1 /*
2 **
3 ** Copyright 2017, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18 #define LOG_TAG "android.hardware.keymaster@4.0-impl"
19 #include <log/log.h>
20
21 #include "include/AndroidKeymaster4Device.h"
22
23 #include <keymasterV4_0/authorization_set.h>
24 #include <keymasterV4_0/keymaster_utils.h>
25
26 #include <keymaster/android_keymaster.h>
27 #include <keymaster/android_keymaster_messages.h>
28 #include <keymaster/contexts/pure_soft_keymaster_context.h>
29 #include <keymaster/contexts/soft_keymaster_context.h>
30 #include <keymaster/keymaster_configuration.h>
31 #include <keymaster/keymaster_enforcement.h>
32 #include <keymaster/km_openssl/soft_keymaster_enforcement.h>
33
34 using android::hardware::keymaster::V4_0::support::authToken2HidlVec;
35
36 namespace keymaster {
37 namespace V4_0 {
38 namespace ng {
39
40 namespace {
41
42 constexpr size_t kOperationTableSize = 16;
43
legacy_enum_conversion(const Tag value)44 inline keymaster_tag_t legacy_enum_conversion(const Tag value) {
45 return keymaster_tag_t(value);
46 }
47
legacy_enum_conversion(const keymaster_tag_t value)48 inline Tag legacy_enum_conversion(const keymaster_tag_t value) {
49 return Tag(value);
50 }
51
legacy_enum_conversion(const KeyPurpose value)52 inline keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) {
53 return static_cast<keymaster_purpose_t>(value);
54 }
55
legacy_enum_conversion(const KeyFormat value)56 inline keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) {
57 return static_cast<keymaster_key_format_t>(value);
58 }
59
legacy_enum_conversion(const keymaster_security_level_t value)60 inline SecurityLevel legacy_enum_conversion(const keymaster_security_level_t value) {
61 return static_cast<SecurityLevel>(value);
62 }
63
legacy_enum_conversion(const HardwareAuthenticatorType value)64 inline hw_authenticator_type_t legacy_enum_conversion(const HardwareAuthenticatorType value) {
65 return static_cast<hw_authenticator_type_t>(value);
66 }
67
legacy_enum_conversion(const keymaster_error_t value)68 inline ErrorCode legacy_enum_conversion(const keymaster_error_t value) {
69 return static_cast<ErrorCode>(value);
70 }
71
typeFromTag(const keymaster_tag_t tag)72 inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
73 return keymaster_tag_get_type(tag);
74 }
75
76 class KmParamSet : public keymaster_key_param_set_t {
77 public:
KmParamSet(const hidl_vec<KeyParameter> & keyParams)78 explicit KmParamSet(const hidl_vec<KeyParameter>& keyParams)
79 : keymaster_key_param_set_t(hidlKeyParams2Km(keyParams)) {}
KmParamSet(KmParamSet && other)80 KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} {
81 other.length = 0;
82 other.params = nullptr;
83 }
84 KmParamSet(const KmParamSet&) = delete;
~KmParamSet()85 ~KmParamSet() { delete[] params; }
86 };
87
kmBlob2hidlVec(const keymaster_key_blob_t & blob)88 inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_key_blob_t& blob) {
89 hidl_vec<uint8_t> result;
90 result.setToExternal(const_cast<unsigned char*>(blob.key_material), blob.key_material_size);
91 return result;
92 }
93
kmBlob2hidlVec(const keymaster_blob_t & blob)94 inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_blob_t& blob) {
95 hidl_vec<uint8_t> result;
96 result.setToExternal(const_cast<unsigned char*>(blob.data), blob.data_length);
97 return result;
98 }
99
kmBuffer2hidlVec(const::keymaster::Buffer & buf)100 inline hidl_vec<uint8_t> kmBuffer2hidlVec(const ::keymaster::Buffer& buf) {
101 hidl_vec<uint8_t> result;
102 result.setToExternal(const_cast<unsigned char*>(buf.peek_read()), buf.available_read());
103 return result;
104 }
105
106 inline static hidl_vec<hidl_vec<uint8_t>>
kmCertChain2Hidl(const keymaster_cert_chain_t & cert_chain)107 kmCertChain2Hidl(const keymaster_cert_chain_t& cert_chain) {
108 hidl_vec<hidl_vec<uint8_t>> result;
109 if (!cert_chain.entry_count || !cert_chain.entries) return result;
110
111 result.resize(cert_chain.entry_count);
112 for (size_t i = 0; i < cert_chain.entry_count; ++i) {
113 result[i] = kmBlob2hidlVec(cert_chain.entries[i]);
114 }
115
116 return result;
117 }
118
kmParamSet2Hidl(const keymaster_key_param_set_t & set)119 static inline hidl_vec<KeyParameter> kmParamSet2Hidl(const keymaster_key_param_set_t& set) {
120 hidl_vec<KeyParameter> result;
121 if (set.length == 0 || set.params == nullptr) return result;
122
123 result.resize(set.length);
124 keymaster_key_param_t* params = set.params;
125 for (size_t i = 0; i < set.length; ++i) {
126 auto tag = params[i].tag;
127 result[i].tag = legacy_enum_conversion(tag);
128 switch (typeFromTag(tag)) {
129 case KM_ENUM:
130 case KM_ENUM_REP:
131 result[i].f.integer = params[i].enumerated;
132 break;
133 case KM_UINT:
134 case KM_UINT_REP:
135 result[i].f.integer = params[i].integer;
136 break;
137 case KM_ULONG:
138 case KM_ULONG_REP:
139 result[i].f.longInteger = params[i].long_integer;
140 break;
141 case KM_DATE:
142 result[i].f.dateTime = params[i].date_time;
143 break;
144 case KM_BOOL:
145 result[i].f.boolValue = params[i].boolean;
146 break;
147 case KM_BIGNUM:
148 case KM_BYTES:
149 result[i].blob.setToExternal(const_cast<unsigned char*>(params[i].blob.data),
150 params[i].blob.data_length);
151 break;
152 case KM_INVALID:
153 default:
154 params[i].tag = KM_TAG_INVALID;
155 /* just skip */
156 break;
157 }
158 }
159 return result;
160 }
161
addClientAndAppData(const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,::keymaster::AuthorizationSet * params)162 void addClientAndAppData(const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
163 ::keymaster::AuthorizationSet* params) {
164 params->Clear();
165 if (clientId.size()) {
166 params->push_back(::keymaster::TAG_APPLICATION_ID, clientId.data(), clientId.size());
167 }
168 if (appData.size()) {
169 params->push_back(::keymaster::TAG_APPLICATION_DATA, appData.data(), appData.size());
170 }
171 }
172
173 } // anonymous namespace
174
hidlKeyParams2Km(const hidl_vec<KeyParameter> & keyParams)175 keymaster_key_param_set_t hidlKeyParams2Km(const hidl_vec<KeyParameter>& keyParams) {
176 keymaster_key_param_set_t set;
177
178 set.params = new (std::nothrow) keymaster_key_param_t[keyParams.size()];
179 set.length = keyParams.size();
180
181 for (size_t i = 0; i < keyParams.size(); ++i) {
182 auto tag = legacy_enum_conversion(keyParams[i].tag);
183 switch (typeFromTag(tag)) {
184 case KM_ENUM:
185 case KM_ENUM_REP:
186 set.params[i] = keymaster_param_enum(tag, keyParams[i].f.integer);
187 break;
188 case KM_UINT:
189 case KM_UINT_REP:
190 set.params[i] = keymaster_param_int(tag, keyParams[i].f.integer);
191 break;
192 case KM_ULONG:
193 case KM_ULONG_REP:
194 set.params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger);
195 break;
196 case KM_DATE:
197 set.params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime);
198 break;
199 case KM_BOOL:
200 if (keyParams[i].f.boolValue)
201 set.params[i] = keymaster_param_bool(tag);
202 else
203 set.params[i].tag = KM_TAG_INVALID;
204 break;
205 case KM_BIGNUM:
206 case KM_BYTES:
207 set.params[i] =
208 keymaster_param_blob(tag, &keyParams[i].blob[0], keyParams[i].blob.size());
209 break;
210 case KM_INVALID:
211 default:
212 set.params[i].tag = KM_TAG_INVALID;
213 /* just skip */
214 break;
215 }
216 }
217
218 return set;
219 }
220
AndroidKeymaster4Device(KmVersion version,SecurityLevel securityLevel)221 AndroidKeymaster4Device::AndroidKeymaster4Device(KmVersion version, SecurityLevel securityLevel)
222 : impl_(new (std::nothrow)::keymaster::AndroidKeymaster(
223 [&]() -> auto{
224 auto context = new (std::nothrow) PureSoftKeymasterContext(
225 version, static_cast<keymaster_security_level_t>(securityLevel));
226 context->SetSystemVersion(GetOsVersion(), GetOsPatchlevel());
227 context->SetVendorPatchlevel(GetVendorPatchlevel());
228 // Software devices cannot be configured by the boot loader but they have
229 // to return a boot patch level. So lets just return the OS patch level.
230 // The OS patch level only has a year and a month so we just add the 1st
231 // of the month as day field.
232 context->SetBootPatchlevel(GetOsPatchlevel() * 100 + 1);
233 return context;
234 }(),
235 kOperationTableSize)),
236 securityLevel_(securityLevel) {}
237
~AndroidKeymaster4Device()238 AndroidKeymaster4Device::~AndroidKeymaster4Device() {}
239
getHardwareInfo(getHardwareInfo_cb _hidl_cb)240 Return<void> AndroidKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_cb) {
241 _hidl_cb(securityLevel_, "SoftwareKeymasterDevice", "Google");
242 return Void();
243 }
244
245 Return<void>
getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb)246 AndroidKeymaster4Device::getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) {
247 auto response = impl_->GetHmacSharingParameters();
248
249 ::android::hardware::keymaster::V4_0::HmacSharingParameters params;
250 params.seed.setToExternal(const_cast<uint8_t*>(response.params.seed.data),
251 response.params.seed.data_length);
252 static_assert(sizeof(response.params.nonce) == params.nonce.size(), "Nonce sizes don't match");
253 memcpy(params.nonce.data(), response.params.nonce, params.nonce.size());
254 _hidl_cb(legacy_enum_conversion(response.error), params);
255 return Void();
256 }
257
computeSharedHmac(const hidl_vec<::android::hardware::keymaster::V4_0::HmacSharingParameters> & params,computeSharedHmac_cb _hidl_cb)258 Return<void> AndroidKeymaster4Device::computeSharedHmac(
259 const hidl_vec<::android::hardware::keymaster::V4_0::HmacSharingParameters>& params,
260 computeSharedHmac_cb _hidl_cb) {
261 ComputeSharedHmacRequest request(impl_->message_version());
262 request.params_array.params_array =
263 new (std::nothrow) keymaster::HmacSharingParameters[params.size()];
264 request.params_array.num_params = params.size();
265 for (size_t i = 0; i < params.size(); ++i) {
266 request.params_array.params_array[i].seed = {params[i].seed.data(), params[i].seed.size()};
267 static_assert(sizeof(request.params_array.params_array[i].nonce) ==
268 decltype(params[i].nonce)::size(),
269 "Nonce sizes don't match");
270 memcpy(request.params_array.params_array[i].nonce, params[i].nonce.data(),
271 params[i].nonce.size());
272 }
273
274 auto response = impl_->ComputeSharedHmac(request);
275 hidl_vec<uint8_t> sharing_check;
276 if (response.error == KM_ERROR_OK) sharing_check = kmBlob2hidlVec(response.sharing_check);
277
278 _hidl_cb(legacy_enum_conversion(response.error), sharing_check);
279 return Void();
280 }
281
verifyAuthorization(uint64_t challenge,const hidl_vec<KeyParameter> & parametersToVerify,const::android::hardware::keymaster::V4_0::HardwareAuthToken & authToken,verifyAuthorization_cb _hidl_cb)282 Return<void> AndroidKeymaster4Device::verifyAuthorization(
283 uint64_t challenge, const hidl_vec<KeyParameter>& parametersToVerify,
284 const ::android::hardware::keymaster::V4_0::HardwareAuthToken& authToken,
285 verifyAuthorization_cb _hidl_cb) {
286
287 VerifyAuthorizationRequest request(impl_->message_version());
288 request.challenge = challenge;
289 request.parameters_to_verify.Reinitialize(KmParamSet(parametersToVerify));
290 request.auth_token.challenge = authToken.challenge;
291 request.auth_token.user_id = authToken.userId;
292 request.auth_token.authenticator_id = authToken.authenticatorId;
293 request.auth_token.authenticator_type = legacy_enum_conversion(authToken.authenticatorType);
294 request.auth_token.timestamp = authToken.timestamp;
295 KeymasterBlob mac(authToken.mac.data(), authToken.mac.size());
296 request.auth_token.mac = mac;
297
298 auto response = impl_->VerifyAuthorization(request);
299
300 ::android::hardware::keymaster::V4_0::VerificationToken token;
301 token.challenge = response.token.challenge;
302 token.timestamp = response.token.timestamp;
303 token.parametersVerified = kmParamSet2Hidl(response.token.parameters_verified);
304 token.securityLevel = legacy_enum_conversion(response.token.security_level);
305 token.mac = kmBlob2hidlVec(response.token.mac);
306
307 _hidl_cb(legacy_enum_conversion(response.error), token);
308
309 return Void();
310 }
311
addRngEntropy(const hidl_vec<uint8_t> & data)312 Return<ErrorCode> AndroidKeymaster4Device::addRngEntropy(const hidl_vec<uint8_t>& data) {
313 if (data.size() == 0) return ErrorCode::OK;
314 AddEntropyRequest request(impl_->message_version());
315 request.random_data.Reinitialize(data.data(), data.size());
316
317 AddEntropyResponse response(impl_->message_version());
318 impl_->AddRngEntropy(request, &response);
319
320 return legacy_enum_conversion(response.error);
321 }
322
generateKey(const hidl_vec<KeyParameter> & keyParams,generateKey_cb _hidl_cb)323 Return<void> AndroidKeymaster4Device::generateKey(const hidl_vec<KeyParameter>& keyParams,
324 generateKey_cb _hidl_cb) {
325 GenerateKeyRequest request(impl_->message_version());
326 request.key_description.Reinitialize(KmParamSet(keyParams));
327
328 GenerateKeyResponse response(impl_->message_version());
329 impl_->GenerateKey(request, &response);
330
331 KeyCharacteristics resultCharacteristics;
332 hidl_vec<uint8_t> resultKeyBlob;
333 if (response.error == KM_ERROR_OK) {
334 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
335 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
336 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
337 }
338 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
339 return Void();
340 }
341
getKeyCharacteristics(const hidl_vec<uint8_t> & keyBlob,const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,getKeyCharacteristics_cb _hidl_cb)342 Return<void> AndroidKeymaster4Device::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
343 const hidl_vec<uint8_t>& clientId,
344 const hidl_vec<uint8_t>& appData,
345 getKeyCharacteristics_cb _hidl_cb) {
346 GetKeyCharacteristicsRequest request(impl_->message_version());
347 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
348 addClientAndAppData(clientId, appData, &request.additional_params);
349
350 GetKeyCharacteristicsResponse response(impl_->message_version());
351 impl_->GetKeyCharacteristics(request, &response);
352
353 KeyCharacteristics resultCharacteristics;
354 if (response.error == KM_ERROR_OK) {
355 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
356 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
357 }
358 _hidl_cb(legacy_enum_conversion(response.error), resultCharacteristics);
359 return Void();
360 }
361
importKey(const hidl_vec<KeyParameter> & params,KeyFormat keyFormat,const hidl_vec<uint8_t> & keyData,importKey_cb _hidl_cb)362 Return<void> AndroidKeymaster4Device::importKey(const hidl_vec<KeyParameter>& params,
363 KeyFormat keyFormat,
364 const hidl_vec<uint8_t>& keyData,
365 importKey_cb _hidl_cb) {
366 ImportKeyRequest request(impl_->message_version());
367 request.key_description.Reinitialize(KmParamSet(params));
368 request.key_format = legacy_enum_conversion(keyFormat);
369 request.key_data = KeymasterKeyBlob(keyData.data(), keyData.size());
370
371 ImportKeyResponse response(impl_->message_version());
372 impl_->ImportKey(request, &response);
373
374 KeyCharacteristics resultCharacteristics;
375 hidl_vec<uint8_t> resultKeyBlob;
376 if (response.error == KM_ERROR_OK) {
377 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
378 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
379 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
380 }
381 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
382 return Void();
383 }
384
importWrappedKey(const hidl_vec<uint8_t> & wrappedKeyData,const hidl_vec<uint8_t> & wrappingKeyBlob,const hidl_vec<uint8_t> & maskingKey,const hidl_vec<KeyParameter> & unwrappingParams,uint64_t passwordSid,uint64_t biometricSid,importWrappedKey_cb _hidl_cb)385 Return<void> AndroidKeymaster4Device::importWrappedKey(
386 const hidl_vec<uint8_t>& wrappedKeyData, const hidl_vec<uint8_t>& wrappingKeyBlob,
387 const hidl_vec<uint8_t>& maskingKey, const hidl_vec<KeyParameter>& unwrappingParams,
388 uint64_t passwordSid, uint64_t biometricSid, importWrappedKey_cb _hidl_cb) {
389
390 ImportWrappedKeyRequest request(impl_->message_version());
391 request.SetWrappedMaterial(wrappedKeyData.data(), wrappedKeyData.size());
392 request.SetWrappingMaterial(wrappingKeyBlob.data(), wrappingKeyBlob.size());
393 request.SetMaskingKeyMaterial(maskingKey.data(), maskingKey.size());
394 request.additional_params.Reinitialize(KmParamSet(unwrappingParams));
395 request.password_sid = passwordSid;
396 request.biometric_sid = biometricSid;
397
398 ImportWrappedKeyResponse response(impl_->message_version());
399 impl_->ImportWrappedKey(request, &response);
400
401 KeyCharacteristics resultCharacteristics;
402 hidl_vec<uint8_t> resultKeyBlob;
403 if (response.error == KM_ERROR_OK) {
404 resultKeyBlob = kmBlob2hidlVec(response.key_blob);
405 resultCharacteristics.hardwareEnforced = kmParamSet2Hidl(response.enforced);
406 resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
407 }
408 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
409 return Void();
410 }
411
exportKey(KeyFormat exportFormat,const hidl_vec<uint8_t> & keyBlob,const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,exportKey_cb _hidl_cb)412 Return<void> AndroidKeymaster4Device::exportKey(KeyFormat exportFormat,
413 const hidl_vec<uint8_t>& keyBlob,
414 const hidl_vec<uint8_t>& clientId,
415 const hidl_vec<uint8_t>& appData,
416 exportKey_cb _hidl_cb) {
417 ExportKeyRequest request(impl_->message_version());
418 request.key_format = legacy_enum_conversion(exportFormat);
419 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
420 addClientAndAppData(clientId, appData, &request.additional_params);
421
422 ExportKeyResponse response(impl_->message_version());
423 impl_->ExportKey(request, &response);
424
425 hidl_vec<uint8_t> resultKeyBlob;
426 if (response.error == KM_ERROR_OK) {
427 resultKeyBlob.setToExternal(response.key_data, response.key_data_length);
428 }
429 _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob);
430 return Void();
431 }
432
attestKey(const hidl_vec<uint8_t> & keyToAttest,const hidl_vec<KeyParameter> & attestParams,attestKey_cb _hidl_cb)433 Return<void> AndroidKeymaster4Device::attestKey(const hidl_vec<uint8_t>& keyToAttest,
434 const hidl_vec<KeyParameter>& attestParams,
435 attestKey_cb _hidl_cb) {
436 AttestKeyRequest request(impl_->message_version());
437 request.SetKeyMaterial(keyToAttest.data(), keyToAttest.size());
438 request.attest_params.Reinitialize(KmParamSet(attestParams));
439
440 AttestKeyResponse response(impl_->message_version());
441 impl_->AttestKey(request, &response);
442
443 hidl_vec<hidl_vec<uint8_t>> resultCertChain;
444 if (response.error == KM_ERROR_OK) {
445 resultCertChain = kmCertChain2Hidl(response.certificate_chain);
446 }
447 _hidl_cb(legacy_enum_conversion(response.error), resultCertChain);
448 return Void();
449 }
450
upgradeKey(const hidl_vec<uint8_t> & keyBlobToUpgrade,const hidl_vec<KeyParameter> & upgradeParams,upgradeKey_cb _hidl_cb)451 Return<void> AndroidKeymaster4Device::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
452 const hidl_vec<KeyParameter>& upgradeParams,
453 upgradeKey_cb _hidl_cb) {
454 // There's nothing to be done to upgrade software key blobs. Further, the software
455 // implementation never returns ErrorCode::KEY_REQUIRES_UPGRADE, so this should never be called.
456 UpgradeKeyRequest request(impl_->message_version());
457 request.SetKeyMaterial(keyBlobToUpgrade.data(), keyBlobToUpgrade.size());
458 request.upgrade_params.Reinitialize(KmParamSet(upgradeParams));
459
460 UpgradeKeyResponse response(impl_->message_version());
461 impl_->UpgradeKey(request, &response);
462
463 if (response.error == KM_ERROR_OK) {
464 _hidl_cb(ErrorCode::OK, kmBlob2hidlVec(response.upgraded_key));
465 } else {
466 _hidl_cb(legacy_enum_conversion(response.error), hidl_vec<uint8_t>());
467 }
468 return Void();
469 }
470
deleteKey(const hidl_vec<uint8_t> & keyBlob)471 Return<ErrorCode> AndroidKeymaster4Device::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
472 // There's nothing to be done to delete software key blobs.
473 DeleteKeyRequest request(impl_->message_version());
474 request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
475
476 DeleteKeyResponse response(impl_->message_version());
477 impl_->DeleteKey(request, &response);
478
479 return legacy_enum_conversion(response.error);
480 }
481
deleteAllKeys()482 Return<ErrorCode> AndroidKeymaster4Device::deleteAllKeys() {
483 // There's nothing to be done to delete software key blobs.
484 DeleteAllKeysRequest request(impl_->message_version());
485 DeleteAllKeysResponse response(impl_->message_version());
486 impl_->DeleteAllKeys(request, &response);
487
488 return legacy_enum_conversion(response.error);
489 }
490
destroyAttestationIds()491 Return<ErrorCode> AndroidKeymaster4Device::destroyAttestationIds() {
492 return ErrorCode::UNIMPLEMENTED;
493 }
494
begin(KeyPurpose purpose,const hidl_vec<uint8_t> & key,const hidl_vec<KeyParameter> & inParams,const HardwareAuthToken & authToken,begin_cb _hidl_cb)495 Return<void> AndroidKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
496 const hidl_vec<KeyParameter>& inParams,
497 const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
498
499 BeginOperationRequest request(impl_->message_version());
500 request.purpose = legacy_enum_conversion(purpose);
501 request.SetKeyMaterial(key.data(), key.size());
502 request.additional_params.Reinitialize(KmParamSet(inParams));
503
504 hidl_vec<uint8_t> hidl_vec_token = authToken2HidlVec(authToken);
505 request.additional_params.push_back(
506 TAG_AUTH_TOKEN, reinterpret_cast<uint8_t*>(hidl_vec_token.data()), hidl_vec_token.size());
507
508 BeginOperationResponse response(impl_->message_version());
509 impl_->BeginOperation(request, &response);
510
511 hidl_vec<KeyParameter> resultParams;
512 if (response.error == KM_ERROR_OK) resultParams = kmParamSet2Hidl(response.output_params);
513
514 _hidl_cb(legacy_enum_conversion(response.error), resultParams, response.op_handle);
515 return Void();
516 }
517
update(uint64_t operationHandle,const hidl_vec<KeyParameter> & inParams,const hidl_vec<uint8_t> & input,const HardwareAuthToken & authToken,const VerificationToken &,update_cb _hidl_cb)518 Return<void> AndroidKeymaster4Device::update(uint64_t operationHandle,
519 const hidl_vec<KeyParameter>& inParams,
520 const hidl_vec<uint8_t>& input,
521 const HardwareAuthToken& authToken ,
522 const VerificationToken& /* verificationToken */,
523 update_cb _hidl_cb) {
524 UpdateOperationRequest request(impl_->message_version());
525 request.op_handle = operationHandle;
526 request.input.Reinitialize(input.data(), input.size());
527 request.additional_params.Reinitialize(KmParamSet(inParams));
528
529 hidl_vec<uint8_t> hidl_vec_token = authToken2HidlVec(authToken);
530 request.additional_params.push_back(
531 TAG_AUTH_TOKEN, reinterpret_cast<uint8_t*>(hidl_vec_token.data()), hidl_vec_token.size());
532
533 UpdateOperationResponse response(impl_->message_version());
534 impl_->UpdateOperation(request, &response);
535
536 uint32_t resultConsumed = 0;
537 hidl_vec<KeyParameter> resultParams;
538 hidl_vec<uint8_t> resultBlob;
539 if (response.error == KM_ERROR_OK) {
540 resultConsumed = response.input_consumed;
541 resultParams = kmParamSet2Hidl(response.output_params);
542 resultBlob = kmBuffer2hidlVec(response.output);
543 }
544 _hidl_cb(legacy_enum_conversion(response.error), resultConsumed, resultParams, resultBlob);
545 return Void();
546 }
547
finish(uint64_t operationHandle,const hidl_vec<KeyParameter> & inParams,const hidl_vec<uint8_t> & input,const hidl_vec<uint8_t> & signature,const HardwareAuthToken & authToken,const VerificationToken &,finish_cb _hidl_cb)548 Return<void> AndroidKeymaster4Device::finish(uint64_t operationHandle,
549 const hidl_vec<KeyParameter>& inParams,
550 const hidl_vec<uint8_t>& input,
551 const hidl_vec<uint8_t>& signature,
552 const HardwareAuthToken& authToken ,
553 const VerificationToken& /* verificationToken */,
554 finish_cb _hidl_cb) {
555 FinishOperationRequest request(impl_->message_version());
556 request.op_handle = operationHandle;
557 request.input.Reinitialize(input.data(), input.size());
558 request.signature.Reinitialize(signature.data(), signature.size());
559 request.additional_params.Reinitialize(KmParamSet(inParams));
560
561 hidl_vec<uint8_t> hidl_vec_token = authToken2HidlVec(authToken);
562 request.additional_params.push_back(
563 TAG_AUTH_TOKEN, reinterpret_cast<uint8_t*>(hidl_vec_token.data()), hidl_vec_token.size());
564
565
566 FinishOperationResponse response(impl_->message_version());
567 impl_->FinishOperation(request, &response);
568
569 hidl_vec<KeyParameter> resultParams;
570 hidl_vec<uint8_t> resultBlob;
571 if (response.error == KM_ERROR_OK) {
572 resultParams = kmParamSet2Hidl(response.output_params);
573 resultBlob = kmBuffer2hidlVec(response.output);
574 }
575 _hidl_cb(legacy_enum_conversion(response.error), resultParams, resultBlob);
576 return Void();
577 }
578
abort(uint64_t operationHandle)579 Return<ErrorCode> AndroidKeymaster4Device::abort(uint64_t operationHandle) {
580 AbortOperationRequest request(impl_->message_version());
581 request.op_handle = operationHandle;
582
583 AbortOperationResponse response(impl_->message_version());
584 impl_->AbortOperation(request, &response);
585
586 return legacy_enum_conversion(response.error);
587 }
588
CreateKeymasterDevice(SecurityLevel securityLevel)589 IKeymasterDevice* CreateKeymasterDevice(SecurityLevel securityLevel) {
590 return new (std::nothrow) AndroidKeymaster4Device(securityLevel);
591 }
592
593 } // namespace ng
594 } // namespace V4_0
595 } // namespace keymaster
596