1 /* 2 * Copyright 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef SYSTEM_KEYMASTER_SOFT_KEYMASTER_DEVICE_H_ 18 #define SYSTEM_KEYMASTER_SOFT_KEYMASTER_DEVICE_H_ 19 20 #include <cstdlib> 21 #include <map> 22 #include <vector> 23 24 #include <hardware/keymaster0.h> 25 #include <hardware/keymaster1.h> 26 #include <hardware/keymaster2.h> 27 28 #include <keymaster/android_keymaster.h> 29 #include <keymaster/soft_keymaster_context.h> 30 31 #include <UniquePtr.h> 32 33 namespace keymaster { 34 35 class AuthorizationSet; 36 37 /** 38 * Keymaster1 device implementation. 39 * 40 * This is a hybrid software/hardware implementation which wraps a keymaster0_device_t, forwarding 41 * RSA operations to secure hardware and doing everything else in software. 42 * 43 * IMPORTANT MAINTAINER NOTE: Pointers to instances of this class must be castable to hw_device_t 44 * and keymaster_device. This means it must remain a standard layout class (no virtual functions and 45 * no data members which aren't standard layout), and device_ must be the first data member. 46 * Assertions in the constructor validate compliance with those constraints. 47 */ 48 class SoftKeymasterDevice { 49 public: 50 SoftKeymasterDevice(); 51 52 // Public only for testing. 53 SoftKeymasterDevice(SoftKeymasterContext* context); 54 55 /** 56 * Set SoftKeymasterDevice to wrap the speicified HW keymaster0 device. Takes ownership of the 57 * specified device (will call keymaster0_device->common.close()); 58 */ 59 keymaster_error_t SetHardwareDevice(keymaster0_device_t* keymaster0_device); 60 61 /** 62 * Set SoftKeymasterDevice to wrap specified HW keymaster1 device. Takes ownership of the 63 * specified device (will call keymaster1_device->common.close()); 64 */ 65 keymaster_error_t SetHardwareDevice(keymaster1_device_t* keymaster1_device); 66 67 /** 68 * Returns true if a keymaster1_device_t has been set as the hardware device, and if that 69 * hardware device should be used directly. 70 */ 71 bool Keymaster1DeviceIsGood(); 72 73 hw_device_t* hw_device(); 74 keymaster1_device_t* keymaster_device(); 75 keymaster2_device_t* keymaster2_device(); 76 77 // Public only for testing GetVersion(const GetVersionRequest & req,GetVersionResponse * rsp)78 void GetVersion(const GetVersionRequest& req, GetVersionResponse* rsp) { 79 impl_->GetVersion(req, rsp); 80 } 81 configured()82 bool configured() const { return configured_; } 83 84 typedef std::pair<keymaster_algorithm_t, keymaster_purpose_t> AlgPurposePair; 85 typedef std::map<AlgPurposePair, std::vector<keymaster_digest_t>> DigestMap; 86 87 private: 88 void initialize_device_struct(uint32_t flags); 89 bool FindUnsupportedDigest(keymaster_algorithm_t algorithm, keymaster_purpose_t purpose, 90 const AuthorizationSet& params, 91 keymaster_digest_t* unsupported) const; 92 bool RequiresSoftwareDigesting(keymaster_algorithm_t algorithm, keymaster_purpose_t purpose, 93 const AuthorizationSet& params) const; 94 bool KeyRequiresSoftwareDigesting(const AuthorizationSet& key_description) const; 95 96 static void StoreDefaultNewKeyParams(keymaster_algorithm_t algorithm, 97 AuthorizationSet* auth_set); 98 static keymaster_error_t GetPkcs8KeyAlgorithm(const uint8_t* key, size_t key_length, 99 keymaster_algorithm_t* algorithm); 100 101 static int close_device(hw_device_t* dev); 102 103 /* 104 * These static methods are the functions referenced through the function pointers in 105 * keymaster_device. 106 */ 107 108 // Keymaster1 methods 109 static keymaster_error_t get_supported_algorithms(const keymaster1_device_t* dev, 110 keymaster_algorithm_t** algorithms, 111 size_t* algorithms_length); 112 static keymaster_error_t get_supported_block_modes(const keymaster1_device_t* dev, 113 keymaster_algorithm_t algorithm, 114 keymaster_purpose_t purpose, 115 keymaster_block_mode_t** modes, 116 size_t* modes_length); 117 static keymaster_error_t get_supported_padding_modes(const keymaster1_device_t* dev, 118 keymaster_algorithm_t algorithm, 119 keymaster_purpose_t purpose, 120 keymaster_padding_t** modes, 121 size_t* modes_length); 122 static keymaster_error_t get_supported_digests(const keymaster1_device_t* dev, 123 keymaster_algorithm_t algorithm, 124 keymaster_purpose_t purpose, 125 keymaster_digest_t** digests, 126 size_t* digests_length); 127 static keymaster_error_t get_supported_import_formats(const keymaster1_device_t* dev, 128 keymaster_algorithm_t algorithm, 129 keymaster_key_format_t** formats, 130 size_t* formats_length); 131 static keymaster_error_t get_supported_export_formats(const keymaster1_device_t* dev, 132 keymaster_algorithm_t algorithm, 133 keymaster_key_format_t** formats, 134 size_t* formats_length); 135 static keymaster_error_t add_rng_entropy(const keymaster1_device_t* dev, const uint8_t* data, 136 size_t data_length); 137 static keymaster_error_t generate_key(const keymaster1_device_t* dev, 138 const keymaster_key_param_set_t* params, 139 keymaster_key_blob_t* key_blob, 140 keymaster_key_characteristics_t** characteristics); 141 static keymaster_error_t get_key_characteristics(const keymaster1_device_t* dev, 142 const keymaster_key_blob_t* key_blob, 143 const keymaster_blob_t* client_id, 144 const keymaster_blob_t* app_data, 145 keymaster_key_characteristics_t** character); 146 static keymaster_error_t import_key(const keymaster1_device_t* dev, // 147 const keymaster_key_param_set_t* params, 148 keymaster_key_format_t key_format, 149 const keymaster_blob_t* key_data, 150 keymaster_key_blob_t* key_blob, 151 keymaster_key_characteristics_t** characteristics); 152 static keymaster_error_t export_key(const keymaster1_device_t* dev, // 153 keymaster_key_format_t export_format, 154 const keymaster_key_blob_t* key_to_export, 155 const keymaster_blob_t* client_id, 156 const keymaster_blob_t* app_data, 157 keymaster_blob_t* export_data); 158 static keymaster_error_t delete_key(const keymaster1_device_t* dev, 159 const keymaster_key_blob_t* key); 160 static keymaster_error_t delete_all_keys(const keymaster1_device_t* dev); 161 static keymaster_error_t begin(const keymaster1_device_t* dev, keymaster_purpose_t purpose, 162 const keymaster_key_blob_t* key, 163 const keymaster_key_param_set_t* in_params, 164 keymaster_key_param_set_t* out_params, 165 keymaster_operation_handle_t* operation_handle); 166 static keymaster_error_t update(const keymaster1_device_t* dev, // 167 keymaster_operation_handle_t operation_handle, 168 const keymaster_key_param_set_t* in_params, 169 const keymaster_blob_t* input, size_t* input_consumed, 170 keymaster_key_param_set_t* out_params, 171 keymaster_blob_t* output); 172 static keymaster_error_t finish(const keymaster1_device_t* dev, // 173 keymaster_operation_handle_t operation_handle, 174 const keymaster_key_param_set_t* in_params, 175 const keymaster_blob_t* signature, 176 keymaster_key_param_set_t* out_params, 177 keymaster_blob_t* output); 178 static keymaster_error_t abort(const keymaster1_device_t* dev, 179 keymaster_operation_handle_t operation_handle); 180 181 // Keymaster2 methods 182 static keymaster_error_t configure(const keymaster2_device_t* dev, 183 const keymaster_key_param_set_t* params); 184 static keymaster_error_t add_rng_entropy(const keymaster2_device_t* dev, const uint8_t* data, 185 size_t data_length); 186 static keymaster_error_t generate_key(const keymaster2_device_t* dev, 187 const keymaster_key_param_set_t* params, 188 keymaster_key_blob_t* key_blob, 189 keymaster_key_characteristics_t* characteristics); 190 static keymaster_error_t get_key_characteristics(const keymaster2_device_t* dev, 191 const keymaster_key_blob_t* key_blob, 192 const keymaster_blob_t* client_id, 193 const keymaster_blob_t* app_data, 194 keymaster_key_characteristics_t* character); 195 static keymaster_error_t import_key(const keymaster2_device_t* dev, // 196 const keymaster_key_param_set_t* params, 197 keymaster_key_format_t key_format, 198 const keymaster_blob_t* key_data, 199 keymaster_key_blob_t* key_blob, 200 keymaster_key_characteristics_t* characteristics); 201 static keymaster_error_t export_key(const keymaster2_device_t* dev, // 202 keymaster_key_format_t export_format, 203 const keymaster_key_blob_t* key_to_export, 204 const keymaster_blob_t* client_id, 205 const keymaster_blob_t* app_data, 206 keymaster_blob_t* export_data); 207 static keymaster_error_t attest_key(const keymaster2_device_t* dev, 208 const keymaster_key_blob_t* key_to_attest, 209 const keymaster_key_param_set_t* attest_params, 210 keymaster_cert_chain_t* cert_chain); 211 static keymaster_error_t upgrade_key(const keymaster2_device_t* dev, 212 const keymaster_key_blob_t* key_to_upgrade, 213 const keymaster_key_param_set_t* upgrade_params, 214 keymaster_key_blob_t* upgraded_key); 215 static keymaster_error_t delete_key(const keymaster2_device_t* dev, 216 const keymaster_key_blob_t* key); 217 static keymaster_error_t delete_all_keys(const keymaster2_device_t* dev); 218 static keymaster_error_t begin(const keymaster2_device_t* dev, keymaster_purpose_t purpose, 219 const keymaster_key_blob_t* key, 220 const keymaster_key_param_set_t* in_params, 221 keymaster_key_param_set_t* out_params, 222 keymaster_operation_handle_t* operation_handle); 223 static keymaster_error_t update(const keymaster2_device_t* dev, // 224 keymaster_operation_handle_t operation_handle, 225 const keymaster_key_param_set_t* in_params, 226 const keymaster_blob_t* input, size_t* input_consumed, 227 keymaster_key_param_set_t* out_params, 228 keymaster_blob_t* output); 229 static keymaster_error_t finish(const keymaster2_device_t* dev, // 230 keymaster_operation_handle_t operation_handle, 231 const keymaster_key_param_set_t* in_params, 232 const keymaster_blob_t* input, 233 const keymaster_blob_t* signature, 234 keymaster_key_param_set_t* out_params, 235 keymaster_blob_t* output); 236 static keymaster_error_t abort(const keymaster2_device_t* dev, 237 keymaster_operation_handle_t operation_handle); 238 239 keymaster1_device_t km1_device_; 240 keymaster2_device_t km2_device_; 241 242 keymaster0_device_t* wrapped_km0_device_; 243 keymaster1_device_t* wrapped_km1_device_; 244 DigestMap km1_device_digests_; 245 SoftKeymasterContext* context_; 246 UniquePtr<AndroidKeymaster> impl_; 247 std::string module_name_; 248 hw_module_t updated_module_; 249 bool configured_; 250 }; 251 252 } // namespace keymaster 253 254 #endif // EXTERNAL_KEYMASTER_TRUSTY_KEYMASTER_DEVICE_H_ 255