1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_DEVICE_H_ 18 #define TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_DEVICE_H_ 19 20 #include <hardware/keymaster2.h> 21 #include <keymaster/android_keymaster_messages.h> 22 23 namespace keymaster { 24 25 /** 26 * Trusty Keymaster device. 27 * 28 * IMPORTANT MAINTAINER NOTE: Pointers to instances of this class must be castable to hw_device_t 29 * and keymaster_device. This means it must remain a standard layout class (no virtual functions and 30 * no data members which aren't standard layout), and device_ must be the first data member. 31 * Assertions in the constructor validate compliance with those constraints. 32 */ 33 class TrustyKeymasterDevice { 34 public: 35 /* 36 * These are the only symbols that will be exported by libtrustykeymaster. All functionality 37 * can be reached via the function pointers in device_. 38 */ 39 __attribute__((visibility("default"))) explicit TrustyKeymasterDevice(const hw_module_t* module); 40 __attribute__((visibility("default"))) hw_device_t* hw_device(); 41 42 ~TrustyKeymasterDevice(); 43 44 keymaster_error_t session_error() { return error_; } 45 46 keymaster_error_t configure(const keymaster_key_param_set_t* params); 47 keymaster_error_t add_rng_entropy(const uint8_t* data, size_t data_length); 48 keymaster_error_t generate_key(const keymaster_key_param_set_t* params, 49 keymaster_key_blob_t* key_blob, 50 keymaster_key_characteristics_t* characteristics); 51 keymaster_error_t get_key_characteristics(const keymaster_key_blob_t* key_blob, 52 const keymaster_blob_t* client_id, 53 const keymaster_blob_t* app_data, 54 keymaster_key_characteristics_t* character); 55 keymaster_error_t import_key(const keymaster_key_param_set_t* params, 56 keymaster_key_format_t key_format, 57 const keymaster_blob_t* key_data, keymaster_key_blob_t* key_blob, 58 keymaster_key_characteristics_t* characteristics); 59 keymaster_error_t export_key(keymaster_key_format_t export_format, 60 const keymaster_key_blob_t* key_to_export, 61 const keymaster_blob_t* client_id, 62 const keymaster_blob_t* app_data, keymaster_blob_t* export_data); 63 keymaster_error_t attest_key(const keymaster_key_blob_t* key_to_attest, 64 const keymaster_key_param_set_t* attest_params, 65 keymaster_cert_chain_t* cert_chain); 66 keymaster_error_t upgrade_key(const keymaster_key_blob_t* key_to_upgrade, 67 const keymaster_key_param_set_t* upgrade_params, 68 keymaster_key_blob_t* upgraded_key); 69 keymaster_error_t begin(keymaster_purpose_t purpose, const keymaster_key_blob_t* key, 70 const keymaster_key_param_set_t* in_params, 71 keymaster_key_param_set_t* out_params, 72 keymaster_operation_handle_t* operation_handle); 73 keymaster_error_t update(keymaster_operation_handle_t operation_handle, 74 const keymaster_key_param_set_t* in_params, 75 const keymaster_blob_t* input, size_t* input_consumed, 76 keymaster_key_param_set_t* out_params, keymaster_blob_t* output); 77 keymaster_error_t finish(keymaster_operation_handle_t operation_handle, 78 const keymaster_key_param_set_t* in_params, 79 const keymaster_blob_t* input, const keymaster_blob_t* signature, 80 keymaster_key_param_set_t* out_params, keymaster_blob_t* output); 81 keymaster_error_t abort(keymaster_operation_handle_t operation_handle); 82 83 private: 84 keymaster_error_t Send(uint32_t command, const Serializable& request, 85 KeymasterResponse* response); 86 87 /* 88 * These static methods are the functions referenced through the function pointers in 89 * keymaster_device. They're all trivial wrappers. 90 */ 91 static int close_device(hw_device_t* dev); 92 static keymaster_error_t configure(const keymaster2_device_t* dev, 93 const keymaster_key_param_set_t* params); 94 static keymaster_error_t add_rng_entropy(const keymaster2_device_t* dev, const uint8_t* data, 95 size_t data_length); 96 static keymaster_error_t generate_key(const keymaster2_device_t* dev, 97 const keymaster_key_param_set_t* params, 98 keymaster_key_blob_t* key_blob, 99 keymaster_key_characteristics_t* characteristics); 100 static keymaster_error_t get_key_characteristics(const keymaster2_device_t* dev, 101 const keymaster_key_blob_t* key_blob, 102 const keymaster_blob_t* client_id, 103 const keymaster_blob_t* app_data, 104 keymaster_key_characteristics_t* character); 105 static keymaster_error_t import_key(const keymaster2_device_t* dev, 106 const keymaster_key_param_set_t* params, 107 keymaster_key_format_t key_format, 108 const keymaster_blob_t* key_data, 109 keymaster_key_blob_t* key_blob, 110 keymaster_key_characteristics_t* characteristics); 111 static keymaster_error_t export_key(const keymaster2_device_t* dev, 112 keymaster_key_format_t export_format, 113 const keymaster_key_blob_t* key_to_export, 114 const keymaster_blob_t* client_id, 115 const keymaster_blob_t* app_data, 116 keymaster_blob_t* export_data); 117 static keymaster_error_t attest_key(const keymaster2_device_t* dev, 118 const keymaster_key_blob_t* key_to_attest, 119 const keymaster_key_param_set_t* attest_params, 120 keymaster_cert_chain_t* cert_chain); 121 static keymaster_error_t upgrade_key(const keymaster2_device_t* dev, 122 const keymaster_key_blob_t* key_to_upgrade, 123 const keymaster_key_param_set_t* upgrade_params, 124 keymaster_key_blob_t* upgraded_key); 125 static keymaster_error_t delete_key(const keymaster2_device_t* dev, 126 const keymaster_key_blob_t* key); 127 static keymaster_error_t delete_all_keys(const keymaster2_device_t* dev); 128 static keymaster_error_t begin(const keymaster2_device_t* dev, keymaster_purpose_t purpose, 129 const keymaster_key_blob_t* key, 130 const keymaster_key_param_set_t* in_params, 131 keymaster_key_param_set_t* out_params, 132 keymaster_operation_handle_t* operation_handle); 133 static keymaster_error_t update(const keymaster2_device_t* dev, 134 keymaster_operation_handle_t operation_handle, 135 const keymaster_key_param_set_t* in_params, 136 const keymaster_blob_t* input, size_t* input_consumed, 137 keymaster_key_param_set_t* out_params, keymaster_blob_t* output); 138 static keymaster_error_t finish(const keymaster2_device_t* dev, 139 keymaster_operation_handle_t operation_handle, 140 const keymaster_key_param_set_t* in_params, 141 const keymaster_blob_t* input, const keymaster_blob_t* signature, 142 keymaster_key_param_set_t* out_params, keymaster_blob_t* output); 143 static keymaster_error_t abort(const keymaster2_device_t* dev, 144 keymaster_operation_handle_t operation_handle); 145 146 keymaster2_device_t device_; 147 keymaster_error_t error_; 148 int32_t message_version_; 149 }; 150 151 } // namespace keymaster 152 153 #endif // TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_DEVICE_H_ 154