diff options
| author | audahadi <wan.audahadi@gmail.com> | 2017-01-02 11:39:49 +0800 |
|---|---|---|
| committer | audahadi <wan.audahadi@gmail.com> | 2017-01-02 12:40:20 +0530 |
| commit | 45c46a937314dfad4e95f0e35179eb2e39921d86 (patch) | |
| tree | 3d6ca6e8d46a4c0f6c92ed1060595e6083511bf1 | |
| parent | 53576c6016f3af477b7a358db8aa415efaa58331 (diff) | |
re-add keymaster symlink
Change-Id: I9e135341cc9b24e3b85e79b135e343a298a510cc
| -rw-r--r-- | Android.mk | 30 | ||||
| -rw-r--r-- | BoardConfigCommon.mk | 5 | ||||
| -rw-r--r-- | keymaster/Android.mk | 51 | ||||
| -rw-r--r-- | keymaster/QSEEComAPI.h | 299 | ||||
| -rw-r--r-- | keymaster/keymaster_qcom.cpp | 809 | ||||
| -rw-r--r-- | keymaster/keymaster_qcom.h | 222 | ||||
| -rw-r--r-- | msm8916.mk | 9 |
7 files changed, 32 insertions, 1393 deletions
@@ -21,4 +21,34 @@ include $(call all-makefiles-under,$(LOCAL_PATH)) include $(CLEAR_VARS) +KM_IMAGES := \ + keymaste.b00 keymaste.b01 keymaste.b02 keymaste.b03 keymaste.mdt + +KM_SYMLINKS := $(addprefix $(TARGET_OUT_ETC)/firmware/,$(notdir $(KM_IMAGES))) +$(KM_SYMLINKS): $(LOCAL_INSTALLED_MODULE) + @echo "Keymaster firmware link: $@" + @mkdir -p $(dir $@) + @rm -rf $@ + $(hide) ln -sf /firmware/image/$(notdir $@) $@ + +ALL_DEFAULT_INSTALLED_MODULES += $(KM_SYMLINKS) + +WV_IMAGES := \ + widevine.b00 widevine.b01 widevine.b02 widevine.b03 widevine.mdt + +WV_SYMLINKS := $(addprefix $(TARGET_OUT_ETC)/firmware/,$(notdir $(WV_IMAGES))) +$(WV_SYMLINKS): $(LOCAL_INSTALLED_MODULE) + @echo "Widevine firmware link: $@" + @mkdir -p $(dir $@) + @rm -rf $@ + $(hide) ln -sf /firmware/image/$(notdir $@) $@ + +ALL_DEFAULT_INSTALLED_MODULES += $(WV_SYMLINKS) + +# Create a link for the WCNSS config file, which ends up as a writable +# version in /data/misc/wifi +$(shell mkdir -p $(TARGET_OUT)/etc/firmware/wlan/prima; \ + ln -sf /data/misc/wifi/WCNSS_qcom_cfg.ini \ + $(TARGET_OUT)/etc/firmware/wlan/prima/WCNSS_qcom_cfg.ini) + endif diff --git a/BoardConfigCommon.mk b/BoardConfigCommon.mk index 66ae8e7..d35423f 100644 --- a/BoardConfigCommon.mk +++ b/BoardConfigCommon.mk @@ -128,12 +128,7 @@ TARGET_PLATFORM_DEVICE_BASE := /devices/soc.0/ TARGET_UNIFIED_DEVICE := true # Keymaster -ifeq ($(TARGET_DEVICE),Z010D) TARGET_KEYMASTER_WAIT_FOR_QSEE := true -else -TARGET_PROVIDES_KEYMASTER := true -TARGET_HW_KEYMASTER_V03 := true -endif # Lights TARGET_PROVIDES_LIBLIGHT := true diff --git a/keymaster/Android.mk b/keymaster/Android.mk deleted file mode 100644 index e614850..0000000 --- a/keymaster/Android.mk +++ /dev/null @@ -1,51 +0,0 @@ -ifneq ($(filter Z00ED Z00RD,$(TARGET_DEVICE)),) - -ifeq ($(TARGET_HW_KEYMASTER_V03),true) -LOCAL_PATH := $(call my-dir) - -ifeq ($(BOARD_USES_QCOM_HARDWARE),true) - -keymaster-def := -fvisibility=hidden -Wall -ifeq ($(TARGET_BOARD_PLATFORM),msm8084) -keymaster-def += -D_ION_HEAP_MASK_COMPATIBILITY_WA -endif - -include $(CLEAR_VARS) - -LOCAL_MODULE := keystore.qcom - -LOCAL_MODULE_RELATIVE_PATH := hw - -LOCAL_SRC_FILES := keymaster_qcom.cpp - -LOCAL_C_INCLUDES := $(TARGET_OUT_HEADERS)/common/inc \ - $(TARGET_OUT_INTERMEDIATES)/KERNEL_OBJ/usr/include \ - external/openssl/include - -LOCAL_CFLAGS := $(keymaster-def) - -LOCAL_SHARED_LIBRARIES := \ - libcrypto \ - liblog \ - libc \ - libdl - -LOCAL_ADDITIONAL_DEPENDENCIES := $(LOCAL_PATH)/Android.mk - -LOCAL_MODULE_TAGS := optional - -include $(BUILD_SHARED_LIBRARY) - -endif # TARGET_BOARD_PLATFORM -else -LOCAL_MODULE := keystore.qcom -$(info Removing keymaster v0.3 bins) -$(shell rm -rf $(TARGET_OUT_INTERMEDIATES)/SHARED_LIBRARIES/$(LOCAL_MODULE)_intermediates ) -$(shell rm -rf $(TARGET_OUT)/lib/hw/$(LOCAL_MODULE).so ) -$(shell rm -rf $(TARGET_OUT)/lib64/hw/$(LOCAL_MODULE).so ) -$(shell rm -rf $(TARGET_OUT)/../symbols/system/lib/hw/$(LOCAL_MODULE).so ) -$(shell rm -rf $(TARGET_OUT_INTERMEDIATES)/lib/$(LOCAL_MODULE).so ) -$(shell rm -fr $(TARGET_OUT_INTERMEDIATES)/lib64/$(LOCAL_MODULE).so ) - -endif # end of TARGET_HW_KEYMASTER_V03 -endif # end of TARGET_DEVICE diff --git a/keymaster/QSEEComAPI.h b/keymaster/QSEEComAPI.h deleted file mode 100644 index a96cda3..0000000 --- a/keymaster/QSEEComAPI.h +++ /dev/null @@ -1,299 +0,0 @@ -/* - * Copyright (c) 2012, The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); you - * may not use this file except in compliance with the License. You may - * obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -#ifndef __QSEECOMAPI_H_ -#define __QSEECOMAPI_H_ - - -/*---------------------------------------------------------------------------- - * Include Files -* -------------------------------------------------------------------------*/ -#include <stdint.h> -#include <stdbool.h> - -#define QSEECOM_ALIGN_SIZE 0x40 -#define QSEECOM_ALIGN_MASK (QSEECOM_ALIGN_SIZE - 1) -#define QSEECOM_ALIGN(x) \ - ((x + QSEECOM_ALIGN_SIZE) & (~QSEECOM_ALIGN_MASK)) - -#ifdef __cplusplus -extern "C" { -#endif - -/*---------------------------------------------------------------------------- - * Preprocessor Definitions and Constants - * -------------------------------------------------------------------------*/ -/** The memory is locked and non-pageable */ -#define MEM_LOCKED 0x00000001 -/** The memory is marked non-cacheable */ -#define MEM_NON_CACHED 0x00000002 - -#define QSEECOM_APP_QUERY_FAILED -6 -#define QSEECOM_APP_NOT_LOADED -5 -#define QSEECOM_APP_ALREADY_LOADED -4 -#define QSEECOM_LISTENER_UNREGISTERED -3 -#define QSEECOM_LISTENER_ALREADY_REGISTERED -2 -#define QSEECOM_LISTENER_REGISTER_FAIL -1 - -/*---------------------------------------------------------------------------- - * Type Declarations - * -------------------------------------------------------------------------*/ -struct QSEECom_handle { - unsigned char *ion_sbuffer; -}; - -struct QSEECom_ion_fd_data { - int32_t fd; - uint32_t cmd_buf_offset; -}; - -struct QSEECom_ion_fd_info { - struct QSEECom_ion_fd_data data[4]; -}; - -/*---------------------------------------------------------------------------- - * Function Declarations and Documentation - * -------------------------------------------------------------------------*/ -/** - * @brief Open a handle to the QSEECom device. - * - * - Load a secure application. The application will be verified that it is - * secure by digital signature verification. - * Allocate memory for sending requests to the QSAPP - * - * Note/Comments: - * There is a one-to-one relation for a HLOS client and a QSAPP; - * meaning that only one app can communicate to a QSAPP at a time. - * - * Please note that there is difference between an application and a listener - * service. A QSAPP must be loaded at the request of the HLOS, - * and all requests are orginated by the HLOS client. - * A listener service on the otherhand is started during start-up by a - * daemon, qseecomd. - * - * A HLOS application may create mutiple handles to the QSAPP - * - * @param[in/out] handle The device handle - * @param[in] fname The directory and filename to load. - * @param[in] sb_size Size of the shared buffer memory for sending requests. - * @return Zero on success, negative on failure. errno will be set on - * error. - */ -int QSEECom_start_app(struct QSEECom_handle **clnt_handle, const char *path, - const char *fname, uint32_t sb_size); - -/** - * @brief Close the application associated with the handle. - * - * - Unload a secure application. The driver will verify if there exists - * any other applications that are communicating with the QSAPP to which - * the "handle" is tied. - * - De-allocate memory for sending requests to QSAPP. - * - * @param[in] handle The device handle - * @return Zero on success, negative on failure. errno will be set on - * error. - */ -int QSEECom_shutdown_app(struct QSEECom_handle **handle); - -/** - * @brief Open a handle to the QSEECom device. - * - * - Load an external elf. The elf will be verified that it is - * secure by digital signature verification. - * - * A HLOS application may create mutiple opens (only one is permitted for the - * app, but each listener service can open a unique device in the same HLOS app - * /executable. - * @param[in/out] handle The device handle - * @param[in] fname The directory and filename to load. - * @return Zero on success, negative on failure. errno will be set on - * error. - */ -int QSEECom_load_external_elf(struct QSEECom_handle **clnt_handle, const char *path, - const char *fname); - -/** - * @brief Close the external elf - * - * - Unload an external elf. - * - * @param[in] handle The device handle - * - * @return Zero on success, negative on failure. errno will be set on - * error. - */ -int QSEECom_unload_external_elf(struct QSEECom_handle **handle); - -/** - * @brief Register an HLOS listener service. This allows messages from QSAPP - * to be received. - * - * @param[in] handle The device handle - * @param[in] lstnr_id The listener service identifier. This ID must be uniquely - * assigned to avoid any collisions. - * @param[in] sb_length Shared memory buffer between OS and QSE. - * @param[in] flags Provide the shared memory flags attributes. - * - * @return Zero on success, negative on failure. errno will be set on - * error. - * - */ -int QSEECom_register_listener(struct QSEECom_handle **handle, - uint32_t lstnr_id, uint32_t sb_length, uint32_t flags); - -/** - * @brief Unregister a listener service. - * - * @param[in] handle The device handle - * - * @return Zero on success, negative on failure. errno will be set on - * error. - */ -int QSEECom_unregister_listener(struct QSEECom_handle *handle); - - -/** - * @brief Send QSAPP a "user" defined buffer (may contain some message/ - * command request) and receives a response from QSAPP in receive buffer. - * The HLOS client writes to the send_buf, where QSAPP writes to the rcv_buf. - * This is a blocking call. - * - * @param[in] handle The device handle - * @param[in] send_buf The buffer to be sent. - * If using ion_sbuffer, ensure this - * QSEECOM_BUFFER_ALIGN'ed. - * @param[in] sbuf_len The send buffer length - * If using ion_sbuffer, ensure length is - * multiple of QSEECOM_BUFFER_ALIGN. - * @param[in] rcv_buf The QSEOS returned buffer. - * If using ion_sbuffer, ensure this is - * QSEECOM_BUFFER_ALIGN'ed. - * @param[in] rbuf_len The returned buffer length. - * If using ion_sbuffer, ensure length is - * multiple of QSEECOM_BUFFER_ALIGN. - * @param[in] rbuf_len The returned buffer length. - * - * @return Zero on success, negative on failure. errno will be set on - * error. - */ -int QSEECom_send_cmd(struct QSEECom_handle *handle, void *send_buf, - uint32_t sbuf_len, void *rcv_buf, uint32_t rbuf_len); - - -/** - * @brief Send QSAPP a "user" defined buffer (may contain some message/ - * command request) and receives a response from QSAPP in receive buffer. - * This API is same as send_cmd except it takes in addition parameter, - * "ifd_data". This "ifd_data" holds information (ion fd handle and - * cmd_buf_offset) used for modifying data in the message in send_buf - * at an offset. Essentailly, it has the ion fd handle information to - * retrieve physical address and modify the message in send_buf at the - * mentioned offset. - * - * The HLOS client writes to the send_buf, where QSAPP writes to the rcv_buf. - * This is a blocking call. - * - * @param[in] handle The device handle - * @param[in] send_buf The buffer to be sent. - * If using ion_sbuffer, ensure this - * QSEECOM_BUFFER_ALIGN'ed. - * @param[in] sbuf_len The send buffer length - * If using ion_sbuffer, ensure length is - * multiple of QSEECOM_BUFFER_ALIGN. - * @param[in] rcv_buf The QSEOS returned buffer. - * If using ion_sbuffer, ensure this is - * QSEECOM_BUFFER_ALIGN'ed. - * @param[in] rbuf_len The returned buffer length. - * If using ion_sbuffer, ensure length is - * multiple of QSEECOM_BUFFER_ALIGN. - * @param[in] QSEECom_ion_fd_info data related to memory allocated by ion. - * - * @return Zero on success, negative on failure. errno will be set on - * error. - */ -int QSEECom_send_modified_cmd(struct QSEECom_handle *handle, void *send_buf, - uint32_t sbuf_len, void *resp_buf, uint32_t rbuf_len, - struct QSEECom_ion_fd_info *ifd_data); - -/** - * @brief Receive a service defined buffer. - * - * @param[in] handle The device handle - * @param[out] buf The buffer that is received - * @param[in] len The receive buffer length - * - * @return Zero on success, negative on failure. errno will be set on - * error. - */ -int QSEECom_receive_req(struct QSEECom_handle *handle, - void *buf, uint32_t len); - -/** - * @brief Send a response based on the previous QSEECom_receive_req. - * - * This allows a listener service to receive a command (e.g. read file abc). - * The service can then handle the request from QSEECom_receive_req, and provide - * that information back to QSAPP. - * - * This allows the HLOS to act as the server and QSAPP to behave as the client. - * - * @param[in] handle The device handle - * @param[out] send_buf The buffer to be returned back to QSAPP - * @param[in] len The send buffer length - * - * @return Zero on success, negative on failure. errno will be set on - * error. - */ -int QSEECom_send_resp(struct QSEECom_handle *handle, - void *send_buf, uint32_t len); - -/** - * @brief Set the bandwidth for QSEE. - * - * This API resulst in improving the performance on the Crypto hardware - * in QSEE. It should be called before issuing send_cmd/send_modified_cmd - * for commands that requires using the crypto hardware on the QSEE. - * Typically this API should be called before issuing the send request to - * enable high performance mode and after completion of the send_cmd to - * resume to low performance and hence to low power mode. - * - * This allows the clients of QSEECom to set the QSEE cyptpo HW bus - * bandwidth to high/low. - * - * @param[in] high Set to 1 to enable bandwidth. - * - * @return Zero on success, negative on failure. errno will be set on - * error. - */ -int QSEECom_set_bandwidth(struct QSEECom_handle *handle, bool high); - -/** - * @brief Query QSEE to check if app is loaded. - * - * This API queries QSEE to see if the app is loaded or not. - * - * @param[in] app_name Name of the app. - * - * @return QSEECOM_APP_QUERY_FAILED/QSEECOM_APP_NOT_LOADED/QSEECOM_APP_LOADED. - */ -int QSEECom_app_load_query(struct QSEECom_handle *handle, char *app_name); - -#ifdef __cplusplus -} -#endif - -#endif diff --git a/keymaster/keymaster_qcom.cpp b/keymaster/keymaster_qcom.cpp deleted file mode 100644 index 5ae6fe0..0000000 --- a/keymaster/keymaster_qcom.cpp +++ /dev/null @@ -1,809 +0,0 @@ -/* - * Copyright (C) 2012 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); you - * may not use this file except in compliance with the License. You may - * obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -#include <errno.h> -#include <string.h> -#include <stdint.h> - -#include <hardware/hardware.h> -#include <hardware/keymaster0.h> - -#include <openssl/evp.h> -#include <openssl/bio.h> -#include <openssl/rsa.h> -#include <openssl/err.h> -#include <openssl/x509.h> - -#include <linux/ioctl.h> -#include <linux/msm_ion.h> -#include <sys/mman.h> - -#include <stdio.h> -#include <stdlib.h> -#include <stddef.h> -#include <unistd.h> -#include <dirent.h> -#include <fcntl.h> - -#include <sys/types.h> -#include <sys/stat.h> -#include <dlfcn.h> - -#include <UniquePtr.h> - -#include "QSEEComAPI.h" -#include "keymaster_qcom.h" - -// For debugging -//#define LOG_NDEBUG 0 - -#define LOG_TAG "QCOMKeyMaster" -#define UNUSED(x) (void)(x) -#define KM_SB_LENGTH (4096 * 2) - -#include <cutils/log.h> -struct qcom_km_ion_info_t { - int32_t ion_fd; - int32_t ifd_data_fd; - struct ion_handle_data ion_alloc_handle; - unsigned char * ion_sbuffer; - uint32_t sbuf_len; -}; - -struct qcom_keymaster_handle { - struct QSEECom_handle *qseecom; - void *libhandle; - int (*QSEECom_start_app)(struct QSEECom_handle ** handle, const char* path, - const char* appname, uint32_t size); - int (*QSEECom_shutdown_app)(struct QSEECom_handle **handle); - int (*QSEECom_send_cmd)(struct QSEECom_handle* handle, void *cbuf, - uint32_t clen, void *rbuf, uint32_t rlen); - int (*QSEECom_send_modified_cmd)(struct QSEECom_handle* handle, void *cbuf, - uint32_t clen, void *rbuf, uint32_t rlen, - struct QSEECom_ion_fd_info *ihandle); - int (*QSEECom_set_bandwidth)(struct QSEECom_handle* handle, bool high); -}; -typedef struct qcom_keymaster_handle qcom_keymaster_handle_t; - -struct EVP_PKEY_Delete { - void operator()(EVP_PKEY* p) const { - EVP_PKEY_free(p); - } -}; -typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; - -struct RSA_Delete { - void operator()(RSA* p) const { - RSA_free(p); - } -}; -typedef UniquePtr<RSA, RSA_Delete> Unique_RSA; - -typedef UniquePtr<keymaster0_device_t> Unique_keymaster_device_t; - -/** - * Many OpenSSL APIs take ownership of an argument on success but don't free the argument - * on failure. This means we need to tell our scoped pointers when we've transferred ownership, - * without triggering a warning by not using the result of release(). - */ -#define OWNERSHIP_TRANSFERRED(obj) \ - typeof (obj.release()) _dummy __attribute__((unused)) = obj.release() - -static int qcom_km_get_keypair_public(const keymaster0_device* dev, - const uint8_t* keyBlob, const size_t keyBlobLength, - uint8_t** x509_data, size_t* x509_data_length) { - - struct qcom_km_key_blob * keyblob_ptr = (struct qcom_km_key_blob *)keyBlob; - - UNUSED(dev); - if (x509_data == NULL || x509_data_length == NULL) { - ALOGE("Output public key buffer == NULL"); - return -1; - } - - if (keyBlob == NULL) { - ALOGE("Supplied key blob was NULL"); - return -1; - } - - // Should be large enough for keyblob data: - if (keyBlobLength < (sizeof(qcom_km_key_blob_t))) { - ALOGE("key blob appears to be truncated"); - return -1; - } - - if (keyblob_ptr->magic_num != KM_MAGIC_NUM) { - ALOGE("Cannot read key; it was not made by this keymaster"); - return -1; - } - - if (keyblob_ptr->public_exponent_size == 0 ) { - ALOGE("Key blob appears to have incorrect exponent length"); - return -1; - } - if (keyblob_ptr->modulus_size == 0 ) { - ALOGE("Key blob appears to have incorrect modulus length"); - return -1; - } - - Unique_RSA rsa(RSA_new()); - if (rsa.get() == NULL) { - ALOGE("Could not allocate RSA structure"); - return -1; - } - - rsa->n = BN_bin2bn(reinterpret_cast<const unsigned char*>(keyblob_ptr->modulus), - keyblob_ptr->modulus_size, NULL); - if (rsa->n == NULL) { - ALOGE("Failed to initialize modulus"); - return -1; - } - - rsa->e = BN_bin2bn(reinterpret_cast<const unsigned char*>(&keyblob_ptr->public_exponent), - keyblob_ptr->public_exponent_size, NULL); - if (rsa->e == NULL) { - ALOGE("Failed to initialize public exponent"); - return -1; - } - - Unique_EVP_PKEY pkey(EVP_PKEY_new()); - if (pkey.get() == NULL) { - ALOGE("Could not allocate EVP_PKEY structure"); - return -1; - } - if (EVP_PKEY_assign_RSA(pkey.get(), rsa.get()) != 1) { - ALOGE("Failed to assign rsa parameters \n"); - return -1; - } - OWNERSHIP_TRANSFERRED(rsa); - - int len = i2d_PUBKEY(pkey.get(), NULL); - if (len <= 0) { - ALOGE("Len returned is < 0 len = %d", len); - return -1; - } - - UniquePtr<uint8_t> key(static_cast<uint8_t*>(malloc(len))); - if (key.get() == NULL) { - ALOGE("Could not allocate memory for public key data"); - return -1; - } - - unsigned char* tmp = reinterpret_cast<unsigned char*>(key.get()); - if (i2d_PUBKEY(pkey.get(), &tmp) != len) { - ALOGE("Len 2 returned is < 0 len = %d", len); - return -1; - } - *x509_data_length = len; - *x509_data = key.release(); - - return 0; -} - -static int32_t qcom_km_ION_memalloc(struct qcom_km_ion_info_t *handle, - uint32_t size) -{ - int32_t ret = 0; - int32_t iret = 0; - int32_t fd = 0; - unsigned char *v_addr; - struct ion_allocation_data ion_alloc_data; - int32_t ion_fd; - int32_t rc; - struct ion_fd_data ifd_data; - struct ion_handle_data handle_data; - - /* open ION device for memory management - * O_DSYNC -> uncached memory - */ - if(handle == NULL){ - ALOGE("Error:: null handle received"); - return -1; - } - ion_fd = open("/dev/ion", O_RDONLY | O_DSYNC); - if (ion_fd < 0) { - ALOGE("Error::Cannot open ION device"); - return -1; - } - handle->ion_sbuffer = NULL; - handle->ifd_data_fd = 0; - - /* Size of allocation */ - ion_alloc_data.len = (size + 4095) & (~4095); - - /* 4K aligned */ - ion_alloc_data.align = 4096; - - /* memory is allocated from EBI heap */ - ion_alloc_data.ION_HEAP_MASK = ION_HEAP(ION_QSECOM_HEAP_ID); - - /* Set the memory to be uncached */ - ion_alloc_data.flags = 0; - - /* IOCTL call to ION for memory request */ - rc = ioctl(ion_fd, ION_IOC_ALLOC, &ion_alloc_data); - if (rc) { - ret = -1; - goto alloc_fail; - } - - if (ion_alloc_data.handle) { - ifd_data.handle = ion_alloc_data.handle; - } else { - ret = -1; - goto alloc_fail; - } - /* Call MAP ioctl to retrieve the ifd_data.fd file descriptor */ - rc = ioctl(ion_fd, ION_IOC_MAP, &ifd_data); - if (rc) { - ret = -1; - goto ioctl_fail; - } - - /* Make the ion mmap call */ - v_addr = (unsigned char *)mmap(NULL, ion_alloc_data.len, - PROT_READ | PROT_WRITE, - MAP_SHARED, ifd_data.fd, 0); - if (v_addr == MAP_FAILED) { - ALOGE("Error::ION MMAP failed"); - ret = -1; - goto map_fail; - } - handle->ion_fd = ion_fd; - handle->ifd_data_fd = ifd_data.fd; - handle->ion_sbuffer = v_addr; - handle->ion_alloc_handle.handle = ion_alloc_data.handle; - handle->sbuf_len = size; - return ret; - -map_fail: - if (handle->ion_sbuffer != NULL) { - iret = munmap(handle->ion_sbuffer, ion_alloc_data.len); - if (iret) - ALOGE("Error::Failed to unmap memory for load image. ret = %d", ret); - } - -ioctl_fail: - handle_data.handle = ion_alloc_data.handle; - if (handle->ifd_data_fd) - close(handle->ifd_data_fd); - iret = ioctl(ion_fd, ION_IOC_FREE, &handle_data); - if (iret) { - ALOGE("Error::ION FREE ioctl returned error = %d",iret); - } - -alloc_fail: - if (ion_fd > 0) - close(ion_fd); - return ret; -} - -/** @brief: Deallocate ION memory - * - * - */ -static int32_t qcom_km_ion_dealloc(struct qcom_km_ion_info_t *handle) -{ - struct ion_handle_data handle_data; - int32_t ret = 0; - - /* Deallocate the memory for the listener */ - ret = munmap(handle->ion_sbuffer, (handle->sbuf_len + 4095) & (~4095)); - if (ret) { - ALOGE("Error::Unmapping ION Buffer failed with ret = %d", ret); - } - - handle_data.handle = handle->ion_alloc_handle.handle; - close(handle->ifd_data_fd); - ret = ioctl(handle->ion_fd, ION_IOC_FREE, &handle_data); - if (ret) { - ALOGE("Error::ION Memory FREE ioctl failed with ret = %d", ret); - } - close(handle->ion_fd); - return ret; -} - -static int qcom_km_generate_keypair(const keymaster0_device_t* dev, - const keymaster_keypair_t key_type, const void* key_params, - uint8_t** keyBlob, size_t* keyBlobLength) { - - if (dev->context == NULL) { - ALOGE("qcom_km_generate_keypair: Context == NULL"); - return -1; - } - - if (key_type != TYPE_RSA) { - ALOGE("Unsupported key type %d", key_type); - return -1; - } else if (key_params == NULL) { - ALOGE("key_params == null"); - return -1; - } - if (keyBlob == NULL || keyBlobLength == NULL) { - ALOGE("output key blob or length == NULL"); - return -1; - } - keymaster_rsa_keygen_params_t* rsa_params = (keymaster_rsa_keygen_params_t*) key_params; - - keymaster_gen_keypair_cmd_t *send_cmd = NULL; - keymaster_gen_keypair_resp_t *resp = NULL; - struct QSEECom_handle *handle = NULL; - struct qcom_keymaster_handle *km_handle =(struct qcom_keymaster_handle *)dev->context; - int ret = 0; - - handle = (struct QSEECom_handle *)(km_handle->qseecom); - send_cmd = (keymaster_gen_keypair_cmd_t *)handle->ion_sbuffer; - resp = (keymaster_gen_keypair_resp_t *)(handle->ion_sbuffer + - QSEECOM_ALIGN(sizeof(keymaster_gen_keypair_cmd_t))); - send_cmd->cmd_id = KEYMASTER_GENERATE_KEYPAIR; - send_cmd->key_type = key_type; - send_cmd->rsa_params.modulus_size = rsa_params->modulus_size; - send_cmd->rsa_params.public_exponent = rsa_params->public_exponent; - resp->status = KEYMASTER_FAILURE; - resp->key_blob_len = sizeof(qcom_km_key_blob_t); - - ret = (*km_handle->QSEECom_set_bandwidth)(handle, true); - if (ret < 0) { - ALOGE("Generate key command failed (unable to enable clks) ret =%d", ret); - return -1; - } - - ret = (*km_handle->QSEECom_send_cmd)(handle, send_cmd, - QSEECOM_ALIGN(sizeof(keymaster_gen_keypair_cmd_t)), resp, - QSEECOM_ALIGN(sizeof(keymaster_gen_keypair_resp_t))); - - if((*km_handle->QSEECom_set_bandwidth)(handle, false)) - ALOGE("Import key command: (unable to disable clks)"); - - if ( (ret < 0) || (resp->status < 0)) { - ALOGE("Generate key command failed resp->status = %d ret =%d", resp->status, ret); - return -1; - } else { - UniquePtr<unsigned char[]> keydata(new unsigned char[resp->key_blob_len]); - if (keydata.get() == NULL) { - ALOGE("could not allocate memory for key blob"); - return -1; - } - unsigned char* p = keydata.get(); - memcpy(p, (unsigned char *)(&resp->key_blob), resp->key_blob_len); - *keyBlob = keydata.release(); - *keyBlobLength = resp->key_blob_len; - } - return 0; -} - -static int qcom_km_import_keypair(const keymaster0_device_t* dev, - const uint8_t* key, const size_t key_length, - uint8_t** keyBlob, size_t* keyBlobLength) -{ - if (dev->context == NULL) { - ALOGE("qcom_km_import_keypair: Context == NULL"); - return -1; - } - - if (key == NULL) { - ALOGE("Input key == NULL"); - return -1; - } else if (keyBlob == NULL || keyBlobLength == NULL) { - ALOGE("Output key blob or length == NULL"); - return -1; - } - - struct QSEECom_ion_fd_info ion_fd_info; - struct qcom_km_ion_info_t ihandle; - int ret = 0; - - ihandle.ion_fd = 0; - ihandle.ion_alloc_handle.handle = 0; - if (qcom_km_ION_memalloc(&ihandle, QSEECOM_ALIGN(key_length)) < 0) { - ALOGE("ION allocation failed"); - return -1; - } - memset(&ion_fd_info, 0, sizeof(struct QSEECom_ion_fd_info)); - - /* Populate the send data structure */ - ion_fd_info.data[0].fd = ihandle.ifd_data_fd; - ion_fd_info.data[0].cmd_buf_offset = sizeof(enum keymaster_cmd_t); - - - struct QSEECom_handle *handle = NULL; - keymaster_import_keypair_cmd_t *send_cmd = NULL; - keymaster_import_keypair_resp_t *resp = NULL; - struct qcom_keymaster_handle *km_handle =(struct qcom_keymaster_handle *)dev->context; - - handle = (struct QSEECom_handle *)(km_handle->qseecom); - send_cmd = (keymaster_import_keypair_cmd_t *)handle->ion_sbuffer; - resp = (keymaster_import_keypair_resp_t *)(handle->ion_sbuffer + - QSEECOM_ALIGN(sizeof(keymaster_import_keypair_cmd_t))); - send_cmd->cmd_id = KEYMASTER_IMPORT_KEYPAIR; - send_cmd->pkcs8_key = (uint32_t)(uintptr_t)ihandle.ion_sbuffer; - - memcpy((unsigned char *)ihandle.ion_sbuffer, key, key_length); - - send_cmd->pkcs8_key_len = key_length; - resp->status = KEYMASTER_FAILURE; - resp->key_blob_len = sizeof(qcom_km_key_blob_t); - - ret = (*km_handle->QSEECom_set_bandwidth)(handle, true); - if (ret < 0) { - ALOGE("Import key command failed (unable to enable clks) ret =%d", ret); - qcom_km_ion_dealloc(&ihandle); - return -1; - } - ret = (*km_handle->QSEECom_send_modified_cmd)(handle, send_cmd, - QSEECOM_ALIGN(sizeof(*send_cmd)), resp, - QSEECOM_ALIGN(sizeof(*resp)), &ion_fd_info); - - if((*km_handle->QSEECom_set_bandwidth)(handle, false)) - ALOGE("Import key command: (unable to disable clks)"); - - if ( (ret < 0) || (resp->status < 0)) { - ALOGE("Import key command failed resp->status = %d ret =%d", resp->status, ret); - qcom_km_ion_dealloc(&ihandle); - return -1; - } else { - UniquePtr<unsigned char[]> keydata(new unsigned char[resp->key_blob_len]); - if (keydata.get() == NULL) { - ALOGE("could not allocate memory for key blob"); - return -1; - } - unsigned char* p = keydata.get(); - memcpy(p, (unsigned char *)(&resp->key_blob), resp->key_blob_len); - *keyBlob = keydata.release(); - *keyBlobLength = resp->key_blob_len; - - } - qcom_km_ion_dealloc(&ihandle); - return 0; -} - -static int qcom_km_sign_data(const keymaster0_device_t* dev, - const void* params, - const uint8_t* keyBlob, const size_t keyBlobLength, - const uint8_t* data, const size_t dataLength, - uint8_t** signedData, size_t* signedDataLength) -{ - if (dev->context == NULL) { - ALOGE("qcom_km_sign_data: Context == NULL"); - return -1; - } - if (dataLength > KM_KEY_SIZE_MAX) { - ALOGE("Input data to be signed is too long %d bytes", dataLength); - return -1; - } - if (data == NULL) { - ALOGE("input data to sign == NULL"); - return -1; - } else if (signedData == NULL || signedDataLength == NULL) { - ALOGE("Output signature buffer == NULL"); - return -1; - } - keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params; - if (sign_params->digest_type != DIGEST_NONE) { - ALOGE("Cannot handle digest type %d", sign_params->digest_type); - return -1; - } else if (sign_params->padding_type != PADDING_NONE) { - ALOGE("Cannot handle padding type %d", sign_params->padding_type); - return -1; - } - - struct QSEECom_handle *handle = NULL; - keymaster_sign_data_cmd_t *send_cmd = NULL; - keymaster_sign_data_resp_t *resp = NULL; - struct QSEECom_ion_fd_info ion_fd_info; - struct qcom_km_ion_info_t ihandle; - struct qcom_keymaster_handle *km_handle =(struct qcom_keymaster_handle *)dev->context; - int ret = 0; - - handle = (struct QSEECom_handle *)(km_handle->qseecom); - ihandle.ion_fd = 0; - ihandle.ion_alloc_handle.handle = 0; - if (qcom_km_ION_memalloc(&ihandle, dataLength) < 0) { - ALOGE("ION allocation failed"); - return -1; - } - memset(&ion_fd_info, 0, sizeof(struct QSEECom_ion_fd_info)); - - /* Populate the send data structure */ - ion_fd_info.data[0].fd = ihandle.ifd_data_fd; - ion_fd_info.data[0].cmd_buf_offset = sizeof(enum keymaster_cmd_t) + - sizeof(qcom_km_key_blob_t) + sizeof(keymaster_rsa_sign_params_t); - - send_cmd = (keymaster_sign_data_cmd_t *)handle->ion_sbuffer; - resp = (keymaster_sign_data_resp_t *)(handle->ion_sbuffer + - QSEECOM_ALIGN(sizeof(keymaster_sign_data_cmd_t))); - send_cmd->cmd_id = KEYMASTER_SIGN_DATA ; - send_cmd->sign_param.digest_type = sign_params->digest_type; - send_cmd->sign_param.padding_type = sign_params->padding_type; - memcpy((unsigned char *)(&send_cmd->key_blob), keyBlob, keyBlobLength); - memcpy((unsigned char *)ihandle.ion_sbuffer, data, dataLength); - - send_cmd->data = (uint32_t)(uintptr_t)ihandle.ion_sbuffer; - send_cmd->dlen = dataLength; - resp->sig_len = KM_KEY_SIZE_MAX; - resp->status = KEYMASTER_FAILURE; - - ret = (*km_handle->QSEECom_set_bandwidth)(handle, true); - if (ret < 0) { - ALOGE("Sign data command failed (unable to enable clks) ret =%d", ret); - qcom_km_ion_dealloc(&ihandle); - return -1; - } - - ret = (*km_handle->QSEECom_send_modified_cmd)(handle, send_cmd, - QSEECOM_ALIGN(sizeof(*send_cmd)), resp, - QSEECOM_ALIGN(sizeof(*resp)), &ion_fd_info); - - if((*km_handle->QSEECom_set_bandwidth)(handle, false)) - ALOGE("Sign data command: (unable to disable clks)"); - - if ( (ret < 0) || (resp->status < 0)) { - ALOGE("Sign data command failed resp->status = %d ret =%d", resp->status, ret); - qcom_km_ion_dealloc(&ihandle); - return -1; - } else { - UniquePtr<uint8_t> signedDataPtr(reinterpret_cast<uint8_t*>(malloc(resp->sig_len))); - if (signedDataPtr.get() == NULL) { - ALOGE("Sign data memory allocation failed"); - qcom_km_ion_dealloc(&ihandle); - return -1; - } - unsigned char* p = signedDataPtr.get(); - memcpy(p, (unsigned char *)(&resp->signed_data), resp->sig_len); - - *signedDataLength = resp->sig_len; - *signedData = signedDataPtr.release(); - } - qcom_km_ion_dealloc(&ihandle); - return 0; -} - -static int qcom_km_verify_data(const keymaster0_device_t* dev, - const void* params, - const uint8_t* keyBlob, const size_t keyBlobLength, - const uint8_t* signedData, const size_t signedDataLength, - const uint8_t* signature, const size_t signatureLength) -{ - if (dev->context == NULL) { - ALOGE("qcom_km_verify_data: Context == NULL"); - return -1; - } - - if (signedData == NULL || signature == NULL) { - ALOGE("data or signature buffers == NULL"); - return -1; - } - - keymaster_rsa_sign_params_t* sign_params = (keymaster_rsa_sign_params_t*) params; - if (sign_params->digest_type != DIGEST_NONE) { - ALOGE("Cannot handle digest type %d", sign_params->digest_type); - return -1; - } else if (sign_params->padding_type != PADDING_NONE) { - ALOGE("Cannot handle padding type %d", sign_params->padding_type); - return -1; - } else if (signatureLength != signedDataLength) { - ALOGE("signed data length must be signature length"); - return -1; - } - - struct QSEECom_handle *handle = NULL; - keymaster_verify_data_cmd_t *send_cmd = NULL; - keymaster_verify_data_resp_t *resp = NULL; - - struct QSEECom_ion_fd_info ion_fd_info; - struct qcom_km_ion_info_t ihandle; - struct qcom_keymaster_handle *km_handle =(struct qcom_keymaster_handle *)dev->context; - int ret = 0; - - handle = (struct QSEECom_handle *)(km_handle->qseecom); - ihandle.ion_fd = 0; - ihandle.ion_alloc_handle.handle = 0; - if (qcom_km_ION_memalloc(&ihandle, signedDataLength + signatureLength) <0) { - ALOGE("ION allocation failed"); - return -1; - } - memset(&ion_fd_info, 0, sizeof(struct QSEECom_ion_fd_info)); - - /* Populate the send data structure */ - ion_fd_info.data[0].fd = ihandle.ifd_data_fd; - ion_fd_info.data[0].cmd_buf_offset = sizeof(enum keymaster_cmd_t) + - sizeof(qcom_km_key_blob_t ) + sizeof(keymaster_rsa_sign_params_t); - - send_cmd = (keymaster_verify_data_cmd_t *)handle->ion_sbuffer; - resp = (keymaster_verify_data_resp_t *)((char *)handle->ion_sbuffer + - sizeof(keymaster_verify_data_cmd_t)); - send_cmd->cmd_id = KEYMASTER_VERIFY_DATA ; - send_cmd->sign_param.digest_type = sign_params->digest_type; - send_cmd->sign_param.padding_type = sign_params->padding_type; - memcpy((unsigned char *)(&send_cmd->key_blob), keyBlob, keyBlobLength); - - send_cmd->signed_data = (uint32_t)(uintptr_t)ihandle.ion_sbuffer; - send_cmd->signed_dlen = signedDataLength; - memcpy((unsigned char *)ihandle.ion_sbuffer, signedData, signedDataLength); - - send_cmd->signature = signedDataLength; - send_cmd->slen = signatureLength; - memcpy(((unsigned char *)ihandle.ion_sbuffer + signedDataLength), - signature, signatureLength); - resp->status = KEYMASTER_FAILURE; - - ret = (*km_handle->QSEECom_set_bandwidth)(handle, true); - if (ret < 0) { - ALOGE("Verify data command failed (unable to enable clks) ret =%d", ret); - qcom_km_ion_dealloc(&ihandle); - return -1; - } - - ret = (*km_handle->QSEECom_send_modified_cmd)(handle, send_cmd, - QSEECOM_ALIGN(sizeof(*send_cmd)), resp, - QSEECOM_ALIGN(sizeof(*resp)), &ion_fd_info); - - if((*km_handle->QSEECom_set_bandwidth)(handle, false)) - ALOGE("Verify data command: (unable to disable clks)"); - - if ( (ret < 0) || (resp->status < 0)) { - ALOGE("Verify data command failed resp->status = %d ret =%d", resp->status, ret); - qcom_km_ion_dealloc(&ihandle); - return -1; - } - qcom_km_ion_dealloc(&ihandle); - return 0; -} - -/* Close an opened OpenSSL instance */ -static int qcom_km_close(hw_device_t *dev) -{ - keymaster0_device_t* km_dev = (keymaster0_device_t *)dev; - struct qcom_keymaster_handle *km_handle =(struct qcom_keymaster_handle *)km_dev->context; - - if (km_handle->qseecom == NULL) { - ALOGE("Context == NULL"); - return -1; - } - (*km_handle->QSEECom_shutdown_app)((struct QSEECom_handle **)&km_handle->qseecom); - free(km_dev->context); - free(dev); - return 0; -} - -static int qcom_km_get_lib_sym(qcom_keymaster_handle_t* km_handle) -{ - km_handle->libhandle = dlopen("libQSEEComAPI.so", RTLD_NOW); - if ( km_handle->libhandle ) { - *(void **)(&km_handle->QSEECom_start_app) = - dlsym(km_handle->libhandle,"QSEECom_start_app"); - if (km_handle->QSEECom_start_app == NULL) { - ALOGE("dlsym: Error Loading QSEECom_start_app"); - dlclose(km_handle->libhandle ); - km_handle->libhandle = NULL; - return -1; - } - *(void **)(&km_handle->QSEECom_shutdown_app) = - dlsym(km_handle->libhandle,"QSEECom_shutdown_app"); - if (km_handle->QSEECom_shutdown_app == NULL) { - ALOGE("dlsym: Error Loading QSEECom_shutdown_app"); - dlclose(km_handle->libhandle ); - km_handle->libhandle = NULL; - return -1; - } - *(void **)(&km_handle->QSEECom_send_cmd) = - dlsym(km_handle->libhandle,"QSEECom_send_cmd"); - if (km_handle->QSEECom_send_cmd == NULL) { - ALOGE("dlsym: Error Loading QSEECom_send_cmd"); - dlclose(km_handle->libhandle ); - km_handle->libhandle = NULL; - return -1; - } - *(void **)(&km_handle->QSEECom_send_modified_cmd) = - dlsym(km_handle->libhandle,"QSEECom_send_modified_cmd"); - if (km_handle->QSEECom_send_modified_cmd == NULL) { - ALOGE("dlsym: Error Loading QSEECom_send_modified_cmd"); - dlclose(km_handle->libhandle ); - km_handle->libhandle = NULL; - return -1; - } - *(void **)(&km_handle->QSEECom_set_bandwidth) = - dlsym(km_handle->libhandle,"QSEECom_set_bandwidth"); - if (km_handle->QSEECom_set_bandwidth == NULL) { - ALOGE("dlsym: Error Loading QSEECom_set_bandwidth"); - dlclose(km_handle->libhandle ); - km_handle->libhandle = NULL; - return -1; - } - - } else { - ALOGE("failed to load qseecom library"); - return -1; - } - return 0; -} - -/* - * Generic device handling - */ -static int qcom_km_open(const hw_module_t* module, const char* name, - hw_device_t** device) -{ - int ret = 0; - qcom_keymaster_handle_t* km_handle; - if (strcmp(name, KEYSTORE_KEYMASTER) != 0) - return -EINVAL; - - km_handle = (qcom_keymaster_handle_t *)malloc(sizeof(qcom_keymaster_handle_t)); - if (km_handle == NULL) { - ALOGE("Memalloc for keymaster handle failed"); - return -1; - } - km_handle->qseecom = NULL; - km_handle->libhandle = NULL; - ret = qcom_km_get_lib_sym(km_handle); - if (ret) { - free(km_handle); - return -1; - } - Unique_keymaster_device_t dev(new keymaster0_device_t); - if (dev.get() == NULL){ - free(km_handle); - return -ENOMEM; - } - dev->context = (void *)km_handle; - ret = (*km_handle->QSEECom_start_app)((struct QSEECom_handle **)&km_handle->qseecom, - "/vendor/firmware/keymaster", "keymaster", KM_SB_LENGTH); - if(ret) - ret = (*km_handle->QSEECom_start_app)((struct QSEECom_handle **)&km_handle->qseecom, - "/firmware/image", "keymaste", KM_SB_LENGTH); - if (ret) { - ALOGE("Loading keymaster app failed"); - free(km_handle); - return -1; - } - dev->common.tag = HARDWARE_DEVICE_TAG; - dev->common.version = 1; - dev->common.module = (struct hw_module_t*) module; - dev->common.close = qcom_km_close; - dev->flags = KEYMASTER_BLOBS_ARE_STANDALONE; - - dev->generate_keypair = qcom_km_generate_keypair; - dev->import_keypair = qcom_km_import_keypair; - dev->get_keypair_public = qcom_km_get_keypair_public; - dev->delete_keypair = NULL; - dev->delete_all = NULL; - dev->sign_data = qcom_km_sign_data; - dev->verify_data = qcom_km_verify_data; - - *device = reinterpret_cast<hw_device_t*>(dev.release()); - - return 0; -} - -static struct hw_module_methods_t keystore_module_methods = { - .open = qcom_km_open, -}; - -struct keystore_module HAL_MODULE_INFO_SYM -__attribute__ ((visibility ("default"))) = { - .common = { - .tag = HARDWARE_MODULE_TAG, - .module_api_version = QCOM_KEYMASTER_API_VERSION, - .hal_api_version = HARDWARE_HAL_API_VERSION, - .id = KEYSTORE_HARDWARE_MODULE_ID, - .name = "Keymaster QCOM HAL", - .author = "The Android Open Source Project", - .methods = &keystore_module_methods, - .dso = 0, - .reserved = {}, - }, -}; diff --git a/keymaster/keymaster_qcom.h b/keymaster/keymaster_qcom.h deleted file mode 100644 index c6dd4e5..0000000 --- a/keymaster/keymaster_qcom.h +++ /dev/null @@ -1,222 +0,0 @@ -/* - * Copyright (C) 2012 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); you - * may not use this file except in compliance with the License. You may - * obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - * implied. See the License for the specific language governing - * permissions and limitations under the License. - */ - -#ifndef ANDROID_HARDWARE_QCOM_KEYMASTER_H -#define ANDROID_HARDWARE_QCOM_KEYMASTER_H - -#include <stdint.h> -#include <sys/cdefs.h> -#include <sys/types.h> - -__BEGIN_DECLS - -#ifdef _ION_HEAP_MASK_COMPATIBILITY_WA -#define ION_HEAP_MASK heap_mask -#else -#define ION_HEAP_MASK heap_id_mask -#endif - -/** - * The id of this module - */ -#define QCOM_KEYSTORE_KEYMASTER "qcom_keymaster" -/** - * Operation result - */ -#define KEYMATER_SUCCESS 0 -#define KEYMASTER_FAILURE -1 - -/** - * The API level of this version of the header. The allows the implementing - * module to recognize which API level of the client it is dealing with in - * the case of pre-compiled binary clients. - */ -#define QCOM_KEYMASTER_API_VERSION KEYMASTER_MODULE_API_VERSION_0_3 - -#define KM_MAGIC_NUM (0x4B4D4B42) /* "KMKB" Key Master Key Blob in hex */ -#define KM_KEY_SIZE_MAX (512) /* 4096 bits */ -#define KM_IV_LENGTH (16) /* AES128 CBC IV */ -#define KM_HMAC_LENGTH (32) /* SHA2 will be used for HMAC */ - -struct qcom_km_key_blob { - uint32_t magic_num; - uint32_t version_num; - uint8_t modulus[KM_KEY_SIZE_MAX]; - uint32_t modulus_size; - uint8_t public_exponent[KM_KEY_SIZE_MAX]; - uint32_t public_exponent_size; - uint8_t iv[KM_IV_LENGTH]; - uint8_t encrypted_private_exponent[KM_KEY_SIZE_MAX]; - uint32_t encrypted_private_exponent_size; - uint8_t hmac[KM_HMAC_LENGTH]; -}; -typedef struct qcom_km_key_blob qcom_km_key_blob_t; -/** - * Commands supported - */ -enum keymaster_cmd_t { - /* - * List the commands supportedin by the hardware. - */ - KEYMASTER_GENERATE_KEYPAIR = 0x00000001, - KEYMASTER_IMPORT_KEYPAIR = 0x00000002, - KEYMASTER_SIGN_DATA = 0x00000003, - KEYMASTER_VERIFY_DATA = 0x00000004, -}; - - -/** - * Command to Generate a public and private key. The key data returned - * (by secure app) is in shared buffer at offset of "key_blob" and is opaque - * - * cmd_id : Command issue to secure app - * key_type : Currently on RSA_TYPE is supported - * rsa_params : Parameters needed to generate an RSA key - */ - struct keymaster_gen_keypair_cmd { - keymaster_cmd_t cmd_id; - keymaster_keypair_t key_type; - keymaster_rsa_keygen_params_t rsa_params; -}; -typedef struct keymaster_gen_keypair_cmd keymaster_gen_keypair_cmd_t; - -/** - * Response to Generate a public and private key. The key data returned - * (by secure app) is in shared buffer at offset of "key_blob" and is opaque - * - * cmd_id : Command issue to secure app - * key_blob : key blob data - * key_blob_len : Total length of key blob information - * status : Result (success 0, or failure -1) - */ -struct keymaster_gen_keypair_resp { - keymaster_cmd_t cmd_id; - qcom_km_key_blob_t key_blob; - uint32_t key_blob_len; - int32_t status; -}; -typedef struct keymaster_gen_keypair_resp keymaster_gen_keypair_resp_t; - - -/** - * Command to import a public and private key pair. The imported keys - * will be in PKCS#8 format with DER encoding (Java standard). The key - * data returned (by secure app) is in shared buffer at offset of - * "key_blob" and is opaque - * - * cmd_id : Command issue to secure app - * pkcs8_key : Pointer to pkcs8 formatted key information - * pkcs8_key_len: PKCS8 formatted key length - */ -struct keymaster_import_keypair_cmd { - keymaster_cmd_t cmd_id; - uint32_t pkcs8_key; - uint32_t pkcs8_key_len; -}; -typedef struct keymaster_import_keypair_cmd keymaster_import_keypair_cmd_t; - -/** - * Response to import a public and private key. The key data returned - * (by secure app) is in shared buffer at offset of "key_blob" and is opaque - * - * cmd_id : Command issue to secure app - * key_blob : key blob data - * key_blob_len : Total length of key blob information - * status : Result (success 0, or failure -1) - */ -struct keymaster_import_keypair_resp { - keymaster_cmd_t cmd_id; - qcom_km_key_blob_t key_blob; - uint32_t key_blob_len; - int32_t status; -}; -typedef struct keymaster_import_keypair_resp keymaster_import_keypair_resp_t; - -/** - * Command to sign data using a key info generated before. This can use either - * an asymmetric key or a secret key. - * The signed data is returned (by secure app) at offset of data + dlen. - * - * cmd_id : Command issue to secure app - * sign_param : - * key_blob : Key data information (in shared buffer) - * data : Pointer to plain data buffer - * dlen : Plain data length - */ -struct keymaster_sign_data_cmd { - keymaster_cmd_t cmd_id; - keymaster_rsa_sign_params_t sign_param; - qcom_km_key_blob_t key_blob; - uint32_t data; - uint32_t dlen; -}; -typedef struct keymaster_sign_data_cmd keymaster_sign_data_cmd_t; - -/** - * Response to sign data response - * - * cmd_id : Command issue to secure app - * signed_data : signature - * sig_len : Signed data length - * status : Result (success 0, or failure -1) - */ -struct keymaster_sign_data_resp { - keymaster_cmd_t cmd_id; - uint8_t signed_data[KM_KEY_SIZE_MAX]; - uint32_t sig_len; - int32_t status; -}; - -typedef struct keymaster_sign_data_resp keymaster_sign_data_resp_t; - -/** - * Command to verify data using a key info generated before. This can use either - * an asymmetric key or a secret key. - * - * cmd_id : Command issue to secure app - * sign_param : - * key_blob : Key data information (in shared buffer) - * key_blob_len: Total key length - * signed_data : Pointer to signed data buffer - * signed_dlen : Signed data length - * signature : Offset to the signature data buffer (from signed data buffer) - * slen : Signature data length - */ -struct keymaster_verify_data_cmd { - keymaster_cmd_t cmd_id; - keymaster_rsa_sign_params_t sign_param; - qcom_km_key_blob_t key_blob; - uint32_t signed_data; - uint32_t signed_dlen; - uint32_t signature; - uint32_t slen; -}; -typedef struct keymaster_verify_data_cmd keymaster_verify_data_cmd_t; -/** - * Response to verify data - * - * cmd_id : Command issue to secure app - * status : Result (success 0, or failure -1) - */ -struct keymaster_verify_data_resp { - keymaster_cmd_t cmd_id; - int32_t status; -}; -typedef struct keymaster_verify_data_resp keymaster_verify_data_resp_t; - -__END_DECLS - -#endif // ANDROID_HARDWARE_QCOM_KEYMASTER_H @@ -155,13 +155,8 @@ PRODUCT_PACKAGES += \ CMActions \ com.cyanogenmod.keyhandler -ifeq ($(TARGET_DEVICE),Z010D) PRODUCT_PACKAGES += \ keystore.msm8916 -else -PRODUCT_PACKAGES += \ - keystore.qcom -endif # Light PRODUCT_PACKAGES += \ @@ -250,11 +245,11 @@ PRODUCT_PACKAGES += \ ifeq ($(TARGET_DEVICE),Z010D) PRODUCT_COPY_FILES += \ kernel/asus/msm8916/drivers/staging/prima/firmware_bin/WCNSS_cfg.dat:system/etc/firmware/wlan/prima/WCNSS_cfg.dat \ - kernel/asus/msm8916/drivers/staging/prima/firmware_bin/WCNSS_qcom_cfg.ini:system/etc/firmware/wlan/prima/WCNSS_qcom_cfg.ini + kernel/asus/msm8916/drivers/staging/prima/firmware_bin/WCNSS_qcom_cfg.ini:system/etc/wifi/WCNSS_qcom_cfg.ini else PRODUCT_COPY_FILES += \ $(LOCAL_PATH)/wifi/WCNSS_cfg.dat:system/etc/firmware/wlan/prima/WCNSS_cfg.dat \ - $(LOCAL_PATH)/wifi/WCNSS_qcom_cfg.ini:system/etc/firmware/wlan/prima/WCNSS_qcom_cfg.ini + $(LOCAL_PATH)/wifi/WCNSS_qcom_cfg.ini:system/etc/wifi/WCNSS_qcom_cfg.ini endif # Keylayout |