1 /*
2 **
3 ** Copyright 2018, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18 #define LOG_TAG "android.hardware.keymaster@4.0-impl.trusty"
19
20 #include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
21 #include <cutils/log.h>
22 #include <keymaster/android_keymaster_messages.h>
23 #include <keymaster/authorization_set.h>
24 #include <keymaster_tags.h>
25 #include <trusty_keymaster/TrustyKeymaster4Device.h>
26 #include <trusty_keymaster/ipc/trusty_keymaster_ipc.h>
27
28 using ::keymaster::AbortOperationRequest;
29 using ::keymaster::AbortOperationResponse;
30 using ::keymaster::AddEntropyRequest;
31 using ::keymaster::AddEntropyResponse;
32 using ::keymaster::AttestKeyRequest;
33 using ::keymaster::AttestKeyResponse;
34 using ::keymaster::AuthorizationSet;
35 using ::keymaster::BeginOperationRequest;
36 using ::keymaster::BeginOperationResponse;
37 using ::keymaster::ExportKeyRequest;
38 using ::keymaster::ExportKeyResponse;
39 using ::keymaster::FinishOperationRequest;
40 using ::keymaster::FinishOperationResponse;
41 using ::keymaster::GenerateKeyRequest;
42 using ::keymaster::GenerateKeyResponse;
43 using ::keymaster::GetKeyCharacteristicsRequest;
44 using ::keymaster::GetKeyCharacteristicsResponse;
45 using ::keymaster::ImportKeyRequest;
46 using ::keymaster::ImportKeyResponse;
47 using ::keymaster::UpdateOperationRequest;
48 using ::keymaster::UpdateOperationResponse;
49 using ::keymaster::ng::Tag;
50
51 typedef ::android::hardware::keymaster::V3_0::Tag Tag3;
52 using ::android::hardware::keymaster::V4_0::Constants;
53
54 namespace keymaster {
55 namespace V4_0 {
56 namespace {
57
legacy_enum_conversion(const Tag value)58 inline keymaster_tag_t legacy_enum_conversion(const Tag value) {
59 return keymaster_tag_t(value);
60 }
legacy_enum_conversion(const keymaster_tag_t value)61 inline Tag legacy_enum_conversion(const keymaster_tag_t value) {
62 return Tag(value);
63 }
legacy_enum_conversion(const KeyPurpose value)64 inline keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) {
65 return keymaster_purpose_t(value);
66 }
legacy_enum_conversion(const KeyFormat value)67 inline keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) {
68 return keymaster_key_format_t(value);
69 }
70
legacy_enum_conversion(const keymaster_security_level_t value)71 inline SecurityLevel legacy_enum_conversion(const keymaster_security_level_t value) {
72 return static_cast<SecurityLevel>(value);
73 }
74
legacy_enum_conversion(const HardwareAuthenticatorType value)75 inline hw_authenticator_type_t legacy_enum_conversion(const HardwareAuthenticatorType value) {
76 return static_cast<hw_authenticator_type_t>(value);
77 }
78
legacy_enum_conversion(const keymaster_error_t value)79 inline ErrorCode legacy_enum_conversion(const keymaster_error_t value) {
80 return ErrorCode(value);
81 }
82
typeFromTag(const keymaster_tag_t tag)83 inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
84 return keymaster_tag_get_type(tag);
85 }
86
87 /*
88 * injectAuthToken translates a KM4 authToken into a legacy AUTH_TOKEN tag
89 *
90 * Currently, system/keymaster's reference implementation only accepts this
91 * method for passing an auth token, so until that changes we need to
92 * translate to the old format.
93 */
injectAuthToken(const hidl_vec<KeyParameter> & keyParamsBase,const HardwareAuthToken & authToken)94 inline hidl_vec<KeyParameter> injectAuthToken(const hidl_vec<KeyParameter>& keyParamsBase,
95 const HardwareAuthToken& authToken) {
96 std::vector<KeyParameter> keyParams(keyParamsBase);
97 const size_t mac_len = static_cast<size_t>(Constants::AUTH_TOKEN_MAC_LENGTH);
98 /*
99 * mac.size() == 0 indicates no token provided, so we should not copy.
100 * mac.size() != mac_len means it is incompatible with the old
101 * hw_auth_token_t structure. This is forbidden by spec, but to be safe
102 * we only copy if mac.size() == mac_len, e.g. there is an authToken
103 * with a hw_auth_token_t compatible MAC.
104 */
105 if (authToken.mac.size() == mac_len) {
106 KeyParameter p;
107 p.tag = static_cast<Tag>(Tag3::AUTH_TOKEN);
108 p.blob.resize(sizeof(hw_auth_token_t));
109
110 hw_auth_token_t* auth_token = reinterpret_cast<hw_auth_token_t*>(p.blob.data());
111 auth_token->version = 0;
112 auth_token->challenge = authToken.challenge;
113 auth_token->user_id = authToken.userId;
114 auth_token->authenticator_id = authToken.authenticatorId;
115 auth_token->authenticator_type =
116 htobe32(static_cast<uint32_t>(authToken.authenticatorType));
117 auth_token->timestamp = htobe64(authToken.timestamp);
118 static_assert(mac_len == sizeof(auth_token->hmac));
119 memcpy(auth_token->hmac, authToken.mac.data(), mac_len);
120 keyParams.push_back(p);
121 }
122
123 return hidl_vec<KeyParameter>(std::move(keyParams));
124 }
125
126 class KmParamSet : public keymaster_key_param_set_t {
127 public:
KmParamSet(const hidl_vec<KeyParameter> & keyParams)128 KmParamSet(const hidl_vec<KeyParameter>& keyParams) {
129 params = new keymaster_key_param_t[keyParams.size()];
130 length = keyParams.size();
131 for (size_t i = 0; i < keyParams.size(); ++i) {
132 auto tag = legacy_enum_conversion(keyParams[i].tag);
133 switch (typeFromTag(tag)) {
134 case KM_ENUM:
135 case KM_ENUM_REP:
136 params[i] = keymaster_param_enum(tag, keyParams[i].f.integer);
137 break;
138 case KM_UINT:
139 case KM_UINT_REP:
140 params[i] = keymaster_param_int(tag, keyParams[i].f.integer);
141 break;
142 case KM_ULONG:
143 case KM_ULONG_REP:
144 params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger);
145 break;
146 case KM_DATE:
147 params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime);
148 break;
149 case KM_BOOL:
150 if (keyParams[i].f.boolValue)
151 params[i] = keymaster_param_bool(tag);
152 else
153 params[i].tag = KM_TAG_INVALID;
154 break;
155 case KM_BIGNUM:
156 case KM_BYTES:
157 params[i] = keymaster_param_blob(tag, &keyParams[i].blob[0],
158 keyParams[i].blob.size());
159 break;
160 case KM_INVALID:
161 default:
162 params[i].tag = KM_TAG_INVALID;
163 /* just skip */
164 break;
165 }
166 }
167 }
KmParamSet(KmParamSet && other)168 KmParamSet(KmParamSet&& other) noexcept
169 : keymaster_key_param_set_t{other.params, other.length} {
170 other.length = 0;
171 other.params = nullptr;
172 }
173 KmParamSet(const KmParamSet&) = delete;
~KmParamSet()174 ~KmParamSet() { delete[] params; }
175 };
176
kmBlob2hidlVec(const keymaster_key_blob_t & blob)177 inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_key_blob_t& blob) {
178 hidl_vec<uint8_t> result;
179 result.setToExternal(const_cast<unsigned char*>(blob.key_material), blob.key_material_size);
180 return result;
181 }
182
kmBlob2hidlVec(const keymaster_blob_t & blob)183 inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_blob_t& blob) {
184 hidl_vec<uint8_t> result;
185 result.setToExternal(const_cast<unsigned char*>(blob.data), blob.data_length);
186 return result;
187 }
188
kmBuffer2hidlVec(const::keymaster::Buffer & buf)189 inline hidl_vec<uint8_t> kmBuffer2hidlVec(const ::keymaster::Buffer& buf) {
190 hidl_vec<uint8_t> result;
191 result.setToExternal(const_cast<unsigned char*>(buf.peek_read()), buf.available_read());
192 return result;
193 }
194
kmCertChain2Hidl(const keymaster_cert_chain_t & cert_chain)195 inline static hidl_vec<hidl_vec<uint8_t>> kmCertChain2Hidl(
196 const keymaster_cert_chain_t& cert_chain) {
197 hidl_vec<hidl_vec<uint8_t>> result;
198 if (!cert_chain.entry_count || !cert_chain.entries) return result;
199
200 result.resize(cert_chain.entry_count);
201 for (size_t i = 0; i < cert_chain.entry_count; ++i) {
202 result[i] = kmBlob2hidlVec(cert_chain.entries[i]);
203 }
204
205 return result;
206 }
207
kmParamSet2Hidl(const keymaster_key_param_set_t & set)208 static inline hidl_vec<KeyParameter> kmParamSet2Hidl(const keymaster_key_param_set_t& set) {
209 hidl_vec<KeyParameter> result;
210 if (set.length == 0 || set.params == nullptr) return result;
211
212 result.resize(set.length);
213 keymaster_key_param_t* params = set.params;
214 for (size_t i = 0; i < set.length; ++i) {
215 auto tag = params[i].tag;
216 result[i].tag = legacy_enum_conversion(tag);
217 switch (typeFromTag(tag)) {
218 case KM_ENUM:
219 case KM_ENUM_REP:
220 result[i].f.integer = params[i].enumerated;
221 break;
222 case KM_UINT:
223 case KM_UINT_REP:
224 result[i].f.integer = params[i].integer;
225 break;
226 case KM_ULONG:
227 case KM_ULONG_REP:
228 result[i].f.longInteger = params[i].long_integer;
229 break;
230 case KM_DATE:
231 result[i].f.dateTime = params[i].date_time;
232 break;
233 case KM_BOOL:
234 result[i].f.boolValue = params[i].boolean;
235 break;
236 case KM_BIGNUM:
237 case KM_BYTES:
238 result[i].blob.setToExternal(const_cast<unsigned char*>(params[i].blob.data),
239 params[i].blob.data_length);
240 break;
241 case KM_INVALID:
242 default:
243 params[i].tag = KM_TAG_INVALID;
244 /* just skip */
245 break;
246 }
247 }
248 return result;
249 }
250
addClientAndAppData(const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,::keymaster::AuthorizationSet * params)251 void addClientAndAppData(const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
252 ::keymaster::AuthorizationSet* params) {
253 params->Clear();
254 if (clientId.size()) {
255 params->push_back(::keymaster::TAG_APPLICATION_ID, clientId.data(), clientId.size());
256 }
257 if (appData.size()) {
258 params->push_back(::keymaster::TAG_APPLICATION_DATA, appData.data(), appData.size());
259 }
260 }
261
262 } // anonymous namespace
263
TrustyKeymaster4Device(TrustyKeymaster * impl)264 TrustyKeymaster4Device::TrustyKeymaster4Device(TrustyKeymaster* impl) : impl_(impl) {}
265
~TrustyKeymaster4Device()266 TrustyKeymaster4Device::~TrustyKeymaster4Device() {}
267
getHardwareInfo(getHardwareInfo_cb _hidl_cb)268 Return<void> TrustyKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_cb) {
269 _hidl_cb(SecurityLevel::TRUSTED_ENVIRONMENT, "TrustyKeymaster", "Google");
270 return Void();
271 }
272
getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb)273 Return<void> TrustyKeymaster4Device::getHmacSharingParameters(
274 getHmacSharingParameters_cb _hidl_cb) {
275 const GetHmacSharingParametersResponse response = impl_->GetHmacSharingParameters();
276 // response.params is not the same as the HIDL structure, we need to convert it
277 V4_0::HmacSharingParameters params;
278 params.seed.setToExternal(const_cast<uint8_t*>(response.params.seed.data),
279 response.params.seed.data_length);
280 static_assert(sizeof(response.params.nonce) == params.nonce.size(), "Nonce sizes don't match");
281 memcpy(params.nonce.data(), response.params.nonce, params.nonce.size());
282 _hidl_cb(legacy_enum_conversion(response.error), params);
283 return Void();
284 }
285
computeSharedHmac(const hidl_vec<HmacSharingParameters> & params,computeSharedHmac_cb _hidl_cb)286 Return<void> TrustyKeymaster4Device::computeSharedHmac(
287 const hidl_vec<HmacSharingParameters>& params, computeSharedHmac_cb _hidl_cb) {
288 ComputeSharedHmacRequest request(impl_->message_version());
289 request.params_array.params_array = new keymaster::HmacSharingParameters[params.size()];
290 request.params_array.num_params = params.size();
291 for (size_t i = 0; i < params.size(); ++i) {
292 request.params_array.params_array[i].seed = {params[i].seed.data(), params[i].seed.size()};
293 static_assert(sizeof(request.params_array.params_array[i].nonce) ==
294 decltype(params[i].nonce)::size(),
295 "Nonce sizes don't match");
296 memcpy(request.params_array.params_array[i].nonce, params[i].nonce.data(),
297 params[i].nonce.size());
298 }
299
300 auto response = impl_->ComputeSharedHmac(request);
301 hidl_vec<uint8_t> sharing_check;
302 if (response.error == KM_ERROR_OK) {
303 sharing_check = kmBlob2hidlVec(response.sharing_check);
304 }
305
306 _hidl_cb(legacy_enum_conversion(response.error), sharing_check);
307 return Void();
308 }
309
verifyAuthorization(uint64_t challenge,const hidl_vec<KeyParameter> & parametersToVerify,const HardwareAuthToken & authToken,verifyAuthorization_cb _hidl_cb)310 Return<void> TrustyKeymaster4Device::verifyAuthorization(
311 uint64_t challenge, const hidl_vec<KeyParameter>& parametersToVerify,
312 const HardwareAuthToken& authToken, verifyAuthorization_cb _hidl_cb) {
313 VerifyAuthorizationRequest request(impl_->message_version());
314 request.challenge = challenge;
315 request.parameters_to_verify.Reinitialize(KmParamSet(parametersToVerify));
316 request.auth_token.challenge = authToken.challenge;
317 request.auth_token.user_id = authToken.userId;
318 request.auth_token.authenticator_id = authToken.authenticatorId;
319 request.auth_token.authenticator_type = legacy_enum_conversion(authToken.authenticatorType);
320 request.auth_token.timestamp = authToken.timestamp;
321 KeymasterBlob mac(authToken.mac.data(), authToken.mac.size());
322 request.auth_token.mac = mac;
323
324 auto response = impl_->VerifyAuthorization(request);
325
326 ::android::hardware::keymaster::V4_0::VerificationToken token;
327 token.challenge = response.token.challenge;
328 token.timestamp = response.token.timestamp;
329 token.parametersVerified = kmParamSet2Hidl(response.token.parameters_verified);
330 token.securityLevel = legacy_enum_conversion(response.token.security_level);
331 token.mac = kmBlob2hidlVec(response.token.mac);
332
333 _hidl_cb(legacy_enum_conversion(response.error), token);
334
335 return Void();
336 }
337
addRngEntropy(const hidl_vec<uint8_t> & data)338 Return<ErrorCode> TrustyKeymaster4Device::addRngEntropy(const hidl_vec<uint8_t>& data) {
339 if (data.size() == 0) return ErrorCode::OK;
340 AddEntropyRequest request(impl_->message_version());
341 request.random_data.Reinitialize(data.data(), data.size());
342
343 AddEntropyResponse response(impl_->message_version());
344 impl_->AddRngEntropy(request, &response);
345
346 return legacy_enum_conversion(response.error);
347 }
348
generateKey(const hidl_vec<KeyParameter> & keyParams,generateKey_cb _hidl_cb)349 Return<void> TrustyKeymaster4Device::generateKey(const hidl_vec<KeyParameter>& keyParams,
350 generateKey_cb _hidl_cb) {
351 GenerateKeyRequest request(impl_->message_version());
352 request.key_description.Reinitialize(KmParamSet(keyParams));
353
354 GenerateKeyResponse response(impl_->message_version());
355 impl_->GenerateKey(request, &response);
356
357 KeyCharacteristics resultCharacteristics;
358 hidl_vec<uint8_t> resultKeyBlob;
359 if (response.error == KM_ERROR_OK) {
360 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
361 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
362 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
363 }
364 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
365 return Void();
366 }
367
getKeyCharacteristics(const hidl_vec<uint8_t> & keyBlob,const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,getKeyCharacteristics_cb _hidl_cb)368 Return<void> TrustyKeymaster4Device::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
369 const hidl_vec<uint8_t>& clientId,
370 const hidl_vec<uint8_t>& appData,
371 getKeyCharacteristics_cb _hidl_cb) {
372 GetKeyCharacteristicsRequest request(impl_->message_version());
373 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
374 addClientAndAppData(clientId, appData, &request.additional_params);
375
376 GetKeyCharacteristicsResponse response(impl_->message_version());
377 impl_->GetKeyCharacteristics(request, &response);
378
379 KeyCharacteristics resultCharacteristics;
380 if (response.error == KM_ERROR_OK) {
381 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
382 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
383 }
384 _hidl_cb(legacy_enum_conversion(response.error), resultCharacteristics);
385 return Void();
386 }
387
importKey(const hidl_vec<KeyParameter> & params,KeyFormat keyFormat,const hidl_vec<uint8_t> & keyData,importKey_cb _hidl_cb)388 Return<void> TrustyKeymaster4Device::importKey(const hidl_vec<KeyParameter>& params,
389 KeyFormat keyFormat,
390 const hidl_vec<uint8_t>& keyData,
391 importKey_cb _hidl_cb) {
392 ImportKeyRequest request(impl_->message_version());
393 request.key_description.Reinitialize(KmParamSet(params));
394 request.key_format = legacy_enum_conversion(keyFormat);
395 request.key_data = KeymasterKeyBlob(keyData.data(), keyData.size());
396
397 ImportKeyResponse response(impl_->message_version());
398 impl_->ImportKey(request, &response);
399
400 KeyCharacteristics resultCharacteristics;
401 hidl_vec<uint8_t> resultKeyBlob;
402 if (response.error == KM_ERROR_OK) {
403 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
404 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
405 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
406 }
407 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
408 return Void();
409 }
410
importWrappedKey(const hidl_vec<uint8_t> & wrappedKeyData,const hidl_vec<uint8_t> & wrappingKeyBlob,const hidl_vec<uint8_t> & maskingKey,const hidl_vec<KeyParameter> & unwrappingParams,uint64_t passwordSid,uint64_t biometricSid,importWrappedKey_cb _hidl_cb)411 Return<void> TrustyKeymaster4Device::importWrappedKey(
412 const hidl_vec<uint8_t>& wrappedKeyData, const hidl_vec<uint8_t>& wrappingKeyBlob,
413 const hidl_vec<uint8_t>& maskingKey, const hidl_vec<KeyParameter>& unwrappingParams,
414 uint64_t passwordSid, uint64_t biometricSid, importWrappedKey_cb _hidl_cb) {
415 ImportWrappedKeyRequest request(impl_->message_version());
416 request.SetWrappedMaterial(wrappedKeyData.data(), wrappedKeyData.size());
417 request.SetWrappingMaterial(wrappingKeyBlob.data(), wrappingKeyBlob.size());
418 request.SetMaskingKeyMaterial(maskingKey.data(), maskingKey.size());
419 request.additional_params.Reinitialize(KmParamSet(unwrappingParams));
420 request.password_sid = passwordSid;
421 request.biometric_sid = biometricSid;
422
423 ImportWrappedKeyResponse response(impl_->message_version());
424 impl_->ImportWrappedKey(request, &response);
425
426 KeyCharacteristics resultCharacteristics;
427 hidl_vec<uint8_t> resultKeyBlob;
428 if (response.error == KM_ERROR_OK) {
429 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
430 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
431 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
432 }
433 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
434 return Void();
435 }
436
exportKey(KeyFormat exportFormat,const hidl_vec<uint8_t> & keyBlob,const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,exportKey_cb _hidl_cb)437 Return<void> TrustyKeymaster4Device::exportKey(KeyFormat exportFormat,
438 const hidl_vec<uint8_t>& keyBlob,
439 const hidl_vec<uint8_t>& clientId,
440 const hidl_vec<uint8_t>& appData,
441 exportKey_cb _hidl_cb) {
442 ExportKeyRequest request(impl_->message_version());
443 request.key_format = legacy_enum_conversion(exportFormat);
444 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
445 addClientAndAppData(clientId, appData, &request.additional_params);
446
447 ExportKeyResponse response(impl_->message_version());
448 impl_->ExportKey(request, &response);
449
450 hidl_vec<uint8_t> resultKeyBlob;
451 if (response.error == KM_ERROR_OK) {
452 resultKeyBlob.setToExternal(response.key_data, response.key_data_length);
453 }
454 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob);
455 return Void();
456 }
457
attestKey(const hidl_vec<uint8_t> & keyToAttest,const hidl_vec<KeyParameter> & attestParams,attestKey_cb _hidl_cb)458 Return<void> TrustyKeymaster4Device::attestKey(const hidl_vec<uint8_t>& keyToAttest,
459 const hidl_vec<KeyParameter>& attestParams,
460 attestKey_cb _hidl_cb) {
461 AttestKeyRequest request(impl_->message_version());
462 request.SetKeyMaterial(keyToAttest.data(), keyToAttest.size());
463 request.attest_params.Reinitialize(KmParamSet(attestParams));
464
465 AttestKeyResponse response(impl_->message_version());
466 impl_->AttestKey(request, &response);
467
468 hidl_vec<hidl_vec<uint8_t>> resultCertChain;
469 if (response.error == KM_ERROR_OK) {
470 resultCertChain = kmCertChain2Hidl(response.certificate_chain);
471 }
472 _hidl_cb(legacy_enum_conversion(response.error), resultCertChain);
473 return Void();
474 }
475
upgradeKey(const hidl_vec<uint8_t> & keyBlobToUpgrade,const hidl_vec<KeyParameter> & upgradeParams,upgradeKey_cb _hidl_cb)476 Return<void> TrustyKeymaster4Device::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
477 const hidl_vec<KeyParameter>& upgradeParams,
478 upgradeKey_cb _hidl_cb) {
479 UpgradeKeyRequest request(impl_->message_version());
480 request.SetKeyMaterial(keyBlobToUpgrade.data(), keyBlobToUpgrade.size());
481 request.upgrade_params.Reinitialize(KmParamSet(upgradeParams));
482
483 UpgradeKeyResponse response(impl_->message_version());
484 impl_->UpgradeKey(request, &response);
485
486 if (response.error == KM_ERROR_OK) {
487 _hidl_cb(ErrorCode::OK, kmBlob2hidlVec(response.upgraded_key));
488 } else {
489 _hidl_cb(legacy_enum_conversion(response.error), hidl_vec<uint8_t>());
490 }
491 return Void();
492 }
493
deleteKey(const hidl_vec<uint8_t> & keyBlob)494 Return<ErrorCode> TrustyKeymaster4Device::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
495 DeleteKeyRequest request(impl_->message_version());
496 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
497
498 DeleteKeyResponse response(impl_->message_version());
499 impl_->DeleteKey(request, &response);
500
501 return legacy_enum_conversion(response.error);
502 }
503
deleteAllKeys()504 Return<ErrorCode> TrustyKeymaster4Device::deleteAllKeys() {
505 DeleteAllKeysRequest request(impl_->message_version());
506 DeleteAllKeysResponse response(impl_->message_version());
507 impl_->DeleteAllKeys(request, &response);
508
509 return legacy_enum_conversion(response.error);
510 }
511
destroyAttestationIds()512 Return<ErrorCode> TrustyKeymaster4Device::destroyAttestationIds() {
513 return ErrorCode::UNIMPLEMENTED;
514 }
515
begin(KeyPurpose purpose,const hidl_vec<uint8_t> & key,const hidl_vec<KeyParameter> & inParams,const HardwareAuthToken & authToken,begin_cb _hidl_cb)516 Return<void> TrustyKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
517 const hidl_vec<KeyParameter>& inParams,
518 const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
519 hidl_vec<KeyParameter> extendedParams = injectAuthToken(inParams, authToken);
520 BeginOperationRequest request(impl_->message_version());
521 request.purpose = legacy_enum_conversion(purpose);
522 request.SetKeyMaterial(key.data(), key.size());
523 request.additional_params.Reinitialize(KmParamSet(extendedParams));
524
525 BeginOperationResponse response(impl_->message_version());
526 impl_->BeginOperation(request, &response);
527
528 hidl_vec<KeyParameter> resultParams;
529 if (response.error == KM_ERROR_OK) {
530 resultParams = kmParamSet2Hidl(response.output_params);
531 }
532
533 _hidl_cb(legacy_enum_conversion(response.error), resultParams, response.op_handle);
534 return Void();
535 }
536
update(uint64_t operationHandle,const hidl_vec<KeyParameter> & inParams,const hidl_vec<uint8_t> & input,const HardwareAuthToken & authToken,const VerificationToken & verificationToken,update_cb _hidl_cb)537 Return<void> TrustyKeymaster4Device::update(uint64_t operationHandle,
538 const hidl_vec<KeyParameter>& inParams,
539 const hidl_vec<uint8_t>& input,
540 const HardwareAuthToken& authToken,
541 const VerificationToken& verificationToken,
542 update_cb _hidl_cb) {
543 (void)verificationToken;
544 UpdateOperationRequest request(impl_->message_version());
545 UpdateOperationResponse response(impl_->message_version());
546 hidl_vec<KeyParameter> resultParams;
547 hidl_vec<uint8_t> resultBlob;
548 hidl_vec<KeyParameter> extendedParams = injectAuthToken(inParams, authToken);
549 uint32_t resultConsumed = 0;
550
551 request.op_handle = operationHandle;
552 request.additional_params.Reinitialize(KmParamSet(extendedParams));
553
554 size_t inp_size = input.size();
555 size_t ser_size = request.SerializedSize();
556
557 if (ser_size > TRUSTY_KEYMASTER_SEND_BUF_SIZE) {
558 response.error = KM_ERROR_INVALID_INPUT_LENGTH;
559 } else {
560 if (ser_size + inp_size > TRUSTY_KEYMASTER_SEND_BUF_SIZE) {
561 inp_size = TRUSTY_KEYMASTER_SEND_BUF_SIZE - ser_size;
562 }
563 request.input.Reinitialize(input.data(), inp_size);
564
565 impl_->UpdateOperation(request, &response);
566
567 if (response.error == KM_ERROR_OK) {
568 resultConsumed = response.input_consumed;
569 resultParams = kmParamSet2Hidl(response.output_params);
570 resultBlob = kmBuffer2hidlVec(response.output);
571 }
572 }
573 _hidl_cb(legacy_enum_conversion(response.error), resultConsumed, resultParams, resultBlob);
574 return Void();
575 }
576
finish(uint64_t operationHandle,const hidl_vec<KeyParameter> & inParams,const hidl_vec<uint8_t> & input,const hidl_vec<uint8_t> & signature,const HardwareAuthToken & authToken,const VerificationToken & verificationToken,finish_cb _hidl_cb)577 Return<void> TrustyKeymaster4Device::finish(uint64_t operationHandle,
578 const hidl_vec<KeyParameter>& inParams,
579 const hidl_vec<uint8_t>& input,
580 const hidl_vec<uint8_t>& signature,
581 const HardwareAuthToken& authToken,
582 const VerificationToken& verificationToken,
583 finish_cb _hidl_cb) {
584 (void)verificationToken;
585 FinishOperationRequest request(impl_->message_version());
586 hidl_vec<KeyParameter> extendedParams = injectAuthToken(inParams, authToken);
587 request.op_handle = operationHandle;
588 request.input.Reinitialize(input.data(), input.size());
589 request.signature.Reinitialize(signature.data(), signature.size());
590 request.additional_params.Reinitialize(KmParamSet(extendedParams));
591
592 FinishOperationResponse response(impl_->message_version());
593 impl_->FinishOperation(request, &response);
594
595 hidl_vec<KeyParameter> resultParams;
596 hidl_vec<uint8_t> resultBlob;
597 if (response.error == KM_ERROR_OK) {
598 resultParams = kmParamSet2Hidl(response.output_params);
599 resultBlob = kmBuffer2hidlVec(response.output);
600 }
601 _hidl_cb(legacy_enum_conversion(response.error), resultParams, resultBlob);
602 return Void();
603 }
604
abort(uint64_t operationHandle)605 Return<ErrorCode> TrustyKeymaster4Device::abort(uint64_t operationHandle) {
606 AbortOperationRequest request(impl_->message_version());
607 request.op_handle = operationHandle;
608
609 AbortOperationResponse response(impl_->message_version());
610 impl_->AbortOperation(request, &response);
611
612 return legacy_enum_conversion(response.error);
613 }
614 } // namespace V4_0
615 } // namespace keymaster
616