hals/keymaster/include/KeymasterDevice.h

/*
 * Copyright 2017, The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef ANDROID_HARDWARE_KEYMASTER_KEYMASTER_DEVICE_H
#define ANDROID_HARDWARE_KEYMASTER_KEYMASTER_DEVICE_H

#include <android/hardware/keymaster/4.0/IKeymasterDevice.h>

#include <Keymaster.client.h>

#include <vector>

namespace android {
namespace hardware {
namespace keymaster {

using ::android::hardware::keymaster::V4_0::ErrorCode;
using ::android::hardware::keymaster::V4_0::HardwareAuthToken;
using ::android::hardware::keymaster::V4_0::HmacSharingParameters;
using ::android::hardware::keymaster::V4_0::IKeymasterDevice;
using ::android::hardware::keymaster::V4_0::KeyFormat;
using ::android::hardware::keymaster::V4_0::KeyParameter;
using ::android::hardware::keymaster::V4_0::KeyPurpose;
using ::android::hardware::keymaster::V4_0::VerificationToken;
using ::android::hardware::Return;
using ::android::hardware::hidl_vec;
using ::nugget::app::keymaster::BootColor;

#define KM_MAX_PROTO_FIELD_SIZE 2048

using KeymasterClient = ::nugget::app::keymaster::IKeymaster;

struct KeymasterDevice : public IKeymasterDevice {
    KeymasterDevice(KeymasterClient& keymaster);
    ~KeymasterDevice() override = default;

    // Methods from ::android::hardware::keymaster::V4_0::IKeymasterDevice follow.
    Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb) override;
    Return<void> getHmacSharingParameters(
        getHmacSharingParameters_cb _hidl_cb) override;
    Return<void> computeSharedHmac(
        const hidl_vec<HmacSharingParameters>& params,
        computeSharedHmac_cb _hidl_cb) override;
    Return<void> verifyAuthorization(
        uint64_t operationHandle,
        const hidl_vec<KeyParameter>& parametersToVerify,
        const HardwareAuthToken& authToken,
        verifyAuthorization_cb _hidl_cb) override;
    Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override;
    Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
                             generateKey_cb _hidl_cb) override;
    Return<void> getKeyCharacteristics(
        const hidl_vec<uint8_t>& keyBlob,
        const hidl_vec<uint8_t>& clientId,
        const hidl_vec<uint8_t>& appData,
        getKeyCharacteristics_cb _hidl_cb) override;
    Return<void> importKey(
        const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
        const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override;
    Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
                                  const hidl_vec<uint8_t>& wrappingKeyBlob,
                                  const hidl_vec<uint8_t>& maskingKey,
                                  const hidl_vec<KeyParameter>& unwrappingParams,
                                  uint64_t passwordSid, uint64_t biometricSid,
                                  importWrappedKey_cb _hidl_cb) override;
    Return<void> exportKey(
        KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
        const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
        exportKey_cb _hidl_cb) override;
    Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
                           const hidl_vec<KeyParameter>& attestParams,
                           attestKey_cb _hidl_cb) override;
    Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
                            const hidl_vec<KeyParameter>& upgradeParams,
                            upgradeKey_cb _hidl_cb) override;
    Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override;
    Return<ErrorCode> deleteAllKeys() override;
    Return<ErrorCode> destroyAttestationIds() override;
    Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
                       const hidl_vec<KeyParameter>& inParams,
                       const HardwareAuthToken& authToken,
                       begin_cb _hidl_cb) override;
    Return<void> update(
        uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
        const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
        const VerificationToken& verificationToken,
        update_cb _hidl_cb) override;
    Return<void> finish(
        uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
        const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
        const HardwareAuthToken& authToken,
        const VerificationToken& verificationToken,
        finish_cb _hidl_cb) override;
    Return<ErrorCode> abort(uint64_t operationHandle) override;

private:
    KeymasterClient& _keymaster;
    // These come from GetProperty.
    uint32_t _os_version;
    uint32_t _os_patchlevel;
    uint32_t _vendor_patchlevel;

    // These come from the bootloader through Citadel.
    bool _is_unlocked;
    BootColor _boot_color;
    std::vector<uint8_t> _boot_key;
    std::vector<uint8_t> _boot_hash;

    Return<ErrorCode> SendSystemVersionInfo() const;
    Return<ErrorCode> GetBootInfo();
};

}  // namespace keymaster
}  // namespace hardware
}  // namespace android

#endif // ANDROID_HARDWARE_KEYMASTER_KEYMASTER_DEVICE_H