Delegate RSA keys to keymaster0 in SoftKeymasterDevice.

Bug: 20912868 Change-Id: I515a125f1247357d2cd9b4633c3b223590848093
author: Shawn Willden <swillden@google.com> 2015-05-20 16:36:24 -0600
committer: Shawn Willden <swillden@google.com> 2015-05-28 07:28:51 -0600
commit: 2beb628bfefae72fa6bb84a6235da7e3de532823 (patch)
tree: 53fdd19f54afc714b37505cbea0dc31e1ecadda9 /include
parent: de7e66c3692073eb967f01cc8281441709701e2d (diff)
download: keymaster-2beb628bfefae72fa6bb84a6235da7e3de532823.tar.gz
6 files changed, 59 insertions, 4 deletions
diff --git a/include/keymaster/android_keymaster.h b/include/keymaster/android_keymaster.h
index c7a3f41..db74b97 100644
--- a/include/keymaster/android_keymaster.h
+++ b/include/keymaster/android_keymaster.h
@@ -67,6 +67,8 @@ class AndroidKeymaster {
                                GetKeyCharacteristicsResponse* response);
     void ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response);
     void ExportKey(const ExportKeyRequest& request, ExportKeyResponse* response);
+    keymaster_error_t DeleteKey(const DeleteKeyRequest& request);
+    keymaster_error_t DeleteAllKeys();
     void BeginOperation(const BeginOperationRequest& request, BeginOperationResponse* response);
     void UpdateOperation(const UpdateOperationRequest& request, UpdateOperationResponse* response);
     void FinishOperation(const FinishOperationRequest& request, FinishOperationResponse* response);
diff --git a/include/keymaster/android_keymaster_messages.h b/include/keymaster/android_keymaster_messages.h
index 3e1059f..d7703b4 100644
--- a/include/keymaster/android_keymaster_messages.h
+++ b/include/keymaster/android_keymaster_messages.h
@@ -378,6 +378,25 @@ struct ExportKeyResponse : public KeymasterResponse {
     size_t key_data_length;
 };
 
+struct DeleteKeyRequest : public KeymasterMessage {
+    DeleteKeyRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {
+        key_blob.key_material = nullptr;
+        key_blob.key_material_size = 0;
+    }
+    ~DeleteKeyRequest() { delete[] key_blob.key_material; }
+
+    void SetKeyMaterial(const void* key_material, size_t length);
+    void SetKeyMaterial(const keymaster_key_blob_t& blob) {
+        SetKeyMaterial(blob.key_material, blob.key_material_size);
+    }
+
+    size_t SerializedSize() const;
+    uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const;
+    bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end);
+
+    keymaster_key_blob_t key_blob;
+};
+
 struct GetVersionRequest : public KeymasterMessage {
     GetVersionRequest() : KeymasterMessage(0 /* not versionable */) {}
 
diff --git a/include/keymaster/android_keymaster_utils.h b/include/keymaster/android_keymaster_utils.h
index c636f5c..16140a6 100644
--- a/include/keymaster/android_keymaster_utils.h
+++ b/include/keymaster/android_keymaster_utils.h
@@ -237,6 +237,12 @@ struct KeymasterKeyBlob : public keymaster_key_blob_t {
         key_material_size = blob.key_material_size;
     }
 
+    void operator=(const KeymasterKeyBlob& blob) {
+        Clear();
+        key_material = dup_buffer(blob.key_material, blob.key_material_size);
+        key_material_size = blob.key_material_size;
+    }
+
     ~KeymasterKeyBlob() { Clear(); }
 
     const uint8_t* begin() const { return key_material; }
diff --git a/include/keymaster/keymaster_context.h b/include/keymaster/keymaster_context.h
index 68410f8..0b9b62b 100644
--- a/include/keymaster/keymaster_context.h
+++ b/include/keymaster/keymaster_context.h
@@ -56,7 +56,7 @@ namespace keymaster {
 class KeymasterContext {
   public:
     KeymasterContext() {}
-    virtual ~KeymasterContext() {};
+    virtual ~KeymasterContext(){};
 
     /**
      * CreateKeyBlob takes authorization sets and key material and produces a key blob and hardware
@@ -86,6 +86,19 @@ class KeymasterContext {
                                            AuthorizationSet* sw_enforced) const = 0;
 
     /**
+     * Take whatever environment-specific action is appropriate (if any) to delete the specified
+     * key.
+     */
+    virtual keymaster_error_t DeleteKey(const KeymasterKeyBlob& /* blob */) const {
+        return KM_ERROR_OK;
+    }
+
+    /**
+     * Take whatever environment-specific action is appropriate to delete all keys.
+     */
+    virtual keymaster_error_t DeleteAllKeys() const { return KM_ERROR_OK; }
+
+    /**
      * Adds entropy to the Cryptographic Pseudo Random Number Generator used to generate key
      * material, and other cryptographic protocol elements.  Note that if the underlying CPRNG
      * tracks the size of its entropy pool, it should not assume that the provided data contributes
diff --git a/include/keymaster/soft_keymaster_context.h b/include/keymaster/soft_keymaster_context.h
index 1dba59d..33afe3d 100644
--- a/include/keymaster/soft_keymaster_context.h
+++ b/include/keymaster/soft_keymaster_context.h
@@ -19,23 +19,26 @@
 
 #include <memory>
 
+#include <hardware/keymaster0.h>
 #include <keymaster/keymaster_context.h>
 
 namespace keymaster {
 
 class SoftKeymasterKeyRegistrations;
+class Keymaster0Engine;
 
 /**
  * SoftKeymasterContext provides the context for a non-secure implementation of AndroidKeymaster.
  */
 class SoftKeymasterContext : public KeymasterContext {
   public:
-    SoftKeymasterContext();
+    SoftKeymasterContext(keymaster0_device_t* keymaster0_device);
 
     keymaster_error_t CreateKeyBlob(const AuthorizationSet& auths, keymaster_key_origin_t origin,
                                     const KeymasterKeyBlob& key_material, KeymasterKeyBlob* blob,
                                     AuthorizationSet* hw_enforced,
                                     AuthorizationSet* sw_enforced) const override;
+
     keymaster_error_t ParseKeyBlob(const KeymasterKeyBlob& blob,
                                    const AuthorizationSet& additional_params,
                                    KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced,
@@ -44,6 +47,7 @@ class SoftKeymasterContext : public KeymasterContext {
     keymaster_error_t GenerateRandom(uint8_t* buf, size_t length) const override;
 
   private:
+    std::unique_ptr<Keymaster0Engine> engine_;
     std::unique_ptr<SoftKeymasterKeyRegistrations> registrations_;
 };
 
diff --git a/include/keymaster/soft_keymaster_device.h b/include/keymaster/soft_keymaster_device.h
index 44e64e9..9a710eb 100644
--- a/include/keymaster/soft_keymaster_device.h
+++ b/include/keymaster/soft_keymaster_device.h
@@ -19,9 +19,11 @@
 
 #include <stdlib.h>
 
+#include <hardware/keymaster0.h>
 #include <hardware/keymaster1.h>
 
 #include <keymaster/android_keymaster.h>
+#include <keymaster/keymaster_context.h>
 #include <keymaster/logger.h>
 
 #include <UniquePtr.h>
@@ -31,7 +33,10 @@ namespace keymaster {
 class AuthorizationSet;
 
 /**
- * Software OpenSSL-based Keymaster implementation.
+ * Keymaster1 device implementation.
+ *
+ * This is a hybrid software/hardware implementation which wraps a keymaster0_device_t, forwarding
+ * RSA operations to secure hardware and doing everything else in software.
  *
  * IMPORTANT MAINTAINER NOTE: Pointers to instances of this class must be castable to hw_device_t
  * and keymaster_device. This means it must remain a standard layout class (no virtual functions and
@@ -40,7 +45,7 @@ class AuthorizationSet;
  */
 class SoftKeymasterDevice {
   public:
-    SoftKeymasterDevice();
+    SoftKeymasterDevice(keymaster0_device_t* keymaster0_device = nullptr);
 
     hw_device_t* hw_device();
     keymaster1_device_t* keymaster_device();
@@ -74,6 +79,9 @@ class SoftKeymasterDevice {
     static int get_keypair_public(const keymaster1_device_t* dev, const uint8_t* key_blob,
                                   const size_t key_blob_length, uint8_t** x509_data,
                                   size_t* x509_data_length);
+    static int delete_keypair(const struct keymaster1_device* dev, const uint8_t* key_blob,
+                              const size_t key_blob_length);
+    static int delete_all(const struct keymaster1_device* dev);
     static int sign_data(const keymaster1_device_t* dev, const void* signing_params,
                          const uint8_t* key_blob, const size_t key_blob_length, const uint8_t* data,
                          const size_t data_length, uint8_t** signed_data,
@@ -130,6 +138,9 @@ class SoftKeymasterDevice {
     export_key(const keymaster1_device_t* dev, keymaster_key_format_t export_format,
                const keymaster_key_blob_t* key_to_export, const keymaster_blob_t* client_id,
                const keymaster_blob_t* app_data, uint8_t** export_data, size_t* export_data_length);
+    static keymaster_error_t delete_key(const struct keymaster1_device* dev,
+                                        const keymaster_key_blob_t* key);
+    static keymaster_error_t delete_all_keys(const struct keymaster1_device* dev);
     static keymaster_error_t begin(const keymaster1_device_t* dev, keymaster_purpose_t purpose,
                                    const keymaster_key_blob_t* key,
                                    const keymaster_key_param_t* params, size_t params_count,
author	Shawn Willden <swillden@google.com>	2015-05-20 16:36:24 -0600
committer	Shawn Willden <swillden@google.com>	2015-05-28 07:28:51 -0600
commit	2beb628bfefae72fa6bb84a6235da7e3de532823 (patch)
tree	53fdd19f54afc714b37505cbea0dc31e1ecadda9 /include
parent	de7e66c3692073eb967f01cc8281441709701e2d (diff)
download	keymaster-2beb628bfefae72fa6bb84a6235da7e3de532823.tar.gz