2 * Copyright (C) 2016 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #include "Keymaster.h"
19 #include <android-base/logging.h>
24 bool KeymasterOperation::updateCompletely(const std::string& input, std::string* output) {
26 auto it = input.begin();
27 while (it != input.end()) {
28 size_t toRead = static_cast<size_t>(input.end() - it);
29 keymaster_blob_t inputBlob{reinterpret_cast<const uint8_t*>(&*it), toRead};
30 keymaster_blob_t outputBlob;
32 auto error = mDevice->update(mDevice, mOpHandle, nullptr, &inputBlob, &inputConsumed,
33 nullptr, &outputBlob);
34 if (error != KM_ERROR_OK) {
35 LOG(ERROR) << "update failed, code " << error;
39 output->append(reinterpret_cast<const char*>(outputBlob.data), outputBlob.data_length);
40 free(const_cast<uint8_t*>(outputBlob.data));
41 if (inputConsumed > toRead) {
42 LOG(ERROR) << "update reported too much input consumed";
51 bool KeymasterOperation::finish() {
52 auto error = mDevice->finish(mDevice, mOpHandle, nullptr, nullptr, nullptr, nullptr);
54 if (error != KM_ERROR_OK) {
55 LOG(ERROR) << "finish failed, code " << error;
61 bool KeymasterOperation::finishWithOutput(std::string* output) {
62 keymaster_blob_t outputBlob;
63 auto error = mDevice->finish(mDevice, mOpHandle, nullptr, nullptr, nullptr, &outputBlob);
65 if (error != KM_ERROR_OK) {
66 LOG(ERROR) << "finish failed, code " << error;
69 output->assign(reinterpret_cast<const char*>(outputBlob.data), outputBlob.data_length);
70 free(const_cast<uint8_t*>(outputBlob.data));
74 Keymaster::Keymaster() {
76 const hw_module_t* module;
77 int ret = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &module);
79 LOG(ERROR) << "hw_get_module_by_class returned " << ret;
82 // TODO: This will need to be updated to support keymaster2.
83 if (module->module_api_version != KEYMASTER_MODULE_API_VERSION_1_0) {
84 LOG(ERROR) << "module_api_version is " << module->module_api_version;
87 ret = keymaster1_open(module, &mDevice);
89 LOG(ERROR) << "keymaster1_open returned " << ret;
95 bool Keymaster::generateKey(const keymaster::AuthorizationSet& inParams, std::string* key) {
96 keymaster_key_blob_t keyBlob;
97 auto error = mDevice->generate_key(mDevice, &inParams, &keyBlob, nullptr);
98 if (error != KM_ERROR_OK) {
99 LOG(ERROR) << "generate_key failed, code " << error;
102 key->assign(reinterpret_cast<const char*>(keyBlob.key_material), keyBlob.key_material_size);
103 free(const_cast<uint8_t*>(keyBlob.key_material));
107 bool Keymaster::deleteKey(const std::string& key) {
108 if (mDevice->delete_key == nullptr) return true;
109 keymaster_key_blob_t keyBlob{reinterpret_cast<const uint8_t*>(key.data()), key.size()};
110 auto error = mDevice->delete_key(mDevice, &keyBlob);
111 if (error != KM_ERROR_OK) {
112 LOG(ERROR) << "delete_key failed, code " << error;
118 KeymasterOperation Keymaster::begin(keymaster_purpose_t purpose, const std::string& key,
119 const keymaster::AuthorizationSet& inParams,
120 keymaster::AuthorizationSet* outParams) {
121 keymaster_key_blob_t keyBlob{reinterpret_cast<const uint8_t*>(key.data()), key.size()};
122 keymaster_operation_handle_t mOpHandle;
123 keymaster_key_param_set_t outParams_set;
124 auto error = mDevice->begin(mDevice, purpose, &keyBlob, &inParams, &outParams_set, &mOpHandle);
125 if (error != KM_ERROR_OK) {
126 LOG(ERROR) << "begin failed, code " << error;
127 return KeymasterOperation(nullptr, mOpHandle);
130 outParams->push_back(outParams_set);
131 keymaster_free_param_set(&outParams_set);
132 return KeymasterOperation(mDevice, mOpHandle);
135 KeymasterOperation Keymaster::begin(keymaster_purpose_t purpose, const std::string& key,
136 const keymaster::AuthorizationSet& inParams) {
137 keymaster_key_blob_t keyBlob{reinterpret_cast<const uint8_t*>(key.data()), key.size()};
138 keymaster_operation_handle_t mOpHandle;
139 auto error = mDevice->begin(mDevice, purpose, &keyBlob, &inParams, nullptr, &mOpHandle);
140 if (error != KM_ERROR_OK) {
141 LOG(ERROR) << "begin failed, code " << error;
142 return KeymasterOperation(nullptr, mOpHandle);
144 return KeymasterOperation(mDevice, mOpHandle);
148 } // namespace android