diff options
author | Trevor Drake <trevordrake.gerrit@gmail.com> | 2015-03-13 02:22:14 +0000 |
---|---|---|
committer | Trevor Drake <trevordrake.gerrit@gmail.com> | 2015-03-13 02:22:14 +0000 |
commit | d509a73235150f21fe2f7d9e230a6b28b523656a (patch) | |
tree | b78dd2230447ae54781644ce8e6936b0447574eb | |
parent | 395fa327e0178568aef1984413d80e4fb223afdc (diff) | |
download | grouper-d509a73235150f21fe2f7d9e230a6b28b523656a.tar.gz |
Clean up Keystore compilation
Remove keystore module from self-extractors as
self-extractors/nvidia/staging/keymaster is a duplicate of
device/asus/grouper/keymaster.
Clean up device/asus/grouper/keymaster/Android.mk.
Removed redundant TARGET_ARCH check
Removed redundant includes and cflags
Automate discovery of the non-open dependency
If BOARD_HAS_TF_CRYPTO_SST is not already defined then
check for libtf_crypto_sst in the device related vendor
directories.
Change-Id: I0f77cbc49198f1129755cf9a71ce24ae4f8c5a27
-rw-r--r-- | keymaster/Android.mk | 47 | ||||
-rw-r--r-- | self-extractors/nvidia/staging/device-partial.mk | 1 | ||||
-rw-r--r-- | self-extractors/nvidia/staging/keymaster/Android.mk | 44 | ||||
-rw-r--r-- | self-extractors/nvidia/staging/keymaster/NOTICE | 220 | ||||
-rw-r--r-- | self-extractors/nvidia/staging/keymaster/cryptoki.h | 54 | ||||
-rw-r--r-- | self-extractors/nvidia/staging/keymaster/keymaster_grouper.cpp | 981 | ||||
-rw-r--r-- | self-extractors/nvidia/staging/keymaster/pkcs11.h | 595 | ||||
-rw-r--r-- | self-extractors/nvidia/staging/keymaster/s_type.h | 146 |
8 files changed, 17 insertions, 2071 deletions
diff --git a/keymaster/Android.mk b/keymaster/Android.mk index 73ed231..5a7ef34 100644 --- a/keymaster/Android.mk +++ b/keymaster/Android.mk @@ -12,37 +12,24 @@ # See the License for the specific language governing permissions and # limitations under the License. -ifeq ($(TARGET_ARCH),arm) ifneq (,$(filter grouper tilapia, $(TARGET_DEVICE))) - -# This is a nasty hack. keystore.grouper is Open Source, but it -# links against a non-Open library, so we can only build it -# when that library is present. +# Keystore.grouper is Open Source, but it links against a non-Open library, +# Print a warning and skip this module if the library is not present in the +# vendor directory or BOARD_HAS_TF_CRYPTO_SST has not been set +BOARD_HAS_TF_CRYPTO_SST ?= $(if $(wildcard vendor/*/$(TARGET_DEVICE)/*/libtf_crypto_sst.so),true) ifeq ($(BOARD_HAS_TF_CRYPTO_SST),true) - -LOCAL_PATH := $(call my-dir) - -include $(CLEAR_VARS) - -LOCAL_MODULE := keystore.grouper - -LOCAL_MODULE_PATH := $(TARGET_OUT_SHARED_LIBRARIES)/hw - -LOCAL_SRC_FILES := \ - keymaster_grouper.cpp - -LOCAL_C_INCLUDES := \ - libcore/include \ - $(LOCAL_PATH)/../security/tf_sdk/include - -LOCAL_CFLAGS := -fvisibility=hidden -Wall -Werror - -LOCAL_SHARED_LIBRARIES := libcutils liblog libcrypto libtf_crypto_sst - -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SHARED_LIBRARY) - -endif + LOCAL_PATH := $(call my-dir) + include $(CLEAR_VARS) + LOCAL_MODULE := keystore.grouper + LOCAL_MODULE_PATH := $(TARGET_OUT_SHARED_LIBRARIES)/hw + LOCAL_SRC_FILES := keymaster_grouper.cpp + LOCAL_CFLAGS := -Werror + LOCAL_SHARED_LIBRARIES := libcutils liblog libcrypto libtf_crypto_sst + LOCAL_MODULE_TAGS := optional + LOCAL_MODULE_OWNER := google + include $(BUILD_SHARED_LIBRARY) +else +$(warning WARNING : Skipping keystore.grouper - Dependency Not Found libtf_crypto_sst ) endif endif + diff --git a/self-extractors/nvidia/staging/device-partial.mk b/self-extractors/nvidia/staging/device-partial.mk index 4b5399e..201dc7a 100644 --- a/self-extractors/nvidia/staging/device-partial.mk +++ b/self-extractors/nvidia/staging/device-partial.mk @@ -71,4 +71,3 @@ PRODUCT_PACKAGES := \ libstagefrighthw \ libtf_crypto_sst -PRODUCT_PACKAGES += keystore.grouper diff --git a/self-extractors/nvidia/staging/keymaster/Android.mk b/self-extractors/nvidia/staging/keymaster/Android.mk deleted file mode 100644 index 01a5b1d..0000000 --- a/self-extractors/nvidia/staging/keymaster/Android.mk +++ /dev/null @@ -1,44 +0,0 @@ -# Copyright (C) 2011 The Android Open Source Project -# -# Licensed under the Apache License, Version 2.0 (the "License"); -# you may not use this file except in compliance with the License. -# You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, software -# distributed under the License is distributed on an "AS IS" BASIS, -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -# See the License for the specific language governing permissions and -# limitations under the License. - -ifeq ($(TARGET_ARCH),arm) -ifeq ($(TARGET_DEVICE),grouper) - -LOCAL_PATH := $(call my-dir) - -include $(CLEAR_VARS) - -LOCAL_MODULE := keystore.grouper - -LOCAL_MODULE_PATH := $(TARGET_OUT_SHARED_LIBRARIES)/hw - -LOCAL_SRC_FILES := \ - keymaster_grouper.cpp - -LOCAL_C_INCLUDES := \ - libcore/include \ - $(LOCAL_PATH)/../security/tf_sdk/include - -LOCAL_CFLAGS := -fvisibility=hidden -Wall -Werror - -LOCAL_SHARED_LIBRARIES := libcutils liblog libcrypto libtf_crypto_sst - -LOCAL_MODULE_TAGS := optional - -LOCAL_MODULE_OWNER := google - -include $(BUILD_SHARED_LIBRARY) - -endif -endif diff --git a/self-extractors/nvidia/staging/keymaster/NOTICE b/self-extractors/nvidia/staging/keymaster/NOTICE deleted file mode 100644 index 390eaed..0000000 --- a/self-extractors/nvidia/staging/keymaster/NOTICE +++ /dev/null @@ -1,220 +0,0 @@ -/** - * Copyright(c) 2011 Trusted Logic. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * * Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * * Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * * Neither the name Trusted Logic nor the names of its - * contributors may be used to endorse or promote products derived - * from this software without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - - - Copyright (C) 2011 The Android Open Source Project - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - - - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - diff --git a/self-extractors/nvidia/staging/keymaster/cryptoki.h b/self-extractors/nvidia/staging/keymaster/cryptoki.h deleted file mode 100644 index 41a66ec..0000000 --- a/self-extractors/nvidia/staging/keymaster/cryptoki.h +++ /dev/null @@ -1,54 +0,0 @@ -/**
- * Copyright(c) 2011 Trusted Logic. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name Trusted Logic nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */
-#ifndef __CRYPTOKI_H__
-#define __CRYPTOKI_H__
-
-#include "s_type.h"
-
-/* Define CRYPTOKI_EXPORTS during the build of cryptoki libraries. Do
- * not define it in applications.
- */
-#ifdef CRYPTOKI_EXPORTS
-#define PKCS11_EXPORT S_DLL_EXPORT
-#else
-#define PKCS11_EXPORT S_DLL_IMPORT
-#endif
-
-#define CKV_TOKEN_SYSTEM 0x00000001
-#define CKV_TOKEN_SYSTEM_SHARED 0x00000000
-#define CKV_TOKEN_USER 0x00004004
-#define CKV_TOKEN_USER_SHARED 0x00004012
-
-#define CKV_TOKEN_SYSTEM_GROUP(gid) (0x00010000 | (gid))
-#define CKV_TOKEN_USER_GROUP(gid) (0x00020000 | (gid))
-
-#include "pkcs11.h"
-
-#endif /* __CRYPTOKI_H__ */
diff --git a/self-extractors/nvidia/staging/keymaster/keymaster_grouper.cpp b/self-extractors/nvidia/staging/keymaster/keymaster_grouper.cpp deleted file mode 100644 index 37f306a..0000000 --- a/self-extractors/nvidia/staging/keymaster/keymaster_grouper.cpp +++ /dev/null @@ -1,981 +0,0 @@ -/* - * Copyright (C) 2011 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -#include <errno.h> -#include <string.h> -#include <stdint.h> - -// For debugging -#define LOG_NDEBUG 0 - -// TEE is the Trusted Execution Environment -#define LOG_TAG "TEEKeyMaster" -#include <cutils/log.h> - -#include <hardware/hardware.h> -#include <hardware/keymaster0.h> - -#include <openssl/bn.h> -#include <openssl/err.h> -#include <openssl/evp.h> -#include <openssl/rand.h> -#include <openssl/x509.h> - -#include <cryptoki.h> -#include <pkcs11.h> - -#include <UniquePtr.h> - - -/** The size of a key ID in bytes */ -#define ID_LENGTH 32 - -/** The current stored key version. */ -const static uint32_t KEY_VERSION = 1; - - -struct EVP_PKEY_Delete { - void operator()(EVP_PKEY* p) const { - EVP_PKEY_free(p); - } -}; -typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; - -struct RSA_Delete { - void operator()(RSA* p) const { - RSA_free(p); - } -}; -typedef UniquePtr<RSA, RSA_Delete> Unique_RSA; - -struct PKCS8_PRIV_KEY_INFO_Delete { - void operator()(PKCS8_PRIV_KEY_INFO* p) const { - PKCS8_PRIV_KEY_INFO_free(p); - } -}; -typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; - -typedef UniquePtr<keymaster0_device_t> Unique_keymaster_device_t; - -typedef UniquePtr<CK_BYTE[]> Unique_CK_BYTE; - -typedef UniquePtr<CK_ATTRIBUTE[]> Unique_CK_ATTRIBUTE; - -class ByteArray { -public: - ByteArray(CK_BYTE* array, size_t len) : - mArray(array), mLength(len) { - } - - ByteArray(size_t len) : - mLength(len) { - mArray = new CK_BYTE[len]; - } - - ~ByteArray() { - if (mArray != NULL) { - delete[] mArray; - } - } - - CK_BYTE* get() const { - return mArray; - } - - void setLength(size_t length) { - mLength = length; - } - - size_t length() const { - return mLength; - } - - CK_BYTE* release() { - CK_BYTE* array = mArray; - mArray = NULL; - return array; - } - -private: - CK_BYTE* mArray; - size_t mLength; -}; -typedef UniquePtr<ByteArray> Unique_ByteArray; - -class CryptoSession { -public: - CryptoSession(CK_SESSION_HANDLE masterHandle) : - mHandle(masterHandle), mSubsession(CK_INVALID_HANDLE) { - CK_SESSION_HANDLE subsessionHandle = mHandle; - CK_RV openSessionRV = C_OpenSession(CKV_TOKEN_USER, - CKF_SERIAL_SESSION | CKF_RW_SESSION | CKVF_OPEN_SUB_SESSION, - NULL, - NULL, - &subsessionHandle); - - if (openSessionRV != CKR_OK || subsessionHandle == CK_INVALID_HANDLE) { - (void) C_Finalize(NULL_PTR); - ALOGE("Error opening secondary session with TEE: 0x%x", openSessionRV); - } else { - ALOGV("Opening subsession 0x%x", subsessionHandle); - mSubsession = subsessionHandle; - } - } - - ~CryptoSession() { - if (mSubsession != CK_INVALID_HANDLE) { - CK_RV rv = C_CloseSession(mSubsession); - ALOGV("Closing subsession 0x%x: 0x%x", mSubsession, rv); - mSubsession = CK_INVALID_HANDLE; - } - } - - CK_SESSION_HANDLE get() const { - return mSubsession; - } - - CK_SESSION_HANDLE getPrimary() const { - return mHandle; - } - -private: - CK_SESSION_HANDLE mHandle; - CK_SESSION_HANDLE mSubsession; -}; - -class ObjectHandle { -public: - ObjectHandle(const CryptoSession* session, CK_OBJECT_HANDLE handle = CK_INVALID_HANDLE) : - mSession(session), mHandle(handle) { - } - - ~ObjectHandle() { - if (mHandle != CK_INVALID_HANDLE) { - CK_RV rv = C_CloseObjectHandle(mSession->getPrimary(), mHandle); - if (rv != CKR_OK) { - ALOGW("Couldn't close object handle 0x%x: 0x%x", mHandle, rv); - } else { - ALOGV("Closing object handle 0x%x", mHandle); - mHandle = CK_INVALID_HANDLE; - } - } - } - - CK_OBJECT_HANDLE get() const { - return mHandle; - } - - void reset(CK_OBJECT_HANDLE handle) { - mHandle = handle; - } - -private: - const CryptoSession* mSession; - CK_OBJECT_HANDLE mHandle; -}; - - -/** - * Many OpenSSL APIs take ownership of an argument on success but don't free the argument - * on failure. This means we need to tell our scoped pointers when we've transferred ownership, - * without triggering a warning by not using the result of release(). - */ -#define OWNERSHIP_TRANSFERRED(obj) \ - typeof (obj.release()) _dummy __attribute__((unused)) = obj.release() - - -/* - * Checks this thread's OpenSSL error queue and logs if - * necessary. - */ -static void logOpenSSLError(const char* location) { - int error = ERR_get_error(); - - if (error != 0) { - char message[256]; - ERR_error_string_n(error, message, sizeof(message)); - ALOGE("OpenSSL error in %s %d: %s", location, error, message); - } - - ERR_clear_error(); - ERR_remove_state(0); -} - - -/** - * Convert from OpenSSL's BIGNUM format to TEE's Big Integer format. - */ -static ByteArray* bignum_to_array(const BIGNUM* bn) { - const int bignumSize = BN_num_bytes(bn); - - Unique_CK_BYTE bytes(new CK_BYTE[bignumSize]); - - unsigned char* tmp = reinterpret_cast<unsigned char*>(bytes.get()); - if (BN_bn2bin(bn, tmp) != bignumSize) { - ALOGE("public exponent size wasn't what was expected"); - return NULL; - } - - return new ByteArray(bytes.release(), bignumSize); -} - -static void set_attribute(CK_ATTRIBUTE* attrib, CK_ATTRIBUTE_TYPE type, void* pValue, - CK_ULONG ulValueLen) { - attrib->type = type; - attrib->pValue = pValue; - attrib->ulValueLen = ulValueLen; -} - -static ByteArray* generate_random_id() { - Unique_ByteArray id(new ByteArray(ID_LENGTH)); - if (RAND_pseudo_bytes(reinterpret_cast<unsigned char*>(id->get()), id->length()) < 0) { - return NULL; - } - - return id.release(); -} - -static int keyblob_save(ByteArray* objId, uint8_t** key_blob, size_t* key_blob_length) { - Unique_ByteArray handleBlob(new ByteArray(sizeof(uint32_t) + objId->length())); - if (handleBlob.get() == NULL) { - ALOGE("Could not allocate key blob"); - return -1; - } - uint8_t* tmp = handleBlob->get(); - for (size_t i = 0; i < sizeof(uint32_t); i++) { - *tmp++ = KEY_VERSION >> ((sizeof(uint32_t) - i - 1) * 8); - } - memcpy(tmp, objId->get(), objId->length()); - - *key_blob_length = handleBlob->length(); - *key_blob = handleBlob->get(); - ByteArray* unused __attribute__((unused)) = handleBlob.release(); - - return 0; -} - -static int find_single_object(const uint8_t* obj_id, const size_t obj_id_length, - CK_OBJECT_CLASS obj_class, const CryptoSession* session, ObjectHandle* object) { - - // Note that the CKA_ID attribute is never written, so we can cast away const here. - void* obj_id_ptr = reinterpret_cast<void*>(const_cast<uint8_t*>(obj_id)); - CK_ATTRIBUTE attributes[] = { - { CKA_ID, obj_id_ptr, obj_id_length }, - { CKA_CLASS, &obj_class, sizeof(obj_class) }, - }; - - CK_RV rv = C_FindObjectsInit(session->get(), attributes, - sizeof(attributes) / sizeof(CK_ATTRIBUTE)); - if (rv != CKR_OK) { - ALOGE("Error in C_FindObjectsInit: 0x%x", rv); - return -1; - } - - CK_OBJECT_HANDLE tmpHandle; - CK_ULONG tmpCount; - - rv = C_FindObjects(session->get(), &tmpHandle, 1, &tmpCount); - ALOGV("Found %d object 0x%x : class 0x%x", tmpCount, tmpHandle, obj_class); - if (rv != CKR_OK || tmpCount != 1) { - C_FindObjectsFinal(session->get()); - ALOGE("Couldn't find key!"); - return -1; - } - C_FindObjectsFinal(session->get()); - - object->reset(tmpHandle); - return 0; -} - -static int keyblob_restore(const CryptoSession* session, const uint8_t* keyBlob, - const size_t keyBlobLength, ObjectHandle* public_key, ObjectHandle* private_key) { - if (keyBlob == NULL) { - ALOGE("key blob was null"); - return -1; - } - - if (keyBlobLength < (sizeof(KEY_VERSION) + ID_LENGTH)) { - ALOGE("key blob is not correct size"); - return -1; - } - - uint32_t keyVersion = 0; - - const uint8_t* p = keyBlob; - for (size_t i = 0; i < sizeof(keyVersion); i++) { - keyVersion = (keyVersion << 8) | *p++; - } - - if (keyVersion != 1) { - ALOGE("Invalid key version %d", keyVersion); - return -1; - } - - return find_single_object(p, ID_LENGTH, CKO_PUBLIC_KEY, session, public_key) - || find_single_object(p, ID_LENGTH, CKO_PRIVATE_KEY, session, private_key); -} - -static int tee_generate_keypair(const keymaster0_device_t* dev, - const keymaster_keypair_t type, const void* key_params, - uint8_t** key_blob, size_t* key_blob_length) { - CK_BBOOL bTRUE = CK_TRUE; - - if (type != TYPE_RSA) { - ALOGW("Unknown key type %d", type); - return -1; - } - - if (key_params == NULL) { - ALOGW("generate_keypair params were NULL"); - return -1; - } - - keymaster_rsa_keygen_params_t* rsa_params = (keymaster_rsa_keygen_params_t*) key_params; - - CK_MECHANISM mechanism = { - CKM_RSA_PKCS_KEY_PAIR_GEN, NULL, 0, - }; - CK_ULONG modulusBits = (CK_ULONG) rsa_params->modulus_size; - - /** - * Convert our unsigned 64-bit integer to the TEE Big Integer class. It's - * an unsigned array of bytes with MSB first. - */ - CK_BYTE publicExponent[sizeof(uint64_t)]; - const uint64_t exp = rsa_params->public_exponent; - size_t offset = sizeof(publicExponent) - 1; - for (size_t i = 0; i < sizeof(publicExponent); i++) { - publicExponent[offset--] = (exp >> (i * CHAR_BIT)) & 0xFF; - } - - Unique_ByteArray objId(generate_random_id()); - if (objId.get() == NULL) { - ALOGE("Couldn't generate random key ID"); - return -1; - } - - CK_ATTRIBUTE publicKeyTemplate[] = { - {CKA_ID, objId->get(), objId->length()}, - {CKA_TOKEN, &bTRUE, sizeof(bTRUE)}, - {CKA_ENCRYPT, &bTRUE, sizeof(bTRUE)}, - {CKA_VERIFY, &bTRUE, sizeof(bTRUE)}, - {CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits)}, - {CKA_PUBLIC_EXPONENT, publicExponent, sizeof(publicExponent)}, - }; - - CK_ATTRIBUTE privateKeyTemplate[] = { - {CKA_ID, objId->get(), objId->length()}, - {CKA_TOKEN, &bTRUE, sizeof(bTRUE)}, - {CKA_DECRYPT, &bTRUE, sizeof(bTRUE)}, - {CKA_SIGN, &bTRUE, sizeof(bTRUE)}, - }; - - CryptoSession session(reinterpret_cast<CK_SESSION_HANDLE>(dev->context)); - - CK_OBJECT_HANDLE hPublicKey, hPrivateKey; - CK_RV rv = C_GenerateKeyPair(session.get(), - &mechanism, - publicKeyTemplate, - sizeof(publicKeyTemplate)/sizeof(CK_ATTRIBUTE), - privateKeyTemplate, - sizeof(privateKeyTemplate)/sizeof(CK_ATTRIBUTE), - &hPublicKey, - &hPrivateKey); - - if (rv != CKR_OK) { - ALOGE("Generate keypair failed: 0x%x", rv); - return -1; - } - - ObjectHandle publicKey(&session, hPublicKey); - ObjectHandle privateKey(&session, hPrivateKey); - ALOGV("public handle = 0x%x, private handle = 0x%x", publicKey.get(), privateKey.get()); - - return keyblob_save(objId.get(), key_blob, key_blob_length); -} - -static int tee_import_keypair(const keymaster0_device_t* dev, - const uint8_t* key, const size_t key_length, - uint8_t** key_blob, size_t* key_blob_length) { - CK_RV rv; - CK_BBOOL bTRUE = CK_TRUE; - - if (key == NULL) { - ALOGW("provided key is null"); - return -1; - } - - Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &key, key_length)); - if (pkcs8.get() == NULL) { - logOpenSSLError("tee_import_keypair"); - return -1; - } - - /* assign to EVP */ - Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get())); - if (pkey.get() == NULL) { - logOpenSSLError("tee_import_keypair"); - return -1; - } - - if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) { - ALOGE("Unsupported key type: %d", EVP_PKEY_type(pkey->type)); - return -1; - } - - Unique_RSA rsa(EVP_PKEY_get1_RSA(pkey.get())); - if (rsa.get() == NULL) { - logOpenSSLError("tee_import_keypair"); - return -1; - } - - Unique_ByteArray modulus(bignum_to_array(rsa->n)); - if (modulus.get() == NULL) { - ALOGW("Could not convert modulus to array"); - return -1; - } - - Unique_ByteArray publicExponent(bignum_to_array(rsa->e)); - if (publicExponent.get() == NULL) { - ALOGW("Could not convert publicExponent to array"); - return -1; - } - - CK_KEY_TYPE rsaType = CKK_RSA; - - CK_OBJECT_CLASS pubClass = CKO_PUBLIC_KEY; - - Unique_ByteArray objId(generate_random_id()); - if (objId.get() == NULL) { - ALOGE("Couldn't generate random key ID"); - return -1; - } - - CK_ATTRIBUTE publicKeyTemplate[] = { - {CKA_ID, objId->get(), objId->length()}, - {CKA_TOKEN, &bTRUE, sizeof(bTRUE)}, - {CKA_CLASS, &pubClass, sizeof(pubClass)}, - {CKA_KEY_TYPE, &rsaType, sizeof(rsaType)}, - {CKA_ENCRYPT, &bTRUE, sizeof(bTRUE)}, - {CKA_VERIFY, &bTRUE, sizeof(bTRUE)}, - {CKA_MODULUS, modulus->get(), modulus->length()}, - {CKA_PUBLIC_EXPONENT, publicExponent->get(), publicExponent->length()}, - }; - - CryptoSession session(reinterpret_cast<CK_SESSION_HANDLE>(dev->context)); - - CK_OBJECT_HANDLE hPublicKey; - rv = C_CreateObject(session.get(), - publicKeyTemplate, - sizeof(publicKeyTemplate)/sizeof(CK_ATTRIBUTE), - &hPublicKey); - if (rv != CKR_OK) { - ALOGE("Creation of public key failed: 0x%x", rv); - return -1; - } - ObjectHandle publicKey(&session, hPublicKey); - - Unique_ByteArray privateExponent(bignum_to_array(rsa->d)); - if (privateExponent.get() == NULL) { - ALOGW("Could not convert private exponent"); - return -1; - } - - - /* - * Normally we need: - * CKA_ID - * CKA_TOKEN - * CKA_CLASS - * CKA_KEY_TYPE - * - * CKA_DECRYPT - * CKA_SIGN - * - * CKA_MODULUS - * CKA_PUBLIC_EXPONENT - * CKA_PRIVATE_EXPONENT - */ -#define PRIV_ATTRIB_NORMAL_NUM (4 + 2 + 3) - - /* - * For additional private key values: - * CKA_PRIME_1 - * CKA_PRIME_2 - * - * CKA_EXPONENT_1 - * CKA_EXPONENT_2 - * - * CKA_COEFFICIENT - */ -#define PRIV_ATTRIB_EXTENDED_NUM (PRIV_ATTRIB_NORMAL_NUM + 5) - - /* - * If we have the prime, prime exponents, and coefficient, we can - * copy them in. - */ - bool has_extra_data = (rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && - (rsa->dmq1 != NULL) && (rsa->iqmp != NULL); - - Unique_CK_ATTRIBUTE privateKeyTemplate(new CK_ATTRIBUTE[ - has_extra_data ? PRIV_ATTRIB_EXTENDED_NUM : PRIV_ATTRIB_NORMAL_NUM]); - - CK_OBJECT_CLASS privClass = CKO_PRIVATE_KEY; - - size_t templateOffset = 0; - - set_attribute(&privateKeyTemplate[templateOffset++], CKA_ID, objId->get(), objId->length()); - set_attribute(&privateKeyTemplate[templateOffset++], CKA_TOKEN, &bTRUE, sizeof(bTRUE)); - set_attribute(&privateKeyTemplate[templateOffset++], CKA_CLASS, &privClass, sizeof(privClass)); - set_attribute(&privateKeyTemplate[templateOffset++], CKA_KEY_TYPE, &rsaType, sizeof(rsaType)); - - set_attribute(&privateKeyTemplate[templateOffset++], CKA_DECRYPT, &bTRUE, sizeof(bTRUE)); - set_attribute(&privateKeyTemplate[templateOffset++], CKA_SIGN, &bTRUE, sizeof(bTRUE)); - - set_attribute(&privateKeyTemplate[templateOffset++], CKA_MODULUS, modulus->get(), - modulus->length()); - set_attribute(&privateKeyTemplate[templateOffset++], CKA_PUBLIC_EXPONENT, - publicExponent->get(), publicExponent->length()); - set_attribute(&privateKeyTemplate[templateOffset++], CKA_PRIVATE_EXPONENT, - privateExponent->get(), privateExponent->length()); - - Unique_ByteArray prime1, prime2, exp1, exp2, coeff; - if (has_extra_data) { - prime1.reset(bignum_to_array(rsa->p)); - if (prime1->get() == NULL) { - ALOGW("Could not convert prime1"); - return -1; - } - set_attribute(&privateKeyTemplate[templateOffset++], CKA_PRIME_1, prime1->get(), - prime1->length()); - - prime2.reset(bignum_to_array(rsa->q)); - if (prime2->get() == NULL) { - ALOGW("Could not convert prime2"); - return -1; - } - set_attribute(&privateKeyTemplate[templateOffset++], CKA_PRIME_2, prime2->get(), - prime2->length()); - - exp1.reset(bignum_to_array(rsa->dmp1)); - if (exp1->get() == NULL) { - ALOGW("Could not convert exponent 1"); - return -1; - } - set_attribute(&privateKeyTemplate[templateOffset++], CKA_EXPONENT_1, exp1->get(), - exp1->length()); - - exp2.reset(bignum_to_array(rsa->dmq1)); - if (exp2->get() == NULL) { - ALOGW("Could not convert exponent 2"); - return -1; - } - set_attribute(&privateKeyTemplate[templateOffset++], CKA_EXPONENT_2, exp2->get(), - exp2->length()); - - coeff.reset(bignum_to_array(rsa->iqmp)); - if (coeff->get() == NULL) { - ALOGW("Could not convert coefficient"); - return -1; - } - set_attribute(&privateKeyTemplate[templateOffset++], CKA_COEFFICIENT, coeff->get(), - coeff->length()); - } - - CK_OBJECT_HANDLE hPrivateKey; - rv = C_CreateObject(session.get(), - privateKeyTemplate.get(), - templateOffset, - &hPrivateKey); - if (rv != CKR_OK) { - ALOGE("Creation of private key failed: 0x%x", rv); - return -1; - } - ObjectHandle privateKey(&session, hPrivateKey); - - ALOGV("public handle = 0x%x, private handle = 0x%x", publicKey.get(), privateKey.get()); - - return keyblob_save(objId.get(), key_blob, key_blob_length); -} - -static int tee_get_keypair_public(const keymaster0_device_t* dev, - const uint8_t* key_blob, const size_t key_blob_length, - uint8_t** x509_data, size_t* x509_data_length) { - - CryptoSession session(reinterpret_cast<CK_SESSION_HANDLE>(dev->context)); - - ObjectHandle publicKey(&session); - ObjectHandle privateKey(&session); - - if (keyblob_restore(&session, key_blob, key_blob_length, &publicKey, &privateKey)) { - return -1; - } - - if (x509_data == NULL || x509_data_length == NULL) { - ALOGW("Provided destination variables were null"); - return -1; - } - - CK_ATTRIBUTE attributes[] = { - {CKA_MODULUS, NULL, 0}, - {CKA_PUBLIC_EXPONENT, NULL, 0}, - }; - - // Call first to get the sizes of the values. - CK_RV rv = C_GetAttributeValue(session.get(), publicKey.get(), attributes, - sizeof(attributes)/sizeof(CK_ATTRIBUTE)); - if (rv != CKR_OK) { - ALOGW("Could not query attribute value sizes: 0x%02x", rv); - return -1; - } - - ByteArray modulus(new CK_BYTE[attributes[0].ulValueLen], attributes[0].ulValueLen); - ByteArray exponent(new CK_BYTE[attributes[1].ulValueLen], attributes[1].ulValueLen); - - attributes[0].pValue = modulus.get(); - attributes[1].pValue = exponent.get(); - - rv = C_GetAttributeValue(session.get(), publicKey.get(), attributes, - sizeof(attributes) / sizeof(CK_ATTRIBUTE)); - if (rv != CKR_OK) { - ALOGW("Could not query attribute values: 0x%02x", rv); - return -1; - } - - ALOGV("modulus is %d (ret=%d), exponent is %d (ret=%d)", - modulus.length(), attributes[0].ulValueLen, - exponent.length(), attributes[1].ulValueLen); - - /* - * Work around a bug in the implementation. The first call to measure how large the array - * should be sometimes returns values that are too large. The call to get the actual value - * returns the correct length of the array, so use that instead. - */ - modulus.setLength(attributes[0].ulValueLen); - exponent.setLength(attributes[1].ulValueLen); - - Unique_RSA rsa(RSA_new()); - if (rsa.get() == NULL) { - ALOGE("Could not allocate RSA structure"); - return -1; - } - - rsa->n = BN_bin2bn(reinterpret_cast<const unsigned char*>(modulus.get()), modulus.length(), - NULL); - if (rsa->n == NULL) { - logOpenSSLError("tee_get_keypair_public"); - return -1; - } - - rsa->e = BN_bin2bn(reinterpret_cast<const unsigned char*>(exponent.get()), exponent.length(), - NULL); - if (rsa->e == NULL) { - logOpenSSLError("tee_get_keypair_public"); - return -1; - } - - Unique_EVP_PKEY pkey(EVP_PKEY_new()); - if (pkey.get() == NULL) { - ALOGE("Could not allocate EVP_PKEY structure"); - return -1; - } - if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) != 1) { - logOpenSSLError("tee_get_keypair_public"); - return -1; - } - OWNERSHIP_TRANSFERRED(rsa); - - int len = i2d_PUBKEY(pkey.get(), NULL); - if (len <= 0) { - logOpenSSLError("tee_get_keypair_public"); - return -1; - } - - UniquePtr<uint8_t> key(static_cast<uint8_t*>(malloc(len))); - if (key.get() == NULL) { - ALOGE("Could not allocate memory for public key data"); - return -1; - } - - unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get()); - if (i2d_PUBKEY(pkey.get(), &tmp) != len) { - logOpenSSLError("tee_get_keypair_public"); - return -1; - } - - ALOGV("Length of x509 data is %d", len); - *x509_data_length = len; - *x509_data = key.release(); - - return 0; -} - -static int tee_delete_keypair(const keymaster0_device_t* dev, - const uint8_t* key_blob, const size_t key_blob_length) { - - CryptoSession session(reinterpret_cast<CK_SESSION_HANDLE>(dev->context)); - - ObjectHandle publicKey(&session); - ObjectHandle privateKey(&session); - - if (keyblob_restore(&session, key_blob, key_blob_length, &publicKey, &privateKey)) { - return -1; - } - - // Delete the private key. - CK_RV rv = C_DestroyObject(session.get(), privateKey.get()); - if (rv != CKR_OK) { - ALOGW("Could destroy private key object: 0x%02x", rv); - return -1; - } - - // Delete the public key. - rv = C_DestroyObject(session.get(), publicKey.get()); - if (rv != CKR_OK) { - ALOGW("Could destroy public key object: 0x%02x", rv); - return -1; - } - - return 0; -} - -static int tee_sign_data(const keymaster0_device_t* dev, - const void* params, - const uint8_t* key_blob, const size_t key_blob_length, - const uint8_t* data, const size_t dataLength, - uint8_t** signedData, size_t* signedDataLength) { - ALOGV("tee_sign_data(%p, %p, %llu, %p, %llu, %p, %p)", dev, key_blob, - (unsigned long long) key_blob_length, data, (unsigned long long) dataLength, signedData, - signedDataLength); - - if (params == NULL) { - ALOGW("Signing params were null"); - return -1; - } - - CryptoSession session(reinterpret_cast<CK_SESSION_HANDLE>(dev->context)); - - ObjectHandle publicKey(&session); - ObjectHandle privateKey(&session); - - if (keyblob_restore(&session, key_blob, key_blob_length, &publicKey, &privateKey)) { - return -1; - } - ALOGV("public handle = 0x%x, private handle = 0x%x", publicKey.get(), privateKey.get()); - - keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params; - if (sign_params->digest_type != DIGEST_NONE) { - ALOGW("Cannot handle digest type %d", sign_params->digest_type); - return -1; - } else if (sign_params->padding_type != PADDING_NONE) { - ALOGW("Cannot handle padding type %d", sign_params->padding_type); - return -1; - } - - CK_MECHANISM rawRsaMechanism = { - CKM_RSA_X_509, NULL, 0 - }; - - CK_RV rv = C_SignInit(session.get(), &rawRsaMechanism, privateKey.get()); - if (rv != CKR_OK) { - ALOGV("C_SignInit failed: 0x%x", rv); - return -1; - } - - CK_BYTE signature[1024]; - CK_ULONG signatureLength = 1024; - - rv = C_Sign(session.get(), data, dataLength, signature, &signatureLength); - if (rv != CKR_OK) { - ALOGV("C_SignFinal failed: 0x%x", rv); - return -1; - } - - UniquePtr<uint8_t[]> finalSignature(new uint8_t[signatureLength]); - if (finalSignature.get() == NULL) { - ALOGE("Couldn't allocate memory to copy signature"); - return -1; - } - - memcpy(finalSignature.get(), signature, signatureLength); - - *signedData = finalSignature.release(); - *signedDataLength = static_cast<size_t>(signatureLength); - - ALOGV("tee_sign_data(%p, %p, %llu, %p, %llu, %p, %p) => %p size %llu", dev, key_blob, - (unsigned long long) key_blob_length, data, (unsigned long long) dataLength, signedData, - signedDataLength, *signedData, (unsigned long long) *signedDataLength); - - return 0; -} - -static int tee_verify_data(const keymaster0_device_t* dev, - const void* params, - const uint8_t* keyBlob, const size_t keyBlobLength, - const uint8_t* signedData, const size_t signedDataLength, - const uint8_t* signature, const size_t signatureLength) { - ALOGV("tee_verify_data(%p, %p, %llu, %p, %llu, %p, %llu)", dev, keyBlob, - (unsigned long long) keyBlobLength, signedData, (unsigned long long) signedDataLength, - signature, (unsigned long long) signatureLength); - - if (params == NULL) { - ALOGW("Verification params were null"); - return -1; - } - - CryptoSession session(reinterpret_cast<CK_SESSION_HANDLE>(dev->context)); - - ObjectHandle publicKey(&session); - ObjectHandle privateKey(&session); - - if (keyblob_restore(&session, keyBlob, keyBlobLength, &publicKey, &privateKey)) { - return -1; - } - ALOGV("public handle = 0x%x, private handle = 0x%x", publicKey.get(), privateKey.get()); - - keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params; - if (sign_params->digest_type != DIGEST_NONE) { - ALOGW("Cannot handle digest type %d", sign_params->digest_type); - return -1; - } else if (sign_params->padding_type != PADDING_NONE) { - ALOGW("Cannot handle padding type %d", sign_params->padding_type); - return -1; - } - - CK_MECHANISM rawRsaMechanism = { - CKM_RSA_X_509, NULL, 0 - }; - - CK_RV rv = C_VerifyInit(session.get(), &rawRsaMechanism, publicKey.get()); - if (rv != CKR_OK) { - ALOGV("C_VerifyInit failed: 0x%x", rv); - return -1; - } - - // This is a bad prototype for this function. C_Verify should have only const args. - rv = C_Verify(session.get(), signedData, signedDataLength, - const_cast<unsigned char*>(signature), signatureLength); - if (rv != CKR_OK) { - ALOGV("C_Verify failed: 0x%x", rv); - return -1; - } - - return 0; -} - -/* Close an opened OpenSSL instance */ -static int tee_close(hw_device_t *dev) { - keymaster0_device_t *keymaster_dev = (keymaster0_device_t *) dev; - if (keymaster_dev != NULL) { - CK_SESSION_HANDLE handle = reinterpret_cast<CK_SESSION_HANDLE>(keymaster_dev->context); - if (handle != CK_INVALID_HANDLE) { - C_CloseSession(handle); - } - } - - CK_RV finalizeRV = C_Finalize(NULL_PTR); - if (finalizeRV != CKR_OK) { - ALOGE("Error closing the TEE"); - } - free(dev); - - return 0; -} - -/* - * Generic device handling - */ -static int tee_open(const hw_module_t* module, const char* name, - hw_device_t** device) { - if (strcmp(name, KEYSTORE_KEYMASTER) != 0) - return -EINVAL; - - Unique_keymaster_device_t dev(new keymaster0_device_t); - if (dev.get() == NULL) - return -ENOMEM; - - dev->common.tag = HARDWARE_DEVICE_TAG; - dev->common.version = 1; - dev->common.module = (struct hw_module_t*) module; - dev->common.close = tee_close; - - dev->generate_keypair = tee_generate_keypair; - dev->import_keypair = tee_import_keypair; - dev->get_keypair_public = tee_get_keypair_public; - dev->delete_keypair = tee_delete_keypair; - dev->sign_data = tee_sign_data; - dev->verify_data = tee_verify_data; - dev->delete_all = NULL; - - CK_RV initializeRV = C_Initialize(NULL); - if (initializeRV != CKR_OK) { - ALOGE("Error initializing TEE: 0x%x", initializeRV); - return -ENODEV; - } - - CK_INFO info; - CK_RV infoRV = C_GetInfo(&info); - if (infoRV != CKR_OK) { - (void) C_Finalize(NULL_PTR); - ALOGE("Error getting information about TEE during initialization: 0x%x", infoRV); - return -ENODEV; - } - - ALOGI("C_GetInfo cryptokiVer=%d.%d manufID=%s flags=%d libDesc=%s libVer=%d.%d\n", - info.cryptokiVersion.major, info.cryptokiVersion.minor, - info.manufacturerID, info.flags, info.libraryDescription, - info.libraryVersion.major, info.libraryVersion.minor); - - CK_SESSION_HANDLE sessionHandle = CK_INVALID_HANDLE; - - CK_RV openSessionRV = C_OpenSession(CKV_TOKEN_USER, - CKF_SERIAL_SESSION | CKF_RW_SESSION, - NULL, - NULL, - &sessionHandle); - - if (openSessionRV != CKR_OK || sessionHandle == CK_INVALID_HANDLE) { - (void) C_Finalize(NULL_PTR); - ALOGE("Error opening primary session with TEE: 0x%x", openSessionRV); - return -1; - } - - ERR_load_crypto_strings(); - ERR_load_BIO_strings(); - - dev->context = reinterpret_cast<void*>(sessionHandle); - *device = reinterpret_cast<hw_device_t*>(dev.release()); - - return 0; -} - -static struct hw_module_methods_t keystore_module_methods = { - open: tee_open, -}; - -struct keystore_module HAL_MODULE_INFO_SYM -__attribute__ ((visibility ("default"))) = { - common: { - tag: HARDWARE_MODULE_TAG, - version_major: 1, - version_minor: 0, - id: KEYSTORE_HARDWARE_MODULE_ID, - name: "Keymaster TEE HAL", - author: "The Android Open Source Project", - methods: &keystore_module_methods, - dso: 0, - reserved: {}, - }, -}; diff --git a/self-extractors/nvidia/staging/keymaster/pkcs11.h b/self-extractors/nvidia/staging/keymaster/pkcs11.h deleted file mode 100644 index 8f28917..0000000 --- a/self-extractors/nvidia/staging/keymaster/pkcs11.h +++ /dev/null @@ -1,595 +0,0 @@ -/**
- * Copyright(c) 2011 Trusted Logic. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name Trusted Logic nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */ - -/* - * This header file contains the definition of the PKCS#11 types and functions - * supported by the Trusted Foundations Software. This header file is - * derived from the RSA Security Inc. PKCS #11 Cryptographic Token Interface - * (Cryptoki) - */ -#ifndef __PKCS11_H__ -#define __PKCS11_H__ - -#ifdef __cplusplus -extern "C" { -#endif - -/*------------------------------------------ -* Types and constants -*------------------------------------------*/ - -#include "s_type.h" - -#define CK_TRUE true -#define CK_FALSE false - -#ifndef FALSE -#define FALSE CK_FALSE -#endif - -#ifndef TRUE -#define TRUE CK_TRUE -#endif - -#define NULL_PTR NULL - -typedef uint8_t CK_BYTE, *CK_BYTE_PTR; -typedef CK_BYTE CK_CHAR, *CK_CHAR_PTR; -typedef CK_BYTE CK_UTF8CHAR, *CK_UTF8CHAR_PTR; -typedef bool CK_BBOOL; -typedef uint32_t CK_ULONG, *CK_ULONG_PTR; -typedef int32_t CK_LONG; -typedef CK_ULONG CK_FLAGS; -typedef void* CK_VOID_PTR, *CK_VOID_PTR_PTR; - -#define CK_INVALID_HANDLE 0 - -typedef struct CK_VERSION -{ - CK_BYTE major; - CK_BYTE minor; -} -CK_VERSION, *CK_VERSION_PTR; - -typedef struct CK_INFO -{ - CK_VERSION cryptokiVersion; - CK_UTF8CHAR manufacturerID[32]; - CK_FLAGS flags; - CK_UTF8CHAR libraryDescription[32]; - CK_VERSION libraryVersion; -} -CK_INFO, *CK_INFO_PTR; - -typedef CK_ULONG CK_NOTIFICATION; -typedef CK_ULONG CK_SLOT_ID, *CK_SLOT_ID_PTR; -typedef CK_ULONG CK_SESSION_HANDLE, *CK_SESSION_HANDLE_PTR; - -typedef CK_ULONG CK_USER_TYPE; -#define CKU_SO 0 -#define CKU_USER 1 -#define CKU_CONTEXT_SPECIFIC 2 - -typedef CK_ULONG CK_STATE; -#define CKS_RO_PUBLIC_SESSION 0 -#define CKS_RO_USER_FUNCTIONS 1 -#define CKS_RW_PUBLIC_SESSION 2 -#define CKS_RW_USER_FUNCTIONS 3 -#define CKS_RW_SO_FUNCTIONS 4 - -typedef struct CK_SESSION_INFO -{ - CK_SLOT_ID slotID; - CK_STATE state; - CK_FLAGS flags; - CK_ULONG ulDeviceError; -} -CK_SESSION_INFO, *CK_SESSION_INFO_PTR; - -#define CKF_RW_SESSION 0x00000002 -#define CKF_SERIAL_SESSION 0x00000004 -#define CKVF_OPEN_SUB_SESSION 0x00000008 - -typedef CK_ULONG CK_OBJECT_HANDLE, *CK_OBJECT_HANDLE_PTR; - -typedef CK_ULONG CK_OBJECT_CLASS, *CK_OBJECT_CLASS_PTR; - -#define CKO_DATA 0x00000000 -#define CKO_PUBLIC_KEY 0x00000002 -#define CKO_PRIVATE_KEY 0x00000003 -#define CKO_SECRET_KEY 0x00000004 - -typedef CK_ULONG CK_KEY_TYPE; - -#define CKK_RSA 0x00000000 -#define CKK_DSA 0x00000001 -#define CKK_DH 0x00000002 -#define CKK_EC 0x00000003 - -#define CKK_GENERIC_SECRET 0x00000010 - -#define CKK_RC4 0x00000012 -#define CKK_DES 0x00000013 -#define CKK_DES2 0x00000014 -#define CKK_DES3 0x00000015 - -#define CKK_AES 0x0000001F - -#define CKK_VENDOR_DEFINED 0x80000000 - -typedef CK_ULONG CK_ATTRIBUTE_TYPE; - -#define CKF_ARRAY_ATTRIBUTE 0x40000000 - -#define CKA_CLASS 0x00000000 -#define CKA_TOKEN 0x00000001 -#define CKA_PRIVATE 0x00000002 -#define CKA_VALUE 0x00000011 - -#define CKA_OBJECT_ID 0x00000012 - -#define CKA_KEY_TYPE 0x00000100 -#define CKA_ID 0x00000102 -#define CKA_SENSITIVE 0x00000103 -#define CKA_ENCRYPT 0x00000104 -#define CKA_DECRYPT 0x00000105 -#define CKA_WRAP 0x00000106 -#define CKA_UNWRAP 0x00000107 -#define CKA_SIGN 0x00000108 -#define CKA_VERIFY 0x0000010A -#define CKA_DERIVE 0x0000010C -#define CKA_MODULUS 0x00000120 -#define CKA_MODULUS_BITS 0x00000121 -#define CKA_PUBLIC_EXPONENT 0x00000122 -#define CKA_PRIVATE_EXPONENT 0x00000123 -#define CKA_PRIME_1 0x00000124 -#define CKA_PRIME_2 0x00000125 -#define CKA_EXPONENT_1 0x00000126 -#define CKA_EXPONENT_2 0x00000127 -#define CKA_COEFFICIENT 0x00000128 -#define CKA_PRIME 0x00000130 -#define CKA_SUBPRIME 0x00000131 -#define CKA_BASE 0x00000132 - -#define CKA_VALUE_BITS 0x00000160 -#define CKA_VALUE_LEN 0x00000161 - -#define CKA_EXTRACTABLE 0x00000162 - -#define CKA_MODIFIABLE 0x00000170 -#define CKA_COPYABLE 0x00000171 -#define CKA_ALWAYS_AUTHENTICATE 0x00000202 - -#define CKA_VENDOR_DEFINED 0x80000000 - -#define CKAV_ALLOW_NON_SENSITIVE_DERIVED_KEY 0x80000001 - -typedef struct CK_ATTRIBUTE -{ - CK_ATTRIBUTE_TYPE type; - void* pValue; - CK_ULONG ulValueLen; -} -CK_ATTRIBUTE, *CK_ATTRIBUTE_PTR; - -typedef CK_ULONG CK_MECHANISM_TYPE, *CK_MECHANISM_TYPE_PTR; - -#define CKM_RSA_PKCS_KEY_PAIR_GEN 0x00000000 -#define CKM_RSA_PKCS 0x00000001 -#define CKM_RSA_X_509 0x00000003 -#define CKM_MD5_RSA_PKCS 0x00000005 -#define CKM_SHA1_RSA_PKCS 0x00000006 -#define CKM_RSA_PKCS_OAEP 0x00000009 -#define CKM_RSA_PKCS_PSS 0x0000000D -#define CKM_SHA1_RSA_PKCS_PSS 0x0000000E -#define CKM_DSA_KEY_PAIR_GEN 0x00000010 -#define CKM_DSA 0x00000011 -#define CKM_DSA_SHA1 0x00000012 -#define CKM_DH_PKCS_KEY_PAIR_GEN 0x00000020 -#define CKM_DH_PKCS_DERIVE 0x00000021 -#define CKM_SHA256_RSA_PKCS 0x00000040 -#define CKM_SHA384_RSA_PKCS 0x00000041 -#define CKM_SHA512_RSA_PKCS 0x00000042 -#define CKM_SHA256_RSA_PKCS_PSS 0x00000043 -#define CKM_SHA384_RSA_PKCS_PSS 0x00000044 -#define CKM_SHA512_RSA_PKCS_PSS 0x00000045 -#define CKM_SHA224_RSA_PKCS 0x00000046 -#define CKM_SHA224_RSA_PKCS_PSS 0x00000047 -#define CKM_RC4_KEY_GEN 0x00000110 -#define CKM_RC4 0x00000111 -#define CKM_DES_KEY_GEN 0x00000120 -#define CKM_DES_ECB 0x00000121 -#define CKM_DES_CBC 0x00000122 -#define CKM_DES_MAC 0x00000123 -#define CKM_DES2_KEY_GEN 0x00000130 -#define CKM_DES3_KEY_GEN 0x00000131 -#define CKM_DES3_ECB 0x00000132 -#define CKM_DES3_CBC 0x00000133 -#define CKM_DES3_MAC 0x00000134 -#define CKM_MD5 0x00000210 -#define CKM_MD5_HMAC 0x00000211 -#define CKM_SHA_1 0x00000220 -#define CKM_SHA_1_HMAC 0x00000221 -#define CKM_SHA256 0x00000250 -#define CKM_SHA256_HMAC 0x00000251 -#define CKM_SHA224 0x00000255 -#define CKM_SHA224_HMAC 0x00000256 -#define CKM_SHA384 0x00000260 -#define CKM_SHA384_HMAC 0x00000261 -#define CKM_SHA512 0x00000270 -#define CKM_SHA512_HMAC 0x00000271 -#define CKM_GENERIC_SECRET_KEY_GEN 0x00000350 -#define CKM_AES_KEY_GEN 0x00001080 -#define CKM_AES_ECB 0x00001081 -#define CKM_AES_CBC 0x00001082 -#define CKM_AES_MAC 0x00001083 -#define CKM_AES_CTR 0x00001086 -#define CKM_VENDOR_DEFINED 0x80000000 -#define CKMV_AES_CTR 0x80000001 - -#define CKMV_IMPLEMENTATION_DEFINED_0 0xC0000000 -#define CKMV_IMPLEMENTATION_DEFINED_1 0xC0000001 -#define CKMV_IMPLEMENTATION_DEFINED_2 0xC0000002 -#define CKMV_IMPLEMENTATION_DEFINED_3 0xC0000003 -#define CKMV_IMPLEMENTATION_DEFINED_4 0xC0000004 -#define CKMV_IMPLEMENTATION_DEFINED_5 0xC0000005 -#define CKMV_IMPLEMENTATION_DEFINED_6 0xC0000006 -#define CKMV_IMPLEMENTATION_DEFINED_7 0xC0000007 -#define CKMV_IMPLEMENTATION_DEFINED_8 0xC0000008 -#define CKMV_IMPLEMENTATION_DEFINED_9 0xC0000009 -#define CKMV_IMPLEMENTATION_DEFINED_10 0xC000000A -#define CKMV_IMPLEMENTATION_DEFINED_11 0xC000000B -#define CKMV_IMPLEMENTATION_DEFINED_12 0xC000000C -#define CKMV_IMPLEMENTATION_DEFINED_13 0xC000000D -#define CKMV_IMPLEMENTATION_DEFINED_14 0xC000000E -#define CKMV_IMPLEMENTATION_DEFINED_15 0xC000000F - -typedef struct CK_MECHANISM -{ - CK_MECHANISM_TYPE mechanism; - void* pParameter; - CK_ULONG ulParameterLen; /* in bytes */ -} -CK_MECHANISM, *CK_MECHANISM_PTR; - -typedef CK_ULONG CK_RV; - -#define CKR_OK 0x00000000 -#define CKR_CANCEL 0x00000001 -#define CKR_HOST_MEMORY 0x00000002 -#define CKR_SLOT_ID_INVALID 0x00000003 -#define CKR_GENERAL_ERROR 0x00000005 -#define CKR_ARGUMENTS_BAD 0x00000007 -#define CKR_ATTRIBUTE_SENSITIVE 0x00000011 -#define CKR_ATTRIBUTE_TYPE_INVALID 0x00000012 -#define CKR_ATTRIBUTE_VALUE_INVALID 0x00000013 -#define CKR_COPY_PROHIBITED 0x0000001A -#define CKR_DATA_INVALID 0x00000020 -#define CKR_DATA_LEN_RANGE 0x00000021 -#define CKR_DEVICE_ERROR 0x00000030 -#define CKR_DEVICE_MEMORY 0x00000031 -#define CKR_ENCRYPTED_DATA_INVALID 0x00000040 -#define CKR_ENCRYPTED_DATA_LEN_RANGE 0x00000041 -#define CKR_KEY_HANDLE_INVALID 0x00000060 -#define CKR_KEY_SIZE_RANGE 0x00000062 -#define CKR_KEY_TYPE_INCONSISTENT 0x00000063 -#define CKR_KEY_FUNCTION_NOT_PERMITTED 0x00000068 -#define CKR_KEY_NOT_WRAPPABLE 0x00000069 -#define CKR_MECHANISM_INVALID 0x00000070 -#define CKR_MECHANISM_PARAM_INVALID 0x00000071 -#define CKR_OBJECT_HANDLE_INVALID 0x00000082 -#define CKR_OPERATION_ACTIVE 0x00000090 -#define CKR_OPERATION_NOT_INITIALIZED 0x00000091 -#define CKR_PIN_INCORRECT 0x000000A0 -#define CKR_SESSION_COUNT 0x000000B1 -#define CKR_SESSION_HANDLE_INVALID 0x000000B3 -#define CKR_SESSION_PARALLEL_NOT_SUPPORTED 0x000000B4 -#define CKR_SESSION_READ_ONLY 0x000000B5 -#define CKR_SIGNATURE_INVALID 0x000000C0 -#define CKR_SIGNATURE_LEN_RANGE 0x000000C1 -#define CKR_TEMPLATE_INCOMPLETE 0x000000D0 -#define CKR_TEMPLATE_INCONSISTENT 0x000000D1 -#define CKR_TOKEN_NOT_PRESENT 0x000000E0 -#define CKR_USER_ALREADY_LOGGED_IN 0x00000100 -#define CKR_USER_NOT_LOGGED_IN 0x00000101 -#define CKR_USER_TYPE_INVALID 0x00000103 -#define CKR_WRAPPED_KEY_LEN_RANGE 0x00000112 -#define CKR_WRAPPING_KEY_HANDLE_INVALID 0x00000113 -#define CKR_RANDOM_SEED_NOT_SUPPORTED 0x00000120 -#define CKR_RANDOM_NO_RNG 0x00000121 -#define CKR_BUFFER_TOO_SMALL 0x00000150 -#define CKR_CRYPTOKI_NOT_INITIALIZED 0x00000190 -#define CKR_CRYPTOKI_ALREADY_INITIALIZED 0x00000191 -#define CKR_VENDOR_DEFINED 0x80000000 - -typedef CK_RV (*CK_NOTIFY)( - CK_SESSION_HANDLE hSession, - CK_NOTIFICATION event, - void* pApplication -); - -typedef CK_ULONG CK_RSA_PKCS_MGF_TYPE, *CK_RSA_PKCS_MGF_TYPE_PTR; - -#define CKG_MGF1_SHA1 0x00000001 -#define CKG_MGF1_SHA256 0x00000002 -#define CKG_MGF1_SHA384 0x00000003 -#define CKG_MGF1_SHA512 0x00000004 -#define CKG_MGF1_SHA224 0x00000005 - -typedef CK_ULONG CK_RSA_PKCS_OAEP_SOURCE_TYPE, *CK_RSA_PKCS_OAEP_SOURCE_TYPE_PTR; - -#define CKZ_DATA_SPECIFIED 0x00000001 -typedef struct CK_RSA_PKCS_OAEP_PARAMS -{ - CK_MECHANISM_TYPE hashAlg; - CK_RSA_PKCS_MGF_TYPE mgf; - CK_RSA_PKCS_OAEP_SOURCE_TYPE source; - void* pSourceData; - CK_ULONG ulSourceDataLen; -} -CK_RSA_PKCS_OAEP_PARAMS, *CK_RSA_PKCS_OAEP_PARAMS_PTR; - -typedef struct CK_RSA_PKCS_PSS_PARAMS -{ - CK_MECHANISM_TYPE hashAlg; - CK_RSA_PKCS_MGF_TYPE mgf; - CK_ULONG sLen; -} -CK_RSA_PKCS_PSS_PARAMS, *CK_RSA_PKCS_PSS_PARAMS_PTR; - -typedef struct CK_AES_CTR_PARAMS -{ - CK_ULONG ulCounterBits; - CK_BYTE cb[16]; -} -CK_AES_CTR_PARAMS, *CK_AES_CTR_PARAMS_PTR; - -/*------------------------------------------ -* Functions -*------------------------------------------*/ -CK_RV PKCS11_EXPORT C_Initialize(void* pInitArgs); - -CK_RV PKCS11_EXPORT C_Finalize(void* pReserved); - -CK_RV PKCS11_EXPORT C_GetInfo(CK_INFO* pInfo); - -CK_RV PKCS11_EXPORT C_OpenSession( - CK_SLOT_ID slotID, - CK_FLAGS flags, - void* pApplication, - CK_NOTIFY Notify, - CK_SESSION_HANDLE* phSession); - -CK_RV PKCS11_EXPORT C_CloseSession( - CK_SESSION_HANDLE hSession); - -CK_RV PKCS11_EXPORT C_Login( - CK_SESSION_HANDLE hSession, - CK_USER_TYPE userType, - const CK_UTF8CHAR* pPin, - CK_ULONG ulPinLen); - -CK_RV PKCS11_EXPORT C_Logout( - CK_SESSION_HANDLE hSession); - -CK_RV PKCS11_EXPORT C_CreateObject( - CK_SESSION_HANDLE hSession, - const CK_ATTRIBUTE* pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE* phObject); - -CK_RV PKCS11_EXPORT C_DestroyObject( - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject); - -CK_RV PKCS11_EXPORT C_GetAttributeValue( - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - CK_ATTRIBUTE* pTemplate, - CK_ULONG ulCount); - -CK_RV PKCS11_EXPORT C_FindObjectsInit( - CK_SESSION_HANDLE hSession, - const CK_ATTRIBUTE* pTemplate, - CK_ULONG ulCount); - -CK_RV PKCS11_EXPORT C_FindObjects( - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE* phObject, - CK_ULONG ulMaxObjectCount, - CK_ULONG* pulObjectCount); - -CK_RV PKCS11_EXPORT C_FindObjectsFinal( - CK_SESSION_HANDLE hSession); - -CK_RV PKCS11_EXPORT C_EncryptInit( - CK_SESSION_HANDLE hSession, - const CK_MECHANISM* pMechanism, - CK_OBJECT_HANDLE hKey); - -CK_RV PKCS11_EXPORT C_Encrypt( - CK_SESSION_HANDLE hSession, - const CK_BYTE* pData, - CK_ULONG ulDataLen, - CK_BYTE* pEncryptedData, - CK_ULONG* pulEncryptedDataLen); - -CK_RV PKCS11_EXPORT C_EncryptUpdate( - CK_SESSION_HANDLE hSession, - const CK_BYTE* pPart, - CK_ULONG ulPartLen, - CK_BYTE* pEncryptedPart, - CK_ULONG* pulEncryptedPartLen); - -CK_RV PKCS11_EXPORT C_EncryptFinal( - CK_SESSION_HANDLE hSession, - CK_BYTE* pLastEncryptedPart, - CK_ULONG* pulLastEncryptedPartLen); - -CK_RV PKCS11_EXPORT C_DecryptInit( - CK_SESSION_HANDLE hSession, - const CK_MECHANISM* pMechanism, - CK_OBJECT_HANDLE hKey); - -CK_RV PKCS11_EXPORT C_Decrypt( - CK_SESSION_HANDLE hSession, - const CK_BYTE* pEncryptedData, - CK_ULONG ulEncryptedDataLen, - CK_BYTE* pData, - CK_ULONG* pulDataLen); - -CK_RV PKCS11_EXPORT C_DecryptUpdate( - CK_SESSION_HANDLE hSession, - const CK_BYTE* pEncryptedPart, - CK_ULONG ulEncryptedPartLen, - CK_BYTE* pPart, - CK_ULONG* pulPartLen); - -CK_RV PKCS11_EXPORT C_DecryptFinal( - CK_SESSION_HANDLE hSession, - CK_BYTE* pLastPart, - CK_ULONG* pulLastPartLen); - -CK_RV PKCS11_EXPORT C_DigestInit( - CK_SESSION_HANDLE hSession, - const CK_MECHANISM* pMechanism); - -CK_RV PKCS11_EXPORT C_Digest( - CK_SESSION_HANDLE hSession, - const CK_BYTE* pData, - CK_ULONG ulDataLen, - CK_BYTE* pDigest, - CK_ULONG* pulDigestLen); - -CK_RV PKCS11_EXPORT C_DigestUpdate( - CK_SESSION_HANDLE hSession, - const CK_BYTE* pPart, - CK_ULONG ulPartLen); - -CK_RV PKCS11_EXPORT C_DigestFinal( - CK_SESSION_HANDLE hSession, - CK_BYTE* pDigest, - CK_ULONG* pulDigestLen); - -CK_RV PKCS11_EXPORT C_SignInit( - CK_SESSION_HANDLE hSession, - const CK_MECHANISM* pMechanism, - CK_OBJECT_HANDLE hKey); - -CK_RV PKCS11_EXPORT C_Sign( - CK_SESSION_HANDLE hSession, - const CK_BYTE* pData, - CK_ULONG ulDataLen, - CK_BYTE* pSignature, - CK_ULONG* pulSignatureLen); - -CK_RV PKCS11_EXPORT C_SignUpdate( - CK_SESSION_HANDLE hSession, - const CK_BYTE* pPart, - CK_ULONG ulPartLen); - -CK_RV PKCS11_EXPORT C_SignFinal( - CK_SESSION_HANDLE hSession, - CK_BYTE* pSignature, - CK_ULONG* pulSignatureLen); - -CK_RV PKCS11_EXPORT C_VerifyInit( - CK_SESSION_HANDLE hSession, - const CK_MECHANISM* pMechanism, - CK_OBJECT_HANDLE hKey); - -CK_RV PKCS11_EXPORT C_Verify( - CK_SESSION_HANDLE hSession, - const CK_BYTE* pData, - CK_ULONG ulDataLen, - CK_BYTE* pSignature, - CK_ULONG ulSignatureLen); - -CK_RV PKCS11_EXPORT C_VerifyUpdate( - CK_SESSION_HANDLE hSession, - const CK_BYTE* pPart, - CK_ULONG ulPartLen); - -CK_RV PKCS11_EXPORT C_VerifyFinal( - CK_SESSION_HANDLE hSession, - const CK_BYTE* pSignature, - CK_ULONG ulSignatureLen); - -CK_RV PKCS11_EXPORT C_GenerateKey( - CK_SESSION_HANDLE hSession, - const CK_MECHANISM* pMechanism, - const CK_ATTRIBUTE* pTemplate, - CK_ULONG ulCount, - CK_OBJECT_HANDLE* phKey); - -CK_RV PKCS11_EXPORT C_GenerateKeyPair( - CK_SESSION_HANDLE hSession, - const CK_MECHANISM* pMechanism, - const CK_ATTRIBUTE* pPublicKeyTemplate, - CK_ULONG ulPublicKeyAttributeCount, - const CK_ATTRIBUTE* pPrivateKeyTemplate, - CK_ULONG ulPrivateKeyAttributeCount, - CK_OBJECT_HANDLE* phPublicKey, - CK_OBJECT_HANDLE* phPrivateKey); - -CK_RV PKCS11_EXPORT C_DeriveKey( - CK_SESSION_HANDLE hSession, - const CK_MECHANISM* pMechanism, - CK_OBJECT_HANDLE hBaseKey, - const CK_ATTRIBUTE* pTemplate, - CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE* phKey); - -CK_RV PKCS11_EXPORT C_SeedRandom( - CK_SESSION_HANDLE hSession, - const CK_BYTE* pSeed, - CK_ULONG ulSeedLen); - -CK_RV PKCS11_EXPORT C_GenerateRandom( - CK_SESSION_HANDLE hSession, - CK_BYTE* pRandomData, - CK_ULONG ulRandomLen); - -CK_RV PKCS11_EXPORT C_CloseObjectHandle( - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject); - -CK_RV PKCS11_EXPORT C_CopyObject( - CK_SESSION_HANDLE hSession, - CK_OBJECT_HANDLE hObject, - const CK_ATTRIBUTE* pTemplate, - CK_ULONG ulAttributeCount, - CK_OBJECT_HANDLE* phNewObject); - -#ifdef __cplusplus -} -#endif - -#endif /* __PKCS11_H__ */ diff --git a/self-extractors/nvidia/staging/keymaster/s_type.h b/self-extractors/nvidia/staging/keymaster/s_type.h deleted file mode 100644 index ae260cc..0000000 --- a/self-extractors/nvidia/staging/keymaster/s_type.h +++ /dev/null @@ -1,146 +0,0 @@ -/**
- * Copyright(c) 2011 Trusted Logic. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * * Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * * Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- * * Neither the name Trusted Logic nor the names of its
- * contributors may be used to endorse or promote products derived
- * from this software without specific prior written permission.
- *
- * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
- * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
- * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
- * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
- * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
- * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
- * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
- * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- */ - -/** - * Definition of the machine-specific integer types - **/ -#ifndef __S_TYPE_H__ -#define __S_TYPE_H__ - -/* C99 integer types */ -#if (!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L) &&(!defined(ANDROID)) - -#include <limits.h> - -/* Figure out if a 64-bit integer types is available */ -#if \ - defined(_MSC_VER) || \ - defined(__SYMBIAN32__) || \ - defined(_WIN32_WCE) || \ - (defined(ULLONG_MAX) && ULLONG_MAX == 0xFFFFFFFFFFFFFFFFULL) || \ - (defined(ULONG_LONG_MAX) && ULONG_LONG_MAX == 0xFFFFFFFFFFFFFFFFULL) -typedef unsigned long long uint64_t; -typedef long long int64_t; -#else -#define __S_TYPE_INT64_UNDEFINED -#endif - -#if UINT_MAX == 0xFFFFFFFF -typedef unsigned int uint32_t; -typedef int int32_t; -#elif ULONG_MAX == 0xFFFFFFFF -typedef unsigned long uint32_t; -typedef long int32_t; -#else -#error This compiler is not supported. -#endif - -#if USHRT_MAX == 0xFFFF -typedef unsigned short uint16_t; -typedef short int16_t; -#else -#error This compiler is not supported. -#endif - -#if UCHAR_MAX == 0xFF -typedef unsigned char uint8_t; -typedef signed char int8_t; -#else -#error This compiler is not supported. -#endif - -#if !defined(__cplusplus) -typedef unsigned char bool; -#define false ( (bool)0 ) -#define true ( (bool)1 ) -#endif - -#else /* !defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L */ - -#include <stdbool.h> -#include <stdint.h> - -#endif /* !(!defined(__STDC_VERSION__) || __STDC_VERSION__ < 199901L) */ - -#include <stddef.h> - -#ifndef NULL -# ifdef __cplusplus -# define NULL 0 -# else -# define NULL ((void *)0) -# endif -#endif - -#define IN -#define OUT - -/* - * Definition of other common types - */ - -typedef uint32_t S_RESULT; -typedef S_RESULT TEEC_Result; -typedef S_RESULT SM_ERROR; - -typedef uint32_t S_HANDLE; -typedef S_HANDLE SM_HANDLE; -#define S_HANDLE_NULL ((S_HANDLE)0) -#define SM_HANDLE_INVALID S_HANDLE_NULL - -/** Definition of an UUID (from RFC 4122 http://www.ietf.org/rfc/rfc4122.txt) */ -typedef struct S_UUID -{ - uint32_t time_low; - uint16_t time_mid; - uint16_t time_hi_and_version; - uint8_t clock_seq_and_node[8]; -}S_UUID; -typedef S_UUID TEEC_UUID; -typedef S_UUID SM_UUID; - -/* DLL Import/Export directives */ - -#if defined(WIN32) || defined(__ARMCC_VERSION) || defined(__WINSCW__) || defined(_WIN32_WCE) -# define S_DLL_EXPORT __declspec(dllexport) -# define S_DLL_IMPORT __declspec(dllimport) -# define S_NO_RETURN __declspec(noreturn) -#elif defined(__GNUC__) -# define S_DLL_EXPORT __attribute__ ((visibility ("default"))) -# define S_DLL_IMPORT __attribute__ ((visibility ("default"))) -# define S_NO_RETURN __attribute__ ((noreturn)) -#else -# define S_DLL_EXPORT -# define S_DLL_IMPORT -# define S_NO_RETURN -#endif - -#endif /* __S_TYPE_H__ */ - |