1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_DEVICE_H_ 18 #define TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_DEVICE_H_ 19 20 #include <hardware/keymaster2.h> 21 #include <keymaster/android_keymaster_messages.h> 22 23 namespace keymaster { 24 25 /** 26 * Trusty Keymaster device. 27 * 28 * IMPORTANT MAINTAINER NOTE: Pointers to instances of this class must be castable to hw_device_t 29 * and keymaster_device. This means it must remain a standard layout class (no virtual functions and 30 * no data members which aren't standard layout), and device_ must be the first data member. 31 * Assertions in the constructor validate compliance with those constraints. 32 */ 33 class TrustyKeymasterDevice { 34 public: 35 /* 36 * These are the only symbols that will be exported by libtrustykeymaster. All functionality 37 * can be reached via the function pointers in device_. 38 */ 39 __attribute__((visibility("default"))) explicit TrustyKeymasterDevice( 40 const hw_module_t* module); 41 __attribute__((visibility("default"))) hw_device_t* hw_device(); 42 43 ~TrustyKeymasterDevice(); 44 session_error()45 keymaster_error_t session_error() { return error_; } 46 47 keymaster_error_t configure(const keymaster_key_param_set_t* params); 48 keymaster_error_t add_rng_entropy(const uint8_t* data, size_t data_length); 49 keymaster_error_t generate_key(const keymaster_key_param_set_t* params, 50 keymaster_key_blob_t* key_blob, 51 keymaster_key_characteristics_t* characteristics); 52 keymaster_error_t get_key_characteristics(const keymaster_key_blob_t* key_blob, 53 const keymaster_blob_t* client_id, 54 const keymaster_blob_t* app_data, 55 keymaster_key_characteristics_t* character); 56 keymaster_error_t import_key(const keymaster_key_param_set_t* params, 57 keymaster_key_format_t key_format, 58 const keymaster_blob_t* key_data, keymaster_key_blob_t* key_blob, 59 keymaster_key_characteristics_t* characteristics); 60 keymaster_error_t export_key(keymaster_key_format_t export_format, 61 const keymaster_key_blob_t* key_to_export, 62 const keymaster_blob_t* client_id, 63 const keymaster_blob_t* app_data, keymaster_blob_t* export_data); 64 keymaster_error_t attest_key(const keymaster_key_blob_t* key_to_attest, 65 const keymaster_key_param_set_t* attest_params, 66 keymaster_cert_chain_t* cert_chain); 67 keymaster_error_t upgrade_key(const keymaster_key_blob_t* key_to_upgrade, 68 const keymaster_key_param_set_t* upgrade_params, 69 keymaster_key_blob_t* upgraded_key); 70 keymaster_error_t begin(keymaster_purpose_t purpose, const keymaster_key_blob_t* key, 71 const keymaster_key_param_set_t* in_params, 72 keymaster_key_param_set_t* out_params, 73 keymaster_operation_handle_t* operation_handle); 74 keymaster_error_t update(keymaster_operation_handle_t operation_handle, 75 const keymaster_key_param_set_t* in_params, 76 const keymaster_blob_t* input, size_t* input_consumed, 77 keymaster_key_param_set_t* out_params, keymaster_blob_t* output); 78 keymaster_error_t finish(keymaster_operation_handle_t operation_handle, 79 const keymaster_key_param_set_t* in_params, 80 const keymaster_blob_t* input, const keymaster_blob_t* signature, 81 keymaster_key_param_set_t* out_params, keymaster_blob_t* output); 82 keymaster_error_t abort(keymaster_operation_handle_t operation_handle); 83 keymaster_error_t delete_key(const keymaster_key_blob_t* key); 84 keymaster_error_t delete_all_keys(); 85 86 private: 87 keymaster_error_t Send(uint32_t command, const Serializable& request, 88 KeymasterResponse* response); 89 90 /* 91 * These static methods are the functions referenced through the function pointers in 92 * keymaster_device. They're all trivial wrappers. 93 */ 94 static int close_device(hw_device_t* dev); 95 static keymaster_error_t configure(const keymaster2_device_t* dev, 96 const keymaster_key_param_set_t* params); 97 static keymaster_error_t add_rng_entropy(const keymaster2_device_t* dev, const uint8_t* data, 98 size_t data_length); 99 static keymaster_error_t generate_key(const keymaster2_device_t* dev, 100 const keymaster_key_param_set_t* params, 101 keymaster_key_blob_t* key_blob, 102 keymaster_key_characteristics_t* characteristics); 103 static keymaster_error_t get_key_characteristics(const keymaster2_device_t* dev, 104 const keymaster_key_blob_t* key_blob, 105 const keymaster_blob_t* client_id, 106 const keymaster_blob_t* app_data, 107 keymaster_key_characteristics_t* character); 108 static keymaster_error_t import_key(const keymaster2_device_t* dev, 109 const keymaster_key_param_set_t* params, 110 keymaster_key_format_t key_format, 111 const keymaster_blob_t* key_data, 112 keymaster_key_blob_t* key_blob, 113 keymaster_key_characteristics_t* characteristics); 114 static keymaster_error_t export_key(const keymaster2_device_t* dev, 115 keymaster_key_format_t export_format, 116 const keymaster_key_blob_t* key_to_export, 117 const keymaster_blob_t* client_id, 118 const keymaster_blob_t* app_data, 119 keymaster_blob_t* export_data); 120 static keymaster_error_t attest_key(const keymaster2_device_t* dev, 121 const keymaster_key_blob_t* key_to_attest, 122 const keymaster_key_param_set_t* attest_params, 123 keymaster_cert_chain_t* cert_chain); 124 static keymaster_error_t upgrade_key(const keymaster2_device_t* dev, 125 const keymaster_key_blob_t* key_to_upgrade, 126 const keymaster_key_param_set_t* upgrade_params, 127 keymaster_key_blob_t* upgraded_key); 128 static keymaster_error_t delete_key(const keymaster2_device_t* dev, 129 const keymaster_key_blob_t* key); 130 static keymaster_error_t delete_all_keys(const keymaster2_device_t* dev); 131 static keymaster_error_t begin(const keymaster2_device_t* dev, keymaster_purpose_t purpose, 132 const keymaster_key_blob_t* key, 133 const keymaster_key_param_set_t* in_params, 134 keymaster_key_param_set_t* out_params, 135 keymaster_operation_handle_t* operation_handle); 136 static keymaster_error_t update(const keymaster2_device_t* dev, 137 keymaster_operation_handle_t operation_handle, 138 const keymaster_key_param_set_t* in_params, 139 const keymaster_blob_t* input, size_t* input_consumed, 140 keymaster_key_param_set_t* out_params, 141 keymaster_blob_t* output); 142 static keymaster_error_t finish(const keymaster2_device_t* dev, 143 keymaster_operation_handle_t operation_handle, 144 const keymaster_key_param_set_t* in_params, 145 const keymaster_blob_t* input, 146 const keymaster_blob_t* signature, 147 keymaster_key_param_set_t* out_params, 148 keymaster_blob_t* output); 149 static keymaster_error_t abort(const keymaster2_device_t* dev, 150 keymaster_operation_handle_t operation_handle); 151 152 keymaster2_device_t device_; 153 keymaster_error_t error_; 154 int32_t message_version_; 155 }; 156 157 } // namespace keymaster 158 159 #endif // TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_DEVICE_H_ 160