blob: 5d1d4e9f3102b196a1177e41b8a80d871acbc261 [file] [log] [blame]
Shawn Willden815e8962020-12-11 13:05:27 +00001/*
2 * Copyright 2020, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "android.hardware.security.keymint-impl"
Shawn Willden763166c2021-01-10 19:45:01 -070018#include <android-base/logging.h>
Shawn Willden815e8962020-12-11 13:05:27 +000019
20#include "AndroidKeyMintDevice.h"
21
22#include <aidl/android/hardware/security/keymint/ErrorCode.h>
23
24#include <keymaster/android_keymaster.h>
25#include <keymaster/contexts/pure_soft_keymaster_context.h>
26#include <keymaster/keymaster_configuration.h>
27
28#include "AndroidKeyMintOperation.h"
29#include "KeyMintUtils.h"
30
31namespace aidl::android::hardware::security::keymint {
32
Shawn Willden9a3792e2021-04-08 09:38:14 -060033using namespace keymaster; // NOLINT(google-build-using-namespace)
34
35using km_utils::authToken2AidlVec;
36using km_utils::kmBlob2vector;
37using km_utils::kmError2ScopedAStatus;
38using km_utils::kmParam2Aidl;
39using km_utils::KmParamSet;
40using km_utils::kmParamSet2Aidl;
41using km_utils::legacy_enum_conversion;
Chirag Pathakb292e9a2021-02-02 07:28:09 +000042using secureclock::TimeStampToken;
Shawn Willden815e8962020-12-11 13:05:27 +000043
Shawn Willden763166c2021-01-10 19:45:01 -070044namespace {
45
46vector<KeyCharacteristics> convertKeyCharacteristics(SecurityLevel keyMintSecurityLevel,
47 const AuthorizationSet& sw_enforced,
48 const AuthorizationSet& hw_enforced) {
Shawn Willden09f47102021-01-15 15:21:56 -070049 KeyCharacteristics keyMintEnforced{keyMintSecurityLevel, {}};
Shawn Willden763166c2021-01-10 19:45:01 -070050
Shawn Willden763166c2021-01-10 19:45:01 -070051 if (keyMintSecurityLevel != SecurityLevel::SOFTWARE) {
Qi Wuf7c8e9d2021-02-11 03:14:52 +080052 // We're pretending to be TRUSTED_ENVIRONMENT or STRONGBOX.
Shawn Willden09f47102021-01-15 15:21:56 -070053 keyMintEnforced.authorizations = kmParamSet2Aidl(hw_enforced);
Qi Wuf7c8e9d2021-02-11 03:14:52 +080054 // Put all the software authorizations in the keystore list.
55 KeyCharacteristics keystoreEnforced{SecurityLevel::KEYSTORE, kmParamSet2Aidl(sw_enforced)};
56 return {std::move(keyMintEnforced), std::move(keystoreEnforced)};
Shawn Willden763166c2021-01-10 19:45:01 -070057 }
58
Shawn Willden09f47102021-01-15 15:21:56 -070059 KeyCharacteristics keystoreEnforced{SecurityLevel::KEYSTORE, {}};
Shawn Willden763166c2021-01-10 19:45:01 -070060 CHECK(hw_enforced.empty()) << "Hardware-enforced list is non-empty for pure SW KeyMint";
61
Shawn Willden09f47102021-01-15 15:21:56 -070062 // This is a pure software implementation, so all tags are in sw_enforced.
63 // We need to walk through the SW-enforced list and figure out which tags to
64 // return in the software list and which in the keystore list.
Shawn Willden763166c2021-01-10 19:45:01 -070065
66 for (auto& entry : sw_enforced) {
67 switch (entry.tag) {
68 /* Invalid and unused */
69 case KM_TAG_ECIES_SINGLE_HASH_MODE:
70 case KM_TAG_INVALID:
71 case KM_TAG_KDF:
Shawn Willden09f47102021-01-15 15:21:56 -070072 case KM_TAG_ROLLBACK_RESISTANCE:
Shawn Willden763166c2021-01-10 19:45:01 -070073 CHECK(false) << "We shouldn't see tag " << entry.tag;
74 break;
75
76 /* Unimplemented */
77 case KM_TAG_ALLOW_WHILE_ON_BODY:
Shawn Willden763166c2021-01-10 19:45:01 -070078 case KM_TAG_BOOTLOADER_ONLY:
79 case KM_TAG_EARLY_BOOT_ONLY:
Shawn Willden763166c2021-01-10 19:45:01 -070080 case KM_TAG_ROLLBACK_RESISTANT:
81 case KM_TAG_STORAGE_KEY:
Shawn Willden09f47102021-01-15 15:21:56 -070082 case KM_TAG_TRUSTED_CONFIRMATION_REQUIRED:
83 case KM_TAG_TRUSTED_USER_PRESENCE_REQUIRED:
Shawn Willden763166c2021-01-10 19:45:01 -070084 break;
85
86 /* Unenforceable */
Shawn Willden763166c2021-01-10 19:45:01 -070087 case KM_TAG_CREATION_DATETIME:
Shawn Willden763166c2021-01-10 19:45:01 -070088 break;
89
90 /* Disallowed in KeyCharacteristics */
91 case KM_TAG_APPLICATION_DATA:
Shawn Willden09f47102021-01-15 15:21:56 -070092 case KM_TAG_ATTESTATION_APPLICATION_ID:
Shawn Willden763166c2021-01-10 19:45:01 -070093 break;
94
95 /* Not key characteristics */
96 case KM_TAG_ASSOCIATED_DATA:
Shawn Willden763166c2021-01-10 19:45:01 -070097 case KM_TAG_ATTESTATION_CHALLENGE:
98 case KM_TAG_ATTESTATION_ID_BRAND:
99 case KM_TAG_ATTESTATION_ID_DEVICE:
100 case KM_TAG_ATTESTATION_ID_IMEI:
101 case KM_TAG_ATTESTATION_ID_MANUFACTURER:
102 case KM_TAG_ATTESTATION_ID_MEID:
103 case KM_TAG_ATTESTATION_ID_MODEL:
104 case KM_TAG_ATTESTATION_ID_PRODUCT:
105 case KM_TAG_ATTESTATION_ID_SERIAL:
106 case KM_TAG_AUTH_TOKEN:
107 case KM_TAG_CERTIFICATE_SERIAL:
108 case KM_TAG_CERTIFICATE_SUBJECT:
Janis Danisevskisa5780e22021-01-31 22:05:22 -0800109 case KM_TAG_CERTIFICATE_NOT_AFTER:
110 case KM_TAG_CERTIFICATE_NOT_BEFORE:
Shawn Willden763166c2021-01-10 19:45:01 -0700111 case KM_TAG_CONFIRMATION_TOKEN:
112 case KM_TAG_DEVICE_UNIQUE_ATTESTATION:
113 case KM_TAG_IDENTITY_CREDENTIAL_KEY:
114 case KM_TAG_MAC_LENGTH:
115 case KM_TAG_NONCE:
116 case KM_TAG_RESET_SINCE_ID_ROTATION:
117 case KM_TAG_ROOT_OF_TRUST:
118 case KM_TAG_UNIQUE_ID:
119 break;
120
Shawn Willden09f47102021-01-15 15:21:56 -0700121 /* KeyMint-enforced */
Shawn Willden763166c2021-01-10 19:45:01 -0700122 case KM_TAG_ALGORITHM:
Shawn Willden09f47102021-01-15 15:21:56 -0700123 case KM_TAG_APPLICATION_ID:
Shawn Willden763166c2021-01-10 19:45:01 -0700124 case KM_TAG_AUTH_TIMEOUT:
125 case KM_TAG_BLOB_USAGE_REQUIREMENTS:
126 case KM_TAG_BLOCK_MODE:
127 case KM_TAG_BOOT_PATCHLEVEL:
128 case KM_TAG_CALLER_NONCE:
129 case KM_TAG_DIGEST:
130 case KM_TAG_EC_CURVE:
131 case KM_TAG_EXPORTABLE:
132 case KM_TAG_INCLUDE_UNIQUE_ID:
133 case KM_TAG_KEY_SIZE:
134 case KM_TAG_MAX_USES_PER_BOOT:
135 case KM_TAG_MIN_MAC_LENGTH:
136 case KM_TAG_MIN_SECONDS_BETWEEN_OPS:
137 case KM_TAG_NO_AUTH_REQUIRED:
138 case KM_TAG_ORIGIN:
139 case KM_TAG_OS_PATCHLEVEL:
140 case KM_TAG_OS_VERSION:
141 case KM_TAG_PADDING:
142 case KM_TAG_PURPOSE:
143 case KM_TAG_RSA_OAEP_MGF_DIGEST:
144 case KM_TAG_RSA_PUBLIC_EXPONENT:
145 case KM_TAG_UNLOCKED_DEVICE_REQUIRED:
146 case KM_TAG_USER_AUTH_TYPE:
147 case KM_TAG_USER_SECURE_ID:
148 case KM_TAG_VENDOR_PATCHLEVEL:
Shawn Willden09f47102021-01-15 15:21:56 -0700149 keyMintEnforced.authorizations.push_back(kmParam2Aidl(entry));
150 break;
151
152 /* Keystore-enforced */
153 case KM_TAG_ACTIVE_DATETIME:
154 case KM_TAG_ALL_APPLICATIONS:
155 case KM_TAG_ALL_USERS:
Paul Crowley83846532021-02-10 11:24:50 -0800156 case KM_TAG_MAX_BOOT_LEVEL:
Shawn Willden09f47102021-01-15 15:21:56 -0700157 case KM_TAG_ORIGINATION_EXPIRE_DATETIME:
158 case KM_TAG_USAGE_EXPIRE_DATETIME:
159 case KM_TAG_USER_ID:
160 case KM_TAG_USAGE_COUNT_LIMIT:
161 keystoreEnforced.authorizations.push_back(kmParam2Aidl(entry));
162 break;
Shawn Willden763166c2021-01-10 19:45:01 -0700163 }
164 }
165
Shawn Willden09f47102021-01-15 15:21:56 -0700166 vector<KeyCharacteristics> retval;
167 retval.reserve(2);
168 if (!keyMintEnforced.authorizations.empty()) retval.push_back(std::move(keyMintEnforced));
169 if (!keystoreEnforced.authorizations.empty()) retval.push_back(std::move(keystoreEnforced));
170
171 return retval;
Shawn Willden763166c2021-01-10 19:45:01 -0700172}
173
Shawn Willdend7d4f312020-12-21 08:31:01 -0700174Certificate convertCertificate(const keymaster_blob_t& cert) {
175 return {std::vector<uint8_t>(cert.data, cert.data + cert.data_length)};
176}
177
178vector<Certificate> convertCertificateChain(const CertificateChain& chain) {
179 vector<Certificate> retval;
180 retval.reserve(chain.entry_count);
181 std::transform(chain.begin(), chain.end(), std::back_inserter(retval), convertCertificate);
182 return retval;
183}
184
Shawn Willden763166c2021-01-10 19:45:01 -0700185} // namespace
186
Shawn Willden815e8962020-12-11 13:05:27 +0000187constexpr size_t kOperationTableSize = 16;
188
189AndroidKeyMintDevice::AndroidKeyMintDevice(SecurityLevel securityLevel)
190 : impl_(new ::keymaster::AndroidKeymaster(
191 [&]() -> auto {
192 auto context = new PureSoftKeymasterContext(
193 KmVersion::KEYMINT_1, static_cast<keymaster_security_level_t>(securityLevel));
194 context->SetSystemVersion(::keymaster::GetOsVersion(),
195 ::keymaster::GetOsPatchlevel());
196 return context;
197 }(),
198 kOperationTableSize)),
199 securityLevel_(securityLevel) {}
200
201AndroidKeyMintDevice::~AndroidKeyMintDevice() {}
202
203ScopedAStatus AndroidKeyMintDevice::getHardwareInfo(KeyMintHardwareInfo* info) {
204 info->versionNumber = 1;
205 info->securityLevel = securityLevel_;
206 info->keyMintName = "FakeKeyMintDevice";
207 info->keyMintAuthorName = "Google";
Chirag Pathakb292e9a2021-02-02 07:28:09 +0000208 info->timestampTokenRequired = false;
Shawn Willden815e8962020-12-11 13:05:27 +0000209 return ScopedAStatus::ok();
210}
211
Shawn Willden815e8962020-12-11 13:05:27 +0000212ScopedAStatus AndroidKeyMintDevice::addRngEntropy(const vector<uint8_t>& data) {
213 if (data.size() == 0) {
214 return ScopedAStatus::ok();
215 }
216
Shawn Willden950eb0b2021-01-06 19:15:29 +0000217 AddEntropyRequest request(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000218 request.random_data.Reinitialize(data.data(), data.size());
219
Shawn Willden950eb0b2021-01-06 19:15:29 +0000220 AddEntropyResponse response(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000221 impl_->AddRngEntropy(request, &response);
222
223 return kmError2ScopedAStatus(response.error);
224}
225
226ScopedAStatus AndroidKeyMintDevice::generateKey(const vector<KeyParameter>& keyParams,
Shawn Willden44c38882020-12-21 18:35:13 -0700227 const optional<AttestationKey>& attestationKey,
Shawn Willden763166c2021-01-10 19:45:01 -0700228 KeyCreationResult* creationResult) {
Shawn Willden815e8962020-12-11 13:05:27 +0000229
Shawn Willden950eb0b2021-01-06 19:15:29 +0000230 GenerateKeyRequest request(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000231 request.key_description.Reinitialize(KmParamSet(keyParams));
Shawn Willden44c38882020-12-21 18:35:13 -0700232 if (attestationKey) {
233 request.attestation_signing_key_blob =
234 KeymasterKeyBlob(attestationKey->keyBlob.data(), attestationKey->keyBlob.size());
235 request.attest_key_params.Reinitialize(KmParamSet(attestationKey->attestKeyParams));
236 request.issuer_subject = KeymasterBlob(attestationKey->issuerSubjectName.data(),
237 attestationKey->issuerSubjectName.size());
238 }
Shawn Willden815e8962020-12-11 13:05:27 +0000239
Shawn Willden950eb0b2021-01-06 19:15:29 +0000240 GenerateKeyResponse response(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000241 impl_->GenerateKey(request, &response);
242
243 if (response.error != KM_ERROR_OK) {
244 // Note a key difference between this current aidl and previous hal, is
245 // that hal returns void where as aidl returns the error status. If
246 // aidl returns error, then aidl will not return any change you may make
247 // to the out parameters. This is quite different from hal where all
248 // output variable can be modified due to hal returning void.
249 //
250 // So the caller need to be aware not to expect aidl functions to clear
251 // the output variables for you in case of error. If you left some
252 // wrong data set in the out parameters, they will stay there.
253 return kmError2ScopedAStatus(response.error);
254 }
255
Shawn Willden763166c2021-01-10 19:45:01 -0700256 creationResult->keyBlob = kmBlob2vector(response.key_blob);
257 creationResult->keyCharacteristics =
258 convertKeyCharacteristics(securityLevel_, response.unenforced, response.enforced);
Shawn Willdend7d4f312020-12-21 08:31:01 -0700259 creationResult->certificateChain = convertCertificateChain(response.certificate_chain);
Shawn Willden815e8962020-12-11 13:05:27 +0000260 return ScopedAStatus::ok();
261}
262
263ScopedAStatus AndroidKeyMintDevice::importKey(const vector<KeyParameter>& keyParams,
264 KeyFormat keyFormat, const vector<uint8_t>& keyData,
Shawn Willden44c38882020-12-21 18:35:13 -0700265 const optional<AttestationKey>& attestationKey,
Shawn Willden763166c2021-01-10 19:45:01 -0700266 KeyCreationResult* creationResult) {
Shawn Willden815e8962020-12-11 13:05:27 +0000267
Shawn Willden950eb0b2021-01-06 19:15:29 +0000268 ImportKeyRequest request(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000269 request.key_description.Reinitialize(KmParamSet(keyParams));
270 request.key_format = legacy_enum_conversion(keyFormat);
Shawn Willden6e20ea42020-12-21 18:52:34 -0700271 request.key_data = KeymasterKeyBlob(keyData.data(), keyData.size());
Shawn Willden44c38882020-12-21 18:35:13 -0700272 if (attestationKey) {
273 request.attestation_signing_key_blob =
274 KeymasterKeyBlob(attestationKey->keyBlob.data(), attestationKey->keyBlob.size());
275 request.attest_key_params.Reinitialize(KmParamSet(attestationKey->attestKeyParams));
276 request.issuer_subject = KeymasterBlob(attestationKey->issuerSubjectName.data(),
277 attestationKey->issuerSubjectName.size());
278 }
Shawn Willden815e8962020-12-11 13:05:27 +0000279
Shawn Willden950eb0b2021-01-06 19:15:29 +0000280 ImportKeyResponse response(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000281 impl_->ImportKey(request, &response);
282
283 if (response.error != KM_ERROR_OK) {
284 return kmError2ScopedAStatus(response.error);
285 }
286
Shawn Willden763166c2021-01-10 19:45:01 -0700287 creationResult->keyBlob = kmBlob2vector(response.key_blob);
288 creationResult->keyCharacteristics =
289 convertKeyCharacteristics(securityLevel_, response.unenforced, response.enforced);
Shawn Willdend7d4f312020-12-21 08:31:01 -0700290 creationResult->certificateChain = convertCertificateChain(response.certificate_chain);
Shawn Willden815e8962020-12-11 13:05:27 +0000291
292 return ScopedAStatus::ok();
293}
294
Shawn Willden44c38882020-12-21 18:35:13 -0700295ScopedAStatus
296AndroidKeyMintDevice::importWrappedKey(const vector<uint8_t>& wrappedKeyData, //
297 const vector<uint8_t>& wrappingKeyBlob, //
298 const vector<uint8_t>& maskingKey, //
299 const vector<KeyParameter>& unwrappingParams, //
300 int64_t passwordSid, int64_t biometricSid, //
301 KeyCreationResult* creationResult) {
Shawn Willden815e8962020-12-11 13:05:27 +0000302
Shawn Willden950eb0b2021-01-06 19:15:29 +0000303 ImportWrappedKeyRequest request(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000304 request.SetWrappedMaterial(wrappedKeyData.data(), wrappedKeyData.size());
305 request.SetWrappingMaterial(wrappingKeyBlob.data(), wrappingKeyBlob.size());
306 request.SetMaskingKeyMaterial(maskingKey.data(), maskingKey.size());
307 request.additional_params.Reinitialize(KmParamSet(unwrappingParams));
308 request.password_sid = static_cast<uint64_t>(passwordSid);
309 request.biometric_sid = static_cast<uint64_t>(biometricSid);
310
Shawn Willden950eb0b2021-01-06 19:15:29 +0000311 ImportWrappedKeyResponse response(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000312 impl_->ImportWrappedKey(request, &response);
313
314 if (response.error != KM_ERROR_OK) {
315 return kmError2ScopedAStatus(response.error);
316 }
317
Shawn Willden763166c2021-01-10 19:45:01 -0700318 creationResult->keyBlob = kmBlob2vector(response.key_blob);
319 creationResult->keyCharacteristics =
320 convertKeyCharacteristics(securityLevel_, response.unenforced, response.enforced);
Shawn Willdend7d4f312020-12-21 08:31:01 -0700321 creationResult->certificateChain = convertCertificateChain(response.certificate_chain);
Shawn Willden815e8962020-12-11 13:05:27 +0000322
323 return ScopedAStatus::ok();
324}
325
326ScopedAStatus AndroidKeyMintDevice::upgradeKey(const vector<uint8_t>& keyBlobToUpgrade,
327 const vector<KeyParameter>& upgradeParams,
328 vector<uint8_t>* keyBlob) {
329
Shawn Willden950eb0b2021-01-06 19:15:29 +0000330 UpgradeKeyRequest request(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000331 request.SetKeyMaterial(keyBlobToUpgrade.data(), keyBlobToUpgrade.size());
332 request.upgrade_params.Reinitialize(KmParamSet(upgradeParams));
333
Shawn Willden950eb0b2021-01-06 19:15:29 +0000334 UpgradeKeyResponse response(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000335 impl_->UpgradeKey(request, &response);
336
337 if (response.error != KM_ERROR_OK) {
338 return kmError2ScopedAStatus(response.error);
339 }
340
341 *keyBlob = kmBlob2vector(response.upgraded_key);
342 return ScopedAStatus::ok();
343}
344
345ScopedAStatus AndroidKeyMintDevice::deleteKey(const vector<uint8_t>& keyBlob) {
Shawn Willden950eb0b2021-01-06 19:15:29 +0000346 DeleteKeyRequest request(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000347 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
348
Shawn Willden950eb0b2021-01-06 19:15:29 +0000349 DeleteKeyResponse response(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000350 impl_->DeleteKey(request, &response);
351
352 return kmError2ScopedAStatus(response.error);
353}
354
355ScopedAStatus AndroidKeyMintDevice::deleteAllKeys() {
356 // There's nothing to be done to delete software key blobs.
Shawn Willden950eb0b2021-01-06 19:15:29 +0000357 DeleteAllKeysRequest request(impl_->message_version());
358 DeleteAllKeysResponse response(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000359 impl_->DeleteAllKeys(request, &response);
360
361 return kmError2ScopedAStatus(response.error);
362}
363
364ScopedAStatus AndroidKeyMintDevice::destroyAttestationIds() {
365 return kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED);
366}
367
368ScopedAStatus AndroidKeyMintDevice::begin(KeyPurpose purpose, const vector<uint8_t>& keyBlob,
369 const vector<KeyParameter>& params,
David Drysdale81815912021-04-19 19:11:41 +0100370 const optional<HardwareAuthToken>& authToken,
371 BeginResult* result) {
Shawn Willden815e8962020-12-11 13:05:27 +0000372
Shawn Willden950eb0b2021-01-06 19:15:29 +0000373 BeginOperationRequest request(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000374 request.purpose = legacy_enum_conversion(purpose);
375 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
376 request.additional_params.Reinitialize(KmParamSet(params));
377
378 vector<uint8_t> vector_token = authToken2AidlVec(authToken);
379 request.additional_params.push_back(
380 TAG_AUTH_TOKEN, reinterpret_cast<uint8_t*>(vector_token.data()), vector_token.size());
381
Shawn Willden950eb0b2021-01-06 19:15:29 +0000382 BeginOperationResponse response(impl_->message_version());
Shawn Willden815e8962020-12-11 13:05:27 +0000383 impl_->BeginOperation(request, &response);
384
385 if (response.error != KM_ERROR_OK) {
386 return kmError2ScopedAStatus(response.error);
387 }
388
389 result->params = kmParamSet2Aidl(response.output_params);
390 result->challenge = response.op_handle;
391 result->operation =
392 ndk::SharedRefBase::make<AndroidKeyMintOperation>(impl_, response.op_handle);
393 return ScopedAStatus::ok();
394}
395
Chirag Pathakb292e9a2021-02-02 07:28:09 +0000396ScopedAStatus AndroidKeyMintDevice::deviceLocked(
Shawn Willden55929692021-02-19 14:53:02 -0700397 bool passwordOnly, const std::optional<secureclock::TimeStampToken>& timestampToken) {
Chirag Pathakb292e9a2021-02-02 07:28:09 +0000398 DeviceLockedRequest request(impl_->message_version());
Shawn Willden55929692021-02-19 14:53:02 -0700399 request.passwordOnly = passwordOnly;
400 if (timestampToken.has_value()) {
401 request.token.challenge = timestampToken->challenge;
402 request.token.mac = {timestampToken->mac.data(), timestampToken->mac.size()};
403 request.token.timestamp = timestampToken->timestamp.milliSeconds;
Chirag Pathakb292e9a2021-02-02 07:28:09 +0000404 }
405 DeviceLockedResponse response = impl_->DeviceLocked(request);
406 return kmError2ScopedAStatus(response.error);
407}
408
409ScopedAStatus AndroidKeyMintDevice::earlyBootEnded() {
410 EarlyBootEndedResponse response = impl_->EarlyBootEnded();
411 return kmError2ScopedAStatus(response.error);
412}
413
Satya Tangirala86d25402021-03-05 16:33:50 -0800414ScopedAStatus
415AndroidKeyMintDevice::convertStorageKeyToEphemeral(const std::vector<uint8_t>& /* storageKeyBlob */,
416 std::vector<uint8_t>* /* ephemeralKeyBlob */) {
417 return kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED);
418}
419
Paul Crowley08641bf2021-04-29 12:46:49 -0700420ScopedAStatus AndroidKeyMintDevice::getKeyCharacteristics(
421 const std::vector<uint8_t>& /* storageKeyBlob */, const std::vector<uint8_t>& /* appId */,
422 const std::vector<uint8_t>& /* appData */,
423 std::vector<KeyCharacteristics>* /* keyCharacteristics */) {
424 return kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED);
425}
426
Shawn Willden815e8962020-12-11 13:05:27 +0000427IKeyMintDevice* CreateKeyMintDevice(SecurityLevel securityLevel) {
Shawn Willden815e8962020-12-11 13:05:27 +0000428 return ::new AndroidKeyMintDevice(securityLevel);
429}
430
431} // namespace aidl::android::hardware::security::keymint