198b998b59a417bb22b88587eac8311efd08169b9Shawn Willden/* 298b998b59a417bb22b88587eac8311efd08169b9Shawn Willden ** Copyright 2018, The Android Open Source Project 398b998b59a417bb22b88587eac8311efd08169b9Shawn Willden ** 498b998b59a417bb22b88587eac8311efd08169b9Shawn Willden ** Licensed under the Apache License, Version 2.0 (the "License"); 598b998b59a417bb22b88587eac8311efd08169b9Shawn Willden ** you may not use this file except in compliance with the License. 698b998b59a417bb22b88587eac8311efd08169b9Shawn Willden ** You may obtain a copy of the License at 798b998b59a417bb22b88587eac8311efd08169b9Shawn Willden ** 898b998b59a417bb22b88587eac8311efd08169b9Shawn Willden ** http://www.apache.org/licenses/LICENSE-2.0 998b998b59a417bb22b88587eac8311efd08169b9Shawn Willden ** 1098b998b59a417bb22b88587eac8311efd08169b9Shawn Willden ** Unless required by applicable law or agreed to in writing, software 1198b998b59a417bb22b88587eac8311efd08169b9Shawn Willden ** distributed under the License is distributed on an "AS IS" BASIS, 1298b998b59a417bb22b88587eac8311efd08169b9Shawn Willden ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1398b998b59a417bb22b88587eac8311efd08169b9Shawn Willden ** See the License for the specific language governing permissions and 1498b998b59a417bb22b88587eac8311efd08169b9Shawn Willden ** limitations under the License. 1598b998b59a417bb22b88587eac8311efd08169b9Shawn Willden */ 1698b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 1798b998b59a417bb22b88587eac8311efd08169b9Shawn Willden#include <keymasterV4_0/Keymaster.h> 1898b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 19f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden#include <iomanip> 20f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden 2198b998b59a417bb22b88587eac8311efd08169b9Shawn Willden#include <android-base/logging.h> 2298b998b59a417bb22b88587eac8311efd08169b9Shawn Willden#include <android/hidl/manager/1.0/IServiceManager.h> 2398b998b59a417bb22b88587eac8311efd08169b9Shawn Willden#include <keymasterV4_0/Keymaster3.h> 2498b998b59a417bb22b88587eac8311efd08169b9Shawn Willden#include <keymasterV4_0/Keymaster4.h> 25f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden#include <keymasterV4_0/key_param_output.h> 26f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden#include <keymasterV4_0/keymaster_utils.h> 2798b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 2898b998b59a417bb22b88587eac8311efd08169b9Shawn Willdennamespace android { 2998b998b59a417bb22b88587eac8311efd08169b9Shawn Willdennamespace hardware { 30f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden 31f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willdentemplate <class T> 32f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willdenstd::ostream& operator<<(std::ostream& os, const hidl_vec<T>& vec) { 33f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden os << "{ "; 34f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden if (vec.size()) { 35f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden for (size_t i = 0; i < vec.size() - 1; ++i) os << vec[i] << ", "; 36f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden os << vec[vec.size() - 1]; 37f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden } 38f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden os << " }"; 39f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden return os; 40f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden} 41f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden 42f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willdenstd::ostream& operator<<(std::ostream& os, const hidl_vec<uint8_t>& vec) { 43f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden std::ios_base::fmtflags flags(os.flags()); 44f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden os << std::setw(2) << std::setfill('0') << std::hex; 45f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden for (uint8_t c : vec) os << static_cast<int>(c); 46f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden os.flags(flags); 47f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden return os; 48f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden} 49f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden 50f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willdentemplate <size_t N> 51f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willdenstd::ostream& operator<<(std::ostream& os, const hidl_array<uint8_t, N>& vec) { 52f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden std::ios_base::fmtflags flags(os.flags()); 53f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden os << std::setw(2) << std::setfill('0') << std::hex; 54f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden for (size_t i = 0; i < N; ++i) os << static_cast<int>(vec[i]); 55f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden os.flags(flags); 56f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden return os; 57f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden} 58f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden 5998b998b59a417bb22b88587eac8311efd08169b9Shawn Willdennamespace keymaster { 6098b998b59a417bb22b88587eac8311efd08169b9Shawn Willdennamespace V4_0 { 61f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden 62f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willdenstd::ostream& operator<<(std::ostream& os, const HmacSharingParameters& params) { 63f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden // Note that by design, although seed and nonce are used to compute a secret, they are 64f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden // not secrets and it's just fine to log them. 65f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden os << "(seed: " << params.seed << ", nonce: " << params.nonce << ')'; 66f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden return os; 67f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden} 68f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden 6998b998b59a417bb22b88587eac8311efd08169b9Shawn Willdennamespace support { 7098b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 7198b998b59a417bb22b88587eac8311efd08169b9Shawn Willdenusing ::android::sp; 7298b998b59a417bb22b88587eac8311efd08169b9Shawn Willdenusing ::android::hidl::manager::V1_0::IServiceManager; 7398b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 74f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willdenstd::ostream& operator<<(std::ostream& os, const Keymaster& keymaster) { 75f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden auto& version = keymaster.halVersion(); 76f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden os << version.keymasterName << " from " << version.authorName 77f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden << " SecurityLevel: " << toString(version.securityLevel) 78f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden << " HAL: " << keymaster.descriptor() << "/" << keymaster.instanceName(); 79f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden return os; 80f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden} 81f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden 8298b998b59a417bb22b88587eac8311efd08169b9Shawn Willdentemplate <typename Wrapper> 8398b998b59a417bb22b88587eac8311efd08169b9Shawn Willdenstd::vector<std::unique_ptr<Keymaster>> enumerateDevices( 8498b998b59a417bb22b88587eac8311efd08169b9Shawn Willden const sp<IServiceManager>& serviceManager) { 85f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden Keymaster::KeymasterSet result; 8698b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 8798b998b59a417bb22b88587eac8311efd08169b9Shawn Willden bool foundDefault = false; 8898b998b59a417bb22b88587eac8311efd08169b9Shawn Willden auto& descriptor = Wrapper::WrappedIKeymasterDevice::descriptor; 8998b998b59a417bb22b88587eac8311efd08169b9Shawn Willden serviceManager->listByInterface(descriptor, [&](const hidl_vec<hidl_string>& names) { 9098b998b59a417bb22b88587eac8311efd08169b9Shawn Willden for (auto& name : names) { 9198b998b59a417bb22b88587eac8311efd08169b9Shawn Willden if (name == "default") foundDefault = true; 929c36c919457fe2ccd6757620122d35069e26bf8dnagendra modadugu auto device = Wrapper::WrappedIKeymasterDevice::getService(name); 9398b998b59a417bb22b88587eac8311efd08169b9Shawn Willden CHECK(device) << "Failed to get service for " << descriptor << " with interface name " 9498b998b59a417bb22b88587eac8311efd08169b9Shawn Willden << name; 9598b998b59a417bb22b88587eac8311efd08169b9Shawn Willden result.push_back(std::unique_ptr<Keymaster>(new Wrapper(device, name))); 9698b998b59a417bb22b88587eac8311efd08169b9Shawn Willden } 9798b998b59a417bb22b88587eac8311efd08169b9Shawn Willden }); 9898b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 9998b998b59a417bb22b88587eac8311efd08169b9Shawn Willden if (!foundDefault) { 10098b998b59a417bb22b88587eac8311efd08169b9Shawn Willden // "default" wasn't provided by listByInterface. Maybe there's a passthrough 10198b998b59a417bb22b88587eac8311efd08169b9Shawn Willden // implementation. 10298b998b59a417bb22b88587eac8311efd08169b9Shawn Willden auto device = Wrapper::WrappedIKeymasterDevice::getService("default"); 10398b998b59a417bb22b88587eac8311efd08169b9Shawn Willden if (device) result.push_back(std::unique_ptr<Keymaster>(new Wrapper(device, "default"))); 10498b998b59a417bb22b88587eac8311efd08169b9Shawn Willden } 10598b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 10698b998b59a417bb22b88587eac8311efd08169b9Shawn Willden return result; 10798b998b59a417bb22b88587eac8311efd08169b9Shawn Willden} 10898b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 109f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn WilldenKeymaster::KeymasterSet Keymaster::enumerateAvailableDevices() { 11098b998b59a417bb22b88587eac8311efd08169b9Shawn Willden auto serviceManager = IServiceManager::getService(); 11198b998b59a417bb22b88587eac8311efd08169b9Shawn Willden CHECK(serviceManager) << "Could not retrieve ServiceManager"; 11298b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 11398b998b59a417bb22b88587eac8311efd08169b9Shawn Willden auto km4s = enumerateDevices<Keymaster4>(serviceManager); 11498b998b59a417bb22b88587eac8311efd08169b9Shawn Willden auto km3s = enumerateDevices<Keymaster3>(serviceManager); 11598b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 11698b998b59a417bb22b88587eac8311efd08169b9Shawn Willden auto result = std::move(km4s); 11798b998b59a417bb22b88587eac8311efd08169b9Shawn Willden result.insert(result.end(), std::make_move_iterator(km3s.begin()), 11898b998b59a417bb22b88587eac8311efd08169b9Shawn Willden std::make_move_iterator(km3s.end())); 11998b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 12098b998b59a417bb22b88587eac8311efd08169b9Shawn Willden std::sort(result.begin(), result.end(), 12198b998b59a417bb22b88587eac8311efd08169b9Shawn Willden [](auto& a, auto& b) { return a->halVersion() > b->halVersion(); }); 12298b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 12398b998b59a417bb22b88587eac8311efd08169b9Shawn Willden size_t i = 1; 12498b998b59a417bb22b88587eac8311efd08169b9Shawn Willden LOG(INFO) << "List of Keymaster HALs found:"; 125f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden for (auto& hal : result) LOG(INFO) << "Keymaster HAL #" << i++ << ": " << *hal; 12698b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 12798b998b59a417bb22b88587eac8311efd08169b9Shawn Willden return result; 12898b998b59a417bb22b88587eac8311efd08169b9Shawn Willden} 12998b998b59a417bb22b88587eac8311efd08169b9Shawn Willden 130f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willdenstatic hidl_vec<HmacSharingParameters> getHmacParameters( 131f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden const Keymaster::KeymasterSet& keymasters) { 132f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden std::vector<HmacSharingParameters> params_vec; 133f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden params_vec.reserve(keymasters.size()); 134f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden for (auto& keymaster : keymasters) { 135f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden if (keymaster->halVersion().majorVersion < 4) continue; 136f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden auto rc = keymaster->getHmacSharingParameters([&](auto error, auto& params) { 137f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden CHECK(error == ErrorCode::OK) 138f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden << "Failed to get HMAC parameters from " << *keymaster << " error " << error; 139f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden params_vec.push_back(params); 140f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden }); 141f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster 142f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden << " error: " << rc.description(); 143f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden } 144f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden std::sort(params_vec.begin(), params_vec.end()); 145f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden 146f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden return params_vec; 147f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden} 148f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden 149f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willdenstatic void computeHmac(const Keymaster::KeymasterSet& keymasters, 150f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden const hidl_vec<HmacSharingParameters>& params) { 151f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden if (!params.size()) return; 152f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden 153f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden hidl_vec<uint8_t> sharingCheck; 154f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden bool firstKeymaster = true; 155f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden LOG(DEBUG) << "Computing HMAC with params " << params; 156f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden for (auto& keymaster : keymasters) { 157f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden if (keymaster->halVersion().majorVersion < 4) continue; 158f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden LOG(DEBUG) << "Computing HMAC for " << *keymaster; 1596dad2b3a4b16c7c6b2b866844484c5eb76468619Shawn Willden auto rc = keymaster->computeSharedHmac( 1606dad2b3a4b16c7c6b2b866844484c5eb76468619Shawn Willden params, [&](ErrorCode error, const hidl_vec<uint8_t>& curSharingCheck) { 1616dad2b3a4b16c7c6b2b866844484c5eb76468619Shawn Willden CHECK(error == ErrorCode::OK) 1626dad2b3a4b16c7c6b2b866844484c5eb76468619Shawn Willden << "Failed to get HMAC parameters from " << *keymaster << " error " << error; 1636dad2b3a4b16c7c6b2b866844484c5eb76468619Shawn Willden if (firstKeymaster) { 1646dad2b3a4b16c7c6b2b866844484c5eb76468619Shawn Willden sharingCheck = curSharingCheck; 1656dad2b3a4b16c7c6b2b866844484c5eb76468619Shawn Willden firstKeymaster = false; 1666dad2b3a4b16c7c6b2b866844484c5eb76468619Shawn Willden } 1676dad2b3a4b16c7c6b2b866844484c5eb76468619Shawn Willden CHECK(curSharingCheck == sharingCheck) 1686dad2b3a4b16c7c6b2b866844484c5eb76468619Shawn Willden << "HMAC computation failed for " << *keymaster // 1696dad2b3a4b16c7c6b2b866844484c5eb76468619Shawn Willden << " Expected: " << sharingCheck // 1706dad2b3a4b16c7c6b2b866844484c5eb76468619Shawn Willden << " got: " << curSharingCheck; 1716dad2b3a4b16c7c6b2b866844484c5eb76468619Shawn Willden }); 172f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster 173f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden << " error: " << rc.description(); 174f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden } 175f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden} 176f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden 177f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willdenvoid Keymaster::performHmacKeyAgreement(const KeymasterSet& keymasters) { 178f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden computeHmac(keymasters, getHmacParameters(keymasters)); 179f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden} 180f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden 18198b998b59a417bb22b88587eac8311efd08169b9Shawn Willden} // namespace support 18298b998b59a417bb22b88587eac8311efd08169b9Shawn Willden} // namespace V4_0 18398b998b59a417bb22b88587eac8311efd08169b9Shawn Willden} // namespace keymaster 18498b998b59a417bb22b88587eac8311efd08169b9Shawn Willden} // namespace hardware 185f0f05d4052347dabe063f034956df3b6ed2ad5e1Shawn Willden} // namespace android 186