1 /*
2  * Copyright 2017, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef ANDROID_HARDWARE_KEYMASTER_KEYMASTER_DEVICE_H
18 #define ANDROID_HARDWARE_KEYMASTER_KEYMASTER_DEVICE_H
19 
20 #include <android/hardware/keymaster/4.0/IKeymasterDevice.h>
21 
22 #include <Keymaster.client.h>
23 
24 #include <vector>
25 
26 namespace android {
27 namespace hardware {
28 namespace keymaster {
29 
30 using ::android::hardware::keymaster::V4_0::ErrorCode;
31 using ::android::hardware::keymaster::V4_0::HardwareAuthToken;
32 using ::android::hardware::keymaster::V4_0::HmacSharingParameters;
33 using ::android::hardware::keymaster::V4_0::IKeymasterDevice;
34 using ::android::hardware::keymaster::V4_0::KeyFormat;
35 using ::android::hardware::keymaster::V4_0::KeyParameter;
36 using ::android::hardware::keymaster::V4_0::KeyPurpose;
37 using ::android::hardware::keymaster::V4_0::VerificationToken;
38 using ::android::hardware::Return;
39 using ::android::hardware::hidl_vec;
40 using ::nugget::app::keymaster::BootColor;
41 
42 #define KM_MAX_PROTO_FIELD_SIZE 2048
43 
44 using KeymasterClient = ::nugget::app::keymaster::IKeymaster;
45 
46 struct KeymasterDevice : public IKeymasterDevice {
47     KeymasterDevice(KeymasterClient& keymaster);
48     ~KeymasterDevice() override = default;
49 
50     // Methods from ::android::hardware::keymaster::V4_0::IKeymasterDevice follow.
51     Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb) override;
52     Return<void> getHmacSharingParameters(
53         getHmacSharingParameters_cb _hidl_cb) override;
54     Return<void> computeSharedHmac(
55         const hidl_vec<HmacSharingParameters>& params,
56         computeSharedHmac_cb _hidl_cb) override;
57     Return<void> verifyAuthorization(
58         uint64_t operationHandle,
59         const hidl_vec<KeyParameter>& parametersToVerify,
60         const HardwareAuthToken& authToken,
61         verifyAuthorization_cb _hidl_cb) override;
62     Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override;
63     Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
64                              generateKey_cb _hidl_cb) override;
65     Return<void> getKeyCharacteristics(
66         const hidl_vec<uint8_t>& keyBlob,
67         const hidl_vec<uint8_t>& clientId,
68         const hidl_vec<uint8_t>& appData,
69         getKeyCharacteristics_cb _hidl_cb) override;
70     Return<void> importKey(
71         const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
72         const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override;
73     Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
74                                   const hidl_vec<uint8_t>& wrappingKeyBlob,
75                                   const hidl_vec<uint8_t>& maskingKey,
76                                   const hidl_vec<KeyParameter>& unwrappingParams,
77                                   uint64_t passwordSid, uint64_t biometricSid,
78                                   importWrappedKey_cb _hidl_cb) override;
79     Return<void> exportKey(
80         KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
81         const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
82         exportKey_cb _hidl_cb) override;
83     Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
84                            const hidl_vec<KeyParameter>& attestParams,
85                            attestKey_cb _hidl_cb) override;
86     Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
87                             const hidl_vec<KeyParameter>& upgradeParams,
88                             upgradeKey_cb _hidl_cb) override;
89     Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override;
90     Return<ErrorCode> deleteAllKeys() override;
91     Return<ErrorCode> destroyAttestationIds() override;
92     Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
93                        const hidl_vec<KeyParameter>& inParams,
94                        const HardwareAuthToken& authToken,
95                        begin_cb _hidl_cb) override;
96     Return<void> update(
97         uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
98         const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
99         const VerificationToken& verificationToken,
100         update_cb _hidl_cb) override;
101     Return<void> finish(
102         uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
103         const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
104         const HardwareAuthToken& authToken,
105         const VerificationToken& verificationToken,
106         finish_cb _hidl_cb) override;
107     Return<ErrorCode> abort(uint64_t operationHandle) override;
108 
109 private:
110     KeymasterClient& _keymaster;
111     // These come from GetProperty.
112     uint32_t _os_version;
113     uint32_t _os_patchlevel;
114     uint32_t _vendor_patchlevel;
115 
116     // These come from the bootloader through Citadel.
117     bool _is_unlocked;
118     BootColor _boot_color;
119     std::vector<uint8_t> _boot_key;
120     std::vector<uint8_t> _boot_hash;
121 
122     Return<ErrorCode> SendSystemVersionInfo() const;
123     Return<ErrorCode> GetBootInfo();
124 };
125 
126 }  // namespace keymaster
127 }  // namespace hardware
128 }  // namespace android
129 
130 #endif // ANDROID_HARDWARE_KEYMASTER_KEYMASTER_DEVICE_H
131