1 //! Traits representing abstractions of cryptographic functionality. 2 use super::*; 3 use crate::{crypto::ec::Key, explicit, keyblob, vec_try, Error}; 4 use alloc::{boxed::Box, vec::Vec}; 5 use der::Decode; 6 use kmr_wire::{keymint, keymint::Digest, KeySizeInBits, RsaExponent}; 7 use log::{error, warn}; 8 9 /// Combined collection of trait implementations that must be provided. 10 pub struct Implementation<'a> { 11 /// Random number generator. 12 pub rng: &'a mut dyn Rng, 13 14 /// A local clock, if available. If not available, KeyMint will require timestamp tokens to 15 /// be provided by an external `ISecureClock` (with which it shares a common key). 16 pub clock: Option<&'a dyn MonotonicClock>, 17 18 /// A constant-time equality implementation. 19 pub compare: &'a dyn ConstTimeEq, 20 21 /// AES implementation. 22 pub aes: &'a dyn Aes, 23 24 /// DES implementation. 25 pub des: &'a dyn Des, 26 27 /// HMAC implementation. 28 pub hmac: &'a dyn Hmac, 29 30 /// RSA implementation. 31 pub rsa: &'a dyn Rsa, 32 33 /// EC implementation. 34 pub ec: &'a dyn Ec, 35 36 /// CKDF implementation. 37 pub ckdf: &'a dyn Ckdf, 38 39 /// HKDF implementation. 40 pub hkdf: &'a dyn Hkdf, 41 } 42 43 /// Abstraction of a random number generator that is cryptographically secure 44 /// and which accepts additional entropy to be mixed in. 45 pub trait Rng { 46 /// Add entropy to the generator's pool. add_entropy(&mut self, data: &[u8])47 fn add_entropy(&mut self, data: &[u8]); 48 /// Generate random data. fill_bytes(&mut self, dest: &mut [u8])49 fn fill_bytes(&mut self, dest: &mut [u8]); 50 /// Return a random `u64` value. next_u64(&mut self) -> u6451 fn next_u64(&mut self) -> u64 { 52 let mut buf = [0u8; 8]; 53 self.fill_bytes(&mut buf); 54 u64::from_le_bytes(buf) 55 } 56 } 57 58 /// Abstraction of constant-time comparisons, for use in cryptographic contexts where timing attacks 59 /// need to be avoided. 60 pub trait ConstTimeEq { 61 /// Indicate whether arguments are the same. eq(&self, left: &[u8], right: &[u8]) -> bool62 fn eq(&self, left: &[u8], right: &[u8]) -> bool; 63 /// Indicate whether arguments are the different. ne(&self, left: &[u8], right: &[u8]) -> bool64 fn ne(&self, left: &[u8], right: &[u8]) -> bool { 65 !self.eq(left, right) 66 } 67 } 68 69 /// Abstraction of a monotonic clock. 70 pub trait MonotonicClock { 71 /// Return the current time in milliseconds since some arbitrary point in time. Time must be 72 /// monotonically increasing, and "current time" must not repeat until the Android device 73 /// reboots, or until at least 50 million years have elapsed. Time must also continue to 74 /// advance while the device is suspended (which may not be the case with e.g. Linux's 75 /// `clock_gettime(CLOCK_MONOTONIC)`). now(&self) -> MillisecondsSinceEpoch76 fn now(&self) -> MillisecondsSinceEpoch; 77 } 78 79 /// Abstraction of AES functionality. 80 pub trait Aes { 81 /// Generate an AES key. The default implementation fills with random data. Key generation 82 /// parameters are passed in for reference, to allow for implementations that might have 83 /// parameter-specific behaviour. generate_key( &self, rng: &mut dyn Rng, variant: aes::Variant, _params: &[keymint::KeyParam], ) -> Result<KeyMaterial, Error>84 fn generate_key( 85 &self, 86 rng: &mut dyn Rng, 87 variant: aes::Variant, 88 _params: &[keymint::KeyParam], 89 ) -> Result<KeyMaterial, Error> { 90 Ok(match variant { 91 aes::Variant::Aes128 => { 92 let mut key = [0; 16]; 93 rng.fill_bytes(&mut key[..]); 94 KeyMaterial::Aes(aes::Key::Aes128(key).into()) 95 } 96 aes::Variant::Aes192 => { 97 let mut key = [0; 24]; 98 rng.fill_bytes(&mut key[..]); 99 KeyMaterial::Aes(aes::Key::Aes192(key).into()) 100 } 101 aes::Variant::Aes256 => { 102 let mut key = [0; 32]; 103 rng.fill_bytes(&mut key[..]); 104 KeyMaterial::Aes(aes::Key::Aes256(key).into()) 105 } 106 }) 107 } 108 109 /// Import an AES key, also returning the key size in bits. Key import parameters are passed in 110 /// for reference, to allow for implementations that might have parameter-specific behaviour. import_key( &self, data: &[u8], _params: &[keymint::KeyParam], ) -> Result<(KeyMaterial, KeySizeInBits), Error>111 fn import_key( 112 &self, 113 data: &[u8], 114 _params: &[keymint::KeyParam], 115 ) -> Result<(KeyMaterial, KeySizeInBits), Error> { 116 let aes_key = aes::Key::new_from(data)?; 117 let key_size = aes_key.size(); 118 Ok((KeyMaterial::Aes(aes_key.into()), key_size)) 119 } 120 121 /// Create an AES operation. For block mode operations with no padding 122 /// ([`aes::CipherMode::EcbNoPadding`] and [`aes::CipherMode::CbcNoPadding`]) the operation 123 /// implementation should reject (with [`ErrorCode::InvalidInputLength`]) input data that does 124 /// not end up being a multiple of the block size. begin( &self, key: OpaqueOr<aes::Key>, mode: aes::CipherMode, dir: SymmetricOperation, ) -> Result<Box<dyn EmittingOperation>, Error>125 fn begin( 126 &self, 127 key: OpaqueOr<aes::Key>, 128 mode: aes::CipherMode, 129 dir: SymmetricOperation, 130 ) -> Result<Box<dyn EmittingOperation>, Error>; 131 132 /// Create an AES-GCM operation. begin_aead( &self, key: OpaqueOr<aes::Key>, mode: aes::GcmMode, dir: SymmetricOperation, ) -> Result<Box<dyn AadOperation>, Error>133 fn begin_aead( 134 &self, 135 key: OpaqueOr<aes::Key>, 136 mode: aes::GcmMode, 137 dir: SymmetricOperation, 138 ) -> Result<Box<dyn AadOperation>, Error>; 139 } 140 141 /// Abstraction of 3-DES functionality. 142 pub trait Des { 143 /// Generate a triple DES key. Key generation parameters are passed in for reference, to allow 144 /// for implementations that might have parameter-specific behaviour. generate_key( &self, rng: &mut dyn Rng, _params: &[keymint::KeyParam], ) -> Result<KeyMaterial, Error>145 fn generate_key( 146 &self, 147 rng: &mut dyn Rng, 148 _params: &[keymint::KeyParam], 149 ) -> Result<KeyMaterial, Error> { 150 let mut key = vec_try![0; 24]?; 151 // Note: parity bits must be ignored. 152 rng.fill_bytes(&mut key[..]); 153 Ok(KeyMaterial::TripleDes(des::Key::new(key)?.into())) 154 } 155 156 /// Import a triple DES key. Key import parameters are passed in for reference, to allow for 157 /// implementations that might have parameter-specific behaviour. import_key(&self, data: &[u8], _params: &[keymint::KeyParam]) -> Result<KeyMaterial, Error>158 fn import_key(&self, data: &[u8], _params: &[keymint::KeyParam]) -> Result<KeyMaterial, Error> { 159 let des_key = des::Key::new_from(data)?; 160 Ok(KeyMaterial::TripleDes(des_key.into())) 161 } 162 163 /// Create a DES operation. For block mode operations with no padding 164 /// ([`des::Mode::EcbNoPadding`] and [`des::Mode::CbcNoPadding`]) the operation implementation 165 /// should reject (with [`ErrorCode::InvalidInputLength`]) input data that does not end up being 166 /// a multiple of the block size. begin( &self, key: OpaqueOr<des::Key>, mode: des::Mode, dir: SymmetricOperation, ) -> Result<Box<dyn EmittingOperation>, Error>167 fn begin( 168 &self, 169 key: OpaqueOr<des::Key>, 170 mode: des::Mode, 171 dir: SymmetricOperation, 172 ) -> Result<Box<dyn EmittingOperation>, Error>; 173 } 174 175 /// Abstraction of HMAC functionality. 176 pub trait Hmac { 177 /// Generate an HMAC key. Key generation parameters are passed in for reference, to allow for 178 /// implementations that might have parameter-specific behaviour. generate_key( &self, rng: &mut dyn Rng, key_size: KeySizeInBits, _params: &[keymint::KeyParam], ) -> Result<KeyMaterial, Error>179 fn generate_key( 180 &self, 181 rng: &mut dyn Rng, 182 key_size: KeySizeInBits, 183 _params: &[keymint::KeyParam], 184 ) -> Result<KeyMaterial, Error> { 185 hmac::valid_hal_size(key_size)?; 186 187 let key_len = (key_size.0 / 8) as usize; 188 let mut key = vec_try![0; key_len]?; 189 rng.fill_bytes(&mut key); 190 Ok(KeyMaterial::Hmac(hmac::Key::new(key).into())) 191 } 192 193 /// Import an HMAC key, also returning the key size in bits. Key import parameters are passed in 194 /// for reference, to allow for implementations that might have parameter-specific behaviour. import_key( &self, data: &[u8], _params: &[keymint::KeyParam], ) -> Result<(KeyMaterial, KeySizeInBits), Error>195 fn import_key( 196 &self, 197 data: &[u8], 198 _params: &[keymint::KeyParam], 199 ) -> Result<(KeyMaterial, KeySizeInBits), Error> { 200 let hmac_key = hmac::Key::new_from(data)?; 201 let key_size = hmac_key.size(); 202 hmac::valid_hal_size(key_size)?; 203 Ok((KeyMaterial::Hmac(hmac_key.into()), key_size)) 204 } 205 206 /// Create an HMAC operation. Implementations can assume that: 207 /// - `key` will have length in range `8..=64` bytes. 208 /// - `digest` will not be [`Digest::None`] begin( &self, key: OpaqueOr<hmac::Key>, digest: Digest, ) -> Result<Box<dyn AccumulatingOperation>, Error>209 fn begin( 210 &self, 211 key: OpaqueOr<hmac::Key>, 212 digest: Digest, 213 ) -> Result<Box<dyn AccumulatingOperation>, Error>; 214 } 215 216 /// Abstraction of AES-CMAC functionality. (Note that this is not exposed in the KeyMint HAL API 217 /// directly, but is required for the CKDF operations involved in `ISharedSecret` negotiation.) 218 pub trait AesCmac { 219 /// Create an AES-CMAC operation. Implementations can assume that `key` will have length 220 /// of either 16 (AES-128) or 32 (AES-256). begin(&self, key: OpaqueOr<aes::Key>) -> Result<Box<dyn AccumulatingOperation>, Error>221 fn begin(&self, key: OpaqueOr<aes::Key>) -> Result<Box<dyn AccumulatingOperation>, Error>; 222 } 223 224 /// Abstraction of RSA functionality. 225 pub trait Rsa { 226 /// Generate an RSA key. Key generation parameters are passed in for reference, to allow for 227 /// implementations that might have parameter-specific behaviour. generate_key( &self, rng: &mut dyn Rng, key_size: KeySizeInBits, pub_exponent: RsaExponent, params: &[keymint::KeyParam], ) -> Result<KeyMaterial, Error>228 fn generate_key( 229 &self, 230 rng: &mut dyn Rng, 231 key_size: KeySizeInBits, 232 pub_exponent: RsaExponent, 233 params: &[keymint::KeyParam], 234 ) -> Result<KeyMaterial, Error>; 235 236 /// Import an RSA key in PKCS#8 format, also returning the key size in bits and public exponent. 237 /// Key import parameters are passed in for reference, to allow for implementations that might 238 /// have parameter-specific behaviour. import_pkcs8_key( &self, data: &[u8], _params: &[keymint::KeyParam], ) -> Result<(KeyMaterial, KeySizeInBits, RsaExponent), Error>239 fn import_pkcs8_key( 240 &self, 241 data: &[u8], 242 _params: &[keymint::KeyParam], 243 ) -> Result<(KeyMaterial, KeySizeInBits, RsaExponent), Error> { 244 rsa::import_pkcs8_key(data) 245 } 246 247 /// Return the public key data corresponds to the provided private `key`, 248 /// as an ASN.1 DER-encoded `SEQUENCE` as per RFC 3279 section 2.3.1: 249 /// ```asn1 250 /// RSAPublicKey ::= SEQUENCE { 251 /// modulus INTEGER, -- n 252 /// publicExponent INTEGER } -- e 253 /// ``` 254 /// which is the `subjectPublicKey` to be included in `SubjectPublicKeyInfo`. subject_public_key(&self, key: &OpaqueOr<rsa::Key>) -> Result<Vec<u8>, Error>255 fn subject_public_key(&self, key: &OpaqueOr<rsa::Key>) -> Result<Vec<u8>, Error> { 256 // The default implementation only handles the `Explicit<rsa::Key>` variant. 257 let rsa_key = explicit!(key)?; 258 rsa_key.subject_public_key() 259 } 260 261 /// Create an RSA decryption operation. begin_decrypt( &self, key: OpaqueOr<rsa::Key>, mode: rsa::DecryptionMode, ) -> Result<Box<dyn AccumulatingOperation>, Error>262 fn begin_decrypt( 263 &self, 264 key: OpaqueOr<rsa::Key>, 265 mode: rsa::DecryptionMode, 266 ) -> Result<Box<dyn AccumulatingOperation>, Error>; 267 268 /// Create an RSA signing operation. For [`rsa::SignMode::Pkcs1_1_5Padding(Digest::None)`] the 269 /// implementation should reject (with [`ErrorCode::InvalidInputLength`]) accumulated input that 270 /// is larger than the size of the RSA key less overhead 271 /// ([`rsa::PKCS1_UNDIGESTED_SIGNATURE_PADDING_OVERHEAD`]). begin_sign( &self, key: OpaqueOr<rsa::Key>, mode: rsa::SignMode, ) -> Result<Box<dyn AccumulatingOperation>, Error>272 fn begin_sign( 273 &self, 274 key: OpaqueOr<rsa::Key>, 275 mode: rsa::SignMode, 276 ) -> Result<Box<dyn AccumulatingOperation>, Error>; 277 } 278 279 /// Abstraction of EC functionality. 280 pub trait Ec { 281 /// Generate an EC key for a NIST curve. Key generation parameters are passed in for reference, 282 /// to allow for implementations that might have parameter-specific behaviour. generate_nist_key( &self, rng: &mut dyn Rng, curve: ec::NistCurve, params: &[keymint::KeyParam], ) -> Result<KeyMaterial, Error>283 fn generate_nist_key( 284 &self, 285 rng: &mut dyn Rng, 286 curve: ec::NistCurve, 287 params: &[keymint::KeyParam], 288 ) -> Result<KeyMaterial, Error>; 289 290 /// Generate an Ed25519 key. Key generation parameters are passed in for reference, to allow 291 /// for implementations that might have parameter-specific behaviour. generate_ed25519_key( &self, rng: &mut dyn Rng, params: &[keymint::KeyParam], ) -> Result<KeyMaterial, Error>292 fn generate_ed25519_key( 293 &self, 294 rng: &mut dyn Rng, 295 params: &[keymint::KeyParam], 296 ) -> Result<KeyMaterial, Error>; 297 298 /// Generate an X25519 key. Key generation parameters are passed in for reference, to allow for 299 /// implementations that might have parameter-specific behaviour. generate_x25519_key( &self, rng: &mut dyn Rng, params: &[keymint::KeyParam], ) -> Result<KeyMaterial, Error>300 fn generate_x25519_key( 301 &self, 302 rng: &mut dyn Rng, 303 params: &[keymint::KeyParam], 304 ) -> Result<KeyMaterial, Error>; 305 306 /// Import an EC key in PKCS#8 format. Key import parameters are passed in for reference, to 307 /// allow for implementations that might have parameter-specific behaviour. import_pkcs8_key( &self, data: &[u8], _params: &[keymint::KeyParam], ) -> Result<KeyMaterial, Error>308 fn import_pkcs8_key( 309 &self, 310 data: &[u8], 311 _params: &[keymint::KeyParam], 312 ) -> Result<KeyMaterial, Error> { 313 ec::import_pkcs8_key(data) 314 } 315 316 /// Import a 32-byte raw Ed25519 key. Key import parameters are passed in for reference, to 317 /// allow for implementations that might have parameter-specific behaviour. import_raw_ed25519_key( &self, data: &[u8], _params: &[keymint::KeyParam], ) -> Result<KeyMaterial, Error>318 fn import_raw_ed25519_key( 319 &self, 320 data: &[u8], 321 _params: &[keymint::KeyParam], 322 ) -> Result<KeyMaterial, Error> { 323 ec::import_raw_ed25519_key(data) 324 } 325 326 /// Import a 32-byte raw X25519 key. Key import parameters are passed in for reference, to 327 /// allow for implementations that might have parameter-specific behaviour. import_raw_x25519_key( &self, data: &[u8], _params: &[keymint::KeyParam], ) -> Result<KeyMaterial, Error>328 fn import_raw_x25519_key( 329 &self, 330 data: &[u8], 331 _params: &[keymint::KeyParam], 332 ) -> Result<KeyMaterial, Error> { 333 ec::import_raw_x25519_key(data) 334 } 335 336 /// Return the public key data that corresponds to the provided private `key`. 337 /// If `CurveType` of the key is `CurveType::Nist`, return the public key data 338 /// as a SEC-1 encoded uncompressed point as described in RFC 5480 section 2.1. 339 /// I.e. 0x04: uncompressed, followed by x || y coordinates. 340 /// 341 /// For other two curve types, return the raw public key data. subject_public_key(&self, key: &OpaqueOr<ec::Key>) -> Result<Vec<u8>, Error>342 fn subject_public_key(&self, key: &OpaqueOr<ec::Key>) -> Result<Vec<u8>, Error> { 343 // The default implementation only handles the `Explicit<ec::Key>` variant. 344 let ec_key = explicit!(key)?; 345 match ec_key { 346 Key::P224(nist_key) 347 | Key::P256(nist_key) 348 | Key::P384(nist_key) 349 | Key::P521(nist_key) => { 350 let ec_pvt_key = sec1::EcPrivateKey::from_der(nist_key.0.as_slice())?; 351 match ec_pvt_key.public_key { 352 Some(pub_key) => Ok(pub_key.to_vec()), 353 None => { 354 // Key structure doesn't include optional public key, so regenerate it. 355 let nist_curve: ec::NistCurve = ec_key.curve().try_into()?; 356 Ok(self.nist_public_key(nist_key, nist_curve)?) 357 } 358 } 359 } 360 Key::Ed25519(ed25519_key) => self.ed25519_public_key(ed25519_key), 361 Key::X25519(x25519_key) => self.x25519_public_key(x25519_key), 362 } 363 } 364 365 /// Return the public key data that corresponds to the provided private `key`, as a SEC-1 366 /// encoded uncompressed point. nist_public_key(&self, key: &ec::NistKey, curve: ec::NistCurve) -> Result<Vec<u8>, Error>367 fn nist_public_key(&self, key: &ec::NistKey, curve: ec::NistCurve) -> Result<Vec<u8>, Error>; 368 369 /// Return the raw public key data that corresponds to the provided private `key`. ed25519_public_key(&self, key: &ec::Ed25519Key) -> Result<Vec<u8>, Error>370 fn ed25519_public_key(&self, key: &ec::Ed25519Key) -> Result<Vec<u8>, Error>; 371 372 /// Return the raw public key data that corresponds to the provided private `key`. x25519_public_key(&self, key: &ec::X25519Key) -> Result<Vec<u8>, Error>373 fn x25519_public_key(&self, key: &ec::X25519Key) -> Result<Vec<u8>, Error>; 374 375 /// Create an EC key agreement operation. 376 /// The accumulated input for the operation is expected to be the peer's 377 /// public key, provided as an ASN.1 DER-encoded `SubjectPublicKeyInfo`. begin_agree(&self, key: OpaqueOr<ec::Key>) -> Result<Box<dyn AccumulatingOperation>, Error>378 fn begin_agree(&self, key: OpaqueOr<ec::Key>) -> Result<Box<dyn AccumulatingOperation>, Error>; 379 380 /// Create an EC signing operation. For Ed25519 signing operations, the implementation should 381 /// reject (with [`ErrorCode::InvalidInputLength`]) accumulated data that is larger than 382 /// [`ec::MAX_ED25519_MSG_SIZE`]. begin_sign( &self, key: OpaqueOr<ec::Key>, digest: Digest, ) -> Result<Box<dyn AccumulatingOperation>, Error>383 fn begin_sign( 384 &self, 385 key: OpaqueOr<ec::Key>, 386 digest: Digest, 387 ) -> Result<Box<dyn AccumulatingOperation>, Error>; 388 } 389 390 /// Abstraction of an in-progress operation that emits data as it progresses. 391 pub trait EmittingOperation { 392 /// Update operation with data. update(&mut self, data: &[u8]) -> Result<Vec<u8>, Error>393 fn update(&mut self, data: &[u8]) -> Result<Vec<u8>, Error>; 394 395 /// Complete operation, consuming `self`. finish(self: Box<Self>) -> Result<Vec<u8>, Error>396 fn finish(self: Box<Self>) -> Result<Vec<u8>, Error>; 397 } 398 399 /// Abstraction of an in-progress operation that has authenticated associated data. 400 pub trait AadOperation: EmittingOperation { 401 /// Update additional data. Implementations can assume that all calls to `update_aad()` 402 /// will occur before any calls to `update()` or `finish()`. update_aad(&mut self, aad: &[u8]) -> Result<(), Error>403 fn update_aad(&mut self, aad: &[u8]) -> Result<(), Error>; 404 } 405 406 /// Abstraction of an in-progress operation that only emits data when it completes. 407 pub trait AccumulatingOperation { 408 /// Maximum size of accumulated input. max_input_size(&self) -> Option<usize>409 fn max_input_size(&self) -> Option<usize> { 410 None 411 } 412 413 /// Update operation with data. update(&mut self, data: &[u8]) -> Result<(), Error>414 fn update(&mut self, data: &[u8]) -> Result<(), Error>; 415 416 /// Complete operation, consuming `self`. finish(self: Box<Self>) -> Result<Vec<u8>, Error>417 fn finish(self: Box<Self>) -> Result<Vec<u8>, Error>; 418 } 419 420 /// Abstraction of HKDF key derivation with HMAC-SHA256. 421 /// 422 /// A default implementation of this trait is available (in `crypto.rs`) for any type that 423 /// implements [`Hmac`]. 424 pub trait Hkdf { hkdf(&self, salt: &[u8], ikm: &[u8], info: &[u8], out_len: usize) -> Result<Vec<u8>, Error>425 fn hkdf(&self, salt: &[u8], ikm: &[u8], info: &[u8], out_len: usize) -> Result<Vec<u8>, Error> { 426 let prk = self.extract(salt, ikm)?; 427 self.expand(&prk, info, out_len) 428 } 429 extract(&self, salt: &[u8], ikm: &[u8]) -> Result<OpaqueOr<hmac::Key>, Error>430 fn extract(&self, salt: &[u8], ikm: &[u8]) -> Result<OpaqueOr<hmac::Key>, Error>; 431 expand( &self, prk: &OpaqueOr<hmac::Key>, info: &[u8], out_len: usize, ) -> Result<Vec<u8>, Error>432 fn expand( 433 &self, 434 prk: &OpaqueOr<hmac::Key>, 435 info: &[u8], 436 out_len: usize, 437 ) -> Result<Vec<u8>, Error>; 438 } 439 440 /// Abstraction of CKDF key derivation with AES-CMAC KDF from NIST SP 800-108 in counter mode (see 441 /// section 5.1). 442 /// 443 /// Aa default implementation of this trait is available (in `crypto.rs`) for any type that 444 /// implements [`AesCmac`]. 445 pub trait Ckdf { ckdf( &self, key: &OpaqueOr<aes::Key>, label: &[u8], chunks: &[&[u8]], out_len: usize, ) -> Result<Vec<u8>, Error>446 fn ckdf( 447 &self, 448 key: &OpaqueOr<aes::Key>, 449 label: &[u8], 450 chunks: &[&[u8]], 451 out_len: usize, 452 ) -> Result<Vec<u8>, Error>; 453 } 454 455 //////////////////////////////////////////////////////////// 456 // No-op implementations of traits. These implementations are 457 // only intended for convenience during the process of porting 458 // the KeyMint code to a new environment. 459 460 /// Macro to emit an error log indicating that an unimplemented function 461 /// has been invoked (and where it is). 462 #[macro_export] 463 macro_rules! log_unimpl { 464 () => { 465 error!("{}:{}: Unimplemented placeholder KeyMint trait method invoked!", file!(), line!(),); 466 }; 467 } 468 469 /// Mark a method as unimplemented (log error, return `ErrorCode::Unimplemented`) 470 #[macro_export] 471 macro_rules! unimpl { 472 () => { 473 log_unimpl!(); 474 return Err(Error::Hal( 475 kmr_wire::keymint::ErrorCode::Unimplemented, 476 alloc::format!("{}:{}: method unimplemented", file!(), line!()), 477 )); 478 }; 479 } 480 481 pub struct NoOpRng; 482 impl Rng for NoOpRng { add_entropy(&mut self, _data: &[u8])483 fn add_entropy(&mut self, _data: &[u8]) { 484 log_unimpl!(); 485 } fill_bytes(&mut self, _dest: &mut [u8])486 fn fill_bytes(&mut self, _dest: &mut [u8]) { 487 log_unimpl!(); 488 } 489 } 490 491 #[derive(Clone)] 492 pub struct InsecureEq; 493 impl ConstTimeEq for InsecureEq { eq(&self, left: &[u8], right: &[u8]) -> bool494 fn eq(&self, left: &[u8], right: &[u8]) -> bool { 495 warn!("Insecure comparison operation performed"); 496 left == right 497 } 498 } 499 500 pub struct NoOpClock; 501 impl MonotonicClock for NoOpClock { now(&self) -> MillisecondsSinceEpoch502 fn now(&self) -> MillisecondsSinceEpoch { 503 log_unimpl!(); 504 MillisecondsSinceEpoch(0) 505 } 506 } 507 508 pub struct NoOpAes; 509 impl Aes for NoOpAes { begin( &self, _key: OpaqueOr<aes::Key>, _mode: aes::CipherMode, _dir: SymmetricOperation, ) -> Result<Box<dyn EmittingOperation>, Error>510 fn begin( 511 &self, 512 _key: OpaqueOr<aes::Key>, 513 _mode: aes::CipherMode, 514 _dir: SymmetricOperation, 515 ) -> Result<Box<dyn EmittingOperation>, Error> { 516 unimpl!(); 517 } begin_aead( &self, _key: OpaqueOr<aes::Key>, _mode: aes::GcmMode, _dir: SymmetricOperation, ) -> Result<Box<dyn AadOperation>, Error>518 fn begin_aead( 519 &self, 520 _key: OpaqueOr<aes::Key>, 521 _mode: aes::GcmMode, 522 _dir: SymmetricOperation, 523 ) -> Result<Box<dyn AadOperation>, Error> { 524 unimpl!(); 525 } 526 } 527 528 pub struct NoOpDes; 529 impl Des for NoOpDes { begin( &self, _key: OpaqueOr<des::Key>, _mode: des::Mode, _dir: SymmetricOperation, ) -> Result<Box<dyn EmittingOperation>, Error>530 fn begin( 531 &self, 532 _key: OpaqueOr<des::Key>, 533 _mode: des::Mode, 534 _dir: SymmetricOperation, 535 ) -> Result<Box<dyn EmittingOperation>, Error> { 536 unimpl!(); 537 } 538 } 539 540 pub struct NoOpHmac; 541 impl Hmac for NoOpHmac { begin( &self, _key: OpaqueOr<hmac::Key>, _digest: Digest, ) -> Result<Box<dyn AccumulatingOperation>, Error>542 fn begin( 543 &self, 544 _key: OpaqueOr<hmac::Key>, 545 _digest: Digest, 546 ) -> Result<Box<dyn AccumulatingOperation>, Error> { 547 unimpl!(); 548 } 549 } 550 551 pub struct NoOpAesCmac; 552 impl AesCmac for NoOpAesCmac { begin(&self, _key: OpaqueOr<aes::Key>) -> Result<Box<dyn AccumulatingOperation>, Error>553 fn begin(&self, _key: OpaqueOr<aes::Key>) -> Result<Box<dyn AccumulatingOperation>, Error> { 554 unimpl!(); 555 } 556 } 557 558 pub struct NoOpRsa; 559 impl Rsa for NoOpRsa { generate_key( &self, _rng: &mut dyn Rng, _key_size: KeySizeInBits, _pub_exponent: RsaExponent, _params: &[keymint::KeyParam], ) -> Result<KeyMaterial, Error>560 fn generate_key( 561 &self, 562 _rng: &mut dyn Rng, 563 _key_size: KeySizeInBits, 564 _pub_exponent: RsaExponent, 565 _params: &[keymint::KeyParam], 566 ) -> Result<KeyMaterial, Error> { 567 unimpl!(); 568 } 569 begin_decrypt( &self, _key: OpaqueOr<rsa::Key>, _mode: rsa::DecryptionMode, ) -> Result<Box<dyn AccumulatingOperation>, Error>570 fn begin_decrypt( 571 &self, 572 _key: OpaqueOr<rsa::Key>, 573 _mode: rsa::DecryptionMode, 574 ) -> Result<Box<dyn AccumulatingOperation>, Error> { 575 unimpl!(); 576 } 577 begin_sign( &self, _key: OpaqueOr<rsa::Key>, _mode: rsa::SignMode, ) -> Result<Box<dyn AccumulatingOperation>, Error>578 fn begin_sign( 579 &self, 580 _key: OpaqueOr<rsa::Key>, 581 _mode: rsa::SignMode, 582 ) -> Result<Box<dyn AccumulatingOperation>, Error> { 583 unimpl!(); 584 } 585 } 586 587 pub struct NoOpEc; 588 impl Ec for NoOpEc { generate_nist_key( &self, _rng: &mut dyn Rng, _curve: ec::NistCurve, _params: &[keymint::KeyParam], ) -> Result<KeyMaterial, Error>589 fn generate_nist_key( 590 &self, 591 _rng: &mut dyn Rng, 592 _curve: ec::NistCurve, 593 _params: &[keymint::KeyParam], 594 ) -> Result<KeyMaterial, Error> { 595 unimpl!(); 596 } 597 generate_ed25519_key( &self, _rng: &mut dyn Rng, _params: &[keymint::KeyParam], ) -> Result<KeyMaterial, Error>598 fn generate_ed25519_key( 599 &self, 600 _rng: &mut dyn Rng, 601 _params: &[keymint::KeyParam], 602 ) -> Result<KeyMaterial, Error> { 603 unimpl!(); 604 } 605 generate_x25519_key( &self, _rng: &mut dyn Rng, _params: &[keymint::KeyParam], ) -> Result<KeyMaterial, Error>606 fn generate_x25519_key( 607 &self, 608 _rng: &mut dyn Rng, 609 _params: &[keymint::KeyParam], 610 ) -> Result<KeyMaterial, Error> { 611 unimpl!(); 612 } 613 nist_public_key(&self, _key: &ec::NistKey, _curve: ec::NistCurve) -> Result<Vec<u8>, Error>614 fn nist_public_key(&self, _key: &ec::NistKey, _curve: ec::NistCurve) -> Result<Vec<u8>, Error> { 615 unimpl!(); 616 } 617 ed25519_public_key(&self, _key: &ec::Ed25519Key) -> Result<Vec<u8>, Error>618 fn ed25519_public_key(&self, _key: &ec::Ed25519Key) -> Result<Vec<u8>, Error> { 619 unimpl!(); 620 } 621 x25519_public_key(&self, _key: &ec::X25519Key) -> Result<Vec<u8>, Error>622 fn x25519_public_key(&self, _key: &ec::X25519Key) -> Result<Vec<u8>, Error> { 623 unimpl!(); 624 } 625 begin_agree( &self, _key: OpaqueOr<ec::Key>, ) -> Result<Box<dyn AccumulatingOperation>, Error>626 fn begin_agree( 627 &self, 628 _key: OpaqueOr<ec::Key>, 629 ) -> Result<Box<dyn AccumulatingOperation>, Error> { 630 unimpl!(); 631 } 632 begin_sign( &self, _key: OpaqueOr<ec::Key>, _digest: Digest, ) -> Result<Box<dyn AccumulatingOperation>, Error>633 fn begin_sign( 634 &self, 635 _key: OpaqueOr<ec::Key>, 636 _digest: Digest, 637 ) -> Result<Box<dyn AccumulatingOperation>, Error> { 638 unimpl!(); 639 } 640 } 641 642 pub struct NoOpSdsManager; 643 impl keyblob::SecureDeletionSecretManager for NoOpSdsManager { get_or_create_factory_reset_secret( &mut self, _rng: &mut dyn Rng, ) -> Result<keyblob::SecureDeletionData, Error>644 fn get_or_create_factory_reset_secret( 645 &mut self, 646 _rng: &mut dyn Rng, 647 ) -> Result<keyblob::SecureDeletionData, Error> { 648 unimpl!(); 649 } 650 get_factory_reset_secret(&self) -> Result<keyblob::SecureDeletionData, Error>651 fn get_factory_reset_secret(&self) -> Result<keyblob::SecureDeletionData, Error> { 652 unimpl!(); 653 } 654 new_secret( &mut self, _rng: &mut dyn Rng, _purpose: keyblob::SlotPurpose, ) -> Result<(keyblob::SecureDeletionSlot, keyblob::SecureDeletionData), Error>655 fn new_secret( 656 &mut self, 657 _rng: &mut dyn Rng, 658 _purpose: keyblob::SlotPurpose, 659 ) -> Result<(keyblob::SecureDeletionSlot, keyblob::SecureDeletionData), Error> { 660 unimpl!(); 661 } 662 get_secret( &self, _slot: keyblob::SecureDeletionSlot, ) -> Result<keyblob::SecureDeletionData, Error>663 fn get_secret( 664 &self, 665 _slot: keyblob::SecureDeletionSlot, 666 ) -> Result<keyblob::SecureDeletionData, Error> { 667 unimpl!(); 668 } delete_secret(&mut self, _slot: keyblob::SecureDeletionSlot) -> Result<(), Error>669 fn delete_secret(&mut self, _slot: keyblob::SecureDeletionSlot) -> Result<(), Error> { 670 unimpl!(); 671 } 672 delete_all(&mut self)673 fn delete_all(&mut self) { 674 log_unimpl!(); 675 } 676 } 677