keystore/keymaster_worker.h

/*
**
** Copyright 2018, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
**     http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/

#ifndef KEYSTORE_KEYMASTER_WORKER_H_
#define KEYSTORE_KEYMASTER_WORKER_H_

#include <condition_variable>
#include <functional>
#include <keymasterV4_1/Keymaster.h>
#include <memory>
#include <mutex>
#include <optional>
#include <queue>
#include <thread>
#include <tuple>

#include <keystore/ExportResult.h>
#include <keystore/KeyCharacteristics.h>
#include <keystore/KeymasterBlob.h>
#include <keystore/OperationResult.h>
#include <keystore/keymaster_types.h>
#include <keystore/keystore_return_types.h>

#include "blob.h"
#include "operation.h"

namespace keystore {

using android::sp;
using ::android::hardware::hidl_vec;
using ::android::hardware::Return;
using ::android::hardware::Void;
using android::hardware::keymaster::V4_1::support::Keymaster;
using ::android::security::keymaster::KeymasterBlob;

class KeyStore;

class Worker {

    /*
     * NonCopyableFunction works similar to std::function in that it wraps callable objects and
     * erases their type. The rationale for using a custom class instead of
     * std::function is that std::function requires the wrapped object to be copy contructible.
     * NonCopyableFunction is itself not copyable and never attempts to copy the wrapped object.
     * TODO use similar optimization as std::function to remove the extra make_unique allocation.
     */
    template <typename Fn> class NonCopyableFunction;

    template <typename Ret, typename... Args> class NonCopyableFunction<Ret(Args...)> {

        class NonCopyableFunctionBase {
          public:
            NonCopyableFunctionBase() = default;
            virtual ~NonCopyableFunctionBase() {}
            virtual Ret operator()(Args... args) = 0;
            NonCopyableFunctionBase(const NonCopyableFunctionBase&) = delete;
            NonCopyableFunctionBase& operator=(const NonCopyableFunctionBase&) = delete;
        };

        template <typename Fn>
        class NonCopyableFunctionTypeEraser : public NonCopyableFunctionBase {
          private:
            Fn f_;

          public:
            NonCopyableFunctionTypeEraser() = default;
            explicit NonCopyableFunctionTypeEraser(Fn f) : f_(std::move(f)) {}
            Ret operator()(Args... args) override { return f_(std::move(args)...); }
        };

      private:
        std::unique_ptr<NonCopyableFunctionBase> f_;

      public:
        NonCopyableFunction() = default;
        // NOLINTNEXTLINE(google-explicit-constructor)
        template <typename F> NonCopyableFunction(F f) {
            f_ = std::make_unique<NonCopyableFunctionTypeEraser<F>>(std::move(f));
        }
        NonCopyableFunction(NonCopyableFunction&& other) = default;
        NonCopyableFunction& operator=(NonCopyableFunction&& other) = default;
        NonCopyableFunction(const NonCopyableFunction& other) = delete;
        NonCopyableFunction& operator=(const NonCopyableFunction& other) = delete;

        Ret operator()(Args... args) {
            if (f_) return (*f_)(std::move(args)...);
        }
    };

    using WorkerTask = NonCopyableFunction<void()>;

    std::queue<WorkerTask> pending_requests_;
    std::mutex pending_requests_mutex_;
    std::condition_variable pending_requests_cond_var_;
    bool running_ = false;
    bool terminate_ = false;

  public:
    Worker();
    ~Worker();
    void addRequest(WorkerTask request);
};

template <typename... Args> struct MakeKeymasterWorkerCB;

template <typename ErrorType, typename... Args>
struct MakeKeymasterWorkerCB<ErrorType, std::function<void(Args...)>> {
    using type = std::function<void(ErrorType, std::tuple<std::decay_t<Args>...>&&)>;
};

template <typename ErrorType> struct MakeKeymasterWorkerCB<ErrorType> {
    using type = std::function<void(ErrorType)>;
};

template <typename... Args>
using MakeKeymasterWorkerCB_t = typename MakeKeymasterWorkerCB<Args...>::type;

class KeymasterWorker : protected Worker {
  private:
    sp<Keymaster> keymasterDevice_;
    OperationMap operationMap_;
    KeyStore* keyStore_;

    /**
     * Models the security level of this worker internal to KeyStore.
     *
     * When the device has only a software Keymaster, KeyStore will set it on the TEE slot and
     * instantiate a new in-process software Keymaster. In that case there is a mismatch between the
     * security level used by KeyStore and what is reported from the HAL. This represents the level
     * used internally by KeyStore.
     *
     * This value is used to associate blobs to the corresponding Keymaster backend. It does not
     * indicate an actual Keymaster HAL security level and should never be exposed to users.
     */
    SecurityLevel internalSecurityLevel_;

    template <typename KMFn, typename ErrorType, typename... Args, size_t... I>
    void unwrap_tuple(KMFn kmfn, std::function<void(ErrorType)> cb,
                      const std::tuple<Args...>& tuple, std::index_sequence<I...>) {
        cb(((*keymasterDevice_).*kmfn)(std::get<I>(tuple)...));
    }

    template <typename KMFn, typename ErrorType, typename... ReturnTypes, typename... Args,
              size_t... I>
    void unwrap_tuple(KMFn kmfn, std::function<void(ErrorType, std::tuple<ReturnTypes...>&&)> cb,
                      const std::tuple<Args...>& tuple, std::index_sequence<I...>) {
        std::tuple<ReturnTypes...> returnValue;
        auto result = ((*keymasterDevice_).*kmfn)(
            std::get<I>(tuple)...,
            [&returnValue](const ReturnTypes&... args) { returnValue = std::make_tuple(args...); });
        cb(std::move(result), std::move(returnValue));
    }

    template <typename KMFn, typename ErrorType, typename... Args>
    void addRequest(KMFn kmfn, std::function<void(ErrorType)> cb, Args&&... args) {
        Worker::addRequest([this, kmfn, cb = std::move(cb),
                            tuple = std::make_tuple(std::forward<Args>(args)...)]() {
            unwrap_tuple(kmfn, std::move(cb), tuple, std::index_sequence_for<Args...>{});
        });
    }

    template <typename KMFn, typename ErrorType, typename... ReturnTypes, typename... Args>
    void addRequest(KMFn kmfn, std::function<void(ErrorType, std::tuple<ReturnTypes...>&&)> cb,
                    Args&&... args) {
        Worker::addRequest([this, kmfn, cb = std::move(cb),
                            tuple = std::make_tuple(std::forward<Args>(args)...)]() {
            unwrap_tuple(kmfn, std::move(cb), tuple, std::index_sequence_for<Args...>{});
        });
    }

    void deleteOldKeyOnUpgrade(const LockedKeyBlobEntry& blobfile, Blob keyBlob);
    std::tuple<KeyStoreServiceReturnCode, Blob>
    upgradeKeyBlob(const LockedKeyBlobEntry& lockedEntry, const AuthorizationSet& params);
    std::tuple<KeyStoreServiceReturnCode, KeyCharacteristics, Blob, Blob>
    createKeyCharacteristicsCache(const LockedKeyBlobEntry& lockedEntry,
                                  const hidl_vec<uint8_t>& clientId,
                                  const hidl_vec<uint8_t>& appData, Blob keyBlob, Blob charBlob);

    /**
     * Get the auth token for this operation from the auth token table.
     *
     * Returns NO_ERROR if the auth token was found or none was required.  If not needed, the
     *             token will be empty (which keymaster interprets as no auth token).
     *         OP_AUTH_NEEDED if it is a per op authorization, no authorization token exists for
     *             that operation and  failOnTokenMissing is false.
     *         KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth token for the operation
     */
    std::pair<KeyStoreServiceReturnCode, HardwareAuthToken>
    getAuthToken(const KeyCharacteristics& characteristics, uint64_t handle, KeyPurpose purpose,
                 bool failOnTokenMissing = true);

    KeyStoreServiceReturnCode abort(const sp<IBinder>& token, ResponseCode reason_for_abort);

    bool pruneOperation();

    KeyStoreServiceReturnCode getOperationAuthTokenIfNeeded(std::shared_ptr<Operation> op);

    void appendConfirmationTokenIfNeeded(const KeyCharacteristics& keyCharacteristics,
                                         hidl_vec<KeyParameter>* params);

  public:
    KeymasterWorker(sp<Keymaster> keymasterDevice, KeyStore* keyStore,
                    SecurityLevel internalSecurityLevel);

    void logIfKeymasterVendorError(ErrorCode ec) const;

    using worker_begin_cb = std::function<void(::android::security::keymaster::OperationResult)>;
    void begin(LockedKeyBlobEntry, sp<IBinder> appToken, Blob keyBlob, Blob charBlob,
               bool pruneable, KeyPurpose purpose, AuthorizationSet opParams,
               hidl_vec<uint8_t> entropy, worker_begin_cb worker_cb);

    using update_cb = std::function<void(::android::security::keymaster::OperationResult)>;
    void update(sp<IBinder> token, AuthorizationSet params, hidl_vec<uint8_t> data,
                update_cb _hidl_cb);

    using finish_cb = std::function<void(::android::security::keymaster::OperationResult)>;
    void finish(sp<IBinder> token, AuthorizationSet params, hidl_vec<uint8_t> input,
                hidl_vec<uint8_t> signature, hidl_vec<uint8_t> entorpy, finish_cb worker_cb);

    using abort_cb = std::function<void(KeyStoreServiceReturnCode)>;
    void abort(sp<IBinder> token, abort_cb _hidl_cb);

    using getHardwareInfo_cb = MakeKeymasterWorkerCB_t<Return<void>, Keymaster::getHardwareInfo_cb>;
    void getHardwareInfo(getHardwareInfo_cb _hidl_cb);

    using getHmacSharingParameters_cb =
        MakeKeymasterWorkerCB_t<Return<void>, Keymaster::getHmacSharingParameters_cb>;
    void getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb);

    using computeSharedHmac_cb =
        MakeKeymasterWorkerCB_t<Return<void>, Keymaster::computeSharedHmac_cb>;
    void computeSharedHmac(hidl_vec<HmacSharingParameters> params, computeSharedHmac_cb _hidl_cb);

    using verifyAuthorization_cb =
        std::function<void(KeyStoreServiceReturnCode ec, HardwareAuthToken, VerificationToken)>;
    void verifyAuthorization(uint64_t challenge, hidl_vec<KeyParameter> params,
                             HardwareAuthToken token, verifyAuthorization_cb _hidl_cb);

    using addRngEntropy_cb = MakeKeymasterWorkerCB_t<Return<ErrorCode>>;
    void addRngEntropy(hidl_vec<uint8_t> data, addRngEntropy_cb _hidl_cb);

    using generateKey_cb = std::function<void(
        KeyStoreServiceReturnCode, ::android::hardware::keymaster::V4_0::KeyCharacteristics)>;
    void generateKey(LockedKeyBlobEntry, hidl_vec<KeyParameter> keyParams,
                     hidl_vec<uint8_t> entropy, int flags, generateKey_cb _hidl_cb);

    using generateKey2_cb = MakeKeymasterWorkerCB_t<Return<void>, Keymaster::generateKey_cb>;
    void generateKey(hidl_vec<KeyParameter> keyParams, generateKey2_cb _hidl_cb);

    using getKeyCharacteristics_cb = std::function<void(
        KeyStoreServiceReturnCode, ::android::hardware::keymaster::V4_0::KeyCharacteristics)>;
    void getKeyCharacteristics(LockedKeyBlobEntry lockedEntry, hidl_vec<uint8_t> clientId,
                               hidl_vec<uint8_t> appData, Blob keyBlob, Blob charBlob,
                               getKeyCharacteristics_cb _hidl_cb);

    using importKey_cb = std::function<void(
        KeyStoreServiceReturnCode, ::android::hardware::keymaster::V4_0::KeyCharacteristics)>;
    void importKey(LockedKeyBlobEntry lockedEntry, hidl_vec<KeyParameter> params,
                   KeyFormat keyFormat, hidl_vec<uint8_t> keyData, int flags,
                   importKey_cb _hidl_cb);

    using importWrappedKey_cb = std::function<void(
        KeyStoreServiceReturnCode, ::android::hardware::keymaster::V4_0::KeyCharacteristics)>;
    void importWrappedKey(LockedKeyBlobEntry wrappingLockedEntry,
                          LockedKeyBlobEntry wrapppedLockedEntry, hidl_vec<uint8_t> wrappedKeyData,
                          hidl_vec<uint8_t> maskingKey, hidl_vec<KeyParameter> unwrappingParams,
                          Blob wrappingBlob, Blob wrappingCharBlob, uint64_t passwordSid,
                          uint64_t biometricSid, importWrappedKey_cb worker_cb);

    using exportKey_cb = std::function<void(::android::security::keymaster::ExportResult)>;
    void exportKey(LockedKeyBlobEntry lockedEntry, KeyFormat exportFormat,
                   hidl_vec<uint8_t> clientId, hidl_vec<uint8_t> appData, Blob keyBlob,
                   Blob charBlob, exportKey_cb _hidl_cb);

    using attestKey_cb = MakeKeymasterWorkerCB_t<Return<void>, Keymaster::attestKey_cb>;
    void attestKey(hidl_vec<uint8_t> keyToAttest, hidl_vec<KeyParameter> attestParams,
                   attestKey_cb _hidl_cb);

    using deleteKey_cb = MakeKeymasterWorkerCB_t<Return<ErrorCode>>;
    void deleteKey(hidl_vec<uint8_t> keyBlob, deleteKey_cb _hidl_cb);

    using begin_cb = MakeKeymasterWorkerCB_t<Return<void>, Keymaster::begin_cb>;
    void begin(KeyPurpose purpose, hidl_vec<uint8_t> key, hidl_vec<KeyParameter> inParams,
               HardwareAuthToken authToken, begin_cb _hidl_cb);

    void binderDied(android::wp<IBinder> who);

    const Keymaster::VersionResult& halVersion() { return keymasterDevice_->halVersion(); }
};

}  // namespace keystore

#endif  // KEYSTORE_KEYMASTER_WORKER_H_