Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / nos / host / android / ec6673068d33b2be6fbfbabff35ac2381f158c3f / . / hals / keymaster / KeymasterDevice.cpp
blob: d63f808d43f1f08a6260eaf766ee3edb066dbcaf [file] [log] [blame]
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]1/*
2 * Copyright 2017, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#include "KeymasterDevice.h"
nagendra modadugu97471402017-09-27 14:01:00 -0700[diff] [blame]18#include "import_key.h"
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]19#include "import_wrapped_key.h"
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]20#include "proto_utils.h"
21
nagendra modadugu9e8c8562017-09-18 18:58:54 -0700[diff] [blame]22#include <Keymaster.client.h>
Andrew Scull8e96ff02017-10-09 11:09:09 +0100[diff] [blame]23#include <nos/debug.h>
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]24#include <nos/NuggetClient.h>
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]25
26#include <android-base/logging.h>
27
28namespace android {
29namespace hardware {
30namespace keymaster {
31
nagendra modadugu8a883372017-09-18 22:29:00 -0700[diff] [blame]32// std
33using std::string;
34
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]35// libhidl
36using ::android::hardware::Void;
37
38// HAL
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]39using ::android::hardware::keymaster::V4_0::Algorithm;
40using ::android::hardware::keymaster::V4_0::KeyCharacteristics;
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]41using ::android::hardware::keymaster::V3_0::KeyFormat;
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]42using ::android::hardware::keymaster::V4_0::SecurityLevel;
43using ::android::hardware::keymaster::V4_0::Tag;
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]44
45// nos
46using nos::NuggetClient;
47
48// Keymaster app
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]49// KM 3.0 types
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]50using ::nugget::app::keymaster::AddRngEntropyRequest;
51using ::nugget::app::keymaster::AddRngEntropyResponse;
52using ::nugget::app::keymaster::GenerateKeyRequest;
53using ::nugget::app::keymaster::GenerateKeyResponse;
54using ::nugget::app::keymaster::GetKeyCharacteristicsRequest;
55using ::nugget::app::keymaster::GetKeyCharacteristicsResponse;
56using ::nugget::app::keymaster::ImportKeyRequest;
57using ::nugget::app::keymaster::ImportKeyResponse;
58using ::nugget::app::keymaster::ExportKeyRequest;
59using ::nugget::app::keymaster::ExportKeyResponse;
60using ::nugget::app::keymaster::AttestKeyRequest;
61using ::nugget::app::keymaster::AttestKeyResponse;
62using ::nugget::app::keymaster::UpgradeKeyRequest;
63using ::nugget::app::keymaster::UpgradeKeyResponse;
64using ::nugget::app::keymaster::DeleteKeyRequest;
65using ::nugget::app::keymaster::DeleteKeyResponse;
66using ::nugget::app::keymaster::DeleteAllKeysRequest;
67using ::nugget::app::keymaster::DeleteAllKeysResponse;
68using ::nugget::app::keymaster::DestroyAttestationIdsRequest;
69using ::nugget::app::keymaster::DestroyAttestationIdsResponse;
70using ::nugget::app::keymaster::BeginOperationRequest;
71using ::nugget::app::keymaster::BeginOperationResponse;
72using ::nugget::app::keymaster::UpdateOperationRequest;
73using ::nugget::app::keymaster::UpdateOperationResponse;
74using ::nugget::app::keymaster::FinishOperationRequest;
75using ::nugget::app::keymaster::FinishOperationResponse;
76using ::nugget::app::keymaster::AbortOperationRequest;
77using ::nugget::app::keymaster::AbortOperationResponse;
78
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]79// KM 4.0 types
80using ::nugget::app::keymaster::ImportWrappedKeyRequest;
81
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]82static ErrorCode status_to_error_code(uint32_t status)
83{
84 switch (status) {
85 case APP_SUCCESS:
86 return ErrorCode::OK;
87 break;
88 case APP_ERROR_BOGUS_ARGS:
89 return ErrorCode::INVALID_ARGUMENT;
90 break;
91 case APP_ERROR_INTERNAL:
92 return ErrorCode::UNKNOWN_ERROR;
93 break;
94 case APP_ERROR_TOO_MUCH:
95 return ErrorCode::INSUFFICIENT_BUFFER_SPACE;
96 break;
97 case APP_ERROR_RPC:
98 return ErrorCode::SECURE_HW_COMMUNICATION_FAILED;
99 break;
100 // TODO: app specific error codes go here.
101 default:
102 return ErrorCode::UNKNOWN_ERROR;
103 break;
104 }
105}
106
Andrew Sculldc620df2017-09-29 14:07:56 +0100[diff] [blame]107#define KM_CALL(meth) { \
108 const uint32_t status = _keymaster. meth (request, &response); \
109 if (status != APP_SUCCESS) { \
110 LOG(ERROR) << #meth << " : request failed with status: " \
Andrew Scull8e96ff02017-10-09 11:09:09 +0100[diff] [blame]111 << nos::StatusCodeString(status); \
Andrew Sculldc620df2017-09-29 14:07:56 +0100[diff] [blame]112 return status_to_error_code(status); \
113 } \
114 if ((ErrorCode)response.error_code() != ErrorCode::OK) { \
115 LOG(ERROR) << #meth << " : device response error code: " \
116 << response.error_code(); \
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]117 /* TODO: translate error codes. */ \
Andrew Sculldc620df2017-09-29 14:07:56 +0100[diff] [blame]118 return (ErrorCode)response.error_code(); \
119 } \
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]120}
121
Andrew Sculldc620df2017-09-29 14:07:56 +0100[diff] [blame]122#define KM_CALLV(meth, ...) { \
123 const uint32_t status = _keymaster. meth (request, &response); \
124 if (status != APP_SUCCESS) { \
125 LOG(ERROR) << #meth << " : request failed with status: " \
Andrew Scull8e96ff02017-10-09 11:09:09 +0100[diff] [blame]126 << nos::StatusCodeString(status); \
Andrew Sculldc620df2017-09-29 14:07:56 +0100[diff] [blame]127 _hidl_cb(status_to_error_code(status), __VA_ARGS__); \
128 return Void(); \
129 } \
130 if ((ErrorCode)response.error_code() != ErrorCode::OK) { \
131 LOG(ERROR) << #meth << " : device response error code: " \
132 << response.error_code(); \
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]133 /* TODO: translate error codes. */ \
Andrew Sculldc620df2017-09-29 14:07:56 +0100[diff] [blame]134 _hidl_cb((ErrorCode)response.error_code(), __VA_ARGS__); \
135 return Void(); \
136 } \
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]137}
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]138
139// Methods from ::android::hardware::keymaster::V3_0::IKeymasterDevice follow.
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]140
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]141Return<void> KeymasterDevice::getHardwareInfo(
142 getHardwareInfo_cb _hidl_cb)
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]143{
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]144 LOG(VERBOSE) << "Running KeymasterDevice::getHardwareInfo";
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]145
nagendra modadugu8a883372017-09-18 22:29:00 -0700[diff] [blame]146 (void)_keymaster;
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]147 _hidl_cb(SecurityLevel::STRONGBOX,
148 string("CitadelKeymaster"), string("Google"));
149
150 return Void();
151}
152
153Return<void> KeymasterDevice::getHmacSharingParameters(
154 getHmacSharingParameters_cb _hidl_cb)
155{
156 LOG(VERBOSE) << "Running KeymasterDevice::getHmacSharingParameters";
157
158 (void)_keymaster;
159 _hidl_cb(ErrorCode::UNIMPLEMENTED, HmacSharingParameters());
160
161 return Void();
162}
163
164Return<void> KeymasterDevice::computeSharedHmac(
165 const hidl_vec<HmacSharingParameters>& params,
166 computeSharedHmac_cb _hidl_cb)
167{
168 LOG(VERBOSE) << "Running KeymasterDevice::computeSharedHmac";
169
170 (void)params;
171
172 (void)_keymaster;
173 _hidl_cb(ErrorCode::UNIMPLEMENTED, hidl_vec<uint8_t>{});
174
175 return Void();
176}
177
178Return<void> KeymasterDevice::verifyAuthorization(
179 uint64_t challenge, const hidl_vec<KeyParameter>& parametersToVerify,
180 const HardwareAuthToken& authToken, verifyAuthorization_cb _hidl_cb)
181{
182 LOG(VERBOSE) << "Running KeymasterDevice::verifyAuthorization";
183
184 (void)challenge;
185 (void)parametersToVerify;
186 (void)authToken;
187
188 (void)_keymaster;
189 _hidl_cb(ErrorCode::UNIMPLEMENTED, VerificationToken());
190
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]191 return Void();
192}
193
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]194Return<ErrorCode> KeymasterDevice::addRngEntropy(const hidl_vec<uint8_t>& data)
195{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]196 LOG(VERBOSE) << "Running KeymasterDevice::addRngEntropy";
197
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]198 if (!data.size()) return ErrorCode::OK;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]199
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]200 AddRngEntropyRequest request;
201 AddRngEntropyResponse response;
202 request.set_data(&data[0], data.size());
203
204 // Call device.
205 KM_CALL(AddRngEntropy);
206
207 return (ErrorCode)response.error_code();
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]208}
209
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]210Return<void> KeymasterDevice::generateKey(
211 const hidl_vec<KeyParameter>& keyParams,
212 generateKey_cb _hidl_cb)
213{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]214 LOG(VERBOSE) << "Running KeymasterDevice::generateKey";
215
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]216 GenerateKeyRequest request;
217 GenerateKeyResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]218
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]219 hidl_vec<uint8_t> blob;
220 KeyCharacteristics characteristics;
221 if (hidl_params_to_pb(
222 keyParams, request.mutable_params()) != ErrorCode::OK) {
223 _hidl_cb(ErrorCode::INVALID_ARGUMENT, blob, characteristics);
224 return Void();
225 }
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]226
227 // Call device.
228 KM_CALLV(GenerateKey, hidl_vec<uint8_t>{}, KeyCharacteristics());
229
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]230 blob.setToExternal(
231 reinterpret_cast<uint8_t*>(
232 const_cast<char*>(response.blob().blob().data())),
233 response.blob().blob().size(), false);
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]234 pb_to_hidl_params(response.characteristics().software_enforced(),
235 &characteristics.softwareEnforced);
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]236 pb_to_hidl_params(response.characteristics().tee_enforced(),
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]237 &characteristics.hardwareEnforced);
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]238
239 _hidl_cb((ErrorCode)response.error_code(), blob, characteristics);
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]240 return Void();
241}
242
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]243Return<void> KeymasterDevice::getKeyCharacteristics(
244 const hidl_vec<uint8_t>& keyBlob,
245 const hidl_vec<uint8_t>& clientId,
246 const hidl_vec<uint8_t>& appData,
247 getKeyCharacteristics_cb _hidl_cb)
248{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]249 LOG(VERBOSE) << "Running KeymasterDevice::getKeyCharacteristics";
250
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]251 GetKeyCharacteristicsRequest request;
252 GetKeyCharacteristicsResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]253
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]254 request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size());
255 request.set_client_id(&clientId[0], clientId.size());
256 request.set_app_data(&appData[0], appData.size());
257
258 // Call device.
259 KM_CALLV(GetKeyCharacteristics, KeyCharacteristics());
260
261 KeyCharacteristics characteristics;
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]262 pb_to_hidl_params(response.characteristics().software_enforced(),
263 &characteristics.softwareEnforced);
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]264 pb_to_hidl_params(response.characteristics().tee_enforced(),
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]265 &characteristics.hardwareEnforced);
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]266
267 _hidl_cb((ErrorCode)response.error_code(), characteristics);
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]268 return Void();
269}
270
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]271Return<void> KeymasterDevice::importKey(
272 const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
273 const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb)
274{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]275 LOG(VERBOSE) << "Running KeymasterDevice::importKey";
276
nagendra modadugu97471402017-09-27 14:01:00 -0700[diff] [blame]277 ErrorCode error;
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]278 ImportKeyRequest request;
279 ImportKeyResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]280
nagendra modadugu97471402017-09-27 14:01:00 -0700[diff] [blame]281 error = import_key_request(params, keyFormat, keyData, &request);
282 if (error != ErrorCode::OK) {
283 LOG(ERROR) << "ImportKey request parsing failed with error "
284 << (uint32_t)error;
285 _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{});
286 return Void();
287 }
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]288
289 KM_CALLV(ImportKey, hidl_vec<uint8_t>{}, KeyCharacteristics{});
290
291 hidl_vec<uint8_t> blob;
292 blob.setToExternal(
293 reinterpret_cast<uint8_t*>(
294 const_cast<char*>(response.blob().blob().data())),
295 response.blob().blob().size(), false);
296
297 KeyCharacteristics characteristics;
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]298 pb_to_hidl_params(response.characteristics().software_enforced(),
299 &characteristics.softwareEnforced);
nagendra modadugu97471402017-09-27 14:01:00 -0700[diff] [blame]300 error = pb_to_hidl_params(response.characteristics().tee_enforced(),
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]301 &characteristics.hardwareEnforced);
nagendra modadugu97471402017-09-27 14:01:00 -0700[diff] [blame]302 if (error != ErrorCode::OK) {
303 LOG(ERROR) << "KeymasterDevice::importKey: response tee_enforced :"
304 << (uint32_t)error;
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]305 _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{});
306 return Void();
nagendra modadugu97471402017-09-27 14:01:00 -0700[diff] [blame]307 }
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]308
309 _hidl_cb(ErrorCode::OK, blob, characteristics);
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]310 return Void();
311}
312
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]313Return<void> KeymasterDevice::exportKey(
314 KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
315 const hidl_vec<uint8_t>& clientId,
316 const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb)
317{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]318 LOG(VERBOSE) << "Running KeymasterDevice::exportKey";
319
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]320 ExportKeyRequest request;
321 ExportKeyResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]322
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]323 request.set_format((::nugget::app::keymaster::KeyFormat)exportFormat);
324 request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size());
325 request.set_client_id(&clientId[0], clientId.size());
326 request.set_app_data(&appData[0], appData.size());
327
328 KM_CALLV(ExportKey, hidl_vec<uint8_t>{});
329
330 hidl_vec<uint8_t> blob;
331 blob.setToExternal(
332 reinterpret_cast<uint8_t*>(
333 const_cast<char*>(response.key_material().data())),
334 response.key_material().size(), false);
335
336 _hidl_cb((ErrorCode)response.error_code(), blob);
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]337 return Void();
338}
339
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]340Return<void> KeymasterDevice::attestKey(
341 const hidl_vec<uint8_t>& keyToAttest,
342 const hidl_vec<KeyParameter>& attestParams,
343 attestKey_cb _hidl_cb)
344{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]345 LOG(VERBOSE) << "Running KeymasterDevice::attestKey";
346
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]347 AttestKeyRequest request;
348 AttestKeyResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]349
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]350 request.mutable_blob()->set_blob(&keyToAttest[0], keyToAttest.size());
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]351
352 vector<hidl_vec<uint8_t> > chain;
353 if (hidl_params_to_pb(
354 attestParams, request.mutable_params()) != ErrorCode::OK) {
355 _hidl_cb(ErrorCode::INVALID_ARGUMENT, chain);
356 return Void();
357 }
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]358
359 KM_CALLV(AttestKey, hidl_vec<hidl_vec<uint8_t> >{});
360
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]361 for (int i = 0; i < response.chain().certificates_size(); i++) {
362 hidl_vec<uint8_t> blob;
363 blob.setToExternal(
364 reinterpret_cast<uint8_t*>(
365 const_cast<char*>(
366 response.chain().certificates(i).data().data())),
367 response.chain().certificates(i).data().size(), false);
368 chain.push_back(blob);
369 }
370
371 _hidl_cb((ErrorCode)response.error_code(),
372 hidl_vec<hidl_vec<uint8_t> >(chain));
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]373 return Void();
374}
375
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]376Return<void> KeymasterDevice::upgradeKey(
377 const hidl_vec<uint8_t>& keyBlobToUpgrade,
378 const hidl_vec<KeyParameter>& upgradeParams,
379 upgradeKey_cb _hidl_cb)
380{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]381 LOG(VERBOSE) << "Running KeymasterDevice::upgradeKey";
382
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]383 UpgradeKeyRequest request;
384 UpgradeKeyResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]385
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]386 request.mutable_blob()->set_blob(&keyBlobToUpgrade[0],
387 keyBlobToUpgrade.size());
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]388
389 hidl_vec<uint8_t> blob;
390 if (hidl_params_to_pb(
391 upgradeParams, request.mutable_params()) != ErrorCode::OK) {
392 _hidl_cb(ErrorCode::INVALID_ARGUMENT, blob);
393 return Void();
394 }
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]395
396 KM_CALLV(UpgradeKey, hidl_vec<uint8_t>{});
397
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]398 blob.setToExternal(
399 reinterpret_cast<uint8_t*>(
400 const_cast<char*>(response.blob().blob().data())),
401 response.blob().blob().size(), false);
402
403 _hidl_cb((ErrorCode)response.error_code(), blob);
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]404 return Void();
405}
406
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]407Return<ErrorCode> KeymasterDevice::deleteKey(const hidl_vec<uint8_t>& keyBlob)
408{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]409 LOG(VERBOSE) << "Running KeymasterDevice::deleteKey";
410
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]411 DeleteKeyRequest request;
412 DeleteKeyResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]413
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]414 request.mutable_blob()->set_blob(&keyBlob[0], keyBlob.size());
415
416 KM_CALL(DeleteKey);
417
418 return (ErrorCode)response.error_code();
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]419}
420
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]421Return<ErrorCode> KeymasterDevice::deleteAllKeys()
422{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]423 LOG(VERBOSE) << "Running KeymasterDevice::deleteAllKeys";
424
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]425 DeleteAllKeysRequest request;
426 DeleteAllKeysResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]427
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]428 KM_CALL(DeleteAllKeys);
429
430 return (ErrorCode)response.error_code();
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]431}
432
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]433Return<ErrorCode> KeymasterDevice::destroyAttestationIds()
434{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]435 LOG(VERBOSE) << "Running KeymasterDevice::destroyAttestationIds";
436
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]437 DestroyAttestationIdsRequest request;
438 DestroyAttestationIdsResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]439
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]440 KM_CALL(DestroyAttestationIds);
441
442 return (ErrorCode)response.error_code();
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]443}
444
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]445Return<void> KeymasterDevice::begin(
446 KeyPurpose purpose, const hidl_vec<uint8_t>& key,
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]447 const hidl_vec<KeyParameter>& inParams,
448 const HardwareAuthToken& authToken,
449 begin_cb _hidl_cb)
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]450{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]451 LOG(VERBOSE) << "Running KeymasterDevice::begin";
452
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]453 BeginOperationRequest request;
454 BeginOperationResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]455
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]456 request.set_purpose((::nugget::app::keymaster::KeyPurpose)purpose);
457 request.mutable_blob()->set_blob(&key[0], key.size());
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]458 // TODO: set request.auth_token().
459 (void)authToken;
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]460
461 hidl_vec<KeyParameter> params;
462 if (hidl_params_to_pb(
463 inParams, request.mutable_params()) != ErrorCode::OK) {
464 _hidl_cb(ErrorCode::INVALID_ARGUMENT, params,
465 response.handle().handle());
466 return Void();
467 }
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]468
469 KM_CALLV(BeginOperation, hidl_vec<KeyParameter>{}, 0);
470
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]471 pb_to_hidl_params(response.params(), &params);
472
473 _hidl_cb((ErrorCode)response.error_code(), params,
474 response.handle().handle());
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]475 return Void();
476}
477
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]478Return<void> KeymasterDevice::update(
479 uint64_t operationHandle,
480 const hidl_vec<KeyParameter>& inParams,
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]481 const hidl_vec<uint8_t>& input,
482 const HardwareAuthToken& authToken,
483 const VerificationToken& verificationToken,
484 update_cb _hidl_cb)
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]485{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]486 LOG(VERBOSE) << "Running KeymasterDevice::update";
487
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]488 UpdateOperationRequest request;
489 UpdateOperationResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]490
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]491 request.mutable_handle()->set_handle(operationHandle);
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]492
493 hidl_vec<KeyParameter> params;
494 hidl_vec<uint8_t> output;
495 if (hidl_params_to_pb(
496 inParams, request.mutable_params()) != ErrorCode::OK) {
497 _hidl_cb(ErrorCode::INVALID_ARGUMENT, 0, params, output);
498 return Void();
499 }
500
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]501 request.set_input(&input[0], input.size());
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]502 // TODO: add authToken and verificationToken.
503 (void)authToken;
504 (void)verificationToken;
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]505
506 KM_CALLV(UpdateOperation, 0, hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{});
507
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]508 pb_to_hidl_params(response.params(), &params);
509 output.setToExternal(
510 reinterpret_cast<uint8_t*>(const_cast<char*>(response.output().data())),
511 response.output().size(), false);
512
513 _hidl_cb(ErrorCode::OK, response.consumed(), params, output);
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]514 return Void();
515}
516
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]517Return<void> KeymasterDevice::finish(
518 uint64_t operationHandle,
519 const hidl_vec<KeyParameter>& inParams,
520 const hidl_vec<uint8_t>& input,
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]521 const hidl_vec<uint8_t>& signature,
522 const HardwareAuthToken& authToken,
523 const VerificationToken& verificationToken,
524 finish_cb _hidl_cb)
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]525{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]526 LOG(VERBOSE) << "Running KeymasterDevice::finish";
527
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]528 FinishOperationRequest request;
529 FinishOperationResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]530
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]531 request.mutable_handle()->set_handle(operationHandle);
nagendra modadugue3ef4692017-10-25 23:58:07 -0700[diff] [blame]532
533 hidl_vec<KeyParameter> params;
534 hidl_vec<uint8_t> output;
535 if (hidl_params_to_pb(
536 inParams, request.mutable_params()) != ErrorCode::OK) {
537 _hidl_cb(ErrorCode::INVALID_ARGUMENT, params, output);
538 return Void();
539 }
540
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]541 request.set_input(&input[0], input.size());
542 request.set_signature(&signature[0], signature.size());
543
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]544 // TODO: add authToken and verificationToken.
545 (void)authToken;
546 (void)verificationToken;
547
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]548 KM_CALLV(FinishOperation, hidl_vec<KeyParameter>{}, hidl_vec<uint8_t>{});
549
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]550 pb_to_hidl_params(response.params(), &params);
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]551 output.setToExternal(
552 reinterpret_cast<uint8_t*>(const_cast<char*>(response.output().data())),
553 response.output().size(), false);
554
555 _hidl_cb(ErrorCode::OK, params, output);
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]556 return Void();
557}
558
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]559Return<ErrorCode> KeymasterDevice::abort(uint64_t operationHandle)
560{
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]561 LOG(VERBOSE) << "Running KeymasterDevice::abort";
562
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]563 AbortOperationRequest request;
564 AbortOperationResponse response;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]565
nagendra modadugu284b9392017-09-27 13:51:23 -0700[diff] [blame]566 request.mutable_handle()->set_handle(operationHandle);
567
568 KM_CALL(AbortOperation);
569
570 return ErrorCode::OK;
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]571}
572
nagendra modaduguec667302017-12-04 21:37:22 -0800[diff] [blame^]573// Methods from ::android::hardware::keymaster::V4_0::IKeymasterDevice follow.
574Return<void> KeymasterDevice::importWrappedKey(
575 const hidl_vec<uint8_t>& wrappedKeyData,
576 const hidl_vec<uint8_t>& wrappingKeyBlob,
577 const hidl_vec<uint8_t>& maskingKey,
578 importWrappedKey_cb _hidl_cb)
579{
580 LOG(VERBOSE) << "Running KeymasterDevice::importWrappedKey";
581
582 ErrorCode error;
583 ImportWrappedKeyRequest request;
584 ImportKeyResponse response;
585
586 if (maskingKey.size() != KM_WRAPPER_MASKING_KEY_SIZE) {
587 _hidl_cb(ErrorCode::INVALID_ARGUMENT, hidl_vec<uint8_t>{},
588 KeyCharacteristics{});
589 return Void();
590 }
591
592 error = import_wrapped_key_request(wrappedKeyData, wrappingKeyBlob,
593 maskingKey, &request);
594 if (error != ErrorCode::OK) {
595 LOG(ERROR) << "ImportWrappedKey request parsing failed with error "
596 << (uint32_t)error;
597 _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{});
598 return Void();
599 }
600
601 KM_CALLV(ImportWrappedKey, hidl_vec<uint8_t>{}, KeyCharacteristics{});
602
603 hidl_vec<uint8_t> blob;
604 blob.setToExternal(
605 reinterpret_cast<uint8_t*>(
606 const_cast<char*>(response.blob().blob().data())),
607 response.blob().blob().size(), false);
608
609 KeyCharacteristics characteristics;
610 // TODO: anything to do here with softwareEnforced?
611 pb_to_hidl_params(response.characteristics().software_enforced(),
612 &characteristics.softwareEnforced);
613 error = pb_to_hidl_params(response.characteristics().tee_enforced(),
614 &characteristics.hardwareEnforced);
615 if (error != ErrorCode::OK) {
616 LOG(ERROR) <<
617 "KeymasterDevice::importWrappedKey: response tee_enforced :"
618 << (uint32_t)error;
619 _hidl_cb(error, hidl_vec<uint8_t>{}, KeyCharacteristics{});
620 return Void();
621 }
622
623 _hidl_cb(ErrorCode::OK, blob, characteristics);
624 return Void();
625}
626
Andrew Sculle4e2ffc2017-08-10 10:03:20 +0100[diff] [blame]627} // namespace keymaster
628} // namespace hardware
629} // namespace android