1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #define LOG_TAG "TrustyKeymaster" 18 19 #include <assert.h> 20 #include <openssl/evp.h> 21 #include <openssl/x509.h> 22 #include <stddef.h> 23 #include <stdio.h> 24 #include <stdlib.h> 25 #include <string.h> 26 #include <time.h> 27 28 #include <algorithm> 29 #include <type_traits> 30 31 #include <hardware/keymaster2.h> 32 #include <keymaster/authorization_set.h> 33 #include <log/log.h> 34 35 #include "keymaster_ipc.h" 36 #include "trusty_keymaster_device.h" 37 #include "trusty_keymaster_ipc.h" 38 39 const uint32_t RECV_BUF_SIZE = PAGE_SIZE; 40 const uint32_t SEND_BUF_SIZE = (PAGE_SIZE - sizeof(struct keymaster_message) - 16 /* tipc header */); 41 42 const size_t kMaximumAttestationChallengeLength = 128; 43 const size_t kMaximumFinishInputLength = 2048; 44 45 namespace keymaster { 46 47 static keymaster_error_t translate_error(int err) { 48 switch (err) { 49 case 0: 50 return KM_ERROR_OK; 51 case -EPERM: 52 case -EACCES: 53 return KM_ERROR_SECURE_HW_ACCESS_DENIED; 54 55 case -ECANCELED: 56 return KM_ERROR_OPERATION_CANCELLED; 57 58 case -ENODEV: 59 return KM_ERROR_UNIMPLEMENTED; 60 61 case -ENOMEM: 62 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 63 64 case -EBUSY: 65 return KM_ERROR_SECURE_HW_BUSY; 66 67 case -EIO: 68 return KM_ERROR_SECURE_HW_COMMUNICATION_FAILED; 69 70 case -EOVERFLOW: 71 return KM_ERROR_INVALID_INPUT_LENGTH; 72 73 default: 74 return KM_ERROR_UNKNOWN_ERROR; 75 } 76 } 77 78 TrustyKeymasterDevice::TrustyKeymasterDevice(const hw_module_t* module) { 79 static_assert(std::is_standard_layout<TrustyKeymasterDevice>::value, 80 "TrustyKeymasterDevice must be standard layout"); 81 static_assert(offsetof(TrustyKeymasterDevice, device_) == 0, 82 "device_ must be the first member of TrustyKeymasterDevice"); 83 static_assert(offsetof(TrustyKeymasterDevice, device_.common) == 0, 84 "common must be the first member of keymaster2_device"); 85 86 ALOGI("Creating device"); 87 ALOGD("Device address: %p", this); 88 89 device_ = {}; 90 91 device_.common.tag = HARDWARE_DEVICE_TAG; 92 device_.common.version = 1; 93 device_.common.module = const_cast<hw_module_t*>(module); 94 device_.common.close = close_device; 95 96 device_.flags = KEYMASTER_SUPPORTS_EC; 97 98 device_.configure = configure; 99 device_.add_rng_entropy = add_rng_entropy; 100 device_.generate_key = generate_key; 101 device_.get_key_characteristics = get_key_characteristics; 102 device_.import_key = import_key; 103 device_.export_key = export_key; 104 device_.attest_key = attest_key; 105 device_.upgrade_key = upgrade_key; 106 device_.delete_key = nullptr; 107 device_.delete_all_keys = nullptr; 108 device_.begin = begin; 109 device_.update = update; 110 device_.finish = finish; 111 device_.abort = abort; 112 113 int rc = trusty_keymaster_connect(); 114 error_ = translate_error(rc); 115 if (rc < 0) { 116 ALOGE("failed to connect to keymaster (%d)", rc); 117 return; 118 } 119 120 GetVersionRequest version_request; 121 GetVersionResponse version_response; 122 error_ = Send(KM_GET_VERSION, version_request, &version_response); 123 if (error_ == KM_ERROR_INVALID_ARGUMENT || error_ == KM_ERROR_UNIMPLEMENTED) { 124 ALOGE("\"Bad parameters\" error on GetVersion call. Version 0 is not supported."); 125 error_ = KM_ERROR_VERSION_MISMATCH; 126 return; 127 } 128 message_version_ = MessageVersion(version_response.major_ver, version_response.minor_ver, 129 version_response.subminor_ver); 130 if (message_version_ < 0) { 131 // Can't translate version? Keymaster implementation must be newer. 132 ALOGE("Keymaster version %d.%d.%d not supported.", version_response.major_ver, 133 version_response.minor_ver, version_response.subminor_ver); 134 error_ = KM_ERROR_VERSION_MISMATCH; 135 } 136 } 137 138 TrustyKeymasterDevice::~TrustyKeymasterDevice() { 139 trusty_keymaster_disconnect(); 140 } 141 142 namespace { 143 144 // Allocates a new buffer with malloc and copies the contents of |buffer| to it. Caller takes 145 // ownership of the returned buffer. 146 uint8_t* DuplicateBuffer(const uint8_t* buffer, size_t size) { 147 uint8_t* tmp = reinterpret_cast<uint8_t*>(malloc(size)); 148 if (tmp) { 149 memcpy(tmp, buffer, size); 150 } 151 return tmp; 152 } 153 154 template <typename RequestType> 155 void AddClientAndAppData(const keymaster_blob_t* client_id, const keymaster_blob_t* app_data, 156 RequestType* request) { 157 request->additional_params.Clear(); 158 if (client_id) { 159 request->additional_params.push_back(TAG_APPLICATION_ID, *client_id); 160 } 161 if (app_data) { 162 request->additional_params.push_back(TAG_APPLICATION_DATA, *app_data); 163 } 164 } 165 166 } // unnamed namespace 167 168 keymaster_error_t TrustyKeymasterDevice::configure(const keymaster_key_param_set_t* params) { 169 ALOGD("Device received configure\n"); 170 171 if (error_ != KM_ERROR_OK) { 172 return error_; 173 } 174 if (!params) { 175 return KM_ERROR_UNEXPECTED_NULL_POINTER; 176 } 177 178 AuthorizationSet params_copy(*params); 179 ConfigureRequest request; 180 if (!params_copy.GetTagValue(TAG_OS_VERSION, &request.os_version) || 181 !params_copy.GetTagValue(TAG_OS_PATCHLEVEL, &request.os_patchlevel)) { 182 ALOGD("Configuration parameters must contain OS version and patch level"); 183 return KM_ERROR_INVALID_ARGUMENT; 184 } 185 186 ConfigureResponse response; 187 keymaster_error_t err = Send(KM_CONFIGURE, request, &response); 188 if (err != KM_ERROR_OK) { 189 return err; 190 } 191 192 return KM_ERROR_OK; 193 } 194 195 keymaster_error_t TrustyKeymasterDevice::add_rng_entropy(const uint8_t* data, size_t data_length) { 196 ALOGD("Device received add_rng_entropy"); 197 198 if (error_ != KM_ERROR_OK) { 199 return error_; 200 } 201 202 AddEntropyRequest request; 203 request.random_data.Reinitialize(data, data_length); 204 AddEntropyResponse response; 205 return Send(KM_ADD_RNG_ENTROPY, request, &response); 206 } 207 208 keymaster_error_t TrustyKeymasterDevice::generate_key( 209 const keymaster_key_param_set_t* params, keymaster_key_blob_t* key_blob, 210 keymaster_key_characteristics_t* characteristics) { 211 ALOGD("Device received generate_key"); 212 213 if (error_ != KM_ERROR_OK) { 214 return error_; 215 } 216 if (!params) { 217 return KM_ERROR_UNEXPECTED_NULL_POINTER; 218 } 219 if (!key_blob) { 220 return KM_ERROR_OUTPUT_PARAMETER_NULL; 221 } 222 223 GenerateKeyRequest request(message_version_); 224 request.key_description.Reinitialize(*params); 225 request.key_description.push_back(TAG_CREATION_DATETIME, java_time(time(NULL))); 226 227 GenerateKeyResponse response(message_version_); 228 keymaster_error_t err = Send(KM_GENERATE_KEY, request, &response); 229 if (err != KM_ERROR_OK) { 230 return err; 231 } 232 233 key_blob->key_material_size = response.key_blob.key_material_size; 234 key_blob->key_material = 235 DuplicateBuffer(response.key_blob.key_material, response.key_blob.key_material_size); 236 if (!key_blob->key_material) { 237 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 238 } 239 240 if (characteristics) { 241 response.enforced.CopyToParamSet(&characteristics->hw_enforced); 242 response.unenforced.CopyToParamSet(&characteristics->sw_enforced); 243 } 244 245 return KM_ERROR_OK; 246 } 247 248 keymaster_error_t TrustyKeymasterDevice::get_key_characteristics( 249 const keymaster_key_blob_t* key_blob, const keymaster_blob_t* client_id, 250 const keymaster_blob_t* app_data, keymaster_key_characteristics_t* characteristics) { 251 ALOGD("Device received get_key_characteristics"); 252 253 if (error_ != KM_ERROR_OK) { 254 return error_; 255 } 256 if (!key_blob || !key_blob->key_material) { 257 return KM_ERROR_UNEXPECTED_NULL_POINTER; 258 } 259 if (!characteristics) { 260 return KM_ERROR_OUTPUT_PARAMETER_NULL; 261 } 262 263 GetKeyCharacteristicsRequest request; 264 request.SetKeyMaterial(*key_blob); 265 AddClientAndAppData(client_id, app_data, &request); 266 267 GetKeyCharacteristicsResponse response; 268 keymaster_error_t err = Send(KM_GET_KEY_CHARACTERISTICS, request, &response); 269 if (err != KM_ERROR_OK) { 270 return err; 271 } 272 273 response.enforced.CopyToParamSet(&characteristics->hw_enforced); 274 response.unenforced.CopyToParamSet(&characteristics->sw_enforced); 275 276 return KM_ERROR_OK; 277 } 278 279 keymaster_error_t TrustyKeymasterDevice::import_key( 280 const keymaster_key_param_set_t* params, keymaster_key_format_t key_format, 281 const keymaster_blob_t* key_data, keymaster_key_blob_t* key_blob, 282 keymaster_key_characteristics_t* characteristics) { 283 ALOGD("Device received import_key"); 284 285 if (error_ != KM_ERROR_OK) { 286 return error_; 287 } 288 if (!params || !key_data) { 289 return KM_ERROR_UNEXPECTED_NULL_POINTER; 290 } 291 if (!key_blob) { 292 return KM_ERROR_OUTPUT_PARAMETER_NULL; 293 } 294 295 ImportKeyRequest request(message_version_); 296 request.key_description.Reinitialize(*params); 297 request.key_description.push_back(TAG_CREATION_DATETIME, java_time(time(NULL))); 298 299 request.key_format = key_format; 300 request.SetKeyMaterial(key_data->data, key_data->data_length); 301 302 ImportKeyResponse response(message_version_); 303 keymaster_error_t err = Send(KM_IMPORT_KEY, request, &response); 304 if (err != KM_ERROR_OK) { 305 return err; 306 } 307 308 key_blob->key_material_size = response.key_blob.key_material_size; 309 key_blob->key_material = 310 DuplicateBuffer(response.key_blob.key_material, response.key_blob.key_material_size); 311 if (!key_blob->key_material) { 312 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 313 } 314 315 if (characteristics) { 316 response.enforced.CopyToParamSet(&characteristics->hw_enforced); 317 response.unenforced.CopyToParamSet(&characteristics->sw_enforced); 318 } 319 320 return KM_ERROR_OK; 321 } 322 323 keymaster_error_t TrustyKeymasterDevice::export_key(keymaster_key_format_t export_format, 324 const keymaster_key_blob_t* key_to_export, 325 const keymaster_blob_t* client_id, 326 const keymaster_blob_t* app_data, 327 keymaster_blob_t* export_data) { 328 ALOGD("Device received export_key"); 329 330 if (error_ != KM_ERROR_OK) { 331 return error_; 332 } 333 if (!key_to_export || !key_to_export->key_material) { 334 return KM_ERROR_UNEXPECTED_NULL_POINTER; 335 } 336 if (!export_data) { 337 return KM_ERROR_OUTPUT_PARAMETER_NULL; 338 } 339 340 export_data->data = nullptr; 341 export_data->data_length = 0; 342 343 ExportKeyRequest request(message_version_); 344 request.key_format = export_format; 345 request.SetKeyMaterial(*key_to_export); 346 AddClientAndAppData(client_id, app_data, &request); 347 348 ExportKeyResponse response(message_version_); 349 keymaster_error_t err = Send(KM_EXPORT_KEY, request, &response); 350 if (err != KM_ERROR_OK) { 351 return err; 352 } 353 354 export_data->data_length = response.key_data_length; 355 export_data->data = DuplicateBuffer(response.key_data, response.key_data_length); 356 if (!export_data->data) { 357 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 358 } 359 360 return KM_ERROR_OK; 361 } 362 363 keymaster_error_t TrustyKeymasterDevice::attest_key(const keymaster_key_blob_t* key_to_attest, 364 const keymaster_key_param_set_t* attest_params, 365 keymaster_cert_chain_t* cert_chain) { 366 ALOGD("Device received attest_key"); 367 368 if (error_ != KM_ERROR_OK) { 369 return error_; 370 } 371 if (!key_to_attest || !attest_params) { 372 return KM_ERROR_UNEXPECTED_NULL_POINTER; 373 } 374 if (!cert_chain) { 375 return KM_ERROR_OUTPUT_PARAMETER_NULL; 376 } 377 378 cert_chain->entry_count = 0; 379 cert_chain->entries = nullptr; 380 381 AttestKeyRequest request; 382 request.SetKeyMaterial(*key_to_attest); 383 request.attest_params.Reinitialize(*attest_params); 384 385 keymaster_blob_t attestation_challenge = {}; 386 request.attest_params.GetTagValue(TAG_ATTESTATION_CHALLENGE, &attestation_challenge); 387 if (attestation_challenge.data_length > kMaximumAttestationChallengeLength) { 388 ALOGE("%zu-byte attestation challenge; only %zu bytes allowed", 389 attestation_challenge.data_length, kMaximumAttestationChallengeLength); 390 return KM_ERROR_INVALID_INPUT_LENGTH; 391 } 392 393 AttestKeyResponse response; 394 keymaster_error_t err = Send(KM_ATTEST_KEY, request, &response); 395 if (err != KM_ERROR_OK) { 396 return err; 397 } 398 399 // Allocate and clear storage for cert_chain. 400 keymaster_cert_chain_t& rsp_chain = response.certificate_chain; 401 cert_chain->entries = reinterpret_cast<keymaster_blob_t*>( 402 malloc(rsp_chain.entry_count * sizeof(*cert_chain->entries))); 403 if (!cert_chain->entries) { 404 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 405 } 406 cert_chain->entry_count = rsp_chain.entry_count; 407 for (keymaster_blob_t& entry : array_range(cert_chain->entries, cert_chain->entry_count)) { 408 entry = {}; 409 } 410 411 // Copy cert_chain contents 412 size_t i = 0; 413 for (keymaster_blob_t& entry : array_range(rsp_chain.entries, rsp_chain.entry_count)) { 414 cert_chain->entries[i].data = DuplicateBuffer(entry.data, entry.data_length); 415 if (!cert_chain->entries[i].data) { 416 keymaster_free_cert_chain(cert_chain); 417 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 418 } 419 cert_chain->entries[i].data_length = entry.data_length; 420 ++i; 421 } 422 423 return KM_ERROR_OK; 424 } 425 426 keymaster_error_t TrustyKeymasterDevice::upgrade_key(const keymaster_key_blob_t* key_to_upgrade, 427 const keymaster_key_param_set_t* upgrade_params, 428 keymaster_key_blob_t* upgraded_key) { 429 ALOGD("Device received upgrade_key"); 430 431 if (error_ != KM_ERROR_OK) { 432 return error_; 433 } 434 if (!key_to_upgrade || !upgrade_params) { 435 return KM_ERROR_UNEXPECTED_NULL_POINTER; 436 } 437 if (!upgraded_key) { 438 return KM_ERROR_OUTPUT_PARAMETER_NULL; 439 } 440 441 UpgradeKeyRequest request; 442 request.SetKeyMaterial(*key_to_upgrade); 443 request.upgrade_params.Reinitialize(*upgrade_params); 444 445 UpgradeKeyResponse response; 446 keymaster_error_t err = Send(KM_UPGRADE_KEY, request, &response); 447 if (err != KM_ERROR_OK) { 448 return err; 449 } 450 451 upgraded_key->key_material_size = response.upgraded_key.key_material_size; 452 upgraded_key->key_material = DuplicateBuffer(response.upgraded_key.key_material, 453 response.upgraded_key.key_material_size); 454 if (!upgraded_key->key_material) { 455 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 456 } 457 458 return KM_ERROR_OK; 459 } 460 461 keymaster_error_t TrustyKeymasterDevice::begin(keymaster_purpose_t purpose, 462 const keymaster_key_blob_t* key, 463 const keymaster_key_param_set_t* in_params, 464 keymaster_key_param_set_t* out_params, 465 keymaster_operation_handle_t* operation_handle) { 466 ALOGD("Device received begin"); 467 468 if (error_ != KM_ERROR_OK) { 469 return error_; 470 } 471 if (!key || !key->key_material) { 472 return KM_ERROR_UNEXPECTED_NULL_POINTER; 473 } 474 if (!operation_handle) { 475 return KM_ERROR_OUTPUT_PARAMETER_NULL; 476 } 477 478 if (out_params) { 479 *out_params = {}; 480 } 481 482 BeginOperationRequest request; 483 request.purpose = purpose; 484 request.SetKeyMaterial(*key); 485 request.additional_params.Reinitialize(*in_params); 486 487 BeginOperationResponse response; 488 keymaster_error_t err = Send(KM_BEGIN_OPERATION, request, &response); 489 if (err != KM_ERROR_OK) { 490 return err; 491 } 492 493 if (response.output_params.size() > 0) { 494 if (out_params) { 495 response.output_params.CopyToParamSet(out_params); 496 } else { 497 return KM_ERROR_OUTPUT_PARAMETER_NULL; 498 } 499 } 500 *operation_handle = response.op_handle; 501 502 return KM_ERROR_OK; 503 } 504 505 keymaster_error_t TrustyKeymasterDevice::update(keymaster_operation_handle_t operation_handle, 506 const keymaster_key_param_set_t* in_params, 507 const keymaster_blob_t* input, 508 size_t* input_consumed, 509 keymaster_key_param_set_t* out_params, 510 keymaster_blob_t* output) { 511 ALOGD("Device received update"); 512 513 if (error_ != KM_ERROR_OK) { 514 return error_; 515 } 516 if (!input) { 517 return KM_ERROR_UNEXPECTED_NULL_POINTER; 518 } 519 if (!input_consumed) { 520 return KM_ERROR_OUTPUT_PARAMETER_NULL; 521 } 522 523 if (out_params) { 524 *out_params = {}; 525 } 526 if (output) { 527 *output = {}; 528 } 529 530 UpdateOperationRequest request; 531 request.op_handle = operation_handle; 532 if (in_params) { 533 request.additional_params.Reinitialize(*in_params); 534 } 535 if (input && input->data_length > 0) { 536 size_t max_input_size = SEND_BUF_SIZE - request.SerializedSize(); 537 request.input.Reinitialize(input->data, std::min(input->data_length, max_input_size)); 538 } 539 540 UpdateOperationResponse response; 541 keymaster_error_t err = Send(KM_UPDATE_OPERATION, request, &response); 542 if (err != KM_ERROR_OK) { 543 return err; 544 } 545 546 if (response.output_params.size() > 0) { 547 if (out_params) { 548 response.output_params.CopyToParamSet(out_params); 549 } else { 550 return KM_ERROR_OUTPUT_PARAMETER_NULL; 551 } 552 } 553 *input_consumed = response.input_consumed; 554 if (output) { 555 output->data_length = response.output.available_read(); 556 output->data = DuplicateBuffer(response.output.peek_read(), output->data_length); 557 if (!output->data) { 558 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 559 } 560 } else if (response.output.available_read() > 0) { 561 return KM_ERROR_OUTPUT_PARAMETER_NULL; 562 } 563 564 return KM_ERROR_OK; 565 } 566 567 keymaster_error_t TrustyKeymasterDevice::finish(keymaster_operation_handle_t operation_handle, 568 const keymaster_key_param_set_t* in_params, 569 const keymaster_blob_t* input, 570 const keymaster_blob_t* signature, 571 keymaster_key_param_set_t* out_params, 572 keymaster_blob_t* output) { 573 ALOGD("Device received finish"); 574 575 if (error_ != KM_ERROR_OK) { 576 return error_; 577 } 578 if (input && input->data_length > kMaximumFinishInputLength) { 579 return KM_ERROR_INVALID_ARGUMENT; 580 } 581 582 if (out_params) { 583 *out_params = {}; 584 } 585 if (output) { 586 *output = {}; 587 } 588 589 FinishOperationRequest request; 590 request.op_handle = operation_handle; 591 if (signature && signature->data && signature->data_length > 0) { 592 request.signature.Reinitialize(signature->data, signature->data_length); 593 } 594 if (input && input->data && input->data_length) { 595 request.input.Reinitialize(input->data, input->data_length); 596 } 597 if (in_params) { 598 request.additional_params.Reinitialize(*in_params); 599 } 600 601 FinishOperationResponse response; 602 keymaster_error_t err = Send(KM_FINISH_OPERATION, request, &response); 603 if (err != KM_ERROR_OK) { 604 return err; 605 } 606 607 if (response.output_params.size() > 0) { 608 if (out_params) { 609 response.output_params.CopyToParamSet(out_params); 610 } else { 611 return KM_ERROR_OUTPUT_PARAMETER_NULL; 612 } 613 } 614 if (output) { 615 output->data_length = response.output.available_read(); 616 output->data = DuplicateBuffer(response.output.peek_read(), output->data_length); 617 if (!output->data) { 618 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 619 } 620 } else if (response.output.available_read() > 0) { 621 return KM_ERROR_OUTPUT_PARAMETER_NULL; 622 } 623 624 return KM_ERROR_OK; 625 } 626 627 keymaster_error_t TrustyKeymasterDevice::abort(keymaster_operation_handle_t operation_handle) { 628 ALOGD("Device received abort"); 629 630 if (error_ != KM_ERROR_OK) { 631 return error_; 632 } 633 634 AbortOperationRequest request; 635 request.op_handle = operation_handle; 636 AbortOperationResponse response; 637 return Send(KM_ABORT_OPERATION, request, &response); 638 } 639 640 hw_device_t* TrustyKeymasterDevice::hw_device() { 641 return &device_.common; 642 } 643 644 static inline TrustyKeymasterDevice* convert_device(const keymaster2_device_t* dev) { 645 return reinterpret_cast<TrustyKeymasterDevice*>(const_cast<keymaster2_device_t*>(dev)); 646 } 647 648 /* static */ 649 int TrustyKeymasterDevice::close_device(hw_device_t* dev) { 650 delete reinterpret_cast<TrustyKeymasterDevice*>(dev); 651 return 0; 652 } 653 654 /* static */ 655 keymaster_error_t TrustyKeymasterDevice::configure(const keymaster2_device_t* dev, 656 const keymaster_key_param_set_t* params) { 657 return convert_device(dev)->configure(params); 658 } 659 660 /* static */ 661 keymaster_error_t TrustyKeymasterDevice::add_rng_entropy(const keymaster2_device_t* dev, 662 const uint8_t* data, size_t data_length) { 663 return convert_device(dev)->add_rng_entropy(data, data_length); 664 } 665 666 /* static */ 667 keymaster_error_t TrustyKeymasterDevice::generate_key( 668 const keymaster2_device_t* dev, const keymaster_key_param_set_t* params, 669 keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t* characteristics) { 670 return convert_device(dev)->generate_key(params, key_blob, characteristics); 671 } 672 673 /* static */ 674 keymaster_error_t TrustyKeymasterDevice::get_key_characteristics( 675 const keymaster2_device_t* dev, const keymaster_key_blob_t* key_blob, 676 const keymaster_blob_t* client_id, const keymaster_blob_t* app_data, 677 keymaster_key_characteristics_t* characteristics) { 678 return convert_device(dev)->get_key_characteristics(key_blob, client_id, app_data, 679 characteristics); 680 } 681 682 /* static */ 683 keymaster_error_t TrustyKeymasterDevice::import_key( 684 const keymaster2_device_t* dev, const keymaster_key_param_set_t* params, 685 keymaster_key_format_t key_format, const keymaster_blob_t* key_data, 686 keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t* characteristics) { 687 return convert_device(dev)->import_key(params, key_format, key_data, key_blob, characteristics); 688 } 689 690 /* static */ 691 keymaster_error_t TrustyKeymasterDevice::export_key(const keymaster2_device_t* dev, 692 keymaster_key_format_t export_format, 693 const keymaster_key_blob_t* key_to_export, 694 const keymaster_blob_t* client_id, 695 const keymaster_blob_t* app_data, 696 keymaster_blob_t* export_data) { 697 return convert_device(dev)->export_key(export_format, key_to_export, client_id, app_data, 698 export_data); 699 } 700 701 /* static */ 702 keymaster_error_t TrustyKeymasterDevice::attest_key(const keymaster2_device_t* dev, 703 const keymaster_key_blob_t* key_to_attest, 704 const keymaster_key_param_set_t* attest_params, 705 keymaster_cert_chain_t* cert_chain) { 706 return convert_device(dev)->attest_key(key_to_attest, attest_params, cert_chain); 707 } 708 709 /* static */ 710 keymaster_error_t TrustyKeymasterDevice::upgrade_key(const keymaster2_device_t* dev, 711 const keymaster_key_blob_t* key_to_upgrade, 712 const keymaster_key_param_set_t* upgrade_params, 713 keymaster_key_blob_t* upgraded_key) { 714 return convert_device(dev)->upgrade_key(key_to_upgrade, upgrade_params, upgraded_key); 715 } 716 717 /* static */ 718 keymaster_error_t TrustyKeymasterDevice::begin(const keymaster2_device_t* dev, 719 keymaster_purpose_t purpose, 720 const keymaster_key_blob_t* key, 721 const keymaster_key_param_set_t* in_params, 722 keymaster_key_param_set_t* out_params, 723 keymaster_operation_handle_t* operation_handle) { 724 return convert_device(dev)->begin(purpose, key, in_params, out_params, operation_handle); 725 } 726 727 /* static */ 728 keymaster_error_t TrustyKeymasterDevice::update( 729 const keymaster2_device_t* dev, keymaster_operation_handle_t operation_handle, 730 const keymaster_key_param_set_t* in_params, const keymaster_blob_t* input, 731 size_t* input_consumed, keymaster_key_param_set_t* out_params, keymaster_blob_t* output) { 732 return convert_device(dev)->update(operation_handle, in_params, input, input_consumed, 733 out_params, output); 734 } 735 736 /* static */ 737 keymaster_error_t TrustyKeymasterDevice::finish(const keymaster2_device_t* dev, 738 keymaster_operation_handle_t operation_handle, 739 const keymaster_key_param_set_t* in_params, 740 const keymaster_blob_t* input, 741 const keymaster_blob_t* signature, 742 keymaster_key_param_set_t* out_params, 743 keymaster_blob_t* output) { 744 return convert_device(dev)->finish(operation_handle, in_params, input, signature, out_params, 745 output); 746 } 747 748 /* static */ 749 keymaster_error_t TrustyKeymasterDevice::abort(const keymaster2_device_t* dev, 750 keymaster_operation_handle_t operation_handle) { 751 return convert_device(dev)->abort(operation_handle); 752 } 753 754 keymaster_error_t TrustyKeymasterDevice::Send(uint32_t command, const Serializable& req, 755 KeymasterResponse* rsp) { 756 uint32_t req_size = req.SerializedSize(); 757 if (req_size > SEND_BUF_SIZE) { 758 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 759 } 760 uint8_t send_buf[SEND_BUF_SIZE]; 761 Eraser send_buf_eraser(send_buf, SEND_BUF_SIZE); 762 req.Serialize(send_buf, send_buf + req_size); 763 764 // Send it 765 uint8_t recv_buf[RECV_BUF_SIZE]; 766 Eraser recv_buf_eraser(recv_buf, RECV_BUF_SIZE); 767 uint32_t rsp_size = RECV_BUF_SIZE; 768 ALOGV("Sending %d byte request\n", (int)req.SerializedSize()); 769 int rc = trusty_keymaster_call(command, send_buf, req_size, recv_buf, &rsp_size); 770 if (rc < 0) { 771 ALOGE("tipc error: %d\n", rc); 772 // TODO(swillden): Distinguish permanent from transient errors and set error_ appropriately. 773 return translate_error(rc); 774 } else { 775 ALOGV("Received %d byte response\n", rsp_size); 776 } 777 778 const keymaster_message* msg = (keymaster_message*)recv_buf; 779 const uint8_t* p = msg->payload; 780 if (!rsp->Deserialize(&p, p + rsp_size)) { 781 ALOGE("Error deserializing response of size %d\n", (int)rsp_size); 782 return KM_ERROR_UNKNOWN_ERROR; 783 } else if (rsp->error != KM_ERROR_OK) { 784 ALOGE("Response of size %d contained error code %d\n", (int)rsp_size, (int)rsp->error); 785 return rsp->error; 786 } 787 return rsp->error; 788 } 789 790 } // namespace keymaster 791
