1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include "keymaster_ipc.h"
18
19 #include <lib/system_state/system_state.h>
20 #include <lk/macros.h>
21 #include <stddef.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <trusty_ipc.h>
26 #include <uapi/err.h>
27
28 #include <interface/keymaster/keymaster.h>
29
30 #include <keymaster/UniquePtr.h>
31
32 #include <openssl/crypto.h>
33
34 #include "trusty_keymaster.h"
35 #include "trusty_logger.h"
36
37 using namespace keymaster;
38
39 typedef void (*event_handler_proc_t)(const uevent_t* ev, void* ctx);
40 struct tipc_event_handler {
41 event_handler_proc_t proc;
42 void* priv;
43 };
44
45 struct keymaster_chan_ctx {
46 struct tipc_event_handler handler;
47 uuid_t uuid;
48 handle_t chan;
49 long (*dispatch)(keymaster_chan_ctx*,
50 keymaster_message*,
51 uint32_t,
52 keymaster::UniquePtr<uint8_t[]>*,
53 uint32_t*);
54 };
55
56 struct keymaster_srv_ctx {
57 handle_t port_secure;
58 handle_t port_non_secure;
59 };
60
61 static void keymaster_port_handler_secure(const uevent_t* ev, void* priv);
62 static void keymaster_port_handler_non_secure(const uevent_t* ev, void* priv);
63
64 static tipc_event_handler keymaster_port_evt_handler_secure = {
65 .proc = keymaster_port_handler_secure,
66 .priv = NULL,
67 };
68
69 static tipc_event_handler keymaster_port_evt_handler_non_secure = {
70 .proc = keymaster_port_handler_non_secure,
71 .priv = NULL,
72 };
73
74 static void keymaster_chan_handler(const uevent_t* ev, void* priv);
75
76 TrustyKeymaster* device;
77
handle_port_errors(const uevent_t * ev)78 static long handle_port_errors(const uevent_t* ev) {
79 if ((ev->event & IPC_HANDLE_POLL_ERROR) ||
80 (ev->event & IPC_HANDLE_POLL_HUP) ||
81 (ev->event & IPC_HANDLE_POLL_MSG) ||
82 (ev->event & IPC_HANDLE_POLL_SEND_UNBLOCKED)) {
83 /* should never happen with port handles */
84 LOG_E("error event (0x%x) for port (%d)", ev->event, ev->handle);
85 return ERR_BAD_STATE;
86 }
87
88 return NO_ERROR;
89 }
90
wait_to_send(handle_t session,struct ipc_msg * msg)91 static int wait_to_send(handle_t session, struct ipc_msg* msg) {
92 int rc;
93 struct uevent ev = UEVENT_INITIAL_VALUE(ev);
94
95 rc = wait(session, &ev, INFINITE_TIME);
96 if (rc < 0) {
97 LOG_E("failed to wait for outgoing queue to free up");
98 return rc;
99 }
100
101 if (ev.event & IPC_HANDLE_POLL_SEND_UNBLOCKED) {
102 return send_msg(session, msg);
103 }
104
105 if (ev.event & IPC_HANDLE_POLL_MSG) {
106 return ERR_BUSY;
107 }
108
109 if (ev.event & IPC_HANDLE_POLL_HUP) {
110 return ERR_CHANNEL_CLOSED;
111 }
112
113 return rc;
114 }
115
send_response(handle_t chan,uint32_t cmd,uint8_t * out_buf,uint32_t out_buf_size)116 static long send_response(handle_t chan,
117 uint32_t cmd,
118 uint8_t* out_buf,
119 uint32_t out_buf_size) {
120 struct keymaster_message km_msg;
121 km_msg.cmd = cmd | KEYMASTER_RESP_BIT;
122 struct iovec iov[2] = {{&km_msg, sizeof(km_msg)}, {nullptr, 0}};
123 ipc_msg_t msg = {2, iov, 0, NULL};
124 uint32_t msg_size;
125 uint32_t bytes_remaining = out_buf_size;
126 uint32_t bytes_sent = 0;
127 uint32_t max_msg_size = KEYMASTER_MAX_BUFFER_LENGTH - 64;
128
129 do {
130 msg_size = MIN(max_msg_size, bytes_remaining);
131 if (msg_size == bytes_remaining) {
132 km_msg.cmd = km_msg.cmd | KEYMASTER_STOP_BIT;
133 }
134 iov[1] = {out_buf + bytes_sent, msg_size};
135
136 long rc = send_msg(chan, &msg);
137 if (rc == ERR_NOT_ENOUGH_BUFFER) {
138 rc = wait_to_send(chan, &msg);
139 }
140
141 // fatal error
142 if (rc < 0) {
143 LOG_E("failed (%ld) to send_msg for chan (%d)", rc, chan);
144 return rc;
145 }
146 bytes_remaining -= msg_size;
147 bytes_sent += msg_size;
148 } while (bytes_remaining);
149
150 return NO_ERROR;
151 }
152
send_error_response(handle_t chan,uint32_t cmd,keymaster_error_t err)153 static long send_error_response(handle_t chan,
154 uint32_t cmd,
155 keymaster_error_t err) {
156 return send_response(chan, cmd, reinterpret_cast<uint8_t*>(&err),
157 sizeof(err));
158 }
159
160 /*
161 * deseralize_request and serialize_request are used by the different
162 * overloads of the do_dispatch template to handle the new API signatures
163 * that keymaster is migrating to.
164 */
165 template <typename Request>
deserialize_request(struct keymaster_message * msg,uint32_t payload_size,Request & req)166 static long deserialize_request(struct keymaster_message* msg,
167 uint32_t payload_size,
168 Request& req) {
169 const uint8_t* payload = msg->payload;
170 if (!req.Deserialize(&payload, msg->payload + payload_size))
171 return ERR_NOT_VALID;
172
173 return NO_ERROR;
174 }
175
176 template <typename Response>
serialize_response(Response & rsp,keymaster::UniquePtr<uint8_t[]> * out,uint32_t * out_size)177 static long serialize_response(Response& rsp,
178 keymaster::UniquePtr<uint8_t[]>* out,
179 uint32_t* out_size) {
180 *out_size = rsp.SerializedSize();
181
182 out->reset(new (std::nothrow) uint8_t[*out_size]);
183 if (out->get() == NULL) {
184 *out_size = 0;
185 return ERR_NO_MEMORY;
186 }
187
188 rsp.Serialize(out->get(), out->get() + *out_size);
189
190 return NO_ERROR;
191 }
192
193 template <typename Keymaster, typename Request, typename Response>
do_dispatch(void (Keymaster::* operation)(const Request &,Response *),struct keymaster_message * msg,uint32_t payload_size,keymaster::UniquePtr<uint8_t[]> * out,uint32_t * out_size)194 static long do_dispatch(void (Keymaster::*operation)(const Request&, Response*),
195 struct keymaster_message* msg,
196 uint32_t payload_size,
197 keymaster::UniquePtr<uint8_t[]>* out,
198 uint32_t* out_size) {
199 long err;
200 Request req(device->message_version());
201
202 err = deserialize_request(msg, payload_size, req);
203 if (err != NO_ERROR)
204 return err;
205
206 Response rsp(device->message_version());
207 (device->*operation)(req, &rsp);
208 LOG_D("do_dispatch #1 err: %d", rsp.error);
209
210 if (msg->cmd == KM_CONFIGURE) {
211 device->set_configure_error(rsp.error);
212 }
213
214 err = serialize_response(rsp, out, out_size);
215 LOG_D("do_dispatch #1: serialized response, %d bytes", *out_size);
216 if (err != NO_ERROR) {
217 LOG_E("Error serializing response: %ld", err);
218 }
219
220 return err;
221 }
222
223 /*
224 * Keymaster is migrating to new API signatures.
225 * This overloaded dispatch is used for methods that accept one Request argument
226 * and return a Response (e.g. COMPUTE_SHARED_HMAC_RESPONSE)
227 */
228 template <typename Keymaster, typename Request, typename Response>
do_dispatch(Response (Keymaster::* operation)(const Request &),struct keymaster_message * msg,uint32_t payload_size,keymaster::UniquePtr<uint8_t[]> * out,uint32_t * out_size)229 static long do_dispatch(Response (Keymaster::*operation)(const Request&),
230 struct keymaster_message* msg,
231 uint32_t payload_size,
232 keymaster::UniquePtr<uint8_t[]>* out,
233 uint32_t* out_size) {
234 long err;
235 Request req(device->message_version());
236
237 err = deserialize_request(msg, payload_size, req);
238 if (err != NO_ERROR)
239 return err;
240
241 Response rsp = ((device->*operation)(req));
242 LOG_D("do_dispatch #2 err: %d", rsp.error);
243
244 if (msg->cmd == KM_CONFIGURE) {
245 device->set_configure_error(rsp.error);
246 }
247
248 err = serialize_response(rsp, out, out_size);
249 LOG_D("do_dispatch #2: serialized response, %d bytes", *out_size);
250 if (err != NO_ERROR) {
251 LOG_E("Error serializing response: %ld", err);
252 }
253
254 return err;
255 }
256
257 /* Keymaster is migrating to new API signatures.
258 * This overloaded dispatch is used for methods that do not have arguments
259 * and return a Response (e.g. GET_HMAC_SHARING_PARAMETERS)
260 * */
261 template <typename Keymaster, typename Response>
do_dispatch(Response (Keymaster::* operation)(),struct keymaster_message * msg,uint32_t payload_size,keymaster::UniquePtr<uint8_t[]> * out,uint32_t * out_size)262 static long do_dispatch(Response (Keymaster::*operation)(),
263 struct keymaster_message* msg,
264 uint32_t payload_size,
265 keymaster::UniquePtr<uint8_t[]>* out,
266 uint32_t* out_size) {
267 long err;
268 Response rsp = ((device->*operation)());
269 LOG_D("do_dispatch #3 err: %d", rsp.error);
270
271 if (msg->cmd == KM_CONFIGURE) {
272 device->set_configure_error(rsp.error);
273 }
274
275 err = serialize_response(rsp, out, out_size);
276 LOG_D("do_dispatch #3: serialized response, %d bytes", *out_size);
277 if (err != NO_ERROR) {
278 LOG_E("Error serializing response: %ld", err);
279 }
280
281 return err;
282 }
283
get_auth_token_key(keymaster::UniquePtr<uint8_t[]> * key_buf,uint32_t * key_size)284 static long get_auth_token_key(keymaster::UniquePtr<uint8_t[]>* key_buf,
285 uint32_t* key_size) {
286 keymaster_key_blob_t key;
287 long rc = device->GetAuthTokenKey(&key);
288
289 if (rc != NO_ERROR) {
290 return rc;
291 }
292
293 if (key.key_material_size > KEYMASTER_MAX_BUFFER_LENGTH) {
294 return ERR_NOT_ENOUGH_BUFFER;
295 }
296
297 key_buf->reset(new (std::nothrow) uint8_t[key.key_material_size]);
298 if (key_buf->get() == NULL) {
299 return ERR_NO_MEMORY;
300 }
301
302 *key_size = key.key_material_size;
303
304 memcpy(key_buf->get(), key.key_material, key.key_material_size);
305 return NO_ERROR;
306 }
307
get_device_info(keymaster::UniquePtr<uint8_t[]> * ids_buf,uint32_t * buf_size)308 static long get_device_info(keymaster::UniquePtr<uint8_t[]>* ids_buf,
309 uint32_t* buf_size) {
310 auto ids = device->GetDeviceInfo();
311
312 if (ids->encodedSize() > KEYMASTER_MAX_BUFFER_LENGTH) {
313 return ERR_NOT_ENOUGH_BUFFER;
314 }
315
316 ids_buf->reset(new (std::nothrow) uint8_t[ids->encodedSize()]);
317 if (ids_buf->get() == NULL) {
318 return ERR_NO_MEMORY;
319 }
320
321 *buf_size = ids->encodedSize();
322 ids->encode(ids_buf->get(), ids_buf->get() + ids->encodedSize());
323 return NO_ERROR;
324 }
325
keymaster_dispatch_secure(keymaster_chan_ctx * ctx,keymaster_message * msg,uint32_t payload_size,keymaster::UniquePtr<uint8_t[]> * out,uint32_t * out_size)326 static long keymaster_dispatch_secure(keymaster_chan_ctx* ctx,
327 keymaster_message* msg,
328 uint32_t payload_size,
329 keymaster::UniquePtr<uint8_t[]>* out,
330 uint32_t* out_size) {
331 if (msg->cmd == KM_SET_ATTESTATION_IDS_SECURE &&
332 !keymaster_check_secure_target_access_policy_provisioning(&ctx->uuid)) {
333 LOG_E("Command %d by this UUID is not allowed\n", msg->cmd);
334 return ERR_ACCESS_DENIED;
335 }
336
337 switch (msg->cmd) {
338 case KM_GET_AUTH_TOKEN_KEY:
339 return get_auth_token_key(out, out_size);
340 case KM_GET_DEVICE_INFO:
341 return get_device_info(out, out_size);
342 case KM_SET_ATTESTATION_IDS_SECURE:
343 LOG_D("Dispatching SET_ATTESTATION_IDS_SECURE, size %d", payload_size);
344 return do_dispatch(&TrustyKeymaster::SetAttestationIds, msg,
345 payload_size, out, out_size);
346 default:
347 return ERR_NOT_IMPLEMENTED;
348 }
349 }
350
system_state_provisioning_allowed_at_boot(void)351 static bool system_state_provisioning_allowed_at_boot(void) {
352 uint64_t value = system_state_get_flag_default(
353 SYSTEM_STATE_FLAG_PROVISIONING_ALLOWED,
354 SYSTEM_STATE_FLAG_PROVISIONING_ALLOWED_VALUE_NOT_ALLOWED);
355 return value == SYSTEM_STATE_FLAG_PROVISIONING_ALLOWED_VALUE_ALLOWED ||
356 value ==
357 SYSTEM_STATE_FLAG_PROVISIONING_ALLOWED_VALUE_ALLOWED_AT_BOOT;
358 }
359
provisioning_allowed(void)360 static bool provisioning_allowed(void) {
361 if (device->ConfigureCalled()) {
362 return system_state_provisioning_allowed();
363 } else {
364 return system_state_provisioning_allowed_at_boot();
365 }
366 }
367
368 // Returns true if |cmd| is only allowed in provisioning mode
cmd_is_provisioning(uint32_t cmd)369 static bool cmd_is_provisioning(uint32_t cmd) {
370 return (cmd == KM_SET_ATTESTATION_KEY || cmd == KM_SET_ATTESTATION_IDS ||
371 cmd == KM_SET_ATTESTATION_IDS_KM3 ||
372 cmd == KM_APPEND_ATTESTATION_CERT_CHAIN ||
373 cmd == KM_CLEAR_ATTESTATION_CERT_CHAIN ||
374 cmd == KM_SET_WRAPPED_ATTESTATION_KEY);
375 }
376
377 // Returns true if |cmd| is called from the bootloader
cmd_is_from_bootloader(uint32_t cmd)378 static bool cmd_is_from_bootloader(uint32_t cmd) {
379 return (cmd == KM_SET_BOOT_PARAMS || cmd == KM_ATAP_GET_CA_REQUEST ||
380 cmd == KM_ATAP_SET_CA_RESPONSE_BEGIN ||
381 cmd == KM_ATAP_SET_CA_RESPONSE_UPDATE ||
382 cmd == KM_ATAP_SET_CA_RESPONSE_FINISH || cmd == KM_ATAP_READ_UUID ||
383 cmd == KM_SET_PRODUCT_ID || cmd == KM_CONFIGURE_BOOT_PATCHLEVEL);
384 }
385
386 // Returns true if |cmd| can be used before the configure command
cmd_allowed_before_configure(uint32_t cmd)387 static bool cmd_allowed_before_configure(uint32_t cmd) {
388 return cmd == KM_CONFIGURE || cmd == KM_GET_VERSION ||
389 cmd_is_from_bootloader(cmd) || cmd_is_provisioning(cmd);
390 }
391
keymaster_dispatch_non_secure(keymaster_chan_ctx * ctx,keymaster_message * msg,uint32_t payload_size,keymaster::UniquePtr<uint8_t[]> * out,uint32_t * out_size)392 static long keymaster_dispatch_non_secure(keymaster_chan_ctx* ctx,
393 keymaster_message* msg,
394 uint32_t payload_size,
395 keymaster::UniquePtr<uint8_t[]>* out,
396 uint32_t* out_size) {
397 if (msg->cmd == KM_GET_VERSION || msg->cmd == KM_GET_VERSION_2) {
398 // KM_GET_VERSION and KM_GET_VERSION_2 commands are always allowed
399 } else if (!device->ConfigureCalled()) {
400 if (!cmd_allowed_before_configure(msg->cmd)) {
401 LOG_E("Command %d not allowed before configure command\n",
402 msg->cmd);
403 return ERR_NOT_CONFIGURED;
404 }
405 } else if (device->ConfigureCalled()) {
406 if (device->get_configure_error() != KM_ERROR_OK) {
407 LOG_E("Previous configure command failed\n");
408 return ERR_NOT_CONFIGURED;
409 } else if (cmd_is_from_bootloader(msg->cmd)) {
410 LOG_E("Bootloader command %d not allowed after configure command\n",
411 msg->cmd);
412 return ERR_NOT_IMPLEMENTED;
413 }
414 }
415
416 if (cmd_is_provisioning(msg->cmd) && !provisioning_allowed()) {
417 LOG_E("Provisioning command %d not allowed\n", msg->cmd);
418 return ERR_NOT_IMPLEMENTED;
419 }
420
421 switch (static_cast<keymaster_command>(msg->cmd)) {
422 case KM_GENERATE_KEY:
423 LOG_D("Dispatching GENERATE_KEY, size: %d", payload_size);
424 return do_dispatch(&TrustyKeymaster::GenerateKey, msg, payload_size,
425 out, out_size);
426
427 case KM_BEGIN_OPERATION:
428 LOG_D("Dispatching BEGIN_OPERATION, size: %d", payload_size);
429 return do_dispatch(&TrustyKeymaster::BeginOperation, msg, payload_size,
430 out, out_size);
431
432 case KM_UPDATE_OPERATION:
433 LOG_D("Dispatching UPDATE_OPERATION, size: %d", payload_size);
434 return do_dispatch(&TrustyKeymaster::UpdateOperation, msg, payload_size,
435 out, out_size);
436
437 case KM_FINISH_OPERATION:
438 LOG_D("Dispatching FINISH_OPERATION, size: %d", payload_size);
439 return do_dispatch(&TrustyKeymaster::FinishOperation, msg, payload_size,
440 out, out_size);
441
442 case KM_IMPORT_KEY:
443 LOG_D("Dispatching IMPORT_KEY, size: %d", payload_size);
444 return do_dispatch(&TrustyKeymaster::ImportKey, msg, payload_size, out,
445 out_size);
446
447 case KM_EXPORT_KEY:
448 LOG_D("Dispatching EXPORT_KEY, size: %d", payload_size);
449 return do_dispatch(&TrustyKeymaster::ExportKey, msg, payload_size, out,
450 out_size);
451
452 case KM_GET_VERSION:
453 LOG_I("Dispatching GET_VERSION, size: %d", payload_size);
454 return do_dispatch(&TrustyKeymaster::GetVersion, msg, payload_size, out,
455 out_size);
456
457 case KM_GET_VERSION_2:
458 LOG_I("Dispatching GET_VERSION_2, size: %d", payload_size);
459 return do_dispatch(&TrustyKeymaster::GetVersion2, msg, payload_size,
460 out, out_size);
461
462 case KM_ADD_RNG_ENTROPY:
463 LOG_D("Dispatching ADD_RNG_ENTROPY, size: %d", payload_size);
464 return do_dispatch(&TrustyKeymaster::AddRngEntropy, msg, payload_size,
465 out, out_size);
466
467 case KM_GET_SUPPORTED_ALGORITHMS:
468 LOG_D("Dispatching GET_SUPPORTED_ALGORITHMS, size: %d", payload_size);
469 return do_dispatch(&TrustyKeymaster::SupportedAlgorithms, msg,
470 payload_size, out, out_size);
471
472 case KM_GET_SUPPORTED_BLOCK_MODES:
473 LOG_D("Dispatching GET_SUPPORTED_BLOCK_MODES, size: %d", payload_size);
474 return do_dispatch(&TrustyKeymaster::SupportedBlockModes, msg,
475 payload_size, out, out_size);
476
477 case KM_GET_SUPPORTED_PADDING_MODES:
478 LOG_D("Dispatching GET_SUPPORTED_PADDING_MODES, size: %d",
479 payload_size);
480 return do_dispatch(&TrustyKeymaster::SupportedPaddingModes, msg,
481 payload_size, out, out_size);
482
483 case KM_GET_SUPPORTED_DIGESTS:
484 LOG_D("Dispatching GET_SUPPORTED_DIGESTS, size: %d", payload_size);
485 return do_dispatch(&TrustyKeymaster::SupportedDigests, msg,
486 payload_size, out, out_size);
487
488 case KM_GET_SUPPORTED_IMPORT_FORMATS:
489 LOG_D("Dispatching GET_SUPPORTED_IMPORT_FORMATS, size: %d",
490 payload_size);
491 return do_dispatch(&TrustyKeymaster::SupportedImportFormats, msg,
492 payload_size, out, out_size);
493
494 case KM_GET_SUPPORTED_EXPORT_FORMATS:
495 LOG_D("Dispatching GET_SUPPORTED_EXPORT_FORMATS, size: %d",
496 payload_size);
497 return do_dispatch(&TrustyKeymaster::SupportedExportFormats, msg,
498 payload_size, out, out_size);
499
500 case KM_GET_KEY_CHARACTERISTICS:
501 LOG_D("Dispatching GET_KEY_CHARACTERISTICS, size: %d", payload_size);
502 return do_dispatch(&TrustyKeymaster::GetKeyCharacteristics, msg,
503 payload_size, out, out_size);
504
505 case KM_ABORT_OPERATION:
506 LOG_D("Dispatching ABORT_OPERATION, size %d", payload_size);
507 return do_dispatch(&TrustyKeymaster::AbortOperation, msg, payload_size,
508 out, out_size);
509
510 case KM_ATTEST_KEY:
511 LOG_D("Dispatching ATTEST_KEY, size %d", payload_size);
512 return do_dispatch(&TrustyKeymaster::AttestKey, msg, payload_size, out,
513 out_size);
514
515 case KM_UPGRADE_KEY:
516 LOG_D("Dispatching UPGRADE_KEY, size %d", payload_size);
517 return do_dispatch(&TrustyKeymaster::UpgradeKey, msg, payload_size, out,
518 out_size);
519
520 case KM_CONFIGURE:
521 LOG_D("Dispatching CONFIGURE, size %d", payload_size);
522 return do_dispatch(&TrustyKeymaster::Configure, msg, payload_size, out,
523 out_size);
524
525 case KM_GET_HMAC_SHARING_PARAMETERS:
526 LOG_D("Dispatching GET_HMAC_SHARING_PARAMETERS, size %d", payload_size);
527 return do_dispatch(&TrustyKeymaster::GetHmacSharingParameters, msg,
528 payload_size, out, out_size);
529
530 case KM_COMPUTE_SHARED_HMAC:
531 LOG_D("Dispatching COMPUTE_SHARED_HMAC, size %d", payload_size);
532 return do_dispatch(&TrustyKeymaster::ComputeSharedHmac, msg,
533 payload_size, out, out_size);
534
535 case KM_VERIFY_AUTHORIZATION:
536 LOG_D("Dispatching VERIFY_AUTHORIZATION, size %d", payload_size);
537 return do_dispatch(&TrustyKeymaster::VerifyAuthorization, msg,
538 payload_size, out, out_size);
539
540 case KM_IMPORT_WRAPPED_KEY:
541 LOG_D("Dispatching IMPORT_WRAPPED_KEY, size %d", payload_size);
542 return do_dispatch(&TrustyKeymaster::ImportWrappedKey, msg,
543 payload_size, out, out_size);
544
545 case KM_DELETE_KEY:
546 LOG_D("Dispatching DELETE_KEY, size %d", payload_size);
547 return do_dispatch(&TrustyKeymaster::DeleteKey, msg, payload_size, out,
548 out_size);
549
550 case KM_DELETE_ALL_KEYS:
551 LOG_D("Dispatching DELETE_ALL_KEYS, size %d", payload_size);
552 return do_dispatch(&TrustyKeymaster::DeleteAllKeys, msg, payload_size,
553 out, out_size);
554
555 case KM_SET_BOOT_PARAMS:
556 LOG_D("Dispatching SET_BOOT_PARAMS, size %d", payload_size);
557 return do_dispatch(&TrustyKeymaster::SetBootParams, msg, payload_size,
558 out, out_size);
559
560 case KM_SET_ATTESTATION_KEY:
561 LOG_D("Dispatching SET_ATTESTION_KEY, size %d", payload_size);
562 return do_dispatch(&TrustyKeymaster::SetAttestationKey, msg,
563 payload_size, out, out_size);
564
565 case KM_SET_ATTESTATION_IDS:
566 LOG_D("Dispatching SET_ATTESTATION_IDS, size %d", payload_size);
567 return do_dispatch(&TrustyKeymaster::SetAttestationIds, msg,
568 payload_size, out, out_size);
569
570 case KM_SET_ATTESTATION_IDS_KM3:
571 LOG_D("Dispatching SET_ATTESTATION_IDS_KM3, size %d", payload_size);
572 return do_dispatch(&TrustyKeymaster::SetAttestationIdsKM3, msg,
573 payload_size, out, out_size);
574
575 case KM_APPEND_ATTESTATION_CERT_CHAIN:
576 LOG_D("Dispatching SET_ATTESTATION_CERT_CHAIN, size %d", payload_size);
577 return do_dispatch(&TrustyKeymaster::AppendAttestationCertChain, msg,
578 payload_size, out, out_size);
579
580 case KM_ATAP_GET_CA_REQUEST:
581 LOG_D("Dispatching KM_ATAP_GET_CA_REQUEST, size %d", payload_size);
582 return do_dispatch(&TrustyKeymaster::AtapGetCaRequest, msg,
583 payload_size, out, out_size);
584
585 case KM_ATAP_SET_CA_RESPONSE_BEGIN:
586 LOG_D("Dispatching KM_ATAP_SET_CA_RESPONSE_BEGIN, size %d",
587 payload_size);
588 return do_dispatch(&TrustyKeymaster::AtapSetCaResponseBegin, msg,
589 payload_size, out, out_size);
590
591 case KM_ATAP_SET_CA_RESPONSE_UPDATE:
592 LOG_D("Dispatching KM_ATAP_SET_CA_RESPONSE_UPDATE, size %d",
593 payload_size);
594 return do_dispatch(&TrustyKeymaster::AtapSetCaResponseUpdate, msg,
595 payload_size, out, out_size);
596
597 case KM_ATAP_SET_CA_RESPONSE_FINISH:
598 LOG_D("Dispatching KM_ATAP_SET_CA_RESPONSE_FINISH, size %d",
599 payload_size);
600 return do_dispatch(&TrustyKeymaster::AtapSetCaResponseFinish, msg,
601 payload_size, out, out_size);
602
603 case KM_ATAP_READ_UUID:
604 LOG_D("Dispatching KM_ATAP_READ_UUID, size %d", payload_size);
605 return do_dispatch(&TrustyKeymaster::AtapReadUuid, msg, payload_size,
606 out, out_size);
607
608 case KM_SET_PRODUCT_ID:
609 LOG_D("Dispatching KM_SET_PRODUCT_ID, size %d", payload_size);
610 return do_dispatch(&TrustyKeymaster::AtapSetProductId, msg,
611 payload_size, out, out_size);
612
613 case KM_CLEAR_ATTESTATION_CERT_CHAIN:
614 LOG_D("Dispatching KM_CLEAR_ATTESTATION_CERT_CHAIN, size %d",
615 payload_size);
616 return do_dispatch(&TrustyKeymaster::ClearAttestationCertChain, msg,
617 payload_size, out, out_size);
618
619 case KM_SET_WRAPPED_ATTESTATION_KEY:
620 LOG_D("Dispatching KM_SET_WRAPPED_ATTESTATION_KEY, size %d",
621 payload_size);
622 return do_dispatch(&TrustyKeymaster::SetWrappedAttestationKey, msg,
623 payload_size, out, out_size);
624
625 case KM_DESTROY_ATTESTATION_IDS:
626 LOG_E("Dispatching destroy attestation IDs, size %d", payload_size);
627 return do_dispatch(&TrustyKeymaster::DestroyAttestationIds, msg,
628 payload_size, out, out_size);
629
630 case KM_EARLY_BOOT_ENDED:
631 LOG_D("Dispatching KM_EARLY_BOOT_ENDED, size %d", payload_size);
632 return do_dispatch(&TrustyKeymaster::EarlyBootEnded, msg, payload_size,
633 out, out_size);
634
635 case KM_DEVICE_LOCKED:
636 LOG_D("Dispatching KM_DEVICE_LOCKED, size %d", payload_size);
637 return do_dispatch(&TrustyKeymaster::DeviceLocked, msg, payload_size,
638 out, out_size);
639
640 case KM_GENERATE_RKP_KEY:
641 LOG_D("Dispatching KM_GENERATE_RKP_KEY, size %d", payload_size);
642 return do_dispatch(&TrustyKeymaster::GenerateRkpKey, msg, payload_size,
643 out, out_size);
644
645 case KM_GENERATE_CSR:
646 LOG_D("Dispatching KM_GENERATE_CSR, size %d", payload_size);
647 return do_dispatch(&TrustyKeymaster::GenerateCsr, msg, payload_size,
648 out, out_size);
649
650 case KM_GENERATE_CSR_V2:
651 LOG_D("Dispatching KM_GENERATE_CSR_V2, size %d", payload_size);
652 return do_dispatch(&TrustyKeymaster::GenerateCsrV2, msg, payload_size,
653 out, out_size);
654
655 case KM_CONFIGURE_VENDOR_PATCHLEVEL:
656 LOG_D("Dispatching KM_CONFIGURE_VENDOR_PATCHLEVEL, size %d",
657 payload_size);
658 return do_dispatch(&TrustyKeymaster::ConfigureVendorPatchlevel, msg,
659 payload_size, out, out_size);
660
661 case KM_CONFIGURE_BOOT_PATCHLEVEL:
662 LOG_D("Dispatching KM_CONFIGURE_BOOT_PATCHLEVEL, size %d",
663 payload_size);
664 return do_dispatch(&TrustyKeymaster::ConfigureBootPatchlevel, msg,
665 payload_size, out, out_size);
666
667 case KM_GET_ROOT_OF_TRUST:
668 LOG_D("Dispatching KM_GET_ROOT_OF_TRUST, size %d", payload_size);
669 return do_dispatch(&TrustyKeymaster::GetRootOfTrust, msg, payload_size,
670 out, out_size);
671
672 case KM_GET_HW_INFO:
673 LOG_D("Dispatching KM_GET_HW_INFO, size %d", payload_size);
674 return do_dispatch(&TrustyKeymaster::GetHwInfo, msg, payload_size, out,
675 out_size);
676 }
677
678 LOG_E("Cannot dispatch unknown command %d", msg->cmd);
679 return ERR_NOT_IMPLEMENTED;
680 }
681
keymaster_port_accessible(uuid_t * uuid,bool secure)682 static bool keymaster_port_accessible(uuid_t* uuid, bool secure) {
683 return !secure || keymaster_check_target_access_policy(uuid);
684 }
685
keymaster_ctx_open(handle_t chan,uuid_t * uuid,bool secure)686 static keymaster_chan_ctx* keymaster_ctx_open(handle_t chan,
687 uuid_t* uuid,
688 bool secure) {
689 if (!keymaster_port_accessible(uuid, secure)) {
690 LOG_E("access denied for client uuid");
691 return NULL;
692 }
693
694 keymaster_chan_ctx* ctx = new (std::nothrow) keymaster_chan_ctx;
695 if (ctx == NULL) {
696 return ctx;
697 }
698
699 ctx->handler.proc = &keymaster_chan_handler;
700 ctx->handler.priv = ctx;
701 ctx->uuid = *uuid;
702 ctx->chan = chan;
703 ctx->dispatch = secure ? &keymaster_dispatch_secure
704 : &keymaster_dispatch_non_secure;
705 return ctx;
706 }
707
keymaster_ctx_close(keymaster_chan_ctx * ctx)708 static void keymaster_ctx_close(keymaster_chan_ctx* ctx) {
709 close(ctx->chan);
710 delete ctx;
711 }
712
handle_msg(keymaster_chan_ctx * ctx)713 static long handle_msg(keymaster_chan_ctx* ctx) {
714 handle_t chan = ctx->chan;
715
716 /* get message info */
717 ipc_msg_info_t msg_inf;
718 int rc = get_msg(chan, &msg_inf);
719 if (rc == ERR_NO_MSG)
720 return NO_ERROR; /* no new messages */
721
722 // fatal error
723 if (rc != NO_ERROR) {
724 LOG_E("failed (%d) to get_msg for chan (%d), closing connection", rc,
725 chan);
726 return rc;
727 }
728
729 // allocate msg_buf, with one extra byte for null-terminator
730 keymaster::UniquePtr<uint8_t[]> msg_buf(new (std::nothrow)
731 uint8_t[msg_inf.len + 1]);
732 if (msg_buf.get() == nullptr) {
733 return ERR_NO_MEMORY;
734 }
735 msg_buf[msg_inf.len] = 0;
736
737 /* read msg content */
738 struct iovec iov = {msg_buf.get(), msg_inf.len};
739 ipc_msg_t msg = {1, &iov, 0, NULL};
740
741 rc = read_msg(chan, msg_inf.id, 0, &msg);
742
743 // retire the message (note msg_inf.id becomes invalid after put_msg)
744 put_msg(chan, msg_inf.id);
745
746 // fatal error
747 if (rc < 0) {
748 LOG_E("failed to read msg (%d)", rc);
749 return rc;
750 }
751 LOG_D("Read %d-byte message", rc);
752
753 if (((unsigned long)rc) < sizeof(keymaster_message)) {
754 LOG_E("invalid message of size (%d)", rc);
755 return ERR_NOT_VALID;
756 }
757
758 keymaster::UniquePtr<uint8_t[]> out_buf;
759 uint32_t out_buf_size = 0;
760 keymaster_message* in_msg =
761 reinterpret_cast<keymaster_message*>(msg_buf.get());
762
763 rc = ctx->dispatch(ctx, in_msg, msg_inf.len - sizeof(*in_msg), &out_buf,
764 &out_buf_size);
765 if (rc == ERR_NOT_CONFIGURED) {
766 LOG_E("configure error (%d)", rc);
767 return send_error_response(chan, in_msg->cmd,
768 device->get_configure_error());
769 } else if (rc < 0) {
770 LOG_E("error handling message (%d)", rc);
771 return send_error_response(chan, in_msg->cmd, KM_ERROR_UNKNOWN_ERROR);
772 }
773
774 LOG_D("Sending %d-byte response", out_buf_size);
775 return send_response(chan, in_msg->cmd, out_buf.get(), out_buf_size);
776 }
777
keymaster_chan_handler(const uevent_t * ev,void * priv)778 static void keymaster_chan_handler(const uevent_t* ev, void* priv) {
779 keymaster_chan_ctx* ctx = reinterpret_cast<keymaster_chan_ctx*>(priv);
780 if (ctx == NULL) {
781 LOG_E("error: no context on channel %d", ev->handle);
782 close(ev->handle);
783 return;
784 }
785
786 if ((ev->event & IPC_HANDLE_POLL_ERROR) ||
787 (ev->event & IPC_HANDLE_POLL_READY)) {
788 /* close it as it is in an error state */
789 LOG_E("error event (0x%x) for chan (%d)", ev->event, ev->handle);
790 close(ev->handle);
791 return;
792 }
793
794 if (ev->event & IPC_HANDLE_POLL_MSG) {
795 long rc = handle_msg(ctx);
796 if (rc != NO_ERROR) {
797 /* report an error and close channel */
798 LOG_E("failed (%ld) to handle event on channel %d", rc, ev->handle);
799 keymaster_ctx_close(ctx);
800 return;
801 }
802 }
803
804 if (ev->event & IPC_HANDLE_POLL_HUP) {
805 /* closed by peer. */
806 keymaster_ctx_close(ctx);
807 return;
808 }
809 }
810
keymaster_port_handler(const uevent_t * ev,void * priv,bool secure)811 static void keymaster_port_handler(const uevent_t* ev,
812 void* priv,
813 bool secure) {
814 long rc = handle_port_errors(ev);
815 if (rc != NO_ERROR) {
816 abort();
817 }
818
819 uuid_t peer_uuid;
820 if (ev->event & IPC_HANDLE_POLL_READY) {
821 /* incoming connection: accept it */
822 int rc = accept(ev->handle, &peer_uuid);
823 if (rc < 0) {
824 LOG_E("failed (%d) to accept on port %d", rc, ev->handle);
825 return;
826 }
827
828 handle_t chan = (handle_t)rc;
829 keymaster_chan_ctx* ctx = keymaster_ctx_open(chan, &peer_uuid, secure);
830 if (ctx == NULL) {
831 LOG_E("failed to allocate context on chan %d", chan);
832 close(chan);
833 return;
834 }
835
836 rc = set_cookie(chan, ctx);
837 if (rc < 0) {
838 LOG_E("failed (%d) to set_cookie on chan %d", rc, chan);
839 keymaster_ctx_close(ctx);
840 return;
841 }
842 }
843 }
844
keymaster_port_handler_secure(const uevent_t * ev,void * priv)845 static void keymaster_port_handler_secure(const uevent_t* ev, void* priv) {
846 keymaster_port_handler(ev, priv, true);
847 }
848
keymaster_port_handler_non_secure(const uevent_t * ev,void * priv)849 static void keymaster_port_handler_non_secure(const uevent_t* ev, void* priv) {
850 keymaster_port_handler(ev, priv, false);
851 }
852
dispatch_event(const uevent_t * ev)853 static void dispatch_event(const uevent_t* ev) {
854 if (ev == NULL)
855 return;
856
857 if (ev->event == IPC_HANDLE_POLL_NONE) {
858 /* not really an event, do nothing */
859 LOG_E("got an empty event");
860 return;
861 }
862
863 /* check if we have handler */
864 tipc_event_handler* handler =
865 reinterpret_cast<tipc_event_handler*>(ev->cookie);
866 if (handler && handler->proc) {
867 /* invoke it */
868 handler->proc(ev, handler->priv);
869 return;
870 }
871
872 /* no handler? close it */
873 LOG_E("no handler for event (0x%x) with handle %d", ev->event, ev->handle);
874
875 close(ev->handle);
876
877 return;
878 }
879
keymaster_ipc_init(keymaster_srv_ctx * ctx)880 static long keymaster_ipc_init(keymaster_srv_ctx* ctx) {
881 int rc;
882
883 /* Initialize secure-side service */
884 rc = port_create(KEYMASTER_SECURE_PORT, 1, KEYMASTER_MAX_BUFFER_LENGTH,
885 IPC_PORT_ALLOW_TA_CONNECT);
886 if (rc < 0) {
887 LOG_E("Failed (%d) to create port %s", rc, KEYMASTER_SECURE_PORT);
888 return rc;
889 }
890
891 ctx->port_secure = (handle_t)rc;
892
893 rc = set_cookie(ctx->port_secure, &keymaster_port_evt_handler_secure);
894 if (rc) {
895 LOG_E("failed (%d) to set_cookie on port %d", rc, ctx->port_secure);
896 close(ctx->port_secure);
897 return rc;
898 }
899
900 /* initialize non-secure side service */
901 rc = port_create(KEYMASTER_PORT, 1, KEYMASTER_MAX_BUFFER_LENGTH,
902 IPC_PORT_ALLOW_NS_CONNECT);
903 if (rc < 0) {
904 LOG_E("Failed (%d) to create port %s", rc, KEYMASTER_PORT);
905 return rc;
906 }
907
908 ctx->port_non_secure = (handle_t)rc;
909
910 rc = set_cookie(ctx->port_non_secure,
911 &keymaster_port_evt_handler_non_secure);
912 if (rc) {
913 LOG_E("failed (%d) to set_cookie on port %d", rc, ctx->port_non_secure);
914 close(ctx->port_non_secure);
915 return rc;
916 }
917
918 return NO_ERROR;
919 }
920
main(void)921 int main(void) {
922 long rc;
923 uevent_t event;
924
925 device = new (std::nothrow)
926 TrustyKeymaster(new (std::nothrow) TrustyKeymasterContext, 16);
927
928 TrustyLogger::initialize();
929
930 LOG_I("Initializing");
931
932 // Run the BoringSSL self-tests
933 if (!BORINGSSL_self_test()) {
934 LOG_E("BoringSSL self-test: FAILED");
935 return ERR_GENERIC;
936 } else {
937 LOG_I("BoringSSL self-test: PASSED");
938 }
939
940 keymaster_srv_ctx ctx;
941 rc = keymaster_ipc_init(&ctx);
942 if (rc < 0) {
943 LOG_E("failed (%ld) to initialize keymaster", rc);
944 return rc;
945 }
946
947 /* enter main event loop */
948 while (true) {
949 event.handle = INVALID_IPC_HANDLE;
950 event.event = 0;
951 event.cookie = NULL;
952
953 rc = wait_any(&event, INFINITE_TIME);
954 if (rc < 0) {
955 LOG_E("wait_any failed (%ld)", rc);
956 break;
957 }
958
959 if (rc == NO_ERROR) { /* got an event */
960 dispatch_event(&event);
961 }
962 }
963
964 return 0;
965 }
966