Trusty test app.
Note that this code is in the wrong place. The right place is still
begin created so I'm putting them here for now. We'll move them when
it's ready.
Change-Id: Iab7384a531fd4a935dbeef0aebf2652eb06f6e03
diff --git a/Android.mk b/Android.mk
new file mode 100644
index 0000000..bb14bf7
--- /dev/null
+++ b/Android.mk
@@ -0,0 +1,50 @@
+#
+# Copyright (c) 2012-2014, NVIDIA CORPORATION. All rights reserved
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files
+# (the "Software"), to deal in the Software without restriction,
+# including without limitation the rights to use, copy, modify, merge,
+# publish, distribute, sublicense, and/or sell copies of the Software,
+# and to permit persons to whom the Software is furnished to do so,
+# subject to the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+# IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+# CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+# TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+# SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#
+
+LOCAL_PATH:= $(call my-dir)
+
+include $(CLEAR_VARS)
+
+LOCAL_MULTILIB := 32
+
+LOCAL_MODULE:= trusty_keymaster
+LOCAL_C_INCLUDES:= $(LOCAL_PATH) \
+ $(TOP)/3rdparty/ote/lib/include \
+ $(TOP)/external/openssl/include
+
+LOCAL_SHARED_LIBRARIES := libstlport
+LOCAL_SRC_FILES:= \
+ serializable.cpp \
+ google_keymaster_messages.cpp \
+ authorization_set.cpp \
+ trusty_keymaster_device.cpp \
+ trusty_keymaster_lib.c
+
+LOCAL_STATIC_LIBRARIES:= \
+ libtlk_client \
+ libtlk_common
+
+include external/libcxx/libcxx.mk
+include external/stlport/libstlport.mk
+
+include $(BUILD_EXECUTABLE)
\ No newline at end of file
diff --git a/authorization_set.cpp b/authorization_set.cpp
index 2111b74..9d26968 100644
--- a/authorization_set.cpp
+++ b/authorization_set.cpp
@@ -32,7 +32,7 @@
const size_t STARTING_ELEMS_CAPACITY = 8;
AuthorizationSet::AuthorizationSet(const AuthorizationSet& set)
- : elems_(NULL), indirect_data_(NULL) {
+ : Serializable(), elems_(NULL), indirect_data_(NULL) {
Reinitialize(set.elems_, set.elems_size_);
}
@@ -362,7 +362,8 @@
// Note that the following validation of elements_count is weak, but it prevents allocation of
// elems_ arrays which are clearly too large to be reasonable.
- if (elements_size > end - *buf_ptr || elements_count * sizeof(uint32_t) > elements_size) {
+ if (static_cast<ptrdiff_t>(elements_size) > end - *buf_ptr ||
+ elements_count * sizeof(uint32_t) > elements_size) {
set_invalid(MALFORMED_DATA);
return false;
}
diff --git a/module.cpp b/module.cpp
new file mode 100644
index 0000000..0c2d178
--- /dev/null
+++ b/module.cpp
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <errno.h>
+#include <string.h>
+
+#include <keymaster/keymaster_openssl.h>
+
+#include <keystore/keystore.h>
+
+#include <hardware/hardware.h>
+#include <hardware/keymaster.h>
+
+/*
+ * Generic device handling
+ */
+static int trusty_keymaster__open(const hw_module_t* module, const char* name,
+ hw_device_t** device) {
+ if (strcmp(name, KEYSTORE_KEYMASTER) != 0)
+ return -EINVAL;
+
+ GoogleKeymasterDevice* dev = new GoogleKeymasterDevice(module);
+ if (dev == NULL)
+ return -ENOMEM;
+ *device = dev->hw_device();
+ // Do not delete dev; it will get cleaned up when the caller calls device->close(), and must
+ // exist until then.
+ return 0;
+}
+
+static struct hw_module_methods_t keystore_module_methods = {
+ .open = trusty_keymaster_open,
+};
+
+struct keystore_module HAL_MODULE_INFO_SYM __attribute__((visibility("default"))) = {
+ .common = {
+ .tag = HARDWARE_MODULE_TAG,
+ .module_api_version = KEYMASTER_MODULE_API_VERSION_0_3,
+ .hal_api_version = HARDWARE_HAL_API_VERSION,
+ .id = KEYSTORE_HARDWARE_MODULE_ID,
+ .name = "Keymaster OpenSSL HAL",
+ .author = "The Android Open Source Project",
+ .methods = &keystore_module_methods,
+ .dso = 0,
+ .reserved = {},
+ },
+};
diff --git a/trusty_keymaster.cpp b/trusty_keymaster.cpp
new file mode 100644
index 0000000..02db6e3
--- /dev/null
+++ b/trusty_keymaster.cpp
@@ -0,0 +1,26 @@
+/*
+ * Copyright 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "trusty_keymaster.h"
+
+namespace keymaster {
+
+uint8_t TrustyKeymaster::master_key_[16] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
+
+} // namespace keymaster
diff --git a/trusty_keymaster.h b/trusty_keymaster.h
new file mode 100644
index 0000000..7a0bf92
--- /dev/null
+++ b/trusty_keymaster.h
@@ -0,0 +1,44 @@
+/*
+ * Copyright 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef EXTERNAL_KEYMASTER_TRUSTY_KEYMASTER_H_
+#define EXTERNAL_KEYMASTER_TRUSTY_KEYMASTER_H_
+
+#include "google_keymaster.h"
+
+namespace keymaster {
+
+class TrustyKeymaster : public GoogleKeymaster {
+ public:
+ bool is_enforced(keymaster_tag_t /* tag */) { return false; }
+ keymaster_key_origin_t origin() { return KM_ORIGIN_SOFTWARE; }
+
+ private:
+ static uint8_t master_key_[];
+
+ uint8_t* MasterKey() { return master_key_; }
+
+ size_t MasterKeyLength() { return 16; }
+
+ void GetNonce(uint8_t* nonce, size_t length) {
+ for (size_t i = 0; i < length; ++i)
+ nonce[i] = 0;
+ }
+};
+
+} // namespace
+
+#endif // EXTERNAL_KEYMASTER_GOOGLE_SOFT_KEYMASTER_H_
diff --git a/trusty_keymaster_device.cpp b/trusty_keymaster_device.cpp
new file mode 100644
index 0000000..1d222fd
--- /dev/null
+++ b/trusty_keymaster_device.cpp
@@ -0,0 +1,227 @@
+/*
+ * Copyright 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <assert.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <time.h>
+#include <stddef.h>
+
+#include <type_traits>
+
+#include "authorization_set.h"
+#include "google_keymaster_messages.h"
+#include "google_keymaster_utils.h"
+#include "trusty_keymaster_device.h"
+
+extern "C" {
+#include "trusty_keymaster_lib.h"
+}
+
+int main(void) {
+ keymaster::TrustyKeymasterDevice device(NULL);
+ keymaster_rsa_keygen_params_t params;
+ params.public_exponent = 3;
+ params.modulus_size = 256;
+ uint8_t* ptr;
+ size_t size;
+ return device.generate_keypair(TYPE_RSA, ¶ms, &ptr, &size);
+}
+
+namespace keymaster {
+
+TrustyKeymasterDevice::TrustyKeymasterDevice(const hw_module_t* module) {
+#if __cplusplus >= 201103L || defined(__GXX_EXPERIMENTAL_CXX0X__)
+ static_assert(std::is_standard_layout<TrustyKeymasterDevice>::value,
+ "KeymasterOpenSsl must be standard layout");
+ static_assert(offsetof(TrustyKeymasterDevice, device_) == 0,
+ "device_ must be the first member of KeymasterOpenSsl");
+ static_assert(offsetof(TrustyKeymasterDevice, device_.common) == 0,
+ "common must be the first member of keymaster_device");
+#else
+ assert(reinterpret_cast<keymaster_device*>(this) == &device_);
+ assert(reinterpret_cast<hw_device_t*>(this) == &(device_.common));
+#endif
+ memset(&device_, 0, sizeof(device_));
+
+ device_.common.tag = HARDWARE_DEVICE_TAG;
+ device_.common.version = 1;
+ device_.common.module = const_cast<hw_module_t*>(module);
+ device_.common.close = close_device;
+
+ device_.flags = KEYMASTER_SOFTWARE_ONLY;
+
+ device_.generate_keypair = generate_keypair;
+ device_.import_keypair = import_keypair;
+ device_.get_keypair_public = get_keypair_public;
+ device_.delete_keypair = NULL;
+ device_.delete_all = NULL;
+ device_.sign_data = sign_data;
+ device_.verify_data = verify_data;
+ device_.get_supported_algorithms = NULL;
+ device_.get_supported_block_modes = NULL;
+ device_.get_supported_padding_modes = NULL;
+ device_.get_supported_digests = NULL;
+ device_.get_supported_import_formats = NULL;
+ device_.get_supported_export_formats = NULL;
+ device_.generate_key = NULL;
+ device_.free_characteristics = NULL;
+
+ device_.context = NULL;
+
+ trusty_init(&trusty_session);
+}
+
+TrustyKeymasterDevice::~TrustyKeymasterDevice() {
+ trusty_deinit(trusty_session);
+}
+
+const uint64_t HUNDRED_YEARS = 1000LL * 60 * 60 * 24 * 365 * 100;
+
+int TrustyKeymasterDevice::generate_keypair(const keymaster_keypair_t key_type,
+ const void* key_params, uint8_t** /* key_blob */,
+ size_t* /* key_blob_length */) {
+ UniquePtr<uint8_t[]> send_buf;
+ uint32_t req_size, rsp_size;
+
+ switch (key_type) {
+ case TYPE_RSA: {
+ GenerateKeyRequest req;
+ AuthorizationSet& auth_set = req.key_description;
+ auth_set.push_back(TAG_PURPOSE, KM_PURPOSE_SIGN);
+ auth_set.push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY);
+ auth_set.push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
+ const keymaster_rsa_keygen_params_t* rsa_params =
+ static_cast<const keymaster_rsa_keygen_params_t*>(key_params);
+ auth_set.push_back(TAG_KEY_SIZE, rsa_params->modulus_size);
+ auth_set.push_back(TAG_RSA_PUBLIC_EXPONENT, rsa_params->public_exponent);
+ auth_set.push_back(TAG_ALL_USERS);
+ auth_set.push_back(TAG_NO_AUTH_REQUIRED);
+ auth_set.push_back(TAG_ORIGINATION_EXPIRE_DATETIME, java_time(time(NULL)) + HUNDRED_YEARS);
+
+ req_size = req.SerializedSize();
+ send_buf.reset(new uint8_t[req_size]);
+ req.Serialize(send_buf.get(), send_buf.get() + req_size);
+ } break;
+ default:
+ return -1;
+ }
+
+ // Send it somehow!
+ uint8_t recv_buf[8192];
+ rsp_size = 8192;
+ trusty_call(trusty_session, GENERATE_KEY, send_buf.get(), req_size, recv_buf, &rsp_size);
+
+ printf("AAAA %d AAAA \n", rsp_size);
+ printf("BEGIN\n");
+ for (unsigned int i = 0; i < rsp_size; i++) {
+ printf("%d,", recv_buf[i]);
+ }
+ printf("END\n");
+
+ return -1;
+}
+
+int TrustyKeymasterDevice::import_keypair(const uint8_t* /* key */, const size_t /* key_length */,
+ uint8_t** /* key_blob */, size_t* /* key_blob_length */) {
+ return -1;
+}
+
+int TrustyKeymasterDevice::get_keypair_public(const uint8_t* /* key_blob */,
+ const size_t /* key_blob_length */,
+ uint8_t** /* x509_data */,
+ size_t* /* x509_data_length */) {
+ return -1;
+}
+
+int TrustyKeymasterDevice::sign_data(const void* /* signing_params */,
+ const uint8_t* /* key_blob */,
+ const size_t /* key_blob_length */, const uint8_t* /* data */,
+ const size_t /* data_length */, uint8_t** /* signed_data */,
+ size_t* /* signed_data_length */) {
+ return -1;
+}
+
+int TrustyKeymasterDevice::verify_data(const void* /* signing_params */,
+ const uint8_t* /* key_blob */,
+ const size_t /* key_blob_length */,
+ const uint8_t* /* signed_data */,
+ const size_t /* signed_data_length */,
+ const uint8_t* /* signature */,
+ const size_t /* signature_length */) {
+ return -1;
+}
+
+keymaster_device* TrustyKeymasterDevice::device() {
+ return &device_;
+}
+
+hw_device_t* TrustyKeymasterDevice::hw_device() {
+ return &device_.common;
+}
+
+static inline TrustyKeymasterDevice* convert_device(const keymaster_device* dev) {
+ return reinterpret_cast<TrustyKeymasterDevice*>(const_cast<keymaster_device*>(dev));
+}
+
+/* static */
+int TrustyKeymasterDevice::close_device(hw_device_t* dev) {
+ delete reinterpret_cast<TrustyKeymasterDevice*>(dev);
+ return 0;
+}
+
+/* static */
+int TrustyKeymasterDevice::generate_keypair(const keymaster_device_t* dev,
+ const keymaster_keypair_t key_type,
+ const void* key_params, uint8_t** keyBlob,
+ size_t* keyBlobLength) {
+ return convert_device(dev)->generate_keypair(key_type, key_params, keyBlob, keyBlobLength);
+}
+
+/* static */
+int TrustyKeymasterDevice::import_keypair(const keymaster_device_t* dev, const uint8_t* key,
+ const size_t key_length, uint8_t** key_blob,
+ size_t* key_blob_length) {
+ return convert_device(dev)->import_keypair(key, key_length, key_blob, key_blob_length);
+}
+
+/* static */
+int TrustyKeymasterDevice::get_keypair_public(const struct keymaster_device* dev,
+ const uint8_t* key_blob, const size_t key_blob_length,
+ uint8_t** x509_data, size_t* x509_data_length) {
+ return convert_device(dev)
+ ->get_keypair_public(key_blob, key_blob_length, x509_data, x509_data_length);
+}
+
+/* static */
+int TrustyKeymasterDevice::sign_data(const keymaster_device_t* dev, const void* params,
+ const uint8_t* keyBlob, const size_t keyBlobLength,
+ const uint8_t* data, const size_t dataLength,
+ uint8_t** signedData, size_t* signedDataLength) {
+ return convert_device(dev)
+ ->sign_data(params, keyBlob, keyBlobLength, data, dataLength, signedData, signedDataLength);
+}
+
+/* static */
+int TrustyKeymasterDevice::verify_data(const keymaster_device_t* dev, const void* params,
+ const uint8_t* keyBlob, const size_t keyBlobLength,
+ const uint8_t* signedData, const size_t signedDataLength,
+ const uint8_t* signature, const size_t signatureLength) {
+ return convert_device(dev)->verify_data(params, keyBlob, keyBlobLength, signedData,
+ signedDataLength, signature, signatureLength);
+}
+
+} // namespace keymaster
diff --git a/trusty_keymaster_device.h b/trusty_keymaster_device.h
new file mode 100644
index 0000000..4a5144b
--- /dev/null
+++ b/trusty_keymaster_device.h
@@ -0,0 +1,159 @@
+/*
+ * Copyright 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef EXTERNAL_KEYMASTER_TRUSTY_KEYMASTER_DEVICE_H_
+#define EXTERNAL_KEYMASTER_TRUSTY_KEYMASTER_DEVICE_H_
+
+#include <hardware/keymaster.h>
+
+namespace keymaster {
+
+/**
+ * Software OpenSSL-based Keymaster device.
+ *
+ * IMPORTANT MAINTAINER NOTE: Pointers to instances of this class must be castable to
+ * keymaster_device and hw_device_t. This means it must remain a standard layout class (no virtual
+ * functions and no data members which aren't standard layout), and device_ must be the first data
+ * member. Assertions in the constructor validate compliance with those constraints.
+ */
+class TrustyKeymasterDevice {
+ public:
+ /*
+ * These are the only symbols that will be exported by libtrustykeymaster. All functionality
+ * can be reached via the function pointers in keymaster_device.
+ */
+ __attribute__((visibility("default"))) TrustyKeymasterDevice(const hw_module_t* module);
+
+ __attribute__((visibility("default"))) keymaster_device* device();
+ __attribute__((visibility("default"))) hw_device_t* hw_device();
+
+ ~TrustyKeymasterDevice();
+
+ int generate_keypair(const keymaster_keypair_t key_type, const void* key_params,
+ uint8_t** key_blob, size_t* key_blob_length);
+ int import_keypair(const uint8_t* key, const size_t key_length, uint8_t** key_blob,
+ size_t* key_blob_length);
+ int get_keypair_public(const uint8_t* key_blob, const size_t key_blob_length,
+ uint8_t** x509_data, size_t* x509_data_length);
+ int sign_data(const void* signing_params, const uint8_t* key_blob, const size_t key_blob_length,
+ const uint8_t* data, const size_t data_length, uint8_t** signed_data,
+ size_t* signed_data_length);
+ int verify_data(const void* signing_params, const uint8_t* key_blob,
+ const size_t key_blob_length, const uint8_t* signed_data,
+ const size_t signed_data_length, const uint8_t* signature,
+ const size_t signature_length);
+
+ private:
+ /*
+ * These static methods are the functions referenced through the function pointers in
+ * keymaster_device. They're all trivial wrappers.
+ */
+
+ // v0.1 through v0.3 entry points
+ static int close_device(hw_device_t* dev);
+ static int generate_keypair(const keymaster_device_t* dev, const keymaster_keypair_t key_type,
+ const void* key_params, uint8_t** keyBlob, size_t* keyBlobLength);
+ static int import_keypair(const struct keymaster_device* dev, const uint8_t* key,
+ const size_t key_length, uint8_t** key_blob, size_t* key_blob_length);
+ static int get_keypair_public(const struct keymaster_device* dev, const uint8_t* key_blob,
+ const size_t key_blob_length, uint8_t** x509_data,
+ size_t* x509_data_length);
+ static int sign_data(const struct keymaster_device* dev, const void* signing_params,
+ const uint8_t* key_blob, const size_t key_blob_length, const uint8_t* data,
+ const size_t data_length, uint8_t** signed_data,
+ size_t* signed_data_length);
+ static int verify_data(const struct keymaster_device* dev, const void* signing_params,
+ const uint8_t* key_blob, const size_t key_blob_length,
+ const uint8_t* signed_data, const size_t signed_data_length,
+ const uint8_t* signature, const size_t signature_length);
+
+ // v0.4 entry points
+ static keymaster_error_t (*get_supported_algorithms)(const struct keymaster_device* dev,
+ keymaster_algorithm_t* algorithms,
+ size_t* algorithms_length);
+ static keymaster_error_t (*get_supported_block_modes)(const struct keymaster_device* dev,
+ keymaster_algorithm_t algorithm,
+ keymaster_block_mode_t* modes,
+ size_t* modes_length);
+ static keymaster_error_t (*get_supported_padding_modes)(const struct keymaster_device* dev,
+ keymaster_algorithm_t algorithm,
+ keymaster_padding_t* modes,
+ size_t* modes_length);
+ static keymaster_error_t (*get_supported_digests)(const struct keymaster_device* dev,
+ keymaster_algorithm_t algorithm,
+ keymaster_digest_t* digests,
+ size_t* digests_length);
+ static keymaster_error_t (*get_supported_import_formats)(const struct keymaster_device* dev,
+ keymaster_algorithm_t algorithm,
+ keymaster_key_format_t* formats,
+ size_t* formats_length);
+ static keymaster_error_t (*get_supported_export_formats)(const struct keymaster_device* dev,
+ keymaster_algorithm_t algorithm,
+ keymaster_key_format_t* formats,
+ size_t* formats_length);
+ static keymaster_error_t (*add_rng_entropy)(uint8_t* data, size_t data_length);
+ static keymaster_error_t (*generate_key)(const struct keymaster_device* dev,
+ const keymaster_key_param_t* params,
+ size_t params_count, keymaster_key_blob_t* key_blob,
+ keymaster_key_characteristics_t** characteristics);
+ static void (*get_key_characteristics)(const struct keymaster_device* dev,
+ const keymaster_key_blob_t* key_blob,
+ const keymaster_blob_t* client_id,
+ const keymaster_blob_t* app_data,
+ keymaster_key_characteristics_t** characteristics);
+ static void (*free_characteristics)(const struct keymaster_device* dev,
+ const keymaster_key_characteristics_t* p);
+ static void (*rescope)(const struct keymaster_device* dev,
+ const keymaster_key_param_t* new_params, size_t new_params_count,
+ keymaster_key_blob_t* key_blob,
+ keymaster_key_characteristics_t** characteristics);
+ static keymaster_error_t (*import_key)(const struct keymaster_device* dev,
+ const keymaster_key_param_t* params, size_t params_count,
+ keymaster_key_format_t key_format,
+ const uint8_t* key_data, size_t key_data_length,
+ keymaster_key_blob_t* key_blob,
+ keymaster_key_characteristics_t** characteristics);
+ static keymaster_error_t (*export_key)(const struct keymaster_device* dev,
+ keymaster_key_format_t export_format,
+ const keymaster_key_blob_t* key_to_export,
+ uint8_t** export_data, size_t* export_data_length);
+ static keymaster_error_t (*delete_key)(const struct keymaster_device* dev,
+ const keymaster_key_blob_t* key);
+ static int (*delete_all_keys)(const struct keymaster_device* dev);
+ static keymaster_error_t (*begin)(const struct keymaster_device* dev,
+ keymaster_purpose_t purpose, const keymaster_key_blob_t* key,
+ const keymaster_key_param_t* params, size_t params_count,
+ keymaster_operation_handle_t* operation_handle);
+ static keymaster_error_t (*update)(const struct keymaster_device* dev,
+ keymaster_operation_handle_t operation_handle,
+ const uint8_t* input, size_t input_length,
+ size_t* input_consumed, uint8_t** output,
+ size_t* output_length, size_t* output_written);
+ static keymaster_error_t (*finish)(const struct keymaster_device* dev,
+ keymaster_operation_handle_t operation_handle,
+ const uint8_t* signature, size_t signature_length,
+ uint8_t** output, size_t* output_length,
+ size_t* output_written);
+ static keymaster_error_t (*abort)(const struct keymaster_device* dev,
+ keymaster_operation_handle_t operation_handle);
+
+ keymaster_device device_;
+ void* trusty_session;
+};
+
+} // namespace keymaster
+
+#endif // EXTERNAL_KEYMASTER_TRUSTY_KEYMASTER_DEVICE_H_
diff --git a/trusty_keymaster_device_test.cpp b/trusty_keymaster_device_test.cpp
new file mode 100644
index 0000000..cbd34a1
--- /dev/null
+++ b/trusty_keymaster_device_test.cpp
@@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <algorithm>
+
+#include <UniquePtr.h>
+#include <gtest/gtest.h>
+#include <openssl/engine.h>
+
+#define KEYMASTER_NAME_TAGS
+#include "keymaster_tags.h"
+#include "google_keymaster_utils.h"
+#include "trusty_keymaster.h"
+
+int main(int argc, char** argv) {
+ ::testing::InitGoogleTest(&argc, argv);
+ int result = RUN_ALL_TESTS();
+ // Clean up stuff OpenSSL and protobuf leave around, so Valgrind doesn't complain.
+ return result;
+}
+
+namespace keymaster {
+namespace test {
+
+TEST(Test, Foo) {
+}
+
+} // namespace test
+} // namespace keymaster
diff --git a/trusty_keymaster_lib.c b/trusty_keymaster_lib.c
new file mode 100644
index 0000000..60a51d2
--- /dev/null
+++ b/trusty_keymaster_lib.c
@@ -0,0 +1,69 @@
+/*
+ * Copyright 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "common/ote_nv_uuid.h"
+#include "common/ote_command.h"
+#include "client/ote_client.h"
+
+#include "trusty_keymaster_lib.h"
+
+te_error_t trusty_init(void** opaque_session) {
+ te_operation_t operation;
+ te_service_id_t uuid = SERVICE_KEYMASTER_UUID;
+ te_session_t* session;
+ int err;
+
+ session = malloc(sizeof(te_session_t));
+ if (session == NULL)
+ return OTE_ERROR_OUT_OF_MEMORY;
+
+ te_init_operation(&operation);
+ err = te_open_session(session, &uuid, &operation);
+ if (err != OTE_SUCCESS)
+ return err;
+
+ *opaque_session = session;
+ return OTE_SUCCESS;
+}
+
+void trusty_deinit(void* opaque_session) {
+ if (opaque_session == NULL)
+ return;
+ te_close_session(opaque_session);
+ free(opaque_session);
+}
+
+te_error_t trusty_call(void* session, uint32_t cmd, void* in_buf, uint32_t in_size, void* out_buf,
+ uint32_t* out_size) {
+ te_operation_t operation;
+ int err;
+
+ te_init_operation(&operation);
+
+ te_oper_set_param_mem_ro(&operation, 0, in_buf, in_size);
+ te_oper_set_param_mem_rw(&operation, 1, out_buf, *out_size);
+ te_oper_set_command(&operation, cmd);
+ err = te_launch_operation(session, &operation);
+ if (err != OTE_SUCCESS) {
+ printf("ERROR: te_launch_operation failed.\n");
+ return err;
+ }
+
+ te_oper_get_param_mem(&operation, 1, out_buf, out_size);
+ return OTE_SUCCESS;
+}
diff --git a/trusty_keymaster_lib.h b/trusty_keymaster_lib.h
new file mode 100644
index 0000000..1cfde6f
--- /dev/null
+++ b/trusty_keymaster_lib.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "common/ote_error.h"
+
+/** Service Identifier for keymaster TA */
+/* {5f902ace-5e5c-4cd8-ae54-87b88c22ddaf} */
+#define SERVICE_KEYMASTER_UUID \
+ { \
+ 0x5f902ace, 0x5e5c, 0x4cd8, { 0xae, 0x54, 0x87, 0xb8, 0x8c, 0x22, 0xdd, 0xaf } \
+ }
+
+// Initializes trusty session. Returns an opaque session which is used by
+// clients to make trusty_call.
+te_error_t trusty_init(void** opaque_session);
+
+// Deinitializes trusty session.
+void trusty_deinit(void* opaque_session);
+
+// Makes a trusty call to send a cmd on session, with an input buffer, input
+// buffer size, an output buffer and output buffer size.
+// Returns data in output buffer and set out_size to actual data size.
+// Note: output buffer must be large enough to hold data.
+te_error_t trusty_call(void* session, uint32_t cmd, void* in_buf, uint32_t in_size, void* out_buf,
+ uint32_t* out_size);
\ No newline at end of file