diff --git a/trusty/keymaster/Android.bp b/trusty/keymaster/Android.bp index 899f8a309..52a879e8d 100644 --- a/trusty/keymaster/Android.bp +++ b/trusty/keymaster/Android.bp @@ -27,14 +27,17 @@ cc_binary { name: "trusty_keymaster_tipc", vendor: true, srcs: [ - "trusty_keymaster_device.cpp", - "trusty_keymaster_ipc.cpp", - "trusty_keymaster_main.cpp", + "ipc/trusty_keymaster_ipc.cpp", + "legacy/trusty_keymaster_device.cpp", + "legacy/trusty_keymaster_main.cpp", ], cflags: [ "-Wall", "-Werror", ], + + local_include_dirs: ["include"], + shared_libs: [ "libcrypto", "libcutils", @@ -52,9 +55,9 @@ cc_library_shared { vendor: true, relative_install_path: "hw", srcs: [ - "module.cpp", - "trusty_keymaster_ipc.cpp", - "trusty_keymaster_device.cpp", + "ipc/trusty_keymaster_ipc.cpp", + "legacy/module.cpp", + "legacy/trusty_keymaster_device.cpp", ], cflags: [ @@ -63,6 +66,8 @@ cc_library_shared { "-Werror", ], + local_include_dirs: ["include"], + shared_libs: [ "libcrypto", "libkeymaster_messages", diff --git a/trusty/keymaster/keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h similarity index 100% rename from trusty/keymaster/keymaster_ipc.h rename to trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h diff --git a/trusty/keymaster/trusty_keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/trusty_keymaster_ipc.h similarity index 66% rename from trusty/keymaster/trusty_keymaster_ipc.h rename to trusty/keymaster/include/trusty_keymaster/ipc/trusty_keymaster_ipc.h index c15f7c1da..16207e6d9 100644 --- a/trusty/keymaster/trusty_keymaster_ipc.h +++ b/trusty/keymaster/include/trusty_keymaster/ipc/trusty_keymaster_ipc.h @@ -17,13 +17,24 @@ #ifndef TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_IPC_H_ #define TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_IPC_H_ +#include +#include + __BEGIN_DECLS +const uint32_t TRUSTY_KEYMASTER_RECV_BUF_SIZE = 2 * PAGE_SIZE; +const uint32_t TRUSTY_KEYMASTER_SEND_BUF_SIZE = + (PAGE_SIZE - sizeof(struct keymaster_message) - 16 /* tipc header */); + int trusty_keymaster_connect(void); int trusty_keymaster_call(uint32_t cmd, void* in, uint32_t in_size, uint8_t* out, uint32_t* out_size); void trusty_keymaster_disconnect(void); +keymaster_error_t translate_error(int err); +keymaster_error_t trusty_keymaster_send(uint32_t command, const keymaster::Serializable& req, + keymaster::KeymasterResponse* rsp); + __END_DECLS #endif // TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_IPC_H_ diff --git a/trusty/keymaster/trusty_keymaster_device.h b/trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h similarity index 97% rename from trusty/keymaster/trusty_keymaster_device.h rename to trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h index cfada1b3c..5a80795e3 100644 --- a/trusty/keymaster/trusty_keymaster_device.h +++ b/trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h @@ -36,7 +36,8 @@ class TrustyKeymasterDevice { * These are the only symbols that will be exported by libtrustykeymaster. All functionality * can be reached via the function pointers in device_. */ - __attribute__((visibility("default"))) explicit TrustyKeymasterDevice(const hw_module_t* module); + __attribute__((visibility("default"))) explicit TrustyKeymasterDevice( + const hw_module_t* module); __attribute__((visibility("default"))) hw_device_t* hw_device(); ~TrustyKeymasterDevice(); @@ -134,12 +135,15 @@ class TrustyKeymasterDevice { keymaster_operation_handle_t operation_handle, const keymaster_key_param_set_t* in_params, const keymaster_blob_t* input, size_t* input_consumed, - keymaster_key_param_set_t* out_params, keymaster_blob_t* output); + keymaster_key_param_set_t* out_params, + keymaster_blob_t* output); static keymaster_error_t finish(const keymaster2_device_t* dev, keymaster_operation_handle_t operation_handle, const keymaster_key_param_set_t* in_params, - const keymaster_blob_t* input, const keymaster_blob_t* signature, - keymaster_key_param_set_t* out_params, keymaster_blob_t* output); + const keymaster_blob_t* input, + const keymaster_blob_t* signature, + keymaster_key_param_set_t* out_params, + keymaster_blob_t* output); static keymaster_error_t abort(const keymaster2_device_t* dev, keymaster_operation_handle_t operation_handle); diff --git a/trusty/keymaster/trusty_keymaster_ipc.cpp b/trusty/keymaster/ipc/trusty_keymaster_ipc.cpp similarity index 52% rename from trusty/keymaster/trusty_keymaster_ipc.cpp rename to trusty/keymaster/ipc/trusty_keymaster_ipc.cpp index 686e7aec6..8c5cff637 100644 --- a/trusty/keymaster/trusty_keymaster_ipc.cpp +++ b/trusty/keymaster/ipc/trusty_keymaster_ipc.cpp @@ -29,8 +29,8 @@ #include #include -#include "keymaster_ipc.h" -#include "trusty_keymaster_ipc.h" +#include +#include #define TRUSTY_DEVICE_NAME "/dev/trusty-ipc-dev0" @@ -76,9 +76,9 @@ int trusty_keymaster_call(uint32_t cmd, void* in, uint32_t in_size, uint8_t* out struct keymaster_message header; iov[0] = {.iov_base = &header, .iov_len = sizeof(struct keymaster_message)}; while (true) { - iov[1] = { - .iov_base = out + *out_size, - .iov_len = std::min(KEYMASTER_MAX_BUFFER_LENGTH, out_max_size - *out_size)}; + iov[1] = {.iov_base = out + *out_size, + .iov_len = std::min(KEYMASTER_MAX_BUFFER_LENGTH, + out_max_size - *out_size)}; rc = readv(handle_, iov, 2); if (rc < 0) { ALOGE("failed to retrieve response for cmd (%d) to %s: %s\n", cmd, KEYMASTER_PORT, @@ -110,3 +110,73 @@ void trusty_keymaster_disconnect() { } handle_ = -1; } + +keymaster_error_t translate_error(int err) { + switch (err) { + case 0: + return KM_ERROR_OK; + case -EPERM: + case -EACCES: + return KM_ERROR_SECURE_HW_ACCESS_DENIED; + + case -ECANCELED: + return KM_ERROR_OPERATION_CANCELLED; + + case -ENODEV: + return KM_ERROR_UNIMPLEMENTED; + + case -ENOMEM: + return KM_ERROR_MEMORY_ALLOCATION_FAILED; + + case -EBUSY: + return KM_ERROR_SECURE_HW_BUSY; + + case -EIO: + return KM_ERROR_SECURE_HW_COMMUNICATION_FAILED; + + case -EOVERFLOW: + return KM_ERROR_INVALID_INPUT_LENGTH; + + default: + return KM_ERROR_UNKNOWN_ERROR; + } +} + +keymaster_error_t trusty_keymaster_send(uint32_t command, const keymaster::Serializable& req, + keymaster::KeymasterResponse* rsp) { + uint32_t req_size = req.SerializedSize(); + if (req_size > TRUSTY_KEYMASTER_SEND_BUF_SIZE) { + ALOGE("Request too big: %u Max size: %u", req_size, TRUSTY_KEYMASTER_SEND_BUF_SIZE); + return KM_ERROR_INVALID_INPUT_LENGTH; + } + + uint8_t send_buf[TRUSTY_KEYMASTER_SEND_BUF_SIZE]; + keymaster::Eraser send_buf_eraser(send_buf, TRUSTY_KEYMASTER_SEND_BUF_SIZE); + req.Serialize(send_buf, send_buf + req_size); + + // Send it + uint8_t recv_buf[TRUSTY_KEYMASTER_RECV_BUF_SIZE]; + keymaster::Eraser recv_buf_eraser(recv_buf, TRUSTY_KEYMASTER_RECV_BUF_SIZE); + uint32_t rsp_size = TRUSTY_KEYMASTER_RECV_BUF_SIZE; + int rc = trusty_keymaster_call(command, send_buf, req_size, recv_buf, &rsp_size); + if (rc < 0) { + // Reset the connection on tipc error + trusty_keymaster_disconnect(); + trusty_keymaster_connect(); + ALOGE("tipc error: %d\n", rc); + // TODO(swillden): Distinguish permanent from transient errors and set error_ appropriately. + return translate_error(rc); + } else { + ALOGE("Received %d byte response\n", rsp_size); + } + + const uint8_t* p = recv_buf; + if (!rsp->Deserialize(&p, p + rsp_size)) { + ALOGE("Error deserializing response of size %d\n", (int)rsp_size); + return KM_ERROR_UNKNOWN_ERROR; + } else if (rsp->error != KM_ERROR_OK) { + ALOGE("Response of size %d contained error code %d\n", (int)rsp_size, (int)rsp->error); + return rsp->error; + } + return rsp->error; +} diff --git a/trusty/keymaster/Makefile b/trusty/keymaster/legacy/Makefile similarity index 100% rename from trusty/keymaster/Makefile rename to trusty/keymaster/legacy/Makefile diff --git a/trusty/keymaster/module.cpp b/trusty/keymaster/legacy/module.cpp similarity index 65% rename from trusty/keymaster/module.cpp rename to trusty/keymaster/legacy/module.cpp index b472680fb..7aa1a4eaa 100644 --- a/trusty/keymaster/module.cpp +++ b/trusty/keymaster/legacy/module.cpp @@ -19,14 +19,15 @@ #include #include -#include "trusty_keymaster_device.h" +#include using keymaster::TrustyKeymasterDevice; /* * Generic device handling */ -static int trusty_keymaster_open(const hw_module_t* module, const char* name, hw_device_t** device) { +static int trusty_keymaster_open(const hw_module_t* module, const char* name, + hw_device_t** device) { if (strcmp(name, KEYSTORE_KEYMASTER) != 0) { return -EINVAL; } @@ -42,20 +43,20 @@ static int trusty_keymaster_open(const hw_module_t* module, const char* name, hw } static struct hw_module_methods_t keystore_module_methods = { - .open = trusty_keymaster_open, + .open = trusty_keymaster_open, }; struct keystore_module HAL_MODULE_INFO_SYM __attribute__((visibility("default"))) = { - .common = - { - .tag = HARDWARE_MODULE_TAG, - .module_api_version = KEYMASTER_MODULE_API_VERSION_2_0, - .hal_api_version = HARDWARE_HAL_API_VERSION, - .id = KEYSTORE_HARDWARE_MODULE_ID, - .name = "Trusty Keymaster HAL", - .author = "The Android Open Source Project", - .methods = &keystore_module_methods, - .dso = 0, - .reserved = {}, - }, + .common = + { + .tag = HARDWARE_MODULE_TAG, + .module_api_version = KEYMASTER_MODULE_API_VERSION_2_0, + .hal_api_version = HARDWARE_HAL_API_VERSION, + .id = KEYSTORE_HARDWARE_MODULE_ID, + .name = "Trusty Keymaster HAL", + .author = "The Android Open Source Project", + .methods = &keystore_module_methods, + .dso = 0, + .reserved = {}, + }, }; diff --git a/trusty/keymaster/trusty_keymaster_device.cpp b/trusty/keymaster/legacy/trusty_keymaster_device.cpp similarity index 79% rename from trusty/keymaster/trusty_keymaster_device.cpp rename to trusty/keymaster/legacy/trusty_keymaster_device.cpp index b8c203231..ea00a92e0 100644 --- a/trusty/keymaster/trusty_keymaster_device.cpp +++ b/trusty/keymaster/legacy/trusty_keymaster_device.cpp @@ -33,50 +33,15 @@ #include #include -#include "keymaster_ipc.h" -#include "trusty_keymaster_device.h" -#include "trusty_keymaster_ipc.h" - -// Maximum size of message from Trusty is 8K (for RSA attestation key and chain) -const uint32_t RECV_BUF_SIZE = 2*PAGE_SIZE; -const uint32_t SEND_BUF_SIZE = (PAGE_SIZE - sizeof(struct keymaster_message) - 16 /* tipc header */); +#include +#include +#include const size_t kMaximumAttestationChallengeLength = 128; const size_t kMaximumFinishInputLength = 2048; namespace keymaster { -static keymaster_error_t translate_error(int err) { - switch (err) { - case 0: - return KM_ERROR_OK; - case -EPERM: - case -EACCES: - return KM_ERROR_SECURE_HW_ACCESS_DENIED; - - case -ECANCELED: - return KM_ERROR_OPERATION_CANCELLED; - - case -ENODEV: - return KM_ERROR_UNIMPLEMENTED; - - case -ENOMEM: - return KM_ERROR_MEMORY_ALLOCATION_FAILED; - - case -EBUSY: - return KM_ERROR_SECURE_HW_BUSY; - - case -EIO: - return KM_ERROR_SECURE_HW_COMMUNICATION_FAILED; - - case -EOVERFLOW: - return KM_ERROR_INVALID_INPUT_LENGTH; - - default: - return KM_ERROR_UNKNOWN_ERROR; - } -} - TrustyKeymasterDevice::TrustyKeymasterDevice(const hw_module_t* module) { static_assert(std::is_standard_layout::value, "TrustyKeymasterDevice must be standard layout"); @@ -121,7 +86,7 @@ TrustyKeymasterDevice::TrustyKeymasterDevice(const hw_module_t* module) { GetVersionRequest version_request; GetVersionResponse version_response; - error_ = Send(KM_GET_VERSION, version_request, &version_response); + error_ = trusty_keymaster_send(KM_GET_VERSION, version_request, &version_response); if (error_ == KM_ERROR_INVALID_ARGUMENT || error_ == KM_ERROR_UNIMPLEMENTED) { ALOGE("\"Bad parameters\" error on GetVersion call. Version 0 is not supported."); error_ = KM_ERROR_VERSION_MISMATCH; @@ -186,7 +151,7 @@ keymaster_error_t TrustyKeymasterDevice::configure(const keymaster_key_param_set } ConfigureResponse response(message_version_); - keymaster_error_t err = Send(KM_CONFIGURE, request, &response); + keymaster_error_t err = trusty_keymaster_send(KM_CONFIGURE, request, &response); if (err != KM_ERROR_OK) { return err; } @@ -204,12 +169,12 @@ keymaster_error_t TrustyKeymasterDevice::add_rng_entropy(const uint8_t* data, si AddEntropyRequest request(message_version_); request.random_data.Reinitialize(data, data_length); AddEntropyResponse response(message_version_); - return Send(KM_ADD_RNG_ENTROPY, request, &response); + return trusty_keymaster_send(KM_ADD_RNG_ENTROPY, request, &response); } keymaster_error_t TrustyKeymasterDevice::generate_key( - const keymaster_key_param_set_t* params, keymaster_key_blob_t* key_blob, - keymaster_key_characteristics_t* characteristics) { + const keymaster_key_param_set_t* params, keymaster_key_blob_t* key_blob, + keymaster_key_characteristics_t* characteristics) { ALOGD("Device received generate_key"); if (error_ != KM_ERROR_OK) { @@ -227,14 +192,14 @@ keymaster_error_t TrustyKeymasterDevice::generate_key( request.key_description.push_back(TAG_CREATION_DATETIME, java_time(time(NULL))); GenerateKeyResponse response(message_version_); - keymaster_error_t err = Send(KM_GENERATE_KEY, request, &response); + keymaster_error_t err = trusty_keymaster_send(KM_GENERATE_KEY, request, &response); if (err != KM_ERROR_OK) { return err; } key_blob->key_material_size = response.key_blob.key_material_size; key_blob->key_material = - DuplicateBuffer(response.key_blob.key_material, response.key_blob.key_material_size); + DuplicateBuffer(response.key_blob.key_material, response.key_blob.key_material_size); if (!key_blob->key_material) { return KM_ERROR_MEMORY_ALLOCATION_FAILED; } @@ -248,8 +213,8 @@ keymaster_error_t TrustyKeymasterDevice::generate_key( } keymaster_error_t TrustyKeymasterDevice::get_key_characteristics( - const keymaster_key_blob_t* key_blob, const keymaster_blob_t* client_id, - const keymaster_blob_t* app_data, keymaster_key_characteristics_t* characteristics) { + const keymaster_key_blob_t* key_blob, const keymaster_blob_t* client_id, + const keymaster_blob_t* app_data, keymaster_key_characteristics_t* characteristics) { ALOGD("Device received get_key_characteristics"); if (error_ != KM_ERROR_OK) { @@ -267,7 +232,7 @@ keymaster_error_t TrustyKeymasterDevice::get_key_characteristics( AddClientAndAppData(client_id, app_data, &request); GetKeyCharacteristicsResponse response(message_version_); - keymaster_error_t err = Send(KM_GET_KEY_CHARACTERISTICS, request, &response); + keymaster_error_t err = trusty_keymaster_send(KM_GET_KEY_CHARACTERISTICS, request, &response); if (err != KM_ERROR_OK) { return err; } @@ -279,9 +244,9 @@ keymaster_error_t TrustyKeymasterDevice::get_key_characteristics( } keymaster_error_t TrustyKeymasterDevice::import_key( - const keymaster_key_param_set_t* params, keymaster_key_format_t key_format, - const keymaster_blob_t* key_data, keymaster_key_blob_t* key_blob, - keymaster_key_characteristics_t* characteristics) { + const keymaster_key_param_set_t* params, keymaster_key_format_t key_format, + const keymaster_blob_t* key_data, keymaster_key_blob_t* key_blob, + keymaster_key_characteristics_t* characteristics) { ALOGD("Device received import_key"); if (error_ != KM_ERROR_OK) { @@ -302,14 +267,14 @@ keymaster_error_t TrustyKeymasterDevice::import_key( request.SetKeyMaterial(key_data->data, key_data->data_length); ImportKeyResponse response(message_version_); - keymaster_error_t err = Send(KM_IMPORT_KEY, request, &response); + keymaster_error_t err = trusty_keymaster_send(KM_IMPORT_KEY, request, &response); if (err != KM_ERROR_OK) { return err; } key_blob->key_material_size = response.key_blob.key_material_size; key_blob->key_material = - DuplicateBuffer(response.key_blob.key_material, response.key_blob.key_material_size); + DuplicateBuffer(response.key_blob.key_material, response.key_blob.key_material_size); if (!key_blob->key_material) { return KM_ERROR_MEMORY_ALLOCATION_FAILED; } @@ -348,7 +313,7 @@ keymaster_error_t TrustyKeymasterDevice::export_key(keymaster_key_format_t expor AddClientAndAppData(client_id, app_data, &request); ExportKeyResponse response(message_version_); - keymaster_error_t err = Send(KM_EXPORT_KEY, request, &response); + keymaster_error_t err = trusty_keymaster_send(KM_EXPORT_KEY, request, &response); if (err != KM_ERROR_OK) { return err; } @@ -393,7 +358,7 @@ keymaster_error_t TrustyKeymasterDevice::attest_key(const keymaster_key_blob_t* } AttestKeyResponse response(message_version_); - keymaster_error_t err = Send(KM_ATTEST_KEY, request, &response); + keymaster_error_t err = trusty_keymaster_send(KM_ATTEST_KEY, request, &response); if (err != KM_ERROR_OK) { return err; } @@ -401,7 +366,7 @@ keymaster_error_t TrustyKeymasterDevice::attest_key(const keymaster_key_blob_t* // Allocate and clear storage for cert_chain. keymaster_cert_chain_t& rsp_chain = response.certificate_chain; cert_chain->entries = reinterpret_cast( - malloc(rsp_chain.entry_count * sizeof(*cert_chain->entries))); + malloc(rsp_chain.entry_count * sizeof(*cert_chain->entries))); if (!cert_chain->entries) { return KM_ERROR_MEMORY_ALLOCATION_FAILED; } @@ -425,9 +390,9 @@ keymaster_error_t TrustyKeymasterDevice::attest_key(const keymaster_key_blob_t* return KM_ERROR_OK; } -keymaster_error_t TrustyKeymasterDevice::upgrade_key(const keymaster_key_blob_t* key_to_upgrade, - const keymaster_key_param_set_t* upgrade_params, - keymaster_key_blob_t* upgraded_key) { +keymaster_error_t TrustyKeymasterDevice::upgrade_key( + const keymaster_key_blob_t* key_to_upgrade, const keymaster_key_param_set_t* upgrade_params, + keymaster_key_blob_t* upgraded_key) { ALOGD("Device received upgrade_key"); if (error_ != KM_ERROR_OK) { @@ -445,7 +410,7 @@ keymaster_error_t TrustyKeymasterDevice::upgrade_key(const keymaster_key_blob_t* request.upgrade_params.Reinitialize(*upgrade_params); UpgradeKeyResponse response(message_version_); - keymaster_error_t err = Send(KM_UPGRADE_KEY, request, &response); + keymaster_error_t err = trusty_keymaster_send(KM_UPGRADE_KEY, request, &response); if (err != KM_ERROR_OK) { return err; } @@ -487,7 +452,7 @@ keymaster_error_t TrustyKeymasterDevice::begin(keymaster_purpose_t purpose, request.additional_params.Reinitialize(*in_params); BeginOperationResponse response(message_version_); - keymaster_error_t err = Send(KM_BEGIN_OPERATION, request, &response); + keymaster_error_t err = trusty_keymaster_send(KM_BEGIN_OPERATION, request, &response); if (err != KM_ERROR_OK) { return err; } @@ -535,12 +500,12 @@ keymaster_error_t TrustyKeymasterDevice::update(keymaster_operation_handle_t ope request.additional_params.Reinitialize(*in_params); } if (input && input->data_length > 0) { - size_t max_input_size = SEND_BUF_SIZE - request.SerializedSize(); + size_t max_input_size = TRUSTY_KEYMASTER_SEND_BUF_SIZE - request.SerializedSize(); request.input.Reinitialize(input->data, std::min(input->data_length, max_input_size)); } UpdateOperationResponse response(message_version_); - keymaster_error_t err = Send(KM_UPDATE_OPERATION, request, &response); + keymaster_error_t err = trusty_keymaster_send(KM_UPDATE_OPERATION, request, &response); if (err != KM_ERROR_OK) { return err; } @@ -578,8 +543,8 @@ keymaster_error_t TrustyKeymasterDevice::finish(keymaster_operation_handle_t ope return error_; } if (input && input->data_length > kMaximumFinishInputLength) { - ALOGE("%zu-byte input to finish; only %zu bytes allowed", - input->data_length, kMaximumFinishInputLength); + ALOGE("%zu-byte input to finish; only %zu bytes allowed", input->data_length, + kMaximumFinishInputLength); return KM_ERROR_INVALID_INPUT_LENGTH; } @@ -603,7 +568,7 @@ keymaster_error_t TrustyKeymasterDevice::finish(keymaster_operation_handle_t ope } FinishOperationResponse response(message_version_); - keymaster_error_t err = Send(KM_FINISH_OPERATION, request, &response); + keymaster_error_t err = trusty_keymaster_send(KM_FINISH_OPERATION, request, &response); if (err != KM_ERROR_OK) { return err; } @@ -638,7 +603,7 @@ keymaster_error_t TrustyKeymasterDevice::abort(keymaster_operation_handle_t oper AbortOperationRequest request(message_version_); request.op_handle = operation_handle; AbortOperationResponse response(message_version_); - return Send(KM_ABORT_OPERATION, request, &response); + return trusty_keymaster_send(KM_ABORT_OPERATION, request, &response); } hw_device_t* TrustyKeymasterDevice::hw_device() { @@ -669,25 +634,25 @@ keymaster_error_t TrustyKeymasterDevice::add_rng_entropy(const keymaster2_device /* static */ keymaster_error_t TrustyKeymasterDevice::generate_key( - const keymaster2_device_t* dev, const keymaster_key_param_set_t* params, - keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t* characteristics) { + const keymaster2_device_t* dev, const keymaster_key_param_set_t* params, + keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t* characteristics) { return convert_device(dev)->generate_key(params, key_blob, characteristics); } /* static */ keymaster_error_t TrustyKeymasterDevice::get_key_characteristics( - const keymaster2_device_t* dev, const keymaster_key_blob_t* key_blob, - const keymaster_blob_t* client_id, const keymaster_blob_t* app_data, - keymaster_key_characteristics_t* characteristics) { + const keymaster2_device_t* dev, const keymaster_key_blob_t* key_blob, + const keymaster_blob_t* client_id, const keymaster_blob_t* app_data, + keymaster_key_characteristics_t* characteristics) { return convert_device(dev)->get_key_characteristics(key_blob, client_id, app_data, characteristics); } /* static */ keymaster_error_t TrustyKeymasterDevice::import_key( - const keymaster2_device_t* dev, const keymaster_key_param_set_t* params, - keymaster_key_format_t key_format, const keymaster_blob_t* key_data, - keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t* characteristics) { + const keymaster2_device_t* dev, const keymaster_key_param_set_t* params, + keymaster_key_format_t key_format, const keymaster_blob_t* key_data, + keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t* characteristics) { return convert_device(dev)->import_key(params, key_format, key_data, key_blob, characteristics); } @@ -711,10 +676,9 @@ keymaster_error_t TrustyKeymasterDevice::attest_key(const keymaster2_device_t* d } /* static */ -keymaster_error_t TrustyKeymasterDevice::upgrade_key(const keymaster2_device_t* dev, - const keymaster_key_blob_t* key_to_upgrade, - const keymaster_key_param_set_t* upgrade_params, - keymaster_key_blob_t* upgraded_key) { +keymaster_error_t TrustyKeymasterDevice::upgrade_key( + const keymaster2_device_t* dev, const keymaster_key_blob_t* key_to_upgrade, + const keymaster_key_param_set_t* upgrade_params, keymaster_key_blob_t* upgraded_key) { return convert_device(dev)->upgrade_key(key_to_upgrade, upgrade_params, upgraded_key); } @@ -730,9 +694,9 @@ keymaster_error_t TrustyKeymasterDevice::begin(const keymaster2_device_t* dev, /* static */ keymaster_error_t TrustyKeymasterDevice::update( - const keymaster2_device_t* dev, keymaster_operation_handle_t operation_handle, - const keymaster_key_param_set_t* in_params, const keymaster_blob_t* input, - size_t* input_consumed, keymaster_key_param_set_t* out_params, keymaster_blob_t* output) { + const keymaster2_device_t* dev, keymaster_operation_handle_t operation_handle, + const keymaster_key_param_set_t* in_params, const keymaster_blob_t* input, + size_t* input_consumed, keymaster_key_param_set_t* out_params, keymaster_blob_t* output) { return convert_device(dev)->update(operation_handle, in_params, input, input_consumed, out_params, output); } @@ -755,42 +719,4 @@ keymaster_error_t TrustyKeymasterDevice::abort(const keymaster2_device_t* dev, return convert_device(dev)->abort(operation_handle); } -keymaster_error_t TrustyKeymasterDevice::Send(uint32_t command, const Serializable& req, - KeymasterResponse* rsp) { - uint32_t req_size = req.SerializedSize(); - if (req_size > SEND_BUF_SIZE) { - return KM_ERROR_MEMORY_ALLOCATION_FAILED; - } - uint8_t send_buf[SEND_BUF_SIZE]; - Eraser send_buf_eraser(send_buf, SEND_BUF_SIZE); - req.Serialize(send_buf, send_buf + req_size); - - // Send it - uint8_t recv_buf[RECV_BUF_SIZE]; - Eraser recv_buf_eraser(recv_buf, RECV_BUF_SIZE); - uint32_t rsp_size = RECV_BUF_SIZE; - ALOGV("Sending %d byte request\n", (int)req.SerializedSize()); - int rc = trusty_keymaster_call(command, send_buf, req_size, recv_buf, &rsp_size); - if (rc < 0) { - // Reset the connection on tipc error - trusty_keymaster_disconnect(); - trusty_keymaster_connect(); - ALOGE("tipc error: %d\n", rc); - // TODO(swillden): Distinguish permanent from transient errors and set error_ appropriately. - return translate_error(rc); - } else { - ALOGV("Received %d byte response\n", rsp_size); - } - - const uint8_t* p = recv_buf; - if (!rsp->Deserialize(&p, p + rsp_size)) { - ALOGE("Error deserializing response of size %d\n", (int)rsp_size); - return KM_ERROR_UNKNOWN_ERROR; - } else if (rsp->error != KM_ERROR_OK) { - ALOGE("Response of size %d contained error code %d\n", (int)rsp_size, (int)rsp->error); - return rsp->error; - } - return rsp->error; -} - } // namespace keymaster diff --git a/trusty/keymaster/trusty_keymaster_device_test.cpp b/trusty/keymaster/legacy/trusty_keymaster_device_test.cpp similarity index 90% rename from trusty/keymaster/trusty_keymaster_device_test.cpp rename to trusty/keymaster/legacy/trusty_keymaster_device_test.cpp index 922796492..68def5872 100644 --- a/trusty/keymaster/trusty_keymaster_device_test.cpp +++ b/trusty/keymaster/legacy/trusty_keymaster_device_test.cpp @@ -28,15 +28,15 @@ #include #include +#include #include "android_keymaster_test_utils.h" -#include "trusty_keymaster_device.h" #include "openssl_utils.h" -using std::string; using std::ifstream; using std::istreambuf_iterator; +using std::string; -static keymaster::AndroidKeymaster *impl_ = nullptr; +static keymaster::AndroidKeymaster* impl_ = nullptr; extern "C" { int __android_log_print(); @@ -65,8 +65,8 @@ void trusty_keymaster_disconnect() { template static int fake_call(keymaster::AndroidKeymaster* device, - void (keymaster::AndroidKeymaster::*method)(const Req&, Rsp*), void* in_buf, - uint32_t in_size, void* out_buf, uint32_t* out_size) { + void (keymaster::AndroidKeymaster::*method)(const Req&, Rsp*), void* in_buf, + uint32_t in_size, void* out_buf, uint32_t* out_size) { Req req; const uint8_t* in = static_cast(in_buf); req.Deserialize(&in, in + in_size); @@ -80,29 +80,28 @@ static int fake_call(keymaster::AndroidKeymaster* device, } int trusty_keymaster_call(uint32_t cmd, void* in_buf, uint32_t in_size, void* out_buf, - uint32_t* out_size) { + uint32_t* out_size) { switch (cmd) { - case KM_GENERATE_KEY: - return fake_call(impl_, &keymaster::AndroidKeymaster::GenerateKey, in_buf, in_size, - out_buf, out_size); - case KM_BEGIN_OPERATION: - return fake_call(impl_, &keymaster::AndroidKeymaster::BeginOperation, in_buf, in_size, - out_buf, out_size); - case KM_UPDATE_OPERATION: - return fake_call(impl_, &keymaster::AndroidKeymaster::UpdateOperation, in_buf, in_size, - out_buf, out_size); - case KM_FINISH_OPERATION: - return fake_call(impl_, &keymaster::AndroidKeymaster::FinishOperation, in_buf, in_size, - out_buf, out_size); - case KM_IMPORT_KEY: - return fake_call(impl_, &keymaster::AndroidKeymaster::ImportKey, in_buf, in_size, out_buf, - out_size); - case KM_EXPORT_KEY: - return fake_call(impl_, &keymaster::AndroidKeymaster::ExportKey, in_buf, in_size, out_buf, - out_size); + case KM_GENERATE_KEY: + return fake_call(impl_, &keymaster::AndroidKeymaster::GenerateKey, in_buf, in_size, + out_buf, out_size); + case KM_BEGIN_OPERATION: + return fake_call(impl_, &keymaster::AndroidKeymaster::BeginOperation, in_buf, in_size, + out_buf, out_size); + case KM_UPDATE_OPERATION: + return fake_call(impl_, &keymaster::AndroidKeymaster::UpdateOperation, in_buf, in_size, + out_buf, out_size); + case KM_FINISH_OPERATION: + return fake_call(impl_, &keymaster::AndroidKeymaster::FinishOperation, in_buf, in_size, + out_buf, out_size); + case KM_IMPORT_KEY: + return fake_call(impl_, &keymaster::AndroidKeymaster::ImportKey, in_buf, in_size, + out_buf, out_size); + case KM_EXPORT_KEY: + return fake_call(impl_, &keymaster::AndroidKeymaster::ExportKey, in_buf, in_size, + out_buf, out_size); } return -EINVAL; - } namespace keymaster { @@ -127,15 +126,15 @@ class TrustyKeymasterTest : public testing::Test { size_t dsa_message_len(const keymaster_dsa_keygen_params_t& params) { switch (params.key_size) { - case 256: - case 1024: - return 48; - case 2048: - case 4096: - return 72; - default: - // Oops. - return 0; + case 256: + case 1024: + return 48; + case 2048: + case 4096: + return 72; + default: + // Oops. + return 0; } } @@ -323,9 +322,9 @@ TEST_F(VerificationTest, RsaBadSignature) { Malloc_Delete sig_deleter(signature); signature[siglen / 2]++; - EXPECT_EQ( - KM_ERROR_VERIFICATION_FAILED, - device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature, siglen)); + EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, + device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature, + siglen)); } TEST_F(VerificationTest, RsaBadMessage) { @@ -345,9 +344,9 @@ TEST_F(VerificationTest, RsaBadMessage) { &signature, &siglen)); Malloc_Delete sig_deleter(signature); message[0]++; - EXPECT_EQ( - KM_ERROR_VERIFICATION_FAILED, - device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature, siglen)); + EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED, + device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature, + siglen)); } TEST_F(VerificationTest, RsaShortMessage) { diff --git a/trusty/keymaster/trusty_keymaster_main.cpp b/trusty/keymaster/legacy/trusty_keymaster_main.cpp similarity index 57% rename from trusty/keymaster/trusty_keymaster_main.cpp rename to trusty/keymaster/legacy/trusty_keymaster_main.cpp index ed78b7fb2..e3e70e66e 100644 --- a/trusty/keymaster/trusty_keymaster_main.cpp +++ b/trusty/keymaster/legacy/trusty_keymaster_main.cpp @@ -22,108 +22,114 @@ #include #include -#include "trusty_keymaster_device.h" +#include using keymaster::TrustyKeymasterDevice; unsigned char rsa_privkey_pk8_der[] = { - 0x30, 0x82, 0x02, 0x75, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, - 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x5f, 0x30, 0x82, 0x02, 0x5b, 0x02, 0x01, - 0x00, 0x02, 0x81, 0x81, 0x00, 0xc6, 0x09, 0x54, 0x09, 0x04, 0x7d, 0x86, 0x34, 0x81, 0x2d, 0x5a, - 0x21, 0x81, 0x76, 0xe4, 0x5c, 0x41, 0xd6, 0x0a, 0x75, 0xb1, 0x39, 0x01, 0xf2, 0x34, 0x22, 0x6c, - 0xff, 0xe7, 0x76, 0x52, 0x1c, 0x5a, 0x77, 0xb9, 0xe3, 0x89, 0x41, 0x7b, 0x71, 0xc0, 0xb6, 0xa4, - 0x4d, 0x13, 0xaf, 0xe4, 0xe4, 0xa2, 0x80, 0x5d, 0x46, 0xc9, 0xda, 0x29, 0x35, 0xad, 0xb1, 0xff, - 0x0c, 0x1f, 0x24, 0xea, 0x06, 0xe6, 0x2b, 0x20, 0xd7, 0x76, 0x43, 0x0a, 0x4d, 0x43, 0x51, 0x57, - 0x23, 0x3c, 0x6f, 0x91, 0x67, 0x83, 0xc3, 0x0e, 0x31, 0x0f, 0xcb, 0xd8, 0x9b, 0x85, 0xc2, 0xd5, - 0x67, 0x71, 0x16, 0x97, 0x85, 0xac, 0x12, 0xbc, 0xa2, 0x44, 0xab, 0xda, 0x72, 0xbf, 0xb1, 0x9f, - 0xc4, 0x4d, 0x27, 0xc8, 0x1e, 0x1d, 0x92, 0xde, 0x28, 0x4f, 0x40, 0x61, 0xed, 0xfd, 0x99, 0x28, - 0x07, 0x45, 0xea, 0x6d, 0x25, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x1b, 0xe0, 0xf0, - 0x4d, 0x9c, 0xae, 0x37, 0x18, 0x69, 0x1f, 0x03, 0x53, 0x38, 0x30, 0x8e, 0x91, 0x56, 0x4b, 0x55, - 0x89, 0x9f, 0xfb, 0x50, 0x84, 0xd2, 0x46, 0x0e, 0x66, 0x30, 0x25, 0x7e, 0x05, 0xb3, 0xce, 0xab, - 0x02, 0x97, 0x2d, 0xfa, 0xbc, 0xd6, 0xce, 0x5f, 0x6e, 0xe2, 0x58, 0x9e, 0xb6, 0x79, 0x11, 0xed, - 0x0f, 0xac, 0x16, 0xe4, 0x3a, 0x44, 0x4b, 0x8c, 0x86, 0x1e, 0x54, 0x4a, 0x05, 0x93, 0x36, 0x57, - 0x72, 0xf8, 0xba, 0xf6, 0xb2, 0x2f, 0xc9, 0xe3, 0xc5, 0xf1, 0x02, 0x4b, 0x06, 0x3a, 0xc0, 0x80, - 0xa7, 0xb2, 0x23, 0x4c, 0xf8, 0xae, 0xe8, 0xf6, 0xc4, 0x7b, 0xbf, 0x4f, 0xd3, 0xac, 0xe7, 0x24, - 0x02, 0x90, 0xbe, 0xf1, 0x6c, 0x0b, 0x3f, 0x7f, 0x3c, 0xdd, 0x64, 0xce, 0x3a, 0xb5, 0x91, 0x2c, - 0xf6, 0xe3, 0x2f, 0x39, 0xab, 0x18, 0x83, 0x58, 0xaf, 0xcc, 0xcd, 0x80, 0x81, 0x02, 0x41, 0x00, - 0xe4, 0xb4, 0x9e, 0xf5, 0x0f, 0x76, 0x5d, 0x3b, 0x24, 0xdd, 0xe0, 0x1a, 0xce, 0xaa, 0xf1, 0x30, - 0xf2, 0xc7, 0x66, 0x70, 0xa9, 0x1a, 0x61, 0xae, 0x08, 0xaf, 0x49, 0x7b, 0x4a, 0x82, 0xbe, 0x6d, - 0xee, 0x8f, 0xcd, 0xd5, 0xe3, 0xf7, 0xba, 0x1c, 0xfb, 0x1f, 0x0c, 0x92, 0x6b, 0x88, 0xf8, 0x8c, - 0x92, 0xbf, 0xab, 0x13, 0x7f, 0xba, 0x22, 0x85, 0x22, 0x7b, 0x83, 0xc3, 0x42, 0xff, 0x7c, 0x55, - 0x02, 0x41, 0x00, 0xdd, 0xab, 0xb5, 0x83, 0x9c, 0x4c, 0x7f, 0x6b, 0xf3, 0xd4, 0x18, 0x32, 0x31, - 0xf0, 0x05, 0xb3, 0x1a, 0xa5, 0x8a, 0xff, 0xdd, 0xa5, 0xc7, 0x9e, 0x4c, 0xce, 0x21, 0x7f, 0x6b, - 0xc9, 0x30, 0xdb, 0xe5, 0x63, 0xd4, 0x80, 0x70, 0x6c, 0x24, 0xe9, 0xeb, 0xfc, 0xab, 0x28, 0xa6, - 0xcd, 0xef, 0xd3, 0x24, 0xb7, 0x7e, 0x1b, 0xf7, 0x25, 0x1b, 0x70, 0x90, 0x92, 0xc2, 0x4f, 0xf5, - 0x01, 0xfd, 0x91, 0x02, 0x40, 0x23, 0xd4, 0x34, 0x0e, 0xda, 0x34, 0x45, 0xd8, 0xcd, 0x26, 0xc1, - 0x44, 0x11, 0xda, 0x6f, 0xdc, 0xa6, 0x3c, 0x1c, 0xcd, 0x4b, 0x80, 0xa9, 0x8a, 0xd5, 0x2b, 0x78, - 0xcc, 0x8a, 0xd8, 0xbe, 0xb2, 0x84, 0x2c, 0x1d, 0x28, 0x04, 0x05, 0xbc, 0x2f, 0x6c, 0x1b, 0xea, - 0x21, 0x4a, 0x1d, 0x74, 0x2a, 0xb9, 0x96, 0xb3, 0x5b, 0x63, 0xa8, 0x2a, 0x5e, 0x47, 0x0f, 0xa8, - 0x8d, 0xbf, 0x82, 0x3c, 0xdd, 0x02, 0x40, 0x1b, 0x7b, 0x57, 0x44, 0x9a, 0xd3, 0x0d, 0x15, 0x18, - 0x24, 0x9a, 0x5f, 0x56, 0xbb, 0x98, 0x29, 0x4d, 0x4b, 0x6a, 0xc1, 0x2f, 0xfc, 0x86, 0x94, 0x04, - 0x97, 0xa5, 0xa5, 0x83, 0x7a, 0x6c, 0xf9, 0x46, 0x26, 0x2b, 0x49, 0x45, 0x26, 0xd3, 0x28, 0xc1, - 0x1e, 0x11, 0x26, 0x38, 0x0f, 0xde, 0x04, 0xc2, 0x4f, 0x91, 0x6d, 0xec, 0x25, 0x08, 0x92, 0xdb, - 0x09, 0xa6, 0xd7, 0x7c, 0xdb, 0xa3, 0x51, 0x02, 0x40, 0x77, 0x62, 0xcd, 0x8f, 0x4d, 0x05, 0x0d, - 0xa5, 0x6b, 0xd5, 0x91, 0xad, 0xb5, 0x15, 0xd2, 0x4d, 0x7c, 0xcd, 0x32, 0xcc, 0xa0, 0xd0, 0x5f, - 0x86, 0x6d, 0x58, 0x35, 0x14, 0xbd, 0x73, 0x24, 0xd5, 0xf3, 0x36, 0x45, 0xe8, 0xed, 0x8b, 0x4a, - 0x1c, 0xb3, 0xcc, 0x4a, 0x1d, 0x67, 0x98, 0x73, 0x99, 0xf2, 0xa0, 0x9f, 0x5b, 0x3f, 0xb6, 0x8c, - 0x88, 0xd5, 0xe5, 0xd9, 0x0a, 0xc3, 0x34, 0x92, 0xd6}; + 0x30, 0x82, 0x02, 0x75, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x5f, 0x30, 0x82, 0x02, 0x5b, + 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xc6, 0x09, 0x54, 0x09, 0x04, 0x7d, 0x86, 0x34, + 0x81, 0x2d, 0x5a, 0x21, 0x81, 0x76, 0xe4, 0x5c, 0x41, 0xd6, 0x0a, 0x75, 0xb1, 0x39, 0x01, + 0xf2, 0x34, 0x22, 0x6c, 0xff, 0xe7, 0x76, 0x52, 0x1c, 0x5a, 0x77, 0xb9, 0xe3, 0x89, 0x41, + 0x7b, 0x71, 0xc0, 0xb6, 0xa4, 0x4d, 0x13, 0xaf, 0xe4, 0xe4, 0xa2, 0x80, 0x5d, 0x46, 0xc9, + 0xda, 0x29, 0x35, 0xad, 0xb1, 0xff, 0x0c, 0x1f, 0x24, 0xea, 0x06, 0xe6, 0x2b, 0x20, 0xd7, + 0x76, 0x43, 0x0a, 0x4d, 0x43, 0x51, 0x57, 0x23, 0x3c, 0x6f, 0x91, 0x67, 0x83, 0xc3, 0x0e, + 0x31, 0x0f, 0xcb, 0xd8, 0x9b, 0x85, 0xc2, 0xd5, 0x67, 0x71, 0x16, 0x97, 0x85, 0xac, 0x12, + 0xbc, 0xa2, 0x44, 0xab, 0xda, 0x72, 0xbf, 0xb1, 0x9f, 0xc4, 0x4d, 0x27, 0xc8, 0x1e, 0x1d, + 0x92, 0xde, 0x28, 0x4f, 0x40, 0x61, 0xed, 0xfd, 0x99, 0x28, 0x07, 0x45, 0xea, 0x6d, 0x25, + 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x1b, 0xe0, 0xf0, 0x4d, 0x9c, 0xae, 0x37, + 0x18, 0x69, 0x1f, 0x03, 0x53, 0x38, 0x30, 0x8e, 0x91, 0x56, 0x4b, 0x55, 0x89, 0x9f, 0xfb, + 0x50, 0x84, 0xd2, 0x46, 0x0e, 0x66, 0x30, 0x25, 0x7e, 0x05, 0xb3, 0xce, 0xab, 0x02, 0x97, + 0x2d, 0xfa, 0xbc, 0xd6, 0xce, 0x5f, 0x6e, 0xe2, 0x58, 0x9e, 0xb6, 0x79, 0x11, 0xed, 0x0f, + 0xac, 0x16, 0xe4, 0x3a, 0x44, 0x4b, 0x8c, 0x86, 0x1e, 0x54, 0x4a, 0x05, 0x93, 0x36, 0x57, + 0x72, 0xf8, 0xba, 0xf6, 0xb2, 0x2f, 0xc9, 0xe3, 0xc5, 0xf1, 0x02, 0x4b, 0x06, 0x3a, 0xc0, + 0x80, 0xa7, 0xb2, 0x23, 0x4c, 0xf8, 0xae, 0xe8, 0xf6, 0xc4, 0x7b, 0xbf, 0x4f, 0xd3, 0xac, + 0xe7, 0x24, 0x02, 0x90, 0xbe, 0xf1, 0x6c, 0x0b, 0x3f, 0x7f, 0x3c, 0xdd, 0x64, 0xce, 0x3a, + 0xb5, 0x91, 0x2c, 0xf6, 0xe3, 0x2f, 0x39, 0xab, 0x18, 0x83, 0x58, 0xaf, 0xcc, 0xcd, 0x80, + 0x81, 0x02, 0x41, 0x00, 0xe4, 0xb4, 0x9e, 0xf5, 0x0f, 0x76, 0x5d, 0x3b, 0x24, 0xdd, 0xe0, + 0x1a, 0xce, 0xaa, 0xf1, 0x30, 0xf2, 0xc7, 0x66, 0x70, 0xa9, 0x1a, 0x61, 0xae, 0x08, 0xaf, + 0x49, 0x7b, 0x4a, 0x82, 0xbe, 0x6d, 0xee, 0x8f, 0xcd, 0xd5, 0xe3, 0xf7, 0xba, 0x1c, 0xfb, + 0x1f, 0x0c, 0x92, 0x6b, 0x88, 0xf8, 0x8c, 0x92, 0xbf, 0xab, 0x13, 0x7f, 0xba, 0x22, 0x85, + 0x22, 0x7b, 0x83, 0xc3, 0x42, 0xff, 0x7c, 0x55, 0x02, 0x41, 0x00, 0xdd, 0xab, 0xb5, 0x83, + 0x9c, 0x4c, 0x7f, 0x6b, 0xf3, 0xd4, 0x18, 0x32, 0x31, 0xf0, 0x05, 0xb3, 0x1a, 0xa5, 0x8a, + 0xff, 0xdd, 0xa5, 0xc7, 0x9e, 0x4c, 0xce, 0x21, 0x7f, 0x6b, 0xc9, 0x30, 0xdb, 0xe5, 0x63, + 0xd4, 0x80, 0x70, 0x6c, 0x24, 0xe9, 0xeb, 0xfc, 0xab, 0x28, 0xa6, 0xcd, 0xef, 0xd3, 0x24, + 0xb7, 0x7e, 0x1b, 0xf7, 0x25, 0x1b, 0x70, 0x90, 0x92, 0xc2, 0x4f, 0xf5, 0x01, 0xfd, 0x91, + 0x02, 0x40, 0x23, 0xd4, 0x34, 0x0e, 0xda, 0x34, 0x45, 0xd8, 0xcd, 0x26, 0xc1, 0x44, 0x11, + 0xda, 0x6f, 0xdc, 0xa6, 0x3c, 0x1c, 0xcd, 0x4b, 0x80, 0xa9, 0x8a, 0xd5, 0x2b, 0x78, 0xcc, + 0x8a, 0xd8, 0xbe, 0xb2, 0x84, 0x2c, 0x1d, 0x28, 0x04, 0x05, 0xbc, 0x2f, 0x6c, 0x1b, 0xea, + 0x21, 0x4a, 0x1d, 0x74, 0x2a, 0xb9, 0x96, 0xb3, 0x5b, 0x63, 0xa8, 0x2a, 0x5e, 0x47, 0x0f, + 0xa8, 0x8d, 0xbf, 0x82, 0x3c, 0xdd, 0x02, 0x40, 0x1b, 0x7b, 0x57, 0x44, 0x9a, 0xd3, 0x0d, + 0x15, 0x18, 0x24, 0x9a, 0x5f, 0x56, 0xbb, 0x98, 0x29, 0x4d, 0x4b, 0x6a, 0xc1, 0x2f, 0xfc, + 0x86, 0x94, 0x04, 0x97, 0xa5, 0xa5, 0x83, 0x7a, 0x6c, 0xf9, 0x46, 0x26, 0x2b, 0x49, 0x45, + 0x26, 0xd3, 0x28, 0xc1, 0x1e, 0x11, 0x26, 0x38, 0x0f, 0xde, 0x04, 0xc2, 0x4f, 0x91, 0x6d, + 0xec, 0x25, 0x08, 0x92, 0xdb, 0x09, 0xa6, 0xd7, 0x7c, 0xdb, 0xa3, 0x51, 0x02, 0x40, 0x77, + 0x62, 0xcd, 0x8f, 0x4d, 0x05, 0x0d, 0xa5, 0x6b, 0xd5, 0x91, 0xad, 0xb5, 0x15, 0xd2, 0x4d, + 0x7c, 0xcd, 0x32, 0xcc, 0xa0, 0xd0, 0x5f, 0x86, 0x6d, 0x58, 0x35, 0x14, 0xbd, 0x73, 0x24, + 0xd5, 0xf3, 0x36, 0x45, 0xe8, 0xed, 0x8b, 0x4a, 0x1c, 0xb3, 0xcc, 0x4a, 0x1d, 0x67, 0x98, + 0x73, 0x99, 0xf2, 0xa0, 0x9f, 0x5b, 0x3f, 0xb6, 0x8c, 0x88, 0xd5, 0xe5, 0xd9, 0x0a, 0xc3, + 0x34, 0x92, 0xd6}; unsigned int rsa_privkey_pk8_der_len = 633; unsigned char dsa_privkey_pk8_der[] = { - 0x30, 0x82, 0x01, 0x4b, 0x02, 0x01, 0x00, 0x30, 0x82, 0x01, 0x2b, 0x06, 0x07, 0x2a, 0x86, 0x48, - 0xce, 0x38, 0x04, 0x01, 0x30, 0x82, 0x01, 0x1e, 0x02, 0x81, 0x81, 0x00, 0xa3, 0xf3, 0xe9, 0xb6, - 0x7e, 0x7d, 0x88, 0xf6, 0xb7, 0xe5, 0xf5, 0x1f, 0x3b, 0xee, 0xac, 0xd7, 0xad, 0xbc, 0xc9, 0xd1, - 0x5a, 0xf8, 0x88, 0xc4, 0xef, 0x6e, 0x3d, 0x74, 0x19, 0x74, 0xe7, 0xd8, 0xe0, 0x26, 0x44, 0x19, - 0x86, 0xaf, 0x19, 0xdb, 0x05, 0xe9, 0x3b, 0x8b, 0x58, 0x58, 0xde, 0xe5, 0x4f, 0x48, 0x15, 0x01, - 0xea, 0xe6, 0x83, 0x52, 0xd7, 0xc1, 0x21, 0xdf, 0xb9, 0xb8, 0x07, 0x66, 0x50, 0xfb, 0x3a, 0x0c, - 0xb3, 0x85, 0xee, 0xbb, 0x04, 0x5f, 0xc2, 0x6d, 0x6d, 0x95, 0xfa, 0x11, 0x93, 0x1e, 0x59, 0x5b, - 0xb1, 0x45, 0x8d, 0xe0, 0x3d, 0x73, 0xaa, 0xf2, 0x41, 0x14, 0x51, 0x07, 0x72, 0x3d, 0xa2, 0xf7, - 0x58, 0xcd, 0x11, 0xa1, 0x32, 0xcf, 0xda, 0x42, 0xb7, 0xcc, 0x32, 0x80, 0xdb, 0x87, 0x82, 0xec, - 0x42, 0xdb, 0x5a, 0x55, 0x24, 0x24, 0xa2, 0xd1, 0x55, 0x29, 0xad, 0xeb, 0x02, 0x15, 0x00, 0xeb, - 0xea, 0x17, 0xd2, 0x09, 0xb3, 0xd7, 0x21, 0x9a, 0x21, 0x07, 0x82, 0x8f, 0xab, 0xfe, 0x88, 0x71, - 0x68, 0xf7, 0xe3, 0x02, 0x81, 0x80, 0x19, 0x1c, 0x71, 0xfd, 0xe0, 0x03, 0x0c, 0x43, 0xd9, 0x0b, - 0xf6, 0xcd, 0xd6, 0xa9, 0x70, 0xe7, 0x37, 0x86, 0x3a, 0x78, 0xe9, 0xa7, 0x47, 0xa7, 0x47, 0x06, - 0x88, 0xb1, 0xaf, 0xd7, 0xf3, 0xf1, 0xa1, 0xd7, 0x00, 0x61, 0x28, 0x88, 0x31, 0x48, 0x60, 0xd8, - 0x11, 0xef, 0xa5, 0x24, 0x1a, 0x81, 0xc4, 0x2a, 0xe2, 0xea, 0x0e, 0x36, 0xd2, 0xd2, 0x05, 0x84, - 0x37, 0xcf, 0x32, 0x7d, 0x09, 0xe6, 0x0f, 0x8b, 0x0c, 0xc8, 0xc2, 0xa4, 0xb1, 0xdc, 0x80, 0xca, - 0x68, 0xdf, 0xaf, 0xd2, 0x90, 0xc0, 0x37, 0x58, 0x54, 0x36, 0x8f, 0x49, 0xb8, 0x62, 0x75, 0x8b, - 0x48, 0x47, 0xc0, 0xbe, 0xf7, 0x9a, 0x92, 0xa6, 0x68, 0x05, 0xda, 0x9d, 0xaf, 0x72, 0x9a, 0x67, - 0xb3, 0xb4, 0x14, 0x03, 0xae, 0x4f, 0x4c, 0x76, 0xb9, 0xd8, 0x64, 0x0a, 0xba, 0x3b, 0xa8, 0x00, - 0x60, 0x4d, 0xae, 0x81, 0xc3, 0xc5, 0x04, 0x17, 0x02, 0x15, 0x00, 0x81, 0x9d, 0xfd, 0x53, 0x0c, - 0xc1, 0x8f, 0xbe, 0x8b, 0xea, 0x00, 0x26, 0x19, 0x29, 0x33, 0x91, 0x84, 0xbe, 0xad, 0x81}; + 0x30, 0x82, 0x01, 0x4b, 0x02, 0x01, 0x00, 0x30, 0x82, 0x01, 0x2b, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x38, 0x04, 0x01, 0x30, 0x82, 0x01, 0x1e, 0x02, 0x81, 0x81, 0x00, 0xa3, 0xf3, + 0xe9, 0xb6, 0x7e, 0x7d, 0x88, 0xf6, 0xb7, 0xe5, 0xf5, 0x1f, 0x3b, 0xee, 0xac, 0xd7, 0xad, + 0xbc, 0xc9, 0xd1, 0x5a, 0xf8, 0x88, 0xc4, 0xef, 0x6e, 0x3d, 0x74, 0x19, 0x74, 0xe7, 0xd8, + 0xe0, 0x26, 0x44, 0x19, 0x86, 0xaf, 0x19, 0xdb, 0x05, 0xe9, 0x3b, 0x8b, 0x58, 0x58, 0xde, + 0xe5, 0x4f, 0x48, 0x15, 0x01, 0xea, 0xe6, 0x83, 0x52, 0xd7, 0xc1, 0x21, 0xdf, 0xb9, 0xb8, + 0x07, 0x66, 0x50, 0xfb, 0x3a, 0x0c, 0xb3, 0x85, 0xee, 0xbb, 0x04, 0x5f, 0xc2, 0x6d, 0x6d, + 0x95, 0xfa, 0x11, 0x93, 0x1e, 0x59, 0x5b, 0xb1, 0x45, 0x8d, 0xe0, 0x3d, 0x73, 0xaa, 0xf2, + 0x41, 0x14, 0x51, 0x07, 0x72, 0x3d, 0xa2, 0xf7, 0x58, 0xcd, 0x11, 0xa1, 0x32, 0xcf, 0xda, + 0x42, 0xb7, 0xcc, 0x32, 0x80, 0xdb, 0x87, 0x82, 0xec, 0x42, 0xdb, 0x5a, 0x55, 0x24, 0x24, + 0xa2, 0xd1, 0x55, 0x29, 0xad, 0xeb, 0x02, 0x15, 0x00, 0xeb, 0xea, 0x17, 0xd2, 0x09, 0xb3, + 0xd7, 0x21, 0x9a, 0x21, 0x07, 0x82, 0x8f, 0xab, 0xfe, 0x88, 0x71, 0x68, 0xf7, 0xe3, 0x02, + 0x81, 0x80, 0x19, 0x1c, 0x71, 0xfd, 0xe0, 0x03, 0x0c, 0x43, 0xd9, 0x0b, 0xf6, 0xcd, 0xd6, + 0xa9, 0x70, 0xe7, 0x37, 0x86, 0x3a, 0x78, 0xe9, 0xa7, 0x47, 0xa7, 0x47, 0x06, 0x88, 0xb1, + 0xaf, 0xd7, 0xf3, 0xf1, 0xa1, 0xd7, 0x00, 0x61, 0x28, 0x88, 0x31, 0x48, 0x60, 0xd8, 0x11, + 0xef, 0xa5, 0x24, 0x1a, 0x81, 0xc4, 0x2a, 0xe2, 0xea, 0x0e, 0x36, 0xd2, 0xd2, 0x05, 0x84, + 0x37, 0xcf, 0x32, 0x7d, 0x09, 0xe6, 0x0f, 0x8b, 0x0c, 0xc8, 0xc2, 0xa4, 0xb1, 0xdc, 0x80, + 0xca, 0x68, 0xdf, 0xaf, 0xd2, 0x90, 0xc0, 0x37, 0x58, 0x54, 0x36, 0x8f, 0x49, 0xb8, 0x62, + 0x75, 0x8b, 0x48, 0x47, 0xc0, 0xbe, 0xf7, 0x9a, 0x92, 0xa6, 0x68, 0x05, 0xda, 0x9d, 0xaf, + 0x72, 0x9a, 0x67, 0xb3, 0xb4, 0x14, 0x03, 0xae, 0x4f, 0x4c, 0x76, 0xb9, 0xd8, 0x64, 0x0a, + 0xba, 0x3b, 0xa8, 0x00, 0x60, 0x4d, 0xae, 0x81, 0xc3, 0xc5, 0x04, 0x17, 0x02, 0x15, 0x00, + 0x81, 0x9d, 0xfd, 0x53, 0x0c, 0xc1, 0x8f, 0xbe, 0x8b, 0xea, 0x00, 0x26, 0x19, 0x29, 0x33, + 0x91, 0x84, 0xbe, 0xad, 0x81}; unsigned int dsa_privkey_pk8_der_len = 335; unsigned char ec_privkey_pk8_der[] = { - 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, - 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, - 0x01, 0x01, 0x04, 0x20, 0x73, 0x7c, 0x2e, 0xcd, 0x7b, 0x8d, 0x19, 0x40, 0xbf, 0x29, 0x30, 0xaa, - 0x9b, 0x4e, 0xd3, 0xff, 0x94, 0x1e, 0xed, 0x09, 0x36, 0x6b, 0xc0, 0x32, 0x99, 0x98, 0x64, 0x81, - 0xf3, 0xa4, 0xd8, 0x59, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xbf, 0x85, 0xd7, 0x72, 0x0d, 0x07, - 0xc2, 0x54, 0x61, 0x68, 0x3b, 0xc6, 0x48, 0xb4, 0x77, 0x8a, 0x9a, 0x14, 0xdd, 0x8a, 0x02, 0x4e, - 0x3b, 0xdd, 0x8c, 0x7d, 0xdd, 0x9a, 0xb2, 0xb5, 0x28, 0xbb, 0xc7, 0xaa, 0x1b, 0x51, 0xf1, 0x4e, - 0xbb, 0xbb, 0x0b, 0xd0, 0xce, 0x21, 0xbc, 0xc4, 0x1c, 0x6e, 0xb0, 0x00, 0x83, 0xcf, 0x33, 0x76, - 0xd1, 0x1f, 0xd4, 0x49, 0x49, 0xe0, 0xb2, 0x18, 0x3b, 0xfe}; + 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04, + 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, 0x73, 0x7c, 0x2e, 0xcd, 0x7b, 0x8d, + 0x19, 0x40, 0xbf, 0x29, 0x30, 0xaa, 0x9b, 0x4e, 0xd3, 0xff, 0x94, 0x1e, 0xed, 0x09, + 0x36, 0x6b, 0xc0, 0x32, 0x99, 0x98, 0x64, 0x81, 0xf3, 0xa4, 0xd8, 0x59, 0xa1, 0x44, + 0x03, 0x42, 0x00, 0x04, 0xbf, 0x85, 0xd7, 0x72, 0x0d, 0x07, 0xc2, 0x54, 0x61, 0x68, + 0x3b, 0xc6, 0x48, 0xb4, 0x77, 0x8a, 0x9a, 0x14, 0xdd, 0x8a, 0x02, 0x4e, 0x3b, 0xdd, + 0x8c, 0x7d, 0xdd, 0x9a, 0xb2, 0xb5, 0x28, 0xbb, 0xc7, 0xaa, 0x1b, 0x51, 0xf1, 0x4e, + 0xbb, 0xbb, 0x0b, 0xd0, 0xce, 0x21, 0xbc, 0xc4, 0x1c, 0x6e, 0xb0, 0x00, 0x83, 0xcf, + 0x33, 0x76, 0xd1, 0x1f, 0xd4, 0x49, 0x49, 0xe0, 0xb2, 0x18, 0x3b, 0xfe}; unsigned int ec_privkey_pk8_der_len = 138; keymaster_key_param_t ec_params[] = { - keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_EC), - keymaster_param_long(KM_TAG_EC_CURVE, KM_EC_CURVE_P_521), - keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN), - keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY), - keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE), - keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED), + keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_EC), + keymaster_param_long(KM_TAG_EC_CURVE, KM_EC_CURVE_P_521), + keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN), + keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY), + keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE), + keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED), }; keymaster_key_param_set_t ec_param_set = {ec_params, sizeof(ec_params) / sizeof(*ec_params)}; keymaster_key_param_t rsa_params[] = { - keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA), - keymaster_param_int(KM_TAG_KEY_SIZE, 1024), - keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, 65537), - keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN), - keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY), - keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE), - keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE), - keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED), + keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA), + keymaster_param_int(KM_TAG_KEY_SIZE, 1024), + keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, 65537), + keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN), + keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY), + keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE), + keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE), + keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED), }; keymaster_key_param_set_t rsa_param_set = {rsa_params, sizeof(rsa_params) / sizeof(*rsa_params)}; @@ -139,8 +145,8 @@ static bool do_operation(TrustyKeymasterDevice* device, keymaster_purpose_t purp keymaster_key_blob_t* key, keymaster_blob_t* input, keymaster_blob_t* signature, keymaster_blob_t* output) { keymaster_key_param_t params[] = { - keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE), - keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE), + keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE), + keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE), }; keymaster_key_param_set_t param_set = {params, sizeof(params) / sizeof(*params)}; keymaster_operation_handle_t op_handle; @@ -177,7 +183,8 @@ static bool test_import_rsa(TrustyKeymasterDevice* device) { printf("=== Importing RSA keypair === \n"); keymaster_key_blob_t key; keymaster_blob_t private_key = {rsa_privkey_pk8_der, rsa_privkey_pk8_der_len}; - int error = device->import_key(&rsa_param_set, KM_KEY_FORMAT_PKCS8, &private_key, &key, nullptr); + int error = + device->import_key(&rsa_param_set, KM_KEY_FORMAT_PKCS8, &private_key, &key, nullptr); if (error != KM_ERROR_OK) { printf("Error importing RSA key: %d\n\n", error); return false; @@ -249,7 +256,7 @@ static bool test_rsa(TrustyKeymasterDevice* device) { printf("=== Verifying with exported key ===\n"); const uint8_t* tmp = exported_key.data; std::unique_ptr pkey( - d2i_PUBKEY(NULL, &tmp, exported_key.data_length)); + d2i_PUBKEY(NULL, &tmp, exported_key.data_length)); std::unique_ptr ctx(EVP_PKEY_CTX_new(pkey.get(), NULL)); if (EVP_PKEY_verify_init(ctx.get()) != 1) { printf("Error initializing openss EVP context\n\n"); @@ -353,7 +360,7 @@ static bool test_ecdsa(TrustyKeymasterDevice* device) { printf("=== Verifying with exported key ===\n"); const uint8_t* tmp = exported_key.data; std::unique_ptr pkey( - d2i_PUBKEY(NULL, &tmp, exported_key.data_length)); + d2i_PUBKEY(NULL, &tmp, exported_key.data_length)); std::unique_ptr ctx(EVP_PKEY_CTX_new(pkey.get(), NULL)); if (EVP_PKEY_verify_init(ctx.get()) != 1) { printf("Error initializing openssl EVP context\n\n");