1 /*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18 #include <keymasterV4_0/Keymaster3.h>
19
20 #include <android-base/logging.h>
21 #include <keymasterV4_0/keymaster_utils.h>
22
23 namespace android {
24 namespace hardware {
25 namespace keymaster {
26 namespace V4_0 {
27 namespace support {
28
29 using android::hardware::details::StatusOf;
30
31 namespace {
32
convert(V3_0::ErrorCode error)33 ErrorCode convert(V3_0::ErrorCode error) {
34 return static_cast<ErrorCode>(error);
35 }
36
convert(KeyPurpose purpose)37 V3_0::KeyPurpose convert(KeyPurpose purpose) {
38 return static_cast<V3_0::KeyPurpose>(purpose);
39 }
40
convert(KeyFormat purpose)41 V3_0::KeyFormat convert(KeyFormat purpose) {
42 return static_cast<V3_0::KeyFormat>(purpose);
43 }
44
convert(const KeyParameter & param)45 V3_0::KeyParameter convert(const KeyParameter& param) {
46 V3_0::KeyParameter converted;
47 converted.tag = static_cast<V3_0::Tag>(param.tag);
48 static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
49 memcpy(&converted.f, ¶m.f, sizeof(param.f));
50 converted.blob = param.blob;
51 return converted;
52 }
53
convert(const V3_0::KeyParameter & param)54 KeyParameter convert(const V3_0::KeyParameter& param) {
55 KeyParameter converted;
56 converted.tag = static_cast<Tag>(param.tag);
57 static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
58 memcpy(&converted.f, ¶m.f, sizeof(param.f));
59 converted.blob = param.blob;
60 return converted;
61 }
62
convert(const hidl_vec<KeyParameter> & params)63 hidl_vec<V3_0::KeyParameter> convert(const hidl_vec<KeyParameter>& params) {
64 hidl_vec<V3_0::KeyParameter> converted(params.size());
65 for (size_t i = 0; i < params.size(); ++i) {
66 converted[i] = convert(params[i]);
67 }
68 return converted;
69 }
70
convert(const hidl_vec<V3_0::KeyParameter> & params)71 hidl_vec<KeyParameter> convert(const hidl_vec<V3_0::KeyParameter>& params) {
72 hidl_vec<KeyParameter> converted(params.size());
73 for (size_t i = 0; i < params.size(); ++i) {
74 converted[i] = convert(params[i]);
75 }
76 return converted;
77 }
78
79 template <typename T, typename OutIter>
copy_bytes_to_iterator(const T & value,OutIter dest)80 inline static OutIter copy_bytes_to_iterator(const T& value, OutIter dest) {
81 const uint8_t* value_ptr = reinterpret_cast<const uint8_t*>(&value);
82 return std::copy(value_ptr, value_ptr + sizeof(value), dest);
83 }
84
convertAndAddAuthToken(const hidl_vec<KeyParameter> & params,const HardwareAuthToken & authToken)85 hidl_vec<V3_0::KeyParameter> convertAndAddAuthToken(const hidl_vec<KeyParameter>& params,
86 const HardwareAuthToken& authToken) {
87 hidl_vec<V3_0::KeyParameter> converted(params.size() + 1);
88 for (size_t i = 0; i < params.size(); ++i) {
89 converted[i] = convert(params[i]);
90 }
91 converted[params.size()].tag = V3_0::Tag::AUTH_TOKEN;
92 converted[params.size()].blob = authToken2HidlVec(authToken);
93
94 return converted;
95 }
96
convert(const V3_0::KeyCharacteristics & chars)97 KeyCharacteristics convert(const V3_0::KeyCharacteristics& chars) {
98 KeyCharacteristics converted;
99 converted.hardwareEnforced = convert(chars.teeEnforced);
100 converted.softwareEnforced = convert(chars.softwareEnforced);
101 return converted;
102 }
103
104 } // namespace
105
getVersionIfNeeded()106 void Keymaster3::getVersionIfNeeded() {
107 if (haveVersion_) return;
108
109 auto rc = km3_dev_->getHardwareFeatures(
110 [&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
111 bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName,
112 const hidl_string& keymasterAuthorName) {
113 version_ = {keymasterName, keymasterAuthorName, 0 /* major version, filled below */,
114 isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE,
115 supportsEllipticCurve};
116 supportsSymmetricCryptography_ = supportsSymmetricCryptography;
117 supportsAttestation_ = supportsAttestation;
118 supportsAllDigests_ = supportsAllDigests;
119 });
120
121 CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features";
122
123 if (version_.securityLevel == SecurityLevel::SOFTWARE) {
124 version_.majorVersion = 3;
125 } else if (supportsAttestation_) {
126 version_.majorVersion = 3; // Could be 2, doesn't matter.
127 } else if (supportsSymmetricCryptography_) {
128 version_.majorVersion = 1;
129 } else {
130 version_.majorVersion = 0;
131 }
132 }
133
getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb)134 Return<void> Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb) {
135 getVersionIfNeeded();
136 _hidl_cb(version_.securityLevel,
137 std::string(version_.keymasterName) + " (wrapped by keystore::Keymaster3)",
138 version_.authorName);
139 return Void();
140 }
141
addRngEntropy(const hidl_vec<uint8_t> & data)142 Return<ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) {
143 auto rc = km3_dev_->addRngEntropy(data);
144 if (!rc.isOk()) {
145 return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
146 }
147 return convert(rc);
148 }
149
generateKey(const hidl_vec<KeyParameter> & keyParams,generateKey_cb _hidl_cb)150 Return<void> Keymaster3::generateKey(const hidl_vec<KeyParameter>& keyParams,
151 generateKey_cb _hidl_cb) {
152 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
153 const V3_0::KeyCharacteristics& characteristics) {
154 _hidl_cb(convert(error), keyBlob, convert(characteristics));
155 };
156 auto rc = km3_dev_->generateKey(convert(keyParams), cb);
157 rc.isOk(); // move ctor prereq
158 return rc;
159 }
160
getKeyCharacteristics(const hidl_vec<uint8_t> & keyBlob,const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,getKeyCharacteristics_cb _hidl_cb)161 Return<void> Keymaster3::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
162 const hidl_vec<uint8_t>& clientId,
163 const hidl_vec<uint8_t>& appData,
164 getKeyCharacteristics_cb _hidl_cb) {
165 auto cb = [&](V3_0::ErrorCode error, const V3_0::KeyCharacteristics& chars) {
166 _hidl_cb(convert(error), convert(chars));
167 };
168
169 auto rc = km3_dev_->getKeyCharacteristics(keyBlob, clientId, appData, cb);
170 rc.isOk(); // move ctor prereq
171 return rc;
172 }
173
importKey(const hidl_vec<KeyParameter> & params,KeyFormat keyFormat,const hidl_vec<uint8_t> & keyData,importKey_cb _hidl_cb)174 Return<void> Keymaster3::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
175 const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) {
176 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
177 const V3_0::KeyCharacteristics& chars) {
178 _hidl_cb(convert(error), keyBlob, convert(chars));
179 };
180 auto rc = km3_dev_->importKey(convert(params), convert(keyFormat), keyData, cb);
181 rc.isOk(); // move ctor prereq
182 return rc;
183 }
184
exportKey(KeyFormat exportFormat,const hidl_vec<uint8_t> & keyBlob,const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,exportKey_cb _hidl_cb)185 Return<void> Keymaster3::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
186 const hidl_vec<uint8_t>& clientId,
187 const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) {
188 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyMaterial) {
189 _hidl_cb(convert(error), keyMaterial);
190 };
191 auto rc = km3_dev_->exportKey(convert(exportFormat), keyBlob, clientId, appData, cb);
192 rc.isOk(); // move ctor prereq
193 return rc;
194 }
195
attestKey(const hidl_vec<uint8_t> & keyToAttest,const hidl_vec<KeyParameter> & attestParams,attestKey_cb _hidl_cb)196 Return<void> Keymaster3::attestKey(const hidl_vec<uint8_t>& keyToAttest,
197 const hidl_vec<KeyParameter>& attestParams,
198 attestKey_cb _hidl_cb) {
199 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<hidl_vec<uint8_t>>& certChain) {
200 _hidl_cb(convert(error), certChain);
201 };
202 auto rc = km3_dev_->attestKey(keyToAttest, convert(attestParams), cb);
203 rc.isOk(); // move ctor prereq
204 return rc;
205 }
206
upgradeKey(const hidl_vec<uint8_t> & keyBlobToUpgrade,const hidl_vec<KeyParameter> & upgradeParams,upgradeKey_cb _hidl_cb)207 Return<void> Keymaster3::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
208 const hidl_vec<KeyParameter>& upgradeParams,
209 upgradeKey_cb _hidl_cb) {
210 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& upgradedKeyBlob) {
211 _hidl_cb(convert(error), upgradedKeyBlob);
212 };
213 auto rc = km3_dev_->upgradeKey(keyBlobToUpgrade, convert(upgradeParams), cb);
214 rc.isOk(); // move ctor prereq
215 return rc;
216 }
217
deleteKey(const hidl_vec<uint8_t> & keyBlob)218 Return<ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
219 auto rc = km3_dev_->deleteKey(keyBlob);
220 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
221 return convert(rc);
222 }
223
deleteAllKeys()224 Return<ErrorCode> Keymaster3::deleteAllKeys() {
225 auto rc = km3_dev_->deleteAllKeys();
226 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
227 return convert(rc);
228 }
229
destroyAttestationIds()230 Return<ErrorCode> Keymaster3::destroyAttestationIds() {
231 auto rc = km3_dev_->destroyAttestationIds();
232 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
233 return convert(rc);
234 }
235
begin(KeyPurpose purpose,const hidl_vec<uint8_t> & key,const hidl_vec<KeyParameter> & inParams,const HardwareAuthToken & authToken,begin_cb _hidl_cb)236 Return<void> Keymaster3::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
237 const hidl_vec<KeyParameter>& inParams,
238 const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
239 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<V3_0::KeyParameter>& outParams,
240 OperationHandle operationHandle) {
241 _hidl_cb(convert(error), convert(outParams), operationHandle);
242 };
243
244 auto rc =
245 km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb);
246 rc.isOk(); // move ctor prereq
247 return rc;
248 }
249
update(uint64_t operationHandle,const hidl_vec<KeyParameter> & inParams,const hidl_vec<uint8_t> & input,const HardwareAuthToken & authToken,const VerificationToken &,update_cb _hidl_cb)250 Return<void> Keymaster3::update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
251 const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
252 const VerificationToken& /* verificationToken */,
253 update_cb _hidl_cb) {
254 auto cb = [&](V3_0::ErrorCode error, uint32_t inputConsumed,
255 const hidl_vec<V3_0::KeyParameter>& outParams, const hidl_vec<uint8_t>& output) {
256 _hidl_cb(convert(error), inputConsumed, convert(outParams), output);
257 };
258
259 auto rc =
260 km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input, cb);
261 rc.isOk(); // move ctor prereq
262 return rc;
263 }
264
finish(uint64_t operationHandle,const hidl_vec<KeyParameter> & inParams,const hidl_vec<uint8_t> & input,const hidl_vec<uint8_t> & signature,const HardwareAuthToken & authToken,const VerificationToken &,finish_cb _hidl_cb)265 Return<void> Keymaster3::finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
266 const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
267 const HardwareAuthToken& authToken,
268 const VerificationToken& /* verificationToken */,
269 finish_cb _hidl_cb) {
270 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<V3_0::KeyParameter>& outParams,
271 const hidl_vec<uint8_t>& output) {
272 _hidl_cb(convert(error), convert(outParams), output);
273 };
274
275 auto rc = km3_dev_->finish(operationHandle, convertAndAddAuthToken(inParams, authToken), input,
276 signature, cb);
277 rc.isOk(); // move ctor prereq
278 return rc;
279 }
280
abort(uint64_t operationHandle)281 Return<ErrorCode> Keymaster3::abort(uint64_t operationHandle) {
282 auto rc = km3_dev_->abort(operationHandle);
283 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
284 return convert(rc);
285 }
286
287 } // namespace support
288 } // namespace V4_0
289 } // namespace keymaster
290 } // namespace hardware
291 } // namespace android
292