Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / nos / host / android / 6f869fdf9bbbdd7d9f8568e36da4aa7f9a872bbd / . / hals / keymaster / KeymasterDevice.cpp
blob: 44ddfee09d834718f8e739538d455a0b4f0dba5d [file] [log] [blame]
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]1/*
2 * Copyright 2017, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "KeymasterDevice.h"
nagendra modaduguf5127a32018-01-24 16:30:49 -0800[diff] [blame]18#include "export_key.h"
nagendra modadugu97471402017-09-27 14:01:00 -0700[diff] [blame]19#include "import_key.h"
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]20#include "import_wrapped_key.h"
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]21#include "proto_utils.h"
22
nagendra modadugu9e8c8562017-09-18 18:58:54 -0700[diff] [blame]23#include <Keymaster.client.h>
Andrew Scull8e96ff02017-10-09 11:09:09 +0100[diff] [blame]24#include <nos/debug.h>
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]25#include <nos/NuggetClient.h>
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]26
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]27#include <keymasterV4_0/key_param_output.h>
28
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]29#include <android-base/logging.h>
Allen Webb8fb68f12018-05-24 16:36:44 -0700[diff] [blame]30#include <android-base/properties.h>
31
32#include <algorithm>
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]33
34namespace android {
35namespace hardware {
36namespace keymaster {
37
Allen Webb8fb68f12018-05-24 16:36:44 -0700[diff] [blame]38namespace {
39
40constexpr char PROPERTY_OS_VERSION[] = "ro.build.version.release";
41constexpr char PROPERTY_OS_PATCHLEVEL[] = "ro.build.version.security_patch";
42constexpr char PROPERTY_VENDOR_PATCHLEVEL[] = "ro.vendor.build.security_patch";
43
44std::string DigitsOnly(const std::string& code) {
Allen Webb3f96bd72018-05-25 08:01:32 -0700[diff] [blame]45 // Keep digits only.
46 std::string filtered_code;
47 std::copy_if(code.begin(), code.end(), std::back_inserter(filtered_code),
48 isdigit);
49 return filtered_code;
Allen Webb8fb68f12018-05-24 16:36:44 -0700[diff] [blame]50}
51
52uint32_t DateCodeToUint32(const std::string& code, bool include_day) {
53 // Keep digits only.
54 std::string filtered_code = DigitsOnly(code);
55
56 // Return 0 if the date string has an unexpected number of digits.
57 uint32_t return_value = 0;
58 if (filtered_code.size() == 8) {
59 return_value = std::stoi(filtered_code);
60 if (!include_day) {
61 return_value /= 100;
62 }
63 } else if (filtered_code.size() == 6) {
64 return_value = std::stoi(filtered_code);
65 if (include_day) {
66 return_value *= 100;
67 }
68 }
69 return return_value;
70}
71
72} // namespace
73
nagendra modadugu8a883372017-09-18 22:29:00 -0700[diff] [blame]74// std
75using std::string;
76
Allen Webb8fb68f12018-05-24 16:36:44 -0700[diff] [blame]77// base
78using ::android::base::GetProperty;
79
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]80// libhidl
81using ::android::hardware::Void;
82
83// HAL
nagendra modaduguf1101762018-01-04 17:59:51 -0800[diff] [blame]84using ::android::hardware::keymaster::V4_0::Algorithm;
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]85using ::android::hardware::keymaster::V4_0::KeyCharacteristics;
nagendra modaduguf1101762018-01-04 17:59:51 -0800[diff] [blame]86using ::android::hardware::keymaster::V4_0::KeyFormat;
nagendra modadugu24945ea2018-05-16 17:55:39 -0700[diff] [blame]87using ::android::hardware::keymaster::V4_0::HardwareAuthToken;
88using ::android::hardware::keymaster::V4_0::HardwareAuthenticatorType;
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]89using ::android::hardware::keymaster::V4_0::SecurityLevel;
90using ::android::hardware::keymaster::V4_0::Tag;
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]91
92// nos
93using nos::NuggetClient;
94
95// Keymaster app
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]96// KM 3.0 types
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]97using ::nugget::app::keymaster::AddRngEntropyRequest;
98using ::nugget::app::keymaster::AddRngEntropyResponse;
99using ::nugget::app::keymaster::GenerateKeyRequest;
100using ::nugget::app::keymaster::GenerateKeyResponse;
101using ::nugget::app::keymaster::GetKeyCharacteristicsRequest;
102using ::nugget::app::keymaster::GetKeyCharacteristicsResponse;
103using ::nugget::app::keymaster::ImportKeyRequest;
104using ::nugget::app::keymaster::ImportKeyResponse;
105using ::nugget::app::keymaster::ExportKeyRequest;
106using ::nugget::app::keymaster::ExportKeyResponse;
107using ::nugget::app::keymaster::AttestKeyRequest;
108using ::nugget::app::keymaster::AttestKeyResponse;
109using ::nugget::app::keymaster::UpgradeKeyRequest;
110using ::nugget::app::keymaster::UpgradeKeyResponse;
111using ::nugget::app::keymaster::DeleteKeyRequest;
112using ::nugget::app::keymaster::DeleteKeyResponse;
113using ::nugget::app::keymaster::DeleteAllKeysRequest;
114using ::nugget::app::keymaster::DeleteAllKeysResponse;
115using ::nugget::app::keymaster::DestroyAttestationIdsRequest;
116using ::nugget::app::keymaster::DestroyAttestationIdsResponse;
117using ::nugget::app::keymaster::BeginOperationRequest;
118using ::nugget::app::keymaster::BeginOperationResponse;
119using ::nugget::app::keymaster::UpdateOperationRequest;
120using ::nugget::app::keymaster::UpdateOperationResponse;
121using ::nugget::app::keymaster::FinishOperationRequest;
122using ::nugget::app::keymaster::FinishOperationResponse;
123using ::nugget::app::keymaster::AbortOperationRequest;
124using ::nugget::app::keymaster::AbortOperationResponse;
Janis Danisevskisda932b92018-04-13 18:21:07 -0700[diff] [blame]125using ::nugget::app::keymaster::ComputeSharedHmacRequest;
126using ::nugget::app::keymaster::ComputeSharedHmacResponse;
127using ::nugget::app::keymaster::GetHmacSharingParametersRequest;
128using ::nugget::app::keymaster::GetHmacSharingParametersResponse;
Allen Webb6f869fd2018-05-25 09:02:25 -0700[diff] [blame^]129using ::nugget::app::keymaster::SetSystemVersionInfoRequest;
130using ::nugget::app::keymaster::SetSystemVersionInfoResponse;
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]131
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]132// KM 4.0 types
133using ::nugget::app::keymaster::ImportWrappedKeyRequest;
Janis Danisevskisda932b92018-04-13 18:21:07 -0700[diff] [blame]134namespace nosapp = ::nugget::app::keymaster;
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]135
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]136static ErrorCode status_to_error_code(uint32_t status)
137{
138 switch (status) {
139 case APP_SUCCESS:
140 return ErrorCode::OK;
141 break;
142 case APP_ERROR_BOGUS_ARGS:
143 return ErrorCode::INVALID_ARGUMENT;
144 break;
145 case APP_ERROR_INTERNAL:
146 return ErrorCode::UNKNOWN_ERROR;
147 break;
148 case APP_ERROR_TOO_MUCH:
149 return ErrorCode::INSUFFICIENT_BUFFER_SPACE;
150 break;
151 case APP_ERROR_RPC:
152 return ErrorCode::SECURE_HW_COMMUNICATION_FAILED;
153 break;
154 // TODO: app specific error codes go here.
155 default:
156 return ErrorCode::UNKNOWN_ERROR;
157 break;
158 }
159}
160
nagendra modadugu07be7f12017-12-28 11:20:45 -0800[diff] [blame]161#define KM_CALL(meth) { \
162 const uint32_t status = _keymaster. meth (request, &response); \
163 const ErrorCode error_code = translate_error_code(response.error_code()); \
164 if (status != APP_SUCCESS) { \
165 LOG(ERROR) << #meth << " : request failed with status: " \
166 << nos::StatusCodeString(status); \
167 return status_to_error_code(status); \
168 } \
169 if (error_code != ErrorCode::OK) { \
170 LOG(ERROR) << #meth << " : device response error code: " \
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]171 << error_code; \
nagendra modadugu07be7f12017-12-28 11:20:45 -0800[diff] [blame]172 return error_code; \
173 } \
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]174}
175
nagendra modadugu07be7f12017-12-28 11:20:45 -0800[diff] [blame]176#define KM_CALLV(meth, ...) { \
177 const uint32_t status = _keymaster. meth (request, &response); \
178 const ErrorCode error_code = translate_error_code(response.error_code()); \
179 if (status != APP_SUCCESS) { \
180 LOG(ERROR) << #meth << " : request failed with status: " \
181 << nos::StatusCodeString(status); \
182 _hidl_cb(status_to_error_code(status), __VA_ARGS__); \
183 return Void(); \
184 } \
185 if (error_code != ErrorCode::OK) { \
186 LOG(ERROR) << #meth << " : device response error code: " \
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]187 << error_code; \
nagendra modadugu07be7f12017-12-28 11:20:45 -0800[diff] [blame]188 _hidl_cb(error_code, __VA_ARGS__); \
189 return Void(); \
190 } \
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]191}
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]192
193// Methods from ::android::hardware::keymaster::V3_0::IKeymasterDevice follow.
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]194
Allen Webb8fb68f12018-05-24 16:36:44 -0700[diff] [blame]195KeymasterDevice::KeymasterDevice(KeymasterClient& keymaster) :
196 _keymaster{keymaster} {
197 os_version = std::stoi(DigitsOnly(GetProperty(PROPERTY_OS_VERSION, "")));
198 os_patchlevel = DateCodeToUint32(GetProperty(PROPERTY_OS_PATCHLEVEL, ""),
Allen Webb3f96bd72018-05-25 08:01:32 -0700[diff] [blame]199 false /* include_day */);
Allen Webb8fb68f12018-05-24 16:36:44 -0700[diff] [blame]200 vendor_patchlevel = DateCodeToUint32(
Allen Webb3f96bd72018-05-25 08:01:32 -0700[diff] [blame]201 GetProperty(PROPERTY_VENDOR_PATCHLEVEL, ""),
202 true /* include_day */);
Allen Webb6f869fd2018-05-25 09:02:25 -0700[diff] [blame^]203
204 SetSystemVersionInfoRequest request;
205 SetSystemVersionInfoResponse response;
206
207 request.set_system_version(os_version);
208 request.set_system_security_level(os_patchlevel);
209 request.set_vendor_security_level(os_patchlevel);
210
211 const uint32_t status = _keymaster.SetSystemVersionInfo(request, &response);
212 const ErrorCode error_code = translate_error_code(response.error_code());
213 if (status != APP_SUCCESS) {
214 LOG(ERROR) << "SetSystemVersionInfo : request failed with status: "
215 << nos::StatusCodeString(status);
216 }
217 if (error_code != ErrorCode::OK) {
218 LOG(WARNING) << "SetSystemVersionInfo : device response error code: "
219 << error_code;
220 }
Allen Webb8fb68f12018-05-24 16:36:44 -0700[diff] [blame]221}
222
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]223Return<void> KeymasterDevice::getHardwareInfo(
224 getHardwareInfo_cb _hidl_cb)
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]225{
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]226 LOG(VERBOSE) << "Running KeymasterDevice::getHardwareInfo";
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]227
nagendra modadugu8a883372017-09-18 22:29:00 -0700[diff] [blame]228 (void)_keymaster;
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]229 _hidl_cb(SecurityLevel::STRONGBOX,
230 string("CitadelKeymaster"), string("Google"));
231
232 return Void();
233}
234
235Return<void> KeymasterDevice::getHmacSharingParameters(
236 getHmacSharingParameters_cb _hidl_cb)
237{
238 LOG(VERBOSE) << "Running KeymasterDevice::getHmacSharingParameters";
239
Janis Danisevskisda932b92018-04-13 18:21:07 -0700[diff] [blame]240 GetHmacSharingParametersRequest request;
241 GetHmacSharingParametersResponse response;
242 HmacSharingParameters result;
243
244 KM_CALLV(GetHmacSharingParameters, result);
245
246 ErrorCode ec = translate_error_code(response.error_code());
247
248 if (ec != ErrorCode::OK) {
249 _hidl_cb(ec, HmacSharingParameters());
250 }
251
252 const std::string & nonce = response.hmac_sharing_params().nonce();
253 const std::string & seed = response.hmac_sharing_params().seed();
254
255 if (seed.size() == 32) {
256 result.seed.setToExternal(reinterpret_cast<uint8_t*>(
257 const_cast<char*>(seed.data())),
258 seed.size(), false);
259 } else if (seed.size() != 0) {
260 LOG(ERROR) << "Citadel returned unexpected seed size: "
261 << seed.size();
262 _hidl_cb(ErrorCode::UNKNOWN_ERROR, HmacSharingParameters());
263 return Void();
264 }
265
266 if (nonce.size() == result.nonce.size()) {
267 std::copy(nonce.begin(), nonce.end(), result.nonce.data());
268 } else {
269 LOG(ERROR) << "Citadel returned unexpected nonce size: "
270 << nonce.size();
271 _hidl_cb(ErrorCode::UNKNOWN_ERROR, HmacSharingParameters());
272 return Void();
273 }
274
275 _hidl_cb(ec, result);
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]276
277 return Void();
278}
279
280Return<void> KeymasterDevice::computeSharedHmac(
281 const hidl_vec<HmacSharingParameters>& params,
282 computeSharedHmac_cb _hidl_cb)
283{
Janis Danisevskisda932b92018-04-13 18:21:07 -0700[diff] [blame]284 LOG(VERBOSE) << "Running KeymasterDevice::computeSharedHmac";
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]285
Janis Danisevskisda932b92018-04-13 18:21:07 -0700[diff] [blame]286 ComputeSharedHmacRequest request;
287 ComputeSharedHmacResponse response;
288 hidl_vec<uint8_t> result;
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]289
Janis Danisevskisda932b92018-04-13 18:21:07 -0700[diff] [blame]290 for (const HmacSharingParameters & param : params) {
291 // TODO respect max number of parameters defined in
292 // keymaster_types.proto
293 nosapp::HmacSharingParameters* req_param =
294 request.add_hmac_sharing_params();
295 req_param->set_nonce(
296 reinterpret_cast<const int8_t*>(
297 param.nonce.data()), param.nonce.size());
298 req_param->set_seed(reinterpret_cast<const int8_t*>(param.seed.data()),
299 param.seed.size());
300 }
301
302 KM_CALLV(ComputeSharedHmac, result);
303
304 ErrorCode ec = translate_error_code(response.error_code());
305
306 if (ec != ErrorCode::OK) {
307 _hidl_cb(ec, result);
308 return Void();
309 }
310
311 const std::string & share_check = response.sharing_check();
312
313 result.setToExternal(reinterpret_cast<uint8_t*>(
314 const_cast<char*>(share_check.data())), share_check.size(), false);
315 _hidl_cb(ec, result);
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]316
317 return Void();
318}
319
320Return<void> KeymasterDevice::verifyAuthorization(
nagendra modadugu24945ea2018-05-16 17:55:39 -0700[diff] [blame]321 uint64_t operationHandle, const hidl_vec<KeyParameter>& parametersToVerify,
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]322 const HardwareAuthToken& authToken, verifyAuthorization_cb _hidl_cb)
323{
324 LOG(VERBOSE) << "Running KeymasterDevice::verifyAuthorization";
325
nagendra modadugu24945ea2018-05-16 17:55:39 -0700[diff] [blame]326 (void)operationHandle;
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]327 (void)parametersToVerify;
328 (void)authToken;
329
330 (void)_keymaster;
331 _hidl_cb(ErrorCode::UNIMPLEMENTED, VerificationToken());
332
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]333 return Void();
334}
335
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]336Return<ErrorCode> KeymasterDevice::addRngEntropy(const hidl_vec<uint8_t>& data)
337{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]338 LOG(VERBOSE) << "Running KeymasterDevice::addRngEntropy";
339
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]340 if (!data.size()) return ErrorCode::OK;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]341
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]342 const size_t chunk_size = 1024;
343 for (size_t i = 0; i < data.size(); i += chunk_size) {
344 AddRngEntropyRequest request;
345 AddRngEntropyResponse response;
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]346
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]347 request.set_data(&data[i], std::min(chunk_size, data.size() - i));
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]348
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]349 // Call device.
350 KM_CALL(AddRngEntropy);
351 }
352
353 return ErrorCode::OK;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]354}
355
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]356Return<void> KeymasterDevice::generateKey(
357 const hidl_vec<KeyParameter>& keyParams,
358 generateKey_cb _hidl_cb)
359{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]360 LOG(VERBOSE) << "Running KeymasterDevice::generateKey";
361
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]362 GenerateKeyRequest request;
363 GenerateKeyResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]364
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]365 hidl_vec<uint8_t> blob;
366 KeyCharacteristics characteristics;
367 if (hidl_params_to_pb(
368 keyParams, request.mutable_params()) != ErrorCode::OK) {
369 _hidl_cb(ErrorCode::INVALID_ARGUMENT, blob, characteristics);
370 return Void();
371 }
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]372
373 // Call device.
374 KM_CALLV(GenerateKey, hidl_vec<uint8_t>{}, KeyCharacteristics());
375
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]376 blob.setToExternal(
377 reinterpret_cast<uint8_t*>(
378 const_cast<char*>(response.blob().blob().data())),
379 response.blob().blob().size(), false);
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]380 pb_to_hidl_params(response.characteristics().software_enforced(),
381 &characteristics.softwareEnforced);
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]382 pb_to_hidl_params(response.characteristics().tee_enforced(),
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]383 &characteristics.hardwareEnforced);
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]384
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]385 _hidl_cb(translate_error_code(response.error_code()),
386 blob, characteristics);
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]387 return Void();
388}
389
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]390Return<void> KeymasterDevice::getKeyCharacteristics(
391 const hidl_vec<uint8_t>& keyBlob,
392 const hidl_vec<uint8_t>& clientId,
393 const hidl_vec<uint8_t>& appData,
394 getKeyCharacteristics_cb _hidl_cb)
395{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]396 LOG(VERBOSE) << "Running KeymasterDevice::getKeyCharacteristics";
397
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]398 GetKeyCharacteristicsRequest request;
399 GetKeyCharacteristicsResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]400
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]401 request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size());
402 request.set_client_id(&clientId[0], clientId.size());
403 request.set_app_data(&appData[0], appData.size());
404
405 // Call device.
406 KM_CALLV(GetKeyCharacteristics, KeyCharacteristics());
407
408 KeyCharacteristics characteristics;
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]409 pb_to_hidl_params(response.characteristics().software_enforced(),
410 &characteristics.softwareEnforced);
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]411 pb_to_hidl_params(response.characteristics().tee_enforced(),
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]412 &characteristics.hardwareEnforced);
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]413
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]414 _hidl_cb(translate_error_code(response.error_code()), characteristics);
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]415 return Void();
416}
417
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]418Return<void> KeymasterDevice::importKey(
419 const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
420 const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb)
421{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]422 LOG(VERBOSE) << "Running KeymasterDevice::importKey";
423
nagendra modadugu97471402017-09-27 14:01:00 -0700[diff] [blame]424 ErrorCode error;
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]425 ImportKeyRequest request;
426 ImportKeyResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]427
nagendra modadugu97471402017-09-27 14:01:00 -0700[diff] [blame]428 error = import_key_request(params, keyFormat, keyData, &request);
429 if (error != ErrorCode::OK) {
430 LOG(ERROR) << "ImportKey request parsing failed with error "
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]431 << error;
nagendra modadugu97471402017-09-27 14:01:00 -0700[diff] [blame]432 _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{});
433 return Void();
434 }
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]435
436 KM_CALLV(ImportKey, hidl_vec<uint8_t>{}, KeyCharacteristics{});
437
438 hidl_vec<uint8_t> blob;
439 blob.setToExternal(
440 reinterpret_cast<uint8_t*>(
441 const_cast<char*>(response.blob().blob().data())),
442 response.blob().blob().size(), false);
443
444 KeyCharacteristics characteristics;
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]445 pb_to_hidl_params(response.characteristics().software_enforced(),
446 &characteristics.softwareEnforced);
nagendra modadugu97471402017-09-27 14:01:00 -0700[diff] [blame]447 error = pb_to_hidl_params(response.characteristics().tee_enforced(),
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]448 &characteristics.hardwareEnforced);
nagendra modadugu97471402017-09-27 14:01:00 -0700[diff] [blame]449 if (error != ErrorCode::OK) {
450 LOG(ERROR) << "KeymasterDevice::importKey: response tee_enforced :"
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]451 << error;
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]452 _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{});
453 return Void();
nagendra modadugu97471402017-09-27 14:01:00 -0700[diff] [blame]454 }
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]455
456 _hidl_cb(ErrorCode::OK, blob, characteristics);
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]457 return Void();
458}
459
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]460Return<void> KeymasterDevice::exportKey(
461 KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
462 const hidl_vec<uint8_t>& clientId,
463 const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb)
464{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]465 LOG(VERBOSE) << "Running KeymasterDevice::exportKey";
466
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]467 ExportKeyRequest request;
468 ExportKeyResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]469
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]470 request.set_format((::nugget::app::keymaster::KeyFormat)exportFormat);
471 request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size());
472 request.set_client_id(&clientId[0], clientId.size());
473 request.set_app_data(&appData[0], appData.size());
474
475 KM_CALLV(ExportKey, hidl_vec<uint8_t>{});
476
nagendra modaduguf5127a32018-01-24 16:30:49 -0800[diff] [blame]477 ErrorCode error_code = translate_error_code(response.error_code());
478 if (error_code != ErrorCode::OK) {
479 _hidl_cb(error_code, hidl_vec<uint8_t>{});
480 }
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]481
nagendra modaduguf5127a32018-01-24 16:30:49 -0800[diff] [blame]482 hidl_vec<uint8_t> der;
483 error_code = export_key_der(response, &der);
484
485 _hidl_cb(error_code, der);
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]486 return Void();
487}
488
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]489Return<void> KeymasterDevice::attestKey(
490 const hidl_vec<uint8_t>& keyToAttest,
491 const hidl_vec<KeyParameter>& attestParams,
492 attestKey_cb _hidl_cb)
493{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]494 LOG(VERBOSE) << "Running KeymasterDevice::attestKey";
495
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]496 AttestKeyRequest request;
497 AttestKeyResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]498
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]499 request.mutable_blob()->set_blob(&keyToAttest[0], keyToAttest.size());
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]500
501 vector<hidl_vec<uint8_t> > chain;
502 if (hidl_params_to_pb(
503 attestParams, request.mutable_params()) != ErrorCode::OK) {
504 _hidl_cb(ErrorCode::INVALID_ARGUMENT, chain);
505 return Void();
506 }
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]507
508 KM_CALLV(AttestKey, hidl_vec<hidl_vec<uint8_t> >{});
509
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]510 for (int i = 0; i < response.chain().certificates_size(); i++) {
511 hidl_vec<uint8_t> blob;
512 blob.setToExternal(
513 reinterpret_cast<uint8_t*>(
514 const_cast<char*>(
515 response.chain().certificates(i).data().data())),
516 response.chain().certificates(i).data().size(), false);
517 chain.push_back(blob);
518 }
519
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]520 _hidl_cb(translate_error_code(response.error_code()),
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]521 hidl_vec<hidl_vec<uint8_t> >(chain));
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]522 return Void();
523}
524
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]525Return<void> KeymasterDevice::upgradeKey(
526 const hidl_vec<uint8_t>& keyBlobToUpgrade,
527 const hidl_vec<KeyParameter>& upgradeParams,
528 upgradeKey_cb _hidl_cb)
529{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]530 LOG(VERBOSE) << "Running KeymasterDevice::upgradeKey";
531
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]532 UpgradeKeyRequest request;
533 UpgradeKeyResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]534
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]535 request.mutable_blob()->set_blob(&keyBlobToUpgrade[0],
536 keyBlobToUpgrade.size());
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]537
538 hidl_vec<uint8_t> blob;
539 if (hidl_params_to_pb(
540 upgradeParams, request.mutable_params()) != ErrorCode::OK) {
541 _hidl_cb(ErrorCode::INVALID_ARGUMENT, blob);
542 return Void();
543 }
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]544
545 KM_CALLV(UpgradeKey, hidl_vec<uint8_t>{});
546
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]547 blob.setToExternal(
548 reinterpret_cast<uint8_t*>(
549 const_cast<char*>(response.blob().blob().data())),
550 response.blob().blob().size(), false);
551
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]552 _hidl_cb(translate_error_code(response.error_code()), blob);
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]553 return Void();
554}
555
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]556Return<ErrorCode> KeymasterDevice::deleteKey(const hidl_vec<uint8_t>& keyBlob)
557{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]558 LOG(VERBOSE) << "Running KeymasterDevice::deleteKey";
559
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]560 DeleteKeyRequest request;
561 DeleteKeyResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]562
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]563 request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size());
564
565 KM_CALL(DeleteKey);
566
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]567 return translate_error_code(response.error_code());
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]568}
569
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]570Return<ErrorCode> KeymasterDevice::deleteAllKeys()
571{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]572 LOG(VERBOSE) << "Running KeymasterDevice::deleteAllKeys";
573
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]574 DeleteAllKeysRequest request;
575 DeleteAllKeysResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]576
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]577 KM_CALL(DeleteAllKeys);
578
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]579 return translate_error_code(response.error_code());
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]580}
581
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]582Return<ErrorCode> KeymasterDevice::destroyAttestationIds()
583{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]584 LOG(VERBOSE) << "Running KeymasterDevice::destroyAttestationIds";
585
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]586 DestroyAttestationIdsRequest request;
587 DestroyAttestationIdsResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]588
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]589 KM_CALL(DestroyAttestationIds);
590
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]591 return translate_error_code(response.error_code());
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]592}
593
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]594Return<void> KeymasterDevice::begin(
595 KeyPurpose purpose, const hidl_vec<uint8_t>& key,
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]596 const hidl_vec<KeyParameter>& inParams,
597 const HardwareAuthToken& authToken,
598 begin_cb _hidl_cb)
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]599{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]600 LOG(VERBOSE) << "Running KeymasterDevice::begin";
601
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]602 BeginOperationRequest request;
603 BeginOperationResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]604
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]605 request.set_purpose((::nugget::app::keymaster::KeyPurpose)purpose);
606 request.mutable_blob()->set_blob(&key[0], key.size());
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]607
608 hidl_vec<KeyParameter> params;
nagendra modadugu24945ea2018-05-16 17:55:39 -0700[diff] [blame]609 if (translate_auth_token(
610 authToken, request.mutable_auth_token()) != ErrorCode::OK) {
611 _hidl_cb(ErrorCode::INVALID_ARGUMENT, params,
612 response.handle().handle());
613 return Void();
614 }
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]615 if (hidl_params_to_pb(
616 inParams, request.mutable_params()) != ErrorCode::OK) {
617 _hidl_cb(ErrorCode::INVALID_ARGUMENT, params,
618 response.handle().handle());
619 return Void();
620 }
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]621
622 KM_CALLV(BeginOperation, hidl_vec<KeyParameter>{}, 0);
623
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]624 pb_to_hidl_params(response.params(), &params);
625
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]626 _hidl_cb(translate_error_code(response.error_code()), params,
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]627 response.handle().handle());
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]628 return Void();
629}
630
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]631Return<void> KeymasterDevice::update(
632 uint64_t operationHandle,
633 const hidl_vec<KeyParameter>& inParams,
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]634 const hidl_vec<uint8_t>& input,
635 const HardwareAuthToken& authToken,
636 const VerificationToken& verificationToken,
637 update_cb _hidl_cb)
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]638{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]639 LOG(VERBOSE) << "Running KeymasterDevice::update";
640
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]641 UpdateOperationRequest request;
642 UpdateOperationResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]643
nagendra modadugu19439672018-01-17 16:43:26 -0800[diff] [blame]644 if (input.size() > KM_MAX_PROTO_FIELD_SIZE) {
645 LOG(ERROR) << "Excess input length: " << input.size()
646 << "max allowed: " << KM_MAX_PROTO_FIELD_SIZE;
647 if (this->abort(operationHandle) != ErrorCode::OK) {
648 LOG(ERROR) << "abort( " << operationHandle
649 << ") failed";
650 }
651 _hidl_cb(ErrorCode::INVALID_INPUT_LENGTH, 0,
652 hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{});
653 return Void();
654 }
655
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]656 request.mutable_handle()->set_handle(operationHandle);
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]657
658 hidl_vec<KeyParameter> params;
659 hidl_vec<uint8_t> output;
660 if (hidl_params_to_pb(
661 inParams, request.mutable_params()) != ErrorCode::OK) {
662 _hidl_cb(ErrorCode::INVALID_ARGUMENT, 0, params, output);
663 return Void();
664 }
665
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]666 request.set_input(&input[0], input.size());
nagendra modadugu24945ea2018-05-16 17:55:39 -0700[diff] [blame]667 if (translate_auth_token(
668 authToken, request.mutable_auth_token()) != ErrorCode::OK) {
669 _hidl_cb(ErrorCode::INVALID_ARGUMENT, 0, params, output);
670 return Void();
671 }
672 translate_verification_token(verificationToken,
673 request.mutable_verification_token());
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]674
675 KM_CALLV(UpdateOperation, 0, hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{});
676
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]677 pb_to_hidl_params(response.params(), &params);
678 output.setToExternal(
679 reinterpret_cast<uint8_t*>(const_cast<char*>(response.output().data())),
680 response.output().size(), false);
681
682 _hidl_cb(ErrorCode::OK, response.consumed(), params, output);
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]683 return Void();
684}
685
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]686Return<void> KeymasterDevice::finish(
687 uint64_t operationHandle,
688 const hidl_vec<KeyParameter>& inParams,
689 const hidl_vec<uint8_t>& input,
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]690 const hidl_vec<uint8_t>& signature,
691 const HardwareAuthToken& authToken,
692 const VerificationToken& verificationToken,
693 finish_cb _hidl_cb)
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]694{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]695 LOG(VERBOSE) << "Running KeymasterDevice::finish";
696
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]697 FinishOperationRequest request;
698 FinishOperationResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]699
nagendra modadugu19439672018-01-17 16:43:26 -0800[diff] [blame]700 if (input.size() > KM_MAX_PROTO_FIELD_SIZE) {
701 LOG(ERROR) << "Excess input length: " << input.size()
702 << "max allowed: " << KM_MAX_PROTO_FIELD_SIZE;
703 if (this->abort(operationHandle) != ErrorCode::OK) {
704 LOG(ERROR) << "abort( " << operationHandle
705 << ") failed";
706 }
707 _hidl_cb(ErrorCode::INVALID_INPUT_LENGTH,
708 hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{});
709 return Void();
710 }
711
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]712 request.mutable_handle()->set_handle(operationHandle);
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]713
714 hidl_vec<KeyParameter> params;
715 hidl_vec<uint8_t> output;
716 if (hidl_params_to_pb(
717 inParams, request.mutable_params()) != ErrorCode::OK) {
718 _hidl_cb(ErrorCode::INVALID_ARGUMENT, params, output);
719 return Void();
720 }
721
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]722 request.set_input(&input[0], input.size());
723 request.set_signature(&signature[0], signature.size());
724
nagendra modadugu24945ea2018-05-16 17:55:39 -0700[diff] [blame]725 if (translate_auth_token(
726 authToken, request.mutable_auth_token()) != ErrorCode::OK) {
727 _hidl_cb(ErrorCode::INVALID_ARGUMENT, params, output);
728 return Void();
729 }
730 translate_verification_token(verificationToken,
731 request.mutable_verification_token());
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]732
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]733 KM_CALLV(FinishOperation, hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{});
734
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]735 pb_to_hidl_params(response.params(), &params);
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]736 output.setToExternal(
737 reinterpret_cast<uint8_t*>(const_cast<char*>(response.output().data())),
738 response.output().size(), false);
739
740 _hidl_cb(ErrorCode::OK, params, output);
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]741 return Void();
742}
743
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]744Return<ErrorCode> KeymasterDevice::abort(uint64_t operationHandle)
745{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]746 LOG(VERBOSE) << "Running KeymasterDevice::abort";
747
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]748 AbortOperationRequest request;
749 AbortOperationResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]750
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]751 request.mutable_handle()->set_handle(operationHandle);
752
753 KM_CALL(AbortOperation);
754
755 return ErrorCode::OK;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]756}
757
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]758// Methods from ::android::hardware::keymaster::V4_0::IKeymasterDevice follow.
759Return<void> KeymasterDevice::importWrappedKey(
760 const hidl_vec<uint8_t>& wrappedKeyData,
761 const hidl_vec<uint8_t>& wrappingKeyBlob,
762 const hidl_vec<uint8_t>& maskingKey,
nagendra modadugu9c231ef2018-01-19 15:51:59 -0800[diff] [blame]763 const hidl_vec<KeyParameter>& /* unwrappingParams */,
764 uint64_t /* passwordSid */, uint64_t /* biometricSid */,
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]765 importWrappedKey_cb _hidl_cb)
766{
767 LOG(VERBOSE) << "Running KeymasterDevice::importWrappedKey";
768
769 ErrorCode error;
770 ImportWrappedKeyRequest request;
771 ImportKeyResponse response;
772
773 if (maskingKey.size() != KM_WRAPPER_MASKING_KEY_SIZE) {
774 _hidl_cb(ErrorCode::INVALID_ARGUMENT, hidl_vec<uint8_t>{},
775 KeyCharacteristics{});
776 return Void();
777 }
778
779 error = import_wrapped_key_request(wrappedKeyData, wrappingKeyBlob,
780 maskingKey, &request);
781 if (error != ErrorCode::OK) {
782 LOG(ERROR) << "ImportWrappedKey request parsing failed with error "
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]783 << error;
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]784 _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{});
785 return Void();
786 }
787
788 KM_CALLV(ImportWrappedKey, hidl_vec<uint8_t>{}, KeyCharacteristics{});
789
790 hidl_vec<uint8_t> blob;
791 blob.setToExternal(
792 reinterpret_cast<uint8_t*>(
793 const_cast<char*>(response.blob().blob().data())),
794 response.blob().blob().size(), false);
795
796 KeyCharacteristics characteristics;
797 // TODO: anything to do here with softwareEnforced?
798 pb_to_hidl_params(response.characteristics().software_enforced(),
799 &characteristics.softwareEnforced);
800 error = pb_to_hidl_params(response.characteristics().tee_enforced(),
801 &characteristics.hardwareEnforced);
802 if (error != ErrorCode::OK) {
803 LOG(ERROR) <<
804 "KeymasterDevice::importWrappedKey: response tee_enforced :"
nagendra modadugue2914e42018-01-02 17:42:46 -0800[diff] [blame]805 << error;
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame]806 _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{});
807 return Void();
808 }
809
810 _hidl_cb(ErrorCode::OK, blob, characteristics);
811 return Void();
812}
813
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]814} // namespace keymaster
815} // namespace hardware
816} // namespace android