soft_keymaster_device.cpp revision 5fad785a94716e4b71d51dcf2434ec09ff447b27
1/* 2 * Copyright 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <keymaster/soft_keymaster_device.h> 18 19#include <assert.h> 20#include <stdio.h> 21#include <stdlib.h> 22#include <string.h> 23#include <time.h> 24#include <stddef.h> 25 26#include <algorithm> 27 28#include <type_traits> 29 30#include <hardware/keymaster1.h> 31#define LOG_TAG "SoftKeymasterDevice" 32#include <cutils/log.h> 33 34#include <keymaster/authorization_set.h> 35#include <keymaster/google_keymaster_messages.h> 36#include <keymaster/key_blob.h> 37#include <keymaster/soft_keymaster_logger.h> 38 39#include "google_softkeymaster.h" 40 41struct keystore_module soft_keymaster_device_module = { 42 .common = 43 { 44 .tag = HARDWARE_MODULE_TAG, 45 .module_api_version = KEYMASTER_MODULE_API_VERSION_1_0, 46 .hal_api_version = HARDWARE_HAL_API_VERSION, 47 .id = KEYSTORE_HARDWARE_MODULE_ID, 48 .name = "Keymaster OpenSSL HAL", 49 .author = "The Android Open Source Project", 50 .methods = NULL, 51 .dso = 0, 52 .reserved = {}, 53 }, 54}; 55 56namespace keymaster { 57 58SoftKeymasterDevice::SoftKeymasterDevice() : impl_(new GoogleSoftKeymaster(16)) { 59#if __cplusplus >= 201103L || defined(__GXX_EXPERIMENTAL_CXX0X__) 60 static_assert(std::is_standard_layout<SoftKeymasterDevice>::value, 61 "SoftKeymasterDevice must be standard layout"); 62 static_assert(offsetof(SoftKeymasterDevice, device_) == 0, 63 "device_ must be the first member of KeymasterOpenSsl"); 64 static_assert(offsetof(SoftKeymasterDevice, device_.common) == 0, 65 "common must be the first member of keymaster_device"); 66#else 67 assert(reinterpret_cast<keymaster_device*>(this) == &device_); 68 assert(reinterpret_cast<hw_device_t*>(this) == &(device_.common)); 69#endif 70 LOG_I("Creating device"); 71 LOG_D("Device address: %p", this); 72 73 memset(&device_, 0, sizeof(device_)); 74 75 device_.common.tag = HARDWARE_DEVICE_TAG; 76 device_.common.version = 1; 77 device_.common.module = reinterpret_cast<hw_module_t*>(&soft_keymaster_device_module); 78 device_.common.close = &close_device; 79 80 device_.flags = 81 KEYMASTER_SOFTWARE_ONLY | KEYMASTER_BLOBS_ARE_STANDALONE | KEYMASTER_SUPPORTS_EC; 82 83 // V0.3 APIs 84 device_.generate_keypair = generate_keypair; 85 device_.import_keypair = import_keypair; 86 device_.get_keypair_public = get_keypair_public; 87 device_.delete_keypair = NULL; 88 device_.delete_all = NULL; 89 device_.sign_data = sign_data; 90 device_.verify_data = verify_data; 91 92 // V0.4 APIs 93 device_.get_supported_algorithms = get_supported_algorithms; 94 device_.get_supported_block_modes = get_supported_block_modes; 95 device_.get_supported_padding_modes = get_supported_padding_modes; 96 device_.get_supported_digests = get_supported_digests; 97 device_.get_supported_import_formats = get_supported_import_formats; 98 device_.get_supported_export_formats = get_supported_export_formats; 99 device_.add_rng_entropy = add_rng_entropy; 100 device_.generate_key = generate_key; 101 device_.get_key_characteristics = get_key_characteristics; 102 device_.rescope = rescope; 103 device_.import_key = import_key; 104 device_.export_key = export_key; 105 device_.delete_key = NULL; 106 device_.delete_all_keys = NULL; 107 device_.begin = begin; 108 device_.update = update; 109 device_.finish = finish; 110 device_.abort = abort; 111 112 device_.context = NULL; 113} 114 115const uint64_t HUNDRED_YEARS = 1000LL * 60 * 60 * 24 * 365 * 100; 116 117hw_device_t* SoftKeymasterDevice::hw_device() { 118 return &device_.common; 119} 120 121static keymaster_key_characteristics_t* BuildCharacteristics(const AuthorizationSet& hw_enforced, 122 const AuthorizationSet& sw_enforced) { 123 keymaster_key_characteristics_t* characteristics = 124 reinterpret_cast<keymaster_key_characteristics_t*>( 125 malloc(sizeof(keymaster_key_characteristics_t))); 126 if (characteristics) { 127 hw_enforced.CopyToParamSet(&characteristics->hw_enforced); 128 sw_enforced.CopyToParamSet(&characteristics->sw_enforced); 129 } 130 return characteristics; 131} 132 133template <typename RequestType> 134static void AddClientAndAppData(const keymaster_blob_t* client_id, const keymaster_blob_t* app_data, 135 RequestType* request) { 136 request->additional_params.Clear(); 137 if (client_id) 138 request->additional_params.push_back(TAG_APPLICATION_ID, *client_id); 139 if (app_data) 140 request->additional_params.push_back(TAG_APPLICATION_DATA, *app_data); 141} 142 143static inline SoftKeymasterDevice* convert_device(const keymaster1_device_t* dev) { 144 return reinterpret_cast<SoftKeymasterDevice*>(const_cast<keymaster1_device_t*>(dev)); 145} 146 147/* static */ 148int SoftKeymasterDevice::close_device(hw_device_t* dev) { 149 delete reinterpret_cast<SoftKeymasterDevice*>(dev); 150 return 0; 151} 152 153/* static */ 154int SoftKeymasterDevice::generate_keypair(const keymaster1_device_t* dev, 155 const keymaster_keypair_t key_type, 156 const void* key_params, uint8_t** key_blob, 157 size_t* key_blob_length) { 158 LOG_D("%s", "Device received generate_keypair"); 159 160 GenerateKeyRequest req; 161 StoreDefaultNewKeyParams(&req.key_description); 162 163 switch (key_type) { 164 case TYPE_RSA: { 165 req.key_description.push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA); 166 const keymaster_rsa_keygen_params_t* rsa_params = 167 static_cast<const keymaster_rsa_keygen_params_t*>(key_params); 168 LOG_D("Generating RSA pair, modulus size: %u, public exponent: %lu", 169 rsa_params->modulus_size, rsa_params->public_exponent); 170 req.key_description.push_back(TAG_KEY_SIZE, rsa_params->modulus_size); 171 req.key_description.push_back(TAG_RSA_PUBLIC_EXPONENT, rsa_params->public_exponent); 172 break; 173 } 174 175 case TYPE_EC: { 176 req.key_description.push_back(TAG_ALGORITHM, KM_ALGORITHM_ECDSA); 177 const keymaster_ec_keygen_params_t* ec_params = 178 static_cast<const keymaster_ec_keygen_params_t*>(key_params); 179 LOG_D("Generating ECDSA pair, key size: %u", ec_params->field_size); 180 req.key_description.push_back(TAG_KEY_SIZE, ec_params->field_size); 181 break; 182 } 183 184 default: 185 LOG_D("Received request for unsuported key type %d", key_type); 186 return KM_ERROR_UNSUPPORTED_ALGORITHM; 187 } 188 189 GenerateKeyResponse rsp; 190 convert_device(dev)->impl_->GenerateKey(req, &rsp); 191 if (rsp.error != KM_ERROR_OK) { 192 LOG_E("Key generation failed with error: %d", rsp.error); 193 return rsp.error; 194 } 195 196 *key_blob_length = rsp.key_blob.key_material_size; 197 *key_blob = static_cast<uint8_t*>(malloc(*key_blob_length)); 198 if (!*key_blob) { 199 LOG_E("Failed to allocate %d bytes", *key_blob_length); 200 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 201 } 202 memcpy(*key_blob, rsp.key_blob.key_material, *key_blob_length); 203 LOG_D("Returning %d bytes in key blob\n", (int)*key_blob_length); 204 205 return KM_ERROR_OK; 206} 207 208/* static */ 209int SoftKeymasterDevice::import_keypair(const keymaster1_device_t* dev, const uint8_t* key, 210 const size_t key_length, uint8_t** key_blob, 211 size_t* key_blob_length) { 212 LOG_D("Device received import_keypair"); 213 214 ImportKeyRequest request; 215 StoreDefaultNewKeyParams(&request.key_description); 216 request.SetKeyMaterial(key, key_length); 217 request.key_format = KM_KEY_FORMAT_PKCS8; 218 219 ImportKeyResponse response; 220 convert_device(dev)->impl_->ImportKey(request, &response); 221 if (response.error != KM_ERROR_OK) { 222 LOG_E("Key import failed with error: %d", response.error); 223 return response.error; 224 } 225 226 *key_blob_length = response.key_blob.key_material_size; 227 *key_blob = static_cast<uint8_t*>(malloc(*key_blob_length)); 228 if (!*key_blob) { 229 LOG_E("Failed to allocate %d bytes", *key_blob_length); 230 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 231 } 232 memcpy(*key_blob, response.key_blob.key_material, *key_blob_length); 233 LOG_D("Returning %d bytes in key blob\n", (int)*key_blob_length); 234 235 return KM_ERROR_OK; 236} 237 238/* static */ 239int SoftKeymasterDevice::get_keypair_public(const struct keymaster1_device* dev, 240 const uint8_t* key_blob, const size_t key_blob_length, 241 uint8_t** x509_data, size_t* x509_data_length) { 242 LOG_D("Device received get_keypair_public"); 243 244 ExportKeyRequest req; 245 req.SetKeyMaterial(key_blob, key_blob_length); 246 req.key_format = KM_KEY_FORMAT_X509; 247 248 ExportKeyResponse rsp; 249 convert_device(dev)->impl_->ExportKey(req, &rsp); 250 if (rsp.error != KM_ERROR_OK) { 251 LOG_E("get_keypair_public failed with error: %d", rsp.error); 252 return rsp.error; 253 } 254 255 *x509_data_length = rsp.key_data_length; 256 *x509_data = static_cast<uint8_t*>(malloc(*x509_data_length)); 257 if (!*x509_data) 258 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 259 memcpy(*x509_data, rsp.key_data, *x509_data_length); 260 LOG_D("Returning %d bytes in x509 key\n", (int)*x509_data_length); 261 262 return KM_ERROR_OK; 263} 264 265/* static */ 266int SoftKeymasterDevice::sign_data(const keymaster1_device_t* dev, const void* params, 267 const uint8_t* key_blob, const size_t key_blob_length, 268 const uint8_t* data, const size_t data_length, 269 uint8_t** signed_data, size_t* signed_data_length) { 270 LOG_D("Device received sign_data"); 271 272 *signed_data_length = 0; 273 274 BeginOperationRequest begin_request; 275 begin_request.purpose = KM_PURPOSE_SIGN; 276 begin_request.SetKeyMaterial(key_blob, key_blob_length); 277 keymaster_error_t err = 278 ExtractSigningParams(params, key_blob, key_blob_length, &begin_request.additional_params); 279 if (err != KM_ERROR_OK) 280 return err; 281 282 BeginOperationResponse begin_response; 283 convert_device(dev)->impl_->BeginOperation(begin_request, &begin_response); 284 if (begin_response.error != KM_ERROR_OK) { 285 LOG_E("sign_data begin operation failed with error: %d", begin_response.error); 286 return begin_response.error; 287 } 288 289 UpdateOperationRequest update_request; 290 update_request.op_handle = begin_response.op_handle; 291 update_request.input.Reinitialize(data, data_length); 292 UpdateOperationResponse update_response; 293 convert_device(dev)->impl_->UpdateOperation(update_request, &update_response); 294 if (update_response.error != KM_ERROR_OK) { 295 LOG_E("sign_data update operation failed with error: %d", update_response.error); 296 return update_response.error; 297 } 298 299 FinishOperationRequest finish_request; 300 finish_request.op_handle = begin_response.op_handle; 301 FinishOperationResponse finish_response; 302 convert_device(dev)->impl_->FinishOperation(finish_request, &finish_response); 303 if (finish_response.error != KM_ERROR_OK) { 304 LOG_E("sign_data finish operation failed with error: %d", finish_response.error); 305 return finish_response.error; 306 } 307 308 *signed_data_length = finish_response.output.available_read(); 309 *signed_data = static_cast<uint8_t*>(malloc(*signed_data_length)); 310 if (!*signed_data) 311 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 312 if (!finish_response.output.read(*signed_data, *signed_data_length)) 313 return KM_ERROR_UNKNOWN_ERROR; 314 return KM_ERROR_OK; 315} 316 317/* static */ 318int SoftKeymasterDevice::verify_data(const keymaster1_device_t* dev, const void* params, 319 const uint8_t* key_blob, const size_t key_blob_length, 320 const uint8_t* signed_data, const size_t signed_data_length, 321 const uint8_t* signature, const size_t signature_length) { 322 LOG_D("Device received verify_data"); 323 324 BeginOperationRequest begin_request; 325 begin_request.purpose = KM_PURPOSE_VERIFY; 326 begin_request.SetKeyMaterial(key_blob, key_blob_length); 327 { 328 keymaster_error_t err = ExtractSigningParams(params, key_blob, key_blob_length, 329 &begin_request.additional_params); 330 if (err != KM_ERROR_OK) 331 return err; 332 } 333 334 BeginOperationResponse begin_response; 335 convert_device(dev)->impl_->BeginOperation(begin_request, &begin_response); 336 if (begin_response.error != KM_ERROR_OK) { 337 LOG_E("verify_data begin operation failed with error: %d", begin_response.error); 338 return begin_response.error; 339 } 340 341 UpdateOperationRequest update_request; 342 update_request.op_handle = begin_response.op_handle; 343 update_request.input.Reinitialize(signed_data, signed_data_length); 344 UpdateOperationResponse update_response; 345 convert_device(dev)->impl_->UpdateOperation(update_request, &update_response); 346 if (update_response.error != KM_ERROR_OK) { 347 LOG_E("verify_data update operation failed with error: %d", update_response.error); 348 return update_response.error; 349 } 350 351 FinishOperationRequest finish_request; 352 finish_request.op_handle = begin_response.op_handle; 353 finish_request.signature.Reinitialize(signature, signature_length); 354 FinishOperationResponse finish_response; 355 convert_device(dev)->impl_->FinishOperation(finish_request, &finish_response); 356 if (finish_response.error != KM_ERROR_OK) { 357 LOG_E("verify_data finish operation failed with error: %d", finish_response.error); 358 return finish_response.error; 359 } 360 return KM_ERROR_OK; 361} 362 363/* static */ 364keymaster_error_t SoftKeymasterDevice::get_supported_algorithms(const keymaster1_device_t* dev, 365 keymaster_algorithm_t** algorithms, 366 size_t* algorithms_length) { 367 if (!algorithms || !algorithms_length) 368 return KM_ERROR_OUTPUT_PARAMETER_NULL; 369 370 SupportedResponse<keymaster_algorithm_t> response; 371 convert_device(dev)->impl_->SupportedAlgorithms(&response); 372 if (response.error != KM_ERROR_OK) { 373 LOG_E("get_supported_algorithms failed with %d", response.error); 374 375 return response.error; 376 } 377 378 *algorithms_length = response.results_length; 379 *algorithms = 380 reinterpret_cast<keymaster_algorithm_t*>(malloc(*algorithms_length * sizeof(**algorithms))); 381 if (!*algorithms) 382 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 383 std::copy(response.results, response.results + response.results_length, *algorithms); 384 return KM_ERROR_OK; 385} 386 387/* static */ 388keymaster_error_t SoftKeymasterDevice::get_supported_block_modes(const keymaster1_device_t* dev, 389 keymaster_algorithm_t algorithm, 390 keymaster_purpose_t purpose, 391 keymaster_block_mode_t** modes, 392 size_t* modes_length) { 393 if (!modes || !modes_length) 394 return KM_ERROR_OUTPUT_PARAMETER_NULL; 395 396 SupportedResponse<keymaster_block_mode_t> response; 397 convert_device(dev)->impl_->SupportedBlockModes(algorithm, purpose, &response); 398 399 if (response.error != KM_ERROR_OK) { 400 LOG_E("get_supported_block_modes failed with %d", response.error); 401 402 return response.error; 403 } 404 405 *modes_length = response.results_length; 406 *modes = reinterpret_cast<keymaster_block_mode_t*>(malloc(*modes_length * sizeof(**modes))); 407 if (!*modes) 408 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 409 std::copy(response.results, response.results + response.results_length, *modes); 410 return KM_ERROR_OK; 411} 412 413/* static */ 414keymaster_error_t SoftKeymasterDevice::get_supported_padding_modes(const keymaster1_device_t* dev, 415 keymaster_algorithm_t algorithm, 416 keymaster_purpose_t purpose, 417 keymaster_padding_t** modes, 418 size_t* modes_length) { 419 if (!modes || !modes_length) 420 return KM_ERROR_OUTPUT_PARAMETER_NULL; 421 422 SupportedResponse<keymaster_padding_t> response; 423 convert_device(dev)->impl_->SupportedPaddingModes(algorithm, purpose, &response); 424 425 if (response.error != KM_ERROR_OK) { 426 LOG_E("get_supported_padding_modes failed with %d", response.error); 427 return response.error; 428 } 429 430 *modes_length = response.results_length; 431 *modes = reinterpret_cast<keymaster_padding_t*>(malloc(*modes_length * sizeof(**modes))); 432 if (!*modes) 433 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 434 std::copy(response.results, response.results + response.results_length, *modes); 435 return KM_ERROR_OK; 436} 437 438/* static */ 439keymaster_error_t SoftKeymasterDevice::get_supported_digests(const keymaster1_device_t* dev, 440 keymaster_algorithm_t algorithm, 441 keymaster_purpose_t purpose, 442 keymaster_digest_t** digests, 443 size_t* digests_length) { 444 if (!digests || !digests_length) 445 return KM_ERROR_OUTPUT_PARAMETER_NULL; 446 447 SupportedResponse<keymaster_digest_t> response; 448 convert_device(dev)->impl_->SupportedDigests(algorithm, purpose, &response); 449 450 if (response.error != KM_ERROR_OK) { 451 LOG_E("get_supported_digests failed with %d", response.error); 452 return response.error; 453 } 454 455 *digests_length = response.results_length; 456 *digests = reinterpret_cast<keymaster_digest_t*>(malloc(*digests_length * sizeof(**digests))); 457 if (!*digests) 458 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 459 std::copy(response.results, response.results + response.results_length, *digests); 460 return KM_ERROR_OK; 461} 462 463/* static */ 464keymaster_error_t SoftKeymasterDevice::get_supported_import_formats( 465 const keymaster1_device_t* dev, keymaster_algorithm_t algorithm, 466 keymaster_key_format_t** formats, size_t* formats_length) { 467 if (!formats || !formats_length) 468 return KM_ERROR_OUTPUT_PARAMETER_NULL; 469 470 SupportedResponse<keymaster_key_format_t> response; 471 convert_device(dev)->impl_->SupportedImportFormats(algorithm, &response); 472 473 if (response.error != KM_ERROR_OK) { 474 LOG_E("get_supported_import_formats failed with %d", response.error); 475 return response.error; 476 } 477 478 *formats_length = response.results_length; 479 *formats = 480 reinterpret_cast<keymaster_key_format_t*>(malloc(*formats_length * sizeof(**formats))); 481 if (!*formats) 482 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 483 std::copy(response.results, response.results + response.results_length, *formats); 484 return KM_ERROR_OK; 485} 486 487/* static */ 488keymaster_error_t SoftKeymasterDevice::get_supported_export_formats( 489 const keymaster1_device_t* dev, keymaster_algorithm_t algorithm, 490 keymaster_key_format_t** formats, size_t* formats_length) { 491 if (!formats || !formats_length) 492 return KM_ERROR_OUTPUT_PARAMETER_NULL; 493 494 SupportedResponse<keymaster_key_format_t> response; 495 convert_device(dev)->impl_->SupportedExportFormats(algorithm, &response); 496 497 if (response.error != KM_ERROR_OK) { 498 LOG_E("get_supported_export_formats failed with %d", response.error); 499 return response.error; 500 } 501 502 *formats_length = response.results_length; 503 *formats = 504 reinterpret_cast<keymaster_key_format_t*>(malloc(*formats_length * sizeof(**formats))); 505 if (!*formats) 506 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 507 std::copy(response.results, response.results + *formats_length, *formats); 508 return KM_ERROR_OK; 509} 510 511/* static */ 512keymaster_error_t SoftKeymasterDevice::add_rng_entropy(const keymaster1_device_t* dev, 513 const uint8_t* data, size_t data_length) { 514 AddEntropyRequest request; 515 request.random_data.Reinitialize(data, data_length); 516 return convert_device(dev)->impl_->AddRngEntropy(request); 517} 518 519/* static */ 520keymaster_error_t SoftKeymasterDevice::generate_key( 521 const keymaster1_device_t* dev, const keymaster_key_param_t* params, size_t params_count, 522 keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t** characteristics) { 523 524 if (!key_blob) 525 return KM_ERROR_OUTPUT_PARAMETER_NULL; 526 527 GenerateKeyRequest request; 528 request.key_description.Reinitialize(params, params_count); 529 530 GenerateKeyResponse response; 531 convert_device(dev)->impl_->GenerateKey(request, &response); 532 if (response.error != KM_ERROR_OK) 533 return response.error; 534 535 key_blob->key_material_size = response.key_blob.key_material_size; 536 uint8_t* tmp = reinterpret_cast<uint8_t*>(malloc(key_blob->key_material_size)); 537 if (!tmp) 538 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 539 memcpy(tmp, response.key_blob.key_material, response.key_blob.key_material_size); 540 key_blob->key_material = tmp; 541 542 if (characteristics) { 543 *characteristics = BuildCharacteristics(response.enforced, response.unenforced); 544 if (!*characteristics) 545 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 546 } 547 548 return KM_ERROR_OK; 549} 550 551/* static */ 552keymaster_error_t SoftKeymasterDevice::get_key_characteristics( 553 const keymaster1_device_t* dev, const keymaster_key_blob_t* key_blob, 554 const keymaster_blob_t* client_id, const keymaster_blob_t* app_data, 555 keymaster_key_characteristics_t** characteristics) { 556 if (!key_blob) 557 return KM_ERROR_INVALID_KEY_BLOB; 558 559 if (!characteristics) 560 return KM_ERROR_OUTPUT_PARAMETER_NULL; 561 562 GetKeyCharacteristicsRequest request; 563 request.SetKeyMaterial(*key_blob); 564 AddClientAndAppData(client_id, app_data, &request); 565 566 GetKeyCharacteristicsResponse response; 567 convert_device(dev)->impl_->GetKeyCharacteristics(request, &response); 568 if (response.error != KM_ERROR_OK) 569 return response.error; 570 571 *characteristics = BuildCharacteristics(response.enforced, response.unenforced); 572 if (!*characteristics) 573 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 574 return KM_ERROR_OK; 575} 576 577/* static */ 578keymaster_error_t SoftKeymasterDevice::rescope( 579 const keymaster1_device_t* dev, const keymaster_key_param_t* new_params, 580 size_t new_params_count, const keymaster_key_blob_t* key_blob, 581 const keymaster_blob_t* client_id, const keymaster_blob_t* app_data, 582 keymaster_key_blob_t* rescoped_key_blob, keymaster_key_characteristics_t** characteristics) { 583 if (!key_blob) 584 return KM_ERROR_INVALID_KEY_BLOB; 585 586 if (!new_params) 587 return KM_ERROR_UNEXPECTED_NULL_POINTER; 588 589 if (!rescoped_key_blob) 590 return KM_ERROR_OUTPUT_PARAMETER_NULL; 591 592 RescopeRequest request; 593 request.SetKeyMaterial(*key_blob); 594 AddClientAndAppData(client_id, app_data, &request); 595 request.new_authorizations.Reinitialize(new_params, new_params_count); 596 597 RescopeResponse response; 598 convert_device(dev)->impl_->Rescope(request, &response); 599 if (response.error != KM_ERROR_OK) 600 return response.error; 601 602 rescoped_key_blob->key_material_size = response.key_blob.key_material_size; 603 uint8_t* tmp = reinterpret_cast<uint8_t*>(malloc(rescoped_key_blob->key_material_size)); 604 memcpy(tmp, response.key_blob.key_material, response.key_blob.key_material_size); 605 rescoped_key_blob->key_material = tmp; 606 607 if (characteristics) 608 *characteristics = BuildCharacteristics(response.enforced, response.unenforced); 609 610 return KM_ERROR_OK; 611} 612 613/* static */ 614keymaster_error_t SoftKeymasterDevice::import_key( 615 const keymaster1_device_t* dev, const keymaster_key_param_t* params, size_t params_count, 616 keymaster_key_format_t key_format, const uint8_t* key_data, size_t key_data_length, 617 keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t** characteristics) { 618 if (!params || !key_data) 619 return KM_ERROR_UNEXPECTED_NULL_POINTER; 620 621 if (!key_blob) 622 return KM_ERROR_OUTPUT_PARAMETER_NULL; 623 624 *characteristics = NULL; 625 626 ImportKeyRequest request; 627 request.key_description.Reinitialize(params, params_count); 628 request.key_format = key_format; 629 request.SetKeyMaterial(key_data, key_data_length); 630 631 ImportKeyResponse response; 632 convert_device(dev)->impl_->ImportKey(request, &response); 633 if (response.error != KM_ERROR_OK) 634 return response.error; 635 636 key_blob->key_material_size = response.key_blob.key_material_size; 637 key_blob->key_material = reinterpret_cast<uint8_t*>(malloc(key_blob->key_material_size)); 638 if (!key_blob->key_material) 639 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 640 memcpy(const_cast<uint8_t*>(key_blob->key_material), response.key_blob.key_material, 641 response.key_blob.key_material_size); 642 643 if (characteristics) { 644 *characteristics = BuildCharacteristics(response.enforced, response.unenforced); 645 if (!*characteristics) 646 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 647 } 648 return KM_ERROR_OK; 649} 650 651/* static */ 652keymaster_error_t SoftKeymasterDevice::export_key( 653 const keymaster1_device_t* dev, keymaster_key_format_t export_format, 654 const keymaster_key_blob_t* key_to_export, const keymaster_blob_t* client_id, 655 const keymaster_blob_t* app_data, uint8_t** export_data, size_t* export_data_length) { 656 if (!key_to_export || !key_to_export->key_material) 657 return KM_ERROR_INVALID_KEY_BLOB; 658 659 if (!export_data || !export_data_length) 660 return KM_ERROR_OUTPUT_PARAMETER_NULL; 661 662 *export_data = NULL; 663 *export_data_length = 0; 664 665 ExportKeyRequest request; 666 request.key_format = export_format; 667 request.SetKeyMaterial(*key_to_export); 668 AddClientAndAppData(client_id, app_data, &request); 669 670 ExportKeyResponse response; 671 convert_device(dev)->impl_->ExportKey(request, &response); 672 if (response.error != KM_ERROR_OK) 673 return response.error; 674 675 *export_data_length = response.key_data_length; 676 *export_data = reinterpret_cast<uint8_t*>(malloc(*export_data_length)); 677 if (!export_data) 678 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 679 memcpy(*export_data, response.key_data, *export_data_length); 680 return KM_ERROR_OK; 681} 682 683/* static */ 684keymaster_error_t SoftKeymasterDevice::begin( 685 const keymaster1_device_t* dev, keymaster_purpose_t purpose, const keymaster_key_blob_t* key, 686 const keymaster_key_param_t* params, size_t params_count, keymaster_key_param_t** out_params, 687 size_t* out_params_count, keymaster_operation_handle_t* operation_handle) { 688 if (!key || !key->key_material) 689 return KM_ERROR_INVALID_KEY_BLOB; 690 691 if (!operation_handle || !out_params || !out_params_count) 692 return KM_ERROR_OUTPUT_PARAMETER_NULL; 693 694 *out_params = NULL; 695 *out_params_count = 0; 696 697 BeginOperationRequest request; 698 request.purpose = purpose; 699 request.SetKeyMaterial(*key); 700 request.additional_params.Reinitialize(params, params_count); 701 702 BeginOperationResponse response; 703 convert_device(dev)->impl_->BeginOperation(request, &response); 704 if (response.error != KM_ERROR_OK) 705 return response.error; 706 707 if (response.output_params.size() > 0) { 708 keymaster_key_param_set_t out_params_set; 709 response.output_params.CopyToParamSet(&out_params_set); 710 *out_params = out_params_set.params; 711 *out_params_count = out_params_set.length; 712 } 713 714 *operation_handle = response.op_handle; 715 return KM_ERROR_OK; 716} 717 718/* static */ 719keymaster_error_t SoftKeymasterDevice::update(const keymaster1_device_t* dev, 720 keymaster_operation_handle_t operation_handle, 721 const keymaster_key_param_t* params, 722 size_t params_count, const uint8_t* input, 723 size_t input_length, size_t* input_consumed, 724 uint8_t** output, size_t* output_length) { 725 if (!input) 726 return KM_ERROR_UNEXPECTED_NULL_POINTER; 727 728 if (!input_consumed || !output || !output_length) 729 return KM_ERROR_OUTPUT_PARAMETER_NULL; 730 731 UpdateOperationRequest request; 732 request.op_handle = operation_handle; 733 request.input.Reinitialize(input, input_length); 734 request.additional_params.Reinitialize(params, params_count); 735 736 UpdateOperationResponse response; 737 convert_device(dev)->impl_->UpdateOperation(request, &response); 738 if (response.error != KM_ERROR_OK) 739 return response.error; 740 741 *input_consumed = response.input_consumed; 742 *output_length = response.output.available_read(); 743 *output = reinterpret_cast<uint8_t*>(malloc(*output_length)); 744 if (!*output) 745 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 746 memcpy(*output, response.output.peek_read(), *output_length); 747 return KM_ERROR_OK; 748} 749 750/* static */ 751keymaster_error_t SoftKeymasterDevice::finish(const keymaster1_device_t* dev, 752 keymaster_operation_handle_t operation_handle, 753 const keymaster_key_param_t* params, 754 size_t params_count, const uint8_t* signature, 755 size_t signature_length, uint8_t** output, 756 size_t* output_length) { 757 if (!output || !output_length) 758 return KM_ERROR_OUTPUT_PARAMETER_NULL; 759 760 FinishOperationRequest request; 761 request.op_handle = operation_handle; 762 if (signature) 763 request.signature.Reinitialize(signature, signature_length); 764 request.additional_params.Reinitialize(params, params_count); 765 766 FinishOperationResponse response; 767 convert_device(dev)->impl_->FinishOperation(request, &response); 768 if (response.error != KM_ERROR_OK) 769 return response.error; 770 771 *output_length = response.output.available_read(); 772 *output = reinterpret_cast<uint8_t*>(malloc(*output_length)); 773 if (!*output) 774 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 775 memcpy(*output, response.output.peek_read(), *output_length); 776 return KM_ERROR_OK; 777} 778 779/* static */ 780keymaster_error_t SoftKeymasterDevice::abort(const keymaster1_device_t* dev, 781 keymaster_operation_handle_t operation_handle) { 782 return convert_device(dev)->impl_->AbortOperation(operation_handle); 783} 784 785/* static */ 786keymaster_error_t SoftKeymasterDevice::ExtractSigningParams(const void* signing_params, 787 const uint8_t* key_blob, 788 size_t key_blob_length, 789 AuthorizationSet* auth_set) { 790 KeyBlob blob(key_blob, key_blob_length); 791 if (blob.error() != KM_ERROR_OK) 792 return blob.error(); 793 794 switch (blob.algorithm()) { 795 case KM_ALGORITHM_RSA: { 796 const keymaster_rsa_sign_params_t* rsa_params = 797 reinterpret_cast<const keymaster_rsa_sign_params_t*>(signing_params); 798 if (rsa_params->digest_type != DIGEST_NONE) 799 return KM_ERROR_UNSUPPORTED_DIGEST; 800 if (rsa_params->padding_type != PADDING_NONE) 801 return KM_ERROR_UNSUPPORTED_PADDING_MODE; 802 if (!auth_set->push_back(TAG_DIGEST, KM_DIGEST_NONE) || 803 !auth_set->push_back(TAG_PADDING, KM_PAD_NONE)) 804 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 805 } break; 806 case KM_ALGORITHM_DSA: { 807 const keymaster_dsa_sign_params_t* dsa_params = 808 reinterpret_cast<const keymaster_dsa_sign_params_t*>(signing_params); 809 if (dsa_params->digest_type != DIGEST_NONE) 810 return KM_ERROR_UNSUPPORTED_DIGEST; 811 if (!auth_set->push_back(TAG_DIGEST, KM_DIGEST_NONE)) 812 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 813 } break; 814 case KM_ALGORITHM_ECDSA: { 815 const keymaster_ec_sign_params_t* ecdsa_params = 816 reinterpret_cast<const keymaster_ec_sign_params_t*>(signing_params); 817 if (ecdsa_params->digest_type != DIGEST_NONE) 818 return KM_ERROR_UNSUPPORTED_DIGEST; 819 if (!auth_set->push_back(TAG_DIGEST, KM_DIGEST_NONE)) 820 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 821 } break; 822 default: 823 return KM_ERROR_UNSUPPORTED_ALGORITHM; 824 } 825 return KM_ERROR_OK; 826} 827 828/* static */ 829void SoftKeymasterDevice::StoreDefaultNewKeyParams(AuthorizationSet* auth_set) { 830 auth_set->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN); 831 auth_set->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY); 832 auth_set->push_back(TAG_ALL_USERS); 833 auth_set->push_back(TAG_NO_AUTH_REQUIRED); 834 uint64_t now = java_time(time(NULL)); 835 auth_set->push_back(TAG_CREATION_DATETIME, now); 836 auth_set->push_back(TAG_ORIGINATION_EXPIRE_DATETIME, now + HUNDRED_YEARS); 837 auth_set->push_back(TAG_DIGEST, KM_DIGEST_NONE); 838 auth_set->push_back(TAG_PADDING, KM_PAD_NONE); 839} 840 841} // namespace keymaster 842