1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include "Keymaster.h" 18 19 #include <android-base/logging.h> 20 #include <hardware/hardware.h> 21 #include <hardware/keymaster1.h> 22 #include <hardware/keymaster2.h> 23 24 namespace android { 25 namespace vold { 26 27 class IKeymasterDevice { 28 public: 29 IKeymasterDevice() {} 30 virtual ~IKeymasterDevice() {} 31 virtual keymaster_error_t generate_key(const keymaster_key_param_set_t* params, 32 keymaster_key_blob_t* key_blob) const = 0; 33 virtual keymaster_error_t delete_key(const keymaster_key_blob_t* key) const = 0; 34 virtual keymaster_error_t begin(keymaster_purpose_t purpose, const keymaster_key_blob_t* key, 35 const keymaster_key_param_set_t* in_params, 36 keymaster_key_param_set_t* out_params, 37 keymaster_operation_handle_t* operation_handle) const = 0; 38 virtual keymaster_error_t update(keymaster_operation_handle_t operation_handle, 39 const keymaster_key_param_set_t* in_params, 40 const keymaster_blob_t* input, size_t* input_consumed, 41 keymaster_key_param_set_t* out_params, 42 keymaster_blob_t* output) const = 0; 43 virtual keymaster_error_t finish(keymaster_operation_handle_t operation_handle, 44 const keymaster_key_param_set_t* in_params, 45 const keymaster_blob_t* signature, 46 keymaster_key_param_set_t* out_params, 47 keymaster_blob_t* output) const = 0; 48 virtual keymaster_error_t abort(keymaster_operation_handle_t operation_handle) const = 0; 49 50 protected: 51 DISALLOW_COPY_AND_ASSIGN(IKeymasterDevice); 52 }; 53 54 template <typename T> class KeymasterDevice : public IKeymasterDevice { 55 public: 56 KeymasterDevice(T* d) : mDevice{d} {} 57 keymaster_error_t generate_key(const keymaster_key_param_set_t* params, 58 keymaster_key_blob_t* key_blob) const override final { 59 return mDevice->generate_key(mDevice, params, key_blob, nullptr); 60 } 61 keymaster_error_t delete_key(const keymaster_key_blob_t* key) const override final { 62 if (mDevice->delete_key == nullptr) return KM_ERROR_OK; 63 return mDevice->delete_key(mDevice, key); 64 } 65 keymaster_error_t begin(keymaster_purpose_t purpose, const keymaster_key_blob_t* key, 66 const keymaster_key_param_set_t* in_params, 67 keymaster_key_param_set_t* out_params, 68 keymaster_operation_handle_t* operation_handle) const override final { 69 return mDevice->begin(mDevice, purpose, key, in_params, out_params, operation_handle); 70 } 71 keymaster_error_t update(keymaster_operation_handle_t operation_handle, 72 const keymaster_key_param_set_t* in_params, 73 const keymaster_blob_t* input, size_t* input_consumed, 74 keymaster_key_param_set_t* out_params, 75 keymaster_blob_t* output) const override final { 76 return mDevice->update(mDevice, operation_handle, in_params, input, input_consumed, 77 out_params, output); 78 } 79 keymaster_error_t abort(keymaster_operation_handle_t operation_handle) const override final { 80 return mDevice->abort(mDevice, operation_handle); 81 } 82 83 protected: 84 T* const mDevice; 85 }; 86 87 class Keymaster1Device : public KeymasterDevice<keymaster1_device_t> { 88 public: 89 Keymaster1Device(keymaster1_device_t* d) : KeymasterDevice<keymaster1_device_t>{d} {} 90 ~Keymaster1Device() override final { keymaster1_close(mDevice); } 91 keymaster_error_t finish(keymaster_operation_handle_t operation_handle, 92 const keymaster_key_param_set_t* in_params, 93 const keymaster_blob_t* signature, 94 keymaster_key_param_set_t* out_params, 95 keymaster_blob_t* output) const override final { 96 return mDevice->finish(mDevice, operation_handle, in_params, signature, out_params, output); 97 } 98 }; 99 100 class Keymaster2Device : public KeymasterDevice<keymaster2_device_t> { 101 public: 102 Keymaster2Device(keymaster2_device_t* d) : KeymasterDevice<keymaster2_device_t>{d} {} 103 ~Keymaster2Device() override final { keymaster2_close(mDevice); } 104 keymaster_error_t finish(keymaster_operation_handle_t operation_handle, 105 const keymaster_key_param_set_t* in_params, 106 const keymaster_blob_t* signature, 107 keymaster_key_param_set_t* out_params, 108 keymaster_blob_t* output) const override final { 109 return mDevice->finish(mDevice, operation_handle, in_params, nullptr, signature, out_params, 110 output); 111 } 112 }; 113 114 KeymasterOperation::~KeymasterOperation() { 115 if (mDevice) mDevice->abort(mOpHandle); 116 } 117 118 bool KeymasterOperation::updateCompletely(const std::string& input, std::string* output) { 119 output->clear(); 120 auto it = input.begin(); 121 while (it != input.end()) { 122 size_t toRead = static_cast<size_t>(input.end() - it); 123 keymaster_blob_t inputBlob{reinterpret_cast<const uint8_t*>(&*it), toRead}; 124 keymaster_blob_t outputBlob; 125 size_t inputConsumed; 126 auto error = 127 mDevice->update(mOpHandle, nullptr, &inputBlob, &inputConsumed, nullptr, &outputBlob); 128 if (error != KM_ERROR_OK) { 129 LOG(ERROR) << "update failed, code " << error; 130 mDevice = nullptr; 131 return false; 132 } 133 output->append(reinterpret_cast<const char*>(outputBlob.data), outputBlob.data_length); 134 free(const_cast<uint8_t*>(outputBlob.data)); 135 if (inputConsumed > toRead) { 136 LOG(ERROR) << "update reported too much input consumed"; 137 mDevice = nullptr; 138 return false; 139 } 140 it += inputConsumed; 141 } 142 return true; 143 } 144 145 bool KeymasterOperation::finish() { 146 auto error = mDevice->finish(mOpHandle, nullptr, nullptr, nullptr, nullptr); 147 mDevice = nullptr; 148 if (error != KM_ERROR_OK) { 149 LOG(ERROR) << "finish failed, code " << error; 150 return false; 151 } 152 return true; 153 } 154 155 bool KeymasterOperation::finishWithOutput(std::string* output) { 156 keymaster_blob_t outputBlob; 157 auto error = mDevice->finish(mOpHandle, nullptr, nullptr, nullptr, &outputBlob); 158 mDevice = nullptr; 159 if (error != KM_ERROR_OK) { 160 LOG(ERROR) << "finish failed, code " << error; 161 return false; 162 } 163 output->assign(reinterpret_cast<const char*>(outputBlob.data), outputBlob.data_length); 164 free(const_cast<uint8_t*>(outputBlob.data)); 165 return true; 166 } 167 168 Keymaster::Keymaster() { 169 mDevice = nullptr; 170 const hw_module_t* module; 171 int ret = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &module); 172 if (ret != 0) { 173 LOG(ERROR) << "hw_get_module_by_class returned " << ret; 174 return; 175 } 176 if (module->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) { 177 keymaster1_device_t* device; 178 ret = keymaster1_open(module, &device); 179 if (ret != 0) { 180 LOG(ERROR) << "keymaster1_open returned " << ret; 181 return; 182 } 183 mDevice = std::make_shared<Keymaster1Device>(device); 184 } else if (module->module_api_version == KEYMASTER_MODULE_API_VERSION_2_0) { 185 keymaster2_device_t* device; 186 ret = keymaster2_open(module, &device); 187 if (ret != 0) { 188 LOG(ERROR) << "keymaster2_open returned " << ret; 189 return; 190 } 191 mDevice = std::make_shared<Keymaster2Device>(device); 192 } else { 193 LOG(ERROR) << "module_api_version is " << module->module_api_version; 194 return; 195 } 196 } 197 198 bool Keymaster::generateKey(const keymaster::AuthorizationSet& inParams, std::string* key) { 199 keymaster_key_blob_t keyBlob; 200 auto error = mDevice->generate_key(&inParams, &keyBlob); 201 if (error != KM_ERROR_OK) { 202 LOG(ERROR) << "generate_key failed, code " << error; 203 return false; 204 } 205 key->assign(reinterpret_cast<const char*>(keyBlob.key_material), keyBlob.key_material_size); 206 free(const_cast<uint8_t*>(keyBlob.key_material)); 207 return true; 208 } 209 210 bool Keymaster::deleteKey(const std::string& key) { 211 keymaster_key_blob_t keyBlob{reinterpret_cast<const uint8_t*>(key.data()), key.size()}; 212 auto error = mDevice->delete_key(&keyBlob); 213 if (error != KM_ERROR_OK) { 214 LOG(ERROR) << "delete_key failed, code " << error; 215 return false; 216 } 217 return true; 218 } 219 220 KeymasterOperation Keymaster::begin(keymaster_purpose_t purpose, const std::string& key, 221 const keymaster::AuthorizationSet& inParams, 222 keymaster::AuthorizationSet* outParams) { 223 keymaster_key_blob_t keyBlob{reinterpret_cast<const uint8_t*>(key.data()), key.size()}; 224 keymaster_operation_handle_t mOpHandle; 225 keymaster_key_param_set_t outParams_set; 226 auto error = mDevice->begin(purpose, &keyBlob, &inParams, &outParams_set, &mOpHandle); 227 if (error != KM_ERROR_OK) { 228 LOG(ERROR) << "begin failed, code " << error; 229 return KeymasterOperation(nullptr, mOpHandle); 230 } 231 outParams->Clear(); 232 outParams->push_back(outParams_set); 233 keymaster_free_param_set(&outParams_set); 234 return KeymasterOperation(mDevice, mOpHandle); 235 } 236 237 KeymasterOperation Keymaster::begin(keymaster_purpose_t purpose, const std::string& key, 238 const keymaster::AuthorizationSet& inParams) { 239 keymaster_key_blob_t keyBlob{reinterpret_cast<const uint8_t*>(key.data()), key.size()}; 240 keymaster_operation_handle_t mOpHandle; 241 auto error = mDevice->begin(purpose, &keyBlob, &inParams, nullptr, &mOpHandle); 242 if (error != KM_ERROR_OK) { 243 LOG(ERROR) << "begin failed, code " << error; 244 return KeymasterOperation(nullptr, mOpHandle); 245 } 246 return KeymasterOperation(mDevice, mOpHandle); 247 } 248 249 } // namespace vold 250 } // namespace android 251