1 /* 2 * Copyright 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <cstdlib> 20 #include <map> 21 #include <vector> 22 23 #include <hardware/keymaster1.h> 24 #include <hardware/keymaster2.h> 25 26 #include <keymaster/UniquePtr.h> 27 #include <keymaster/android_keymaster.h> 28 #include <keymaster/contexts/soft_keymaster_context.h> 29 30 namespace keymaster { 31 32 class AuthorizationSet; 33 34 /** 35 * Keymaster1 device implementation. 36 * 37 * This is a hybrid software/hardware implementation which wraps a keymaster0_device_t, forwarding 38 * RSA operations to secure hardware and doing everything else in software. 39 * 40 * IMPORTANT MAINTAINER NOTE: Pointers to instances of this class must be castable to hw_device_t 41 * and keymaster_device. This means it must remain a standard layout class (no virtual functions and 42 * no data members which aren't standard layout), and device_ must be the first data member. 43 * Assertions in the constructor validate compliance with those constraints. 44 */ 45 class SoftKeymasterDevice { 46 public: 47 explicit SoftKeymasterDevice(KmVersion version); 48 49 explicit SoftKeymasterDevice(SoftKeymasterContext* context); 50 51 /** 52 * Set SoftKeymasterDevice to wrap specified HW keymaster1 device. Takes ownership of the 53 * specified device (will call keymaster1_device->common.close()); 54 */ 55 keymaster_error_t SetHardwareDevice(keymaster1_device_t* keymaster1_device); 56 57 /** 58 * Returns true if a keymaster1_device_t has been set as the hardware device, and if that 59 * hardware device should be used directly. 60 */ 61 bool Keymaster1DeviceIsGood(); 62 63 hw_device_t* hw_device(); 64 keymaster1_device_t* keymaster_device(); 65 keymaster2_device_t* keymaster2_device(); 66 67 // Public only for testing GetVersion(const GetVersionRequest & req,GetVersionResponse * rsp)68 void GetVersion(const GetVersionRequest& req, GetVersionResponse* rsp) { 69 impl_->GetVersion(req, rsp); 70 } 71 configured()72 bool configured() const { return configured_; } 73 supports_all_digests()74 bool supports_all_digests() { return supports_all_digests_; } 75 76 typedef std::pair<keymaster_algorithm_t, keymaster_purpose_t> AlgPurposePair; 77 typedef std::map<AlgPurposePair, std::vector<keymaster_digest_t>> DigestMap; 78 79 private: 80 void initialize_device_struct(uint32_t flags); 81 bool FindUnsupportedDigest(keymaster_algorithm_t algorithm, keymaster_purpose_t purpose, 82 const AuthorizationSet& params, 83 keymaster_digest_t* unsupported) const; 84 bool RequiresSoftwareDigesting(keymaster_algorithm_t algorithm, keymaster_purpose_t purpose, 85 const AuthorizationSet& params) const; 86 bool KeyRequiresSoftwareDigesting(const AuthorizationSet& key_description) const; 87 88 static void StoreDefaultNewKeyParams(keymaster_algorithm_t algorithm, 89 AuthorizationSet* auth_set); 90 static keymaster_error_t GetPkcs8KeyAlgorithm(const uint8_t* key, size_t key_length, 91 keymaster_algorithm_t* algorithm); 92 93 static int close_device(hw_device_t* dev); 94 95 /* 96 * These static methods are the functions referenced through the function pointers in 97 * keymaster_device. 98 */ 99 100 // Keymaster1 methods -- needed for testing. 101 static keymaster_error_t get_supported_algorithms(const keymaster1_device_t* dev, 102 keymaster_algorithm_t** algorithms, 103 size_t* algorithms_length); 104 static keymaster_error_t get_supported_block_modes(const keymaster1_device_t* dev, 105 keymaster_algorithm_t algorithm, 106 keymaster_purpose_t purpose, 107 keymaster_block_mode_t** modes, 108 size_t* modes_length); 109 static keymaster_error_t get_supported_padding_modes(const keymaster1_device_t* dev, 110 keymaster_algorithm_t algorithm, 111 keymaster_purpose_t purpose, 112 keymaster_padding_t** modes, 113 size_t* modes_length); 114 static keymaster_error_t get_supported_digests(const keymaster1_device_t* dev, 115 keymaster_algorithm_t algorithm, 116 keymaster_purpose_t purpose, 117 keymaster_digest_t** digests, 118 size_t* digests_length); 119 static keymaster_error_t get_supported_import_formats(const keymaster1_device_t* dev, 120 keymaster_algorithm_t algorithm, 121 keymaster_key_format_t** formats, 122 size_t* formats_length); 123 static keymaster_error_t get_supported_export_formats(const keymaster1_device_t* dev, 124 keymaster_algorithm_t algorithm, 125 keymaster_key_format_t** formats, 126 size_t* formats_length); 127 static keymaster_error_t add_rng_entropy(const keymaster1_device_t* dev, const uint8_t* data, 128 size_t data_length); 129 static keymaster_error_t generate_key(const keymaster1_device_t* dev, 130 const keymaster_key_param_set_t* params, 131 keymaster_key_blob_t* key_blob, 132 keymaster_key_characteristics_t** characteristics); 133 static keymaster_error_t get_key_characteristics(const keymaster1_device_t* dev, 134 const keymaster_key_blob_t* key_blob, 135 const keymaster_blob_t* client_id, 136 const keymaster_blob_t* app_data, 137 keymaster_key_characteristics_t** character); 138 static keymaster_error_t import_key(const keymaster1_device_t* dev, // 139 const keymaster_key_param_set_t* params, 140 keymaster_key_format_t key_format, 141 const keymaster_blob_t* key_data, 142 keymaster_key_blob_t* key_blob, 143 keymaster_key_characteristics_t** characteristics); 144 static keymaster_error_t export_key(const keymaster1_device_t* dev, // 145 keymaster_key_format_t export_format, 146 const keymaster_key_blob_t* key_to_export, 147 const keymaster_blob_t* client_id, 148 const keymaster_blob_t* app_data, 149 keymaster_blob_t* export_data); 150 static keymaster_error_t delete_key(const keymaster1_device_t* dev, 151 const keymaster_key_blob_t* key); 152 static keymaster_error_t delete_all_keys(const keymaster1_device_t* dev); 153 static keymaster_error_t begin(const keymaster1_device_t* dev, keymaster_purpose_t purpose, 154 const keymaster_key_blob_t* key, 155 const keymaster_key_param_set_t* in_params, 156 keymaster_key_param_set_t* out_params, 157 keymaster_operation_handle_t* operation_handle); 158 static keymaster_error_t update(const keymaster1_device_t* dev, // 159 keymaster_operation_handle_t operation_handle, 160 const keymaster_key_param_set_t* in_params, 161 const keymaster_blob_t* input, size_t* input_consumed, 162 keymaster_key_param_set_t* out_params, 163 keymaster_blob_t* output); 164 static keymaster_error_t finish(const keymaster1_device_t* dev, // 165 keymaster_operation_handle_t operation_handle, 166 const keymaster_key_param_set_t* in_params, 167 const keymaster_blob_t* signature, 168 keymaster_key_param_set_t* out_params, 169 keymaster_blob_t* output); 170 static keymaster_error_t abort(const keymaster1_device_t* dev, 171 keymaster_operation_handle_t operation_handle); 172 173 // Keymaster2 methods 174 static keymaster_error_t configure(const keymaster2_device_t* dev, 175 const keymaster_key_param_set_t* params); 176 static keymaster_error_t add_rng_entropy(const keymaster2_device_t* dev, const uint8_t* data, 177 size_t data_length); 178 static keymaster_error_t generate_key(const keymaster2_device_t* dev, 179 const keymaster_key_param_set_t* params, 180 keymaster_key_blob_t* key_blob, 181 keymaster_key_characteristics_t* characteristics); 182 static keymaster_error_t get_key_characteristics(const keymaster2_device_t* dev, 183 const keymaster_key_blob_t* key_blob, 184 const keymaster_blob_t* client_id, 185 const keymaster_blob_t* app_data, 186 keymaster_key_characteristics_t* character); 187 static keymaster_error_t import_key(const keymaster2_device_t* dev, // 188 const keymaster_key_param_set_t* params, 189 keymaster_key_format_t key_format, 190 const keymaster_blob_t* key_data, 191 keymaster_key_blob_t* key_blob, 192 keymaster_key_characteristics_t* characteristics); 193 static keymaster_error_t export_key(const keymaster2_device_t* dev, // 194 keymaster_key_format_t export_format, 195 const keymaster_key_blob_t* key_to_export, 196 const keymaster_blob_t* client_id, 197 const keymaster_blob_t* app_data, 198 keymaster_blob_t* export_data); 199 static keymaster_error_t attest_key(const keymaster2_device_t* dev, 200 const keymaster_key_blob_t* key_to_attest, 201 const keymaster_key_param_set_t* attest_params, 202 keymaster_cert_chain_t* cert_chain); 203 static keymaster_error_t upgrade_key(const keymaster2_device_t* dev, 204 const keymaster_key_blob_t* key_to_upgrade, 205 const keymaster_key_param_set_t* upgrade_params, 206 keymaster_key_blob_t* upgraded_key); 207 static keymaster_error_t delete_key(const keymaster2_device_t* dev, 208 const keymaster_key_blob_t* key); 209 static keymaster_error_t delete_all_keys(const keymaster2_device_t* dev); 210 static keymaster_error_t begin(const keymaster2_device_t* dev, keymaster_purpose_t purpose, 211 const keymaster_key_blob_t* key, 212 const keymaster_key_param_set_t* in_params, 213 keymaster_key_param_set_t* out_params, 214 keymaster_operation_handle_t* operation_handle); 215 static keymaster_error_t update(const keymaster2_device_t* dev, // 216 keymaster_operation_handle_t operation_handle, 217 const keymaster_key_param_set_t* in_params, 218 const keymaster_blob_t* input, size_t* input_consumed, 219 keymaster_key_param_set_t* out_params, 220 keymaster_blob_t* output); 221 static keymaster_error_t finish(const keymaster2_device_t* dev, // 222 keymaster_operation_handle_t operation_handle, 223 const keymaster_key_param_set_t* in_params, 224 const keymaster_blob_t* input, 225 const keymaster_blob_t* signature, 226 keymaster_key_param_set_t* out_params, 227 keymaster_blob_t* output); 228 static keymaster_error_t abort(const keymaster2_device_t* dev, 229 keymaster_operation_handle_t operation_handle); 230 231 keymaster1_device_t km1_device_; 232 keymaster2_device_t km2_device_; 233 234 keymaster1_device_t* wrapped_km1_device_; 235 DigestMap km1_device_digests_; 236 SoftKeymasterContext* context_; 237 UniquePtr<AndroidKeymaster> impl_; 238 std::string module_name_; 239 hw_module_t updated_module_; 240 bool configured_; 241 bool supports_all_digests_; 242 }; 243 244 } // namespace keymaster 245