Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 64b967b99b49efacd5f849354a42771ef1cb5a29 / . / keystore / Keymaster3.cpp
blob: 9ca6a08596e31110271970815976ed6a544bc2db [file] [log] [blame]
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]1/*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18#include "Keymaster3.h"
19
20#include <android-base/logging.h>
21
22#include <keystore/keystore_hidl_support.h>
23
24namespace keystore {
25
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]26namespace oldkeymaster = ::android::hardware::keymaster::V3_0;
27using android::hardware::details::StatusOf;
28
29namespace {
30
31ErrorCode convert(oldkeymaster::ErrorCode error) {
32 return static_cast<ErrorCode>(error);
33}
34
35oldkeymaster::KeyPurpose convert(KeyPurpose purpose) {
36 return static_cast<oldkeymaster::KeyPurpose>(purpose);
37}
38
Shawn Willdenadbb6142018-01-04 15:46:08 -0700[diff] [blame]39oldkeymaster::KeyFormat convert(KeyFormat purpose) {
40 return static_cast<oldkeymaster::KeyFormat>(purpose);
41}
42
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]43oldkeymaster::KeyParameter convert(const KeyParameter& param) {
44 oldkeymaster::KeyParameter converted;
45 converted.tag = static_cast<oldkeymaster::Tag>(param.tag);
46 static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
47 memcpy(&converted.f, &param.f, sizeof(param.f));
48 converted.blob = param.blob;
49 return converted;
50}
51
52KeyParameter convert(const oldkeymaster::KeyParameter& param) {
53 KeyParameter converted;
54 converted.tag = static_cast<Tag>(param.tag);
55 static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
56 memcpy(&converted.f, &param.f, sizeof(param.f));
57 converted.blob = param.blob;
58 return converted;
59}
60
61hidl_vec<oldkeymaster::KeyParameter> convert(const hidl_vec<KeyParameter>& params) {
62 hidl_vec<oldkeymaster::KeyParameter> converted(params.size());
63 for (size_t i = 0; i < params.size(); ++i) {
64 converted[i] = convert(params[i]);
65 }
66 return converted;
67}
68
69hidl_vec<KeyParameter> convert(const hidl_vec<oldkeymaster::KeyParameter>& params) {
70 hidl_vec<KeyParameter> converted(params.size());
71 for (size_t i = 0; i < params.size(); ++i) {
72 converted[i] = convert(params[i]);
73 }
74 return converted;
75}
76
77hidl_vec<oldkeymaster::KeyParameter> convertAndAddAuthToken(const hidl_vec<KeyParameter>& params,
78 const HardwareAuthToken& authToken) {
79 hidl_vec<oldkeymaster::KeyParameter> converted(params.size() + 1);
80 for (size_t i = 0; i < params.size(); ++i) {
81 converted[i] = convert(params[i]);
82 }
83 converted[params.size()].tag = oldkeymaster::Tag::AUTH_TOKEN;
84 converted[params.size()].blob = authToken2HidlVec(authToken);
85
86 return converted;
87}
88
89KeyCharacteristics convert(const oldkeymaster::KeyCharacteristics& chars) {
90 KeyCharacteristics converted;
91 converted.hardwareEnforced = convert(chars.teeEnforced);
92 converted.softwareEnforced = convert(chars.softwareEnforced);
93 return converted;
94}
95
96} // namespace
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]97
98void Keymaster3::getVersionIfNeeded() {
99 if (haveVersion_) return;
100
101 auto rc = km3_dev_->getHardwareFeatures(
102 [&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
103 bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName,
104 const hidl_string& keymasterAuthorName) {
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]105 securityLevel_ =
106 isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE;
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]107 supportsEllipticCurve_ = supportsEllipticCurve;
108 supportsSymmetricCryptography_ = supportsSymmetricCryptography;
109 supportsAttestation_ = supportsAttestation;
110 supportsAllDigests_ = supportsAllDigests;
111 keymasterName_ = keymasterName;
112 authorName_ = keymasterAuthorName;
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]113 });
114
115 CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features";
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]116
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]117 if (securityLevel_ == SecurityLevel::SOFTWARE) {
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]118 majorVersion_ = 3;
119 } else if (supportsAttestation_) {
120 majorVersion_ = 3; // Could be 2, doesn't matter.
121 } else if (supportsSymmetricCryptography_) {
122 majorVersion_ = 1;
123 } else {
124 majorVersion_ = 0;
125 }
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]126}
127
128Keymaster::VersionResult Keymaster3::halVersion() {
129 getVersionIfNeeded();
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]130 return {ErrorCode::OK, majorVersion_, securityLevel_, supportsEllipticCurve_};
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]131}
132
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]133Return<void> Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb) {
134 getVersionIfNeeded();
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]135 _hidl_cb(securityLevel_, keymasterName_ + " (wrapped by keystore::Keymaster3)", authorName_);
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]136 return Void();
137}
138
139Return<ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) {
140 auto rc = km3_dev_->addRngEntropy(data);
141 if (!rc.isOk()) {
142 return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
143 }
144 return convert(rc);
145}
146
147Return<void> Keymaster3::generateKey(const hidl_vec<KeyParameter>& keyParams,
148 generateKey_cb _hidl_cb) {
149 auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
150 const oldkeymaster::KeyCharacteristics& characteristics) {
151 _hidl_cb(convert(error), keyBlob, convert(characteristics));
152 };
153 auto rc = km3_dev_->generateKey(convert(keyParams), cb);
154 rc.isOk(); // move ctor prereq
155 return rc;
156}
157
158Return<void> Keymaster3::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
159 const hidl_vec<uint8_t>& clientId,
160 const hidl_vec<uint8_t>& appData,
161 getKeyCharacteristics_cb _hidl_cb) {
162 auto cb = [&](oldkeymaster::ErrorCode error, const oldkeymaster::KeyCharacteristics& chars) {
163 _hidl_cb(convert(error), convert(chars));
164 };
165
166 auto rc = km3_dev_->getKeyCharacteristics(keyBlob, clientId, appData, cb);
167 rc.isOk(); // move ctor prereq
168 return rc;
169}
170
171Return<void> Keymaster3::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
172 const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) {
173 auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
174 const oldkeymaster::KeyCharacteristics& chars) {
175 _hidl_cb(convert(error), keyBlob, convert(chars));
176 };
Shawn Willdenadbb6142018-01-04 15:46:08 -0700[diff] [blame]177 auto rc = km3_dev_->importKey(convert(params), convert(keyFormat), keyData, cb);
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]178 rc.isOk(); // move ctor prereq
179 return rc;
180}
181
182Return<void> Keymaster3::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
183 const hidl_vec<uint8_t>& clientId,
184 const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) {
185 auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyMaterial) {
186 _hidl_cb(convert(error), keyMaterial);
187 };
Shawn Willdenadbb6142018-01-04 15:46:08 -0700[diff] [blame]188 auto rc = km3_dev_->exportKey(convert(exportFormat), keyBlob, clientId, appData, cb);
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]189 rc.isOk(); // move ctor prereq
190 return rc;
191}
192
193Return<void> Keymaster3::attestKey(const hidl_vec<uint8_t>& keyToAttest,
194 const hidl_vec<KeyParameter>& attestParams,
195 attestKey_cb _hidl_cb) {
196 auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<hidl_vec<uint8_t>>& certChain) {
197 _hidl_cb(convert(error), certChain);
198 };
199 auto rc = km3_dev_->attestKey(keyToAttest, convert(attestParams), cb);
200 rc.isOk(); // move ctor prereq
201 return rc;
202}
203
204Return<void> Keymaster3::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
205 const hidl_vec<KeyParameter>& upgradeParams,
206 upgradeKey_cb _hidl_cb) {
207 auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& upgradedKeyBlob) {
208 _hidl_cb(convert(error), upgradedKeyBlob);
209 };
210 auto rc = km3_dev_->upgradeKey(keyBlobToUpgrade, convert(upgradeParams), cb);
211 rc.isOk(); // move ctor prereq
212 return rc;
213}
214
215Return<ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
216 auto rc = km3_dev_->deleteKey(keyBlob);
217 if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
218 return convert(rc);
219}
220
221Return<ErrorCode> Keymaster3::deleteAllKeys() {
222 auto rc = km3_dev_->deleteAllKeys();
223 if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
224 return convert(rc);
225}
226
227Return<ErrorCode> Keymaster3::destroyAttestationIds() {
228 auto rc = km3_dev_->destroyAttestationIds();
229 if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
230 return convert(rc);
231}
232
233Return<void> Keymaster3::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
234 const hidl_vec<KeyParameter>& inParams,
235 const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
236 auto cb = [&](oldkeymaster::ErrorCode error,
237 const hidl_vec<oldkeymaster::KeyParameter>& outParams,
238 OperationHandle operationHandle) {
239 _hidl_cb(convert(error), convert(outParams), operationHandle);
240 };
241
242 auto rc =
243 km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb);
244 rc.isOk(); // move ctor prereq
245 return rc;
246}
247
248Return<void> Keymaster3::update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
249 const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
250 const VerificationToken& /* verificationToken */,
251 update_cb _hidl_cb) {
252 auto cb = [&](oldkeymaster::ErrorCode error, uint32_t inputConsumed,
253 const hidl_vec<oldkeymaster::KeyParameter>& outParams,
254 const hidl_vec<uint8_t>& output) {
255 _hidl_cb(convert(error), inputConsumed, convert(outParams), output);
256 };
257
258 auto rc =
259 km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input, cb);
260 rc.isOk(); // move ctor prereq
261 return rc;
262}
263
264Return<void> Keymaster3::finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
265 const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
266 const HardwareAuthToken& authToken,
267 const VerificationToken& /* verificationToken */,
268 finish_cb _hidl_cb) {
269 auto cb = [&](oldkeymaster::ErrorCode error,
270 const hidl_vec<oldkeymaster::KeyParameter>& outParams,
271 const hidl_vec<uint8_t>& output) {
272 _hidl_cb(convert(error), convert(outParams), output);
273 };
274
275 auto rc = km3_dev_->finish(operationHandle, convertAndAddAuthToken(inParams, authToken), input,
276 signature, cb);
277 rc.isOk(); // move ctor prereq
278 return rc;
279}
280
281Return<ErrorCode> Keymaster3::abort(uint64_t operationHandle) {
282 auto rc = km3_dev_->abort(operationHandle);
283 if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
284 return convert(rc);
285}
286
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]287} // namespace keystore