KeymasterDevice.cpp revision b77dbe37c10d9508275a8021ee7a99c10e0e1612
1/* 2 ** 3 ** Copyright 2016, The Android Open Source Project 4 ** 5 ** Licensed under the Apache License, Version 2.0 (the "License"); 6 ** you may not use this file except in compliance with the License. 7 ** You may obtain a copy of the License at 8 ** 9 ** http://www.apache.org/licenses/LICENSE-2.0 10 ** 11 ** Unless required by applicable law or agreed to in writing, software 12 ** distributed under the License is distributed on an "AS IS" BASIS, 13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 ** See the License for the specific language governing permissions and 15 ** limitations under the License. 16 */ 17 18#define LOG_TAG "android.hardware.keymaster@3.0-impl" 19 20#include "KeymasterDevice.h" 21 22#include <cutils/log.h> 23 24#include <hardware/keymaster_defs.h> 25#include <keymaster/keymaster_configuration.h> 26#include <keymaster/soft_keymaster_device.h> 27 28namespace android { 29namespace hardware { 30namespace keymaster { 31namespace V3_0 { 32namespace implementation { 33 34using ::keymaster::SoftKeymasterDevice; 35 36class SoftwareOnlyHidlKeymasterEnforcement : public ::keymaster::KeymasterEnforcement { 37 public: 38 SoftwareOnlyHidlKeymasterEnforcement() : KeymasterEnforcement(64, 64) {} 39 40 uint32_t get_current_time() const override { 41 struct timespec tp; 42 int err = clock_gettime(CLOCK_MONOTONIC, &tp); 43 if (err || tp.tv_sec < 0) return 0; 44 return static_cast<uint32_t>(tp.tv_sec); 45 } 46 47 bool activation_date_valid(uint64_t) const override { return true; } 48 bool expiration_date_passed(uint64_t) const override { return false; } 49 bool auth_token_timed_out(const hw_auth_token_t&, uint32_t) const override { return false; } 50 bool ValidateTokenSignature(const hw_auth_token_t&) const override { return true; } 51}; 52 53class SoftwareOnlyHidlKeymasterContext : public ::keymaster::SoftKeymasterContext { 54 public: 55 SoftwareOnlyHidlKeymasterContext() : enforcement_(new SoftwareOnlyHidlKeymasterEnforcement) {} 56 57 ::keymaster::KeymasterEnforcement* enforcement_policy() override { return enforcement_.get(); } 58 59 private: 60 std::unique_ptr<::keymaster::KeymasterEnforcement> enforcement_; 61}; 62 63static int keymaster0_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) { 64 assert(mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0); 65 ALOGI("Found keymaster0 module %s, version %x", mod->name, mod->module_api_version); 66 67 UniquePtr<SoftKeymasterDevice> soft_keymaster(new SoftKeymasterDevice); 68 keymaster0_device_t* km0_device = NULL; 69 keymaster_error_t error = KM_ERROR_OK; 70 71 int rc = keymaster0_open(mod, &km0_device); 72 if (rc) { 73 ALOGE("Error opening keystore keymaster0 device."); 74 goto err; 75 } 76 77 if (km0_device->flags & KEYMASTER_SOFTWARE_ONLY) { 78 ALOGI("Keymaster0 module is software-only. Using SoftKeymasterDevice instead."); 79 km0_device->common.close(&km0_device->common); 80 km0_device = NULL; 81 // SoftKeymasterDevice will be deleted by keymaster_device_release() 82 *dev = soft_keymaster.release()->keymaster2_device(); 83 return 0; 84 } 85 86 ALOGD("Wrapping keymaster0 module %s with SoftKeymasterDevice", mod->name); 87 error = soft_keymaster->SetHardwareDevice(km0_device); 88 km0_device = NULL; // SoftKeymasterDevice has taken ownership. 89 if (error != KM_ERROR_OK) { 90 ALOGE("Got error %d from SetHardwareDevice", error); 91 rc = error; 92 goto err; 93 } 94 95 // SoftKeymasterDevice will be deleted by keymaster_device_release() 96 *dev = soft_keymaster.release()->keymaster2_device(); 97 return 0; 98 99err: 100 if (km0_device) km0_device->common.close(&km0_device->common); 101 *dev = NULL; 102 return rc; 103} 104 105static int keymaster1_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) { 106 assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0); 107 ALOGI("Found keymaster1 module %s, version %x", mod->name, mod->module_api_version); 108 109 UniquePtr<SoftKeymasterDevice> soft_keymaster(new SoftKeymasterDevice); 110 keymaster1_device_t* km1_device = nullptr; 111 keymaster_error_t error = KM_ERROR_OK; 112 113 int rc = keymaster1_open(mod, &km1_device); 114 if (rc) { 115 ALOGE("Error %d opening keystore keymaster1 device", rc); 116 goto err; 117 } 118 119 ALOGD("Wrapping keymaster1 module %s with SofKeymasterDevice", mod->name); 120 error = soft_keymaster->SetHardwareDevice(km1_device); 121 km1_device = nullptr; // SoftKeymasterDevice has taken ownership. 122 if (error != KM_ERROR_OK) { 123 ALOGE("Got error %d from SetHardwareDevice", error); 124 rc = error; 125 goto err; 126 } 127 128 // SoftKeymasterDevice will be deleted by keymaster_device_release() 129 *dev = soft_keymaster.release()->keymaster2_device(); 130 return 0; 131 132err: 133 if (km1_device) km1_device->common.close(&km1_device->common); 134 *dev = NULL; 135 return rc; 136} 137 138static int keymaster2_device_initialize(const hw_module_t* mod, keymaster2_device_t** dev) { 139 assert(mod->module_api_version >= KEYMASTER_MODULE_API_VERSION_2_0); 140 ALOGI("Found keymaster2 module %s, version %x", mod->name, mod->module_api_version); 141 142 keymaster2_device_t* km2_device = nullptr; 143 144 int rc = keymaster2_open(mod, &km2_device); 145 if (rc) { 146 ALOGE("Error %d opening keystore keymaster2 device", rc); 147 goto err; 148 } 149 150 *dev = km2_device; 151 return 0; 152 153err: 154 if (km2_device) km2_device->common.close(&km2_device->common); 155 *dev = nullptr; 156 return rc; 157} 158 159static int keymaster_device_initialize(keymaster2_device_t** dev, uint32_t* version, 160 bool* supports_ec) { 161 const hw_module_t* mod; 162 163 *supports_ec = true; 164 165 int rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod); 166 if (rc) { 167 ALOGI("Could not find any keystore module, using software-only implementation."); 168 // SoftKeymasterDevice will be deleted by keymaster_device_release() 169 *dev = (new SoftKeymasterDevice(new SoftwareOnlyHidlKeymasterContext))->keymaster2_device(); 170 *version = -1; 171 return 0; 172 } 173 174 if (mod->module_api_version < KEYMASTER_MODULE_API_VERSION_1_0) { 175 *version = 0; 176 int rc = keymaster0_device_initialize(mod, dev); 177 if (rc == 0 && ((*dev)->flags & KEYMASTER_SUPPORTS_EC) == 0) { 178 *supports_ec = false; 179 } 180 return rc; 181 } else if (mod->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) { 182 *version = 1; 183 return keymaster1_device_initialize(mod, dev); 184 } else { 185 *version = 2; 186 return keymaster2_device_initialize(mod, dev); 187 } 188} 189 190KeymasterDevice::~KeymasterDevice() { 191 if (keymaster_device_) keymaster_device_->common.close(&keymaster_device_->common); 192} 193 194static inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) { 195 return keymaster_tag_get_type(tag); 196} 197 198/** 199 * legacy_enum_conversion converts enums from hidl to keymaster and back. Currently, this is just a 200 * cast to make the compiler happy. One of two thigs should happen though: 201 * TODO The keymaster enums should become aliases for the hidl generated enums so that we have a 202 * single point of truth. Then this cast function can go away. 203 */ 204inline static keymaster_tag_t legacy_enum_conversion(const Tag value) { 205 return keymaster_tag_t(value); 206} 207inline static Tag legacy_enum_conversion(const keymaster_tag_t value) { 208 return Tag(value); 209} 210inline static keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) { 211 return keymaster_purpose_t(value); 212} 213inline static keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) { 214 return keymaster_key_format_t(value); 215} 216inline static ErrorCode legacy_enum_conversion(const keymaster_error_t value) { 217 return ErrorCode(value); 218} 219 220class KmParamSet : public keymaster_key_param_set_t { 221 public: 222 KmParamSet(const hidl_vec<KeyParameter>& keyParams) { 223 params = new keymaster_key_param_t[keyParams.size()]; 224 length = keyParams.size(); 225 for (size_t i = 0; i < keyParams.size(); ++i) { 226 auto tag = legacy_enum_conversion(keyParams[i].tag); 227 switch (typeFromTag(tag)) { 228 case KM_ENUM: 229 case KM_ENUM_REP: 230 params[i] = keymaster_param_enum(tag, keyParams[i].f.integer); 231 break; 232 case KM_UINT: 233 case KM_UINT_REP: 234 params[i] = keymaster_param_int(tag, keyParams[i].f.integer); 235 break; 236 case KM_ULONG: 237 case KM_ULONG_REP: 238 params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger); 239 break; 240 case KM_DATE: 241 params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime); 242 break; 243 case KM_BOOL: 244 if (keyParams[i].f.boolValue) 245 params[i] = keymaster_param_bool(tag); 246 else 247 params[i].tag = KM_TAG_INVALID; 248 break; 249 case KM_BIGNUM: 250 case KM_BYTES: 251 params[i] = 252 keymaster_param_blob(tag, &keyParams[i].blob[0], keyParams[i].blob.size()); 253 break; 254 case KM_INVALID: 255 default: 256 params[i].tag = KM_TAG_INVALID; 257 /* just skip */ 258 break; 259 } 260 } 261 } 262 KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} { 263 other.length = 0; 264 other.params = nullptr; 265 } 266 KmParamSet(const KmParamSet&) = delete; 267 ~KmParamSet() { delete[] params; } 268}; 269 270inline static KmParamSet hidlParams2KmParamSet(const hidl_vec<KeyParameter>& params) { 271 return KmParamSet(params); 272} 273 274inline static keymaster_blob_t hidlVec2KmBlob(const hidl_vec<uint8_t>& blob) { 275 /* hidl unmarshals funny pointers if the the blob is empty */ 276 if (blob.size()) return {&blob[0], blob.size()}; 277 return {nullptr, 0}; 278} 279 280inline static keymaster_key_blob_t hidlVec2KmKeyBlob(const hidl_vec<uint8_t>& blob) { 281 /* hidl unmarshals funny pointers if the the blob is empty */ 282 if (blob.size()) return {&blob[0], blob.size()}; 283 return {nullptr, 0}; 284} 285 286inline static hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_key_blob_t& blob) { 287 hidl_vec<uint8_t> result; 288 result.setToExternal(const_cast<unsigned char*>(blob.key_material), blob.key_material_size); 289 return result; 290} 291inline static hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_blob_t& blob) { 292 hidl_vec<uint8_t> result; 293 result.setToExternal(const_cast<unsigned char*>(blob.data), blob.data_length); 294 return result; 295} 296 297inline static hidl_vec<hidl_vec<uint8_t>> 298kmCertChain2Hidl(const keymaster_cert_chain_t* cert_chain) { 299 hidl_vec<hidl_vec<uint8_t>> result; 300 if (!cert_chain || cert_chain->entry_count == 0 || !cert_chain->entries) return result; 301 302 result.resize(cert_chain->entry_count); 303 for (size_t i = 0; i < cert_chain->entry_count; ++i) { 304 auto& entry = cert_chain->entries[i]; 305 result[i] = kmBlob2hidlVec(entry); 306 } 307 308 return result; 309} 310 311static inline hidl_vec<KeyParameter> kmParamSet2Hidl(const keymaster_key_param_set_t& set) { 312 hidl_vec<KeyParameter> result; 313 if (set.length == 0 || set.params == nullptr) return result; 314 315 result.resize(set.length); 316 keymaster_key_param_t* params = set.params; 317 for (size_t i = 0; i < set.length; ++i) { 318 auto tag = params[i].tag; 319 result[i].tag = legacy_enum_conversion(tag); 320 switch (typeFromTag(tag)) { 321 case KM_ENUM: 322 case KM_ENUM_REP: 323 result[i].f.integer = params[i].enumerated; 324 break; 325 case KM_UINT: 326 case KM_UINT_REP: 327 result[i].f.integer = params[i].integer; 328 break; 329 case KM_ULONG: 330 case KM_ULONG_REP: 331 result[i].f.longInteger = params[i].long_integer; 332 break; 333 case KM_DATE: 334 result[i].f.dateTime = params[i].date_time; 335 break; 336 case KM_BOOL: 337 result[i].f.boolValue = params[i].boolean; 338 break; 339 case KM_BIGNUM: 340 case KM_BYTES: 341 result[i].blob.setToExternal(const_cast<unsigned char*>(params[i].blob.data), 342 params[i].blob.data_length); 343 break; 344 case KM_INVALID: 345 default: 346 params[i].tag = KM_TAG_INVALID; 347 /* just skip */ 348 break; 349 } 350 } 351 return result; 352} 353 354// Methods from ::android::hardware::keymaster::V3_0::IKeymasterDevice follow. 355Return<void> KeymasterDevice::getHardwareFeatures(getHardwareFeatures_cb _hidl_cb) { 356 bool is_secure = false; 357 bool supports_symmetric_cryptography = false; 358 bool supports_attestation = false; 359 360 switch (hardware_version_) { 361 case 2: 362 supports_attestation = true; 363 /* Falls through */ 364 case 1: 365 supports_symmetric_cryptography = true; 366 /* Falls through */ 367 case 0: 368 is_secure = true; 369 break; 370 }; 371 372 _hidl_cb(is_secure, hardware_supports_ec_, supports_symmetric_cryptography, 373 supports_attestation); 374 return Void(); 375} 376 377Return<ErrorCode> KeymasterDevice::addRngEntropy(const hidl_vec<uint8_t>& data) { 378 if (!data.size()) return ErrorCode::OK; 379 return legacy_enum_conversion( 380 keymaster_device_->add_rng_entropy(keymaster_device_, &data[0], data.size())); 381} 382 383Return<void> KeymasterDevice::generateKey(const hidl_vec<KeyParameter>& keyParams, 384 generateKey_cb _hidl_cb) { 385 // result variables for the wire 386 KeyCharacteristics resultCharacteristics; 387 hidl_vec<uint8_t> resultKeyBlob; 388 389 // result variables the backend understands 390 keymaster_key_blob_t key_blob{nullptr, 0}; 391 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}}; 392 393 // convert the parameter set to something our backend understands 394 auto kmParams = hidlParams2KmParamSet(keyParams); 395 396 auto rc = keymaster_device_->generate_key(keymaster_device_, &kmParams, &key_blob, 397 &key_characteristics); 398 399 if (rc == KM_ERROR_OK) { 400 // on success convert the result to wire format 401 resultKeyBlob = kmBlob2hidlVec(key_blob); 402 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced); 403 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced); 404 } 405 406 // send results off to the client 407 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob, resultCharacteristics); 408 409 // free buffers that we are responsible for 410 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material)); 411 keymaster_free_characteristics(&key_characteristics); 412 413 return Void(); 414} 415 416Return<void> KeymasterDevice::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob, 417 const hidl_vec<uint8_t>& clientId, 418 const hidl_vec<uint8_t>& appData, 419 getKeyCharacteristics_cb _hidl_cb) { 420 // result variables for the wire 421 KeyCharacteristics resultCharacteristics; 422 423 // result variables the backend understands 424 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}}; 425 426 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob); 427 auto kmClientId = hidlVec2KmBlob(clientId); 428 auto kmAppData = hidlVec2KmBlob(appData); 429 430 auto rc = keymaster_device_->get_key_characteristics( 431 keymaster_device_, keyBlob.size() ? &kmKeyBlob : nullptr, 432 clientId.size() ? &kmClientId : nullptr, appData.size() ? &kmAppData : nullptr, 433 &key_characteristics); 434 435 if (rc == KM_ERROR_OK) { 436 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced); 437 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced); 438 } 439 440 _hidl_cb(legacy_enum_conversion(rc), resultCharacteristics); 441 442 keymaster_free_characteristics(&key_characteristics); 443 444 return Void(); 445} 446 447Return<void> KeymasterDevice::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat, 448 const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) { 449 // result variables for the wire 450 KeyCharacteristics resultCharacteristics; 451 hidl_vec<uint8_t> resultKeyBlob; 452 453 // result variables the backend understands 454 keymaster_key_blob_t key_blob{nullptr, 0}; 455 keymaster_key_characteristics_t key_characteristics{{nullptr, 0}, {nullptr, 0}}; 456 457 auto kmParams = hidlParams2KmParamSet(params); 458 auto kmKeyData = hidlVec2KmBlob(keyData); 459 460 auto rc = keymaster_device_->import_key(keymaster_device_, &kmParams, 461 legacy_enum_conversion(keyFormat), &kmKeyData, 462 &key_blob, &key_characteristics); 463 464 if (rc == KM_ERROR_OK) { 465 // on success convert the result to wire format 466 // (Can we assume that key_blob is {nullptr, 0} or a valid buffer description?) 467 resultKeyBlob = kmBlob2hidlVec(key_blob); 468 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(key_characteristics.sw_enforced); 469 resultCharacteristics.teeEnforced = kmParamSet2Hidl(key_characteristics.hw_enforced); 470 } 471 472 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob, resultCharacteristics); 473 474 // free buffers that we are responsible for 475 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material)); 476 keymaster_free_characteristics(&key_characteristics); 477 478 return Void(); 479} 480 481Return<void> KeymasterDevice::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob, 482 const hidl_vec<uint8_t>& clientId, 483 const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) { 484 485 // result variables for the wire 486 hidl_vec<uint8_t> resultKeyBlob; 487 488 // result variables the backend understands 489 keymaster_blob_t out_blob{nullptr, 0}; 490 491 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob); 492 auto kmClientId = hidlVec2KmBlob(clientId); 493 auto kmAppData = hidlVec2KmBlob(appData); 494 495 auto rc = keymaster_device_->export_key(keymaster_device_, legacy_enum_conversion(exportFormat), 496 keyBlob.size() ? &kmKeyBlob : nullptr, 497 clientId.size() ? &kmClientId : nullptr, 498 appData.size() ? &kmAppData : nullptr, &out_blob); 499 500 if (rc == KM_ERROR_OK) { 501 // on success convert the result to wire format 502 // (Can we assume that key_blob is {nullptr, 0} or a valid buffer description?) 503 resultKeyBlob = kmBlob2hidlVec(out_blob); 504 } 505 506 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob); 507 508 // free buffers that we are responsible for 509 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data)); 510 511 return Void(); 512} 513 514Return<void> KeymasterDevice::attestKey(const hidl_vec<uint8_t>& keyToAttest, 515 const hidl_vec<KeyParameter>& attestParams, 516 attestKey_cb _hidl_cb) { 517 518 hidl_vec<hidl_vec<uint8_t>> resultCertChain; 519 520 for (size_t i = 0; i < attestParams.size(); ++i) { 521 switch (attestParams[i].tag) { 522 case Tag::ATTESTATION_ID_BRAND: 523 case Tag::ATTESTATION_ID_DEVICE: 524 case Tag::ATTESTATION_ID_PRODUCT: 525 case Tag::ATTESTATION_ID_SERIAL: 526 case Tag::ATTESTATION_ID_IMEI: 527 case Tag::ATTESTATION_ID_MEID: 528 // Device id attestation may only be supported if the device is able to permanently 529 // destroy its knowledge of the ids. This device is unable to do this, so it must 530 // never perform any device id attestation. 531 _hidl_cb(ErrorCode::CANNOT_ATTEST_IDS, resultCertChain); 532 return Void(); 533 default: 534 break; 535 } 536 } 537 538 keymaster_cert_chain_t cert_chain{nullptr, 0}; 539 540 auto kmKeyToAttest = hidlVec2KmKeyBlob(keyToAttest); 541 auto kmAttestParams = hidlParams2KmParamSet(attestParams); 542 543 auto rc = keymaster_device_->attest_key(keymaster_device_, &kmKeyToAttest, &kmAttestParams, 544 &cert_chain); 545 546 if (rc == KM_ERROR_OK) { 547 resultCertChain = kmCertChain2Hidl(&cert_chain); 548 } 549 550 _hidl_cb(legacy_enum_conversion(rc), resultCertChain); 551 552 keymaster_free_cert_chain(&cert_chain); 553 554 return Void(); 555} 556 557Return<void> KeymasterDevice::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade, 558 const hidl_vec<KeyParameter>& upgradeParams, 559 upgradeKey_cb _hidl_cb) { 560 561 // result variables for the wire 562 hidl_vec<uint8_t> resultKeyBlob; 563 564 // result variables the backend understands 565 keymaster_key_blob_t key_blob{nullptr, 0}; 566 567 auto kmKeyBlobToUpgrade = hidlVec2KmKeyBlob(keyBlobToUpgrade); 568 auto kmUpgradeParams = hidlParams2KmParamSet(upgradeParams); 569 570 auto rc = keymaster_device_->upgrade_key(keymaster_device_, &kmKeyBlobToUpgrade, 571 &kmUpgradeParams, &key_blob); 572 573 if (rc == KM_ERROR_OK) { 574 // on success convert the result to wire format 575 resultKeyBlob = kmBlob2hidlVec(key_blob); 576 } 577 578 _hidl_cb(legacy_enum_conversion(rc), resultKeyBlob); 579 580 if (key_blob.key_material) free(const_cast<uint8_t*>(key_blob.key_material)); 581 582 return Void(); 583} 584 585Return<ErrorCode> KeymasterDevice::deleteKey(const hidl_vec<uint8_t>& keyBlob) { 586 if (keymaster_device_->delete_key == nullptr) { 587 return ErrorCode::UNIMPLEMENTED; 588 } 589 auto kmKeyBlob = hidlVec2KmKeyBlob(keyBlob); 590 return legacy_enum_conversion(keymaster_device_->delete_key(keymaster_device_, &kmKeyBlob)); 591} 592 593Return<ErrorCode> KeymasterDevice::deleteAllKeys() { 594 if (keymaster_device_->delete_all_keys == nullptr) { 595 return ErrorCode::UNIMPLEMENTED; 596 } 597 return legacy_enum_conversion(keymaster_device_->delete_all_keys(keymaster_device_)); 598} 599 600Return<ErrorCode> KeymasterDevice::destroyAttestationIds() { 601 return ErrorCode::UNIMPLEMENTED; 602} 603 604Return<void> KeymasterDevice::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key, 605 const hidl_vec<KeyParameter>& inParams, begin_cb _hidl_cb) { 606 607 // result variables for the wire 608 hidl_vec<KeyParameter> resultParams; 609 uint64_t resultOpHandle = 0; 610 611 // result variables the backend understands 612 keymaster_key_param_set_t out_params{nullptr, 0}; 613 keymaster_operation_handle_t& operation_handle = resultOpHandle; 614 615 auto kmKey = hidlVec2KmKeyBlob(key); 616 auto kmInParams = hidlParams2KmParamSet(inParams); 617 618 auto rc = keymaster_device_->begin(keymaster_device_, legacy_enum_conversion(purpose), &kmKey, 619 &kmInParams, &out_params, &operation_handle); 620 621 if (rc == KM_ERROR_OK) resultParams = kmParamSet2Hidl(out_params); 622 623 _hidl_cb(legacy_enum_conversion(rc), resultParams, resultOpHandle); 624 625 keymaster_free_param_set(&out_params); 626 627 return Void(); 628} 629 630Return<void> KeymasterDevice::update(uint64_t operationHandle, 631 const hidl_vec<KeyParameter>& inParams, 632 const hidl_vec<uint8_t>& input, update_cb _hidl_cb) { 633 // result variables for the wire 634 uint32_t resultConsumed = 0; 635 hidl_vec<KeyParameter> resultParams; 636 hidl_vec<uint8_t> resultBlob; 637 638 // result variables the backend understands 639 size_t consumed = 0; 640 keymaster_key_param_set_t out_params{nullptr, 0}; 641 keymaster_blob_t out_blob{nullptr, 0}; 642 643 auto kmInParams = hidlParams2KmParamSet(inParams); 644 auto kmInput = hidlVec2KmBlob(input); 645 646 auto rc = keymaster_device_->update(keymaster_device_, operationHandle, &kmInParams, &kmInput, 647 &consumed, &out_params, &out_blob); 648 649 if (rc == KM_ERROR_OK) { 650 resultConsumed = consumed; 651 resultParams = kmParamSet2Hidl(out_params); 652 resultBlob = kmBlob2hidlVec(out_blob); 653 } 654 655 _hidl_cb(legacy_enum_conversion(rc), resultConsumed, resultParams, resultBlob); 656 657 keymaster_free_param_set(&out_params); 658 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data)); 659 660 return Void(); 661} 662 663Return<void> KeymasterDevice::finish(uint64_t operationHandle, 664 const hidl_vec<KeyParameter>& inParams, 665 const hidl_vec<uint8_t>& input, 666 const hidl_vec<uint8_t>& signature, finish_cb _hidl_cb) { 667 // result variables for the wire 668 hidl_vec<KeyParameter> resultParams; 669 hidl_vec<uint8_t> resultBlob; 670 671 // result variables the backend understands 672 keymaster_key_param_set_t out_params{nullptr, 0}; 673 keymaster_blob_t out_blob{nullptr, 0}; 674 675 auto kmInParams = hidlParams2KmParamSet(inParams); 676 auto kmInput = hidlVec2KmBlob(input); 677 auto kmSignature = hidlVec2KmBlob(signature); 678 679 auto rc = keymaster_device_->finish(keymaster_device_, operationHandle, &kmInParams, &kmInput, 680 &kmSignature, &out_params, &out_blob); 681 682 if (rc == KM_ERROR_OK) { 683 resultParams = kmParamSet2Hidl(out_params); 684 resultBlob = kmBlob2hidlVec(out_blob); 685 } 686 687 _hidl_cb(legacy_enum_conversion(rc), resultParams, resultBlob); 688 689 keymaster_free_param_set(&out_params); 690 if (out_blob.data) free(const_cast<uint8_t*>(out_blob.data)); 691 692 return Void(); 693} 694 695Return<ErrorCode> KeymasterDevice::abort(uint64_t operationHandle) { 696 return legacy_enum_conversion(keymaster_device_->abort(keymaster_device_, operationHandle)); 697} 698 699IKeymasterDevice* HIDL_FETCH_IKeymasterDevice(const char* /* name */) { 700 keymaster2_device_t* dev = nullptr; 701 702 uint32_t version; 703 bool supports_ec; 704 auto rc = keymaster_device_initialize(&dev, &version, &supports_ec); 705 if (rc) return nullptr; 706 707 auto kmrc = ::keymaster::ConfigureDevice(dev); 708 if (kmrc != KM_ERROR_OK) { 709 dev->common.close(&dev->common); 710 return nullptr; 711 } 712 713 return new KeymasterDevice(dev, version, supports_ec); 714} 715 716} // namespace implementation 717} // namespace V3_0 718} // namespace keymaster 719} // namespace hardware 720} // namespace android 721