Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 0329a82c48aeea98b87a9ea4598a3a49619a482e / . / keystore / Keymaster3.cpp
blob: c4ddc75e6a897db73b340f243063a8566516af5b [file] [log] [blame]
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]1/*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18#include "Keymaster3.h"
19
20#include <android-base/logging.h>
21
22#include <keystore/keystore_hidl_support.h>
23
24namespace keystore {
25
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame^]26namespace oldkeymaster = ::android::hardware::keymaster::V3_0;
27using android::hardware::details::StatusOf;
28
29namespace {
30
31ErrorCode convert(oldkeymaster::ErrorCode error) {
32 return static_cast<ErrorCode>(error);
33}
34
35oldkeymaster::KeyPurpose convert(KeyPurpose purpose) {
36 return static_cast<oldkeymaster::KeyPurpose>(purpose);
37}
38
39oldkeymaster::KeyParameter convert(const KeyParameter& param) {
40 oldkeymaster::KeyParameter converted;
41 converted.tag = static_cast<oldkeymaster::Tag>(param.tag);
42 static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
43 memcpy(&converted.f, &param.f, sizeof(param.f));
44 converted.blob = param.blob;
45 return converted;
46}
47
48KeyParameter convert(const oldkeymaster::KeyParameter& param) {
49 KeyParameter converted;
50 converted.tag = static_cast<Tag>(param.tag);
51 static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
52 memcpy(&converted.f, &param.f, sizeof(param.f));
53 converted.blob = param.blob;
54 return converted;
55}
56
57hidl_vec<oldkeymaster::KeyParameter> convert(const hidl_vec<KeyParameter>& params) {
58 hidl_vec<oldkeymaster::KeyParameter> converted(params.size());
59 for (size_t i = 0; i < params.size(); ++i) {
60 converted[i] = convert(params[i]);
61 }
62 return converted;
63}
64
65hidl_vec<KeyParameter> convert(const hidl_vec<oldkeymaster::KeyParameter>& params) {
66 hidl_vec<KeyParameter> converted(params.size());
67 for (size_t i = 0; i < params.size(); ++i) {
68 converted[i] = convert(params[i]);
69 }
70 return converted;
71}
72
73hidl_vec<oldkeymaster::KeyParameter> convertAndAddAuthToken(const hidl_vec<KeyParameter>& params,
74 const HardwareAuthToken& authToken) {
75 hidl_vec<oldkeymaster::KeyParameter> converted(params.size() + 1);
76 for (size_t i = 0; i < params.size(); ++i) {
77 converted[i] = convert(params[i]);
78 }
79 converted[params.size()].tag = oldkeymaster::Tag::AUTH_TOKEN;
80 converted[params.size()].blob = authToken2HidlVec(authToken);
81
82 return converted;
83}
84
85KeyCharacteristics convert(const oldkeymaster::KeyCharacteristics& chars) {
86 KeyCharacteristics converted;
87 converted.hardwareEnforced = convert(chars.teeEnforced);
88 converted.softwareEnforced = convert(chars.softwareEnforced);
89 return converted;
90}
91
92} // namespace
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]93
94void Keymaster3::getVersionIfNeeded() {
95 if (haveVersion_) return;
96
97 auto rc = km3_dev_->getHardwareFeatures(
98 [&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
99 bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName,
100 const hidl_string& keymasterAuthorName) {
101 isSecure_ = isSecure;
102 supportsEllipticCurve_ = supportsEllipticCurve;
103 supportsSymmetricCryptography_ = supportsSymmetricCryptography;
104 supportsAttestation_ = supportsAttestation;
105 supportsAllDigests_ = supportsAllDigests;
106 keymasterName_ = keymasterName;
107 authorName_ = keymasterAuthorName;
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]108 });
109
110 CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features";
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame^]111
112 if (!isSecure_) {
113 majorVersion_ = 3;
114 } else if (supportsAttestation_) {
115 majorVersion_ = 3; // Could be 2, doesn't matter.
116 } else if (supportsSymmetricCryptography_) {
117 majorVersion_ = 1;
118 } else {
119 majorVersion_ = 0;
120 }
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]121}
122
123Keymaster::VersionResult Keymaster3::halVersion() {
124 getVersionIfNeeded();
125 return {ErrorCode::OK, majorVersion_, isSecure_, supportsEllipticCurve_};
126}
127
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame^]128Return<void> Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb) {
129 getVersionIfNeeded();
130 _hidl_cb(isSecure_ ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE,
131 keymasterName_ + " (wrapped by keystore::Keymaster3)", authorName_);
132 return Void();
133}
134
135Return<ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) {
136 auto rc = km3_dev_->addRngEntropy(data);
137 if (!rc.isOk()) {
138 return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
139 }
140 return convert(rc);
141}
142
143Return<void> Keymaster3::generateKey(const hidl_vec<KeyParameter>& keyParams,
144 generateKey_cb _hidl_cb) {
145 auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
146 const oldkeymaster::KeyCharacteristics& characteristics) {
147 _hidl_cb(convert(error), keyBlob, convert(characteristics));
148 };
149 auto rc = km3_dev_->generateKey(convert(keyParams), cb);
150 rc.isOk(); // move ctor prereq
151 return rc;
152}
153
154Return<void> Keymaster3::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
155 const hidl_vec<uint8_t>& clientId,
156 const hidl_vec<uint8_t>& appData,
157 getKeyCharacteristics_cb _hidl_cb) {
158 auto cb = [&](oldkeymaster::ErrorCode error, const oldkeymaster::KeyCharacteristics& chars) {
159 _hidl_cb(convert(error), convert(chars));
160 };
161
162 auto rc = km3_dev_->getKeyCharacteristics(keyBlob, clientId, appData, cb);
163 rc.isOk(); // move ctor prereq
164 return rc;
165}
166
167Return<void> Keymaster3::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
168 const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) {
169 auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
170 const oldkeymaster::KeyCharacteristics& chars) {
171 _hidl_cb(convert(error), keyBlob, convert(chars));
172 };
173 auto rc = km3_dev_->importKey(convert(params), keyFormat, keyData, cb);
174 rc.isOk(); // move ctor prereq
175 return rc;
176}
177
178Return<void> Keymaster3::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
179 const hidl_vec<uint8_t>& clientId,
180 const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) {
181 auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyMaterial) {
182 _hidl_cb(convert(error), keyMaterial);
183 };
184 auto rc = km3_dev_->exportKey(exportFormat, keyBlob, clientId, appData, cb);
185 rc.isOk(); // move ctor prereq
186 return rc;
187}
188
189Return<void> Keymaster3::attestKey(const hidl_vec<uint8_t>& keyToAttest,
190 const hidl_vec<KeyParameter>& attestParams,
191 attestKey_cb _hidl_cb) {
192 auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<hidl_vec<uint8_t>>& certChain) {
193 _hidl_cb(convert(error), certChain);
194 };
195 auto rc = km3_dev_->attestKey(keyToAttest, convert(attestParams), cb);
196 rc.isOk(); // move ctor prereq
197 return rc;
198}
199
200Return<void> Keymaster3::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
201 const hidl_vec<KeyParameter>& upgradeParams,
202 upgradeKey_cb _hidl_cb) {
203 auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& upgradedKeyBlob) {
204 _hidl_cb(convert(error), upgradedKeyBlob);
205 };
206 auto rc = km3_dev_->upgradeKey(keyBlobToUpgrade, convert(upgradeParams), cb);
207 rc.isOk(); // move ctor prereq
208 return rc;
209}
210
211Return<ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
212 auto rc = km3_dev_->deleteKey(keyBlob);
213 if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
214 return convert(rc);
215}
216
217Return<ErrorCode> Keymaster3::deleteAllKeys() {
218 auto rc = km3_dev_->deleteAllKeys();
219 if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
220 return convert(rc);
221}
222
223Return<ErrorCode> Keymaster3::destroyAttestationIds() {
224 auto rc = km3_dev_->destroyAttestationIds();
225 if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
226 return convert(rc);
227}
228
229Return<void> Keymaster3::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
230 const hidl_vec<KeyParameter>& inParams,
231 const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
232 auto cb = [&](oldkeymaster::ErrorCode error,
233 const hidl_vec<oldkeymaster::KeyParameter>& outParams,
234 OperationHandle operationHandle) {
235 _hidl_cb(convert(error), convert(outParams), operationHandle);
236 };
237
238 auto rc =
239 km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb);
240 rc.isOk(); // move ctor prereq
241 return rc;
242}
243
244Return<void> Keymaster3::update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
245 const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
246 const VerificationToken& /* verificationToken */,
247 update_cb _hidl_cb) {
248 auto cb = [&](oldkeymaster::ErrorCode error, uint32_t inputConsumed,
249 const hidl_vec<oldkeymaster::KeyParameter>& outParams,
250 const hidl_vec<uint8_t>& output) {
251 _hidl_cb(convert(error), inputConsumed, convert(outParams), output);
252 };
253
254 auto rc =
255 km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input, cb);
256 rc.isOk(); // move ctor prereq
257 return rc;
258}
259
260Return<void> Keymaster3::finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
261 const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
262 const HardwareAuthToken& authToken,
263 const VerificationToken& /* verificationToken */,
264 finish_cb _hidl_cb) {
265 auto cb = [&](oldkeymaster::ErrorCode error,
266 const hidl_vec<oldkeymaster::KeyParameter>& outParams,
267 const hidl_vec<uint8_t>& output) {
268 _hidl_cb(convert(error), convert(outParams), output);
269 };
270
271 auto rc = km3_dev_->finish(operationHandle, convertAndAddAuthToken(inParams, authToken), input,
272 signature, cb);
273 rc.isOk(); // move ctor prereq
274 return rc;
275}
276
277Return<ErrorCode> Keymaster3::abort(uint64_t operationHandle) {
278 auto rc = km3_dev_->abort(operationHandle);
279 if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
280 return convert(rc);
281}
282
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]283} // namespace keystore