Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / system / keymaster / 2079ae8a94f7f19e89d94c842a4f4055bb21c39a / . / soft_keymaster_device.cpp
blob: d2b947057bfb1d8b3acc860ca54eefc0ee8e270d [file] [log] [blame]
Shawn Willden2079ae82015-01-22 13:42:31 -0700[diff] [blame^]1/*
2 * Copyright 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "soft_keymaster_device.h"
18
19#include <assert.h>
20#include <stdio.h>
21#include <stdlib.h>
22#include <string.h>
23#include <time.h>
24#include <stddef.h>
25
26#include <algorithm>
27
28#include <type_traits>
29
30#include <hardware/keymaster.h>
31#define LOG_TAG "SoftKeymasterDevice"
32#include <cutils/log.h>
33
34#include <keymaster/authorization_set.h>
35#include <keymaster/google_keymaster_messages.h>
36#include <keymaster/key_blob.h>
37
38#include "google_softkeymaster.h"
39#include "soft_keymaster_logger.h"
40
41const uint32_t SEND_BUF_SIZE = 8192;
42const uint32_t RECV_BUF_SIZE = 8192;
43
44struct keystore_module soft_keymaster_device_module = {
45 .common =
46 {
47 .tag = HARDWARE_MODULE_TAG,
48 .module_api_version = KEYMASTER_MODULE_API_VERSION_0_4,
49 .hal_api_version = HARDWARE_HAL_API_VERSION,
50 .id = KEYSTORE_HARDWARE_MODULE_ID,
51 .name = "Keymaster OpenSSL HAL",
52 .author = "The Android Open Source Project",
53 .methods = NULL,
54 .dso = 0,
55 .reserved = {},
56 },
57};
58
59namespace keymaster {
60
61SoftKeymasterDevice::SoftKeymasterDevice(Logger* logger)
62 : impl_(new GoogleSoftKeymaster(16, logger)) {
63#if __cplusplus >= 201103L || defined(__GXX_EXPERIMENTAL_CXX0X__)
64 static_assert(std::is_standard_layout<SoftKeymasterDevice>::value,
65 "SoftKeymasterDevice must be standard layout");
66 static_assert(offsetof(SoftKeymasterDevice, device_) == 0,
67 "device_ must be the first member of KeymasterOpenSsl");
68 static_assert(offsetof(SoftKeymasterDevice, device_.common) == 0,
69 "common must be the first member of keymaster_device");
70#else
71 assert(reinterpret_cast<keymaster_device*>(this) == &device_);
72 assert(reinterpret_cast<hw_device_t*>(this) == &(device_.common));
73#endif
74 logger->info("Creating device");
75 logger->debug("Device address: %p", this);
76
77 memset(&device_, 0, sizeof(device_));
78
79 device_.common.tag = HARDWARE_DEVICE_TAG;
80 device_.common.version = 1;
81 device_.common.module = reinterpret_cast<hw_module_t*>(&soft_keymaster_device_module);
82 device_.common.close = &close_device;
83
84 device_.flags =
85 KEYMASTER_SOFTWARE_ONLY | KEYMASTER_BLOBS_ARE_STANDALONE | KEYMASTER_SUPPORTS_EC;
86
87 // V0.3 APIs
88 device_.generate_keypair = generate_keypair;
89 device_.import_keypair = import_keypair;
90 device_.get_keypair_public = get_keypair_public;
91 device_.delete_keypair = NULL;
92 device_.delete_all = NULL;
93 device_.sign_data = sign_data;
94 device_.verify_data = verify_data;
95
96 // V0.4 APIs
97 device_.get_supported_algorithms = get_supported_algorithms;
98 device_.get_supported_block_modes = get_supported_block_modes;
99 device_.get_supported_padding_modes = get_supported_padding_modes;
100 device_.get_supported_digests = get_supported_digests;
101 device_.get_supported_import_formats = get_supported_import_formats;
102 device_.get_supported_export_formats = get_supported_export_formats;
103 device_.add_rng_entropy = add_rng_entropy;
104 device_.generate_key = generate_key;
105 device_.get_key_characteristics = get_key_characteristics;
106 device_.rescope = rescope;
107 device_.import_key = import_key;
108 device_.export_key = export_key;
109 device_.delete_key = NULL;
110 device_.delete_all_keys = NULL;
111 device_.begin = begin;
112 device_.update = update;
113 device_.finish = finish;
114 device_.abort = abort;
115
116 device_.context = NULL;
117}
118
119const uint64_t HUNDRED_YEARS = 1000LL * 60 * 60 * 24 * 365 * 100;
120
121hw_device_t* SoftKeymasterDevice::hw_device() {
122 return &device_.common;
123}
124
125static keymaster_key_characteristics_t* BuildCharacteristics(const AuthorizationSet& hw_enforced,
126 const AuthorizationSet& sw_enforced) {
127 keymaster_key_characteristics_t* characteristics =
128 reinterpret_cast<keymaster_key_characteristics_t*>(
129 malloc(sizeof(keymaster_key_characteristics_t)));
130 if (characteristics) {
131 hw_enforced.CopyToParamSet(&characteristics->hw_enforced);
132 sw_enforced.CopyToParamSet(&characteristics->sw_enforced);
133 }
134 return characteristics;
135}
136
137template <typename RequestType>
138static void AddClientAndAppData(const keymaster_blob_t* client_id, const keymaster_blob_t* app_data,
139 RequestType* request) {
140 request->additional_params.Clear();
141 if (client_id)
142 request->additional_params.push_back(TAG_APPLICATION_ID, *client_id);
143 if (app_data)
144 request->additional_params.push_back(TAG_APPLICATION_DATA, *app_data);
145}
146
147static inline SoftKeymasterDevice* convert_device(const keymaster_device* dev) {
148 return reinterpret_cast<SoftKeymasterDevice*>(const_cast<keymaster_device*>(dev));
149}
150
151/* static */
152int SoftKeymasterDevice::close_device(hw_device_t* dev) {
153 delete reinterpret_cast<SoftKeymasterDevice*>(dev);
154 return 0;
155}
156
157/* static */
158int SoftKeymasterDevice::generate_keypair(const keymaster_device_t* dev,
159 const keymaster_keypair_t key_type,
160 const void* key_params, uint8_t** key_blob,
161 size_t* key_blob_length) {
162 convert_device(dev)->impl_->logger().debug("Device received generate_keypair");
163
164 GenerateKeyRequest req;
165 StoreDefaultNewKeyParams(&req.key_description);
166
167 switch (key_type) {
168 case TYPE_RSA: {
169 req.key_description.push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
170 const keymaster_rsa_keygen_params_t* rsa_params =
171 static_cast<const keymaster_rsa_keygen_params_t*>(key_params);
172 convert_device(dev)->impl_->logger().debug(
173 "Generating RSA pair, modulus size: %u, public exponent: %lu", rsa_params->modulus_size,
174 rsa_params->public_exponent);
175 req.key_description.push_back(TAG_KEY_SIZE, rsa_params->modulus_size);
176 req.key_description.push_back(TAG_RSA_PUBLIC_EXPONENT, rsa_params->public_exponent);
177 break;
178 }
179
180 case TYPE_EC: {
181 req.key_description.push_back(TAG_ALGORITHM, KM_ALGORITHM_ECDSA);
182 const keymaster_ec_keygen_params_t* ec_params =
183 static_cast<const keymaster_ec_keygen_params_t*>(key_params);
184 convert_device(dev)->impl_->logger().debug("Generating ECDSA pair, key size: %u",
185 ec_params->field_size);
186 req.key_description.push_back(TAG_KEY_SIZE, ec_params->field_size);
187 break;
188 }
189
190 default:
191 convert_device(dev)->impl_->logger().debug("Received request for unsuported key type %d",
192 key_type);
193 return KM_ERROR_UNSUPPORTED_ALGORITHM;
194 }
195
196 GenerateKeyResponse rsp;
197 convert_device(dev)->impl_->GenerateKey(req, &rsp);
198
199 *key_blob_length = rsp.key_blob.key_material_size;
200 *key_blob = static_cast<uint8_t*>(malloc(*key_blob_length));
201 if (!*key_blob)
202 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
203 memcpy(*key_blob, rsp.key_blob.key_material, *key_blob_length);
204 convert_device(dev)->impl_->logger().debug("Returning %d bytes in key blob\n",
205 (int)*key_blob_length);
206
207 return KM_ERROR_OK;
208}
209
210/* static */
211int SoftKeymasterDevice::import_keypair(const keymaster_device_t* dev, const uint8_t* key,
212 const size_t key_length, uint8_t** key_blob,
213 size_t* key_blob_length) {
214 convert_device(dev)->impl_->logger().debug("Device received import_keypair");
215
216 ImportKeyRequest request;
217 StoreDefaultNewKeyParams(&request.key_description);
218 request.SetKeyMaterial(key, key_length);
219 request.key_format = KM_KEY_FORMAT_PKCS8;
220
221 ImportKeyResponse response;
222 convert_device(dev)->impl_->ImportKey(request, &response);
223
224 *key_blob_length = response.key_blob.key_material_size;
225 *key_blob = static_cast<uint8_t*>(malloc(*key_blob_length));
226 if (!*key_blob)
227 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
228 memcpy(*key_blob, response.key_blob.key_material, *key_blob_length);
229 convert_device(dev)->impl_->logger().debug("Returning %d bytes in key blob\n",
230 (int)*key_blob_length);
231
232 return KM_ERROR_OK;
233}
234
235/* static */
236int SoftKeymasterDevice::get_keypair_public(const struct keymaster_device* dev,
237 const uint8_t* key_blob, const size_t key_blob_length,
238 uint8_t** x509_data, size_t* x509_data_length) {
239 convert_device(dev)->impl_->logger().debug("Device received get_keypair_public");
240
241 ExportKeyRequest req;
242 req.SetKeyMaterial(key_blob, key_blob_length);
243 req.key_format = KM_KEY_FORMAT_X509;
244
245 ExportKeyResponse rsp;
246 convert_device(dev)->impl_->ExportKey(req, &rsp);
247
248 *x509_data_length = rsp.key_data_length;
249 *x509_data = static_cast<uint8_t*>(malloc(*x509_data_length));
250 if (!*x509_data)
251 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
252 memcpy(*x509_data, rsp.key_data, *x509_data_length);
253 convert_device(dev)->impl_->logger().debug("Returning %d bytes in x509 key\n",
254 (int)*x509_data_length);
255
256 return KM_ERROR_OK;
257}
258
259/* static */
260int SoftKeymasterDevice::sign_data(const keymaster_device_t* dev, const void* params,
261 const uint8_t* key_blob, const size_t key_blob_length,
262 const uint8_t* data, const size_t data_length,
263 uint8_t** signed_data, size_t* signed_data_length) {
264 convert_device(dev)->impl_->logger().debug("Device received sign_data");
265
266 *signed_data_length = 0;
267
268 BeginOperationRequest begin_request;
269 begin_request.purpose = KM_PURPOSE_SIGN;
270 begin_request.SetKeyMaterial(key_blob, key_blob_length);
271 keymaster_error_t err =
272 ExtractSigningParams(params, key_blob, key_blob_length, &begin_request.additional_params);
273 if (err != KM_ERROR_OK)
274 return err;
275
276 BeginOperationResponse begin_response;
277 convert_device(dev)->impl_->BeginOperation(begin_request, &begin_response);
278 if (begin_response.error != KM_ERROR_OK)
279 return begin_response.error;
280
281 UpdateOperationRequest update_request;
282 update_request.op_handle = begin_response.op_handle;
283 update_request.input.Reinitialize(data, data_length);
284 UpdateOperationResponse update_response;
285 convert_device(dev)->impl_->UpdateOperation(update_request, &update_response);
286 if (update_response.error != KM_ERROR_OK)
287 return update_response.error;
288
289 FinishOperationRequest finish_request;
290 finish_request.op_handle = begin_response.op_handle;
291 FinishOperationResponse finish_response;
292 convert_device(dev)->impl_->FinishOperation(finish_request, &finish_response);
293 if (finish_response.error != KM_ERROR_OK)
294 return finish_response.error;
295
296 *signed_data_length = finish_response.output.available_read();
297 *signed_data = static_cast<uint8_t*>(malloc(*signed_data_length));
298 if (!*signed_data)
299 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
300 if (!finish_response.output.read(*signed_data, *signed_data_length))
301 return KM_ERROR_UNKNOWN_ERROR;
302 return KM_ERROR_OK;
303}
304
305/* static */
306int SoftKeymasterDevice::verify_data(const keymaster_device_t* dev, const void* params,
307 const uint8_t* key_blob, const size_t key_blob_length,
308 const uint8_t* signed_data, const size_t signed_data_length,
309 const uint8_t* signature, const size_t signature_length) {
310 convert_device(dev)->impl_->logger().debug("Device received verify_data");
311
312 BeginOperationRequest begin_request;
313 begin_request.purpose = KM_PURPOSE_VERIFY;
314 begin_request.SetKeyMaterial(key_blob, key_blob_length);
315 {
316 keymaster_error_t err = ExtractSigningParams(params, key_blob, key_blob_length,
317 &begin_request.additional_params);
318 if (err != KM_ERROR_OK)
319 return err;
320 }
321
322 BeginOperationResponse begin_response;
323 convert_device(dev)->impl_->BeginOperation(begin_request, &begin_response);
324 if (begin_response.error != KM_ERROR_OK)
325 return begin_response.error;
326
327 UpdateOperationRequest update_request;
328 update_request.op_handle = begin_response.op_handle;
329 update_request.input.Reinitialize(signed_data, signed_data_length);
330 UpdateOperationResponse update_response;
331 convert_device(dev)->impl_->UpdateOperation(update_request, &update_response);
332 if (update_response.error != KM_ERROR_OK)
333 return update_response.error;
334
335 FinishOperationRequest finish_request;
336 finish_request.op_handle = begin_response.op_handle;
337 finish_request.signature.Reinitialize(signature, signature_length);
338 FinishOperationResponse finish_response;
339 convert_device(dev)->impl_->FinishOperation(finish_request, &finish_response);
340 if (finish_response.error != KM_ERROR_OK)
341 return finish_response.error;
342 return KM_ERROR_OK;
343}
344
345/* static */
346keymaster_error_t SoftKeymasterDevice::get_supported_algorithms(const struct keymaster_device* dev,
347 keymaster_algorithm_t** algorithms,
348 size_t* algorithms_length) {
349 if (!algorithms || !algorithms_length)
350 return KM_ERROR_OUTPUT_PARAMETER_NULL;
351
352 SupportedResponse<keymaster_algorithm_t> response;
353 convert_device(dev)->impl_->SupportedAlgorithms(&response);
354 if (response.error != KM_ERROR_OK)
355 return response.error;
356
357 *algorithms_length = response.results_length;
358 *algorithms =
359 reinterpret_cast<keymaster_algorithm_t*>(malloc(*algorithms_length * sizeof(**algorithms)));
360 if (!*algorithms)
361 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
362 std::copy(response.results, response.results + response.results_length, *algorithms);
363 return KM_ERROR_OK;
364}
365
366/* static */
367keymaster_error_t SoftKeymasterDevice::get_supported_block_modes(const struct keymaster_device* dev,
368 keymaster_algorithm_t algorithm,
369 keymaster_purpose_t purpose,
370 keymaster_block_mode_t** modes,
371 size_t* modes_length) {
372 if (!modes || !modes_length)
373 return KM_ERROR_OUTPUT_PARAMETER_NULL;
374
375 SupportedResponse<keymaster_block_mode_t> response;
376 convert_device(dev)->impl_->SupportedBlockModes(algorithm, purpose, &response);
377
378 if (response.error != KM_ERROR_OK)
379 return response.error;
380
381 *modes_length = response.results_length;
382 *modes = reinterpret_cast<keymaster_block_mode_t*>(malloc(*modes_length * sizeof(**modes)));
383 if (!*modes)
384 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
385 std::copy(response.results, response.results + response.results_length, *modes);
386 return KM_ERROR_OK;
387}
388
389/* static */
390keymaster_error_t SoftKeymasterDevice::get_supported_padding_modes(
391 const struct keymaster_device* dev, keymaster_algorithm_t algorithm,
392 keymaster_purpose_t purpose, keymaster_padding_t** modes, size_t* modes_length) {
393 if (!modes || !modes_length)
394 return KM_ERROR_OUTPUT_PARAMETER_NULL;
395
396 SupportedResponse<keymaster_padding_t> response;
397 convert_device(dev)->impl_->SupportedPaddingModes(algorithm, purpose, &response);
398
399 if (response.error != KM_ERROR_OK)
400 return response.error;
401
402 *modes_length = response.results_length;
403 *modes = reinterpret_cast<keymaster_padding_t*>(malloc(*modes_length * sizeof(**modes)));
404 if (!*modes)
405 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
406 std::copy(response.results, response.results + response.results_length, *modes);
407 return KM_ERROR_OK;
408}
409
410/* static */
411keymaster_error_t SoftKeymasterDevice::get_supported_digests(const struct keymaster_device* dev,
412 keymaster_algorithm_t algorithm,
413 keymaster_purpose_t purpose,
414 keymaster_digest_t** digests,
415 size_t* digests_length) {
416 if (!digests || !digests_length)
417 return KM_ERROR_OUTPUT_PARAMETER_NULL;
418
419 SupportedResponse<keymaster_digest_t> response;
420 convert_device(dev)->impl_->SupportedDigests(algorithm, purpose, &response);
421
422 if (response.error != KM_ERROR_OK)
423 return response.error;
424
425 *digests_length = response.results_length;
426 *digests = reinterpret_cast<keymaster_digest_t*>(malloc(*digests_length * sizeof(**digests)));
427 if (!*digests)
428 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
429 std::copy(response.results, response.results + response.results_length, *digests);
430 return KM_ERROR_OK;
431}
432
433/* static */
434keymaster_error_t SoftKeymasterDevice::get_supported_import_formats(
435 const struct keymaster_device* dev, keymaster_algorithm_t algorithm,
436 keymaster_key_format_t** formats, size_t* formats_length) {
437 if (!formats || !formats_length)
438 return KM_ERROR_OUTPUT_PARAMETER_NULL;
439
440 SupportedResponse<keymaster_key_format_t> response;
441 convert_device(dev)->impl_->SupportedImportFormats(algorithm, &response);
442
443 if (response.error != KM_ERROR_OK)
444 return response.error;
445
446 *formats_length = response.results_length;
447 *formats =
448 reinterpret_cast<keymaster_key_format_t*>(malloc(*formats_length * sizeof(**formats)));
449 if (!*formats)
450 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
451 std::copy(response.results, response.results + response.results_length, *formats);
452 return KM_ERROR_OK;
453}
454
455/* static */
456keymaster_error_t SoftKeymasterDevice::get_supported_export_formats(
457 const struct keymaster_device* dev, keymaster_algorithm_t algorithm,
458 keymaster_key_format_t** formats, size_t* formats_length) {
459 if (!formats || !formats_length)
460 return KM_ERROR_OUTPUT_PARAMETER_NULL;
461
462 SupportedResponse<keymaster_key_format_t> response;
463 convert_device(dev)->impl_->SupportedExportFormats(algorithm, &response);
464
465 if (response.error != KM_ERROR_OK)
466 return response.error;
467
468 *formats_length = response.results_length;
469 *formats =
470 reinterpret_cast<keymaster_key_format_t*>(malloc(*formats_length * sizeof(**formats)));
471 if (!*formats)
472 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
473 std::copy(response.results, response.results + *formats_length, *formats);
474 return KM_ERROR_OK;
475}
476
477/* static */
478keymaster_error_t SoftKeymasterDevice::add_rng_entropy(const struct keymaster_device* /* dev */,
479 const uint8_t* /* data */,
480 size_t /* data_length */) {
481 return KM_ERROR_UNIMPLEMENTED;
482}
483
484/* static */
485keymaster_error_t SoftKeymasterDevice::generate_key(
486 const struct keymaster_device* dev, const keymaster_key_param_t* params, size_t params_count,
487 keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t** characteristics) {
488
489 if (!key_blob)
490 return KM_ERROR_OUTPUT_PARAMETER_NULL;
491
492 GenerateKeyRequest request;
493 request.key_description.Reinitialize(params, params_count);
494
495 GenerateKeyResponse response;
496 convert_device(dev)->impl_->GenerateKey(request, &response);
497 if (response.error != KM_ERROR_OK)
498 return response.error;
499
500 key_blob->key_material_size = response.key_blob.key_material_size;
501 uint8_t* tmp = reinterpret_cast<uint8_t*>(malloc(key_blob->key_material_size));
502 if (!tmp)
503 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
504 memcpy(tmp, response.key_blob.key_material, response.key_blob.key_material_size);
505 key_blob->key_material = tmp;
506
507 if (characteristics) {
508 *characteristics = BuildCharacteristics(response.enforced, response.unenforced);
509 if (!*characteristics)
510 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
511 }
512
513 return KM_ERROR_OK;
514}
515
516/* static */
517keymaster_error_t SoftKeymasterDevice::get_key_characteristics(
518 const struct keymaster_device* dev, const keymaster_key_blob_t* key_blob,
519 const keymaster_blob_t* client_id, const keymaster_blob_t* app_data,
520 keymaster_key_characteristics_t** characteristics) {
521 if (!key_blob)
522 return KM_ERROR_INVALID_KEY_BLOB;
523
524 if (!characteristics)
525 return KM_ERROR_OUTPUT_PARAMETER_NULL;
526
527 GetKeyCharacteristicsRequest request;
528 request.SetKeyMaterial(*key_blob);
529 AddClientAndAppData(client_id, app_data, &request);
530
531 GetKeyCharacteristicsResponse response;
532 convert_device(dev)->impl_->GetKeyCharacteristics(request, &response);
533 if (response.error != KM_ERROR_OK)
534 return response.error;
535
536 *characteristics = BuildCharacteristics(response.enforced, response.unenforced);
537 if (!*characteristics)
538 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
539 return KM_ERROR_OK;
540}
541
542/* static */
543keymaster_error_t SoftKeymasterDevice::rescope(
544 const struct keymaster_device* /* dev */, const keymaster_key_param_t* /* new_params */,
545 size_t /* new_params_count */, const keymaster_key_blob_t* /* key_blob */,
546 const keymaster_blob_t* /* client_id */, const keymaster_blob_t* /* app_data */,
547 keymaster_key_blob_t* /* rescoped_key_blob */,
548 keymaster_key_characteristics_t** /* characteristics */) {
549 return KM_ERROR_UNIMPLEMENTED;
550}
551
552/* static */
553keymaster_error_t SoftKeymasterDevice::import_key(
554 const struct keymaster_device* dev, const keymaster_key_param_t* params, size_t params_count,
555 keymaster_key_format_t key_format, const uint8_t* key_data, size_t key_data_length,
556 keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t** characteristics) {
557 if (!params || !key_data)
558 return KM_ERROR_UNEXPECTED_NULL_POINTER;
559
560 if (!key_blob)
561 return KM_ERROR_OUTPUT_PARAMETER_NULL;
562
563 *characteristics = NULL;
564
565 ImportKeyRequest request;
566 request.key_description.Reinitialize(params, params_count);
567 request.key_format = key_format;
568 request.SetKeyMaterial(key_data, key_data_length);
569
570 ImportKeyResponse response;
571 convert_device(dev)->impl_->ImportKey(request, &response);
572 if (response.error != KM_ERROR_OK)
573 return response.error;
574
575 key_blob->key_material_size = response.key_blob.key_material_size;
576 key_blob->key_material = reinterpret_cast<uint8_t*>(malloc(key_blob->key_material_size));
577 if (!key_blob->key_material)
578 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
579 memcpy(const_cast<uint8_t*>(key_blob->key_material), response.key_blob.key_material,
580 response.key_blob.key_material_size);
581
582 if (characteristics) {
583 *characteristics = BuildCharacteristics(response.enforced, response.unenforced);
584 if (!*characteristics)
585 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
586 }
587 return KM_ERROR_OK;
588}
589
590/* static */
591keymaster_error_t SoftKeymasterDevice::export_key(
592 const struct keymaster_device* dev, keymaster_key_format_t export_format,
593 const keymaster_key_blob_t* key_to_export, const keymaster_blob_t* client_id,
594 const keymaster_blob_t* app_data, uint8_t** export_data, size_t* export_data_length) {
595 if (!key_to_export || !key_to_export->key_material)
596 return KM_ERROR_INVALID_KEY_BLOB;
597
598 if (!export_data || !export_data_length)
599 return KM_ERROR_OUTPUT_PARAMETER_NULL;
600
601 *export_data = NULL;
602 *export_data_length = 0;
603
604 ExportKeyRequest request;
605 request.key_format = export_format;
606 request.SetKeyMaterial(*key_to_export);
607 AddClientAndAppData(client_id, app_data, &request);
608
609 ExportKeyResponse response;
610 convert_device(dev)->impl_->ExportKey(request, &response);
611 if (response.error != KM_ERROR_OK)
612 return response.error;
613
614 *export_data_length = response.key_data_length;
615 *export_data = reinterpret_cast<uint8_t*>(malloc(*export_data_length));
616 if (!export_data)
617 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
618 memcpy(*export_data, response.key_data, *export_data_length);
619 return KM_ERROR_OK;
620}
621
622/* static */
623keymaster_error_t
624SoftKeymasterDevice::begin(const struct keymaster_device* dev, keymaster_purpose_t purpose,
625 const keymaster_key_blob_t* key, const keymaster_key_param_t* params,
626 size_t params_count, keymaster_key_param_t** out_params,
627 size_t* out_params_count,
628 keymaster_operation_handle_t* operation_handle) {
629 if (!key || !key->key_material)
630 return KM_ERROR_INVALID_KEY_BLOB;
631
632 if (!operation_handle || !out_params || !out_params_count)
633 return KM_ERROR_OUTPUT_PARAMETER_NULL;
634
635 BeginOperationRequest request;
636 request.purpose = purpose;
637 request.SetKeyMaterial(*key);
638 request.additional_params.Reinitialize(params, params_count);
639
640 BeginOperationResponse response;
641 convert_device(dev)->impl_->BeginOperation(request, &response);
642 if (response.error != KM_ERROR_OK)
643 return response.error;
644
645 *operation_handle = response.op_handle;
646 return KM_ERROR_OK;
647}
648
649/* static */
650keymaster_error_t SoftKeymasterDevice::update(const struct keymaster_device* dev,
651 keymaster_operation_handle_t operation_handle,
652 const uint8_t* input, size_t input_length,
653 size_t* input_consumed, uint8_t** output,
654 size_t* output_length) {
655 if (!input)
656 return KM_ERROR_UNEXPECTED_NULL_POINTER;
657
658 if (!input_consumed || !output || !output_length)
659 return KM_ERROR_OUTPUT_PARAMETER_NULL;
660
661 UpdateOperationRequest request;
662 request.op_handle = operation_handle;
663 request.input.Reinitialize(input, input_length);
664
665 UpdateOperationResponse response;
666 convert_device(dev)->impl_->UpdateOperation(request, &response);
667 if (response.error != KM_ERROR_OK)
668 return response.error;
669
670 *input_consumed = response.input_consumed;
671 *output_length = response.output.available_read();
672 *output = reinterpret_cast<uint8_t*>(malloc(*output_length));
673 if (!*output)
674 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
675 memcpy(*output, response.output.peek_read(), *output_length);
676 return KM_ERROR_OK;
677}
678
679/* static */
680keymaster_error_t SoftKeymasterDevice::finish(const struct keymaster_device* dev,
681 keymaster_operation_handle_t operation_handle,
682 const uint8_t* signature, size_t signature_length,
683 uint8_t** output, size_t* output_length) {
684 if (!output || !output_length)
685 return KM_ERROR_OUTPUT_PARAMETER_NULL;
686
687 FinishOperationRequest request;
688 request.op_handle = operation_handle;
689 if (signature)
690 request.signature.Reinitialize(signature, signature_length);
691
692 FinishOperationResponse response;
693 convert_device(dev)->impl_->FinishOperation(request, &response);
694 if (response.error != KM_ERROR_OK)
695 return response.error;
696
697 *output_length = response.output.available_read();
698 *output = reinterpret_cast<uint8_t*>(malloc(*output_length));
699 if (!*output)
700 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
701 memcpy(*output, response.output.peek_read(), *output_length);
702 return KM_ERROR_OK;
703}
704
705/* static */
706keymaster_error_t SoftKeymasterDevice::abort(const struct keymaster_device* dev,
707 keymaster_operation_handle_t operation_handle) {
708 return convert_device(dev)->impl_->AbortOperation(operation_handle);
709}
710
711/* static */
712keymaster_error_t SoftKeymasterDevice::ExtractSigningParams(const void* signing_params,
713 const uint8_t* key_blob,
714 size_t key_blob_length,
715 AuthorizationSet* auth_set) {
716 KeyBlob blob(key_blob, key_blob_length);
717 if (blob.error() != KM_ERROR_OK)
718 return blob.error();
719
720 switch (blob.algorithm()) {
721 case KM_ALGORITHM_RSA: {
722 const keymaster_rsa_sign_params_t* rsa_params =
723 reinterpret_cast<const keymaster_rsa_sign_params_t*>(signing_params);
724 if (rsa_params->digest_type != DIGEST_NONE)
725 return KM_ERROR_UNSUPPORTED_DIGEST;
726 if (rsa_params->padding_type != PADDING_NONE)
727 return KM_ERROR_UNSUPPORTED_PADDING_MODE;
728 if (!auth_set->push_back(TAG_DIGEST, DIGEST_NONE) ||
729 !auth_set->push_back(TAG_PADDING, KM_PAD_NONE))
730 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
731 } break;
732 case KM_ALGORITHM_DSA: {
733 const keymaster_dsa_sign_params_t* dsa_params =
734 reinterpret_cast<const keymaster_dsa_sign_params_t*>(signing_params);
735 if (dsa_params->digest_type != DIGEST_NONE)
736 return KM_ERROR_UNSUPPORTED_DIGEST;
737 if (!auth_set->push_back(TAG_DIGEST, DIGEST_NONE))
738 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
739 } break;
740 case KM_ALGORITHM_ECDSA: {
741 const keymaster_ec_sign_params_t* ecdsa_params =
742 reinterpret_cast<const keymaster_ec_sign_params_t*>(signing_params);
743 if (ecdsa_params->digest_type != DIGEST_NONE)
744 return KM_ERROR_UNSUPPORTED_DIGEST;
745 if (!auth_set->push_back(TAG_DIGEST, DIGEST_NONE))
746 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
747 } break;
748 default:
749 return KM_ERROR_UNSUPPORTED_ALGORITHM;
750 }
751 return KM_ERROR_OK;
752}
753
754/* static */
755void SoftKeymasterDevice::StoreDefaultNewKeyParams(AuthorizationSet* auth_set) {
756 auth_set->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN);
757 auth_set->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY);
758 auth_set->push_back(TAG_ALL_USERS);
759 auth_set->push_back(TAG_NO_AUTH_REQUIRED);
760 uint64_t now = java_time(time(NULL));
761 auth_set->push_back(TAG_CREATION_DATETIME, now);
762 auth_set->push_back(TAG_ORIGINATION_EXPIRE_DATETIME, now + HUNDRED_YEARS);
763 auth_set->push_back(TAG_DIGEST, DIGEST_NONE);
764 auth_set->push_back(TAG_PADDING, KM_PAD_NONE);
765}
766
767} // namespace keymaster