1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
|
/*
* Copyright 2015 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef SYSTEM_KEYMASTER_SOFT_KEYMASTER_DEVICE_H_
#define SYSTEM_KEYMASTER_SOFT_KEYMASTER_DEVICE_H_
#include <stdlib.h>
#include <hardware/keymaster0.h>
#include <hardware/keymaster1.h>
#include <keymaster/android_keymaster.h>
#include <keymaster/keymaster_context.h>
#include <keymaster/logger.h>
#include <UniquePtr.h>
namespace keymaster {
class AuthorizationSet;
/**
* Keymaster1 device implementation.
*
* This is a hybrid software/hardware implementation which wraps a keymaster0_device_t, forwarding
* RSA operations to secure hardware and doing everything else in software.
*
* IMPORTANT MAINTAINER NOTE: Pointers to instances of this class must be castable to hw_device_t
* and keymaster_device. This means it must remain a standard layout class (no virtual functions and
* no data members which aren't standard layout), and device_ must be the first data member.
* Assertions in the constructor validate compliance with those constraints.
*/
class SoftKeymasterDevice {
public:
/**
* Create a SoftKeymasterDevice wrapping the specified HW keymaster0 device, which may be NULL.
*
* Uses SoftKeymaserContext.
*/
SoftKeymasterDevice(keymaster0_device_t* keymaster0_device = nullptr);
/**
* Create a SoftKeymasterDevice that uses the specified KeymasterContext.
*
* TODO(swillden): Refactor SoftKeymasterDevice construction to make all components injectable.
*/
SoftKeymasterDevice(KeymasterContext* context);
hw_device_t* hw_device();
keymaster1_device_t* keymaster_device();
// Public only for testing
void GetVersion(const GetVersionRequest& req, GetVersionResponse* rsp) {
impl_->GetVersion(req, rsp);
}
private:
void initialize(keymaster0_device_t* keymaster0_device);
static void StoreDefaultNewKeyParams(AuthorizationSet* auth_set);
static keymaster_error_t GetPkcs8KeyAlgorithm(const uint8_t* key, size_t key_length,
keymaster_algorithm_t* algorithm);
static int close_device(hw_device_t* dev);
/*
* These static methods are the functions referenced through the function pointers in
* keymaster_device.
*/
// keymaster0 APIs
static int generate_keypair(const keymaster1_device_t* dev, const keymaster_keypair_t key_type,
const void* key_params, uint8_t** keyBlob, size_t* keyBlobLength);
static int import_keypair(const struct keymaster1_device* dev, const uint8_t* key,
const size_t key_length, uint8_t** key_blob, size_t* key_blob_length);
static int get_keypair_public(const keymaster1_device_t* dev, const uint8_t* key_blob,
const size_t key_blob_length, uint8_t** x509_data,
size_t* x509_data_length);
static int delete_keypair(const struct keymaster1_device* dev, const uint8_t* key_blob,
const size_t key_blob_length);
static int delete_all(const struct keymaster1_device* dev);
static int sign_data(const keymaster1_device_t* dev, const void* signing_params,
const uint8_t* key_blob, const size_t key_blob_length, const uint8_t* data,
const size_t data_length, uint8_t** signed_data,
size_t* signed_data_length);
static int verify_data(const keymaster1_device_t* dev, const void* signing_params,
const uint8_t* key_blob, const size_t key_blob_length,
const uint8_t* signed_data, const size_t signed_data_length,
const uint8_t* signature, const size_t signature_length);
// keymaster1 APIs.
static keymaster_error_t get_supported_algorithms(const keymaster1_device_t* dev,
keymaster_algorithm_t** algorithms,
size_t* algorithms_length);
static keymaster_error_t get_supported_block_modes(const keymaster1_device_t* dev,
keymaster_algorithm_t algorithm,
keymaster_purpose_t purpose,
keymaster_block_mode_t** modes,
size_t* modes_length);
static keymaster_error_t get_supported_padding_modes(const keymaster1_device_t* dev,
keymaster_algorithm_t algorithm,
keymaster_purpose_t purpose,
keymaster_padding_t** modes,
size_t* modes_length);
static keymaster_error_t get_supported_digests(const keymaster1_device_t* dev,
keymaster_algorithm_t algorithm,
keymaster_purpose_t purpose,
keymaster_digest_t** digests,
size_t* digests_length);
static keymaster_error_t get_supported_import_formats(const keymaster1_device_t* dev,
keymaster_algorithm_t algorithm,
keymaster_key_format_t** formats,
size_t* formats_length);
static keymaster_error_t get_supported_export_formats(const keymaster1_device_t* dev,
keymaster_algorithm_t algorithm,
keymaster_key_format_t** formats,
size_t* formats_length);
static keymaster_error_t add_rng_entropy(const keymaster1_device_t* dev, const uint8_t* data,
size_t data_length);
static keymaster_error_t generate_key(const keymaster1_device_t* dev,
const keymaster_key_param_set_t* params,
keymaster_key_blob_t* key_blob,
keymaster_key_characteristics_t** characteristics);
static keymaster_error_t get_key_characteristics(const keymaster1_device_t* dev,
const keymaster_key_blob_t* key_blob,
const keymaster_blob_t* client_id,
const keymaster_blob_t* app_data,
keymaster_key_characteristics_t** character);
static keymaster_error_t import_key(const keymaster1_device_t* dev, //
const keymaster_key_param_set_t* params,
keymaster_key_format_t key_format,
const keymaster_blob_t* key_data,
keymaster_key_blob_t* key_blob,
keymaster_key_characteristics_t** characteristics);
static keymaster_error_t export_key(const keymaster1_device_t* dev, //
keymaster_key_format_t export_format,
const keymaster_key_blob_t* key_to_export,
const keymaster_blob_t* client_id,
const keymaster_blob_t* app_data,
keymaster_blob_t* export_data);
static keymaster_error_t delete_key(const struct keymaster1_device* dev,
const keymaster_key_blob_t* key);
static keymaster_error_t delete_all_keys(const struct keymaster1_device* dev);
static keymaster_error_t begin(const keymaster1_device_t* dev, keymaster_purpose_t purpose,
const keymaster_key_blob_t* key,
const keymaster_key_param_set_t* in_params,
keymaster_key_param_set_t* out_params,
keymaster_operation_handle_t* operation_handle);
static keymaster_error_t update(const keymaster1_device_t* dev,
keymaster_operation_handle_t operation_handle,
const keymaster_key_param_set_t* in_params,
const keymaster_blob_t* input, size_t* input_consumed,
keymaster_key_param_set_t* out_params,
keymaster_blob_t* output);
static keymaster_error_t
finish(const keymaster1_device_t* dev, keymaster_operation_handle_t operation_handle,
const keymaster_key_param_set_t* in_params, const keymaster_blob_t* signature,
keymaster_key_param_set_t* out_params, keymaster_blob_t* output);
static keymaster_error_t abort(const keymaster1_device_t* dev,
keymaster_operation_handle_t operation_handle);
keymaster1_device_t device_;
UniquePtr<AndroidKeymaster> impl_;
};
} // namespace keymaster
#endif // EXTERNAL_KEYMASTER_TRUSTY_KEYMASTER_DEVICE_H_
|
