ptr<Keymaster>(new Wrapper(device, "default")));
104 }
105
106 return result;
107}
108
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame^]109Keymaster::KeymasterSet Keymaster::enumerateAvailableDevices() {
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]110 auto serviceManager = IServiceManager::getService();
111 CHECK(serviceManager) << "Could not retrieve ServiceManager";
112
113 auto km4s = enumerateDevices<Keymaster4>(serviceManager);
114 auto km3s = enumerateDevices<Keymaster3>(serviceManager);
115
116 auto result = std::move(km4s);
117 result.insert(result.end(), std::make_move_iterator(km3s.begin()),
118 std::make_move_iterator(km3s.end()));
119
120 std::sort(result.begin(), result.end(),
121 [](auto& a, auto& b) { return a->halVersion() > b->halVersion(); });
122
123 size_t i = 1;
124 LOG(INFO) << "List of Keymaster HALs found:";
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame^]125 for (auto& hal : result) LOG(INFO) << "Keymaster HAL #" << i++ << ": " << *hal;
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]126
127 return result;
128}
129
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame^]130static hidl_vec<HmacSharingParameters> getHmacParameters(
131 const Keymaster::KeymasterSet& keymasters) {
132 std::vector<HmacSharingParameters> params_vec;
133 params_vec.reserve(keymasters.size());
134 for (auto& keymaster : keymasters) {
135 if (keymaster->halVersion().majorVersion < 4) continue;
136 auto rc = keymaster->getHmacSharingParameters([&](auto error, auto& params) {
137 CHECK(error == ErrorCode::OK)
138 << "Failed to get HMAC parameters from " << *keymaster << " error " << error;
139 params_vec.push_back(params);
140 });
141 CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster
142 << " error: " << rc.description();
143 }
144 std::sort(params_vec.begin(), params_vec.end());
145
146 return params_vec;
147}
148
149static void computeHmac(const Keymaster::KeymasterSet& keymasters,
150 const hidl_vec<HmacSharingParameters>& params) {
151 if (!params.size()) return;
152
153 hidl_vec<uint8_t> sharingCheck;
154 bool firstKeymaster = true;
155 LOG(DEBUG) << "Computing HMAC with params " << params;
156 for (auto& keymaster : keymasters) {
157 if (keymaster->halVersion().majorVersion < 4) continue;
158 LOG(DEBUG) << "Computing HMAC for " << *keymaster;
159 auto rc = keymaster->computeSharedHmac(params, [&](auto error, auto& curSharingCheck) {
160 CHECK(error == ErrorCode::OK)
161 << "Failed to get HMAC parameters from " << *keymaster << " error " << error;
162 if (firstKeymaster) {
163 sharingCheck = curSharingCheck;
164 firstKeymaster = false;
165 }
166 // TODO: Validate that curSharingCheck == sharingCheck. b/77588764
167 // CHECK(curSharingCheck == sharingCheck) << "HMAC computation failed for " <<
168 // *keymaster;
169 });
170 CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster
171 << " error: " << rc.description();
172 }
173}
174
175void Keymaster::performHmacKeyAgreement(const KeymasterSet& keymasters) {
176 computeHmac(keymasters, getHmacParameters(keymasters));
177}
178
Shawn Willden98b998b2018-01-20 11:48:53 -0700[diff] [blame]179} // namespace support
180} // namespace V4_0
181} // namespace keymaster
182} // namespace hardware
Shawn Willdenf0f05d42018-05-01 17:08:39 -0600[diff] [blame^]183} // namespace android