Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / ff4c4b1454d6861357c38d6ed758f5e84f395181 / . / ng / AndroidKeymaster4Device.cpp
blob: f06fcd96d87db179acb9c99e240fea74c10e9628 [file] [log] [blame]
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]1/*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18#define LOG_TAG "android.hardware.keymaster@4.0-impl"
19#include <log/log.h>
20
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]21#include "include/AndroidKeymaster4Device.h"
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]22
23#include <keymasterV4_0/authorization_set.h>
Shawn Willdenda495752020-01-15 17:46:30 -0700[diff] [blame]24#include <keymasterV4_0/keymaster_utils.h>
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]25
26#include <keymaster/android_keymaster.h>
27#include <keymaster/android_keymaster_messages.h>
28#include <keymaster/contexts/pure_soft_keymaster_context.h>
29#include <keymaster/contexts/soft_keymaster_context.h>
30#include <keymaster/keymaster_configuration.h>
31#include <keymaster/keymaster_enforcement.h>
32#include <keymaster/km_openssl/soft_keymaster_enforcement.h>
33
Shawn Willdenda495752020-01-15 17:46:30 -0700[diff] [blame]34using android::hardware::keymaster::V4_0::support::authToken2HidlVec;
35
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]36namespace keymaster {
37namespace V4_0 {
38namespace ng {
39
40namespace {
41
42constexpr size_t kOperationTableSize = 16;
43
44inline keymaster_tag_t legacy_enum_conversion(const Tag value) {
45 return keymaster_tag_t(value);
46}
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]47
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]48inline Tag legacy_enum_conversion(const keymaster_tag_t value) {
49 return Tag(value);
50}
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]51
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]52inline keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) {
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]53 return static_cast<keymaster_purpose_t>(value);
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]54}
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]55
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]56inline keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) {
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]57 return static_cast<keymaster_key_format_t>(value);
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]58}
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]59
60inline SecurityLevel legacy_enum_conversion(const keymaster_security_level_t value) {
61 return static_cast<SecurityLevel>(value);
62}
63
64inline hw_authenticator_type_t legacy_enum_conversion(const HardwareAuthenticatorType value) {
65 return static_cast<hw_authenticator_type_t>(value);
66}
67
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]68inline ErrorCode legacy_enum_conversion(const keymaster_error_t value) {
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]69 return static_cast<ErrorCode>(value);
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]70}
71
72inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
73 return keymaster_tag_get_type(tag);
74}
75
76class KmParamSet : public keymaster_key_param_set_t {
77 public:
Shawn Willdenda495752020-01-15 17:46:30 -0700[diff] [blame]78 explicit KmParamSet(const hidl_vec<KeyParameter>& keyParams)
79 : keymaster_key_param_set_t(hidlKeyParams2Km(keyParams)) {}
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]80 KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} {
81 other.length = 0;
82 other.params = nullptr;
83 }
84 KmParamSet(const KmParamSet&) = delete;
85 ~KmParamSet() { delete[] params; }
86};
87
88inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_key_blob_t& blob) {
89 hidl_vec<uint8_t> result;
90 result.setToExternal(const_cast<unsigned char*>(blob.key_material), blob.key_material_size);
91 return result;
92}
93
94inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_blob_t& blob) {
95 hidl_vec<uint8_t> result;
96 result.setToExternal(const_cast<unsigned char*>(blob.data), blob.data_length);
97 return result;
98}
99
100inline hidl_vec<uint8_t> kmBuffer2hidlVec(const ::keymaster::Buffer& buf) {
101 hidl_vec<uint8_t> result;
102 result.setToExternal(const_cast<unsigned char*>(buf.peek_read()), buf.available_read());
103 return result;
104}
105
106inline static hidl_vec<hidl_vec<uint8_t>>
107kmCertChain2Hidl(const keymaster_cert_chain_t& cert_chain) {
108 hidl_vec<hidl_vec<uint8_t>> result;
109 if (!cert_chain.entry_count || !cert_chain.entries)
110 return result;
111
112 result.resize(cert_chain.entry_count);
113 for (size_t i = 0; i < cert_chain.entry_count; ++i) {
114 result[i] = kmBlob2hidlVec(cert_chain.entries[i]);
115 }
116
117 return result;
118}
119
120static inline hidl_vec<KeyParameter> kmParamSet2Hidl(const keymaster_key_param_set_t& set) {
121 hidl_vec<KeyParameter> result;
122 if (set.length == 0 || set.params == nullptr)
123 return result;
124
125 result.resize(set.length);
126 keymaster_key_param_t* params = set.params;
127 for (size_t i = 0; i < set.length; ++i) {
128 auto tag = params[i].tag;
129 result[i].tag = legacy_enum_conversion(tag);
130 switch (typeFromTag(tag)) {
131 case KM_ENUM:
132 case KM_ENUM_REP:
133 result[i].f.integer = params[i].enumerated;
134 break;
135 case KM_UINT:
136 case KM_UINT_REP:
137 result[i].f.integer = params[i].integer;
138 break;
139 case KM_ULONG:
140 case KM_ULONG_REP:
141 result[i].f.longInteger = params[i].long_integer;
142 break;
143 case KM_DATE:
144 result[i].f.dateTime = params[i].date_time;
145 break;
146 case KM_BOOL:
147 result[i].f.boolValue = params[i].boolean;
148 break;
149 case KM_BIGNUM:
150 case KM_BYTES:
151 result[i].blob.setToExternal(const_cast<unsigned char*>(params[i].blob.data),
152 params[i].blob.data_length);
153 break;
154 case KM_INVALID:
155 default:
156 params[i].tag = KM_TAG_INVALID;
157 /* just skip */
158 break;
159 }
160 }
161 return result;
162}
163
164void addClientAndAppData(const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
165 ::keymaster::AuthorizationSet* params) {
166 params->Clear();
167 if (clientId.size()) {
168 params->push_back(::keymaster::TAG_APPLICATION_ID, clientId.data(), clientId.size());
169 }
170 if (appData.size()) {
171 params->push_back(::keymaster::TAG_APPLICATION_DATA, appData.data(), appData.size());
172 }
173}
174
175} // anonymous namespace
176
Shawn Willdenda495752020-01-15 17:46:30 -0700[diff] [blame]177keymaster_key_param_set_t hidlKeyParams2Km(const hidl_vec<KeyParameter>& keyParams) {
178 keymaster_key_param_set_t set;
179
180 set.params = new keymaster_key_param_t[keyParams.size()];
181 set.length = keyParams.size();
182
183 for (size_t i = 0; i < keyParams.size(); ++i) {
184 auto tag = legacy_enum_conversion(keyParams[i].tag);
185 switch (typeFromTag(tag)) {
186 case KM_ENUM:
187 case KM_ENUM_REP:
188 set.params[i] = keymaster_param_enum(tag, keyParams[i].f.integer);
189 break;
190 case KM_UINT:
191 case KM_UINT_REP:
192 set.params[i] = keymaster_param_int(tag, keyParams[i].f.integer);
193 break;
194 case KM_ULONG:
195 case KM_ULONG_REP:
196 set.params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger);
197 break;
198 case KM_DATE:
199 set.params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime);
200 break;
201 case KM_BOOL:
202 if (keyParams[i].f.boolValue)
203 set.params[i] = keymaster_param_bool(tag);
204 else
205 set.params[i].tag = KM_TAG_INVALID;
206 break;
207 case KM_BIGNUM:
208 case KM_BYTES:
209 set.params[i] =
210 keymaster_param_blob(tag, &keyParams[i].blob[0], keyParams[i].blob.size());
211 break;
212 case KM_INVALID:
213 default:
214 set.params[i].tag = KM_TAG_INVALID;
215 /* just skip */
216 break;
217 }
218 }
219
220 return set;
221}
222
Shawn Willden6daf9842020-11-19 10:11:47 -0700[diff] [blame]223AndroidKeymaster4Device::AndroidKeymaster4Device(KmVersion version, SecurityLevel securityLevel)
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]224 : impl_(new ::keymaster::AndroidKeymaster(
Shawn Willdena07577e2020-01-15 17:42:42 -0700[diff] [blame]225 [&]() -> auto {
226 auto context = new PureSoftKeymasterContext(
Shawn Willden6daf9842020-11-19 10:11:47 -0700[diff] [blame]227 version, static_cast<keymaster_security_level_t>(securityLevel));
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]228 context->SetSystemVersion(GetOsVersion(), GetOsPatchlevel());
229 return context;
230 }(),
Shawn Willdena07577e2020-01-15 17:42:42 -0700[diff] [blame]231 kOperationTableSize)),
232 securityLevel_(securityLevel) {}
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]233
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]234AndroidKeymaster4Device::~AndroidKeymaster4Device() {}
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]235
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]236Return<void> AndroidKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_cb) {
Janis Danisevskis265f9122018-01-02 17:02:21 -0800[diff] [blame]237 _hidl_cb(securityLevel_,
Shawn Willden8123da82017-10-31 09:01:26 -0600[diff] [blame]238 "SoftwareKeymasterDevice", "Google");
239 return Void();
240}
241
242Return<void>
243AndroidKeymaster4Device::getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) {
Shawn Willden8b940582018-01-02 10:53:39 -0700[diff] [blame]244 auto response = impl_->GetHmacSharingParameters();
245
246 ::android::hardware::keymaster::V4_0::HmacSharingParameters params;
247 params.seed.setToExternal(const_cast<uint8_t*>(response.params.seed.data),
248 response.params.seed.data_length);
249 static_assert(sizeof(response.params.nonce) == params.nonce.size(), "Nonce sizes don't match");
250 memcpy(params.nonce.data(), response.params.nonce, params.nonce.size());
251 _hidl_cb(legacy_enum_conversion(response.error), params);
Shawn Willden8123da82017-10-31 09:01:26 -0600[diff] [blame]252 return Void();
253}
254
Shawn Willden8b940582018-01-02 10:53:39 -0700[diff] [blame]255Return<void> AndroidKeymaster4Device::computeSharedHmac(
256 const hidl_vec<::android::hardware::keymaster::V4_0::HmacSharingParameters>& params,
257 computeSharedHmac_cb _hidl_cb) {
258 ComputeSharedHmacRequest request;
259 request.params_array.params_array = new keymaster::HmacSharingParameters[params.size()];
260 request.params_array.num_params = params.size();
261 for (size_t i = 0; i < params.size(); ++i) {
262 request.params_array.params_array[i].seed = {params[i].seed.data(), params[i].seed.size()};
263 static_assert(sizeof(request.params_array.params_array[i].nonce) ==
264 decltype(params[i].nonce)::size(),
265 "Nonce sizes don't match");
266 memcpy(request.params_array.params_array[i].nonce, params[i].nonce.data(),
267 params[i].nonce.size());
268 }
269
270 auto response = impl_->ComputeSharedHmac(request);
271 hidl_vec<uint8_t> sharing_check;
272 if (response.error == KM_ERROR_OK) sharing_check = kmBlob2hidlVec(response.sharing_check);
273
274 _hidl_cb(legacy_enum_conversion(response.error), sharing_check);
Shawn Willden8123da82017-10-31 09:01:26 -0600[diff] [blame]275 return Void();
276}
277
278Return<void> AndroidKeymaster4Device::verifyAuthorization(
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]279 uint64_t challenge, const hidl_vec<KeyParameter>& parametersToVerify,
280 const ::android::hardware::keymaster::V4_0::HardwareAuthToken& authToken,
281 verifyAuthorization_cb _hidl_cb) {
282
283 VerifyAuthorizationRequest request;
284 request.challenge = challenge;
285 request.parameters_to_verify.Reinitialize(KmParamSet(parametersToVerify));
286 request.auth_token.challenge = authToken.challenge;
287 request.auth_token.user_id = authToken.userId;
288 request.auth_token.authenticator_id = authToken.authenticatorId;
289 request.auth_token.authenticator_type = legacy_enum_conversion(authToken.authenticatorType);
290 request.auth_token.timestamp = authToken.timestamp;
291 KeymasterBlob mac(authToken.mac.data(), authToken.mac.size());
292 request.auth_token.mac = mac;
293
294 auto response = impl_->VerifyAuthorization(request);
295
296 ::android::hardware::keymaster::V4_0::VerificationToken token;
297 token.challenge = response.token.challenge;
298 token.timestamp = response.token.timestamp;
299 token.parametersVerified = kmParamSet2Hidl(response.token.parameters_verified);
300 token.securityLevel = legacy_enum_conversion(response.token.security_level);
301 token.mac = kmBlob2hidlVec(response.token.mac);
302
303 _hidl_cb(legacy_enum_conversion(response.error), token);
304
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]305 return Void();
306}
307
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]308Return<ErrorCode> AndroidKeymaster4Device::addRngEntropy(const hidl_vec<uint8_t>& data) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]309 if (data.size() == 0)
310 return ErrorCode::OK;
311 AddEntropyRequest request;
312 request.random_data.Reinitialize(data.data(), data.size());
313
314 AddEntropyResponse response;
315 impl_->AddRngEntropy(request, &response);
316
317 return legacy_enum_conversion(response.error);
318}
319
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]320Return<void> AndroidKeymaster4Device::generateKey(const hidl_vec<KeyParameter>& keyParams,
321 generateKey_cb _hidl_cb) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]322 GenerateKeyRequest request;
323 request.key_description.Reinitialize(KmParamSet(keyParams));
324
325 GenerateKeyResponse response;
326 impl_->GenerateKey(request, &response);
327
328 KeyCharacteristics resultCharacteristics;
329 hidl_vec<uint8_t> resultKeyBlob;
330 if (response.error == KM_ERROR_OK) {
331 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
332 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
333 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
334 }
335 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
336 return Void();
337}
338
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]339Return<void> AndroidKeymaster4Device::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
340 const hidl_vec<uint8_t>& clientId,
341 const hidl_vec<uint8_t>& appData,
342 getKeyCharacteristics_cb _hidl_cb) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]343 GetKeyCharacteristicsRequest request;
344 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
345 addClientAndAppData(clientId, appData, &request.additional_params);
346
347 GetKeyCharacteristicsResponse response;
348 impl_->GetKeyCharacteristics(request, &response);
349
350 KeyCharacteristics resultCharacteristics;
351 if (response.error == KM_ERROR_OK) {
352 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
353 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
354 }
355 _hidl_cb(legacy_enum_conversion(response.error), resultCharacteristics);
356 return Void();
357}
358
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]359Return<void> AndroidKeymaster4Device::importKey(const hidl_vec<KeyParameter>& params,
360 KeyFormat keyFormat,
361 const hidl_vec<uint8_t>& keyData,
362 importKey_cb _hidl_cb) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]363 ImportKeyRequest request;
364 request.key_description.Reinitialize(KmParamSet(params));
365 request.key_format = legacy_enum_conversion(keyFormat);
366 request.SetKeyMaterial(keyData.data(), keyData.size());
367
368 ImportKeyResponse response;
369 impl_->ImportKey(request, &response);
370
371 KeyCharacteristics resultCharacteristics;
372 hidl_vec<uint8_t> resultKeyBlob;
373 if (response.error == KM_ERROR_OK) {
374 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
375 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
376 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
377 }
378 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
379 return Void();
380}
381
Shawn Willden3c665a22018-01-19 13:32:42 -0700[diff] [blame]382Return<void> AndroidKeymaster4Device::importWrappedKey(
383 const hidl_vec<uint8_t>& wrappedKeyData, const hidl_vec<uint8_t>& wrappingKeyBlob,
384 const hidl_vec<uint8_t>& maskingKey, const hidl_vec<KeyParameter>& unwrappingParams,
385 uint64_t passwordSid, uint64_t biometricSid, importWrappedKey_cb _hidl_cb) {
Shawn Willdendd7e8a02018-01-12 13:03:37 -0700[diff] [blame]386
387 ImportWrappedKeyRequest request;
388 request.SetWrappedMaterial(wrappedKeyData.data(), wrappedKeyData.size());
389 request.SetWrappingMaterial(wrappingKeyBlob.data(), wrappingKeyBlob.size());
390 request.SetMaskingKeyMaterial(maskingKey.data(), maskingKey.size());
Shawn Willden3c665a22018-01-19 13:32:42 -0700[diff] [blame]391 request.additional_params.Reinitialize(KmParamSet(unwrappingParams));
392 request.password_sid = passwordSid;
393 request.biometric_sid = biometricSid;
Shawn Willdendd7e8a02018-01-12 13:03:37 -0700[diff] [blame]394
395 ImportWrappedKeyResponse response;
396 impl_->ImportWrappedKey(request, &response);
397
398 KeyCharacteristics resultCharacteristics;
399 hidl_vec<uint8_t> resultKeyBlob;
400 if (response.error == KM_ERROR_OK) {
401 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
402 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
403 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
404 }
405 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
Shawn Willden8123da82017-10-31 09:01:26 -0600[diff] [blame]406 return Void();
407}
408
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]409Return<void> AndroidKeymaster4Device::exportKey(KeyFormat exportFormat,
410 const hidl_vec<uint8_t>& keyBlob,
411 const hidl_vec<uint8_t>& clientId,
412 const hidl_vec<uint8_t>& appData,
413 exportKey_cb _hidl_cb) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]414 ExportKeyRequest request;
415 request.key_format = legacy_enum_conversion(exportFormat);
416 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
417 addClientAndAppData(clientId, appData, &request.additional_params);
418
419 ExportKeyResponse response;
420 impl_->ExportKey(request, &response);
421
422 hidl_vec<uint8_t> resultKeyBlob;
423 if (response.error == KM_ERROR_OK) {
424 resultKeyBlob.setToExternal(response.key_data, response.key_data_length);
425 }
426 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob);
427 return Void();
428}
429
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]430Return<void> AndroidKeymaster4Device::attestKey(const hidl_vec<uint8_t>& keyToAttest,
431 const hidl_vec<KeyParameter>& attestParams,
432 attestKey_cb _hidl_cb) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]433 AttestKeyRequest request;
434 request.SetKeyMaterial(keyToAttest.data(), keyToAttest.size());
435 request.attest_params.Reinitialize(KmParamSet(attestParams));
436
437 AttestKeyResponse response;
438 impl_->AttestKey(request, &response);
439
440 hidl_vec<hidl_vec<uint8_t>> resultCertChain;
441 if (response.error == KM_ERROR_OK) {
442 resultCertChain = kmCertChain2Hidl(response.certificate_chain);
443 }
444 _hidl_cb(legacy_enum_conversion(response.error), resultCertChain);
445 return Void();
446}
447
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]448Return<void> AndroidKeymaster4Device::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
449 const hidl_vec<KeyParameter>& upgradeParams,
450 upgradeKey_cb _hidl_cb) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]451 // There's nothing to be done to upgrade software key blobs. Further, the software
452 // implementation never returns ErrorCode::KEY_REQUIRES_UPGRADE, so this should never be called.
453 UpgradeKeyRequest request;
454 request.SetKeyMaterial(keyBlobToUpgrade.data(), keyBlobToUpgrade.size());
455 request.upgrade_params.Reinitialize(KmParamSet(upgradeParams));
456
457 UpgradeKeyResponse response;
458 impl_->UpgradeKey(request, &response);
459
460 if (response.error == KM_ERROR_OK) {
461 _hidl_cb(ErrorCode::OK, kmBlob2hidlVec(response.upgraded_key));
462 } else {
463 _hidl_cb(legacy_enum_conversion(response.error), hidl_vec<uint8_t>());
464 }
465 return Void();
466}
467
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]468Return<ErrorCode> AndroidKeymaster4Device::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]469 // There's nothing to be done to delete software key blobs.
470 DeleteKeyRequest request;
471 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
472
473 DeleteKeyResponse response;
474 impl_->DeleteKey(request, &response);
475
476 return legacy_enum_conversion(response.error);
477}
478
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]479Return<ErrorCode> AndroidKeymaster4Device::deleteAllKeys() {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]480 // There's nothing to be done to delete software key blobs.
481 DeleteAllKeysRequest request;
482 DeleteAllKeysResponse response;
483 impl_->DeleteAllKeys(request, &response);
484
485 return legacy_enum_conversion(response.error);
486}
487
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]488Return<ErrorCode> AndroidKeymaster4Device::destroyAttestationIds() {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]489 return ErrorCode::UNIMPLEMENTED;
490}
491
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]492Return<void> AndroidKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
493 const hidl_vec<KeyParameter>& inParams,
Shawn Willdenda495752020-01-15 17:46:30 -0700[diff] [blame]494 const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]495
496 BeginOperationRequest request;
497 request.purpose = legacy_enum_conversion(purpose);
498 request.SetKeyMaterial(key.data(), key.size());
499 request.additional_params.Reinitialize(KmParamSet(inParams));
500
Shawn Willdenda495752020-01-15 17:46:30 -0700[diff] [blame]501 hidl_vec<uint8_t> hidl_vec_token = authToken2HidlVec(authToken);
502 request.additional_params.push_back(
503 TAG_AUTH_TOKEN, reinterpret_cast<uint8_t*>(hidl_vec_token.data()), hidl_vec_token.size());
504
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]505 BeginOperationResponse response;
506 impl_->BeginOperation(request, &response);
507
508 hidl_vec<KeyParameter> resultParams;
Shawn Willdenda495752020-01-15 17:46:30 -0700[diff] [blame]509 if (response.error == KM_ERROR_OK) resultParams = kmParamSet2Hidl(response.output_params);
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]510
511 _hidl_cb(legacy_enum_conversion(response.error), resultParams, response.op_handle);
512 return Void();
513}
514
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]515Return<void> AndroidKeymaster4Device::update(uint64_t operationHandle,
516 const hidl_vec<KeyParameter>& inParams,
517 const hidl_vec<uint8_t>& input,
518 const HardwareAuthToken& /* authToken */,
Shawn Willden8123da82017-10-31 09:01:26 -0600[diff] [blame]519 const VerificationToken& /* verificationToken */,
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]520 update_cb _hidl_cb) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]521 UpdateOperationRequest request;
522 request.op_handle = operationHandle;
523 request.input.Reinitialize(input.data(), input.size());
524 request.additional_params.Reinitialize(KmParamSet(inParams));
525
526 UpdateOperationResponse response;
527 impl_->UpdateOperation(request, &response);
528
529 uint32_t resultConsumed = 0;
530 hidl_vec<KeyParameter> resultParams;
531 hidl_vec<uint8_t> resultBlob;
532 if (response.error == KM_ERROR_OK) {
533 resultConsumed = response.input_consumed;
534 resultParams = kmParamSet2Hidl(response.output_params);
535 resultBlob = kmBuffer2hidlVec(response.output);
536 }
537 _hidl_cb(legacy_enum_conversion(response.error), resultConsumed, resultParams, resultBlob);
538 return Void();
539}
540
Shawn Willden8123da82017-10-31 09:01:26 -0600[diff] [blame]541Return<void> AndroidKeymaster4Device::finish(uint64_t operationHandle,
542 const hidl_vec<KeyParameter>& inParams,
543 const hidl_vec<uint8_t>& input,
544 const hidl_vec<uint8_t>& signature,
545 const HardwareAuthToken& /* authToken */,
546 const VerificationToken& /* verificationToken */,
547 finish_cb _hidl_cb) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]548 FinishOperationRequest request;
549 request.op_handle = operationHandle;
550 request.input.Reinitialize(input.data(), input.size());
551 request.signature.Reinitialize(signature.data(), signature.size());
552 request.additional_params.Reinitialize(KmParamSet(inParams));
553
554 FinishOperationResponse response;
555 impl_->FinishOperation(request, &response);
556
557 hidl_vec<KeyParameter> resultParams;
558 hidl_vec<uint8_t> resultBlob;
559 if (response.error == KM_ERROR_OK) {
560 resultParams = kmParamSet2Hidl(response.output_params);
561 resultBlob = kmBuffer2hidlVec(response.output);
562 }
563 _hidl_cb(legacy_enum_conversion(response.error), resultParams, resultBlob);
564 return Void();
565}
566
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]567Return<ErrorCode> AndroidKeymaster4Device::abort(uint64_t operationHandle) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]568 AbortOperationRequest request;
569 request.op_handle = operationHandle;
570
571 AbortOperationResponse response;
572 impl_->AbortOperation(request, &response);
573
574 return legacy_enum_conversion(response.error);
575}
576
Janis Danisevskis265f9122018-01-02 17:02:21 -0800[diff] [blame]577IKeymasterDevice* CreateKeymasterDevice(SecurityLevel securityLevel) {
578 return new AndroidKeymaster4Device(securityLevel);
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]579}
580
581} // namespace ng
582} // namespace V4_0
583} // namespace keymaster