1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef EXTERNAL_KEYMASTER_TRUSTY_KEYMASTER_DEVICE_H_ 18 #define EXTERNAL_KEYMASTER_TRUSTY_KEYMASTER_DEVICE_H_ 19 20 #include <hardware/keymaster0.h> 21 22 #include <keymaster/android_keymaster_messages.h> 23 24 #include "keymaster_ipc.h" 25 26 namespace keymaster { 27 28 /** 29 * Software OpenSSL-based Keymaster device. 30 * 31 * IMPORTANT MAINTAINER NOTE: Pointers to instances of this class must be castable to hw_device_t 32 * and keymaster_device. This means it must remain a standard layout class (no virtual functions and 33 * no data members which aren't standard layout), and device_ must be the first data member. 34 * Assertions in the constructor validate compliance with those constraints. 35 */ 36 class TrustyKeymasterDevice { 37 public: 38 /* 39 * These are the only symbols that will be exported by libtrustykeymaster. All functionality 40 * can be reached via the function pointers in device_. 41 */ 42 __attribute__((visibility("default"))) explicit TrustyKeymasterDevice(const hw_module_t* module); 43 __attribute__((visibility("default"))) hw_device_t* hw_device(); 44 45 ~TrustyKeymasterDevice(); 46 session_error()47 keymaster_error_t session_error() { return error_; } 48 49 int generate_keypair(const keymaster_keypair_t key_type, const void* key_params, 50 uint8_t** key_blob, size_t* key_blob_length); 51 int import_keypair(const uint8_t* key, const size_t key_length, uint8_t** key_blob, 52 size_t* key_blob_length); 53 int get_keypair_public(const uint8_t* key_blob, const size_t key_blob_length, 54 uint8_t** x509_data, size_t* x509_data_length); 55 int sign_data(const void* signing_params, const uint8_t* key_blob, const size_t key_blob_length, 56 const uint8_t* data, const size_t data_length, uint8_t** signed_data, 57 size_t* signed_data_length); 58 int verify_data(const void* signing_params, const uint8_t* key_blob, 59 const size_t key_blob_length, const uint8_t* signed_data, 60 const size_t signed_data_length, const uint8_t* signature, 61 const size_t signature_length); 62 63 private: 64 keymaster_error_t Send(uint32_t command, const Serializable& request, 65 KeymasterResponse* response); Send(const GenerateKeyRequest & request,GenerateKeyResponse * response)66 keymaster_error_t Send(const GenerateKeyRequest& request, GenerateKeyResponse* response) { 67 return Send(KM_GENERATE_KEY, request, response); 68 } Send(const BeginOperationRequest & request,BeginOperationResponse * response)69 keymaster_error_t Send(const BeginOperationRequest& request, BeginOperationResponse* response) { 70 return Send(KM_BEGIN_OPERATION, request, response); 71 } Send(const UpdateOperationRequest & request,UpdateOperationResponse * response)72 keymaster_error_t Send(const UpdateOperationRequest& request, 73 UpdateOperationResponse* response) { 74 return Send(KM_UPDATE_OPERATION, request, response); 75 } Send(const FinishOperationRequest & request,FinishOperationResponse * response)76 keymaster_error_t Send(const FinishOperationRequest& request, 77 FinishOperationResponse* response) { 78 return Send(KM_FINISH_OPERATION, request, response); 79 } Send(const ImportKeyRequest & request,ImportKeyResponse * response)80 keymaster_error_t Send(const ImportKeyRequest& request, ImportKeyResponse* response) { 81 return Send(KM_IMPORT_KEY, request, response); 82 } Send(const ExportKeyRequest & request,ExportKeyResponse * response)83 keymaster_error_t Send(const ExportKeyRequest& request, ExportKeyResponse* response) { 84 return Send(KM_EXPORT_KEY, request, response); 85 } Send(const GetVersionRequest & request,GetVersionResponse * response)86 keymaster_error_t Send(const GetVersionRequest& request, GetVersionResponse* response) { 87 return Send(KM_GET_VERSION, request, response); 88 } 89 90 keymaster_error_t StoreSigningParams(const void* signing_params, const uint8_t* key_blob, 91 size_t key_blob_length, AuthorizationSet* auth_set); 92 void StoreNewKeyParams(AuthorizationSet* auth_set); 93 keymaster_error_t GetPkcs8KeyAlgorithm(const uint8_t* key, size_t key_length, 94 keymaster_algorithm_t* algorithm); 95 96 /* 97 * These static methods are the functions referenced through the function pointers in 98 * keymaster_device. They're all trivial wrappers. 99 */ 100 static int close_device(hw_device_t* dev); 101 static int generate_keypair(const keymaster0_device_t* dev, const keymaster_keypair_t key_type, 102 const void* key_params, uint8_t** keyBlob, size_t* keyBlobLength); 103 static int import_keypair(const keymaster0_device_t* dev, const uint8_t* key, 104 const size_t key_length, uint8_t** key_blob, size_t* key_blob_length); 105 static int get_keypair_public(const keymaster0_device_t* dev, const uint8_t* key_blob, 106 const size_t key_blob_length, uint8_t** x509_data, 107 size_t* x509_data_length); 108 static int sign_data(const keymaster0_device_t* dev, const void* signing_params, 109 const uint8_t* key_blob, const size_t key_blob_length, const uint8_t* data, 110 const size_t data_length, uint8_t** signed_data, 111 size_t* signed_data_length); 112 static int verify_data(const keymaster0_device_t* dev, const void* signing_params, 113 const uint8_t* key_blob, const size_t key_blob_length, 114 const uint8_t* signed_data, const size_t signed_data_length, 115 const uint8_t* signature, const size_t signature_length); 116 117 keymaster0_device_t device_; 118 keymaster_error_t error_; 119 int32_t message_version_; 120 }; 121 122 } // namespace keymaster 123 124 #endif // EXTERNAL_KEYMASTER_TRUSTY_KEYMASTER_DEVICE_H_ 125