1 /*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18 #include <keymasterV4_1/Keymaster3.h>
19
20 #include <android-base/logging.h>
21 #include <keymasterV4_0/keymaster_utils.h>
22
23 namespace android::hardware::keymaster::V4_1::support {
24
25 using android::hardware::details::StatusOf;
26
27 namespace {
28
convert(V3_0::ErrorCode error)29 V4_0::ErrorCode convert(V3_0::ErrorCode error) {
30 return static_cast<V4_0::ErrorCode>(error);
31 }
32
convert(KeyPurpose purpose)33 V3_0::KeyPurpose convert(KeyPurpose purpose) {
34 return static_cast<V3_0::KeyPurpose>(purpose);
35 }
36
convert(KeyFormat purpose)37 V3_0::KeyFormat convert(KeyFormat purpose) {
38 return static_cast<V3_0::KeyFormat>(purpose);
39 }
40
convert(const KeyParameter & param)41 V3_0::KeyParameter convert(const KeyParameter& param) {
42 V3_0::KeyParameter converted;
43 converted.tag = static_cast<V3_0::Tag>(param.tag);
44 static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
45 memcpy(&converted.f, ¶m.f, sizeof(param.f));
46 converted.blob = param.blob;
47 return converted;
48 }
49
convert(const V3_0::KeyParameter & param)50 KeyParameter convert(const V3_0::KeyParameter& param) {
51 KeyParameter converted;
52 converted.tag = static_cast<V4_0::Tag>(param.tag);
53 static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
54 memcpy(&converted.f, ¶m.f, sizeof(param.f));
55 converted.blob = param.blob;
56 return converted;
57 }
58
convert(const hidl_vec<KeyParameter> & params)59 hidl_vec<V3_0::KeyParameter> convert(const hidl_vec<KeyParameter>& params) {
60 hidl_vec<V3_0::KeyParameter> converted(params.size());
61 for (size_t i = 0; i < params.size(); ++i) {
62 converted[i] = convert(params[i]);
63 }
64 return converted;
65 }
66
convert(const hidl_vec<V3_0::KeyParameter> & params)67 hidl_vec<KeyParameter> convert(const hidl_vec<V3_0::KeyParameter>& params) {
68 hidl_vec<KeyParameter> converted(params.size());
69 for (size_t i = 0; i < params.size(); ++i) {
70 converted[i] = convert(params[i]);
71 }
72 return converted;
73 }
74
75 template <typename T, typename OutIter>
copy_bytes_to_iterator(const T & value,OutIter dest)76 inline static OutIter copy_bytes_to_iterator(const T& value, OutIter dest) {
77 const uint8_t* value_ptr = reinterpret_cast<const uint8_t*>(&value);
78 return std::copy(value_ptr, value_ptr + sizeof(value), dest);
79 }
80
convertAndAddAuthToken(const hidl_vec<KeyParameter> & params,const HardwareAuthToken & authToken)81 hidl_vec<V3_0::KeyParameter> convertAndAddAuthToken(const hidl_vec<KeyParameter>& params,
82 const HardwareAuthToken& authToken) {
83 hidl_vec<V3_0::KeyParameter> converted(params.size() + 1);
84 for (size_t i = 0; i < params.size(); ++i) {
85 converted[i] = convert(params[i]);
86 }
87 converted[params.size()].tag = V3_0::Tag::AUTH_TOKEN;
88 converted[params.size()].blob = V4_0::support::authToken2HidlVec(authToken);
89
90 return converted;
91 }
92
convert(const V3_0::KeyCharacteristics & chars)93 KeyCharacteristics convert(const V3_0::KeyCharacteristics& chars) {
94 KeyCharacteristics converted;
95 converted.hardwareEnforced = convert(chars.teeEnforced);
96 converted.softwareEnforced = convert(chars.softwareEnforced);
97 return converted;
98 }
99
100 } // namespace
101
getVersionIfNeeded()102 void Keymaster3::getVersionIfNeeded() {
103 if (haveVersion_) return;
104
105 auto rc = km3_dev_->getHardwareFeatures(
106 [&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
107 bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName,
108 const hidl_string& keymasterAuthorName) {
109 version_ = {keymasterName,
110 keymasterAuthorName,
111 0 /* major version, filled below */,
112 0 /* minor version */,
113 isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE,
114 supportsEllipticCurve};
115 supportsSymmetricCryptography_ = supportsSymmetricCryptography;
116 supportsAttestation_ = supportsAttestation;
117 supportsAllDigests_ = supportsAllDigests;
118 });
119
120 CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features";
121
122 if (version_.securityLevel == SecurityLevel::SOFTWARE) {
123 version_.majorVersion = 3;
124 } else if (supportsAttestation_) {
125 version_.majorVersion = 3; // Could be 2, doesn't matter.
126 } else if (supportsSymmetricCryptography_) {
127 version_.majorVersion = 1;
128 } else {
129 version_.majorVersion = 0;
130 }
131 }
132
getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb)133 Return<void> Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb) {
134 getVersionIfNeeded();
135 _hidl_cb(version_.securityLevel,
136 std::string(version_.keymasterName) + " (wrapped by keystore::Keymaster3)",
137 version_.authorName);
138 return Void();
139 }
140
addRngEntropy(const hidl_vec<uint8_t> & data)141 Return<V4_0::ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) {
142 auto rc = km3_dev_->addRngEntropy(data);
143 if (!rc.isOk()) {
144 return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
145 }
146 return convert(rc);
147 }
148
generateKey(const hidl_vec<KeyParameter> & keyParams,generateKey_cb _hidl_cb)149 Return<void> Keymaster3::generateKey(const hidl_vec<KeyParameter>& keyParams,
150 generateKey_cb _hidl_cb) {
151 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
152 const V3_0::KeyCharacteristics& characteristics) {
153 _hidl_cb(convert(error), keyBlob, convert(characteristics));
154 };
155 auto rc = km3_dev_->generateKey(convert(keyParams), cb);
156 rc.isOk(); // move ctor prereq
157 return rc;
158 }
159
getKeyCharacteristics(const hidl_vec<uint8_t> & keyBlob,const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,getKeyCharacteristics_cb _hidl_cb)160 Return<void> Keymaster3::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
161 const hidl_vec<uint8_t>& clientId,
162 const hidl_vec<uint8_t>& appData,
163 getKeyCharacteristics_cb _hidl_cb) {
164 auto cb = [&](V3_0::ErrorCode error, const V3_0::KeyCharacteristics& chars) {
165 _hidl_cb(convert(error), convert(chars));
166 };
167
168 auto rc = km3_dev_->getKeyCharacteristics(keyBlob, clientId, appData, cb);
169 rc.isOk(); // move ctor prereq
170 return rc;
171 }
172
importKey(const hidl_vec<KeyParameter> & params,KeyFormat keyFormat,const hidl_vec<uint8_t> & keyData,importKey_cb _hidl_cb)173 Return<void> Keymaster3::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
174 const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) {
175 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
176 const V3_0::KeyCharacteristics& chars) {
177 _hidl_cb(convert(error), keyBlob, convert(chars));
178 };
179 auto rc = km3_dev_->importKey(convert(params), convert(keyFormat), keyData, cb);
180 rc.isOk(); // move ctor prereq
181 return rc;
182 }
183
exportKey(KeyFormat exportFormat,const hidl_vec<uint8_t> & keyBlob,const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,exportKey_cb _hidl_cb)184 Return<void> Keymaster3::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
185 const hidl_vec<uint8_t>& clientId,
186 const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) {
187 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyMaterial) {
188 _hidl_cb(convert(error), keyMaterial);
189 };
190 auto rc = km3_dev_->exportKey(convert(exportFormat), keyBlob, clientId, appData, cb);
191 rc.isOk(); // move ctor prereq
192 return rc;
193 }
194
attestKey(const hidl_vec<uint8_t> & keyToAttest,const hidl_vec<KeyParameter> & attestParams,attestKey_cb _hidl_cb)195 Return<void> Keymaster3::attestKey(const hidl_vec<uint8_t>& keyToAttest,
196 const hidl_vec<KeyParameter>& attestParams,
197 attestKey_cb _hidl_cb) {
198 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<hidl_vec<uint8_t>>& certChain) {
199 _hidl_cb(convert(error), certChain);
200 };
201 auto rc = km3_dev_->attestKey(keyToAttest, convert(attestParams), cb);
202 rc.isOk(); // move ctor prereq
203 return rc;
204 }
205
upgradeKey(const hidl_vec<uint8_t> & keyBlobToUpgrade,const hidl_vec<KeyParameter> & upgradeParams,upgradeKey_cb _hidl_cb)206 Return<void> Keymaster3::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
207 const hidl_vec<KeyParameter>& upgradeParams,
208 upgradeKey_cb _hidl_cb) {
209 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& upgradedKeyBlob) {
210 _hidl_cb(convert(error), upgradedKeyBlob);
211 };
212 auto rc = km3_dev_->upgradeKey(keyBlobToUpgrade, convert(upgradeParams), cb);
213 rc.isOk(); // move ctor prereq
214 return rc;
215 }
216
deleteKey(const hidl_vec<uint8_t> & keyBlob)217 Return<V4_0::ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
218 auto rc = km3_dev_->deleteKey(keyBlob);
219 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
220 return convert(rc);
221 }
222
deleteAllKeys()223 Return<V4_0::ErrorCode> Keymaster3::deleteAllKeys() {
224 auto rc = km3_dev_->deleteAllKeys();
225 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
226 return convert(rc);
227 }
228
destroyAttestationIds()229 Return<V4_0::ErrorCode> Keymaster3::destroyAttestationIds() {
230 auto rc = km3_dev_->destroyAttestationIds();
231 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
232 return convert(rc);
233 }
234
begin(KeyPurpose purpose,const hidl_vec<uint8_t> & key,const hidl_vec<KeyParameter> & inParams,const HardwareAuthToken & authToken,begin_cb _hidl_cb)235 Return<void> Keymaster3::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
236 const hidl_vec<KeyParameter>& inParams,
237 const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
238 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<V3_0::KeyParameter>& outParams,
239 OperationHandle operationHandle) {
240 _hidl_cb(convert(error), convert(outParams), operationHandle);
241 };
242
243 auto rc =
244 km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb);
245 rc.isOk(); // move ctor prereq
246 return rc;
247 }
248
update(uint64_t operationHandle,const hidl_vec<KeyParameter> & inParams,const hidl_vec<uint8_t> & input,const HardwareAuthToken & authToken,const VerificationToken &,update_cb _hidl_cb)249 Return<void> Keymaster3::update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
250 const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
251 const VerificationToken& /* verificationToken */,
252 update_cb _hidl_cb) {
253 auto cb = [&](V3_0::ErrorCode error, uint32_t inputConsumed,
254 const hidl_vec<V3_0::KeyParameter>& outParams, const hidl_vec<uint8_t>& output) {
255 _hidl_cb(convert(error), inputConsumed, convert(outParams), output);
256 };
257
258 auto rc = km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input,
259 cb);
260 rc.isOk(); // move ctor prereq
261 return rc;
262 }
263
finish(uint64_t operationHandle,const hidl_vec<KeyParameter> & inParams,const hidl_vec<uint8_t> & input,const hidl_vec<uint8_t> & signature,const HardwareAuthToken & authToken,const VerificationToken &,finish_cb _hidl_cb)264 Return<void> Keymaster3::finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
265 const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
266 const HardwareAuthToken& authToken,
267 const VerificationToken& /* verificationToken */,
268 finish_cb _hidl_cb) {
269 auto cb = [&](V3_0::ErrorCode error, const hidl_vec<V3_0::KeyParameter>& outParams,
270 const hidl_vec<uint8_t>& output) {
271 _hidl_cb(convert(error), convert(outParams), output);
272 };
273
274 auto rc = km3_dev_->finish(operationHandle, convertAndAddAuthToken(inParams, authToken), input,
275 signature, cb);
276 rc.isOk(); // move ctor prereq
277 return rc;
278 }
279
abort(uint64_t operationHandle)280 Return<V4_0::ErrorCode> Keymaster3::abort(uint64_t operationHandle) {
281 auto rc = km3_dev_->abort(operationHandle);
282 if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
283 return convert(rc);
284 }
285
286 } // namespace android::hardware::keymaster::V4_1::support
287