Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / security / 6507c27ab7ea34dd150d7ef9fda41878ed32547c / . / keystore / keystore_utils.cpp
blob: bfcb43a4281388da8c31160144b845baf7974a40 [file] [log] [blame]
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame^]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "keystore"
18
19#include "keystore_utils.h"
20
21#include <errno.h>
22#include <string.h>
23#include <unistd.h>
24
25#include <cutils/log.h>
26#include <private/android_filesystem_config.h>
27
28#include <keymaster/android_keymaster_utils.h>
29
30size_t readFully(int fd, uint8_t* data, size_t size) {
31 size_t remaining = size;
32 while (remaining > 0) {
33 ssize_t n = TEMP_FAILURE_RETRY(read(fd, data, remaining));
34 if (n <= 0) {
35 return size - remaining;
36 }
37 data += n;
38 remaining -= n;
39 }
40 return size;
41}
42
43size_t writeFully(int fd, uint8_t* data, size_t size) {
44 size_t remaining = size;
45 while (remaining > 0) {
46 ssize_t n = TEMP_FAILURE_RETRY(write(fd, data, remaining));
47 if (n < 0) {
48 ALOGW("write failed: %s", strerror(errno));
49 return size - remaining;
50 }
51 data += n;
52 remaining -= n;
53 }
54 return size;
55}
56
57void add_legacy_key_authorizations(int keyType, std::vector<keymaster_key_param_t>* params) {
58 params->push_back(keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN));
59 params->push_back(keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY));
60 params->push_back(keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_ENCRYPT));
61 params->push_back(keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_DECRYPT));
62 params->push_back(keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE));
63 if (keyType == EVP_PKEY_RSA) {
64 params->push_back(keymaster_param_enum(KM_TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN));
65 params->push_back(keymaster_param_enum(KM_TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT));
66 params->push_back(keymaster_param_enum(KM_TAG_PADDING, KM_PAD_RSA_PSS));
67 params->push_back(keymaster_param_enum(KM_TAG_PADDING, KM_PAD_RSA_OAEP));
68 }
69 params->push_back(keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE));
70 params->push_back(keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_MD5));
71 params->push_back(keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_SHA1));
72 params->push_back(keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_SHA_2_224));
73 params->push_back(keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_SHA_2_256));
74 params->push_back(keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_SHA_2_384));
75 params->push_back(keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_SHA_2_512));
76 params->push_back(keymaster_param_bool(KM_TAG_ALL_USERS));
77 params->push_back(keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED));
78 params->push_back(keymaster_param_date(KM_TAG_ORIGINATION_EXPIRE_DATETIME, LLONG_MAX));
79 params->push_back(keymaster_param_date(KM_TAG_USAGE_EXPIRE_DATETIME, LLONG_MAX));
80 params->push_back(keymaster_param_date(KM_TAG_ACTIVE_DATETIME, 0));
81 uint64_t now = keymaster::java_time(time(NULL));
82 params->push_back(keymaster_param_date(KM_TAG_CREATION_DATETIME, now));
83}
84
85uid_t get_app_id(uid_t uid) {
86 return uid % AID_USER;
87}
88
89uid_t get_user_id(uid_t uid) {
90 return uid / AID_USER;
91}