Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2017, The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include "KeymasterDevice.h" |
nagendra modadugu | f5127a3 | 2018-01-24 16:30:49 -0800 | [diff] [blame] | 18 | #include "export_key.h" |
nagendra modadugu | 9747140 | 2017-09-27 14:01:00 -0700 | [diff] [blame] | 19 | #include "import_key.h" |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 20 | #include "import_wrapped_key.h" |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 21 | #include "proto_utils.h" |
| 22 | |
nagendra modadugu | 9e8c856 | 2017-09-18 18:58:54 -0700 | [diff] [blame] | 23 | #include <Keymaster.client.h> |
Andrew Scull | 8e96ff0 | 2017-10-09 11:09:09 +0100 | [diff] [blame] | 24 | #include <nos/debug.h> |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 25 | #include <nos/NuggetClient.h> |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 26 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 27 | #include <keymasterV4_0/key_param_output.h> |
| 28 | |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 29 | #include <android-base/logging.h> |
Allen Webb | 8fb68f1 | 2018-05-24 16:36:44 -0700 | [diff] [blame] | 30 | #include <android-base/properties.h> |
| 31 | |
| 32 | #include <algorithm> |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 33 | |
| 34 | namespace android { |
| 35 | namespace hardware { |
| 36 | namespace keymaster { |
| 37 | |
Allen Webb | 8fb68f1 | 2018-05-24 16:36:44 -0700 | [diff] [blame] | 38 | namespace { |
| 39 | |
| 40 | constexpr char PROPERTY_OS_VERSION[] = "ro.build.version.release"; |
| 41 | constexpr char PROPERTY_OS_PATCHLEVEL[] = "ro.build.version.security_patch"; |
| 42 | constexpr char PROPERTY_VENDOR_PATCHLEVEL[] = "ro.vendor.build.security_patch"; |
| 43 | |
| 44 | std::string DigitsOnly(const std::string& code) { |
Allen Webb | 3f96bd7 | 2018-05-25 08:01:32 -0700 | [diff] [blame] | 45 | // Keep digits only. |
| 46 | std::string filtered_code; |
| 47 | std::copy_if(code.begin(), code.end(), std::back_inserter(filtered_code), |
| 48 | isdigit); |
| 49 | return filtered_code; |
Allen Webb | 8fb68f1 | 2018-05-24 16:36:44 -0700 | [diff] [blame] | 50 | } |
| 51 | |
| 52 | uint32_t DateCodeToUint32(const std::string& code, bool include_day) { |
| 53 | // Keep digits only. |
| 54 | std::string filtered_code = DigitsOnly(code); |
| 55 | |
| 56 | // Return 0 if the date string has an unexpected number of digits. |
| 57 | uint32_t return_value = 0; |
| 58 | if (filtered_code.size() == 8) { |
| 59 | return_value = std::stoi(filtered_code); |
| 60 | if (!include_day) { |
| 61 | return_value /= 100; |
| 62 | } |
| 63 | } else if (filtered_code.size() == 6) { |
| 64 | return_value = std::stoi(filtered_code); |
| 65 | if (include_day) { |
| 66 | return_value *= 100; |
| 67 | } |
| 68 | } |
| 69 | return return_value; |
| 70 | } |
| 71 | |
| 72 | } // namespace |
| 73 | |
nagendra modadugu | 8a88337 | 2017-09-18 22:29:00 -0700 | [diff] [blame] | 74 | // std |
| 75 | using std::string; |
| 76 | |
Allen Webb | 8fb68f1 | 2018-05-24 16:36:44 -0700 | [diff] [blame] | 77 | // base |
| 78 | using ::android::base::GetProperty; |
| 79 | |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 80 | // libhidl |
| 81 | using ::android::hardware::Void; |
| 82 | |
| 83 | // HAL |
nagendra modadugu | f110176 | 2018-01-04 17:59:51 -0800 | [diff] [blame] | 84 | using ::android::hardware::keymaster::V4_0::Algorithm; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 85 | using ::android::hardware::keymaster::V4_0::KeyCharacteristics; |
nagendra modadugu | f110176 | 2018-01-04 17:59:51 -0800 | [diff] [blame] | 86 | using ::android::hardware::keymaster::V4_0::KeyFormat; |
nagendra modadugu | 24945ea | 2018-05-16 17:55:39 -0700 | [diff] [blame] | 87 | using ::android::hardware::keymaster::V4_0::HardwareAuthToken; |
| 88 | using ::android::hardware::keymaster::V4_0::HardwareAuthenticatorType; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 89 | using ::android::hardware::keymaster::V4_0::SecurityLevel; |
| 90 | using ::android::hardware::keymaster::V4_0::Tag; |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 91 | |
| 92 | // nos |
| 93 | using nos::NuggetClient; |
| 94 | |
| 95 | // Keymaster app |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 96 | // KM 3.0 types |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 97 | using ::nugget::app::keymaster::AddRngEntropyRequest; |
| 98 | using ::nugget::app::keymaster::AddRngEntropyResponse; |
| 99 | using ::nugget::app::keymaster::GenerateKeyRequest; |
| 100 | using ::nugget::app::keymaster::GenerateKeyResponse; |
| 101 | using ::nugget::app::keymaster::GetKeyCharacteristicsRequest; |
| 102 | using ::nugget::app::keymaster::GetKeyCharacteristicsResponse; |
| 103 | using ::nugget::app::keymaster::ImportKeyRequest; |
| 104 | using ::nugget::app::keymaster::ImportKeyResponse; |
| 105 | using ::nugget::app::keymaster::ExportKeyRequest; |
| 106 | using ::nugget::app::keymaster::ExportKeyResponse; |
| 107 | using ::nugget::app::keymaster::AttestKeyRequest; |
| 108 | using ::nugget::app::keymaster::AttestKeyResponse; |
| 109 | using ::nugget::app::keymaster::UpgradeKeyRequest; |
| 110 | using ::nugget::app::keymaster::UpgradeKeyResponse; |
| 111 | using ::nugget::app::keymaster::DeleteKeyRequest; |
| 112 | using ::nugget::app::keymaster::DeleteKeyResponse; |
| 113 | using ::nugget::app::keymaster::DeleteAllKeysRequest; |
| 114 | using ::nugget::app::keymaster::DeleteAllKeysResponse; |
| 115 | using ::nugget::app::keymaster::DestroyAttestationIdsRequest; |
| 116 | using ::nugget::app::keymaster::DestroyAttestationIdsResponse; |
| 117 | using ::nugget::app::keymaster::BeginOperationRequest; |
| 118 | using ::nugget::app::keymaster::BeginOperationResponse; |
| 119 | using ::nugget::app::keymaster::UpdateOperationRequest; |
| 120 | using ::nugget::app::keymaster::UpdateOperationResponse; |
| 121 | using ::nugget::app::keymaster::FinishOperationRequest; |
| 122 | using ::nugget::app::keymaster::FinishOperationResponse; |
| 123 | using ::nugget::app::keymaster::AbortOperationRequest; |
| 124 | using ::nugget::app::keymaster::AbortOperationResponse; |
Janis Danisevskis | da932b9 | 2018-04-13 18:21:07 -0700 | [diff] [blame] | 125 | using ::nugget::app::keymaster::ComputeSharedHmacRequest; |
| 126 | using ::nugget::app::keymaster::ComputeSharedHmacResponse; |
| 127 | using ::nugget::app::keymaster::GetHmacSharingParametersRequest; |
| 128 | using ::nugget::app::keymaster::GetHmacSharingParametersResponse; |
Allen Webb | 6f869fd | 2018-05-25 09:02:25 -0700 | [diff] [blame^] | 129 | using ::nugget::app::keymaster::SetSystemVersionInfoRequest; |
| 130 | using ::nugget::app::keymaster::SetSystemVersionInfoResponse; |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 131 | |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 132 | // KM 4.0 types |
| 133 | using ::nugget::app::keymaster::ImportWrappedKeyRequest; |
Janis Danisevskis | da932b9 | 2018-04-13 18:21:07 -0700 | [diff] [blame] | 134 | namespace nosapp = ::nugget::app::keymaster; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 135 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 136 | static ErrorCode status_to_error_code(uint32_t status) |
| 137 | { |
| 138 | switch (status) { |
| 139 | case APP_SUCCESS: |
| 140 | return ErrorCode::OK; |
| 141 | break; |
| 142 | case APP_ERROR_BOGUS_ARGS: |
| 143 | return ErrorCode::INVALID_ARGUMENT; |
| 144 | break; |
| 145 | case APP_ERROR_INTERNAL: |
| 146 | return ErrorCode::UNKNOWN_ERROR; |
| 147 | break; |
| 148 | case APP_ERROR_TOO_MUCH: |
| 149 | return ErrorCode::INSUFFICIENT_BUFFER_SPACE; |
| 150 | break; |
| 151 | case APP_ERROR_RPC: |
| 152 | return ErrorCode::SECURE_HW_COMMUNICATION_FAILED; |
| 153 | break; |
| 154 | // TODO: app specific error codes go here. |
| 155 | default: |
| 156 | return ErrorCode::UNKNOWN_ERROR; |
| 157 | break; |
| 158 | } |
| 159 | } |
| 160 | |
nagendra modadugu | 07be7f1 | 2017-12-28 11:20:45 -0800 | [diff] [blame] | 161 | #define KM_CALL(meth) { \ |
| 162 | const uint32_t status = _keymaster. meth (request, &response); \ |
| 163 | const ErrorCode error_code = translate_error_code(response.error_code()); \ |
| 164 | if (status != APP_SUCCESS) { \ |
| 165 | LOG(ERROR) << #meth << " : request failed with status: " \ |
| 166 | << nos::StatusCodeString(status); \ |
| 167 | return status_to_error_code(status); \ |
| 168 | } \ |
| 169 | if (error_code != ErrorCode::OK) { \ |
| 170 | LOG(ERROR) << #meth << " : device response error code: " \ |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 171 | << error_code; \ |
nagendra modadugu | 07be7f1 | 2017-12-28 11:20:45 -0800 | [diff] [blame] | 172 | return error_code; \ |
| 173 | } \ |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 174 | } |
| 175 | |
nagendra modadugu | 07be7f1 | 2017-12-28 11:20:45 -0800 | [diff] [blame] | 176 | #define KM_CALLV(meth, ...) { \ |
| 177 | const uint32_t status = _keymaster. meth (request, &response); \ |
| 178 | const ErrorCode error_code = translate_error_code(response.error_code()); \ |
| 179 | if (status != APP_SUCCESS) { \ |
| 180 | LOG(ERROR) << #meth << " : request failed with status: " \ |
| 181 | << nos::StatusCodeString(status); \ |
| 182 | _hidl_cb(status_to_error_code(status), __VA_ARGS__); \ |
| 183 | return Void(); \ |
| 184 | } \ |
| 185 | if (error_code != ErrorCode::OK) { \ |
| 186 | LOG(ERROR) << #meth << " : device response error code: " \ |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 187 | << error_code; \ |
nagendra modadugu | 07be7f1 | 2017-12-28 11:20:45 -0800 | [diff] [blame] | 188 | _hidl_cb(error_code, __VA_ARGS__); \ |
| 189 | return Void(); \ |
| 190 | } \ |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 191 | } |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 192 | |
| 193 | // Methods from ::android::hardware::keymaster::V3_0::IKeymasterDevice follow. |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 194 | |
Allen Webb | 8fb68f1 | 2018-05-24 16:36:44 -0700 | [diff] [blame] | 195 | KeymasterDevice::KeymasterDevice(KeymasterClient& keymaster) : |
| 196 | _keymaster{keymaster} { |
| 197 | os_version = std::stoi(DigitsOnly(GetProperty(PROPERTY_OS_VERSION, ""))); |
| 198 | os_patchlevel = DateCodeToUint32(GetProperty(PROPERTY_OS_PATCHLEVEL, ""), |
Allen Webb | 3f96bd7 | 2018-05-25 08:01:32 -0700 | [diff] [blame] | 199 | false /* include_day */); |
Allen Webb | 8fb68f1 | 2018-05-24 16:36:44 -0700 | [diff] [blame] | 200 | vendor_patchlevel = DateCodeToUint32( |
Allen Webb | 3f96bd7 | 2018-05-25 08:01:32 -0700 | [diff] [blame] | 201 | GetProperty(PROPERTY_VENDOR_PATCHLEVEL, ""), |
| 202 | true /* include_day */); |
Allen Webb | 6f869fd | 2018-05-25 09:02:25 -0700 | [diff] [blame^] | 203 | |
| 204 | SetSystemVersionInfoRequest request; |
| 205 | SetSystemVersionInfoResponse response; |
| 206 | |
| 207 | request.set_system_version(os_version); |
| 208 | request.set_system_security_level(os_patchlevel); |
| 209 | request.set_vendor_security_level(os_patchlevel); |
| 210 | |
| 211 | const uint32_t status = _keymaster.SetSystemVersionInfo(request, &response); |
| 212 | const ErrorCode error_code = translate_error_code(response.error_code()); |
| 213 | if (status != APP_SUCCESS) { |
| 214 | LOG(ERROR) << "SetSystemVersionInfo : request failed with status: " |
| 215 | << nos::StatusCodeString(status); |
| 216 | } |
| 217 | if (error_code != ErrorCode::OK) { |
| 218 | LOG(WARNING) << "SetSystemVersionInfo : device response error code: " |
| 219 | << error_code; |
| 220 | } |
Allen Webb | 8fb68f1 | 2018-05-24 16:36:44 -0700 | [diff] [blame] | 221 | } |
| 222 | |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 223 | Return<void> KeymasterDevice::getHardwareInfo( |
| 224 | getHardwareInfo_cb _hidl_cb) |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 225 | { |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 226 | LOG(VERBOSE) << "Running KeymasterDevice::getHardwareInfo"; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 227 | |
nagendra modadugu | 8a88337 | 2017-09-18 22:29:00 -0700 | [diff] [blame] | 228 | (void)_keymaster; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 229 | _hidl_cb(SecurityLevel::STRONGBOX, |
| 230 | string("CitadelKeymaster"), string("Google")); |
| 231 | |
| 232 | return Void(); |
| 233 | } |
| 234 | |
| 235 | Return<void> KeymasterDevice::getHmacSharingParameters( |
| 236 | getHmacSharingParameters_cb _hidl_cb) |
| 237 | { |
| 238 | LOG(VERBOSE) << "Running KeymasterDevice::getHmacSharingParameters"; |
| 239 | |
Janis Danisevskis | da932b9 | 2018-04-13 18:21:07 -0700 | [diff] [blame] | 240 | GetHmacSharingParametersRequest request; |
| 241 | GetHmacSharingParametersResponse response; |
| 242 | HmacSharingParameters result; |
| 243 | |
| 244 | KM_CALLV(GetHmacSharingParameters, result); |
| 245 | |
| 246 | ErrorCode ec = translate_error_code(response.error_code()); |
| 247 | |
| 248 | if (ec != ErrorCode::OK) { |
| 249 | _hidl_cb(ec, HmacSharingParameters()); |
| 250 | } |
| 251 | |
| 252 | const std::string & nonce = response.hmac_sharing_params().nonce(); |
| 253 | const std::string & seed = response.hmac_sharing_params().seed(); |
| 254 | |
| 255 | if (seed.size() == 32) { |
| 256 | result.seed.setToExternal(reinterpret_cast<uint8_t*>( |
| 257 | const_cast<char*>(seed.data())), |
| 258 | seed.size(), false); |
| 259 | } else if (seed.size() != 0) { |
| 260 | LOG(ERROR) << "Citadel returned unexpected seed size: " |
| 261 | << seed.size(); |
| 262 | _hidl_cb(ErrorCode::UNKNOWN_ERROR, HmacSharingParameters()); |
| 263 | return Void(); |
| 264 | } |
| 265 | |
| 266 | if (nonce.size() == result.nonce.size()) { |
| 267 | std::copy(nonce.begin(), nonce.end(), result.nonce.data()); |
| 268 | } else { |
| 269 | LOG(ERROR) << "Citadel returned unexpected nonce size: " |
| 270 | << nonce.size(); |
| 271 | _hidl_cb(ErrorCode::UNKNOWN_ERROR, HmacSharingParameters()); |
| 272 | return Void(); |
| 273 | } |
| 274 | |
| 275 | _hidl_cb(ec, result); |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 276 | |
| 277 | return Void(); |
| 278 | } |
| 279 | |
| 280 | Return<void> KeymasterDevice::computeSharedHmac( |
| 281 | const hidl_vec<HmacSharingParameters>& params, |
| 282 | computeSharedHmac_cb _hidl_cb) |
| 283 | { |
Janis Danisevskis | da932b9 | 2018-04-13 18:21:07 -0700 | [diff] [blame] | 284 | LOG(VERBOSE) << "Running KeymasterDevice::computeSharedHmac"; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 285 | |
Janis Danisevskis | da932b9 | 2018-04-13 18:21:07 -0700 | [diff] [blame] | 286 | ComputeSharedHmacRequest request; |
| 287 | ComputeSharedHmacResponse response; |
| 288 | hidl_vec<uint8_t> result; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 289 | |
Janis Danisevskis | da932b9 | 2018-04-13 18:21:07 -0700 | [diff] [blame] | 290 | for (const HmacSharingParameters & param : params) { |
| 291 | // TODO respect max number of parameters defined in |
| 292 | // keymaster_types.proto |
| 293 | nosapp::HmacSharingParameters* req_param = |
| 294 | request.add_hmac_sharing_params(); |
| 295 | req_param->set_nonce( |
| 296 | reinterpret_cast<const int8_t*>( |
| 297 | param.nonce.data()), param.nonce.size()); |
| 298 | req_param->set_seed(reinterpret_cast<const int8_t*>(param.seed.data()), |
| 299 | param.seed.size()); |
| 300 | } |
| 301 | |
| 302 | KM_CALLV(ComputeSharedHmac, result); |
| 303 | |
| 304 | ErrorCode ec = translate_error_code(response.error_code()); |
| 305 | |
| 306 | if (ec != ErrorCode::OK) { |
| 307 | _hidl_cb(ec, result); |
| 308 | return Void(); |
| 309 | } |
| 310 | |
| 311 | const std::string & share_check = response.sharing_check(); |
| 312 | |
| 313 | result.setToExternal(reinterpret_cast<uint8_t*>( |
| 314 | const_cast<char*>(share_check.data())), share_check.size(), false); |
| 315 | _hidl_cb(ec, result); |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 316 | |
| 317 | return Void(); |
| 318 | } |
| 319 | |
| 320 | Return<void> KeymasterDevice::verifyAuthorization( |
nagendra modadugu | 24945ea | 2018-05-16 17:55:39 -0700 | [diff] [blame] | 321 | uint64_t operationHandle, const hidl_vec<KeyParameter>& parametersToVerify, |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 322 | const HardwareAuthToken& authToken, verifyAuthorization_cb _hidl_cb) |
| 323 | { |
| 324 | LOG(VERBOSE) << "Running KeymasterDevice::verifyAuthorization"; |
| 325 | |
nagendra modadugu | 24945ea | 2018-05-16 17:55:39 -0700 | [diff] [blame] | 326 | (void)operationHandle; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 327 | (void)parametersToVerify; |
| 328 | (void)authToken; |
| 329 | |
| 330 | (void)_keymaster; |
| 331 | _hidl_cb(ErrorCode::UNIMPLEMENTED, VerificationToken()); |
| 332 | |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 333 | return Void(); |
| 334 | } |
| 335 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 336 | Return<ErrorCode> KeymasterDevice::addRngEntropy(const hidl_vec<uint8_t>& data) |
| 337 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 338 | LOG(VERBOSE) << "Running KeymasterDevice::addRngEntropy"; |
| 339 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 340 | if (!data.size()) return ErrorCode::OK; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 341 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 342 | const size_t chunk_size = 1024; |
| 343 | for (size_t i = 0; i < data.size(); i += chunk_size) { |
| 344 | AddRngEntropyRequest request; |
| 345 | AddRngEntropyResponse response; |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 346 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 347 | request.set_data(&data[i], std::min(chunk_size, data.size() - i)); |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 348 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 349 | // Call device. |
| 350 | KM_CALL(AddRngEntropy); |
| 351 | } |
| 352 | |
| 353 | return ErrorCode::OK; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 354 | } |
| 355 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 356 | Return<void> KeymasterDevice::generateKey( |
| 357 | const hidl_vec<KeyParameter>& keyParams, |
| 358 | generateKey_cb _hidl_cb) |
| 359 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 360 | LOG(VERBOSE) << "Running KeymasterDevice::generateKey"; |
| 361 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 362 | GenerateKeyRequest request; |
| 363 | GenerateKeyResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 364 | |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 365 | hidl_vec<uint8_t> blob; |
| 366 | KeyCharacteristics characteristics; |
| 367 | if (hidl_params_to_pb( |
| 368 | keyParams, request.mutable_params()) != ErrorCode::OK) { |
| 369 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, blob, characteristics); |
| 370 | return Void(); |
| 371 | } |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 372 | |
| 373 | // Call device. |
| 374 | KM_CALLV(GenerateKey, hidl_vec<uint8_t>{}, KeyCharacteristics()); |
| 375 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 376 | blob.setToExternal( |
| 377 | reinterpret_cast<uint8_t*>( |
| 378 | const_cast<char*>(response.blob().blob().data())), |
| 379 | response.blob().blob().size(), false); |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 380 | pb_to_hidl_params(response.characteristics().software_enforced(), |
| 381 | &characteristics.softwareEnforced); |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 382 | pb_to_hidl_params(response.characteristics().tee_enforced(), |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 383 | &characteristics.hardwareEnforced); |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 384 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 385 | _hidl_cb(translate_error_code(response.error_code()), |
| 386 | blob, characteristics); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 387 | return Void(); |
| 388 | } |
| 389 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 390 | Return<void> KeymasterDevice::getKeyCharacteristics( |
| 391 | const hidl_vec<uint8_t>& keyBlob, |
| 392 | const hidl_vec<uint8_t>& clientId, |
| 393 | const hidl_vec<uint8_t>& appData, |
| 394 | getKeyCharacteristics_cb _hidl_cb) |
| 395 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 396 | LOG(VERBOSE) << "Running KeymasterDevice::getKeyCharacteristics"; |
| 397 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 398 | GetKeyCharacteristicsRequest request; |
| 399 | GetKeyCharacteristicsResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 400 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 401 | request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size()); |
| 402 | request.set_client_id(&clientId[0], clientId.size()); |
| 403 | request.set_app_data(&appData[0], appData.size()); |
| 404 | |
| 405 | // Call device. |
| 406 | KM_CALLV(GetKeyCharacteristics, KeyCharacteristics()); |
| 407 | |
| 408 | KeyCharacteristics characteristics; |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 409 | pb_to_hidl_params(response.characteristics().software_enforced(), |
| 410 | &characteristics.softwareEnforced); |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 411 | pb_to_hidl_params(response.characteristics().tee_enforced(), |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 412 | &characteristics.hardwareEnforced); |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 413 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 414 | _hidl_cb(translate_error_code(response.error_code()), characteristics); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 415 | return Void(); |
| 416 | } |
| 417 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 418 | Return<void> KeymasterDevice::importKey( |
| 419 | const hidl_vec<KeyParameter>& params, KeyFormat keyFormat, |
| 420 | const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) |
| 421 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 422 | LOG(VERBOSE) << "Running KeymasterDevice::importKey"; |
| 423 | |
nagendra modadugu | 9747140 | 2017-09-27 14:01:00 -0700 | [diff] [blame] | 424 | ErrorCode error; |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 425 | ImportKeyRequest request; |
| 426 | ImportKeyResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 427 | |
nagendra modadugu | 9747140 | 2017-09-27 14:01:00 -0700 | [diff] [blame] | 428 | error = import_key_request(params, keyFormat, keyData, &request); |
| 429 | if (error != ErrorCode::OK) { |
| 430 | LOG(ERROR) << "ImportKey request parsing failed with error " |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 431 | << error; |
nagendra modadugu | 9747140 | 2017-09-27 14:01:00 -0700 | [diff] [blame] | 432 | _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{}); |
| 433 | return Void(); |
| 434 | } |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 435 | |
| 436 | KM_CALLV(ImportKey, hidl_vec<uint8_t>{}, KeyCharacteristics{}); |
| 437 | |
| 438 | hidl_vec<uint8_t> blob; |
| 439 | blob.setToExternal( |
| 440 | reinterpret_cast<uint8_t*>( |
| 441 | const_cast<char*>(response.blob().blob().data())), |
| 442 | response.blob().blob().size(), false); |
| 443 | |
| 444 | KeyCharacteristics characteristics; |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 445 | pb_to_hidl_params(response.characteristics().software_enforced(), |
| 446 | &characteristics.softwareEnforced); |
nagendra modadugu | 9747140 | 2017-09-27 14:01:00 -0700 | [diff] [blame] | 447 | error = pb_to_hidl_params(response.characteristics().tee_enforced(), |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 448 | &characteristics.hardwareEnforced); |
nagendra modadugu | 9747140 | 2017-09-27 14:01:00 -0700 | [diff] [blame] | 449 | if (error != ErrorCode::OK) { |
| 450 | LOG(ERROR) << "KeymasterDevice::importKey: response tee_enforced :" |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 451 | << error; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 452 | _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{}); |
| 453 | return Void(); |
nagendra modadugu | 9747140 | 2017-09-27 14:01:00 -0700 | [diff] [blame] | 454 | } |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 455 | |
| 456 | _hidl_cb(ErrorCode::OK, blob, characteristics); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 457 | return Void(); |
| 458 | } |
| 459 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 460 | Return<void> KeymasterDevice::exportKey( |
| 461 | KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob, |
| 462 | const hidl_vec<uint8_t>& clientId, |
| 463 | const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) |
| 464 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 465 | LOG(VERBOSE) << "Running KeymasterDevice::exportKey"; |
| 466 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 467 | ExportKeyRequest request; |
| 468 | ExportKeyResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 469 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 470 | request.set_format((::nugget::app::keymaster::KeyFormat)exportFormat); |
| 471 | request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size()); |
| 472 | request.set_client_id(&clientId[0], clientId.size()); |
| 473 | request.set_app_data(&appData[0], appData.size()); |
| 474 | |
| 475 | KM_CALLV(ExportKey, hidl_vec<uint8_t>{}); |
| 476 | |
nagendra modadugu | f5127a3 | 2018-01-24 16:30:49 -0800 | [diff] [blame] | 477 | ErrorCode error_code = translate_error_code(response.error_code()); |
| 478 | if (error_code != ErrorCode::OK) { |
| 479 | _hidl_cb(error_code, hidl_vec<uint8_t>{}); |
| 480 | } |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 481 | |
nagendra modadugu | f5127a3 | 2018-01-24 16:30:49 -0800 | [diff] [blame] | 482 | hidl_vec<uint8_t> der; |
| 483 | error_code = export_key_der(response, &der); |
| 484 | |
| 485 | _hidl_cb(error_code, der); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 486 | return Void(); |
| 487 | } |
| 488 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 489 | Return<void> KeymasterDevice::attestKey( |
| 490 | const hidl_vec<uint8_t>& keyToAttest, |
| 491 | const hidl_vec<KeyParameter>& attestParams, |
| 492 | attestKey_cb _hidl_cb) |
| 493 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 494 | LOG(VERBOSE) << "Running KeymasterDevice::attestKey"; |
| 495 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 496 | AttestKeyRequest request; |
| 497 | AttestKeyResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 498 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 499 | request.mutable_blob()->set_blob(&keyToAttest[0], keyToAttest.size()); |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 500 | |
| 501 | vector<hidl_vec<uint8_t> > chain; |
| 502 | if (hidl_params_to_pb( |
| 503 | attestParams, request.mutable_params()) != ErrorCode::OK) { |
| 504 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, chain); |
| 505 | return Void(); |
| 506 | } |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 507 | |
| 508 | KM_CALLV(AttestKey, hidl_vec<hidl_vec<uint8_t> >{}); |
| 509 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 510 | for (int i = 0; i < response.chain().certificates_size(); i++) { |
| 511 | hidl_vec<uint8_t> blob; |
| 512 | blob.setToExternal( |
| 513 | reinterpret_cast<uint8_t*>( |
| 514 | const_cast<char*>( |
| 515 | response.chain().certificates(i).data().data())), |
| 516 | response.chain().certificates(i).data().size(), false); |
| 517 | chain.push_back(blob); |
| 518 | } |
| 519 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 520 | _hidl_cb(translate_error_code(response.error_code()), |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 521 | hidl_vec<hidl_vec<uint8_t> >(chain)); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 522 | return Void(); |
| 523 | } |
| 524 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 525 | Return<void> KeymasterDevice::upgradeKey( |
| 526 | const hidl_vec<uint8_t>& keyBlobToUpgrade, |
| 527 | const hidl_vec<KeyParameter>& upgradeParams, |
| 528 | upgradeKey_cb _hidl_cb) |
| 529 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 530 | LOG(VERBOSE) << "Running KeymasterDevice::upgradeKey"; |
| 531 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 532 | UpgradeKeyRequest request; |
| 533 | UpgradeKeyResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 534 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 535 | request.mutable_blob()->set_blob(&keyBlobToUpgrade[0], |
| 536 | keyBlobToUpgrade.size()); |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 537 | |
| 538 | hidl_vec<uint8_t> blob; |
| 539 | if (hidl_params_to_pb( |
| 540 | upgradeParams, request.mutable_params()) != ErrorCode::OK) { |
| 541 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, blob); |
| 542 | return Void(); |
| 543 | } |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 544 | |
| 545 | KM_CALLV(UpgradeKey, hidl_vec<uint8_t>{}); |
| 546 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 547 | blob.setToExternal( |
| 548 | reinterpret_cast<uint8_t*>( |
| 549 | const_cast<char*>(response.blob().blob().data())), |
| 550 | response.blob().blob().size(), false); |
| 551 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 552 | _hidl_cb(translate_error_code(response.error_code()), blob); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 553 | return Void(); |
| 554 | } |
| 555 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 556 | Return<ErrorCode> KeymasterDevice::deleteKey(const hidl_vec<uint8_t>& keyBlob) |
| 557 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 558 | LOG(VERBOSE) << "Running KeymasterDevice::deleteKey"; |
| 559 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 560 | DeleteKeyRequest request; |
| 561 | DeleteKeyResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 562 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 563 | request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size()); |
| 564 | |
| 565 | KM_CALL(DeleteKey); |
| 566 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 567 | return translate_error_code(response.error_code()); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 568 | } |
| 569 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 570 | Return<ErrorCode> KeymasterDevice::deleteAllKeys() |
| 571 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 572 | LOG(VERBOSE) << "Running KeymasterDevice::deleteAllKeys"; |
| 573 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 574 | DeleteAllKeysRequest request; |
| 575 | DeleteAllKeysResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 576 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 577 | KM_CALL(DeleteAllKeys); |
| 578 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 579 | return translate_error_code(response.error_code()); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 580 | } |
| 581 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 582 | Return<ErrorCode> KeymasterDevice::destroyAttestationIds() |
| 583 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 584 | LOG(VERBOSE) << "Running KeymasterDevice::destroyAttestationIds"; |
| 585 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 586 | DestroyAttestationIdsRequest request; |
| 587 | DestroyAttestationIdsResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 588 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 589 | KM_CALL(DestroyAttestationIds); |
| 590 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 591 | return translate_error_code(response.error_code()); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 592 | } |
| 593 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 594 | Return<void> KeymasterDevice::begin( |
| 595 | KeyPurpose purpose, const hidl_vec<uint8_t>& key, |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 596 | const hidl_vec<KeyParameter>& inParams, |
| 597 | const HardwareAuthToken& authToken, |
| 598 | begin_cb _hidl_cb) |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 599 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 600 | LOG(VERBOSE) << "Running KeymasterDevice::begin"; |
| 601 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 602 | BeginOperationRequest request; |
| 603 | BeginOperationResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 604 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 605 | request.set_purpose((::nugget::app::keymaster::KeyPurpose)purpose); |
| 606 | request.mutable_blob()->set_blob(&key[0], key.size()); |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 607 | |
| 608 | hidl_vec<KeyParameter> params; |
nagendra modadugu | 24945ea | 2018-05-16 17:55:39 -0700 | [diff] [blame] | 609 | if (translate_auth_token( |
| 610 | authToken, request.mutable_auth_token()) != ErrorCode::OK) { |
| 611 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, params, |
| 612 | response.handle().handle()); |
| 613 | return Void(); |
| 614 | } |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 615 | if (hidl_params_to_pb( |
| 616 | inParams, request.mutable_params()) != ErrorCode::OK) { |
| 617 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, params, |
| 618 | response.handle().handle()); |
| 619 | return Void(); |
| 620 | } |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 621 | |
| 622 | KM_CALLV(BeginOperation, hidl_vec<KeyParameter>{}, 0); |
| 623 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 624 | pb_to_hidl_params(response.params(), ¶ms); |
| 625 | |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 626 | _hidl_cb(translate_error_code(response.error_code()), params, |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 627 | response.handle().handle()); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 628 | return Void(); |
| 629 | } |
| 630 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 631 | Return<void> KeymasterDevice::update( |
| 632 | uint64_t operationHandle, |
| 633 | const hidl_vec<KeyParameter>& inParams, |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 634 | const hidl_vec<uint8_t>& input, |
| 635 | const HardwareAuthToken& authToken, |
| 636 | const VerificationToken& verificationToken, |
| 637 | update_cb _hidl_cb) |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 638 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 639 | LOG(VERBOSE) << "Running KeymasterDevice::update"; |
| 640 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 641 | UpdateOperationRequest request; |
| 642 | UpdateOperationResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 643 | |
nagendra modadugu | 1943967 | 2018-01-17 16:43:26 -0800 | [diff] [blame] | 644 | if (input.size() > KM_MAX_PROTO_FIELD_SIZE) { |
| 645 | LOG(ERROR) << "Excess input length: " << input.size() |
| 646 | << "max allowed: " << KM_MAX_PROTO_FIELD_SIZE; |
| 647 | if (this->abort(operationHandle) != ErrorCode::OK) { |
| 648 | LOG(ERROR) << "abort( " << operationHandle |
| 649 | << ") failed"; |
| 650 | } |
| 651 | _hidl_cb(ErrorCode::INVALID_INPUT_LENGTH, 0, |
| 652 | hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{}); |
| 653 | return Void(); |
| 654 | } |
| 655 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 656 | request.mutable_handle()->set_handle(operationHandle); |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 657 | |
| 658 | hidl_vec<KeyParameter> params; |
| 659 | hidl_vec<uint8_t> output; |
| 660 | if (hidl_params_to_pb( |
| 661 | inParams, request.mutable_params()) != ErrorCode::OK) { |
| 662 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, 0, params, output); |
| 663 | return Void(); |
| 664 | } |
| 665 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 666 | request.set_input(&input[0], input.size()); |
nagendra modadugu | 24945ea | 2018-05-16 17:55:39 -0700 | [diff] [blame] | 667 | if (translate_auth_token( |
| 668 | authToken, request.mutable_auth_token()) != ErrorCode::OK) { |
| 669 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, 0, params, output); |
| 670 | return Void(); |
| 671 | } |
| 672 | translate_verification_token(verificationToken, |
| 673 | request.mutable_verification_token()); |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 674 | |
| 675 | KM_CALLV(UpdateOperation, 0, hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{}); |
| 676 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 677 | pb_to_hidl_params(response.params(), ¶ms); |
| 678 | output.setToExternal( |
| 679 | reinterpret_cast<uint8_t*>(const_cast<char*>(response.output().data())), |
| 680 | response.output().size(), false); |
| 681 | |
| 682 | _hidl_cb(ErrorCode::OK, response.consumed(), params, output); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 683 | return Void(); |
| 684 | } |
| 685 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 686 | Return<void> KeymasterDevice::finish( |
| 687 | uint64_t operationHandle, |
| 688 | const hidl_vec<KeyParameter>& inParams, |
| 689 | const hidl_vec<uint8_t>& input, |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 690 | const hidl_vec<uint8_t>& signature, |
| 691 | const HardwareAuthToken& authToken, |
| 692 | const VerificationToken& verificationToken, |
| 693 | finish_cb _hidl_cb) |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 694 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 695 | LOG(VERBOSE) << "Running KeymasterDevice::finish"; |
| 696 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 697 | FinishOperationRequest request; |
| 698 | FinishOperationResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 699 | |
nagendra modadugu | 1943967 | 2018-01-17 16:43:26 -0800 | [diff] [blame] | 700 | if (input.size() > KM_MAX_PROTO_FIELD_SIZE) { |
| 701 | LOG(ERROR) << "Excess input length: " << input.size() |
| 702 | << "max allowed: " << KM_MAX_PROTO_FIELD_SIZE; |
| 703 | if (this->abort(operationHandle) != ErrorCode::OK) { |
| 704 | LOG(ERROR) << "abort( " << operationHandle |
| 705 | << ") failed"; |
| 706 | } |
| 707 | _hidl_cb(ErrorCode::INVALID_INPUT_LENGTH, |
| 708 | hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{}); |
| 709 | return Void(); |
| 710 | } |
| 711 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 712 | request.mutable_handle()->set_handle(operationHandle); |
nagendra modadugu | e3ef469 | 2017-10-25 23:58:07 -0700 | [diff] [blame] | 713 | |
| 714 | hidl_vec<KeyParameter> params; |
| 715 | hidl_vec<uint8_t> output; |
| 716 | if (hidl_params_to_pb( |
| 717 | inParams, request.mutable_params()) != ErrorCode::OK) { |
| 718 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, params, output); |
| 719 | return Void(); |
| 720 | } |
| 721 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 722 | request.set_input(&input[0], input.size()); |
| 723 | request.set_signature(&signature[0], signature.size()); |
| 724 | |
nagendra modadugu | 24945ea | 2018-05-16 17:55:39 -0700 | [diff] [blame] | 725 | if (translate_auth_token( |
| 726 | authToken, request.mutable_auth_token()) != ErrorCode::OK) { |
| 727 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, params, output); |
| 728 | return Void(); |
| 729 | } |
| 730 | translate_verification_token(verificationToken, |
| 731 | request.mutable_verification_token()); |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 732 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 733 | KM_CALLV(FinishOperation, hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{}); |
| 734 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 735 | pb_to_hidl_params(response.params(), ¶ms); |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 736 | output.setToExternal( |
| 737 | reinterpret_cast<uint8_t*>(const_cast<char*>(response.output().data())), |
| 738 | response.output().size(), false); |
| 739 | |
| 740 | _hidl_cb(ErrorCode::OK, params, output); |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 741 | return Void(); |
| 742 | } |
| 743 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 744 | Return<ErrorCode> KeymasterDevice::abort(uint64_t operationHandle) |
| 745 | { |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 746 | LOG(VERBOSE) << "Running KeymasterDevice::abort"; |
| 747 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 748 | AbortOperationRequest request; |
| 749 | AbortOperationResponse response; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 750 | |
nagendra modadugu | 284b939 | 2017-09-27 13:51:23 -0700 | [diff] [blame] | 751 | request.mutable_handle()->set_handle(operationHandle); |
| 752 | |
| 753 | KM_CALL(AbortOperation); |
| 754 | |
| 755 | return ErrorCode::OK; |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 756 | } |
| 757 | |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 758 | // Methods from ::android::hardware::keymaster::V4_0::IKeymasterDevice follow. |
| 759 | Return<void> KeymasterDevice::importWrappedKey( |
| 760 | const hidl_vec<uint8_t>& wrappedKeyData, |
| 761 | const hidl_vec<uint8_t>& wrappingKeyBlob, |
| 762 | const hidl_vec<uint8_t>& maskingKey, |
nagendra modadugu | 9c231ef | 2018-01-19 15:51:59 -0800 | [diff] [blame] | 763 | const hidl_vec<KeyParameter>& /* unwrappingParams */, |
| 764 | uint64_t /* passwordSid */, uint64_t /* biometricSid */, |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 765 | importWrappedKey_cb _hidl_cb) |
| 766 | { |
| 767 | LOG(VERBOSE) << "Running KeymasterDevice::importWrappedKey"; |
| 768 | |
| 769 | ErrorCode error; |
| 770 | ImportWrappedKeyRequest request; |
| 771 | ImportKeyResponse response; |
| 772 | |
| 773 | if (maskingKey.size() != KM_WRAPPER_MASKING_KEY_SIZE) { |
| 774 | _hidl_cb(ErrorCode::INVALID_ARGUMENT, hidl_vec<uint8_t>{}, |
| 775 | KeyCharacteristics{}); |
| 776 | return Void(); |
| 777 | } |
| 778 | |
| 779 | error = import_wrapped_key_request(wrappedKeyData, wrappingKeyBlob, |
| 780 | maskingKey, &request); |
| 781 | if (error != ErrorCode::OK) { |
| 782 | LOG(ERROR) << "ImportWrappedKey request parsing failed with error " |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 783 | << error; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 784 | _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{}); |
| 785 | return Void(); |
| 786 | } |
| 787 | |
| 788 | KM_CALLV(ImportWrappedKey, hidl_vec<uint8_t>{}, KeyCharacteristics{}); |
| 789 | |
| 790 | hidl_vec<uint8_t> blob; |
| 791 | blob.setToExternal( |
| 792 | reinterpret_cast<uint8_t*>( |
| 793 | const_cast<char*>(response.blob().blob().data())), |
| 794 | response.blob().blob().size(), false); |
| 795 | |
| 796 | KeyCharacteristics characteristics; |
| 797 | // TODO: anything to do here with softwareEnforced? |
| 798 | pb_to_hidl_params(response.characteristics().software_enforced(), |
| 799 | &characteristics.softwareEnforced); |
| 800 | error = pb_to_hidl_params(response.characteristics().tee_enforced(), |
| 801 | &characteristics.hardwareEnforced); |
| 802 | if (error != ErrorCode::OK) { |
| 803 | LOG(ERROR) << |
| 804 | "KeymasterDevice::importWrappedKey: response tee_enforced :" |
nagendra modadugu | e2914e4 | 2018-01-02 17:42:46 -0800 | [diff] [blame] | 805 | << error; |
nagendra modadugu | ec66730 | 2017-12-04 21:37:22 -0800 | [diff] [blame] | 806 | _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{}); |
| 807 | return Void(); |
| 808 | } |
| 809 | |
| 810 | _hidl_cb(ErrorCode::OK, blob, characteristics); |
| 811 | return Void(); |
| 812 | } |
| 813 | |
Andrew Scull | e4e2ffc | 2017-08-10 10:03:20 +0100 | [diff] [blame] | 814 | } // namespace keymaster |
| 815 | } // namespace hardware |
| 816 | } // namespace android |