1 /*
2 * Copyright 2020, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 /******************************************************************************
17 *
18 * The original Work has been changed by NXP.
19 *
20 * Licensed under the Apache License, Version 2.0 (the "License");
21 * you may not use this file except in compliance with the License.
22 * You may obtain a copy of the License at
23 *
24 * http://www.apache.org/licenses/LICENSE-2.0
25 *
26 * Unless required by applicable law or agreed to in writing, software
27 * distributed under the License is distributed on an "AS IS" BASIS,
28 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
29 * See the License for the specific language governing permissions and
30 * limitations under the License.
31 *
32 * Copyright 2022 NXP
33 *
34 ******************************************************************************/
35 #define LOG_TAG "javacard.keymint.device.strongbox-impl"
36 #include "JavacardKeyMintDevice.h"
37
38 #include <regex.h>
39
40 #include <algorithm>
41 #include <iostream>
42 #include <iterator>
43 #include <memory>
44 #include <memunreachable/memunreachable.h>
45 #include <string>
46 #include <vector>
47
48 #include <KeyMintUtils.h>
49 #include <android-base/logging.h>
50 #include <android-base/properties.h>
51 #include <hardware/hw_auth_token.h>
52 #include <keymaster/android_keymaster_messages.h>
53 #include <keymaster/wrapped_key.h>
54
55 #include "JavacardKeyMintOperation.h"
56 #include "JavacardSharedSecret.h"
57
58 namespace aidl::android::hardware::security::keymint {
59 using cppbor::Bstr;
60 using cppbor::EncodedItem;
61 using cppbor::Uint;
62 using ::keymaster::AuthorizationSet;
63 using ::keymaster::dup_buffer;
64 using ::keymaster::KeymasterBlob;
65 using ::keymaster::KeymasterKeyBlob;
66 using ::keymint::javacard::Instruction;
67 using std::string;
68
defaultHwInfo(KeyMintHardwareInfo * info)69 ScopedAStatus JavacardKeyMintDevice::defaultHwInfo(KeyMintHardwareInfo* info) {
70 info->versionNumber = 2;
71 info->keyMintAuthorName = "Google";
72 info->keyMintName = "JavacardKeymintDevice";
73 info->securityLevel = securitylevel_;
74 info->timestampTokenRequired = true;
75 return ScopedAStatus::ok();
76 }
77
getHardwareInfo(KeyMintHardwareInfo * info)78 ScopedAStatus JavacardKeyMintDevice::getHardwareInfo(KeyMintHardwareInfo* info) {
79 auto [item, err] = card_->sendRequest(Instruction::INS_GET_HW_INFO_CMD);
80 std::optional<string> optKeyMintName;
81 std::optional<string> optKeyMintAuthorName;
82 std::optional<uint64_t> optSecLevel;
83 std::optional<uint64_t> optVersion;
84 std::optional<uint64_t> optTsRequired;
85 if (err != KM_ERROR_OK || !(optVersion = cbor_.getUint64(item, 1)) ||
86 !(optSecLevel = cbor_.getUint64(item, 2)) ||
87 !(optKeyMintName = cbor_.getByteArrayStr(item, 3)) ||
88 !(optKeyMintAuthorName = cbor_.getByteArrayStr(item, 4)) ||
89 !(optTsRequired = cbor_.getUint64(item, 5))) {
90 LOG(ERROR) << "Error in response of getHardwareInfo.";
91 LOG(INFO) << "Returning defaultHwInfo in getHardwareInfo.";
92 return defaultHwInfo(info);
93 }
94 card_->initializeJavacard();
95 info->keyMintName = std::move(optKeyMintName.value());
96 info->keyMintAuthorName = std::move(optKeyMintAuthorName.value());
97 info->timestampTokenRequired = (optTsRequired.value() == 1);
98 info->securityLevel = static_cast<SecurityLevel>(std::move(optSecLevel.value()));
99 info->versionNumber = static_cast<int32_t>(std::move(optVersion.value()));
100 return ScopedAStatus::ok();
101 }
102
generateKey(const vector<KeyParameter> & keyParams,const optional<AttestationKey> & attestationKey,KeyCreationResult * creationResult)103 ScopedAStatus JavacardKeyMintDevice::generateKey(const vector<KeyParameter>& keyParams,
104 const optional<AttestationKey>& attestationKey,
105 KeyCreationResult* creationResult) {
106 card_->sendPendingEvents();
107 cppbor::Array array;
108 // add key params
109 cbor_.addKeyparameters(array, keyParams);
110 // add attestation key if any
111 cbor_.addAttestationKey(array, attestationKey);
112 auto [item, err] = card_->sendRequest(Instruction::INS_GENERATE_KEY_CMD, array);
113 if (err != KM_ERROR_OK) {
114 LOG(ERROR) << "Error in sending generateKey.";
115 return km_utils::kmError2ScopedAStatus(err);
116 }
117 auto optKeyBlob = cbor_.getByteArrayVec(item, 1);
118 auto optKeyChars = cbor_.getKeyCharacteristics(item, 2);
119 auto optCertChain = cbor_.getCertificateChain(item, 3);
120 if (!optKeyBlob || !optKeyChars || !optCertChain) {
121 LOG(ERROR) << "Error in decoding og response in generateKey.";
122 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
123 }
124 creationResult->keyCharacteristics = std::move(optKeyChars.value());
125 creationResult->certificateChain = std::move(optCertChain.value());
126 creationResult->keyBlob = std::move(optKeyBlob.value());
127 return ScopedAStatus::ok();
128 }
129
addRngEntropy(const vector<uint8_t> & data)130 ScopedAStatus JavacardKeyMintDevice::addRngEntropy(const vector<uint8_t>& data) {
131 cppbor::Array request;
132 // add key data
133 request.add(Bstr(data));
134 auto [item, err] = card_->sendRequest(Instruction::INS_ADD_RNG_ENTROPY_CMD, request);
135 if (err != KM_ERROR_OK) {
136 LOG(ERROR) << "Error in sending addRngEntropy.";
137 return km_utils::kmError2ScopedAStatus(err);
138 }
139 return ScopedAStatus::ok();
140 }
141
importKey(const vector<KeyParameter> & keyParams,KeyFormat keyFormat,const vector<uint8_t> & keyData,const optional<AttestationKey> & attestationKey,KeyCreationResult * creationResult)142 ScopedAStatus JavacardKeyMintDevice::importKey(const vector<KeyParameter>& keyParams,
143 KeyFormat keyFormat, const vector<uint8_t>& keyData,
144 const optional<AttestationKey>& attestationKey,
145 KeyCreationResult* creationResult) {
146 card_->sendPendingEvents();
147 cppbor::Array request;
148 // add key params
149 cbor_.addKeyparameters(request, keyParams);
150 // add key format
151 request.add(Uint(static_cast<uint8_t>(keyFormat)));
152 // add key data
153 request.add(Bstr(keyData));
154 // add attestation key if any
155 cbor_.addAttestationKey(request, attestationKey);
156
157 auto [item, err] = card_->sendRequest(Instruction::INS_IMPORT_KEY_CMD, request);
158 if (err != KM_ERROR_OK) {
159 LOG(ERROR) << "Error in sending data in importKey.";
160 return km_utils::kmError2ScopedAStatus(err);
161 }
162 auto optKeyBlob = cbor_.getByteArrayVec(item, 1);
163 auto optKeyChars = cbor_.getKeyCharacteristics(item, 2);
164 auto optCertChain = cbor_.getCertificateChain(item, 3);
165 if (!optKeyBlob || !optKeyChars || !optCertChain) {
166 LOG(ERROR) << "Error in decoding response in importKey.";
167 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
168 }
169 creationResult->keyCharacteristics = std::move(optKeyChars.value());
170 creationResult->certificateChain = std::move(optCertChain.value());
171 creationResult->keyBlob = std::move(optKeyBlob.value());
172 return ScopedAStatus::ok();
173 }
174
175 // import wrapped key is divided into 2 stage operation.
importWrappedKey(const vector<uint8_t> & wrappedKeyData,const vector<uint8_t> & wrappingKeyBlob,const vector<uint8_t> & maskingKey,const vector<KeyParameter> & unwrappingParams,int64_t passwordSid,int64_t biometricSid,KeyCreationResult * creationResult)176 ScopedAStatus JavacardKeyMintDevice::importWrappedKey(const vector<uint8_t>& wrappedKeyData,
177 const vector<uint8_t>& wrappingKeyBlob,
178 const vector<uint8_t>& maskingKey,
179 const vector<KeyParameter>& unwrappingParams,
180 int64_t passwordSid, int64_t biometricSid,
181 KeyCreationResult* creationResult) {
182 card_->sendPendingEvents();
183 cppbor::Array request;
184 std::unique_ptr<Item> item;
185 vector<uint8_t> keyBlob;
186 std::vector<uint8_t> response;
187 vector<KeyCharacteristics> keyCharacteristics;
188 std::vector<uint8_t> iv;
189 std::vector<uint8_t> transitKey;
190 std::vector<uint8_t> secureKey;
191 std::vector<uint8_t> tag;
192 vector<KeyParameter> authList;
193 KeyFormat keyFormat;
194 std::vector<uint8_t> wrappedKeyDescription;
195 keymaster_error_t errorCode = parseWrappedKey(wrappedKeyData, iv, transitKey, secureKey, tag,
196 authList, keyFormat, wrappedKeyDescription);
197 if (errorCode != KM_ERROR_OK) {
198 LOG(ERROR) << "Error in parse wrapped key in importWrappedKey.";
199 return km_utils::kmError2ScopedAStatus(errorCode);
200 }
201
202 // begin import
203 std::tie(item, errorCode) =
204 sendBeginImportWrappedKeyCmd(transitKey, wrappingKeyBlob, maskingKey, unwrappingParams);
205 if (errorCode != KM_ERROR_OK) {
206 LOG(ERROR) << "Error in send begin import wrapped key in importWrappedKey.";
207 return km_utils::kmError2ScopedAStatus(errorCode);
208 }
209 // Finish the import
210 std::tie(item, errorCode) = sendFinishImportWrappedKeyCmd(
211 authList, keyFormat, secureKey, tag, iv, wrappedKeyDescription, passwordSid, biometricSid);
212 if (errorCode != KM_ERROR_OK) {
213 LOG(ERROR) << "Error in send finish import wrapped key in importWrappedKey.";
214 return km_utils::kmError2ScopedAStatus(errorCode);
215 }
216 auto optKeyBlob = cbor_.getByteArrayVec(item, 1);
217 auto optKeyChars = cbor_.getKeyCharacteristics(item, 2);
218 auto optCertChain = cbor_.getCertificateChain(item, 3);
219 if (!optKeyBlob || !optKeyChars || !optCertChain) {
220 LOG(ERROR) << "Error in decoding the response in importWrappedKey.";
221 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
222 }
223 creationResult->keyCharacteristics = std::move(optKeyChars.value());
224 creationResult->certificateChain = std::move(optCertChain.value());
225 creationResult->keyBlob = std::move(optKeyBlob.value());
226 return ScopedAStatus::ok();
227 }
228
229 std::tuple<std::unique_ptr<Item>, keymaster_error_t>
sendBeginImportWrappedKeyCmd(const std::vector<uint8_t> & transitKey,const std::vector<uint8_t> & wrappingKeyBlob,const std::vector<uint8_t> & maskingKey,const vector<KeyParameter> & unwrappingParams)230 JavacardKeyMintDevice::sendBeginImportWrappedKeyCmd(const std::vector<uint8_t>& transitKey,
231 const std::vector<uint8_t>& wrappingKeyBlob,
232 const std::vector<uint8_t>& maskingKey,
233 const vector<KeyParameter>& unwrappingParams) {
234 Array request;
235 request.add(std::vector<uint8_t>(transitKey));
236 request.add(std::vector<uint8_t>(wrappingKeyBlob));
237 request.add(std::vector<uint8_t>(maskingKey));
238 cbor_.addKeyparameters(request, unwrappingParams);
239 return card_->sendRequest(Instruction::INS_BEGIN_IMPORT_WRAPPED_KEY_CMD, request);
240 }
241
242 std::tuple<std::unique_ptr<Item>, keymaster_error_t>
sendFinishImportWrappedKeyCmd(const vector<KeyParameter> & keyParams,KeyFormat keyFormat,const std::vector<uint8_t> & secureKey,const std::vector<uint8_t> & tag,const std::vector<uint8_t> & iv,const std::vector<uint8_t> & wrappedKeyDescription,int64_t passwordSid,int64_t biometricSid)243 JavacardKeyMintDevice::sendFinishImportWrappedKeyCmd(
244 const vector<KeyParameter>& keyParams, KeyFormat keyFormat,
245 const std::vector<uint8_t>& secureKey, const std::vector<uint8_t>& tag,
246 const std::vector<uint8_t>& iv, const std::vector<uint8_t>& wrappedKeyDescription,
247 int64_t passwordSid, int64_t biometricSid) {
248 Array request;
249 cbor_.addKeyparameters(request, keyParams);
250 request.add(static_cast<uint64_t>(keyFormat));
251 request.add(std::vector<uint8_t>(secureKey));
252 request.add(std::vector<uint8_t>(tag));
253 request.add(std::vector<uint8_t>(iv));
254 request.add(std::vector<uint8_t>(wrappedKeyDescription));
255 request.add(Uint(passwordSid));
256 request.add(Uint(biometricSid));
257 return card_->sendRequest(Instruction::INS_FINISH_IMPORT_WRAPPED_KEY_CMD, request);
258 }
259
upgradeKey(const vector<uint8_t> & keyBlobToUpgrade,const vector<KeyParameter> & upgradeParams,vector<uint8_t> * keyBlob)260 ScopedAStatus JavacardKeyMintDevice::upgradeKey(const vector<uint8_t>& keyBlobToUpgrade,
261 const vector<KeyParameter>& upgradeParams,
262 vector<uint8_t>* keyBlob) {
263 card_->sendPendingEvents();
264 cppbor::Array request;
265 // add key blob
266 request.add(Bstr(keyBlobToUpgrade));
267 // add key params
268 cbor_.addKeyparameters(request, upgradeParams);
269 auto [item, err] = card_->sendRequest(Instruction::INS_UPGRADE_KEY_CMD, request);
270 if (err != KM_ERROR_OK) {
271 LOG(ERROR) << "Error in sending in upgradeKey.";
272 return km_utils::kmError2ScopedAStatus(err);
273 }
274 auto optKeyBlob = cbor_.getByteArrayVec(item, 1);
275 if (!optKeyBlob) {
276 LOG(ERROR) << "Error in decoding the response in upgradeKey.";
277 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
278 }
279 *keyBlob = std::move(optKeyBlob.value());
280 return ScopedAStatus::ok();
281 }
282
deleteKey(const vector<uint8_t> & keyBlob)283 ScopedAStatus JavacardKeyMintDevice::deleteKey(const vector<uint8_t>& keyBlob) {
284 Array request;
285 request.add(Bstr(keyBlob));
286 auto [item, err] = card_->sendRequest(Instruction::INS_DELETE_KEY_CMD, request);
287 if (err != KM_ERROR_OK) {
288 LOG(ERROR) << "Error in sending in deleteKey.";
289 return km_utils::kmError2ScopedAStatus(err);
290 }
291 return ScopedAStatus::ok();
292 }
293
deleteAllKeys()294 ScopedAStatus JavacardKeyMintDevice::deleteAllKeys() {
295 auto [_, err] = card_->sendRequest(Instruction::INS_DELETE_ALL_KEYS_CMD);
296 if (err != KM_ERROR_OK) {
297 LOG(ERROR) << "Error in sending deleteAllKeys.";
298 card_->setDeleteAllKeysPending();
299 return km_utils::kmError2ScopedAStatus(err);
300 }
301 return ScopedAStatus::ok();
302 }
303
destroyAttestationIds()304 ScopedAStatus JavacardKeyMintDevice::destroyAttestationIds() {
305 auto [item, err] = card_->sendRequest(Instruction::INS_DESTROY_ATT_IDS_CMD);
306 if (err != KM_ERROR_OK) {
307 LOG(ERROR) << "Error in sending in destroyAttestationIds.";
308 return km_utils::kmError2ScopedAStatus(err);
309 }
310 return ScopedAStatus::ok();
311 }
312
begin(KeyPurpose purpose,const std::vector<uint8_t> & keyBlob,const std::vector<KeyParameter> & params,const std::optional<HardwareAuthToken> & authToken,BeginResult * result)313 ScopedAStatus JavacardKeyMintDevice::begin(KeyPurpose purpose, const std::vector<uint8_t>& keyBlob,
314 const std::vector<KeyParameter>& params,
315 const std::optional<HardwareAuthToken>& authToken,
316 BeginResult* result) {
317 card_->sendPendingEvents();
318 cppbor::Array array;
319 std::vector<uint8_t> response;
320 // make request
321 array.add(Uint(static_cast<uint64_t>(purpose)));
322 array.add(Bstr(keyBlob));
323 cbor_.addKeyparameters(array, params);
324 HardwareAuthToken token = authToken.value_or(HardwareAuthToken());
325 cbor_.addHardwareAuthToken(array, token);
326
327 auto [item, err] = card_->sendRequest(Instruction::INS_BEGIN_OPERATION_CMD, array);
328 if (err != KM_ERROR_OK) {
329 LOG(ERROR) << "Error in sending in begin.";
330 return km_utils::kmError2ScopedAStatus(err);
331 }
332 // return the result
333 auto keyParams = cbor_.getKeyParameters(item, 1);
334 auto optOpHandle = cbor_.getUint64(item, 2);
335 auto optBufMode = cbor_.getUint64(item, 3);
336 auto optMacLength = cbor_.getUint64(item, 4);
337
338 if (!keyParams || !optOpHandle || !optBufMode || !optMacLength) {
339 LOG(ERROR) << "Error in decoding the response in begin.";
340 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
341 }
342 result->params = std::move(keyParams.value());
343 result->challenge = optOpHandle.value();
344 result->operation = ndk::SharedRefBase::make<JavacardKeyMintOperation>(
345 static_cast<keymaster_operation_handle_t>(optOpHandle.value()),
346 static_cast<BufferingMode>(optBufMode.value()), optMacLength.value(), card_);
347 return ScopedAStatus::ok();
348 }
349
350 ScopedAStatus
deviceLocked(bool passwordOnly,const std::optional<TimeStampToken> & timestampToken)351 JavacardKeyMintDevice::deviceLocked(bool passwordOnly,
352 const std::optional<TimeStampToken>& timestampToken) {
353 Array request;
354 int8_t password = 1;
355 if (!passwordOnly) {
356 password = 0;
357 }
358 request.add(Uint(password));
359 cbor_.addTimeStampToken(request, timestampToken.value_or(TimeStampToken()));
360 auto [item, err] = card_->sendRequest(Instruction::INS_DEVICE_LOCKED_CMD, request);
361 if (err != KM_ERROR_OK) {
362 return km_utils::kmError2ScopedAStatus(err);
363 }
364 return ScopedAStatus::ok();
365 }
366
earlyBootEnded()367 ScopedAStatus JavacardKeyMintDevice::earlyBootEnded() {
368 auto [_, err] = card_->sendRequest(Instruction::INS_EARLY_BOOT_ENDED_CMD);
369 if (err != KM_ERROR_OK) {
370 LOG(ERROR) << "Error in sending earlyBootEnded.";
371 card_->setEarlyBootEndedPending();
372 return km_utils::kmError2ScopedAStatus(err);
373 }
374 return ScopedAStatus::ok();
375 }
376
getKeyCharacteristics(const std::vector<uint8_t> & keyBlob,const std::vector<uint8_t> & appId,const std::vector<uint8_t> & appData,std::vector<KeyCharacteristics> * result)377 ScopedAStatus JavacardKeyMintDevice::getKeyCharacteristics(
378 const std::vector<uint8_t>& keyBlob, const std::vector<uint8_t>& appId,
379 const std::vector<uint8_t>& appData, std::vector<KeyCharacteristics>* result) {
380 card_->sendPendingEvents();
381 cppbor::Array request;
382 request.add(vector<uint8_t>(keyBlob));
383 request.add(vector<uint8_t>(appId));
384 request.add(vector<uint8_t>(appData));
385 auto [item, err] = card_->sendRequest(Instruction::INS_GET_KEY_CHARACTERISTICS_CMD, request);
386 if (err != KM_ERROR_OK) {
387 LOG(ERROR) << "Error in sending in getKeyCharacteristics.";
388 return km_utils::kmError2ScopedAStatus(err);
389 }
390 auto optKeyChars = cbor_.getKeyCharacteristics(item, 1);
391 if (!optKeyChars) {
392 LOG(ERROR) << "Error in sending in upgradeKey.";
393 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
394 }
395 *result = std::move(optKeyChars.value());
396 return ScopedAStatus::ok();
397 }
398
getRootOfTrustChallenge(std::array<uint8_t,16> * challenge)399 ScopedAStatus JavacardKeyMintDevice::getRootOfTrustChallenge(std::array<uint8_t, 16>* challenge) {
400 auto [item, err] = card_->sendRequest(Instruction::INS_GET_ROT_CHALLENGE_CMD);
401 if (err != KM_ERROR_OK) {
402 LOG(ERROR) << "Error in sending in getRootOfTrustChallenge.";
403 return km_utils::kmError2ScopedAStatus(err);
404 }
405 auto optChallenge = cbor_.getByteArrayVec(item, 1);
406 if (!optChallenge) {
407 LOG(ERROR) << "Error in sending in upgradeKey.";
408 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
409 }
410 std::move(optChallenge->begin(), optChallenge->begin() + 16, challenge->begin());
411 return ScopedAStatus::ok();
412 }
413
getRootOfTrust(const std::array<uint8_t,16> &,std::vector<uint8_t> *)414 ScopedAStatus JavacardKeyMintDevice::getRootOfTrust(const std::array<uint8_t, 16>& /*challenge*/,
415 std::vector<uint8_t>* /*rootOfTrust*/) {
416 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED);
417 }
418
sendRootOfTrust(const std::vector<uint8_t> & rootOfTrust)419 ScopedAStatus JavacardKeyMintDevice::sendRootOfTrust(const std::vector<uint8_t>& rootOfTrust) {
420 cppbor::Array request;
421 request.add(EncodedItem(rootOfTrust)); // taggedItem.
422 auto [item, err] = card_->sendRequest(Instruction::INS_SEND_ROT_DATA_CMD, request);
423 if (err != KM_ERROR_OK) {
424 LOG(ERROR) << "Error in sending in sendRootOfTrust.";
425 return km_utils::kmError2ScopedAStatus(err);
426 }
427 LOG(INFO) << "JavacardKeyMintDevice::sendRootOfTrust success";
428 return ScopedAStatus::ok();
429 }
430
431 keymaster_error_t
parseWrappedKey(const vector<uint8_t> & wrappedKeyData,std::vector<uint8_t> & iv,std::vector<uint8_t> & transitKey,std::vector<uint8_t> & secureKey,std::vector<uint8_t> & tag,vector<KeyParameter> & authList,KeyFormat & keyFormat,std::vector<uint8_t> & wrappedKeyDescription)432 JavacardKeyMintDevice::parseWrappedKey(const vector<uint8_t>& wrappedKeyData,
433 std::vector<uint8_t>& iv, std::vector<uint8_t>& transitKey,
434 std::vector<uint8_t>& secureKey, std::vector<uint8_t>& tag,
435 vector<KeyParameter>& authList, KeyFormat& keyFormat,
436 std::vector<uint8_t>& wrappedKeyDescription) {
437 KeymasterBlob kmIv;
438 KeymasterKeyBlob kmTransitKey;
439 KeymasterKeyBlob kmSecureKey;
440 KeymasterBlob kmTag;
441 AuthorizationSet authSet;
442 keymaster_key_format_t kmKeyFormat;
443 KeymasterBlob kmWrappedKeyDescription;
444
445 size_t keyDataLen = wrappedKeyData.size();
446 uint8_t* keyData = dup_buffer(wrappedKeyData.data(), keyDataLen);
447 keymaster_key_blob_t keyMaterial = {keyData, keyDataLen};
448 keymaster_error_t error =
449 parse_wrapped_key(KeymasterKeyBlob(keyMaterial), &kmIv, &kmTransitKey, &kmSecureKey, &kmTag,
450 &authSet, &kmKeyFormat, &kmWrappedKeyDescription);
451 if (error != KM_ERROR_OK) {
452 LOG(ERROR) << "Error parsing wrapped key.";
453 return error;
454 }
455 iv = km_utils::kmBlob2vector(kmIv);
456 transitKey = km_utils::kmBlob2vector(kmTransitKey);
457 secureKey = km_utils::kmBlob2vector(kmSecureKey);
458 tag = km_utils::kmBlob2vector(kmTag);
459 authList = km_utils::kmParamSet2Aidl(authSet);
460 keyFormat = static_cast<KeyFormat>(kmKeyFormat);
461 wrappedKeyDescription = km_utils::kmBlob2vector(kmWrappedKeyDescription);
462 return KM_ERROR_OK;
463 }
464
convertStorageKeyToEphemeral(const std::vector<uint8_t> &,std::vector<uint8_t> *)465 ScopedAStatus JavacardKeyMintDevice::convertStorageKeyToEphemeral(
466 const std::vector<uint8_t>& /* storageKeyBlob */,
467 std::vector<uint8_t>* /* ephemeralKeyBlob */) {
468 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED);
469 }
dump(int,const char **,uint32_t)470 binder_status_t JavacardKeyMintDevice::dump(int /* fd */, const char** /* p */, uint32_t /* q */) {
471 LOG(INFO) << "\n KeyMint-JavacardKeyMintDevice HAL MemoryLeak Info = \n"
472 << ::android::GetUnreachableMemoryString(true, 10000).c_str();
473 return STATUS_OK;
474 }
475
476 } // namespace aidl::android::hardware::security::keymint
477