1 /* 2 ** 3 ** Copyright 2017, The Android Open Source Project 4 ** 5 ** Licensed under the Apache License, Version 2.0 (the "License"); 6 ** you may not use this file except in compliance with the License. 7 ** You may obtain a copy of the License at 8 ** 9 ** http://www.apache.org/licenses/LICENSE-2.0 10 ** 11 ** Unless required by applicable law or agreed to in writing, software 12 ** distributed under the License is distributed on an "AS IS" BASIS, 13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 ** See the License for the specific language governing permissions and 15 ** limitations under the License. 16 */ 17 18 #include <keymasterV4_0/Keymaster3.h> 19 20 #include <android-base/logging.h> 21 #include <keymasterV4_0/keymaster_utils.h> 22 23 namespace android { 24 namespace hardware { 25 namespace keymaster { 26 namespace V4_0 { 27 namespace support { 28 29 using android::hardware::details::StatusOf; 30 31 namespace { 32 33 ErrorCode convert(V3_0::ErrorCode error) { 34 return static_cast<ErrorCode>(error); 35 } 36 37 V3_0::KeyPurpose convert(KeyPurpose purpose) { 38 return static_cast<V3_0::KeyPurpose>(purpose); 39 } 40 41 V3_0::KeyFormat convert(KeyFormat purpose) { 42 return static_cast<V3_0::KeyFormat>(purpose); 43 } 44 45 V3_0::KeyParameter convert(const KeyParameter& param) { 46 V3_0::KeyParameter converted; 47 converted.tag = static_cast<V3_0::Tag>(param.tag); 48 static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match"); 49 memcpy(&converted.f, ¶m.f, sizeof(param.f)); 50 converted.blob = param.blob; 51 return converted; 52 } 53 54 KeyParameter convert(const V3_0::KeyParameter& param) { 55 KeyParameter converted; 56 converted.tag = static_cast<Tag>(param.tag); 57 static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match"); 58 memcpy(&converted.f, ¶m.f, sizeof(param.f)); 59 converted.blob = param.blob; 60 return converted; 61 } 62 63 hidl_vec<V3_0::KeyParameter> convert(const hidl_vec<KeyParameter>& params) { 64 hidl_vec<V3_0::KeyParameter> converted(params.size()); 65 for (size_t i = 0; i < params.size(); ++i) { 66 converted[i] = convert(params[i]); 67 } 68 return converted; 69 } 70 71 hidl_vec<KeyParameter> convert(const hidl_vec<V3_0::KeyParameter>& params) { 72 hidl_vec<KeyParameter> converted(params.size()); 73 for (size_t i = 0; i < params.size(); ++i) { 74 converted[i] = convert(params[i]); 75 } 76 return converted; 77 } 78 79 template <typename T, typename OutIter> 80 inline static OutIter copy_bytes_to_iterator(const T& value, OutIter dest) { 81 const uint8_t* value_ptr = reinterpret_cast<const uint8_t*>(&value); 82 return std::copy(value_ptr, value_ptr + sizeof(value), dest); 83 } 84 85 hidl_vec<V3_0::KeyParameter> convertAndAddAuthToken(const hidl_vec<KeyParameter>& params, 86 const HardwareAuthToken& authToken) { 87 hidl_vec<V3_0::KeyParameter> converted(params.size() + 1); 88 for (size_t i = 0; i < params.size(); ++i) { 89 converted[i] = convert(params[i]); 90 } 91 converted[params.size()].tag = V3_0::Tag::AUTH_TOKEN; 92 converted[params.size()].blob = authToken2HidlVec(authToken); 93 94 return converted; 95 } 96 97 KeyCharacteristics convert(const V3_0::KeyCharacteristics& chars) { 98 KeyCharacteristics converted; 99 converted.hardwareEnforced = convert(chars.teeEnforced); 100 converted.softwareEnforced = convert(chars.softwareEnforced); 101 return converted; 102 } 103 104 } // namespace 105 106 void Keymaster3::getVersionIfNeeded() { 107 if (haveVersion_) return; 108 109 auto rc = km3_dev_->getHardwareFeatures( 110 [&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography, 111 bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName, 112 const hidl_string& keymasterAuthorName) { 113 version_ = {keymasterName, keymasterAuthorName, 0 /* major version, filled below */, 114 isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE, 115 supportsEllipticCurve}; 116 supportsSymmetricCryptography_ = supportsSymmetricCryptography; 117 supportsAttestation_ = supportsAttestation; 118 supportsAllDigests_ = supportsAllDigests; 119 }); 120 121 CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features"; 122 123 if (version_.securityLevel == SecurityLevel::SOFTWARE) { 124 version_.majorVersion = 3; 125 } else if (supportsAttestation_) { 126 version_.majorVersion = 3; // Could be 2, doesn't matter. 127 } else if (supportsSymmetricCryptography_) { 128 version_.majorVersion = 1; 129 } else { 130 version_.majorVersion = 0; 131 } 132 } 133 134 Return<void> Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb) { 135 getVersionIfNeeded(); 136 _hidl_cb(version_.securityLevel, 137 std::string(version_.keymasterName) + " (wrapped by keystore::Keymaster3)", 138 version_.authorName); 139 return Void(); 140 } 141 142 Return<ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) { 143 auto rc = km3_dev_->addRngEntropy(data); 144 if (!rc.isOk()) { 145 return StatusOf<V3_0::ErrorCode, ErrorCode>(rc); 146 } 147 return convert(rc); 148 } 149 150 Return<void> Keymaster3::generateKey(const hidl_vec<KeyParameter>& keyParams, 151 generateKey_cb _hidl_cb) { 152 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyBlob, 153 const V3_0::KeyCharacteristics& characteristics) { 154 _hidl_cb(convert(error), keyBlob, convert(characteristics)); 155 }; 156 auto rc = km3_dev_->generateKey(convert(keyParams), cb); 157 rc.isOk(); // move ctor prereq 158 return rc; 159 } 160 161 Return<void> Keymaster3::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob, 162 const hidl_vec<uint8_t>& clientId, 163 const hidl_vec<uint8_t>& appData, 164 getKeyCharacteristics_cb _hidl_cb) { 165 auto cb = [&](V3_0::ErrorCode error, const V3_0::KeyCharacteristics& chars) { 166 _hidl_cb(convert(error), convert(chars)); 167 }; 168 169 auto rc = km3_dev_->getKeyCharacteristics(keyBlob, clientId, appData, cb); 170 rc.isOk(); // move ctor prereq 171 return rc; 172 } 173 174 Return<void> Keymaster3::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat, 175 const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) { 176 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyBlob, 177 const V3_0::KeyCharacteristics& chars) { 178 _hidl_cb(convert(error), keyBlob, convert(chars)); 179 }; 180 auto rc = km3_dev_->importKey(convert(params), convert(keyFormat), keyData, cb); 181 rc.isOk(); // move ctor prereq 182 return rc; 183 } 184 185 Return<void> Keymaster3::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob, 186 const hidl_vec<uint8_t>& clientId, 187 const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) { 188 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyMaterial) { 189 _hidl_cb(convert(error), keyMaterial); 190 }; 191 auto rc = km3_dev_->exportKey(convert(exportFormat), keyBlob, clientId, appData, cb); 192 rc.isOk(); // move ctor prereq 193 return rc; 194 } 195 196 Return<void> Keymaster3::attestKey(const hidl_vec<uint8_t>& keyToAttest, 197 const hidl_vec<KeyParameter>& attestParams, 198 attestKey_cb _hidl_cb) { 199 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<hidl_vec<uint8_t>>& certChain) { 200 _hidl_cb(convert(error), certChain); 201 }; 202 auto rc = km3_dev_->attestKey(keyToAttest, convert(attestParams), cb); 203 rc.isOk(); // move ctor prereq 204 return rc; 205 } 206 207 Return<void> Keymaster3::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade, 208 const hidl_vec<KeyParameter>& upgradeParams, 209 upgradeKey_cb _hidl_cb) { 210 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& upgradedKeyBlob) { 211 _hidl_cb(convert(error), upgradedKeyBlob); 212 }; 213 auto rc = km3_dev_->upgradeKey(keyBlobToUpgrade, convert(upgradeParams), cb); 214 rc.isOk(); // move ctor prereq 215 return rc; 216 } 217 218 Return<ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) { 219 auto rc = km3_dev_->deleteKey(keyBlob); 220 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc); 221 return convert(rc); 222 } 223 224 Return<ErrorCode> Keymaster3::deleteAllKeys() { 225 auto rc = km3_dev_->deleteAllKeys(); 226 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc); 227 return convert(rc); 228 } 229 230 Return<ErrorCode> Keymaster3::destroyAttestationIds() { 231 auto rc = km3_dev_->destroyAttestationIds(); 232 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc); 233 return convert(rc); 234 } 235 236 Return<void> Keymaster3::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key, 237 const hidl_vec<KeyParameter>& inParams, 238 const HardwareAuthToken& authToken, begin_cb _hidl_cb) { 239 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<V3_0::KeyParameter>& outParams, 240 OperationHandle operationHandle) { 241 _hidl_cb(convert(error), convert(outParams), operationHandle); 242 }; 243 244 auto rc = 245 km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb); 246 rc.isOk(); // move ctor prereq 247 return rc; 248 } 249 250 Return<void> Keymaster3::update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams, 251 const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken, 252 const VerificationToken& /* verificationToken */, 253 update_cb _hidl_cb) { 254 auto cb = [&](V3_0::ErrorCode error, uint32_t inputConsumed, 255 const hidl_vec<V3_0::KeyParameter>& outParams, const hidl_vec<uint8_t>& output) { 256 _hidl_cb(convert(error), inputConsumed, convert(outParams), output); 257 }; 258 259 auto rc = 260 km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input, cb); 261 rc.isOk(); // move ctor prereq 262 return rc; 263 } 264 265 Return<void> Keymaster3::finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams, 266 const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature, 267 const HardwareAuthToken& authToken, 268 const VerificationToken& /* verificationToken */, 269 finish_cb _hidl_cb) { 270 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<V3_0::KeyParameter>& outParams, 271 const hidl_vec<uint8_t>& output) { 272 _hidl_cb(convert(error), convert(outParams), output); 273 }; 274 275 auto rc = km3_dev_->finish(operationHandle, convertAndAddAuthToken(inParams, authToken), input, 276 signature, cb); 277 rc.isOk(); // move ctor prereq 278 return rc; 279 } 280 281 Return<ErrorCode> Keymaster3::abort(uint64_t operationHandle) { 282 auto rc = km3_dev_->abort(operationHandle); 283 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc); 284 return convert(rc); 285 } 286 287 } // namespace support 288 } // namespace V4_0 289 } // namespace keymaster 290 } // namespace hardware 291 } // namespace android 292
