1 /*
2 * Copyright 2020, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "android.hardware.security.keymint-impl.remote"
18 #include <log/log.h>
19
20 #include "guest/hals/keymint/remote/remote_keymint_operation.h"
21
22 #include <aidl/android/hardware/security/keymint/ErrorCode.h>
23 #include <aidl/android/hardware/security/secureclock/ISecureClock.h>
24
25 #include <keymaster/android_keymaster.h>
26
27 #include "KeyMintUtils.h"
28
29 namespace aidl::android::hardware::security::keymint {
30
31 using ::keymaster::AbortOperationRequest;
32 using ::keymaster::AbortOperationResponse;
33 using ::keymaster::Buffer;
34 using ::keymaster::FinishOperationRequest;
35 using ::keymaster::FinishOperationResponse;
36 using ::keymaster::TAG_ASSOCIATED_DATA;
37 using ::keymaster::UpdateOperationRequest;
38 using ::keymaster::UpdateOperationResponse;
39 using secureclock::TimeStampToken;
40 using namespace km_utils;
41
RemoteKeyMintOperation(::keymaster::RemoteKeymaster & impl,keymaster_operation_handle_t opHandle)42 RemoteKeyMintOperation::RemoteKeyMintOperation(
43 ::keymaster::RemoteKeymaster& impl, keymaster_operation_handle_t opHandle)
44 : impl_(impl), opHandle_(opHandle) {}
45
~RemoteKeyMintOperation()46 RemoteKeyMintOperation::~RemoteKeyMintOperation() {
47 if (opHandle_ != 0) {
48 abort();
49 }
50 }
51
updateAad(const vector<uint8_t> & input,const optional<HardwareAuthToken> &,const optional<TimeStampToken> &)52 ScopedAStatus RemoteKeyMintOperation::updateAad(
53 const vector<uint8_t>& input,
54 const optional<HardwareAuthToken>& /* authToken */,
55 const optional<TimeStampToken>& /* timestampToken */) {
56 UpdateOperationRequest request(impl_.message_version());
57 request.op_handle = opHandle_;
58 request.additional_params.push_back(TAG_ASSOCIATED_DATA, input.data(),
59 input.size());
60
61 UpdateOperationResponse response(impl_.message_version());
62 impl_.UpdateOperation(request, &response);
63
64 return kmError2ScopedAStatus(response.error);
65 }
66
update(const vector<uint8_t> & input,const optional<HardwareAuthToken> &,const optional<TimeStampToken> &,vector<uint8_t> * output)67 ScopedAStatus RemoteKeyMintOperation::update(
68 const vector<uint8_t>& input,
69 const optional<HardwareAuthToken>& /* authToken */,
70 const optional<TimeStampToken>&
71 /* timestampToken */,
72 vector<uint8_t>* output) {
73 if (!output) return kmError2ScopedAStatus(KM_ERROR_OUTPUT_PARAMETER_NULL);
74
75 UpdateOperationRequest request(impl_.message_version());
76 request.op_handle = opHandle_;
77 request.input.Reinitialize(input.data(), input.size());
78
79 UpdateOperationResponse response(impl_.message_version());
80 impl_.UpdateOperation(request, &response);
81
82 if (response.error != KM_ERROR_OK)
83 return kmError2ScopedAStatus(response.error);
84 if (response.input_consumed != request.input.buffer_size()) {
85 return kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
86 }
87
88 *output = kmBuffer2vector(response.output);
89 return ScopedAStatus::ok();
90 }
91
finish(const optional<vector<uint8_t>> & input,const optional<vector<uint8_t>> & signature,const optional<HardwareAuthToken> &,const optional<TimeStampToken> &,const optional<vector<uint8_t>> &,vector<uint8_t> * output)92 ScopedAStatus RemoteKeyMintOperation::finish(
93 const optional<vector<uint8_t>>& input, //
94 const optional<vector<uint8_t>>& signature, //
95 const optional<HardwareAuthToken>& /* authToken */,
96 const optional<TimeStampToken>& /* timestampToken */,
97 const optional<vector<uint8_t>>& /* confirmationToken */,
98 vector<uint8_t>* output) {
99 if (!output) {
100 return ScopedAStatus(AStatus_fromServiceSpecificError(
101 static_cast<int32_t>(ErrorCode::OUTPUT_PARAMETER_NULL)));
102 }
103
104 FinishOperationRequest request(impl_.message_version());
105 request.op_handle = opHandle_;
106 if (input) request.input.Reinitialize(input->data(), input->size());
107 if (signature)
108 request.signature.Reinitialize(signature->data(), signature->size());
109
110 FinishOperationResponse response(impl_.message_version());
111 impl_.FinishOperation(request, &response);
112 opHandle_ = 0;
113
114 if (response.error != KM_ERROR_OK)
115 return kmError2ScopedAStatus(response.error);
116
117 *output = kmBuffer2vector(response.output);
118 return ScopedAStatus::ok();
119 }
120
abort()121 ScopedAStatus RemoteKeyMintOperation::abort() {
122 AbortOperationRequest request(impl_.message_version());
123 request.op_handle = opHandle_;
124
125 AbortOperationResponse response(impl_.message_version());
126 impl_.AbortOperation(request, &response);
127 opHandle_ = 0;
128
129 return kmError2ScopedAStatus(response.error);
130 }
131
132 } // namespace aidl::android::hardware::security::keymint
133