blob: 2066a7caae6225ef13e675f9dbfbea65f7e1b8fd
1 | /* |
2 | * Copyright 2014 The Android Open Source Project |
3 | * |
4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
5 | * you may not use this file except in compliance with the License. |
6 | * You may obtain a copy of the License at |
7 | * |
8 | * http://www.apache.org/licenses/LICENSE-2.0 |
9 | * |
10 | * Unless required by applicable law or agreed to in writing, software |
11 | * distributed under the License is distributed on an "AS IS" BASIS, |
12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
13 | * See the License for the specific language governing permissions and |
14 | * limitations under the License. |
15 | */ |
16 | |
17 | #ifndef AML_KEYMASTER_AML_KEYMASTER_DEVICE_H_ |
18 | #define AML_KEYMASTER_AML_KEYMASTER_DEVICE_H_ |
19 | |
20 | #include <hardware/keymaster2.h> |
21 | #include <keymaster/android_keymaster_messages.h> |
22 | |
23 | extern "C" { |
24 | #include <tee_client_api.h> |
25 | } |
26 | |
27 | namespace keymaster { |
28 | |
29 | /** |
30 | * Aml Keymaster device. |
31 | * |
32 | * IMPORTANT MAINTAINER NOTE: Pointers to instances of this class must be castable to hw_device_t |
33 | * and keymaster_device. This means it must remain a standard layout class (no virtual functions and |
34 | * no data members which aren't standard layout), and device_ must be the first data member. |
35 | * Assertions in the constructor validate compliance with those constraints. |
36 | */ |
37 | class AmlKeymasterDevice { |
38 | public: |
39 | /* |
40 | * These are the only symbols that will be exported by libamlkeymaster. All functionality |
41 | * can be reached via the function pointers in device_. |
42 | */ |
43 | __attribute__((visibility("default"))) explicit AmlKeymasterDevice(const hw_module_t* module); |
44 | __attribute__((visibility("default"))) hw_device_t* hw_device(); |
45 | |
46 | ~AmlKeymasterDevice(); |
47 | |
48 | keymaster_error_t session_error() { return error_; } |
49 | |
50 | keymaster_error_t configure(const keymaster_key_param_set_t* params); |
51 | keymaster_error_t add_rng_entropy(const uint8_t* data, size_t data_length); |
52 | keymaster_error_t generate_key(const keymaster_key_param_set_t* params, |
53 | keymaster_key_blob_t* key_blob, |
54 | keymaster_key_characteristics_t* characteristics); |
55 | keymaster_error_t get_key_characteristics(const keymaster_key_blob_t* key_blob, |
56 | const keymaster_blob_t* client_id, |
57 | const keymaster_blob_t* app_data, |
58 | keymaster_key_characteristics_t* character); |
59 | keymaster_error_t import_key(const keymaster_key_param_set_t* params, |
60 | keymaster_key_format_t key_format, |
61 | const keymaster_blob_t* key_data, keymaster_key_blob_t* key_blob, |
62 | keymaster_key_characteristics_t* characteristics); |
63 | keymaster_error_t export_key(keymaster_key_format_t export_format, |
64 | const keymaster_key_blob_t* key_to_export, |
65 | const keymaster_blob_t* client_id, |
66 | const keymaster_blob_t* app_data, keymaster_blob_t* export_data); |
67 | keymaster_error_t attest_key(const keymaster_key_blob_t* key_to_attest, |
68 | const keymaster_key_param_set_t* attest_params, |
69 | keymaster_cert_chain_t* cert_chain); |
70 | keymaster_error_t upgrade_key(const keymaster_key_blob_t* key_to_upgrade, |
71 | const keymaster_key_param_set_t* upgrade_params, |
72 | keymaster_key_blob_t* upgraded_key); |
73 | keymaster_error_t delete_key(const keymaster_key_blob_t* key); |
74 | keymaster_error_t begin(keymaster_purpose_t purpose, const keymaster_key_blob_t* key, |
75 | const keymaster_key_param_set_t* in_params, |
76 | keymaster_key_param_set_t* out_params, |
77 | keymaster_operation_handle_t* operation_handle); |
78 | keymaster_error_t update(keymaster_operation_handle_t operation_handle, |
79 | const keymaster_key_param_set_t* in_params, |
80 | const keymaster_blob_t* input, size_t* input_consumed, |
81 | keymaster_key_param_set_t* out_params, keymaster_blob_t* output); |
82 | keymaster_error_t finish(keymaster_operation_handle_t operation_handle, |
83 | const keymaster_key_param_set_t* in_params, |
84 | const keymaster_blob_t* input, const keymaster_blob_t* signature, |
85 | keymaster_key_param_set_t* out_params, keymaster_blob_t* output); |
86 | keymaster_error_t abort(keymaster_operation_handle_t operation_handle); |
87 | |
88 | keymaster_error_t store_encrypted_key(keymaster_key_blob_t* key_blob); |
89 | keymaster_error_t delete_encrypted_key(const keymaster_key_blob_t* key_blob); |
90 | keymaster_error_t simple_bin2ascii(uint8_t *data, size_t data_length, char *out); |
91 | private: |
92 | keymaster_error_t Send(uint32_t command, const Serializable& request, |
93 | KeymasterResponse* response); |
94 | |
95 | /* |
96 | * These static methods are the functions referenced through the function pointers in |
97 | * keymaster_device. They're all trivial wrappers. |
98 | */ |
99 | static int close_device(hw_device_t* dev); |
100 | static keymaster_error_t configure(const keymaster2_device_t* dev, |
101 | const keymaster_key_param_set_t* params); |
102 | static keymaster_error_t add_rng_entropy(const keymaster2_device_t* dev, const uint8_t* data, |
103 | size_t data_length); |
104 | static keymaster_error_t generate_key(const keymaster2_device_t* dev, |
105 | const keymaster_key_param_set_t* params, |
106 | keymaster_key_blob_t* key_blob, |
107 | keymaster_key_characteristics_t* characteristics); |
108 | static keymaster_error_t get_key_characteristics(const keymaster2_device_t* dev, |
109 | const keymaster_key_blob_t* key_blob, |
110 | const keymaster_blob_t* client_id, |
111 | const keymaster_blob_t* app_data, |
112 | keymaster_key_characteristics_t* character); |
113 | static keymaster_error_t import_key(const keymaster2_device_t* dev, |
114 | const keymaster_key_param_set_t* params, |
115 | keymaster_key_format_t key_format, |
116 | const keymaster_blob_t* key_data, |
117 | keymaster_key_blob_t* key_blob, |
118 | keymaster_key_characteristics_t* characteristics); |
119 | static keymaster_error_t export_key(const keymaster2_device_t* dev, |
120 | keymaster_key_format_t export_format, |
121 | const keymaster_key_blob_t* key_to_export, |
122 | const keymaster_blob_t* client_id, |
123 | const keymaster_blob_t* app_data, |
124 | keymaster_blob_t* export_data); |
125 | static keymaster_error_t attest_key(const keymaster2_device_t* dev, |
126 | const keymaster_key_blob_t* key_to_attest, |
127 | const keymaster_key_param_set_t* attest_params, |
128 | keymaster_cert_chain_t* cert_chain); |
129 | static keymaster_error_t upgrade_key(const keymaster2_device_t* dev, |
130 | const keymaster_key_blob_t* key_to_upgrade, |
131 | const keymaster_key_param_set_t* upgrade_params, |
132 | keymaster_key_blob_t* upgraded_key); |
133 | static keymaster_error_t delete_key(const keymaster2_device_t* dev, |
134 | const keymaster_key_blob_t* key); |
135 | static keymaster_error_t delete_all_keys(const keymaster2_device_t* dev); |
136 | static keymaster_error_t begin(const keymaster2_device_t* dev, keymaster_purpose_t purpose, |
137 | const keymaster_key_blob_t* key, |
138 | const keymaster_key_param_set_t* in_params, |
139 | keymaster_key_param_set_t* out_params, |
140 | keymaster_operation_handle_t* operation_handle); |
141 | static keymaster_error_t update(const keymaster2_device_t* dev, |
142 | keymaster_operation_handle_t operation_handle, |
143 | const keymaster_key_param_set_t* in_params, |
144 | const keymaster_blob_t* input, size_t* input_consumed, |
145 | keymaster_key_param_set_t* out_params, keymaster_blob_t* output); |
146 | static keymaster_error_t finish(const keymaster2_device_t* dev, |
147 | keymaster_operation_handle_t operation_handle, |
148 | const keymaster_key_param_set_t* in_params, |
149 | const keymaster_blob_t* input, const keymaster_blob_t* signature, |
150 | keymaster_key_param_set_t* out_params, keymaster_blob_t* output); |
151 | static keymaster_error_t abort(const keymaster2_device_t* dev, |
152 | keymaster_operation_handle_t operation_handle); |
153 | |
154 | void dump_tags(const char *name, const keymaster_key_param_set_t *params); |
155 | void dump_tag_item_value(const char *name, const keymaster_key_param_t* item); |
156 | |
157 | keymaster2_device_t device_; |
158 | keymaster_error_t error_; |
159 | int32_t message_version_; |
160 | |
161 | TEEC_Context KM_context; |
162 | TEEC_Session KM_session; |
163 | }; |
164 | |
165 | #if ANDROID_PLATFORM_SDK_VERSION == 26 //8.0 |
166 | struct ConfigureRequest : public KeymasterMessage { |
167 | explicit ConfigureRequest(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterMessage(ver) {} |
168 | |
169 | size_t SerializedSize() const override { return sizeof(os_version) + sizeof(os_patchlevel); } |
170 | uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override { |
171 | buf = append_uint32_to_buf(buf, end, os_version); |
172 | return append_uint32_to_buf(buf, end, os_patchlevel); |
173 | } |
174 | bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override { |
175 | return copy_uint32_from_buf(buf_ptr, end, &os_version) && |
176 | copy_uint32_from_buf(buf_ptr, end, &os_patchlevel); |
177 | } |
178 | |
179 | uint32_t os_version; |
180 | uint32_t os_patchlevel; |
181 | }; |
182 | |
183 | struct ConfigureResponse : public KeymasterResponse { |
184 | explicit ConfigureResponse(int32_t ver = MAX_MESSAGE_VERSION) : KeymasterResponse(ver) {} |
185 | |
186 | size_t NonErrorSerializedSize() const override { return 0; } |
187 | uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; } |
188 | bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; } |
189 | }; |
190 | #endif |
191 | |
192 | } // namespace keymaster |
193 | |
194 | #endif // AML_KEYMASTER_AML_KEYMASTER_DEVICE_H_ |
195 |