158e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden/* 258e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * Copyright 2014 The Android Open Source Project 358e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * 458e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * Licensed under the Apache License, Version 2.0 (the "License"); 558e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * you may not use this file except in compliance with the License. 658e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * You may obtain a copy of the License at 758e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * 858e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * http://www.apache.org/licenses/LICENSE-2.0 958e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * 1058e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * Unless required by applicable law or agreed to in writing, software 1158e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * distributed under the License is distributed on an "AS IS" BASIS, 1258e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1358e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * See the License for the specific language governing permissions and 1458e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * limitations under the License. 1558e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden */ 1658e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden 17b6837e7a62a1192e33beef586282812239ee8b28Shawn Willden#ifndef SYSTEM_KEYMASTER_ANDROID_KEYMASTER_UTILS_H_ 18b6837e7a62a1192e33beef586282812239ee8b28Shawn Willden#define SYSTEM_KEYMASTER_ANDROID_KEYMASTER_UTILS_H_ 195ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 201615f2ecf2537db7b302eb9b5be4394f711fd815Shawn Willden#include <stdint.h> 211615f2ecf2537db7b302eb9b5be4394f711fd815Shawn Willden#include <string.h> 2274aff357261879dfa8366528a42c59b042c7bd05Shawn Willden#include <time.h> // for time_t. 2374aff357261879dfa8366528a42c59b042c7bd05Shawn Willden 24f2282b3c6690ccfaa7878886f01693ef4f0b3bedShawn Willden#include <UniquePtr.h> 25f2282b3c6690ccfaa7878886f01693ef4f0b3bedShawn Willden 260cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden#include <hardware/keymaster_defs.h> 2798d9b92547a9a7553b99e3e941a4175926f95b62Shawn Willden#include <keymaster/serializable.h> 28da8485ea42e53839579575ec9fc2b49f7cf1a1f9Shawn Willden 295ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willdennamespace keymaster { 305ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 315ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden/** 325ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Convert the specified time value into "Java time", which is a signed 64-bit integer representing 335ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * elapsed milliseconds since Jan 1, 1970. 345ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 355ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willdeninline int64_t java_time(time_t time) { 365ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden // The exact meaning of a time_t value is implementation-dependent. If this code is ported to a 375ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden // platform that doesn't define it as "seconds since Jan 1, 1970 UTC", this function will have 385ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden // to be revised. 39c8905b663d57b82afc8fadd72db85eb54c098637Shawn Willden return static_cast<int64_t>(time) * 1000; 405ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden} 415ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 425ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden/* 435ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Array Manipulation functions. This set of templated inline functions provides some nice tools 445ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * for operating on c-style arrays. C-style arrays actually do have a defined size associated with 455ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * them, as long as they are not allowed to decay to a pointer. These template methods exploit this 465ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * to allow size-based array operations without explicitly specifying the size. If passed a pointer 475ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * rather than an array, they'll fail to compile. 485ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 495ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 505ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden/** 515ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Return the size in bytes of the array \p a. 525ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 5386a0b87bcc77bd24cedbcdc82699414de7345030Shawn Willdentemplate <typename T, size_t N> inline size_t array_size(const T (&a)[N]) { 5474aff357261879dfa8366528a42c59b042c7bd05Shawn Willden return sizeof(a); 5574aff357261879dfa8366528a42c59b042c7bd05Shawn Willden} 565ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 575ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden/** 585ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Return the number of elements in array \p a. 595ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 6086a0b87bcc77bd24cedbcdc82699414de7345030Shawn Willdentemplate <typename T, size_t N> inline size_t array_length(const T (&)[N]) { 6174aff357261879dfa8366528a42c59b042c7bd05Shawn Willden return N; 6274aff357261879dfa8366528a42c59b042c7bd05Shawn Willden} 635ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 645ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden/** 65da8485ea42e53839579575ec9fc2b49f7cf1a1f9Shawn Willden * Duplicate the array \p a. The memory for the new array is allocated and the caller takes 66a278f6156b9e57e1de8ca380b14fef113ad10be8Shawn Willden * responsibility. 67a278f6156b9e57e1de8ca380b14fef113ad10be8Shawn Willden */ 68a278f6156b9e57e1de8ca380b14fef113ad10be8Shawn Willdentemplate <typename T> inline T* dup_array(const T* a, size_t n) { 690f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden T* dup = new (std::nothrow) T[n]; 700f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden if (dup) 71a278f6156b9e57e1de8ca380b14fef113ad10be8Shawn Willden for (size_t i = 0; i < n; ++i) 72a278f6156b9e57e1de8ca380b14fef113ad10be8Shawn Willden dup[i] = a[i]; 73a278f6156b9e57e1de8ca380b14fef113ad10be8Shawn Willden return dup; 74a278f6156b9e57e1de8ca380b14fef113ad10be8Shawn Willden} 75a278f6156b9e57e1de8ca380b14fef113ad10be8Shawn Willden 76a278f6156b9e57e1de8ca380b14fef113ad10be8Shawn Willden/** 77a278f6156b9e57e1de8ca380b14fef113ad10be8Shawn Willden * Duplicate the array \p a. The memory for the new array is allocated and the caller takes 785ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * responsibility. Note that the dup is necessarily returned as a pointer, so size is lost. Call 795ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * array_length() on the original array to discover the size. 805ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 8186a0b87bcc77bd24cedbcdc82699414de7345030Shawn Willdentemplate <typename T, size_t N> inline T* dup_array(const T (&a)[N]) { 82a278f6156b9e57e1de8ca380b14fef113ad10be8Shawn Willden return dup_array(a, N); 835ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden} 845ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 855ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden/** 86da8485ea42e53839579575ec9fc2b49f7cf1a1f9Shawn Willden * Duplicate the buffer \p buf. The memory for the new buffer is allocated and the caller takes 87da8485ea42e53839579575ec9fc2b49f7cf1a1f9Shawn Willden * responsibility. 88da8485ea42e53839579575ec9fc2b49f7cf1a1f9Shawn Willden */ 89da8485ea42e53839579575ec9fc2b49f7cf1a1f9Shawn Willdenuint8_t* dup_buffer(const void* buf, size_t size); 90da8485ea42e53839579575ec9fc2b49f7cf1a1f9Shawn Willden 91da8485ea42e53839579575ec9fc2b49f7cf1a1f9Shawn Willden/** 925ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Copy the contents of array \p arr to \p dest. 935ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 9486a0b87bcc77bd24cedbcdc82699414de7345030Shawn Willdentemplate <typename T, size_t N> inline void copy_array(const T (&arr)[N], T* dest) { 955ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden for (size_t i = 0; i < N; ++i) 965ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden dest[i] = arr[i]; 975ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden} 985ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 995ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden/** 1005ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * Search array \p a for value \p val, returning true if found. Note that this function is 1015ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * early-exit, meaning that it should not be used in contexts where timing analysis attacks could be 1025ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden * a concern. 1035ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden */ 10486a0b87bcc77bd24cedbcdc82699414de7345030Shawn Willdentemplate <typename T, size_t N> inline bool array_contains(const T (&a)[N], T val) { 1055ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden for (size_t i = 0; i < N; ++i) { 1065ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden if (a[i] == val) { 1075ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return true; 1085ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 1095ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden } 1105ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden return false; 1115ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden} 1125ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 11358e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden/** 11474aff357261879dfa8366528a42c59b042c7bd05Shawn Willden * Variant of memset() that uses GCC-specific pragmas to disable optimizations, so effect is not 11574aff357261879dfa8366528a42c59b042c7bd05Shawn Willden * optimized away. This is important because we often need to wipe blocks of sensitive data from 116f2282b3c6690ccfaa7878886f01693ef4f0b3bedShawn Willden * memory. As an additional convenience, this implementation avoids writing to NULL pointers. 11774aff357261879dfa8366528a42c59b042c7bd05Shawn Willden */ 118efa4815bafecb1e3088566b7a8b86a0259a68e6fDan Albert#ifdef __clang__ 119efa4815bafecb1e3088566b7a8b86a0259a68e6fDan Albert#define OPTNONE __attribute__((optnone)) 120efa4815bafecb1e3088566b7a8b86a0259a68e6fDan Albert#else // not __clang__ 121efa4815bafecb1e3088566b7a8b86a0259a68e6fDan Albert#define OPTNONE __attribute__((optimize("O0"))) 122efa4815bafecb1e3088566b7a8b86a0259a68e6fDan Albert#endif // not __clang__ 123efa4815bafecb1e3088566b7a8b86a0259a68e6fDan Albertinline OPTNONE void* memset_s(void* s, int c, size_t n) { 124f2282b3c6690ccfaa7878886f01693ef4f0b3bedShawn Willden if (!s) 125f2282b3c6690ccfaa7878886f01693ef4f0b3bedShawn Willden return s; 12674aff357261879dfa8366528a42c59b042c7bd05Shawn Willden return memset(s, c, n); 12774aff357261879dfa8366528a42c59b042c7bd05Shawn Willden} 128efa4815bafecb1e3088566b7a8b86a0259a68e6fDan Albert#undef OPTNONE 12943e999eed16a78cb6d48f1dfd11b33dee4d80a1aShawn Willden 13043e999eed16a78cb6d48f1dfd11b33dee4d80a1aShawn Willden/** 131197d9af98df67eaf777d149df22c8eeead8511b1Shawn Willden * Variant of memcmp that has the same runtime regardless of whether the data matches (i.e. doesn't 132197d9af98df67eaf777d149df22c8eeead8511b1Shawn Willden * short-circuit). Not an exact equivalent to memcmp because it doesn't return <0 if p1 < p2, just 133197d9af98df67eaf777d149df22c8eeead8511b1Shawn Willden * 0 for match and non-zero for non-match. 134197d9af98df67eaf777d149df22c8eeead8511b1Shawn Willden */ 135197d9af98df67eaf777d149df22c8eeead8511b1Shawn Willdenint memcmp_s(const void* p1, const void* p2, size_t length); 136197d9af98df67eaf777d149df22c8eeead8511b1Shawn Willden 137197d9af98df67eaf777d149df22c8eeead8511b1Shawn Willden/** 13858e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * Eraser clears buffers. Construct it with a buffer or object and the destructor will ensure that 13958e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden * it is zeroed. 14058e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden */ 14158e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willdenclass Eraser { 14258e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden public: 14358e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden /* Not implemented. If this gets used, we want a link error. */ 14458e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden template <typename T> explicit Eraser(T* t); 14558e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden 14658e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden template <typename T> 14786a0b87bcc77bd24cedbcdc82699414de7345030Shawn Willden explicit Eraser(T& t) : buf_(reinterpret_cast<uint8_t*>(&t)), size_(sizeof(t)) {} 14858e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden 14986a0b87bcc77bd24cedbcdc82699414de7345030Shawn Willden template <size_t N> explicit Eraser(uint8_t (&arr)[N]) : buf_(arr), size_(N) {} 15058e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden 151da8485ea42e53839579575ec9fc2b49f7cf1a1f9Shawn Willden Eraser(void* buf, size_t size) : buf_(static_cast<uint8_t*>(buf)), size_(size) {} 152da8485ea42e53839579575ec9fc2b49f7cf1a1f9Shawn Willden ~Eraser() { memset_s(buf_, 0, size_); } 15358e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden 15458e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden private: 1551615f2ecf2537db7b302eb9b5be4394f711fd815Shawn Willden Eraser(const Eraser&); 1561615f2ecf2537db7b302eb9b5be4394f711fd815Shawn Willden void operator=(const Eraser&); 1571615f2ecf2537db7b302eb9b5be4394f711fd815Shawn Willden 15858e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden uint8_t* buf_; 15958e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden size_t size_; 16058e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden}; 16158e1a5486219a1be9264d4e863a9dd3e393906c3Shawn Willden 162e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden/** 163e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden * ArrayWrapper is a trivial wrapper around a C-style array that provides begin() and end() 164e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden * methods. This is primarily to facilitate range-based iteration on arrays. It does not copy, nor 165e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden * does it take ownership; it just holds pointers. 166e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden */ 167e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willdentemplate <typename T> class ArrayWrapper { 168e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden public: 169e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden ArrayWrapper(T* array, size_t size) : begin_(array), end_(array + size) {} 170e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden 171e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden T* begin() { return begin_; } 172e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden T* end() { return end_; } 173e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden 174e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden private: 175e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden T* begin_; 176e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden T* end_; 177e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden}; 1781e15840cba64d2c687152fa830a39855a596628bShawn Willden 17986a0b87bcc77bd24cedbcdc82699414de7345030Shawn Willdentemplate <typename T> ArrayWrapper<T> array_range(T* begin, size_t length) { 18086a0b87bcc77bd24cedbcdc82699414de7345030Shawn Willden return ArrayWrapper<T>(begin, length); 18186a0b87bcc77bd24cedbcdc82699414de7345030Shawn Willden} 182e3dd18db4dbe6cb67625bb9142f2976f2ec758e1Shawn Willden 1831e15840cba64d2c687152fa830a39855a596628bShawn Willdentemplate <typename T, size_t n> ArrayWrapper<T> array_range(T (&a)[n]) { 1841e15840cba64d2c687152fa830a39855a596628bShawn Willden return ArrayWrapper<T>(a, n); 1851e15840cba64d2c687152fa830a39855a596628bShawn Willden} 1861e15840cba64d2c687152fa830a39855a596628bShawn Willden 1873e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden/** 1883e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden * Convert any unsigned integer from network to host order. We implement this here rather than 1893e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden * using the functions from arpa/inet.h because the TEE doesn't have inet.h. This isn't the most 1903e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden * efficient implementation, but the compiler should unroll the loop and tighten it up. 1913e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden */ 1923e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willdentemplate <typename T> T ntoh(T t) { 1933e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden const uint8_t* byte_ptr = reinterpret_cast<const uint8_t*>(&t); 1943e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden T retval = 0; 1953e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden for (size_t i = 0; i < sizeof(t); ++i) { 1963e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden retval <<= 8; 1973e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden retval |= byte_ptr[i]; 1983e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden } 1993e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden return retval; 2003e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden} 2013e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden 2023e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden/** 2033e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden * Convert any unsigned integer from host to network order. We implement this here rather than 2043e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden * using the functions from arpa/inet.h because the TEE doesn't have inet.h. This isn't the most 2053e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden * efficient implementation, but the compiler should unroll the loop and tighten it up. 2063e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden */ 2073e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willdentemplate <typename T> T hton(T t) { 2083e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden T retval; 2093e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden uint8_t* byte_ptr = reinterpret_cast<uint8_t*>(&retval); 2103e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden for (size_t i = sizeof(t); i > 0; --i) { 2113e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden byte_ptr[i - 1] = t & 0xFF; 2123e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden t >>= 8; 2133e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden } 2143e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden return retval; 2153e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden} 2163e35dbcecbc5ae9de32be2c437c08a9faa940d5bShawn Willden 2170cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden/** 2180cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden * KeymasterKeyBlob is a very simple extension of the C struct keymaster_key_blob_t. It manages its 2190cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden * own memory, which makes avoiding memory leaks much easier. 2200cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden */ 2210cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willdenstruct KeymasterKeyBlob : public keymaster_key_blob_t { 2220cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden KeymasterKeyBlob() { 2230cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden key_material = nullptr; 2240cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden key_material_size = 0; 2250cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden } 2260cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden 2270cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden KeymasterKeyBlob(const uint8_t* data, size_t size) { 2280f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden key_material_size = 0; 2290cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden key_material = dup_buffer(data, size); 2300f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden if (key_material) 2310f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden key_material_size = size; 2320cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden } 2330cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden 2340cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden explicit KeymasterKeyBlob(size_t size) { 2350f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden key_material_size = 0; 2360f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden key_material = new (std::nothrow) uint8_t[size]; 2370f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden if (key_material) 2380f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden key_material_size = size; 2390cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden } 2400cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden 2410cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden explicit KeymasterKeyBlob(const keymaster_key_blob_t& blob) { 2420f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden key_material_size = 0; 2430cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden key_material = dup_buffer(blob.key_material, blob.key_material_size); 2440f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden if (key_material) 2450f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden key_material_size = blob.key_material_size; 2460cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden } 2470cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden 2480cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden KeymasterKeyBlob(const KeymasterKeyBlob& blob) { 2490f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden key_material_size = 0; 2500cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden key_material = dup_buffer(blob.key_material, blob.key_material_size); 2510f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden if (key_material) 2520f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden key_material_size = blob.key_material_size; 2530cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden } 2540cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden 2552beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden void operator=(const KeymasterKeyBlob& blob) { 2562beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden Clear(); 2572beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden key_material = dup_buffer(blob.key_material, blob.key_material_size); 2582beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden key_material_size = blob.key_material_size; 2592beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden } 2602beb628bfefae72fa6bb84a6235da7e3de532823Shawn Willden 2610cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden ~KeymasterKeyBlob() { Clear(); } 2620cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden 2630cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden const uint8_t* begin() const { return key_material; } 2640cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden const uint8_t* end() const { return key_material + key_material_size; } 2650cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden 2660cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden void Clear() { 2670cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden memset_s(const_cast<uint8_t*>(key_material), 0, key_material_size); 2680cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden delete[] key_material; 2690cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden key_material = nullptr; 2700cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden key_material_size = 0; 2710cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden } 2720cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden 2730cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden const uint8_t* Reset(size_t new_size) { 2740cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden Clear(); 2750f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden key_material = new (std::nothrow) uint8_t[new_size]; 2760f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden if (key_material) 2770f906ec40f6ade7955c6b967ea522aade54ea2e4Shawn Willden key_material_size = new_size; 2780cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden return key_material; 2790cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden } 2800cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden 2810cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden // The key_material in keymaster_key_blob_t is const, which is the right thing in most 2820cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden // circumstances, but occasionally we do need to write into it. This method exposes a non-const 2830cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden // version of the pointer. Use sparingly. 2840cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden uint8_t* writable_data() { return const_cast<uint8_t*>(key_material); } 2850cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden 2860cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden keymaster_key_blob_t release() { 2870cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden keymaster_key_blob_t tmp = {key_material, key_material_size}; 2880cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden key_material = nullptr; 2890cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden key_material_size = 0; 2900cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden return tmp; 2910cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden } 2920cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden 2930cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden size_t SerializedSize() const { return sizeof(uint32_t) + key_material_size; } 2940cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const { 2950cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden return append_size_and_data_to_buf(buf, end, key_material, key_material_size); 2960cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden } 2970cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden 2980cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) { 2990cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden Clear(); 3000cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden UniquePtr<uint8_t[]> tmp; 3010cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden if (!copy_size_and_data_from_buf(buf_ptr, end, &key_material_size, &tmp)) { 3020cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden key_material = nullptr; 3030cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden key_material_size = 0; 3040cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden return false; 3050cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden } 3060cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden key_material = tmp.release(); 3070cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden return true; 3080cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden } 3090cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden}; 3100cb6942d3efb6c056f96321c82a4b3d86af601d6Shawn Willden 311d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willdenstruct Characteristics_Delete { 312d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willden void operator()(keymaster_key_characteristics_t* p) { 313d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willden keymaster_free_characteristics(p); 314d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willden free(p); 315d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willden } 316d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willden}; 317d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willden 318d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willdenstruct Malloc_Delete { 319d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willden void operator()(void* p) { free(p); } 320d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willden}; 321d599b15c0693950bdc72fb867872044fdc484ef5Shawn Willden 322c9b02d1746655627217715767b0d4fd13815114bShawn Willdenstruct CertificateChainDelete { 323c9b02d1746655627217715767b0d4fd13815114bShawn Willden void operator()(keymaster_cert_chain_t* p) { 324c9b02d1746655627217715767b0d4fd13815114bShawn Willden if (!p) 325c9b02d1746655627217715767b0d4fd13815114bShawn Willden return; 326c9b02d1746655627217715767b0d4fd13815114bShawn Willden for (size_t i = 0; i < p->entry_count; ++i) 327c9b02d1746655627217715767b0d4fd13815114bShawn Willden delete[] p->entries[i].data; 328c9b02d1746655627217715767b0d4fd13815114bShawn Willden delete[] p->entries; 329c9b02d1746655627217715767b0d4fd13815114bShawn Willden delete p; 330c9b02d1746655627217715767b0d4fd13815114bShawn Willden } 331c9b02d1746655627217715767b0d4fd13815114bShawn Willden}; 332c9b02d1746655627217715767b0d4fd13815114bShawn Willden 333ba0d5d01bde427b7d7a22cec84cd9304c00b4e14Shawn Willdenkeymaster_error_t EcKeySizeToCurve(uint32_t key_size_bits, keymaster_ec_curve_t* curve); 334ba0d5d01bde427b7d7a22cec84cd9304c00b4e14Shawn Willdenkeymaster_error_t EcCurveToKeySize(keymaster_ec_curve_t curve, uint32_t* key_size_bits); 335ba0d5d01bde427b7d7a22cec84cd9304c00b4e14Shawn Willden 3365ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden} // namespace keymaster 3375ada7b6c525d2bfd5b556a698ccb11db23e052bbShawn Willden 338b6837e7a62a1192e33beef586282812239ee8b28Shawn Willden#endif // SYSTEM_KEYMASTER_ANDROID_KEYMASTER_UTILS_H_ 339