Blame - hals/keymaster/KeymasterDevice.cpp - platform/external/nos/host/android

2017-08-10 10:03:20 +0100

[diff] [blame]

/*

*

* Licensed under the Apache License, Version 2.0 (the "License");

5

* you may not use this file except in compliance with the License.

6

* You may obtain a copy of the License at

7

*

8

* http://www.apache.org/licenses/LICENSE-2.0

9

*

10

* Unless required by applicable law or agreed to in writing, software

11

* distributed under the License is distributed on an "AS IS" BASIS,

12

* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

13

* See the License for the specific language governing permissions and

14

* limitations under the License.

15

*/

16

17

#include "KeymasterDevice.h"

nagendra modadugu

2017-09-27 14:01:00 -0700

[diff] [blame]

18

#include "import_key.h"

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

19

#include "import_wrapped_key.h"

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

20

#include "proto_utils.h"

21

nagendra modadugu

9e8c856

2017-09-18 18:58:54 -0700

[diff] [blame]

22

#include <Keymaster.client.h>

Andrew Scull

8e96ff0

2017-10-09 11:09:09 +0100

[diff] [blame]

23

#include <nos/debug.h>

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

24

#include <nos/NuggetClient.h>

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

25

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

26

#include <keymasterV4_0/key_param_output.h>

27

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

28

#include <android-base/logging.h>

namespace android {

namespace hardware {

namespace keymaster {

33

nagendra modadugu

8a88337

2017-09-18 22:29:00 -0700

[diff] [blame]

// std

using std::string;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

37

// libhidl

38

using ::android::hardware::Void;

39

40

// HAL

nagendra modadugu

f110176

2018-01-04 17:59:51 -0800

[diff] [blame]

41

using ::android::hardware::keymaster::V4_0::Algorithm;

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

42

using ::android::hardware::keymaster::V4_0::KeyCharacteristics;

nagendra modadugu

f110176

2018-01-04 17:59:51 -0800

[diff] [blame]

43

using ::android::hardware::keymaster::V4_0::KeyFormat;

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

44

using ::android::hardware::keymaster::V4_0::SecurityLevel;

45

using ::android::hardware::keymaster::V4_0::Tag;

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

46

47

// nos

48

using nos::NuggetClient;

49

50

// Keymaster app

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

51

// KM 3.0 types

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

52

using ::nugget::app::keymaster::AddRngEntropyRequest;

53

using ::nugget::app::keymaster::AddRngEntropyResponse;

54

using ::nugget::app::keymaster::GenerateKeyRequest;

55

using ::nugget::app::keymaster::GenerateKeyResponse;

56

using ::nugget::app::keymaster::GetKeyCharacteristicsRequest;

57

using ::nugget::app::keymaster::GetKeyCharacteristicsResponse;

58

using ::nugget::app::keymaster::ImportKeyRequest;

59

using ::nugget::app::keymaster::ImportKeyResponse;

60

using ::nugget::app::keymaster::ExportKeyRequest;

61

using ::nugget::app::keymaster::ExportKeyResponse;

62

using ::nugget::app::keymaster::AttestKeyRequest;

63

using ::nugget::app::keymaster::AttestKeyResponse;

64

using ::nugget::app::keymaster::UpgradeKeyRequest;

65

using ::nugget::app::keymaster::UpgradeKeyResponse;

66

using ::nugget::app::keymaster::DeleteKeyRequest;

67

using ::nugget::app::keymaster::DeleteKeyResponse;

68

using ::nugget::app::keymaster::DeleteAllKeysRequest;

69

using ::nugget::app::keymaster::DeleteAllKeysResponse;

70

using ::nugget::app::keymaster::DestroyAttestationIdsRequest;

71

using ::nugget::app::keymaster::DestroyAttestationIdsResponse;

72

using ::nugget::app::keymaster::BeginOperationRequest;

73

using ::nugget::app::keymaster::BeginOperationResponse;

74

using ::nugget::app::keymaster::UpdateOperationRequest;

75

using ::nugget::app::keymaster::UpdateOperationResponse;

76

using ::nugget::app::keymaster::FinishOperationRequest;

77

using ::nugget::app::keymaster::FinishOperationResponse;

78

using ::nugget::app::keymaster::AbortOperationRequest;

79

using ::nugget::app::keymaster::AbortOperationResponse;

80

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

81

// KM 4.0 types

82

using ::nugget::app::keymaster::ImportWrappedKeyRequest;

83

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

84

static ErrorCode status_to_error_code(uint32_t status)

{

switch (status) {

case APP_SUCCESS:

return ErrorCode::OK;

89

break;

90

case APP_ERROR_BOGUS_ARGS:

91

return ErrorCode::INVALID_ARGUMENT;

92

break;

93

case APP_ERROR_INTERNAL:

94

return ErrorCode::UNKNOWN_ERROR;

95

break;

96

case APP_ERROR_TOO_MUCH:

97

return ErrorCode::INSUFFICIENT_BUFFER_SPACE;

98

break;

99

case APP_ERROR_RPC:

100

return ErrorCode::SECURE_HW_COMMUNICATION_FAILED;

101

break;

102

// TODO: app specific error codes go here.

103

default:

104

return ErrorCode::UNKNOWN_ERROR;

break;

}

}

nagendra modadugu

2017-12-28 11:20:45 -0800

[diff] [blame]

109

#define KM_CALL(meth) { \

110

const uint32_t status = _keymaster. meth (request, &response); \

111

const ErrorCode error_code = translate_error_code(response.error_code()); \

112

if (status != APP_SUCCESS) { \

113

LOG(ERROR) << #meth << " : request failed with status: " \

114

<< nos::StatusCodeString(status); \

115

return status_to_error_code(status); \

116

} \

117

if (error_code != ErrorCode::OK) { \

118

LOG(ERROR) << #meth << " : device response error code: " \

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

119

<< error_code; \

nagendra modadugu

07be7f1

2017-12-28 11:20:45 -0800

[diff] [blame]

120

return error_code; \

121

} \

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

122

}

123

nagendra modadugu

07be7f1

2017-12-28 11:20:45 -0800

[diff] [blame]

124

#define KM_CALLV(meth, ...) { \

125

const uint32_t status = _keymaster. meth (request, &response); \

126

const ErrorCode error_code = translate_error_code(response.error_code()); \

127

if (status != APP_SUCCESS) { \

128

LOG(ERROR) << #meth << " : request failed with status: " \

129

<< nos::StatusCodeString(status); \

130

_hidl_cb(status_to_error_code(status), __VA_ARGS__); \

131

return Void(); \

132

} \

133

if (error_code != ErrorCode::OK) { \

134

LOG(ERROR) << #meth << " : device response error code: " \

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

135

<< error_code; \

nagendra modadugu

07be7f1

2017-12-28 11:20:45 -0800

[diff] [blame]

136

/* TODO: translate error codes. */ \

137

_hidl_cb(error_code, __VA_ARGS__); \

138

return Void(); \

139

} \

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

140

}

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

141

142

// Methods from ::android::hardware::keymaster::V3_0::IKeymasterDevice follow.

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

143

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

144

Return<void> KeymasterDevice::getHardwareInfo(

145

getHardwareInfo_cb _hidl_cb)

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

146

{

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

147

LOG(VERBOSE) << "Running KeymasterDevice::getHardwareInfo";

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

148

nagendra modadugu

8a88337

2017-09-18 22:29:00 -0700

[diff] [blame]

149

(void)_keymaster;

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

150

_hidl_cb(SecurityLevel::STRONGBOX,

151

string("CitadelKeymaster"), string("Google"));

return Void();

}

Return<void> KeymasterDevice::getHmacSharingParameters(

157

getHmacSharingParameters_cb _hidl_cb)

158

{

159

LOG(VERBOSE) << "Running KeymasterDevice::getHmacSharingParameters";

160

161

(void)_keymaster;

162

_hidl_cb(ErrorCode::UNIMPLEMENTED, HmacSharingParameters());

return Void();

}

Return<void> KeymasterDevice::computeSharedHmac(

168

const hidl_vec<HmacSharingParameters>& params,

169

computeSharedHmac_cb _hidl_cb)

170

{

171

LOG(VERBOSE) << "Running KeymasterDevice::computeSharedHmac";

(void)params;

(void)_keymaster;

_hidl_cb(ErrorCode::UNIMPLEMENTED, hidl_vec<uint8_t>{});

return Void();

}

Return<void> KeymasterDevice::verifyAuthorization(

182

uint64_t challenge, const hidl_vec<KeyParameter>& parametersToVerify,

183

const HardwareAuthToken& authToken, verifyAuthorization_cb _hidl_cb)

184

{

185

LOG(VERBOSE) << "Running KeymasterDevice::verifyAuthorization";

186

187

(void)challenge;

188

(void)parametersToVerify;

(void)authToken;

(void)_keymaster;

_hidl_cb(ErrorCode::UNIMPLEMENTED, VerificationToken());

193

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

return Void();

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

197

Return<ErrorCode> KeymasterDevice::addRngEntropy(const hidl_vec<uint8_t>& data)

198

{

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

199

LOG(VERBOSE) << "Running KeymasterDevice::addRngEntropy";

200

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

201

if (!data.size()) return ErrorCode::OK;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

202

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

203

const size_t chunk_size = 1024;

204

for (size_t i = 0; i < data.size(); i += chunk_size) {

205

AddRngEntropyRequest request;

206

AddRngEntropyResponse response;

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

207

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

208

request.set_data(&data[i], std::min(chunk_size, data.size() - i));

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

209

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

210

// Call device.

211

KM_CALL(AddRngEntropy);

212

}

213

214

return ErrorCode::OK;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

215

}

216

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

217

Return<void> KeymasterDevice::generateKey(

218

const hidl_vec<KeyParameter>& keyParams,

219

generateKey_cb _hidl_cb)

220

{

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

221

LOG(VERBOSE) << "Running KeymasterDevice::generateKey";

222

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

223

GenerateKeyRequest request;

224

GenerateKeyResponse response;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

225

nagendra modadugu

2017-10-25 23:58:07 -0700

[diff] [blame]

226

hidl_vec<uint8_t> blob;

227

KeyCharacteristics characteristics;

228

if (hidl_params_to_pb(

229

keyParams, request.mutable_params()) != ErrorCode::OK) {

230

_hidl_cb(ErrorCode::INVALID_ARGUMENT, blob, characteristics);

231

return Void();

232

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

233

234

// Call device.

235

KM_CALLV(GenerateKey, hidl_vec<uint8_t>{}, KeyCharacteristics());

236

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

237

blob.setToExternal(

238

reinterpret_cast<uint8_t*>(

239

const_cast<char*>(response.blob().blob().data())),

240

response.blob().blob().size(), false);

nagendra modadugu

2017-10-25 23:58:07 -0700

[diff] [blame]

241

pb_to_hidl_params(response.characteristics().software_enforced(),

242

&characteristics.softwareEnforced);

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

243

pb_to_hidl_params(response.characteristics().tee_enforced(),

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

244

&characteristics.hardwareEnforced);

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

245

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

246

_hidl_cb(translate_error_code(response.error_code()),

247

blob, characteristics);

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

return Void();

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

251

Return<void> KeymasterDevice::getKeyCharacteristics(

252

const hidl_vec<uint8_t>& keyBlob,

253

const hidl_vec<uint8_t>& clientId,

254

const hidl_vec<uint8_t>& appData,

255

getKeyCharacteristics_cb _hidl_cb)

256

{

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

257

LOG(VERBOSE) << "Running KeymasterDevice::getKeyCharacteristics";

258

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

259

GetKeyCharacteristicsRequest request;

260

GetKeyCharacteristicsResponse response;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

261

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

262

request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size());

263

request.set_client_id(&clientId[0], clientId.size());

264

request.set_app_data(&appData[0], appData.size());

265

266

// Call device.

267

KM_CALLV(GetKeyCharacteristics, KeyCharacteristics());

268

269

KeyCharacteristics characteristics;

nagendra modadugu

2017-10-25 23:58:07 -0700

[diff] [blame]

270

pb_to_hidl_params(response.characteristics().software_enforced(),

271

&characteristics.softwareEnforced);

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

272

pb_to_hidl_params(response.characteristics().tee_enforced(),

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

273

&characteristics.hardwareEnforced);

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

274

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

275

_hidl_cb(translate_error_code(response.error_code()), characteristics);

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

return Void();

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

279

Return<void> KeymasterDevice::importKey(

280

const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,

281

const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb)

282

{

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

283

LOG(VERBOSE) << "Running KeymasterDevice::importKey";

284

nagendra modadugu

2017-09-27 14:01:00 -0700

[diff] [blame]

285

ErrorCode error;

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

286

ImportKeyRequest request;

287

ImportKeyResponse response;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

288

nagendra modadugu

2017-09-27 14:01:00 -0700

[diff] [blame]

289

error = import_key_request(params, keyFormat, keyData, &request);

290

if (error != ErrorCode::OK) {

291

LOG(ERROR) << "ImportKey request parsing failed with error "

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

292

<< error;

nagendra modadugu

2017-09-27 14:01:00 -0700

[diff] [blame]

293

_hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{});

294

return Void();

295

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

296

297

KM_CALLV(ImportKey, hidl_vec<uint8_t>{}, KeyCharacteristics{});

298

299

hidl_vec<uint8_t> blob;

300

blob.setToExternal(

301

reinterpret_cast<uint8_t*>(

302

const_cast<char*>(response.blob().blob().data())),

303

response.blob().blob().size(), false);

304

305

KeyCharacteristics characteristics;

nagendra modadugu

2017-10-25 23:58:07 -0700

[diff] [blame]

306

pb_to_hidl_params(response.characteristics().software_enforced(),

307

&characteristics.softwareEnforced);

nagendra modadugu

2017-09-27 14:01:00 -0700

[diff] [blame]

308

error = pb_to_hidl_params(response.characteristics().tee_enforced(),

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

309

&characteristics.hardwareEnforced);

nagendra modadugu

2017-09-27 14:01:00 -0700

[diff] [blame]

310

if (error != ErrorCode::OK) {

311

LOG(ERROR) << "KeymasterDevice::importKey: response tee_enforced :"

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

312

<< error;

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

313

_hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{});

314

return Void();

nagendra modadugu

2017-09-27 14:01:00 -0700

[diff] [blame]

315

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

316

317

_hidl_cb(ErrorCode::OK, blob, characteristics);

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

return Void();

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

321

Return<void> KeymasterDevice::exportKey(

322

KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,

323

const hidl_vec<uint8_t>& clientId,

324

const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb)

325

{

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

326

LOG(VERBOSE) << "Running KeymasterDevice::exportKey";

327

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

328

ExportKeyRequest request;

329

ExportKeyResponse response;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

330

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

331

request.set_format((::nugget::app::keymaster::KeyFormat)exportFormat);

332

request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size());

333

request.set_client_id(&clientId[0], clientId.size());

334

request.set_app_data(&appData[0], appData.size());

335

336

KM_CALLV(ExportKey, hidl_vec<uint8_t>{});

337

338

hidl_vec<uint8_t> blob;

339

blob.setToExternal(

340

reinterpret_cast<uint8_t*>(

341

const_cast<char*>(response.key_material().data())),

342

response.key_material().size(), false);

343

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

344

_hidl_cb(translate_error_code(response.error_code()), blob);

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

return Void();

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

348

Return<void> KeymasterDevice::attestKey(

349

const hidl_vec<uint8_t>& keyToAttest,

350

const hidl_vec<KeyParameter>& attestParams,

351

attestKey_cb _hidl_cb)

352

{

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

353

LOG(VERBOSE) << "Running KeymasterDevice::attestKey";

354

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

355

AttestKeyRequest request;

356

AttestKeyResponse response;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

357

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

358

request.mutable_blob()->set_blob(&keyToAttest[0], keyToAttest.size());

nagendra modadugu

2017-10-25 23:58:07 -0700

[diff] [blame]

359

360

vector<hidl_vec<uint8_t> > chain;

361

if (hidl_params_to_pb(

362

attestParams, request.mutable_params()) != ErrorCode::OK) {

363

_hidl_cb(ErrorCode::INVALID_ARGUMENT, chain);

364

return Void();

365

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

366

367

KM_CALLV(AttestKey, hidl_vec<hidl_vec<uint8_t> >{});

368

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

369

for (int i = 0; i < response.chain().certificates_size(); i++) {

370

hidl_vec<uint8_t> blob;

371

blob.setToExternal(

372

reinterpret_cast<uint8_t*>(

373

const_cast<char*>(

374

response.chain().certificates(i).data().data())),

375

response.chain().certificates(i).data().size(), false);

376

chain.push_back(blob);

377

}

378

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

379

_hidl_cb(translate_error_code(response.error_code()),

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

380

hidl_vec<hidl_vec<uint8_t> >(chain));

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

return Void();

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

384

Return<void> KeymasterDevice::upgradeKey(

385

const hidl_vec<uint8_t>& keyBlobToUpgrade,

386

const hidl_vec<KeyParameter>& upgradeParams,

387

upgradeKey_cb _hidl_cb)

388

{

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

389

LOG(VERBOSE) << "Running KeymasterDevice::upgradeKey";

390

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

391

UpgradeKeyRequest request;

392

UpgradeKeyResponse response;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

393

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

394

request.mutable_blob()->set_blob(&keyBlobToUpgrade[0],

395

keyBlobToUpgrade.size());

nagendra modadugu

2017-10-25 23:58:07 -0700

[diff] [blame]

396

397

hidl_vec<uint8_t> blob;

398

if (hidl_params_to_pb(

399

upgradeParams, request.mutable_params()) != ErrorCode::OK) {

400

_hidl_cb(ErrorCode::INVALID_ARGUMENT, blob);

401

return Void();

402

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

403

404

KM_CALLV(UpgradeKey, hidl_vec<uint8_t>{});

405

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

406

blob.setToExternal(

407

reinterpret_cast<uint8_t*>(

408

const_cast<char*>(response.blob().blob().data())),

409

response.blob().blob().size(), false);

410

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

411

_hidl_cb(translate_error_code(response.error_code()), blob);

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

return Void();

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

415

Return<ErrorCode> KeymasterDevice::deleteKey(const hidl_vec<uint8_t>& keyBlob)

416

{

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

417

LOG(VERBOSE) << "Running KeymasterDevice::deleteKey";

418

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

419

DeleteKeyRequest request;

420

DeleteKeyResponse response;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

421

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

422

request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size());

KM_CALL(DeleteKey);

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

426

return translate_error_code(response.error_code());

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

427

}

428

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

429

Return<ErrorCode> KeymasterDevice::deleteAllKeys()

430

{

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

431

LOG(VERBOSE) << "Running KeymasterDevice::deleteAllKeys";

432

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

433

DeleteAllKeysRequest request;

434

DeleteAllKeysResponse response;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

435

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

436

KM_CALL(DeleteAllKeys);

437

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

438

return translate_error_code(response.error_code());

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

439

}

440

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

441

Return<ErrorCode> KeymasterDevice::destroyAttestationIds()

442

{

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

443

LOG(VERBOSE) << "Running KeymasterDevice::destroyAttestationIds";

444

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

445

DestroyAttestationIdsRequest request;

446

DestroyAttestationIdsResponse response;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

447

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

448

KM_CALL(DestroyAttestationIds);

449

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

450

return translate_error_code(response.error_code());

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

451

}

452

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

453

Return<void> KeymasterDevice::begin(

454

KeyPurpose purpose, const hidl_vec<uint8_t>& key,

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

455

const hidl_vec<KeyParameter>& inParams,

456

const HardwareAuthToken& authToken,

457

begin_cb _hidl_cb)

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

458

{

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

459

LOG(VERBOSE) << "Running KeymasterDevice::begin";

460

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

461

BeginOperationRequest request;

462

BeginOperationResponse response;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

463

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

464

request.set_purpose((::nugget::app::keymaster::KeyPurpose)purpose);

465

request.mutable_blob()->set_blob(&key[0], key.size());

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

466

// TODO: set request.auth_token().

467

(void)authToken;

nagendra modadugu

2017-10-25 23:58:07 -0700

[diff] [blame]

468

469

hidl_vec<KeyParameter> params;

470

if (hidl_params_to_pb(

471

inParams, request.mutable_params()) != ErrorCode::OK) {

472

_hidl_cb(ErrorCode::INVALID_ARGUMENT, params,

473

response.handle().handle());

474

return Void();

475

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

476

477

KM_CALLV(BeginOperation, hidl_vec<KeyParameter>{}, 0);

478

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

479

pb_to_hidl_params(response.params(), &params);

480

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

481

_hidl_cb(translate_error_code(response.error_code()), params,

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

482

response.handle().handle());

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

return Void();

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

486

Return<void> KeymasterDevice::update(

487

uint64_t operationHandle,

488

const hidl_vec<KeyParameter>& inParams,

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

489

const hidl_vec<uint8_t>& input,

490

const HardwareAuthToken& authToken,

491

const VerificationToken& verificationToken,

492

update_cb _hidl_cb)

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

493

{

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

494

LOG(VERBOSE) << "Running KeymasterDevice::update";

495

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

496

UpdateOperationRequest request;

497

UpdateOperationResponse response;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

498

nagendra modadugu

1943967

2018-01-17 16:43:26 -0800

[diff] [blame^]

499

if (input.size() > KM_MAX_PROTO_FIELD_SIZE) {

500

LOG(ERROR) << "Excess input length: " << input.size()

501

<< "max allowed: " << KM_MAX_PROTO_FIELD_SIZE;

502

if (this->abort(operationHandle) != ErrorCode::OK) {

503

LOG(ERROR) << "abort( " << operationHandle

504

<< ") failed";

505

}

506

_hidl_cb(ErrorCode::INVALID_INPUT_LENGTH, 0,

507

hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{});

return Void();

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

511

request.mutable_handle()->set_handle(operationHandle);

nagendra modadugu

2017-10-25 23:58:07 -0700

[diff] [blame]

512

513

hidl_vec<KeyParameter> params;

514

hidl_vec<uint8_t> output;

515

if (hidl_params_to_pb(

516

inParams, request.mutable_params()) != ErrorCode::OK) {

517

_hidl_cb(ErrorCode::INVALID_ARGUMENT, 0, params, output);

return Void();

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

521

request.set_input(&input[0], input.size());

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

522

// TODO: add authToken and verificationToken.

523

(void)authToken;

524

(void)verificationToken;

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

525

526

KM_CALLV(UpdateOperation, 0, hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{});

527

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

528

pb_to_hidl_params(response.params(), &params);

529

output.setToExternal(

530

reinterpret_cast<uint8_t*>(const_cast<char*>(response.output().data())),

531

response.output().size(), false);

532

533

_hidl_cb(ErrorCode::OK, response.consumed(), params, output);

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

return Void();

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

537

Return<void> KeymasterDevice::finish(

538

uint64_t operationHandle,

539

const hidl_vec<KeyParameter>& inParams,

540

const hidl_vec<uint8_t>& input,

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

541

const hidl_vec<uint8_t>& signature,

542

const HardwareAuthToken& authToken,

543

const VerificationToken& verificationToken,

544

finish_cb _hidl_cb)

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

545

{

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

546

LOG(VERBOSE) << "Running KeymasterDevice::finish";

547

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

548

FinishOperationRequest request;

549

FinishOperationResponse response;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

550

nagendra modadugu

1943967

2018-01-17 16:43:26 -0800

[diff] [blame^]

551

if (input.size() > KM_MAX_PROTO_FIELD_SIZE) {

552

LOG(ERROR) << "Excess input length: " << input.size()

553

<< "max allowed: " << KM_MAX_PROTO_FIELD_SIZE;

554

if (this->abort(operationHandle) != ErrorCode::OK) {

555

LOG(ERROR) << "abort( " << operationHandle

556

<< ") failed";

557

}

558

_hidl_cb(ErrorCode::INVALID_INPUT_LENGTH,

559

hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{});

return Void();

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

563

request.mutable_handle()->set_handle(operationHandle);

nagendra modadugu

2017-10-25 23:58:07 -0700

[diff] [blame]

564

565

hidl_vec<KeyParameter> params;

566

hidl_vec<uint8_t> output;

567

if (hidl_params_to_pb(

568

inParams, request.mutable_params()) != ErrorCode::OK) {

569

_hidl_cb(ErrorCode::INVALID_ARGUMENT, params, output);

return Void();

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

573

request.set_input(&input[0], input.size());

574

request.set_signature(&signature[0], signature.size());

575

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

576

// TODO: add authToken and verificationToken.

577

(void)authToken;

578

(void)verificationToken;

579

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

580

KM_CALLV(FinishOperation, hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{});

581

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

582

pb_to_hidl_params(response.params(), &params);

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

583

output.setToExternal(

584

reinterpret_cast<uint8_t*>(const_cast<char*>(response.output().data())),

585

response.output().size(), false);

586

587

_hidl_cb(ErrorCode::OK, params, output);

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

return Void();

}

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

591

Return<ErrorCode> KeymasterDevice::abort(uint64_t operationHandle)

592

{

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

593

LOG(VERBOSE) << "Running KeymasterDevice::abort";

594

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

595

AbortOperationRequest request;

596

AbortOperationResponse response;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

597

nagendra modadugu

2017-09-27 13:51:23 -0700

[diff] [blame]

598

request.mutable_handle()->set_handle(operationHandle);

599

600

KM_CALL(AbortOperation);

601

602

return ErrorCode::OK;

Andrew Scull

2017-08-10 10:03:20 +0100

[diff] [blame]

603

}

604

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

605

// Methods from ::android::hardware::keymaster::V4_0::IKeymasterDevice follow.

606

Return<void> KeymasterDevice::importWrappedKey(

607

const hidl_vec<uint8_t>& wrappedKeyData,

608

const hidl_vec<uint8_t>& wrappingKeyBlob,

609

const hidl_vec<uint8_t>& maskingKey,

nagendra modadugu

9c231ef

2018-01-19 15:51:59 -0800

[diff] [blame]

610

const hidl_vec<KeyParameter>& /* unwrappingParams */,

611

uint64_t /* passwordSid */, uint64_t /* biometricSid */,

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

612

importWrappedKey_cb _hidl_cb)

613

{

614

LOG(VERBOSE) << "Running KeymasterDevice::importWrappedKey";

615

616

ErrorCode error;

617

ImportWrappedKeyRequest request;

618

ImportKeyResponse response;

619

620

if (maskingKey.size() != KM_WRAPPER_MASKING_KEY_SIZE) {

621

_hidl_cb(ErrorCode::INVALID_ARGUMENT, hidl_vec<uint8_t>{},

622

KeyCharacteristics{});

return Void();

}

error = import_wrapped_key_request(wrappedKeyData, wrappingKeyBlob,

627

maskingKey, &request);

628

if (error != ErrorCode::OK) {

629

LOG(ERROR) << "ImportWrappedKey request parsing failed with error "

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

630

<< error;

nagendra modadugu

2017-12-04 21:37:22 -0800

[diff] [blame]

631

_hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{});

return Void();

}

KM_CALLV(ImportWrappedKey, hidl_vec<uint8_t>{}, KeyCharacteristics{});

636

637

hidl_vec<uint8_t> blob;

638

blob.setToExternal(

639

reinterpret_cast<uint8_t*>(

640

const_cast<char*>(response.blob().blob().data())),

641

response.blob().blob().size(), false);

642

643

KeyCharacteristics characteristics;

644

// TODO: anything to do here with softwareEnforced?

645

pb_to_hidl_params(response.characteristics().software_enforced(),

646

&characteristics.softwareEnforced);

647

error = pb_to_hidl_params(response.characteristics().tee_enforced(),

648

&characteristics.hardwareEnforced);

649

if (error != ErrorCode::OK) {

650

LOG(ERROR) <<

651

"KeymasterDevice::importWrappedKey: response tee_enforced :"

nagendra modadugu

2018-01-02 17:42:46 -0800

[diff] [blame]

652

<< error;

nagendra modadugu