Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / c15af1910d8f451341d0068b5533816ace5defec / . / android_keymaster.cpp
blob: aeb4f4d2e160dc26466ace847afc0ce4114312bd [file] [log] [blame]
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]1/*
2 * Copyright 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]17#include <keymaster/android_keymaster.h>
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]18
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]19#include <assert.h>
20#include <string.h>
21
Shawn Willden4db3fbd2014-08-08 22:13:44 -0600[diff] [blame]22#include <cstddef>
23
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]24#include <openssl/rand.h>
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]25#include <openssl/x509.h>
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]26
27#include <UniquePtr.h>
28
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]29#include <keymaster/android_keymaster_utils.h>
Shawn Willden398c1582015-05-28 00:04:06 -0600[diff] [blame]30#include <keymaster/key_factory.h>
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]31#include <keymaster/keymaster_context.h>
Shawn Willden98d9b922014-08-26 08:14:10 -0600[diff] [blame]32
Shawn Willden3879f862014-08-06 14:40:48 -0600[diff] [blame]33#include "ae.h"
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]34#include "key.h"
Shawn Willden567a4a02014-12-31 12:14:46 -0700[diff] [blame]35#include "openssl_err.h"
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]36#include "operation.h"
Shawn Willden23d4a742015-03-19 15:33:21 -0600[diff] [blame]37#include "operation_table.h"
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]38
39namespace keymaster {
40
Shawn Willdenc15af192016-03-09 20:03:38 -0700[diff] [blame^]41namespace {
42
Shawn Willden2665e862014-11-24 14:46:21 -0700[diff] [blame]43const uint8_t MAJOR_VER = 1;
Shawn Willdenac69d952015-06-01 14:40:19 -0600[diff] [blame]44const uint8_t MINOR_VER = 1;
Shawn Willden2665e862014-11-24 14:46:21 -0700[diff] [blame]45const uint8_t SUBMINOR_VER = 0;
46
Shawn Willdenc15af192016-03-09 20:03:38 -0700[diff] [blame^]47keymaster_error_t CheckVersionInfo(const AuthorizationSet& tee_enforced,
48 const AuthorizationSet& sw_enforced,
49 const KeymasterContext& context) {
50 uint32_t os_version;
51 uint32_t os_patchlevel;
52 context.GetSystemVersion(&os_version, &os_patchlevel);
53
54 uint32_t key_os_patchlevel;
55 if (tee_enforced.GetTagValue(TAG_OS_PATCHLEVEL, &key_os_patchlevel) ||
56 sw_enforced.GetTagValue(TAG_OS_PATCHLEVEL, &key_os_patchlevel)) {
57 if (key_os_patchlevel < os_patchlevel)
58 return KM_ERROR_KEY_REQUIRES_UPGRADE;
59 else if (key_os_patchlevel > os_patchlevel)
60 return KM_ERROR_INVALID_KEY_BLOB;
61 }
62
63 return KM_ERROR_OK;
64}
65
66} // anonymous namespace
67
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]68AndroidKeymaster::AndroidKeymaster(KeymasterContext* context, size_t operation_table_size)
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]69 : context_(context), operation_table_(new OperationTable(operation_table_size)) {}
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]70
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]71AndroidKeymaster::~AndroidKeymaster() {}
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]72
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]73struct AE_CTX_Delete {
Shawn Willden802bb292014-08-18 10:46:29 -0600[diff] [blame]74 void operator()(ae_ctx* ctx) const { ae_free(ctx); }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]75};
76typedef UniquePtr<ae_ctx, AE_CTX_Delete> Unique_ae_ctx;
77
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]78// TODO(swillden): Unify support analysis. Right now, we have per-keytype methods that determine if
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]79// specific modes, padding, etc. are supported for that key type, and AndroidKeymaster also has
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]80// methods that return the same information. They'll get out of sync. Best to put the knowledge in
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]81// the keytypes and provide some mechanism for AndroidKeymaster to query the keytypes for the
Shawn Willden19fca882015-01-22 16:35:30 -0700[diff] [blame]82// information.
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]83
84template <typename T>
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]85bool check_supported(const KeymasterContext& context, keymaster_algorithm_t algorithm,
86 SupportedResponse<T>* response) {
87 if (context.GetKeyFactory(algorithm) == NULL) {
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]88 response->error = KM_ERROR_UNSUPPORTED_ALGORITHM;
89 return false;
90 }
91 return true;
92}
93
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]94void AndroidKeymaster::GetVersion(const GetVersionRequest&, GetVersionResponse* rsp) {
Shawn Willden2665e862014-11-24 14:46:21 -0700[diff] [blame]95 if (rsp == NULL)
96 return;
97
98 rsp->major_ver = MAJOR_VER;
99 rsp->minor_ver = MINOR_VER;
100 rsp->subminor_ver = SUBMINOR_VER;
101 rsp->error = KM_ERROR_OK;
102}
103
Shawn Willden36d41e22015-06-17 06:39:48 -0600[diff] [blame]104void AndroidKeymaster::SupportedAlgorithms(const SupportedAlgorithmsRequest& /* request */,
105 SupportedAlgorithmsResponse* response) {
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]106 if (response == NULL)
107 return;
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]108
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]109 response->error = KM_ERROR_OK;
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]110
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]111 size_t algorithm_count = 0;
112 const keymaster_algorithm_t* algorithms = context_->GetSupportedAlgorithms(&algorithm_count);
113 if (algorithm_count == 0)
114 return;
115 response->results_length = algorithm_count;
116 response->results = dup_array(algorithms, algorithm_count);
117 if (!response->results)
118 response->error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]119}
120
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]121template <typename T>
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]122void GetSupported(const KeymasterContext& context, keymaster_algorithm_t algorithm,
123 keymaster_purpose_t purpose,
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]124 const T* (OperationFactory::*get_supported_method)(size_t* count) const,
125 SupportedResponse<T>* response) {
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]126 if (response == NULL || !check_supported(context, algorithm, response))
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]127 return;
128
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]129 const OperationFactory* factory = context.GetOperationFactory(algorithm, purpose);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]130 if (!factory) {
131 response->error = KM_ERROR_UNSUPPORTED_PURPOSE;
132 return;
133 }
134
135 size_t count;
136 const T* supported = (factory->*get_supported_method)(&count);
137 response->SetResults(supported, count);
138}
139
Shawn Willden36d41e22015-06-17 06:39:48 -0600[diff] [blame]140void AndroidKeymaster::SupportedBlockModes(const SupportedBlockModesRequest& request,
141 SupportedBlockModesResponse* response) {
142 GetSupported(*context_, request.algorithm, request.purpose,
143 &OperationFactory::SupportedBlockModes, response);
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]144}
Shawn Willden3809b932014-12-02 06:59:46 -0700[diff] [blame]145
Shawn Willden36d41e22015-06-17 06:39:48 -0600[diff] [blame]146void AndroidKeymaster::SupportedPaddingModes(const SupportedPaddingModesRequest& request,
147 SupportedPaddingModesResponse* response) {
148 GetSupported(*context_, request.algorithm, request.purpose,
149 &OperationFactory::SupportedPaddingModes, response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]150}
151
Shawn Willden36d41e22015-06-17 06:39:48 -0600[diff] [blame]152void AndroidKeymaster::SupportedDigests(const SupportedDigestsRequest& request,
153 SupportedDigestsResponse* response) {
154 GetSupported(*context_, request.algorithm, request.purpose, &OperationFactory::SupportedDigests,
155 response);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]156}
157
Shawn Willden36d41e22015-06-17 06:39:48 -0600[diff] [blame]158void AndroidKeymaster::SupportedImportFormats(const SupportedImportFormatsRequest& request,
159 SupportedImportFormatsResponse* response) {
160 if (response == NULL || !check_supported(*context_, request.algorithm, response))
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]161 return;
162
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]163 size_t count;
164 const keymaster_key_format_t* formats =
Shawn Willden36d41e22015-06-17 06:39:48 -0600[diff] [blame]165 context_->GetKeyFactory(request.algorithm)->SupportedImportFormats(&count);
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]166 response->SetResults(formats, count);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]167}
168
Shawn Willden36d41e22015-06-17 06:39:48 -0600[diff] [blame]169void AndroidKeymaster::SupportedExportFormats(const SupportedExportFormatsRequest& request,
170 SupportedExportFormatsResponse* response) {
171 if (response == NULL || !check_supported(*context_, request.algorithm, response))
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]172 return;
173
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]174 size_t count;
175 const keymaster_key_format_t* formats =
Shawn Willden36d41e22015-06-17 06:39:48 -0600[diff] [blame]176 context_->GetKeyFactory(request.algorithm)->SupportedExportFormats(&count);
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]177 response->SetResults(formats, count);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]178}
179
Shawn Willden36d41e22015-06-17 06:39:48 -0600[diff] [blame]180void AndroidKeymaster::AddRngEntropy(const AddEntropyRequest& request,
181 AddEntropyResponse* response) {
182 response->error = context_->AddRngEntropy(request.random_data.peek_read(),
183 request.random_data.available_read());
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]184}
185
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]186void AndroidKeymaster::GenerateKey(const GenerateKeyRequest& request,
187 GenerateKeyResponse* response) {
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]188 if (response == NULL)
189 return;
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]190
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]191 keymaster_algorithm_t algorithm;
192 KeyFactory* factory = 0;
193 UniquePtr<Key> key;
194 if (!request.key_description.GetTagValue(TAG_ALGORITHM, &algorithm) ||
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]195 !(factory = context_->GetKeyFactory(algorithm)))
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]196 response->error = KM_ERROR_UNSUPPORTED_ALGORITHM;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]197 else {
198 KeymasterKeyBlob key_blob;
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]199 response->enforced.Clear();
200 response->unenforced.Clear();
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]201 response->error = factory->GenerateKey(request.key_description, &key_blob,
202 &response->enforced, &response->unenforced);
203 if (response->error == KM_ERROR_OK)
204 response->key_blob = key_blob.release();
205 }
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]206}
207
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]208void AndroidKeymaster::GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
209 GetKeyCharacteristicsResponse* response) {
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]210 if (response == NULL)
211 return;
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]212
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]213 KeymasterKeyBlob key_material;
214 response->error =
215 context_->ParseKeyBlob(KeymasterKeyBlob(request.key_blob), request.additional_params,
216 &key_material, &response->enforced, &response->unenforced);
217 if (response->error != KM_ERROR_OK)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]218 return;
Shawn Willdenc15af192016-03-09 20:03:38 -0700[diff] [blame^]219
220 response->error = CheckVersionInfo(response->enforced, response->unenforced, *context_);
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]221}
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]222
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]223static KeyFactory* GetKeyFactory(const KeymasterContext& context,
224 const AuthorizationSet& hw_enforced,
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]225 const AuthorizationSet& sw_enforced,
226 keymaster_algorithm_t* algorithm, keymaster_error_t* error) {
227 *error = KM_ERROR_UNSUPPORTED_ALGORITHM;
228 if (!hw_enforced.GetTagValue(TAG_ALGORITHM, algorithm) &&
229 !sw_enforced.GetTagValue(TAG_ALGORITHM, algorithm))
230 return nullptr;
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]231 KeyFactory* factory = context.GetKeyFactory(*algorithm);
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]232 if (factory)
233 *error = KM_ERROR_OK;
234 return factory;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]235}
236
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]237void AndroidKeymaster::BeginOperation(const BeginOperationRequest& request,
238 BeginOperationResponse* response) {
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]239 if (response == NULL)
240 return;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]241 response->op_handle = 0;
242
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]243 AuthorizationSet hw_enforced;
244 AuthorizationSet sw_enforced;
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]245 const KeyFactory* key_factory;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]246 UniquePtr<Key> key;
247 response->error = LoadKey(request.key_blob, request.additional_params, &hw_enforced,
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]248 &sw_enforced, &key_factory, &key);
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]249 if (response->error != KM_ERROR_OK)
250 return;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]251
Shawn Willden294a2db2015-06-17 11:20:56 -0600[diff] [blame]252 response->error = KM_ERROR_UNKNOWN_ERROR;
253 keymaster_algorithm_t key_algorithm;
254 if (!key->authorizations().GetTagValue(TAG_ALGORITHM, &key_algorithm))
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]255 return;
Shawn Willdenedb79942015-05-08 06:46:44 -0600[diff] [blame]256
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]257 response->error = KM_ERROR_UNSUPPORTED_PURPOSE;
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]258 OperationFactory* factory = key_factory->GetOperationFactory(request.purpose);
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]259 if (!factory)
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]260 return;
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]261
Shawn Willden3ed6d062015-04-15 13:39:38 -0600[diff] [blame]262 UniquePtr<Operation> operation(
263 factory->CreateOperation(*key, request.additional_params, &response->error));
Shawn Willdend67afae2014-08-19 12:36:27 -0600[diff] [blame]264 if (operation.get() == NULL)
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]265 return;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]266
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]267 if (context_->enforcement_policy()) {
268 km_id_t key_id;
269 response->error = KM_ERROR_UNKNOWN_ERROR;
270 if (!context_->enforcement_policy()->CreateKeyId(request.key_blob, &key_id))
271 return;
272 operation->set_key_id(key_id);
273 response->error = context_->enforcement_policy()->AuthorizeOperation(
274 request.purpose, key_id, key->authorizations(), request.additional_params,
275 0 /* op_handle */, true /* is_begin_operation */);
276 if (response->error != KM_ERROR_OK)
277 return;
278 }
279
Shawn Willden111edb32015-02-05 22:44:24 -0700[diff] [blame]280 response->output_params.Clear();
281 response->error = operation->Begin(request.additional_params, &response->output_params);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]282 if (response->error != KM_ERROR_OK)
283 return;
284
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]285 operation->SetAuthorizations(key->authorizations());
Shawn Willden23d4a742015-03-19 15:33:21 -0600[diff] [blame]286 response->error = operation_table_->Add(operation.release(), &response->op_handle);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]287}
288
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]289void AndroidKeymaster::UpdateOperation(const UpdateOperationRequest& request,
290 UpdateOperationResponse* response) {
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]291 if (response == NULL)
292 return;
293
Shawn Willden23d4a742015-03-19 15:33:21 -0600[diff] [blame]294 response->error = KM_ERROR_INVALID_OPERATION_HANDLE;
295 Operation* operation = operation_table_->Find(request.op_handle);
296 if (operation == NULL)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]297 return;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]298
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]299 if (context_->enforcement_policy()) {
300 response->error = context_->enforcement_policy()->AuthorizeOperation(
301 operation->purpose(), operation->key_id(), operation->authorizations(),
302 request.additional_params, request.op_handle, false /* is_begin_operation */);
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame]303 if (response->error != KM_ERROR_OK) {
304 operation_table_->Delete(request.op_handle);
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]305 return;
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame]306 }
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]307 }
308
Shawn Willdended8e7d2015-06-01 15:29:12 -0600[diff] [blame]309 response->error =
310 operation->Update(request.additional_params, request.input, &response->output_params,
311 &response->output, &response->input_consumed);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]312 if (response->error != KM_ERROR_OK) {
313 // Any error invalidates the operation.
Shawn Willden23d4a742015-03-19 15:33:21 -0600[diff] [blame]314 operation_table_->Delete(request.op_handle);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]315 }
316}
317
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]318void AndroidKeymaster::FinishOperation(const FinishOperationRequest& request,
319 FinishOperationResponse* response) {
Shawn Willdend6cd7e32014-12-17 08:01:26 -0700[diff] [blame]320 if (response == NULL)
321 return;
322
Shawn Willden23d4a742015-03-19 15:33:21 -0600[diff] [blame]323 response->error = KM_ERROR_INVALID_OPERATION_HANDLE;
324 Operation* operation = operation_table_->Find(request.op_handle);
325 if (operation == NULL)
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]326 return;
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]327
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]328 if (context_->enforcement_policy()) {
329 response->error = context_->enforcement_policy()->AuthorizeOperation(
330 operation->purpose(), operation->key_id(), operation->authorizations(),
331 request.additional_params, request.op_handle, false /* is_begin_operation */);
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame]332 if (response->error != KM_ERROR_OK) {
333 operation_table_->Delete(request.op_handle);
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]334 return;
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame]335 }
Shawn Willdenada48502015-06-25 06:26:05 -0700[diff] [blame]336 }
337
Shawn Willdencb647fe2016-01-27 12:59:13 -0700[diff] [blame]338 response->error = operation->Finish(request.additional_params, request.input, request.signature,
Shawn Willdended8e7d2015-06-01 15:29:12 -0600[diff] [blame]339 &response->output_params, &response->output);
Shawn Willden23d4a742015-03-19 15:33:21 -0600[diff] [blame]340 operation_table_->Delete(request.op_handle);
Shawn Willden1615f2e2014-08-13 10:37:40 -0600[diff] [blame]341}
342
Shawn Willden36d41e22015-06-17 06:39:48 -0600[diff] [blame]343void AndroidKeymaster::AbortOperation(const AbortOperationRequest& request,
344 AbortOperationResponse* response) {
345 if (!response)
346 return;
Shawn Willden23d4a742015-03-19 15:33:21 -0600[diff] [blame]347
Shawn Willden36d41e22015-06-17 06:39:48 -0600[diff] [blame]348 Operation* operation = operation_table_->Find(request.op_handle);
349 if (!operation) {
350 response->error = KM_ERROR_INVALID_OPERATION_HANDLE;
351 return;
352 }
353
354 response->error = operation->Abort();
355 operation_table_->Delete(request.op_handle);
Shawn Willden76364712014-08-11 17:48:04 -0600[diff] [blame]356}
357
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]358void AndroidKeymaster::ExportKey(const ExportKeyRequest& request, ExportKeyResponse* response) {
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]359 if (response == NULL)
360 return;
361
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]362 AuthorizationSet hw_enforced;
363 AuthorizationSet sw_enforced;
364 KeymasterKeyBlob key_material;
365 response->error =
366 context_->ParseKeyBlob(KeymasterKeyBlob(request.key_blob), request.additional_params,
367 &key_material, &hw_enforced, &sw_enforced);
368 if (response->error != KM_ERROR_OK)
369 return;
370
Shawn Willden63ac0432014-12-29 14:07:08 -0700[diff] [blame]371 keymaster_algorithm_t algorithm;
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]372 KeyFactory* key_factory =
373 GetKeyFactory(*context_, hw_enforced, sw_enforced, &algorithm, &response->error);
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]374 if (!key_factory)
375 return;
376
377 UniquePtr<Key> key;
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame]378 response->error = key_factory->LoadKey(key_material, request.additional_params, hw_enforced,
379 sw_enforced, &key);
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]380 if (response->error != KM_ERROR_OK)
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]381 return;
382
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]383 UniquePtr<uint8_t[]> out_key;
384 size_t size;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]385 response->error = key->formatted_key_material(request.key_format, &out_key, &size);
Shawn Willdenf268d742014-08-19 15:36:26 -0600[diff] [blame]386 if (response->error == KM_ERROR_OK) {
387 response->key_data = out_key.release();
388 response->key_data_length = size;
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]389 }
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]390}
391
Shawn Willdend3ee5502016-01-05 19:40:43 -0700[diff] [blame]392void AndroidKeymaster::AttestKey(const AttestKeyRequest& request, AttestKeyResponse* response) {
393 if (!response)
394 return;
395
396 AuthorizationSet tee_enforced;
397 AuthorizationSet sw_enforced;
398 const KeyFactory* key_factory;
399 UniquePtr<Key> key;
400 response->error = LoadKey(request.key_blob, request.attest_params, &tee_enforced, &sw_enforced,
401 &key_factory, &key);
402 if (response->error != KM_ERROR_OK)
403 return;
404
405 response->error = key->GenerateAttestation(*context_, request.attest_params, tee_enforced,
406 sw_enforced, &response->certificate_chain);
407}
408
Shawn Willdenc15af192016-03-09 20:03:38 -0700[diff] [blame^]409void AndroidKeymaster::UpgradeKey(const UpgradeKeyRequest& request, UpgradeKeyResponse* response) {
410 if (!response)
411 return;
412
413 KeymasterKeyBlob upgraded_key;
414 response->error = context_->UpgradeKeyBlob(KeymasterKeyBlob(request.key_blob),
415 request.upgrade_params, &upgraded_key);
416 if (response->error != KM_ERROR_OK)
417 return;
418 response->upgraded_key = upgraded_key.release();
419}
420
Shawn Willdenb6837e72015-05-16 09:20:59 -0600[diff] [blame]421void AndroidKeymaster::ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response) {
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]422 if (response == NULL)
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]423 return;
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]424
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]425 keymaster_algorithm_t algorithm;
426 KeyFactory* factory = 0;
427 UniquePtr<Key> key;
428 if (!request.key_description.GetTagValue(TAG_ALGORITHM, &algorithm) ||
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]429 !(factory = context_->GetKeyFactory(algorithm)))
Shawn Willdena278f612014-12-23 11:22:21 -0700[diff] [blame]430 response->error = KM_ERROR_UNSUPPORTED_ALGORITHM;
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]431 else {
432 keymaster_key_blob_t key_material = {request.key_data, request.key_data_length};
433 KeymasterKeyBlob key_blob;
434 response->error = factory->ImportKey(request.key_description, request.key_format,
435 KeymasterKeyBlob(key_material), &key_blob,
436 &response->enforced, &response->unenforced);
437 if (response->error == KM_ERROR_OK)
438 response->key_blob = key_blob.release();
439 }
Shawn Willdenffd790c2014-08-18 21:20:06 -0600[diff] [blame]440}
441
Shawn Willden36d41e22015-06-17 06:39:48 -0600[diff] [blame]442void AndroidKeymaster::DeleteKey(const DeleteKeyRequest& request, DeleteKeyResponse* response) {
443 if (!response)
444 return;
445 response->error = context_->DeleteKey(KeymasterKeyBlob(request.key_blob));
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]446}
447
Shawn Willden36d41e22015-06-17 06:39:48 -0600[diff] [blame]448void AndroidKeymaster::DeleteAllKeys(const DeleteAllKeysRequest&, DeleteAllKeysResponse* response) {
449 if (!response)
450 return;
451 response->error = context_->DeleteAllKeys();
Shawn Willden2beb6282015-05-20 16:36:24 -0600[diff] [blame]452}
453
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame]454bool AndroidKeymaster::has_operation(keymaster_operation_handle_t op_handle) const {
455 return operation_table_->Find(op_handle) != nullptr;
456}
457
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]458keymaster_error_t AndroidKeymaster::LoadKey(const keymaster_key_blob_t& key_blob,
459 const AuthorizationSet& additional_params,
460 AuthorizationSet* hw_enforced,
461 AuthorizationSet* sw_enforced,
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]462 const KeyFactory** factory, UniquePtr<Key>* key) {
Shawn Willden0cb69422015-05-26 08:31:37 -0600[diff] [blame]463 KeymasterKeyBlob key_material;
464 keymaster_error_t error = context_->ParseKeyBlob(KeymasterKeyBlob(key_blob), additional_params,
465 &key_material, hw_enforced, sw_enforced);
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]466 if (error != KM_ERROR_OK)
467 return error;
468
Shawn Willdenc15af192016-03-09 20:03:38 -0700[diff] [blame^]469 error = CheckVersionInfo(*hw_enforced, *sw_enforced, *context_);
470 if (error != KM_ERROR_OK)
471 return error;
472
Shawn Willden06298102015-05-25 23:12:48 -0600[diff] [blame]473 keymaster_algorithm_t algorithm;
474 *factory = GetKeyFactory(*context_, *hw_enforced, *sw_enforced, &algorithm, &error);
475 if (error != KM_ERROR_OK)
Shawn Willden437fbd12014-08-20 11:59:49 -0600[diff] [blame]476 return error;
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]477
Shawn Willdend599b152015-07-27 16:58:30 -0600[diff] [blame]478 return (*factory)->LoadKey(key_material, additional_params, *hw_enforced, *sw_enforced, key);
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]479}
480
Shawn Willden128ffe02014-08-06 12:31:33 -0600[diff] [blame]481} // namespace keymaster