Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2017, The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include "KeymasterDevice.h" |
nagendra modadugu | 9747140 | 2017-09-27 14:01:00 -0700 | [diff] [blame] | 18 | #include "import_key.h" |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 19 | #include "import_wrapped_key.h" |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 20 | #include "proto_utils.h" |
| 21 | |
nagendra modadugu | 9e8c856 | 2017-09-18 18:58:54 -0700 | [diff] [blame] | 22 | #include <Keymaster.client.h> |
Andrew Scull | 8e96ff0 | 2017-10-09 11:09:09 +0100 | [diff] [blame] | 23 | #include <nos/debug.h> |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 24 | #include <nos/NuggetClient.h> |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 25 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 26 | #include <keymasterV4_0/key_param_output.h> |
| 27 | |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 28 | #include <android-base/logging.h> |
| 29 | |
| 30 | namespace android { |
| 31 | namespace hardware { |
| 32 | namespace keymaster { |
| 33 | |
nagendra modadugu | 8a88337 | 2017-09-18 22:29:00 -0700 | [diff] [blame] | 34 | // std |
| 35 | using std::string; |
| 36 | |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 37 | // libhidl |
| 38 | using ::android::hardware::Void; |
| 39 | |
| 40 | // HAL |
nagendra modadugu | f110176 | 2018-01-04 17:59:51 -0800 | [diff] [blame] | 41 | using ::android::hardware::keymaster::V4_0::Algorithm; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 42 | using ::android::hardware::keymaster::V4_0::KeyCharacteristics; |
nagendra modadugu | f110176 | 2018-01-04 17:59:51 -0800 | [diff] [blame] | 43 | using ::android::hardware::keymaster::V4_0::KeyFormat; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 44 | using ::android::hardware::keymaster::V4_0::SecurityLevel; |
| 45 | using ::android::hardware::keymaster::V4_0::Tag; |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 46 | |
| 47 | // nos |
| 48 | using nos::NuggetClient; |
| 49 | |
| 50 | // Keymaster app |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 51 | // KM 3.0 types |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 52 | using ::nugget::app::keymaster::AddRngEntropyRequest; |
| 53 | using ::nugget::app::keymaster::AddRngEntropyResponse; |
| 54 | using ::nugget::app::keymaster::GenerateKeyRequest; |
| 55 | using ::nugget::app::keymaster::GenerateKeyResponse; |
| 56 | using ::nugget::app::keymaster::GetKeyCharacteristicsRequest; |
| 57 | using ::nugget::app::keymaster::GetKeyCharacteristicsResponse; |
| 58 | using ::nugget::app::keymaster::ImportKeyRequest; |
| 59 | using ::nugget::app::keymaster::ImportKeyResponse; |
| 60 | using ::nugget::app::keymaster::ExportKeyRequest; |
| 61 | using ::nugget::app::keymaster::ExportKeyResponse; |
| 62 | using ::nugget::app::keymaster::AttestKeyRequest; |
| 63 | using ::nugget::app::keymaster::AttestKeyResponse; |
| 64 | using ::nugget::app::keymaster::UpgradeKeyRequest; |
| 65 | using ::nugget::app::keymaster::UpgradeKeyResponse; |
| 66 | using ::nugget::app::keymaster::DeleteKeyRequest; |
| 67 | using ::nugget::app::keymaster::DeleteKeyResponse; |
| 68 | using ::nugget::app::keymaster::DeleteAllKeysRequest; |
| 69 | using ::nugget::app::keymaster::DeleteAllKeysResponse; |
| 70 | using ::nugget::app::keymaster::DestroyAttestationIdsRequest; |
| 71 | using ::nugget::app::keymaster::DestroyAttestationIdsResponse; |
| 72 | using ::nugget::app::keymaster::BeginOperationRequest; |
| 73 | using ::nugget::app::keymaster::BeginOperationResponse; |
| 74 | using ::nugget::app::keymaster::UpdateOperationRequest; |
| 75 | using ::nugget::app::keymaster::UpdateOperationResponse; |
| 76 | using ::nugget::app::keymaster::FinishOperationRequest; |
| 77 | using ::nugget::app::keymaster::FinishOperationResponse; |
| 78 | using ::nugget::app::keymaster::AbortOperationRequest; |
| 79 | using ::nugget::app::keymaster::AbortOperationResponse; |
| 80 | |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 81 | // KM 4.0 types |
| 82 | using ::nugget::app::keymaster::ImportWrappedKeyRequest; |
| 83 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 84 | static ErrorCode status_to_error_code(uint32_t status) |
| 85 | { |
| 86 | switch (status) { |
| 87 | case APP_SUCCESS: |
| 88 | return ErrorCode::OK; |
| 89 | break; |
| 90 | case APP_ERROR_BOGUS_ARGS: |
| 91 | return ErrorCode::INVALID_ARGUMENT; |
| 92 | break; |
| 93 | case APP_ERROR_INTERNAL: |
| 94 | return ErrorCode::UNKNOWN_ERROR; |
| 95 | break; |
| 96 | case APP_ERROR_TOO_MUCH: |
| 97 | return ErrorCode::INSUFFICIENT_BUFFER_SPACE; |
| 98 | break; |
| 99 | case APP_ERROR_RPC: |
| 100 | return ErrorCode::SECURE_HW_COMMUNICATION_FAILED; |
| 101 | break; |
| 102 | // TODO: app specific error codes go here. |
| 103 | default: |
| 104 | return ErrorCode::UNKNOWN_ERROR; |
| 105 | break; |
| 106 | } |
| 107 | } |
| 108 | |
nagendra modadugu | 07be7f1 | 2017-12-28 11:20:45 -0800 | [diff] [blame] | 109 | #define KM_CALL(meth) { \ |
| 110 | const uint32_t status = _keymaster. meth (request, &response); \ |
| 111 | const ErrorCode error_code = translate_error_code(response.error_code()); \ |
| 112 | if (status != APP_SUCCESS) { \ |
| 113 | LOG(ERROR) << #meth << " : request failed with status: " \ |
| 114 | << nos::StatusCodeString(status); \ |
| 115 | return status_to_error_code(status); \ |
| 116 | } \ |
| 117 | if (error_code != ErrorCode::OK) { \ |
| 118 | LOG(ERROR) << #meth << " : device response error code: " \ |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 119 | << error_code; \ |
nagendra modadugu | 07be7f1 | 2017-12-28 11:20:45 -0800 | [diff] [blame] | 120 | return error_code; \ |
| 121 | } \ |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 122 | } |
| 123 | |
nagendra modadugu | 07be7f1 | 2017-12-28 11:20:45 -0800 | [diff] [blame] | 124 | #define KM_CALLV(meth, ...) { \ |
| 125 | const uint32_t status = _keymaster. meth (request, &response); \ |
| 126 | const ErrorCode error_code = translate_error_code(response.error_code()); \ |
| 127 | if (status != APP_SUCCESS) { \ |
| 128 | LOG(ERROR) << #meth << " : request failed with status: " \ |
| 129 | << nos::StatusCodeString(status); \ |
| 130 | _hidl_cb(status_to_error_code(status), __VA_ARGS__); \ |
| 131 | return Void(); \ |
| 132 | } \ |
| 133 | if (error_code != ErrorCode::OK) { \ |
| 134 | LOG(ERROR) << #meth << " : device response error code: " \ |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 135 | << error_code; \ |
nagendra modadugu | 07be7f1 | 2017-12-28 11:20:45 -0800 | [diff] [blame] | 136 | /* TODO: translate error codes. */ \ |
| 137 | _hidl_cb(error_code, __VA_ARGS__); \ |
| 138 | return Void(); \ |
| 139 | } \ |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 140 | } |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 141 | |
| 142 | // Methods from ::android::hardware::keymaster::V3_0::IKeymasterDevice follow. |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 143 | |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 144 | Return<void> KeymasterDevice::getHardwareInfo( |
| 145 | getHardwareInfo_cb _hidl_cb) |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 146 | { |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 147 | LOG(VERBOSE) << "Running KeymasterDevice::getHardwareInfo"; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 148 | |
nagendra modadugu | 8a88337 | 2017-09-18 22:29:00 -0700 | [diff] [blame] | 149 | (void)_keymaster; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 150 | _hidl_cb(SecurityLevel::STRONGBOX, |
| 151 | string("CitadelKeymaster"), string("Google")); |
| 152 | |
| 153 | return Void(); |
| 154 | } |
| 155 | |
| 156 | Return<void> KeymasterDevice::getHmacSharingParameters( |
| 157 | getHmacSharingParameters_cb _hidl_cb) |
| 158 | { |
| 159 | LOG(VERBOSE) << "Running KeymasterDevice::getHmacSharingParameters"; |
| 160 | |
| 161 | (void)_keymaster; |
| 162 | _hidl_cb(ErrorCode::UNIMPLEMENTED, HmacSharingParameters()); |
| 163 | |
| 164 | return Void(); |
| 165 | } |
| 166 | |
| 167 | Return<void> KeymasterDevice::computeSharedHmac( |
| 168 | const hidl_vec<HmacSharingParameters>& params, |
| 169 | computeSharedHmac_cb _hidl_cb) |
| 170 | { |
| 171 | LOG(VERBOSE) << "Running KeymasterDevice::computeSharedHmac"; |
| 172 | |
| 173 | (void)params; |
| 174 | |
| 175 | (void)_keymaster; |
| 176 | _hidl_cb(ErrorCode::UNIMPLEMENTED, hidl_vec<uint8_t>{}); |
| 177 | |
| 178 | return Void(); |
| 179 | } |
| 180 | |
| 181 | Return<void> KeymasterDevice::verifyAuthorization( |
| 182 | uint64_t challenge, const hidl_vec<KeyParameter>& parametersToVerify, |
| 183 | const HardwareAuthToken& authToken, verifyAuthorization_cb _hidl_cb) |
| 184 | { |
| 185 | LOG(VERBOSE) << "Running KeymasterDevice::verifyAuthorization"; |
| 186 | |
| 187 | (void)challenge; |
| 188 | (void)parametersToVerify; |
| 189 | (void)authToken; |
| 190 | |
| 191 | (void)_keymaster; |
| 192 | _hidl_cb(ErrorCode::UNIMPLEMENTED, VerificationToken()); |
| 193 | |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 194 | return Void(); |
| 195 | } |
| 196 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 197 | Return<ErrorCode> KeymasterDevice::addRngEntropy(const hidl_vec<uint8_t>& data) |
| 198 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 199 | LOG(VERBOSE) << "Running KeymasterDevice::addRngEntropy"; |
| 200 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 201 | if (!data.size()) return ErrorCode::OK; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 202 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 203 | const size_t chunk_size = 1024; |
| 204 | for (size_t i = 0; i < data.size(); i += chunk_size) { |
| 205 | AddRngEntropyRequest request; |
| 206 | AddRngEntropyResponse response; |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 207 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 208 | request.set_data(&data[i], std::min(chunk_size, data.size() - i)); |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 209 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 210 | // Call device. |
| 211 | KM_CALL(AddRngEntropy); |
| 212 | } |
| 213 | |
| 214 | return ErrorCode::OK; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 215 | } |
| 216 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 217 | Return<void> KeymasterDevice::generateKey( |
| 218 | const hidl_vec<KeyParameter>& keyParams, |
| 219 | generateKey_cb _hidl_cb) |
| 220 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 221 | LOG(VERBOSE) << "Running KeymasterDevice::generateKey"; |
| 222 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 223 | GenerateKeyRequest request; |
| 224 | GenerateKeyResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 225 | |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 226 | hidl_vec<uint8_t> blob; |
| 227 | KeyCharacteristics characteristics; |
| 228 | if (hidl_params_to_pb( |
| 229 | keyParams, request.mutable_params()) != ErrorCode::OK) { |
| 230 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, blob, characteristics); |
| 231 | return Void(); |
| 232 | } |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 233 | |
| 234 | // Call device. |
| 235 | KM_CALLV(GenerateKey, hidl_vec<uint8_t>{}, KeyCharacteristics()); |
| 236 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 237 | blob.setToExternal( |
| 238 | reinterpret_cast<uint8_t*>( |
| 239 | const_cast<char*>(response.blob().blob().data())), |
| 240 | response.blob().blob().size(), false); |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 241 | pb_to_hidl_params(response.characteristics().software_enforced(), |
| 242 | &characteristics.softwareEnforced); |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 243 | pb_to_hidl_params(response.characteristics().tee_enforced(), |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 244 | &characteristics.hardwareEnforced); |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 245 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 246 | _hidl_cb(translate_error_code(response.error_code()), |
| 247 | blob, characteristics); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 248 | return Void(); |
| 249 | } |
| 250 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 251 | Return<void> KeymasterDevice::getKeyCharacteristics( |
| 252 | const hidl_vec<uint8_t>& keyBlob, |
| 253 | const hidl_vec<uint8_t>& clientId, |
| 254 | const hidl_vec<uint8_t>& appData, |
| 255 | getKeyCharacteristics_cb _hidl_cb) |
| 256 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 257 | LOG(VERBOSE) << "Running KeymasterDevice::getKeyCharacteristics"; |
| 258 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 259 | GetKeyCharacteristicsRequest request; |
| 260 | GetKeyCharacteristicsResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 261 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 262 | request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size()); |
| 263 | request.set_client_id(&clientId[0], clientId.size()); |
| 264 | request.set_app_data(&appData[0], appData.size()); |
| 265 | |
| 266 | // Call device. |
| 267 | KM_CALLV(GetKeyCharacteristics, KeyCharacteristics()); |
| 268 | |
| 269 | KeyCharacteristics characteristics; |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 270 | pb_to_hidl_params(response.characteristics().software_enforced(), |
| 271 | &characteristics.softwareEnforced); |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 272 | pb_to_hidl_params(response.characteristics().tee_enforced(), |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 273 | &characteristics.hardwareEnforced); |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 274 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 275 | _hidl_cb(translate_error_code(response.error_code()), characteristics); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 276 | return Void(); |
| 277 | } |
| 278 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 279 | Return<void> KeymasterDevice::importKey( |
| 280 | const hidl_vec<KeyParameter>& params, KeyFormat keyFormat, |
| 281 | const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) |
| 282 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 283 | LOG(VERBOSE) << "Running KeymasterDevice::importKey"; |
| 284 | |
nagendra modadugu | 9747140 | 2017-09-27 14:01:00 -0700 | [diff] [blame] | 285 | ErrorCode error; |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 286 | ImportKeyRequest request; |
| 287 | ImportKeyResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 288 | |
nagendra modadugu | 9747140 | 2017-09-27 14:01:00 -0700 | [diff] [blame] | 289 | error = import_key_request(params, keyFormat, keyData, &request); |
| 290 | if (error != ErrorCode::OK) { |
| 291 | LOG(ERROR) << "ImportKey request parsing failed with error " |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 292 | << error; |
nagendra modadugu | 9747140 | 2017-09-27 14:01:00 -0700 | [diff] [blame] | 293 | _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{}); |
| 294 | return Void(); |
| 295 | } |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 296 | |
| 297 | KM_CALLV(ImportKey, hidl_vec<uint8_t>{}, KeyCharacteristics{}); |
| 298 | |
| 299 | hidl_vec<uint8_t> blob; |
| 300 | blob.setToExternal( |
| 301 | reinterpret_cast<uint8_t*>( |
| 302 | const_cast<char*>(response.blob().blob().data())), |
| 303 | response.blob().blob().size(), false); |
| 304 | |
| 305 | KeyCharacteristics characteristics; |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 306 | pb_to_hidl_params(response.characteristics().software_enforced(), |
| 307 | &characteristics.softwareEnforced); |
nagendra modadugu | 9747140 | 2017-09-27 14:01:00 -0700 | [diff] [blame] | 308 | error = pb_to_hidl_params(response.characteristics().tee_enforced(), |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 309 | &characteristics.hardwareEnforced); |
nagendra modadugu | 9747140 | 2017-09-27 14:01:00 -0700 | [diff] [blame] | 310 | if (error != ErrorCode::OK) { |
| 311 | LOG(ERROR) << "KeymasterDevice::importKey: response tee_enforced :" |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 312 | << error; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 313 | _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{}); |
| 314 | return Void(); |
nagendra modadugu | 9747140 | 2017-09-27 14:01:00 -0700 | [diff] [blame] | 315 | } |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 316 | |
| 317 | _hidl_cb(ErrorCode::OK, blob, characteristics); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 318 | return Void(); |
| 319 | } |
| 320 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 321 | Return<void> KeymasterDevice::exportKey( |
| 322 | KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob, |
| 323 | const hidl_vec<uint8_t>& clientId, |
| 324 | const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) |
| 325 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 326 | LOG(VERBOSE) << "Running KeymasterDevice::exportKey"; |
| 327 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 328 | ExportKeyRequest request; |
| 329 | ExportKeyResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 330 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 331 | request.set_format((::nugget::app::keymaster::KeyFormat)exportFormat); |
| 332 | request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size()); |
| 333 | request.set_client_id(&clientId[0], clientId.size()); |
| 334 | request.set_app_data(&appData[0], appData.size()); |
| 335 | |
| 336 | KM_CALLV(ExportKey, hidl_vec<uint8_t>{}); |
| 337 | |
| 338 | hidl_vec<uint8_t> blob; |
| 339 | blob.setToExternal( |
| 340 | reinterpret_cast<uint8_t*>( |
| 341 | const_cast<char*>(response.key_material().data())), |
| 342 | response.key_material().size(), false); |
| 343 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 344 | _hidl_cb(translate_error_code(response.error_code()), blob); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 345 | return Void(); |
| 346 | } |
| 347 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 348 | Return<void> KeymasterDevice::attestKey( |
| 349 | const hidl_vec<uint8_t>& keyToAttest, |
| 350 | const hidl_vec<KeyParameter>& attestParams, |
| 351 | attestKey_cb _hidl_cb) |
| 352 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 353 | LOG(VERBOSE) << "Running KeymasterDevice::attestKey"; |
| 354 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 355 | AttestKeyRequest request; |
| 356 | AttestKeyResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 357 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 358 | request.mutable_blob()->set_blob(&keyToAttest[0], keyToAttest.size()); |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 359 | |
| 360 | vector<hidl_vec<uint8_t> > chain; |
| 361 | if (hidl_params_to_pb( |
| 362 | attestParams, request.mutable_params()) != ErrorCode::OK) { |
| 363 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, chain); |
| 364 | return Void(); |
| 365 | } |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 366 | |
| 367 | KM_CALLV(AttestKey, hidl_vec<hidl_vec<uint8_t> >{}); |
| 368 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 369 | for (int i = 0; i < response.chain().certificates_size(); i++) { |
| 370 | hidl_vec<uint8_t> blob; |
| 371 | blob.setToExternal( |
| 372 | reinterpret_cast<uint8_t*>( |
| 373 | const_cast<char*>( |
| 374 | response.chain().certificates(i).data().data())), |
| 375 | response.chain().certificates(i).data().size(), false); |
| 376 | chain.push_back(blob); |
| 377 | } |
| 378 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 379 | _hidl_cb(translate_error_code(response.error_code()), |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 380 | hidl_vec<hidl_vec<uint8_t> >(chain)); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 381 | return Void(); |
| 382 | } |
| 383 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 384 | Return<void> KeymasterDevice::upgradeKey( |
| 385 | const hidl_vec<uint8_t>& keyBlobToUpgrade, |
| 386 | const hidl_vec<KeyParameter>& upgradeParams, |
| 387 | upgradeKey_cb _hidl_cb) |
| 388 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 389 | LOG(VERBOSE) << "Running KeymasterDevice::upgradeKey"; |
| 390 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 391 | UpgradeKeyRequest request; |
| 392 | UpgradeKeyResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 393 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 394 | request.mutable_blob()->set_blob(&keyBlobToUpgrade[0], |
| 395 | keyBlobToUpgrade.size()); |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 396 | |
| 397 | hidl_vec<uint8_t> blob; |
| 398 | if (hidl_params_to_pb( |
| 399 | upgradeParams, request.mutable_params()) != ErrorCode::OK) { |
| 400 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, blob); |
| 401 | return Void(); |
| 402 | } |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 403 | |
| 404 | KM_CALLV(UpgradeKey, hidl_vec<uint8_t>{}); |
| 405 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 406 | blob.setToExternal( |
| 407 | reinterpret_cast<uint8_t*>( |
| 408 | const_cast<char*>(response.blob().blob().data())), |
| 409 | response.blob().blob().size(), false); |
| 410 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 411 | _hidl_cb(translate_error_code(response.error_code()), blob); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 412 | return Void(); |
| 413 | } |
| 414 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 415 | Return<ErrorCode> KeymasterDevice::deleteKey(const hidl_vec<uint8_t>& keyBlob) |
| 416 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 417 | LOG(VERBOSE) << "Running KeymasterDevice::deleteKey"; |
| 418 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 419 | DeleteKeyRequest request; |
| 420 | DeleteKeyResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 421 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 422 | request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size()); |
| 423 | |
| 424 | KM_CALL(DeleteKey); |
| 425 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 426 | return translate_error_code(response.error_code()); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 427 | } |
| 428 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 429 | Return<ErrorCode> KeymasterDevice::deleteAllKeys() |
| 430 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 431 | LOG(VERBOSE) << "Running KeymasterDevice::deleteAllKeys"; |
| 432 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 433 | DeleteAllKeysRequest request; |
| 434 | DeleteAllKeysResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 435 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 436 | KM_CALL(DeleteAllKeys); |
| 437 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 438 | return translate_error_code(response.error_code()); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 439 | } |
| 440 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 441 | Return<ErrorCode> KeymasterDevice::destroyAttestationIds() |
| 442 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 443 | LOG(VERBOSE) << "Running KeymasterDevice::destroyAttestationIds"; |
| 444 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 445 | DestroyAttestationIdsRequest request; |
| 446 | DestroyAttestationIdsResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 447 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 448 | KM_CALL(DestroyAttestationIds); |
| 449 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 450 | return translate_error_code(response.error_code()); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 451 | } |
| 452 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 453 | Return<void> KeymasterDevice::begin( |
| 454 | KeyPurpose purpose, const hidl_vec<uint8_t>& key, |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 455 | const hidl_vec<KeyParameter>& inParams, |
| 456 | const HardwareAuthToken& authToken, |
| 457 | begin_cb _hidl_cb) |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 458 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 459 | LOG(VERBOSE) << "Running KeymasterDevice::begin"; |
| 460 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 461 | BeginOperationRequest request; |
| 462 | BeginOperationResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 463 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 464 | request.set_purpose((::nugget::app::keymaster::KeyPurpose)purpose); |
| 465 | request.mutable_blob()->set_blob(&key[0], key.size()); |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 466 | // TODO: set request.auth_token(). |
| 467 | (void)authToken; |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 468 | |
| 469 | hidl_vec<KeyParameter> params; |
| 470 | if (hidl_params_to_pb( |
| 471 | inParams, request.mutable_params()) != ErrorCode::OK) { |
| 472 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, params, |
| 473 | response.handle().handle()); |
| 474 | return Void(); |
| 475 | } |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 476 | |
| 477 | KM_CALLV(BeginOperation, hidl_vec<KeyParameter>{}, 0); |
| 478 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 479 | pb_to_hidl_params(response.params(), ¶ms); |
| 480 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 481 | _hidl_cb(translate_error_code(response.error_code()), params, |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 482 | response.handle().handle()); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 483 | return Void(); |
| 484 | } |
| 485 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 486 | Return<void> KeymasterDevice::update( |
| 487 | uint64_t operationHandle, |
| 488 | const hidl_vec<KeyParameter>& inParams, |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 489 | const hidl_vec<uint8_t>& input, |
| 490 | const HardwareAuthToken& authToken, |
| 491 | const VerificationToken& verificationToken, |
| 492 | update_cb _hidl_cb) |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 493 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 494 | LOG(VERBOSE) << "Running KeymasterDevice::update"; |
| 495 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 496 | UpdateOperationRequest request; |
| 497 | UpdateOperationResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 498 | |
nagendra modadugu | 1943967 | 2018-01-17 16:43:26 -0800 | [diff] [blame^] | 499 | if (input.size() > KM_MAX_PROTO_FIELD_SIZE) { |
| 500 | LOG(ERROR) << "Excess input length: " << input.size() |
| 501 | << "max allowed: " << KM_MAX_PROTO_FIELD_SIZE; |
| 502 | if (this->abort(operationHandle) != ErrorCode::OK) { |
| 503 | LOG(ERROR) << "abort( " << operationHandle |
| 504 | << ") failed"; |
| 505 | } |
| 506 | _hidl_cb(ErrorCode::INVALID_INPUT_LENGTH, 0, |
| 507 | hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{}); |
| 508 | return Void(); |
| 509 | } |
| 510 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 511 | request.mutable_handle()->set_handle(operationHandle); |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 512 | |
| 513 | hidl_vec<KeyParameter> params; |
| 514 | hidl_vec<uint8_t> output; |
| 515 | if (hidl_params_to_pb( |
| 516 | inParams, request.mutable_params()) != ErrorCode::OK) { |
| 517 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, 0, params, output); |
| 518 | return Void(); |
| 519 | } |
| 520 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 521 | request.set_input(&input[0], input.size()); |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 522 | // TODO: add authToken and verificationToken. |
| 523 | (void)authToken; |
| 524 | (void)verificationToken; |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 525 | |
| 526 | KM_CALLV(UpdateOperation, 0, hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{}); |
| 527 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 528 | pb_to_hidl_params(response.params(), ¶ms); |
| 529 | output.setToExternal( |
| 530 | reinterpret_cast<uint8_t*>(const_cast<char*>(response.output().data())), |
| 531 | response.output().size(), false); |
| 532 | |
| 533 | _hidl_cb(ErrorCode::OK, response.consumed(), params, output); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 534 | return Void(); |
| 535 | } |
| 536 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 537 | Return<void> KeymasterDevice::finish( |
| 538 | uint64_t operationHandle, |
| 539 | const hidl_vec<KeyParameter>& inParams, |
| 540 | const hidl_vec<uint8_t>& input, |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 541 | const hidl_vec<uint8_t>& signature, |
| 542 | const HardwareAuthToken& authToken, |
| 543 | const VerificationToken& verificationToken, |
| 544 | finish_cb _hidl_cb) |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 545 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 546 | LOG(VERBOSE) << "Running KeymasterDevice::finish"; |
| 547 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 548 | FinishOperationRequest request; |
| 549 | FinishOperationResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 550 | |
nagendra modadugu | 1943967 | 2018-01-17 16:43:26 -0800 | [diff] [blame^] | 551 | if (input.size() > KM_MAX_PROTO_FIELD_SIZE) { |
| 552 | LOG(ERROR) << "Excess input length: " << input.size() |
| 553 | << "max allowed: " << KM_MAX_PROTO_FIELD_SIZE; |
| 554 | if (this->abort(operationHandle) != ErrorCode::OK) { |
| 555 | LOG(ERROR) << "abort( " << operationHandle |
| 556 | << ") failed"; |
| 557 | } |
| 558 | _hidl_cb(ErrorCode::INVALID_INPUT_LENGTH, |
| 559 | hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{}); |
| 560 | return Void(); |
| 561 | } |
| 562 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 563 | request.mutable_handle()->set_handle(operationHandle); |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 564 | |
| 565 | hidl_vec<KeyParameter> params; |
| 566 | hidl_vec<uint8_t> output; |
| 567 | if (hidl_params_to_pb( |
| 568 | inParams, request.mutable_params()) != ErrorCode::OK) { |
| 569 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, params, output); |
| 570 | return Void(); |
| 571 | } |
| 572 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 573 | request.set_input(&input[0], input.size()); |
| 574 | request.set_signature(&signature[0], signature.size()); |
| 575 | |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 576 | // TODO: add authToken and verificationToken. |
| 577 | (void)authToken; |
| 578 | (void)verificationToken; |
| 579 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 580 | KM_CALLV(FinishOperation, hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{}); |
| 581 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 582 | pb_to_hidl_params(response.params(), ¶ms); |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 583 | output.setToExternal( |
| 584 | reinterpret_cast<uint8_t*>(const_cast<char*>(response.output().data())), |
| 585 | response.output().size(), false); |
| 586 | |
| 587 | _hidl_cb(ErrorCode::OK, params, output); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 588 | return Void(); |
| 589 | } |
| 590 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 591 | Return<ErrorCode> KeymasterDevice::abort(uint64_t operationHandle) |
| 592 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 593 | LOG(VERBOSE) << "Running KeymasterDevice::abort"; |
| 594 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 595 | AbortOperationRequest request; |
| 596 | AbortOperationResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 597 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 598 | request.mutable_handle()->set_handle(operationHandle); |
| 599 | |
| 600 | KM_CALL(AbortOperation); |
| 601 | |
| 602 | return ErrorCode::OK; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 603 | } |
| 604 | |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 605 | // Methods from ::android::hardware::keymaster::V4_0::IKeymasterDevice follow. |
| 606 | Return<void> KeymasterDevice::importWrappedKey( |
| 607 | const hidl_vec<uint8_t>& wrappedKeyData, |
| 608 | const hidl_vec<uint8_t>& wrappingKeyBlob, |
| 609 | const hidl_vec<uint8_t>& maskingKey, |
nagendra modadugu | 9c231ef | 2018-01-19 15:51:59 -0800 | [diff] [blame] | 610 | const hidl_vec<KeyParameter>& /* unwrappingParams */, |
| 611 | uint64_t /* passwordSid */, uint64_t /* biometricSid */, |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 612 | importWrappedKey_cb _hidl_cb) |
| 613 | { |
| 614 | LOG(VERBOSE) << "Running KeymasterDevice::importWrappedKey"; |
| 615 | |
| 616 | ErrorCode error; |
| 617 | ImportWrappedKeyRequest request; |
| 618 | ImportKeyResponse response; |
| 619 | |
| 620 | if (maskingKey.size() != KM_WRAPPER_MASKING_KEY_SIZE) { |
| 621 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, hidl_vec<uint8_t>{}, |
| 622 | KeyCharacteristics{}); |
| 623 | return Void(); |
| 624 | } |
| 625 | |
| 626 | error = import_wrapped_key_request(wrappedKeyData, wrappingKeyBlob, |
| 627 | maskingKey, &request); |
| 628 | if (error != ErrorCode::OK) { |
| 629 | LOG(ERROR) << "ImportWrappedKey request parsing failed with error " |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 630 | << error; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 631 | _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{}); |
| 632 | return Void(); |
| 633 | } |
| 634 | |
| 635 | KM_CALLV(ImportWrappedKey, hidl_vec<uint8_t>{}, KeyCharacteristics{}); |
| 636 | |
| 637 | hidl_vec<uint8_t> blob; |
| 638 | blob.setToExternal( |
| 639 | reinterpret_cast<uint8_t*>( |
| 640 | const_cast<char*>(response.blob().blob().data())), |
| 641 | response.blob().blob().size(), false); |
| 642 | |
| 643 | KeyCharacteristics characteristics; |
| 644 | // TODO: anything to do here with softwareEnforced? |
| 645 | pb_to_hidl_params(response.characteristics().software_enforced(), |
| 646 | &characteristics.softwareEnforced); |
| 647 | error = pb_to_hidl_params(response.characteristics().tee_enforced(), |
| 648 | &characteristics.hardwareEnforced); |
| 649 | if (error != ErrorCode::OK) { |
| 650 | LOG(ERROR) << |
| 651 | "KeymasterDevice::importWrappedKey: response tee_enforced :" |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 652 | << error; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 653 | _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{}); |
| 654 | return Void(); |
| 655 | } |
| 656 | |
| 657 | _hidl_cb(ErrorCode::OK, blob, characteristics); |
| 658 | return Void(); |
| 659 | } |
| 660 | |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 661 | } // namespace keymaster |
| 662 | } // namespace hardware |
| 663 | } // namespace android |