1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License"); you
5 * may not use this file except in compliance with the License. You may
6 * obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
13 * implied. See the License for the specific language governing
14 * permissions and limitations under the License.
15 */
16
17 #include <errno.h>
18 #include <string.h>
19 #include <stdint.h>
20
21 #include <hardware/hardware.h>
22 #include <hardware/keymaster0.h>
23
24 #include <openssl/evp.h>
25 #include <openssl/bio.h>
26 #include <openssl/rsa.h>
27 #include <openssl/err.h>
28 #include <openssl/x509.h>
29
30 #include <linux/ioctl.h>
31 #include <linux/msm_ion.h>
32 #include <sys/mman.h>
33
34 #include <stdio.h>
35 #include <stdlib.h>
36 #include <stddef.h>
37 #include <unistd.h>
38 #include <dirent.h>
39 #include <fcntl.h>
40
41 #include <sys/types.h>
42 #include <sys/stat.h>
43 #include <dlfcn.h>
44
45 #include <UniquePtr.h>
46
47 #include "QSEEComAPI.h"
48 #include "keymaster_qcom.h"
49
50 // For debugging
51 //#define LOG_NDEBUG 0
52
53 #define LOG_TAG "QCOMKeyMaster"
54 #include <cutils/log.h>
55 struct qcom_km_ion_info_t {
56 int32_t ion_fd;
57 int32_t ifd_data_fd;
58 struct ion_handle_data ion_alloc_handle;
59 unsigned char * ion_sbuffer;
60 uint32_t sbuf_len;
61 };
62
63 struct qcom_keymaster_handle {
64 struct QSEECom_handle *qseecom;
65 void *libhandle;
66 int (*QSEECom_start_app)(struct QSEECom_handle ** handle, char* path,
67 char* appname, uint32_t size);
68 int (*QSEECom_shutdown_app)(struct QSEECom_handle **handle);
69 int (*QSEECom_send_cmd)(struct QSEECom_handle* handle, void *cbuf,
70 uint32_t clen, void *rbuf, uint32_t rlen);
71 int (*QSEECom_send_modified_cmd)(struct QSEECom_handle* handle, void *cbuf,
72 uint32_t clen, void *rbuf, uint32_t rlen,
73 struct QSEECom_ion_fd_info *ihandle);
74 int (*QSEECom_set_bandwidth)(struct QSEECom_handle* handle, bool high);
75 };
76 typedef struct qcom_keymaster_handle qcom_keymaster_handle_t;
77
78 struct EVP_PKEY_Delete {
operator ()EVP_PKEY_Delete79 void operator()(EVP_PKEY* p) const {
80 EVP_PKEY_free(p);
81 }
82 };
83 typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
84
85 struct RSA_Delete {
operator ()RSA_Delete86 void operator()(RSA* p) const {
87 RSA_free(p);
88 }
89 };
90 typedef UniquePtr<RSA, RSA_Delete> Unique_RSA;
91
92 typedef UniquePtr<keymaster0_device_t> Unique_keymaster_device_t;
93
94 /**
95 * Many OpenSSL APIs take ownership of an argument on success but don't free the argument
96 * on failure. This means we need to tell our scoped pointers when we've transferred ownership,
97 * without triggering a warning by not using the result of release().
98 */
99 #define OWNERSHIP_TRANSFERRED(obj) \
100 typeof (obj.release()) _dummy __attribute__((unused)) = obj.release()
101
qcom_km_get_keypair_public(const keymaster0_device_t * dev,const uint8_t * keyBlob,const size_t keyBlobLength,uint8_t ** x509_data,size_t * x509_data_length)102 static int qcom_km_get_keypair_public(const keymaster0_device_t* dev,
103 const uint8_t* keyBlob, const size_t keyBlobLength,
104 uint8_t** x509_data, size_t* x509_data_length) {
105
106 struct qcom_km_key_blob * keyblob_ptr = (struct qcom_km_key_blob *)keyBlob;
107
108 if (x509_data == NULL || x509_data_length == NULL) {
109 ALOGE("Output public key buffer == NULL");
110 return -1;
111 }
112
113 if (keyBlob == NULL) {
114 ALOGE("Supplied key blob was NULL");
115 return -1;
116 }
117
118 // Should be large enough for keyblob data:
119 if (keyBlobLength < (sizeof(qcom_km_key_blob_t))) {
120 ALOGE("key blob appears to be truncated");
121 return -1;
122 }
123
124 if (keyblob_ptr->magic_num != KM_MAGIC_NUM) {
125 ALOGE("Cannot read key; it was not made by this keymaster");
126 return -1;
127 }
128
129 if (keyblob_ptr->public_exponent_size == 0 ) {
130 ALOGE("Key blob appears to have incorrect exponent length");
131 return -1;
132 }
133 if (keyblob_ptr->modulus_size == 0 ) {
134 ALOGE("Key blob appears to have incorrect modulus length");
135 return -1;
136 }
137
138 Unique_RSA rsa(RSA_new());
139 if (rsa.get() == NULL) {
140 ALOGE("Could not allocate RSA structure");
141 return -1;
142 }
143
144 rsa->n = BN_bin2bn(reinterpret_cast<const unsigned char*>(keyblob_ptr->modulus),
145 keyblob_ptr->modulus_size, NULL);
146 if (rsa->n == NULL) {
147 ALOGE("Failed to initialize modulus");
148 return -1;
149 }
150
151 rsa->e = BN_bin2bn(reinterpret_cast<const unsigned char*>(&keyblob_ptr->public_exponent),
152 keyblob_ptr->public_exponent_size, NULL);
153 if (rsa->e == NULL) {
154 ALOGE("Failed to initialize public exponent");
155 return -1;
156 }
157
158 Unique_EVP_PKEY pkey(EVP_PKEY_new());
159 if (pkey.get() == NULL) {
160 ALOGE("Could not allocate EVP_PKEY structure");
161 return -1;
162 }
163 if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) != 1) {
164 ALOGE("Failed to assign rsa parameters \n");
165 return -1;
166 }
167 OWNERSHIP_TRANSFERRED(rsa);
168
169 int len = i2d_PUBKEY(pkey.get(), NULL);
170 if (len <= 0) {
171 ALOGE("Len returned is < 0 len = %d", len);
172 return -1;
173 }
174
175 UniquePtr<uint8_t> key(static_cast<uint8_t*>(malloc(len)));
176 if (key.get() == NULL) {
177 ALOGE("Could not allocate memory for public key data");
178 return -1;
179 }
180
181 unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get());
182 if (i2d_PUBKEY(pkey.get(), &tmp) != len) {
183 ALOGE("Len 2 returned is < 0 len = %d", len);
184 return -1;
185 }
186 *x509_data_length = len;
187 *x509_data = key.release();
188
189 return 0;
190 }
191
qcom_km_ION_memalloc(struct qcom_km_ion_info_t * handle,uint32_t size)192 static int32_t qcom_km_ION_memalloc(struct qcom_km_ion_info_t *handle,
193 uint32_t size)
194 {
195 int32_t ret = 0;
196 int32_t iret = 0;
197 int32_t fd = 0;
198 unsigned char *v_addr;
199 struct ion_allocation_data ion_alloc_data;
200 int32_t ion_fd;
201 int32_t rc;
202 struct ion_fd_data ifd_data;
203 struct ion_handle_data handle_data;
204
205 /* open ION device for memory management
206 * O_DSYNC -> uncached memory
207 */
208 if(handle == NULL){
209 ALOGE("Error:: null handle received");
210 return -1;
211 }
212 ion_fd = open("/dev/ion", O_RDONLY | O_DSYNC);
213 if (ion_fd < 0) {
214 ALOGE("Error::Cannot open ION device");
215 return -1;
216 }
217 handle->ion_sbuffer = NULL;
218 handle->ifd_data_fd = 0;
219
220 /* Size of allocation */
221 ion_alloc_data.len = (size + 4095) & (~4095);
222
223 /* 4K aligned */
224 ion_alloc_data.align = 4096;
225
226 /* memory is allocated from EBI heap */
227 ion_alloc_data.ION_HEAP_MASK = ION_HEAP(ION_QSECOM_HEAP_ID);
228
229 /* Set the memory to be uncached */
230 ion_alloc_data.flags = 0;
231
232 /* IOCTL call to ION for memory request */
233 rc = ioctl(ion_fd, ION_IOC_ALLOC, &ion_alloc_data);
234 if (rc) {
235 ret = -1;
236 goto alloc_fail;
237 }
238
239 if (ion_alloc_data.handle != NULL) {
240 ifd_data.handle = ion_alloc_data.handle;
241 } else {
242 ret = -1;
243 goto alloc_fail;
244 }
245 /* Call MAP ioctl to retrieve the ifd_data.fd file descriptor */
246 rc = ioctl(ion_fd, ION_IOC_MAP, &ifd_data);
247 if (rc) {
248 ret = -1;
249 goto ioctl_fail;
250 }
251
252 /* Make the ion mmap call */
253 v_addr = (unsigned char *)mmap(NULL, ion_alloc_data.len,
254 PROT_READ | PROT_WRITE,
255 MAP_SHARED, ifd_data.fd, 0);
256 if (v_addr == MAP_FAILED) {
257 ALOGE("Error::ION MMAP failed");
258 ret = -1;
259 goto map_fail;
260 }
261 handle->ion_fd = ion_fd;
262 handle->ifd_data_fd = ifd_data.fd;
263 handle->ion_sbuffer = v_addr;
264 handle->ion_alloc_handle.handle = ion_alloc_data.handle;
265 handle->sbuf_len = size;
266 return ret;
267
268 map_fail:
269 if (handle->ion_sbuffer != NULL) {
270 iret = munmap(handle->ion_sbuffer, ion_alloc_data.len);
271 if (iret)
272 ALOGE("Error::Failed to unmap memory for load image. ret = %d", ret);
273 }
274
275 ioctl_fail:
276 handle_data.handle = ion_alloc_data.handle;
277 if (handle->ifd_data_fd)
278 close(handle->ifd_data_fd);
279 iret = ioctl(ion_fd, ION_IOC_FREE, &handle_data);
280 if (iret) {
281 ALOGE("Error::ION FREE ioctl returned error = %d",iret);
282 }
283
284 alloc_fail:
285 if (ion_fd > 0)
286 close(ion_fd);
287 return ret;
288 }
289
290 /** @brief: Deallocate ION memory
291 *
292 *
293 */
qcom_km_ion_dealloc(struct qcom_km_ion_info_t * handle)294 static int32_t qcom_km_ion_dealloc(struct qcom_km_ion_info_t *handle)
295 {
296 struct ion_handle_data handle_data;
297 int32_t ret = 0;
298
299 /* Deallocate the memory for the listener */
300 ret = munmap(handle->ion_sbuffer, (handle->sbuf_len + 4095) & (~4095));
301 if (ret) {
302 ALOGE("Error::Unmapping ION Buffer failed with ret = %d", ret);
303 }
304
305 handle_data.handle = handle->ion_alloc_handle.handle;
306 close(handle->ifd_data_fd);
307 ret = ioctl(handle->ion_fd, ION_IOC_FREE, &handle_data);
308 if (ret) {
309 ALOGE("Error::ION Memory FREE ioctl failed with ret = %d", ret);
310 }
311 close(handle->ion_fd);
312 return ret;
313 }
314
qcom_km_generate_keypair(const keymaster0_device_t * dev,const keymaster_keypair_t key_type,const void * key_params,uint8_t ** keyBlob,size_t * keyBlobLength)315 static int qcom_km_generate_keypair(const keymaster0_device_t* dev,
316 const keymaster_keypair_t key_type, const void* key_params,
317 uint8_t** keyBlob, size_t* keyBlobLength) {
318
319 if (dev->context == NULL) {
320 ALOGE("qcom_km_generate_keypair: Context == NULL");
321 return -1;
322 }
323
324 if (key_type != TYPE_RSA) {
325 ALOGE("Unsupported key type %d", key_type);
326 return -1;
327 } else if (key_params == NULL) {
328 ALOGE("key_params == null");
329 return -1;
330 }
331 if (keyBlob == NULL || keyBlobLength == NULL) {
332 ALOGE("output key blob or length == NULL");
333 return -1;
334 }
335 keymaster_rsa_keygen_params_t* rsa_params = (keymaster_rsa_keygen_params_t*) key_params;
336
337 keymaster_gen_keypair_cmd_t *send_cmd = NULL;
338 keymaster_gen_keypair_resp_t *resp = NULL;
339 struct QSEECom_handle *handle = NULL;
340 struct qcom_keymaster_handle *km_handle =(struct qcom_keymaster_handle *)dev->context;
341 int ret = 0;
342
343 handle = (struct QSEECom_handle *)(km_handle->qseecom);
344 send_cmd = (keymaster_gen_keypair_cmd_t *)handle->ion_sbuffer;
345 resp = (keymaster_gen_keypair_resp_t *)(handle->ion_sbuffer +
346 QSEECOM_ALIGN(sizeof(keymaster_gen_keypair_cmd_t)));
347 send_cmd->cmd_id = KEYMASTER_GENERATE_KEYPAIR;
348 send_cmd->key_type = key_type;
349 send_cmd->rsa_params.modulus_size = rsa_params->modulus_size;
350 send_cmd->rsa_params.public_exponent = rsa_params->public_exponent;
351 resp->status = KEYMASTER_FAILURE;
352 resp->key_blob_len = sizeof(qcom_km_key_blob_t);
353
354 ret = (*km_handle->QSEECom_set_bandwidth)(handle, true);
355 if (ret < 0) {
356 ALOGE("Generate key command failed (unable to enable clks) ret =%d", ret);
357 return -1;
358 }
359
360 ret = (*km_handle->QSEECom_send_cmd)(handle, send_cmd,
361 QSEECOM_ALIGN(sizeof(keymaster_gen_keypair_cmd_t)), resp,
362 QSEECOM_ALIGN(sizeof(keymaster_gen_keypair_resp_t)));
363
364 if((*km_handle->QSEECom_set_bandwidth)(handle, false))
365 ALOGE("Import key command: (unable to disable clks)");
366
367 if ( (ret < 0) || (resp->status < 0)) {
368 ALOGE("Generate key command failed resp->status = %d ret =%d", resp->status, ret);
369 return -1;
370 } else {
371 UniquePtr<unsigned char[]> keydata(new unsigned char[resp->key_blob_len]);
372 if (keydata.get() == NULL) {
373 ALOGE("could not allocate memory for key blob");
374 return -1;
375 }
376 unsigned char* p = keydata.get();
377 memcpy(p, (unsigned char *)(&resp->key_blob), resp->key_blob_len);
378 *keyBlob = keydata.release();
379 *keyBlobLength = resp->key_blob_len;
380 }
381 return 0;
382 }
383
qcom_km_import_keypair(const keymaster0_device_t * dev,const uint8_t * key,const size_t key_length,uint8_t ** keyBlob,size_t * keyBlobLength)384 static int qcom_km_import_keypair(const keymaster0_device_t* dev,
385 const uint8_t* key, const size_t key_length,
386 uint8_t** keyBlob, size_t* keyBlobLength)
387 {
388 if (dev->context == NULL) {
389 ALOGE("qcom_km_import_keypair: Context == NULL");
390 return -1;
391 }
392
393 if (key == NULL) {
394 ALOGE("Input key == NULL");
395 return -1;
396 } else if (keyBlob == NULL || keyBlobLength == NULL) {
397 ALOGE("Output key blob or length == NULL");
398 return -1;
399 }
400
401 struct QSEECom_ion_fd_info ion_fd_info;
402 struct qcom_km_ion_info_t ihandle;
403 int ret = 0;
404
405 ihandle.ion_fd = 0;
406 ihandle.ion_alloc_handle.handle = NULL;
407 if (qcom_km_ION_memalloc(&ihandle, QSEECOM_ALIGN(key_length)) < 0) {
408 ALOGE("ION allocation failed");
409 return -1;
410 }
411 memset(&ion_fd_info, 0, sizeof(struct QSEECom_ion_fd_info));
412
413 /* Populate the send data structure */
414 ion_fd_info.data[0].fd = ihandle.ifd_data_fd;
415 ion_fd_info.data[0].cmd_buf_offset = sizeof(enum keymaster_cmd_t);
416
417
418 struct QSEECom_handle *handle = NULL;
419 keymaster_import_keypair_cmd_t *send_cmd = NULL;
420 keymaster_import_keypair_resp_t *resp = NULL;
421 struct qcom_keymaster_handle *km_handle =(struct qcom_keymaster_handle *)dev->context;
422
423 handle = (struct QSEECom_handle *)(km_handle->qseecom);
424 send_cmd = (keymaster_import_keypair_cmd_t *)handle->ion_sbuffer;
425 resp = (keymaster_import_keypair_resp_t *)(handle->ion_sbuffer +
426 QSEECOM_ALIGN(sizeof(keymaster_import_keypair_cmd_t)));
427 send_cmd->cmd_id = KEYMASTER_IMPORT_KEYPAIR;
428 send_cmd->pkcs8_key = (uint32_t)ihandle.ion_sbuffer;
429
430 memcpy((unsigned char *)ihandle.ion_sbuffer, key, key_length);
431
432 send_cmd->pkcs8_key_len = key_length;
433 resp->status = KEYMASTER_FAILURE;
434 resp->key_blob_len = sizeof(qcom_km_key_blob_t);
435
436 ret = (*km_handle->QSEECom_set_bandwidth)(handle, true);
437 if (ret < 0) {
438 ALOGE("Import key command failed (unable to enable clks) ret =%d", ret);
439 qcom_km_ion_dealloc(&ihandle);
440 return -1;
441 }
442 ret = (*km_handle->QSEECom_send_modified_cmd)(handle, send_cmd,
443 QSEECOM_ALIGN(sizeof(*send_cmd)), resp,
444 QSEECOM_ALIGN(sizeof(*resp)), &ion_fd_info);
445
446 if((*km_handle->QSEECom_set_bandwidth)(handle, false))
447 ALOGE("Import key command: (unable to disable clks)");
448
449 if ( (ret < 0) || (resp->status < 0)) {
450 ALOGE("Import key command failed resp->status = %d ret =%d", resp->status, ret);
451 qcom_km_ion_dealloc(&ihandle);
452 return -1;
453 } else {
454 UniquePtr<unsigned char[]> keydata(new unsigned char[resp->key_blob_len]);
455 if (keydata.get() == NULL) {
456 ALOGE("could not allocate memory for key blob");
457 return -1;
458 }
459 unsigned char* p = keydata.get();
460 memcpy(p, (unsigned char *)(&resp->key_blob), resp->key_blob_len);
461 *keyBlob = keydata.release();
462 *keyBlobLength = resp->key_blob_len;
463
464 }
465 qcom_km_ion_dealloc(&ihandle);
466 return 0;
467 }
468
qcom_km_sign_data(const keymaster0_device_t * dev,const void * params,const uint8_t * keyBlob,const size_t keyBlobLength,const uint8_t * data,const size_t dataLength,uint8_t ** signedData,size_t * signedDataLength)469 static int qcom_km_sign_data(const keymaster0_device_t* dev,
470 const void* params,
471 const uint8_t* keyBlob, const size_t keyBlobLength,
472 const uint8_t* data, const size_t dataLength,
473 uint8_t** signedData, size_t* signedDataLength)
474 {
475 if (dev->context == NULL) {
476 ALOGE("qcom_km_sign_data: Context == NULL");
477 return -1;
478 }
479 if (dataLength > KM_KEY_SIZE_MAX) {
480 ALOGE("Input data to be signed is too long %d bytes", dataLength);
481 return -1;
482 }
483 if (data == NULL) {
484 ALOGE("input data to sign == NULL");
485 return -1;
486 } else if (signedData == NULL || signedDataLength == NULL) {
487 ALOGE("Output signature buffer == NULL");
488 return -1;
489 }
490 keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params;
491 if (sign_params->digest_type != DIGEST_NONE) {
492 ALOGE("Cannot handle digest type %d", sign_params->digest_type);
493 return -1;
494 } else if (sign_params->padding_type != PADDING_NONE) {
495 ALOGE("Cannot handle padding type %d", sign_params->padding_type);
496 return -1;
497 }
498
499 struct QSEECom_handle *handle = NULL;
500 keymaster_sign_data_cmd_t *send_cmd = NULL;
501 keymaster_sign_data_resp_t *resp = NULL;
502 struct QSEECom_ion_fd_info ion_fd_info;
503 struct qcom_km_ion_info_t ihandle;
504 struct qcom_keymaster_handle *km_handle =(struct qcom_keymaster_handle *)dev->context;
505 int ret = 0;
506
507 handle = (struct QSEECom_handle *)(km_handle->qseecom);
508 ihandle.ion_fd = 0;
509 ihandle.ion_alloc_handle.handle = NULL;
510 if (qcom_km_ION_memalloc(&ihandle, dataLength) < 0) {
511 ALOGE("ION allocation failed");
512 return -1;
513 }
514 memset(&ion_fd_info, 0, sizeof(struct QSEECom_ion_fd_info));
515
516 /* Populate the send data structure */
517 ion_fd_info.data[0].fd = ihandle.ifd_data_fd;
518 ion_fd_info.data[0].cmd_buf_offset = sizeof(enum keymaster_cmd_t) +
519 sizeof(qcom_km_key_blob_t) + sizeof(keymaster_rsa_sign_params_t);
520
521 send_cmd = (keymaster_sign_data_cmd_t *)handle->ion_sbuffer;
522 resp = (keymaster_sign_data_resp_t *)(handle->ion_sbuffer +
523 QSEECOM_ALIGN(sizeof(keymaster_sign_data_cmd_t)));
524 send_cmd->cmd_id = KEYMASTER_SIGN_DATA ;
525 send_cmd->sign_param.digest_type = sign_params->digest_type;
526 send_cmd->sign_param.padding_type = sign_params->padding_type;
527 memcpy((unsigned char *)(&send_cmd->key_blob), keyBlob, keyBlobLength);
528 memcpy((unsigned char *)ihandle.ion_sbuffer, data, dataLength);
529
530 send_cmd->data = (uint32_t)ihandle.ion_sbuffer;
531 send_cmd->dlen = dataLength;
532 resp->sig_len = KM_KEY_SIZE_MAX;
533 resp->status = KEYMASTER_FAILURE;
534
535 ret = (*km_handle->QSEECom_set_bandwidth)(handle, true);
536 if (ret < 0) {
537 ALOGE("Sign data command failed (unable to enable clks) ret =%d", ret);
538 qcom_km_ion_dealloc(&ihandle);
539 return -1;
540 }
541
542 ret = (*km_handle->QSEECom_send_modified_cmd)(handle, send_cmd,
543 QSEECOM_ALIGN(sizeof(*send_cmd)), resp,
544 QSEECOM_ALIGN(sizeof(*resp)), &ion_fd_info);
545
546 if((*km_handle->QSEECom_set_bandwidth)(handle, false))
547 ALOGE("Sign data command: (unable to disable clks)");
548
549 if ( (ret < 0) || (resp->status < 0)) {
550 ALOGE("Sign data command failed resp->status = %d ret =%d", resp->status, ret);
551 qcom_km_ion_dealloc(&ihandle);
552 return -1;
553 } else {
554 UniquePtr<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(resp->sig_len)));
555 if (signedDataPtr.get() == NULL) {
556 ALOGE("Sign data memory allocation failed");
557 qcom_km_ion_dealloc(&ihandle);
558 return -1;
559 }
560 unsigned char* p = signedDataPtr.get();
561 memcpy(p, (unsigned char *)(&resp->signed_data), resp->sig_len);
562
563 *signedDataLength = resp->sig_len;
564 *signedData = signedDataPtr.release();
565 }
566 qcom_km_ion_dealloc(&ihandle);
567 return 0;
568 }
569
qcom_km_verify_data(const keymaster0_device_t * dev,const void * params,const uint8_t * keyBlob,const size_t keyBlobLength,const uint8_t * signedData,const size_t signedDataLength,const uint8_t * signature,const size_t signatureLength)570 static int qcom_km_verify_data(const keymaster0_device_t* dev,
571 const void* params,
572 const uint8_t* keyBlob, const size_t keyBlobLength,
573 const uint8_t* signedData, const size_t signedDataLength,
574 const uint8_t* signature, const size_t signatureLength)
575 {
576 if (dev->context == NULL) {
577 ALOGE("qcom_km_verify_data: Context == NULL");
578 return -1;
579 }
580
581 if (signedData == NULL || signature == NULL) {
582 ALOGE("data or signature buffers == NULL");
583 return -1;
584 }
585
586 keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params;
587 if (sign_params->digest_type != DIGEST_NONE) {
588 ALOGE("Cannot handle digest type %d", sign_params->digest_type);
589 return -1;
590 } else if (sign_params->padding_type != PADDING_NONE) {
591 ALOGE("Cannot handle padding type %d", sign_params->padding_type);
592 return -1;
593 } else if (signatureLength != signedDataLength) {
594 ALOGE("signed data length must be signature length");
595 return -1;
596 }
597
598 struct QSEECom_handle *handle = NULL;
599 keymaster_verify_data_cmd_t *send_cmd = NULL;
600 keymaster_verify_data_resp_t *resp = NULL;
601
602 struct QSEECom_ion_fd_info ion_fd_info;
603 struct qcom_km_ion_info_t ihandle;
604 struct qcom_keymaster_handle *km_handle =(struct qcom_keymaster_handle *)dev->context;
605 int ret = 0;
606
607 handle = (struct QSEECom_handle *)(km_handle->qseecom);
608 ihandle.ion_fd = 0;
609 ihandle.ion_alloc_handle.handle = NULL;
610 if (qcom_km_ION_memalloc(&ihandle, signedDataLength + signatureLength) <0) {
611 ALOGE("ION allocation failed");
612 return -1;
613 }
614 memset(&ion_fd_info, 0, sizeof(struct QSEECom_ion_fd_info));
615
616 /* Populate the send data structure */
617 ion_fd_info.data[0].fd = ihandle.ifd_data_fd;
618 ion_fd_info.data[0].cmd_buf_offset = sizeof(enum keymaster_cmd_t) +
619 sizeof(qcom_km_key_blob_t ) + sizeof(keymaster_rsa_sign_params_t);
620
621 send_cmd = (keymaster_verify_data_cmd_t *)handle->ion_sbuffer;
622 resp = (keymaster_verify_data_resp_t *)((char *)handle->ion_sbuffer +
623 sizeof(keymaster_verify_data_cmd_t));
624 send_cmd->cmd_id = KEYMASTER_VERIFY_DATA ;
625 send_cmd->sign_param.digest_type = sign_params->digest_type;
626 send_cmd->sign_param.padding_type = sign_params->padding_type;
627 memcpy((unsigned char *)(&send_cmd->key_blob), keyBlob, keyBlobLength);
628
629 send_cmd->signed_data = (uint32_t)ihandle.ion_sbuffer;
630 send_cmd->signed_dlen = signedDataLength;
631 memcpy((unsigned char *)ihandle.ion_sbuffer, signedData, signedDataLength);
632
633 send_cmd->signature = signedDataLength;
634 send_cmd->slen = signatureLength;
635 memcpy(((unsigned char *)ihandle.ion_sbuffer + signedDataLength),
636 signature, signatureLength);
637 resp->status = KEYMASTER_FAILURE;
638
639 ret = (*km_handle->QSEECom_set_bandwidth)(handle, true);
640 if (ret < 0) {
641 ALOGE("Verify data command failed (unable to enable clks) ret =%d", ret);
642 qcom_km_ion_dealloc(&ihandle);
643 return -1;
644 }
645
646 ret = (*km_handle->QSEECom_send_modified_cmd)(handle, send_cmd,
647 QSEECOM_ALIGN(sizeof(*send_cmd)), resp,
648 QSEECOM_ALIGN(sizeof(*resp)), &ion_fd_info);
649
650 if((*km_handle->QSEECom_set_bandwidth)(handle, false))
651 ALOGE("Verify data command: (unable to disable clks)");
652
653 if ( (ret < 0) || (resp->status < 0)) {
654 ALOGE("Verify data command failed resp->status = %d ret =%d", resp->status, ret);
655 qcom_km_ion_dealloc(&ihandle);
656 return -1;
657 }
658 qcom_km_ion_dealloc(&ihandle);
659 return 0;
660 }
661
662 /* Close an opened OpenSSL instance */
qcom_km_close(hw_device_t * dev)663 static int qcom_km_close(hw_device_t *dev)
664 {
665 keymaster0_device_t* km_dev = (keymaster0_device_t *)dev;
666 struct qcom_keymaster_handle *km_handle =(struct qcom_keymaster_handle *)km_dev->context;
667
668 if (km_handle->qseecom == NULL) {
669 ALOGE("Context == NULL");
670 return -1;
671 }
672 (*km_handle->QSEECom_shutdown_app)((struct QSEECom_handle **)&km_handle->qseecom);
673 free(km_dev->context);
674 free(dev);
675 return 0;
676 }
677
qcom_km_get_lib_sym(qcom_keymaster_handle_t * km_handle)678 static int qcom_km_get_lib_sym(qcom_keymaster_handle_t* km_handle)
679 {
680 km_handle->libhandle = dlopen("libQSEEComAPI.so", RTLD_NOW);
681 if ( km_handle->libhandle ) {
682 *(void **)(&km_handle->QSEECom_start_app) =
683 dlsym(km_handle->libhandle,"QSEECom_start_app");
684 if (km_handle->QSEECom_start_app == NULL) {
685 ALOGE("dlsym: Error Loading QSEECom_start_app");
686 dlclose(km_handle->libhandle );
687 km_handle->libhandle = NULL;
688 return -1;
689 }
690 *(void **)(&km_handle->QSEECom_shutdown_app) =
691 dlsym(km_handle->libhandle,"QSEECom_shutdown_app");
692 if (km_handle->QSEECom_shutdown_app == NULL) {
693 ALOGE("dlsym: Error Loading QSEECom_shutdown_app");
694 dlclose(km_handle->libhandle );
695 km_handle->libhandle = NULL;
696 return -1;
697 }
698 *(void **)(&km_handle->QSEECom_send_cmd) =
699 dlsym(km_handle->libhandle,"QSEECom_send_cmd");
700 if (km_handle->QSEECom_send_cmd == NULL) {
701 ALOGE("dlsym: Error Loading QSEECom_send_cmd");
702 dlclose(km_handle->libhandle );
703 km_handle->libhandle = NULL;
704 return -1;
705 }
706 *(void **)(&km_handle->QSEECom_send_modified_cmd) =
707 dlsym(km_handle->libhandle,"QSEECom_send_modified_cmd");
708 if (km_handle->QSEECom_send_modified_cmd == NULL) {
709 ALOGE("dlsym: Error Loading QSEECom_send_modified_cmd");
710 dlclose(km_handle->libhandle );
711 km_handle->libhandle = NULL;
712 return -1;
713 }
714 *(void **)(&km_handle->QSEECom_set_bandwidth) =
715 dlsym(km_handle->libhandle,"QSEECom_set_bandwidth");
716 if (km_handle->QSEECom_set_bandwidth == NULL) {
717 ALOGE("dlsym: Error Loading QSEECom_set_bandwidth");
718 dlclose(km_handle->libhandle );
719 km_handle->libhandle = NULL;
720 return -1;
721 }
722
723 } else {
724 ALOGE("failed to load qseecom library");
725 return -1;
726 }
727 return 0;
728 }
729
730 /*
731 * Generic device handling
732 */
qcom_km_open(const hw_module_t * module,const char * name,hw_device_t ** device)733 static int qcom_km_open(const hw_module_t* module, const char* name,
734 hw_device_t** device)
735 {
736 int ret = 0;
737 qcom_keymaster_handle_t* km_handle;
738 if (strcmp(name, KEYSTORE_KEYMASTER) != 0)
739 return -EINVAL;
740
741 km_handle = (qcom_keymaster_handle_t *)malloc(sizeof(qcom_keymaster_handle_t));
742 if (km_handle == NULL) {
743 ALOGE("Memalloc for keymaster handle failed");
744 return -1;
745 }
746 km_handle->qseecom = NULL;
747 km_handle->libhandle = NULL;
748 ret = qcom_km_get_lib_sym(km_handle);
749 if (ret) {
750 free(km_handle);
751 return -1;
752 }
753 Unique_keymaster_device_t dev(new keymaster0_device_t);
754 if (dev.get() == NULL){
755 free(km_handle);
756 return -ENOMEM;
757 }
758 dev->context = (void *)km_handle;
759 ret = (*km_handle->QSEECom_start_app)((struct QSEECom_handle **)&km_handle->qseecom,
760 "/vendor/firmware/keymaster", "keymaster", 4096*2);
761 if (ret) {
762 ALOGE("Loading keymaster app failed");
763 free(km_handle);
764 return -1;
765 }
766 dev->common.tag = HARDWARE_DEVICE_TAG;
767 dev->common.version = 1;
768 dev->common.module = (struct hw_module_t*) module;
769 dev->common.close = qcom_km_close;
770 dev->flags = KEYMASTER_BLOBS_ARE_STANDALONE;
771
772 dev->generate_keypair = qcom_km_generate_keypair;
773 dev->import_keypair = qcom_km_import_keypair;
774 dev->get_keypair_public = qcom_km_get_keypair_public;
775 dev->delete_keypair = NULL;
776 dev->delete_all = NULL;
777 dev->sign_data = qcom_km_sign_data;
778 dev->verify_data = qcom_km_verify_data;
779
780 *device = reinterpret_cast<hw_device_t*>(dev.release());
781
782 return 0;
783 }
784
785 static struct hw_module_methods_t keystore_module_methods = {
786 .open = qcom_km_open,
787 };
788
789 struct keystore_module HAL_MODULE_INFO_SYM
790 __attribute__ ((visibility ("default"))) = {
791 .common = {
792 .tag = HARDWARE_MODULE_TAG,
793 .module_api_version = QCOM_KEYMASTER_API_VERSION,
794 .hal_api_version = HARDWARE_HAL_API_VERSION,
795 .id = KEYSTORE_HARDWARE_MODULE_ID,
796 .name = "Keymaster QCOM HAL",
797 .author = "The Android Open Source Project",
798 .methods = &keystore_module_methods,
799 .dso = 0,
800 .reserved = {},
801 },
802 };
803