Gitiles
Code Review Sign In
gerrit.openfyde.cn / android.googlesource.com / platform / system / keymaster / fdeafb864cefd667ef85be50fdfa863339046791 / . / ng / AndroidKeymaster4Device.cpp
blob: 33b329f328fed8924e04664908fcef01b8d8281a [file] [log] [blame]
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]1/*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18#define LOG_TAG "android.hardware.keymaster@4.0-impl"
19#include <log/log.h>
20
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]21#include "include/AndroidKeymaster4Device.h"
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]22
23#include <keymasterV4_0/authorization_set.h>
Shawn Willdenda495752020-01-15 17:46:30 -0700[diff] [blame]24#include <keymasterV4_0/keymaster_utils.h>
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]25
26#include <keymaster/android_keymaster.h>
27#include <keymaster/android_keymaster_messages.h>
28#include <keymaster/contexts/pure_soft_keymaster_context.h>
29#include <keymaster/contexts/soft_keymaster_context.h>
30#include <keymaster/keymaster_configuration.h>
31#include <keymaster/keymaster_enforcement.h>
32#include <keymaster/km_openssl/soft_keymaster_enforcement.h>
33
Shawn Willdenda495752020-01-15 17:46:30 -0700[diff] [blame]34using android::hardware::keymaster::V4_0::support::authToken2HidlVec;
35
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]36namespace keymaster {
37namespace V4_0 {
38namespace ng {
39
40namespace {
41
42constexpr size_t kOperationTableSize = 16;
43
44inline keymaster_tag_t legacy_enum_conversion(const Tag value) {
45 return keymaster_tag_t(value);
46}
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]47
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]48inline Tag legacy_enum_conversion(const keymaster_tag_t value) {
49 return Tag(value);
50}
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]51
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]52inline keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) {
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]53 return static_cast<keymaster_purpose_t>(value);
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]54}
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]55
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]56inline keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) {
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]57 return static_cast<keymaster_key_format_t>(value);
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]58}
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]59
60inline SecurityLevel legacy_enum_conversion(const keymaster_security_level_t value) {
61 return static_cast<SecurityLevel>(value);
62}
63
64inline hw_authenticator_type_t legacy_enum_conversion(const HardwareAuthenticatorType value) {
65 return static_cast<hw_authenticator_type_t>(value);
66}
67
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]68inline ErrorCode legacy_enum_conversion(const keymaster_error_t value) {
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]69 return static_cast<ErrorCode>(value);
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]70}
71
72inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
73 return keymaster_tag_get_type(tag);
74}
75
76class KmParamSet : public keymaster_key_param_set_t {
77 public:
Shawn Willdenda495752020-01-15 17:46:30 -0700[diff] [blame]78 explicit KmParamSet(const hidl_vec<KeyParameter>& keyParams)
79 : keymaster_key_param_set_t(hidlKeyParams2Km(keyParams)) {}
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]80 KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} {
81 other.length = 0;
82 other.params = nullptr;
83 }
84 KmParamSet(const KmParamSet&) = delete;
85 ~KmParamSet() { delete[] params; }
86};
87
88inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_key_blob_t& blob) {
89 hidl_vec<uint8_t> result;
90 result.setToExternal(const_cast<unsigned char*>(blob.key_material), blob.key_material_size);
91 return result;
92}
93
94inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_blob_t& blob) {
95 hidl_vec<uint8_t> result;
96 result.setToExternal(const_cast<unsigned char*>(blob.data), blob.data_length);
97 return result;
98}
99
100inline hidl_vec<uint8_t> kmBuffer2hidlVec(const ::keymaster::Buffer& buf) {
101 hidl_vec<uint8_t> result;
102 result.setToExternal(const_cast<unsigned char*>(buf.peek_read()), buf.available_read());
103 return result;
104}
105
106inline static hidl_vec<hidl_vec<uint8_t>>
107kmCertChain2Hidl(const keymaster_cert_chain_t& cert_chain) {
108 hidl_vec<hidl_vec<uint8_t>> result;
Shawn Willden32873522020-12-14 22:29:46 -0700[diff] [blame]109 if (!cert_chain.entry_count || !cert_chain.entries) return result;
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]110
111 result.resize(cert_chain.entry_count);
112 for (size_t i = 0; i < cert_chain.entry_count; ++i) {
113 result[i] = kmBlob2hidlVec(cert_chain.entries[i]);
114 }
115
116 return result;
117}
118
119static inline hidl_vec<KeyParameter> kmParamSet2Hidl(const keymaster_key_param_set_t& set) {
120 hidl_vec<KeyParameter> result;
Shawn Willden32873522020-12-14 22:29:46 -0700[diff] [blame]121 if (set.length == 0 || set.params == nullptr) return result;
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]122
123 result.resize(set.length);
124 keymaster_key_param_t* params = set.params;
125 for (size_t i = 0; i < set.length; ++i) {
126 auto tag = params[i].tag;
127 result[i].tag = legacy_enum_conversion(tag);
128 switch (typeFromTag(tag)) {
129 case KM_ENUM:
130 case KM_ENUM_REP:
131 result[i].f.integer = params[i].enumerated;
132 break;
133 case KM_UINT:
134 case KM_UINT_REP:
135 result[i].f.integer = params[i].integer;
136 break;
137 case KM_ULONG:
138 case KM_ULONG_REP:
139 result[i].f.longInteger = params[i].long_integer;
140 break;
141 case KM_DATE:
142 result[i].f.dateTime = params[i].date_time;
143 break;
144 case KM_BOOL:
145 result[i].f.boolValue = params[i].boolean;
146 break;
147 case KM_BIGNUM:
148 case KM_BYTES:
149 result[i].blob.setToExternal(const_cast<unsigned char*>(params[i].blob.data),
150 params[i].blob.data_length);
151 break;
152 case KM_INVALID:
153 default:
154 params[i].tag = KM_TAG_INVALID;
155 /* just skip */
156 break;
157 }
158 }
159 return result;
160}
161
162void addClientAndAppData(const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
163 ::keymaster::AuthorizationSet* params) {
164 params->Clear();
165 if (clientId.size()) {
166 params->push_back(::keymaster::TAG_APPLICATION_ID, clientId.data(), clientId.size());
167 }
168 if (appData.size()) {
169 params->push_back(::keymaster::TAG_APPLICATION_DATA, appData.data(), appData.size());
170 }
171}
172
173} // anonymous namespace
174
Shawn Willdenda495752020-01-15 17:46:30 -0700[diff] [blame]175keymaster_key_param_set_t hidlKeyParams2Km(const hidl_vec<KeyParameter>& keyParams) {
176 keymaster_key_param_set_t set;
177
178 set.params = new keymaster_key_param_t[keyParams.size()];
179 set.length = keyParams.size();
180
181 for (size_t i = 0; i < keyParams.size(); ++i) {
182 auto tag = legacy_enum_conversion(keyParams[i].tag);
183 switch (typeFromTag(tag)) {
184 case KM_ENUM:
185 case KM_ENUM_REP:
186 set.params[i] = keymaster_param_enum(tag, keyParams[i].f.integer);
187 break;
188 case KM_UINT:
189 case KM_UINT_REP:
190 set.params[i] = keymaster_param_int(tag, keyParams[i].f.integer);
191 break;
192 case KM_ULONG:
193 case KM_ULONG_REP:
194 set.params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger);
195 break;
196 case KM_DATE:
197 set.params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime);
198 break;
199 case KM_BOOL:
200 if (keyParams[i].f.boolValue)
201 set.params[i] = keymaster_param_bool(tag);
202 else
203 set.params[i].tag = KM_TAG_INVALID;
204 break;
205 case KM_BIGNUM:
206 case KM_BYTES:
207 set.params[i] =
208 keymaster_param_blob(tag, &keyParams[i].blob[0], keyParams[i].blob.size());
209 break;
210 case KM_INVALID:
211 default:
212 set.params[i].tag = KM_TAG_INVALID;
213 /* just skip */
214 break;
215 }
216 }
217
218 return set;
219}
220
Shawn Willden6daf9842020-11-19 10:11:47 -0700[diff] [blame]221AndroidKeymaster4Device::AndroidKeymaster4Device(KmVersion version, SecurityLevel securityLevel)
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]222 : impl_(new ::keymaster::AndroidKeymaster(
Shawn Willdena07577e2020-01-15 17:42:42 -0700[diff] [blame]223 [&]() -> auto {
224 auto context = new PureSoftKeymasterContext(
Shawn Willden6daf9842020-11-19 10:11:47 -0700[diff] [blame]225 version, static_cast<keymaster_security_level_t>(securityLevel));
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]226 context->SetSystemVersion(GetOsVersion(), GetOsPatchlevel());
Janis Danisevskisc427c562021-10-29 09:34:54 -0700[diff] [blame]227 context->SetVendorPatchlevel(GetVendorPatchlevel());
228 // Software devices cannot be configured by the boot loader but they have
229 // to return a boot patch level. So lets just return the OS patch level.
230 // The OS patch level only has a year and a month so we just add the 1st
231 // of the month as day field.
232 context->SetBootPatchlevel(GetOsPatchlevel() * 100 + 1);
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]233 return context;
234 }(),
Shawn Willdena07577e2020-01-15 17:42:42 -0700[diff] [blame]235 kOperationTableSize)),
236 securityLevel_(securityLevel) {}
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]237
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]238AndroidKeymaster4Device::~AndroidKeymaster4Device() {}
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]239
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]240Return<void> AndroidKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_cb) {
Shawn Willden32873522020-12-14 22:29:46 -0700[diff] [blame]241 _hidl_cb(securityLevel_, "SoftwareKeymasterDevice", "Google");
Shawn Willden8123da82017-10-31 09:01:26 -0600[diff] [blame]242 return Void();
243}
244
245Return<void>
246AndroidKeymaster4Device::getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) {
Shawn Willden8b940582018-01-02 10:53:39 -0700[diff] [blame]247 auto response = impl_->GetHmacSharingParameters();
248
249 ::android::hardware::keymaster::V4_0::HmacSharingParameters params;
250 params.seed.setToExternal(const_cast<uint8_t*>(response.params.seed.data),
251 response.params.seed.data_length);
252 static_assert(sizeof(response.params.nonce) == params.nonce.size(), "Nonce sizes don't match");
253 memcpy(params.nonce.data(), response.params.nonce, params.nonce.size());
254 _hidl_cb(legacy_enum_conversion(response.error), params);
Shawn Willden8123da82017-10-31 09:01:26 -0600[diff] [blame]255 return Void();
256}
257
Shawn Willden8b940582018-01-02 10:53:39 -0700[diff] [blame]258Return<void> AndroidKeymaster4Device::computeSharedHmac(
259 const hidl_vec<::android::hardware::keymaster::V4_0::HmacSharingParameters>& params,
260 computeSharedHmac_cb _hidl_cb) {
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]261 ComputeSharedHmacRequest request(impl_->message_version());
Shawn Willden8b940582018-01-02 10:53:39 -0700[diff] [blame]262 request.params_array.params_array = new keymaster::HmacSharingParameters[params.size()];
263 request.params_array.num_params = params.size();
264 for (size_t i = 0; i < params.size(); ++i) {
265 request.params_array.params_array[i].seed = {params[i].seed.data(), params[i].seed.size()};
266 static_assert(sizeof(request.params_array.params_array[i].nonce) ==
267 decltype(params[i].nonce)::size(),
268 "Nonce sizes don't match");
269 memcpy(request.params_array.params_array[i].nonce, params[i].nonce.data(),
270 params[i].nonce.size());
271 }
272
273 auto response = impl_->ComputeSharedHmac(request);
274 hidl_vec<uint8_t> sharing_check;
275 if (response.error == KM_ERROR_OK) sharing_check = kmBlob2hidlVec(response.sharing_check);
276
277 _hidl_cb(legacy_enum_conversion(response.error), sharing_check);
Shawn Willden8123da82017-10-31 09:01:26 -0600[diff] [blame]278 return Void();
279}
280
281Return<void> AndroidKeymaster4Device::verifyAuthorization(
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]282 uint64_t challenge, const hidl_vec<KeyParameter>& parametersToVerify,
283 const ::android::hardware::keymaster::V4_0::HardwareAuthToken& authToken,
284 verifyAuthorization_cb _hidl_cb) {
285
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]286 VerifyAuthorizationRequest request(impl_->message_version());
Shawn Willden18534d52018-01-07 21:16:40 -0700[diff] [blame]287 request.challenge = challenge;
288 request.parameters_to_verify.Reinitialize(KmParamSet(parametersToVerify));
289 request.auth_token.challenge = authToken.challenge;
290 request.auth_token.user_id = authToken.userId;
291 request.auth_token.authenticator_id = authToken.authenticatorId;
292 request.auth_token.authenticator_type = legacy_enum_conversion(authToken.authenticatorType);
293 request.auth_token.timestamp = authToken.timestamp;
294 KeymasterBlob mac(authToken.mac.data(), authToken.mac.size());
295 request.auth_token.mac = mac;
296
297 auto response = impl_->VerifyAuthorization(request);
298
299 ::android::hardware::keymaster::V4_0::VerificationToken token;
300 token.challenge = response.token.challenge;
301 token.timestamp = response.token.timestamp;
302 token.parametersVerified = kmParamSet2Hidl(response.token.parameters_verified);
303 token.securityLevel = legacy_enum_conversion(response.token.security_level);
304 token.mac = kmBlob2hidlVec(response.token.mac);
305
306 _hidl_cb(legacy_enum_conversion(response.error), token);
307
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]308 return Void();
309}
310
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]311Return<ErrorCode> AndroidKeymaster4Device::addRngEntropy(const hidl_vec<uint8_t>& data) {
Shawn Willden32873522020-12-14 22:29:46 -0700[diff] [blame]312 if (data.size() == 0) return ErrorCode::OK;
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]313 AddEntropyRequest request(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]314 request.random_data.Reinitialize(data.data(), data.size());
315
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]316 AddEntropyResponse response(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]317 impl_->AddRngEntropy(request, &response);
318
319 return legacy_enum_conversion(response.error);
320}
321
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]322Return<void> AndroidKeymaster4Device::generateKey(const hidl_vec<KeyParameter>& keyParams,
323 generateKey_cb _hidl_cb) {
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]324 GenerateKeyRequest request(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]325 request.key_description.Reinitialize(KmParamSet(keyParams));
326
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]327 GenerateKeyResponse response(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]328 impl_->GenerateKey(request, &response);
329
330 KeyCharacteristics resultCharacteristics;
331 hidl_vec<uint8_t> resultKeyBlob;
332 if (response.error == KM_ERROR_OK) {
333 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
334 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
335 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
336 }
337 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
338 return Void();
339}
340
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]341Return<void> AndroidKeymaster4Device::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
342 const hidl_vec<uint8_t>& clientId,
343 const hidl_vec<uint8_t>& appData,
344 getKeyCharacteristics_cb _hidl_cb) {
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]345 GetKeyCharacteristicsRequest request(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]346 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
347 addClientAndAppData(clientId, appData, &request.additional_params);
348
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]349 GetKeyCharacteristicsResponse response(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]350 impl_->GetKeyCharacteristics(request, &response);
351
352 KeyCharacteristics resultCharacteristics;
353 if (response.error == KM_ERROR_OK) {
354 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
355 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
356 }
357 _hidl_cb(legacy_enum_conversion(response.error), resultCharacteristics);
358 return Void();
359}
360
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]361Return<void> AndroidKeymaster4Device::importKey(const hidl_vec<KeyParameter>& params,
362 KeyFormat keyFormat,
363 const hidl_vec<uint8_t>& keyData,
364 importKey_cb _hidl_cb) {
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]365 ImportKeyRequest request(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]366 request.key_description.Reinitialize(KmParamSet(params));
367 request.key_format = legacy_enum_conversion(keyFormat);
Shawn Willden6e20ea42020-12-21 18:52:34 -0700[diff] [blame]368 request.key_data = KeymasterKeyBlob(keyData.data(), keyData.size());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]369
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]370 ImportKeyResponse response(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]371 impl_->ImportKey(request, &response);
372
373 KeyCharacteristics resultCharacteristics;
374 hidl_vec<uint8_t> resultKeyBlob;
375 if (response.error == KM_ERROR_OK) {
376 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
377 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
378 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
379 }
380 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
381 return Void();
382}
383
Shawn Willden3c665a22018-01-19 13:32:42 -0700[diff] [blame]384Return<void> AndroidKeymaster4Device::importWrappedKey(
385 const hidl_vec<uint8_t>& wrappedKeyData, const hidl_vec<uint8_t>& wrappingKeyBlob,
386 const hidl_vec<uint8_t>& maskingKey, const hidl_vec<KeyParameter>& unwrappingParams,
387 uint64_t passwordSid, uint64_t biometricSid, importWrappedKey_cb _hidl_cb) {
Shawn Willdendd7e8a02018-01-12 13:03:37 -0700[diff] [blame]388
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]389 ImportWrappedKeyRequest request(impl_->message_version());
Shawn Willdendd7e8a02018-01-12 13:03:37 -0700[diff] [blame]390 request.SetWrappedMaterial(wrappedKeyData.data(), wrappedKeyData.size());
391 request.SetWrappingMaterial(wrappingKeyBlob.data(), wrappingKeyBlob.size());
392 request.SetMaskingKeyMaterial(maskingKey.data(), maskingKey.size());
Shawn Willden3c665a22018-01-19 13:32:42 -0700[diff] [blame]393 request.additional_params.Reinitialize(KmParamSet(unwrappingParams));
394 request.password_sid = passwordSid;
395 request.biometric_sid = biometricSid;
Shawn Willdendd7e8a02018-01-12 13:03:37 -0700[diff] [blame]396
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]397 ImportWrappedKeyResponse response(impl_->message_version());
Shawn Willdendd7e8a02018-01-12 13:03:37 -0700[diff] [blame]398 impl_->ImportWrappedKey(request, &response);
399
400 KeyCharacteristics resultCharacteristics;
401 hidl_vec<uint8_t> resultKeyBlob;
402 if (response.error == KM_ERROR_OK) {
403 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
404 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
405 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
406 }
407 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
Shawn Willden8123da82017-10-31 09:01:26 -0600[diff] [blame]408 return Void();
409}
410
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]411Return<void> AndroidKeymaster4Device::exportKey(KeyFormat exportFormat,
412 const hidl_vec<uint8_t>& keyBlob,
413 const hidl_vec<uint8_t>& clientId,
414 const hidl_vec<uint8_t>& appData,
415 exportKey_cb _hidl_cb) {
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]416 ExportKeyRequest request(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]417 request.key_format = legacy_enum_conversion(exportFormat);
418 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
419 addClientAndAppData(clientId, appData, &request.additional_params);
420
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]421 ExportKeyResponse response(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]422 impl_->ExportKey(request, &response);
423
424 hidl_vec<uint8_t> resultKeyBlob;
425 if (response.error == KM_ERROR_OK) {
426 resultKeyBlob.setToExternal(response.key_data, response.key_data_length);
427 }
428 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob);
429 return Void();
430}
431
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]432Return<void> AndroidKeymaster4Device::attestKey(const hidl_vec<uint8_t>& keyToAttest,
433 const hidl_vec<KeyParameter>& attestParams,
434 attestKey_cb _hidl_cb) {
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]435 AttestKeyRequest request(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]436 request.SetKeyMaterial(keyToAttest.data(), keyToAttest.size());
437 request.attest_params.Reinitialize(KmParamSet(attestParams));
438
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]439 AttestKeyResponse response(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]440 impl_->AttestKey(request, &response);
441
442 hidl_vec<hidl_vec<uint8_t>> resultCertChain;
443 if (response.error == KM_ERROR_OK) {
444 resultCertChain = kmCertChain2Hidl(response.certificate_chain);
445 }
446 _hidl_cb(legacy_enum_conversion(response.error), resultCertChain);
447 return Void();
448}
449
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]450Return<void> AndroidKeymaster4Device::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
451 const hidl_vec<KeyParameter>& upgradeParams,
452 upgradeKey_cb _hidl_cb) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]453 // There's nothing to be done to upgrade software key blobs. Further, the software
454 // implementation never returns ErrorCode::KEY_REQUIRES_UPGRADE, so this should never be called.
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]455 UpgradeKeyRequest request(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]456 request.SetKeyMaterial(keyBlobToUpgrade.data(), keyBlobToUpgrade.size());
457 request.upgrade_params.Reinitialize(KmParamSet(upgradeParams));
458
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]459 UpgradeKeyResponse response(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]460 impl_->UpgradeKey(request, &response);
461
462 if (response.error == KM_ERROR_OK) {
463 _hidl_cb(ErrorCode::OK, kmBlob2hidlVec(response.upgraded_key));
464 } else {
465 _hidl_cb(legacy_enum_conversion(response.error), hidl_vec<uint8_t>());
466 }
467 return Void();
468}
469
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]470Return<ErrorCode> AndroidKeymaster4Device::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]471 // There's nothing to be done to delete software key blobs.
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]472 DeleteKeyRequest request(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]473 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
474
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]475 DeleteKeyResponse response(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]476 impl_->DeleteKey(request, &response);
477
478 return legacy_enum_conversion(response.error);
479}
480
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]481Return<ErrorCode> AndroidKeymaster4Device::deleteAllKeys() {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]482 // There's nothing to be done to delete software key blobs.
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]483 DeleteAllKeysRequest request(impl_->message_version());
484 DeleteAllKeysResponse response(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]485 impl_->DeleteAllKeys(request, &response);
486
487 return legacy_enum_conversion(response.error);
488}
489
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]490Return<ErrorCode> AndroidKeymaster4Device::destroyAttestationIds() {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]491 return ErrorCode::UNIMPLEMENTED;
492}
493
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]494Return<void> AndroidKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
495 const hidl_vec<KeyParameter>& inParams,
Shawn Willdenda495752020-01-15 17:46:30 -0700[diff] [blame]496 const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]497
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]498 BeginOperationRequest request(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]499 request.purpose = legacy_enum_conversion(purpose);
500 request.SetKeyMaterial(key.data(), key.size());
501 request.additional_params.Reinitialize(KmParamSet(inParams));
502
Shawn Willdenda495752020-01-15 17:46:30 -0700[diff] [blame]503 hidl_vec<uint8_t> hidl_vec_token = authToken2HidlVec(authToken);
504 request.additional_params.push_back(
505 TAG_AUTH_TOKEN, reinterpret_cast<uint8_t*>(hidl_vec_token.data()), hidl_vec_token.size());
506
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]507 BeginOperationResponse response(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]508 impl_->BeginOperation(request, &response);
509
510 hidl_vec<KeyParameter> resultParams;
Shawn Willdenda495752020-01-15 17:46:30 -0700[diff] [blame]511 if (response.error == KM_ERROR_OK) resultParams = kmParamSet2Hidl(response.output_params);
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]512
513 _hidl_cb(legacy_enum_conversion(response.error), resultParams, response.op_handle);
514 return Void();
515}
516
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]517Return<void> AndroidKeymaster4Device::update(uint64_t operationHandle,
518 const hidl_vec<KeyParameter>& inParams,
519 const hidl_vec<uint8_t>& input,
bohu0fc94782021-08-05 20:19:27 -0700[diff] [blame]520 const HardwareAuthToken& authToken ,
Shawn Willden8123da82017-10-31 09:01:26 -0600[diff] [blame]521 const VerificationToken& /* verificationToken */,
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]522 update_cb _hidl_cb) {
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]523 UpdateOperationRequest request(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]524 request.op_handle = operationHandle;
525 request.input.Reinitialize(input.data(), input.size());
526 request.additional_params.Reinitialize(KmParamSet(inParams));
527
bohu0fc94782021-08-05 20:19:27 -0700[diff] [blame]528 hidl_vec<uint8_t> hidl_vec_token = authToken2HidlVec(authToken);
529 request.additional_params.push_back(
530 TAG_AUTH_TOKEN, reinterpret_cast<uint8_t*>(hidl_vec_token.data()), hidl_vec_token.size());
531
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]532 UpdateOperationResponse response(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]533 impl_->UpdateOperation(request, &response);
534
535 uint32_t resultConsumed = 0;
536 hidl_vec<KeyParameter> resultParams;
537 hidl_vec<uint8_t> resultBlob;
538 if (response.error == KM_ERROR_OK) {
539 resultConsumed = response.input_consumed;
540 resultParams = kmParamSet2Hidl(response.output_params);
541 resultBlob = kmBuffer2hidlVec(response.output);
542 }
543 _hidl_cb(legacy_enum_conversion(response.error), resultConsumed, resultParams, resultBlob);
544 return Void();
545}
546
Shawn Willden8123da82017-10-31 09:01:26 -0600[diff] [blame]547Return<void> AndroidKeymaster4Device::finish(uint64_t operationHandle,
548 const hidl_vec<KeyParameter>& inParams,
549 const hidl_vec<uint8_t>& input,
550 const hidl_vec<uint8_t>& signature,
bohu0fc94782021-08-05 20:19:27 -0700[diff] [blame]551 const HardwareAuthToken& authToken ,
Shawn Willden8123da82017-10-31 09:01:26 -0600[diff] [blame]552 const VerificationToken& /* verificationToken */,
553 finish_cb _hidl_cb) {
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]554 FinishOperationRequest request(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]555 request.op_handle = operationHandle;
556 request.input.Reinitialize(input.data(), input.size());
557 request.signature.Reinitialize(signature.data(), signature.size());
558 request.additional_params.Reinitialize(KmParamSet(inParams));
559
bohu0fc94782021-08-05 20:19:27 -0700[diff] [blame]560 hidl_vec<uint8_t> hidl_vec_token = authToken2HidlVec(authToken);
561 request.additional_params.push_back(
562 TAG_AUTH_TOKEN, reinterpret_cast<uint8_t*>(hidl_vec_token.data()), hidl_vec_token.size());
563
564
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]565 FinishOperationResponse response(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]566 impl_->FinishOperation(request, &response);
567
568 hidl_vec<KeyParameter> resultParams;
569 hidl_vec<uint8_t> resultBlob;
570 if (response.error == KM_ERROR_OK) {
571 resultParams = kmParamSet2Hidl(response.output_params);
572 resultBlob = kmBuffer2hidlVec(response.output);
573 }
574 _hidl_cb(legacy_enum_conversion(response.error), resultParams, resultBlob);
575 return Void();
576}
577
Shawn Willdenefd06732017-11-30 19:34:16 -0700[diff] [blame]578Return<ErrorCode> AndroidKeymaster4Device::abort(uint64_t operationHandle) {
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]579 AbortOperationRequest request(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]580 request.op_handle = operationHandle;
581
Shawn Willden950eb0b2021-01-06 19:15:29 +0000[diff] [blame]582 AbortOperationResponse response(impl_->message_version());
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]583 impl_->AbortOperation(request, &response);
584
585 return legacy_enum_conversion(response.error);
586}
587
Janis Danisevskis265f9122018-01-02 17:02:21 -0800[diff] [blame]588IKeymasterDevice* CreateKeymasterDevice(SecurityLevel securityLevel) {
589 return new AndroidKeymaster4Device(securityLevel);
Shawn Willden9e149572017-10-30 16:08:21 -0600[diff] [blame]590}
591
592} // namespace ng
593} // namespace V4_0
594} // namespace keymaster