1 /*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18 #define LOG_TAG "android.hardware.keymaster@4.0-impl"
19 #include <log/log.h>
20
21 #include "include/AndroidKeymaster4Device.h"
22
23 #include <keymasterV4_0/authorization_set.h>
24
25 #include <keymaster/android_keymaster.h>
26 #include <keymaster/android_keymaster_messages.h>
27 #include <keymaster/contexts/pure_soft_keymaster_context.h>
28 #include <keymaster/contexts/soft_keymaster_context.h>
29 #include <keymaster/keymaster_configuration.h>
30 #include <keymaster/keymaster_enforcement.h>
31 #include <keymaster/km_openssl/soft_keymaster_enforcement.h>
32
33 namespace keymaster {
34 namespace V4_0 {
35 namespace ng {
36
37 namespace {
38
39 constexpr size_t kOperationTableSize = 16;
40
legacy_enum_conversion(const Tag value)41 inline keymaster_tag_t legacy_enum_conversion(const Tag value) {
42 return keymaster_tag_t(value);
43 }
44
legacy_enum_conversion(const keymaster_tag_t value)45 inline Tag legacy_enum_conversion(const keymaster_tag_t value) {
46 return Tag(value);
47 }
48
legacy_enum_conversion(const KeyPurpose value)49 inline keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) {
50 return static_cast<keymaster_purpose_t>(value);
51 }
52
legacy_enum_conversion(const KeyFormat value)53 inline keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) {
54 return static_cast<keymaster_key_format_t>(value);
55 }
56
legacy_enum_conversion(const keymaster_security_level_t value)57 inline SecurityLevel legacy_enum_conversion(const keymaster_security_level_t value) {
58 return static_cast<SecurityLevel>(value);
59 }
60
legacy_enum_conversion(const HardwareAuthenticatorType value)61 inline hw_authenticator_type_t legacy_enum_conversion(const HardwareAuthenticatorType value) {
62 return static_cast<hw_authenticator_type_t>(value);
63 }
64
legacy_enum_conversion(const keymaster_error_t value)65 inline ErrorCode legacy_enum_conversion(const keymaster_error_t value) {
66 return static_cast<ErrorCode>(value);
67 }
68
typeFromTag(const keymaster_tag_t tag)69 inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
70 return keymaster_tag_get_type(tag);
71 }
72
73 class KmParamSet : public keymaster_key_param_set_t {
74 public:
KmParamSet(const hidl_vec<KeyParameter> & keyParams)75 explicit KmParamSet(const hidl_vec<KeyParameter>& keyParams) {
76 params = new keymaster_key_param_t[keyParams.size()];
77 length = keyParams.size();
78 for (size_t i = 0; i < keyParams.size(); ++i) {
79 auto tag = legacy_enum_conversion(keyParams[i].tag);
80 switch (typeFromTag(tag)) {
81 case KM_ENUM:
82 case KM_ENUM_REP:
83 params[i] = keymaster_param_enum(tag, keyParams[i].f.integer);
84 break;
85 case KM_UINT:
86 case KM_UINT_REP:
87 params[i] = keymaster_param_int(tag, keyParams[i].f.integer);
88 break;
89 case KM_ULONG:
90 case KM_ULONG_REP:
91 params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger);
92 break;
93 case KM_DATE:
94 params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime);
95 break;
96 case KM_BOOL:
97 if (keyParams[i].f.boolValue)
98 params[i] = keymaster_param_bool(tag);
99 else
100 params[i].tag = KM_TAG_INVALID;
101 break;
102 case KM_BIGNUM:
103 case KM_BYTES:
104 params[i] =
105 keymaster_param_blob(tag, &keyParams[i].blob[0], keyParams[i].blob.size());
106 break;
107 case KM_INVALID:
108 default:
109 params[i].tag = KM_TAG_INVALID;
110 /* just skip */
111 break;
112 }
113 }
114 }
KmParamSet(KmParamSet && other)115 KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} {
116 other.length = 0;
117 other.params = nullptr;
118 }
119 KmParamSet(const KmParamSet&) = delete;
~KmParamSet()120 ~KmParamSet() { delete[] params; }
121 };
122
kmBlob2hidlVec(const keymaster_key_blob_t & blob)123 inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_key_blob_t& blob) {
124 hidl_vec<uint8_t> result;
125 result.setToExternal(const_cast<unsigned char*>(blob.key_material), blob.key_material_size);
126 return result;
127 }
128
kmBlob2hidlVec(const keymaster_blob_t & blob)129 inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_blob_t& blob) {
130 hidl_vec<uint8_t> result;
131 result.setToExternal(const_cast<unsigned char*>(blob.data), blob.data_length);
132 return result;
133 }
134
kmBuffer2hidlVec(const::keymaster::Buffer & buf)135 inline hidl_vec<uint8_t> kmBuffer2hidlVec(const ::keymaster::Buffer& buf) {
136 hidl_vec<uint8_t> result;
137 result.setToExternal(const_cast<unsigned char*>(buf.peek_read()), buf.available_read());
138 return result;
139 }
140
141 inline static hidl_vec<hidl_vec<uint8_t>>
kmCertChain2Hidl(const keymaster_cert_chain_t & cert_chain)142 kmCertChain2Hidl(const keymaster_cert_chain_t& cert_chain) {
143 hidl_vec<hidl_vec<uint8_t>> result;
144 if (!cert_chain.entry_count || !cert_chain.entries)
145 return result;
146
147 result.resize(cert_chain.entry_count);
148 for (size_t i = 0; i < cert_chain.entry_count; ++i) {
149 result[i] = kmBlob2hidlVec(cert_chain.entries[i]);
150 }
151
152 return result;
153 }
154
kmParamSet2Hidl(const keymaster_key_param_set_t & set)155 static inline hidl_vec<KeyParameter> kmParamSet2Hidl(const keymaster_key_param_set_t& set) {
156 hidl_vec<KeyParameter> result;
157 if (set.length == 0 || set.params == nullptr)
158 return result;
159
160 result.resize(set.length);
161 keymaster_key_param_t* params = set.params;
162 for (size_t i = 0; i < set.length; ++i) {
163 auto tag = params[i].tag;
164 result[i].tag = legacy_enum_conversion(tag);
165 switch (typeFromTag(tag)) {
166 case KM_ENUM:
167 case KM_ENUM_REP:
168 result[i].f.integer = params[i].enumerated;
169 break;
170 case KM_UINT:
171 case KM_UINT_REP:
172 result[i].f.integer = params[i].integer;
173 break;
174 case KM_ULONG:
175 case KM_ULONG_REP:
176 result[i].f.longInteger = params[i].long_integer;
177 break;
178 case KM_DATE:
179 result[i].f.dateTime = params[i].date_time;
180 break;
181 case KM_BOOL:
182 result[i].f.boolValue = params[i].boolean;
183 break;
184 case KM_BIGNUM:
185 case KM_BYTES:
186 result[i].blob.setToExternal(const_cast<unsigned char*>(params[i].blob.data),
187 params[i].blob.data_length);
188 break;
189 case KM_INVALID:
190 default:
191 params[i].tag = KM_TAG_INVALID;
192 /* just skip */
193 break;
194 }
195 }
196 return result;
197 }
198
addClientAndAppData(const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,::keymaster::AuthorizationSet * params)199 void addClientAndAppData(const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
200 ::keymaster::AuthorizationSet* params) {
201 params->Clear();
202 if (clientId.size()) {
203 params->push_back(::keymaster::TAG_APPLICATION_ID, clientId.data(), clientId.size());
204 }
205 if (appData.size()) {
206 params->push_back(::keymaster::TAG_APPLICATION_DATA, appData.data(), appData.size());
207 }
208 }
209
210 } // anonymous namespace
211
AndroidKeymaster4Device(SecurityLevel securityLevel)212 AndroidKeymaster4Device::AndroidKeymaster4Device(SecurityLevel securityLevel)
213 : impl_(new ::keymaster::AndroidKeymaster(
214 []() -> auto {
215 auto context = new PureSoftKeymasterContext();
216 context->SetSystemVersion(GetOsVersion(), GetOsPatchlevel());
217 return context;
218 }(),
219 kOperationTableSize)), securityLevel_(securityLevel) {}
220
~AndroidKeymaster4Device()221 AndroidKeymaster4Device::~AndroidKeymaster4Device() {}
222
getHardwareInfo(getHardwareInfo_cb _hidl_cb)223 Return<void> AndroidKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_cb) {
224 _hidl_cb(securityLevel_,
225 "SoftwareKeymasterDevice", "Google");
226 return Void();
227 }
228
229 Return<void>
getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb)230 AndroidKeymaster4Device::getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) {
231 auto response = impl_->GetHmacSharingParameters();
232
233 ::android::hardware::keymaster::V4_0::HmacSharingParameters params;
234 params.seed.setToExternal(const_cast<uint8_t*>(response.params.seed.data),
235 response.params.seed.data_length);
236 static_assert(sizeof(response.params.nonce) == params.nonce.size(), "Nonce sizes don't match");
237 memcpy(params.nonce.data(), response.params.nonce, params.nonce.size());
238 _hidl_cb(legacy_enum_conversion(response.error), params);
239 return Void();
240 }
241
computeSharedHmac(const hidl_vec<::android::hardware::keymaster::V4_0::HmacSharingParameters> & params,computeSharedHmac_cb _hidl_cb)242 Return<void> AndroidKeymaster4Device::computeSharedHmac(
243 const hidl_vec<::android::hardware::keymaster::V4_0::HmacSharingParameters>& params,
244 computeSharedHmac_cb _hidl_cb) {
245 ComputeSharedHmacRequest request;
246 request.params_array.params_array = new keymaster::HmacSharingParameters[params.size()];
247 request.params_array.num_params = params.size();
248 for (size_t i = 0; i < params.size(); ++i) {
249 request.params_array.params_array[i].seed = {params[i].seed.data(), params[i].seed.size()};
250 static_assert(sizeof(request.params_array.params_array[i].nonce) ==
251 decltype(params[i].nonce)::size(),
252 "Nonce sizes don't match");
253 memcpy(request.params_array.params_array[i].nonce, params[i].nonce.data(),
254 params[i].nonce.size());
255 }
256
257 auto response = impl_->ComputeSharedHmac(request);
258 hidl_vec<uint8_t> sharing_check;
259 if (response.error == KM_ERROR_OK) sharing_check = kmBlob2hidlVec(response.sharing_check);
260
261 _hidl_cb(legacy_enum_conversion(response.error), sharing_check);
262 return Void();
263 }
264
verifyAuthorization(uint64_t challenge,const hidl_vec<KeyParameter> & parametersToVerify,const::android::hardware::keymaster::V4_0::HardwareAuthToken & authToken,verifyAuthorization_cb _hidl_cb)265 Return<void> AndroidKeymaster4Device::verifyAuthorization(
266 uint64_t challenge, const hidl_vec<KeyParameter>& parametersToVerify,
267 const ::android::hardware::keymaster::V4_0::HardwareAuthToken& authToken,
268 verifyAuthorization_cb _hidl_cb) {
269
270 VerifyAuthorizationRequest request;
271 request.challenge = challenge;
272 request.parameters_to_verify.Reinitialize(KmParamSet(parametersToVerify));
273 request.auth_token.challenge = authToken.challenge;
274 request.auth_token.user_id = authToken.userId;
275 request.auth_token.authenticator_id = authToken.authenticatorId;
276 request.auth_token.authenticator_type = legacy_enum_conversion(authToken.authenticatorType);
277 request.auth_token.timestamp = authToken.timestamp;
278 KeymasterBlob mac(authToken.mac.data(), authToken.mac.size());
279 request.auth_token.mac = mac;
280
281 auto response = impl_->VerifyAuthorization(request);
282
283 ::android::hardware::keymaster::V4_0::VerificationToken token;
284 token.challenge = response.token.challenge;
285 token.timestamp = response.token.timestamp;
286 token.parametersVerified = kmParamSet2Hidl(response.token.parameters_verified);
287 token.securityLevel = legacy_enum_conversion(response.token.security_level);
288 token.mac = kmBlob2hidlVec(response.token.mac);
289
290 _hidl_cb(legacy_enum_conversion(response.error), token);
291
292 return Void();
293 }
294
addRngEntropy(const hidl_vec<uint8_t> & data)295 Return<ErrorCode> AndroidKeymaster4Device::addRngEntropy(const hidl_vec<uint8_t>& data) {
296 if (data.size() == 0)
297 return ErrorCode::OK;
298 AddEntropyRequest request;
299 request.random_data.Reinitialize(data.data(), data.size());
300
301 AddEntropyResponse response;
302 impl_->AddRngEntropy(request, &response);
303
304 return legacy_enum_conversion(response.error);
305 }
306
generateKey(const hidl_vec<KeyParameter> & keyParams,generateKey_cb _hidl_cb)307 Return<void> AndroidKeymaster4Device::generateKey(const hidl_vec<KeyParameter>& keyParams,
308 generateKey_cb _hidl_cb) {
309 GenerateKeyRequest request;
310 request.key_description.Reinitialize(KmParamSet(keyParams));
311
312 GenerateKeyResponse response;
313 impl_->GenerateKey(request, &response);
314
315 KeyCharacteristics resultCharacteristics;
316 hidl_vec<uint8_t> resultKeyBlob;
317 if (response.error == KM_ERROR_OK) {
318 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
319 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
320 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
321 }
322 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
323 return Void();
324 }
325
getKeyCharacteristics(const hidl_vec<uint8_t> & keyBlob,const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,getKeyCharacteristics_cb _hidl_cb)326 Return<void> AndroidKeymaster4Device::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
327 const hidl_vec<uint8_t>& clientId,
328 const hidl_vec<uint8_t>& appData,
329 getKeyCharacteristics_cb _hidl_cb) {
330 GetKeyCharacteristicsRequest request;
331 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
332 addClientAndAppData(clientId, appData, &request.additional_params);
333
334 GetKeyCharacteristicsResponse response;
335 impl_->GetKeyCharacteristics(request, &response);
336
337 KeyCharacteristics resultCharacteristics;
338 if (response.error == KM_ERROR_OK) {
339 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
340 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
341 }
342 _hidl_cb(legacy_enum_conversion(response.error), resultCharacteristics);
343 return Void();
344 }
345
importKey(const hidl_vec<KeyParameter> & params,KeyFormat keyFormat,const hidl_vec<uint8_t> & keyData,importKey_cb _hidl_cb)346 Return<void> AndroidKeymaster4Device::importKey(const hidl_vec<KeyParameter>& params,
347 KeyFormat keyFormat,
348 const hidl_vec<uint8_t>& keyData,
349 importKey_cb _hidl_cb) {
350 ImportKeyRequest request;
351 request.key_description.Reinitialize(KmParamSet(params));
352 request.key_format = legacy_enum_conversion(keyFormat);
353 request.SetKeyMaterial(keyData.data(), keyData.size());
354
355 ImportKeyResponse response;
356 impl_->ImportKey(request, &response);
357
358 KeyCharacteristics resultCharacteristics;
359 hidl_vec<uint8_t> resultKeyBlob;
360 if (response.error == KM_ERROR_OK) {
361 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
362 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
363 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
364 }
365 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
366 return Void();
367 }
368
importWrappedKey(const hidl_vec<uint8_t> & wrappedKeyData,const hidl_vec<uint8_t> & wrappingKeyBlob,const hidl_vec<uint8_t> & maskingKey,const hidl_vec<KeyParameter> & unwrappingParams,uint64_t passwordSid,uint64_t biometricSid,importWrappedKey_cb _hidl_cb)369 Return<void> AndroidKeymaster4Device::importWrappedKey(
370 const hidl_vec<uint8_t>& wrappedKeyData, const hidl_vec<uint8_t>& wrappingKeyBlob,
371 const hidl_vec<uint8_t>& maskingKey, const hidl_vec<KeyParameter>& unwrappingParams,
372 uint64_t passwordSid, uint64_t biometricSid, importWrappedKey_cb _hidl_cb) {
373
374 ImportWrappedKeyRequest request;
375 request.SetWrappedMaterial(wrappedKeyData.data(), wrappedKeyData.size());
376 request.SetWrappingMaterial(wrappingKeyBlob.data(), wrappingKeyBlob.size());
377 request.SetMaskingKeyMaterial(maskingKey.data(), maskingKey.size());
378 request.additional_params.Reinitialize(KmParamSet(unwrappingParams));
379 request.password_sid = passwordSid;
380 request.biometric_sid = biometricSid;
381
382 ImportWrappedKeyResponse response;
383 impl_->ImportWrappedKey(request, &response);
384
385 KeyCharacteristics resultCharacteristics;
386 hidl_vec<uint8_t> resultKeyBlob;
387 if (response.error == KM_ERROR_OK) {
388 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
389 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
390 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
391 }
392 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
393 return Void();
394 }
395
exportKey(KeyFormat exportFormat,const hidl_vec<uint8_t> & keyBlob,const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,exportKey_cb _hidl_cb)396 Return<void> AndroidKeymaster4Device::exportKey(KeyFormat exportFormat,
397 const hidl_vec<uint8_t>& keyBlob,
398 const hidl_vec<uint8_t>& clientId,
399 const hidl_vec<uint8_t>& appData,
400 exportKey_cb _hidl_cb) {
401 ExportKeyRequest request;
402 request.key_format = legacy_enum_conversion(exportFormat);
403 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
404 addClientAndAppData(clientId, appData, &request.additional_params);
405
406 ExportKeyResponse response;
407 impl_->ExportKey(request, &response);
408
409 hidl_vec<uint8_t> resultKeyBlob;
410 if (response.error == KM_ERROR_OK) {
411 resultKeyBlob.setToExternal(response.key_data, response.key_data_length);
412 }
413 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob);
414 return Void();
415 }
416
attestKey(const hidl_vec<uint8_t> & keyToAttest,const hidl_vec<KeyParameter> & attestParams,attestKey_cb _hidl_cb)417 Return<void> AndroidKeymaster4Device::attestKey(const hidl_vec<uint8_t>& keyToAttest,
418 const hidl_vec<KeyParameter>& attestParams,
419 attestKey_cb _hidl_cb) {
420 AttestKeyRequest request;
421 request.SetKeyMaterial(keyToAttest.data(), keyToAttest.size());
422 request.attest_params.Reinitialize(KmParamSet(attestParams));
423
424 AttestKeyResponse response;
425 impl_->AttestKey(request, &response);
426
427 hidl_vec<hidl_vec<uint8_t>> resultCertChain;
428 if (response.error == KM_ERROR_OK) {
429 resultCertChain = kmCertChain2Hidl(response.certificate_chain);
430 }
431 _hidl_cb(legacy_enum_conversion(response.error), resultCertChain);
432 return Void();
433 }
434
upgradeKey(const hidl_vec<uint8_t> & keyBlobToUpgrade,const hidl_vec<KeyParameter> & upgradeParams,upgradeKey_cb _hidl_cb)435 Return<void> AndroidKeymaster4Device::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
436 const hidl_vec<KeyParameter>& upgradeParams,
437 upgradeKey_cb _hidl_cb) {
438 // There's nothing to be done to upgrade software key blobs. Further, the software
439 // implementation never returns ErrorCode::KEY_REQUIRES_UPGRADE, so this should never be called.
440 UpgradeKeyRequest request;
441 request.SetKeyMaterial(keyBlobToUpgrade.data(), keyBlobToUpgrade.size());
442 request.upgrade_params.Reinitialize(KmParamSet(upgradeParams));
443
444 UpgradeKeyResponse response;
445 impl_->UpgradeKey(request, &response);
446
447 if (response.error == KM_ERROR_OK) {
448 _hidl_cb(ErrorCode::OK, kmBlob2hidlVec(response.upgraded_key));
449 } else {
450 _hidl_cb(legacy_enum_conversion(response.error), hidl_vec<uint8_t>());
451 }
452 return Void();
453 }
454
deleteKey(const hidl_vec<uint8_t> & keyBlob)455 Return<ErrorCode> AndroidKeymaster4Device::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
456 // There's nothing to be done to delete software key blobs.
457 DeleteKeyRequest request;
458 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
459
460 DeleteKeyResponse response;
461 impl_->DeleteKey(request, &response);
462
463 return legacy_enum_conversion(response.error);
464 }
465
deleteAllKeys()466 Return<ErrorCode> AndroidKeymaster4Device::deleteAllKeys() {
467 // There's nothing to be done to delete software key blobs.
468 DeleteAllKeysRequest request;
469 DeleteAllKeysResponse response;
470 impl_->DeleteAllKeys(request, &response);
471
472 return legacy_enum_conversion(response.error);
473 }
474
destroyAttestationIds()475 Return<ErrorCode> AndroidKeymaster4Device::destroyAttestationIds() {
476 return ErrorCode::UNIMPLEMENTED;
477 }
478
begin(KeyPurpose purpose,const hidl_vec<uint8_t> & key,const hidl_vec<KeyParameter> & inParams,const HardwareAuthToken &,begin_cb _hidl_cb)479 Return<void> AndroidKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
480 const hidl_vec<KeyParameter>& inParams,
481 const HardwareAuthToken& /* authToken */,
482 begin_cb _hidl_cb) {
483
484 BeginOperationRequest request;
485 request.purpose = legacy_enum_conversion(purpose);
486 request.SetKeyMaterial(key.data(), key.size());
487 request.additional_params.Reinitialize(KmParamSet(inParams));
488
489 BeginOperationResponse response;
490 impl_->BeginOperation(request, &response);
491
492 hidl_vec<KeyParameter> resultParams;
493 if (response.error == KM_ERROR_OK) {
494 resultParams = kmParamSet2Hidl(response.output_params);
495 }
496
497 _hidl_cb(legacy_enum_conversion(response.error), resultParams, response.op_handle);
498 return Void();
499 }
500
update(uint64_t operationHandle,const hidl_vec<KeyParameter> & inParams,const hidl_vec<uint8_t> & input,const HardwareAuthToken &,const VerificationToken &,update_cb _hidl_cb)501 Return<void> AndroidKeymaster4Device::update(uint64_t operationHandle,
502 const hidl_vec<KeyParameter>& inParams,
503 const hidl_vec<uint8_t>& input,
504 const HardwareAuthToken& /* authToken */,
505 const VerificationToken& /* verificationToken */,
506 update_cb _hidl_cb) {
507 UpdateOperationRequest request;
508 request.op_handle = operationHandle;
509 request.input.Reinitialize(input.data(), input.size());
510 request.additional_params.Reinitialize(KmParamSet(inParams));
511
512 UpdateOperationResponse response;
513 impl_->UpdateOperation(request, &response);
514
515 uint32_t resultConsumed = 0;
516 hidl_vec<KeyParameter> resultParams;
517 hidl_vec<uint8_t> resultBlob;
518 if (response.error == KM_ERROR_OK) {
519 resultConsumed = response.input_consumed;
520 resultParams = kmParamSet2Hidl(response.output_params);
521 resultBlob = kmBuffer2hidlVec(response.output);
522 }
523 _hidl_cb(legacy_enum_conversion(response.error), resultConsumed, resultParams, resultBlob);
524 return Void();
525 }
526
finish(uint64_t operationHandle,const hidl_vec<KeyParameter> & inParams,const hidl_vec<uint8_t> & input,const hidl_vec<uint8_t> & signature,const HardwareAuthToken &,const VerificationToken &,finish_cb _hidl_cb)527 Return<void> AndroidKeymaster4Device::finish(uint64_t operationHandle,
528 const hidl_vec<KeyParameter>& inParams,
529 const hidl_vec<uint8_t>& input,
530 const hidl_vec<uint8_t>& signature,
531 const HardwareAuthToken& /* authToken */,
532 const VerificationToken& /* verificationToken */,
533 finish_cb _hidl_cb) {
534 FinishOperationRequest request;
535 request.op_handle = operationHandle;
536 request.input.Reinitialize(input.data(), input.size());
537 request.signature.Reinitialize(signature.data(), signature.size());
538 request.additional_params.Reinitialize(KmParamSet(inParams));
539
540 FinishOperationResponse response;
541 impl_->FinishOperation(request, &response);
542
543 hidl_vec<KeyParameter> resultParams;
544 hidl_vec<uint8_t> resultBlob;
545 if (response.error == KM_ERROR_OK) {
546 resultParams = kmParamSet2Hidl(response.output_params);
547 resultBlob = kmBuffer2hidlVec(response.output);
548 }
549 _hidl_cb(legacy_enum_conversion(response.error), resultParams, resultBlob);
550 return Void();
551 }
552
abort(uint64_t operationHandle)553 Return<ErrorCode> AndroidKeymaster4Device::abort(uint64_t operationHandle) {
554 AbortOperationRequest request;
555 request.op_handle = operationHandle;
556
557 AbortOperationResponse response;
558 impl_->AbortOperation(request, &response);
559
560 return legacy_enum_conversion(response.error);
561 }
562
CreateKeymasterDevice(SecurityLevel securityLevel)563 IKeymasterDevice* CreateKeymasterDevice(SecurityLevel securityLevel) {
564 return new AndroidKeymaster4Device(securityLevel);
565 }
566
567 } // namespace ng
568 } // namespace V4_0
569 } // namespace keymaster
570