diff options
author | David Drysdale <drysdale@google.com> | 2021-05-27 12:43:33 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2021-05-27 12:43:33 +0000 |
commit | 43a8733e0c1cac389079b52be1e53e8b00d772b5 (patch) | |
tree | b1d4a55addb6044ff40f2ab8d46721a470c5a7d3 | |
parent | 0faf82f20f1e7a1d7ee85f1a9a7c89d57c59a0c5 (diff) | |
parent | e60f6d2d4a788e364bf8f3489677913f454049dd (diff) | |
download | keymaster-43a8733e0c1cac389079b52be1e53e8b00d772b5.tar.gz |
Merge "KeyMint: implement getKeyCharacteristics()" into sc-dev
-rw-r--r-- | ng/AndroidKeyMintDevice.cpp | 52 | ||||
-rw-r--r-- | ng/include/AndroidKeyMintDevice.h | 4 |
2 files changed, 45 insertions, 11 deletions
diff --git a/ng/AndroidKeyMintDevice.cpp b/ng/AndroidKeyMintDevice.cpp index 3d349bc..80cf086 100644 --- a/ng/AndroidKeyMintDevice.cpp +++ b/ng/AndroidKeyMintDevice.cpp @@ -46,15 +46,21 @@ namespace { vector<KeyCharacteristics> convertKeyCharacteristics(SecurityLevel keyMintSecurityLevel, const AuthorizationSet& requestParams, const AuthorizationSet& sw_enforced, - const AuthorizationSet& hw_enforced) { + const AuthorizationSet& hw_enforced, + bool include_keystore_enforced = true) { KeyCharacteristics keyMintEnforced{keyMintSecurityLevel, {}}; if (keyMintSecurityLevel != SecurityLevel::SOFTWARE) { // We're pretending to be TRUSTED_ENVIRONMENT or STRONGBOX. keyMintEnforced.authorizations = kmParamSet2Aidl(hw_enforced); - // Put all the software authorizations in the keystore list. - KeyCharacteristics keystoreEnforced{SecurityLevel::KEYSTORE, kmParamSet2Aidl(sw_enforced)}; - return {std::move(keyMintEnforced), std::move(keystoreEnforced)}; + if (include_keystore_enforced) { + // Put all the software authorizations in the keystore list. + KeyCharacteristics keystoreEnforced{SecurityLevel::KEYSTORE, + kmParamSet2Aidl(sw_enforced)}; + return {std::move(keyMintEnforced), std::move(keystoreEnforced)}; + } else { + return {std::move(keyMintEnforced)}; + } } KeyCharacteristics keystoreEnforced{SecurityLevel::KEYSTORE, {}}; @@ -173,7 +179,9 @@ vector<KeyCharacteristics> convertKeyCharacteristics(SecurityLevel keyMintSecuri vector<KeyCharacteristics> retval; retval.reserve(2); if (!keyMintEnforced.authorizations.empty()) retval.push_back(std::move(keyMintEnforced)); - if (!keystoreEnforced.authorizations.empty()) retval.push_back(std::move(keystoreEnforced)); + if (include_keystore_enforced && !keystoreEnforced.authorizations.empty()) { + retval.push_back(std::move(keystoreEnforced)); + } return retval; } @@ -189,6 +197,17 @@ vector<Certificate> convertCertificateChain(const CertificateChain& chain) { return retval; } +void addClientAndAppData(const std::vector<uint8_t>& appId, const std::vector<uint8_t>& appData, + ::keymaster::AuthorizationSet* params) { + params->Clear(); + if (appId.size()) { + params->push_back(::keymaster::TAG_APPLICATION_ID, appId.data(), appId.size()); + } + if (appData.size()) { + params->push_back(::keymaster::TAG_APPLICATION_DATA, appData.data(), appData.size()); + } +} + } // namespace constexpr size_t kOperationTableSize = 16; @@ -425,10 +444,25 @@ AndroidKeyMintDevice::convertStorageKeyToEphemeral(const std::vector<uint8_t>& / } ScopedAStatus AndroidKeyMintDevice::getKeyCharacteristics( - const std::vector<uint8_t>& /* storageKeyBlob */, const std::vector<uint8_t>& /* appId */, - const std::vector<uint8_t>& /* appData */, - std::vector<KeyCharacteristics>* /* keyCharacteristics */) { - return kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED); + const std::vector<uint8_t>& keyBlob, const std::vector<uint8_t>& appId, + const std::vector<uint8_t>& appData, std::vector<KeyCharacteristics>* keyCharacteristics) { + GetKeyCharacteristicsRequest request(impl_->message_version()); + request.SetKeyMaterial(keyBlob.data(), keyBlob.size()); + addClientAndAppData(appId, appData, &request.additional_params); + + GetKeyCharacteristicsResponse response(impl_->message_version()); + impl_->GetKeyCharacteristics(request, &response); + + if (response.error != KM_ERROR_OK) { + return kmError2ScopedAStatus(response.error); + } + + AuthorizationSet emptySet; + *keyCharacteristics = + convertKeyCharacteristics(securityLevel_, emptySet, response.unenforced, response.enforced, + /* include_keystore_enforced = */ false); + + return ScopedAStatus::ok(); } IKeyMintDevice* CreateKeyMintDevice(SecurityLevel securityLevel) { diff --git a/ng/include/AndroidKeyMintDevice.h b/ng/include/AndroidKeyMintDevice.h index 9ef32e2..e4ea976 100644 --- a/ng/include/AndroidKeyMintDevice.h +++ b/ng/include/AndroidKeyMintDevice.h @@ -77,8 +77,8 @@ class AndroidKeyMintDevice : public BnKeyMintDevice { std::vector<uint8_t>* ephemeralKeyBlob) override; ScopedAStatus - getKeyCharacteristics(const std::vector<uint8_t>& storageKeyBlob, - const std::vector<uint8_t>& appId, const std::vector<uint8_t>& appData, + getKeyCharacteristics(const std::vector<uint8_t>& keyBlob, const std::vector<uint8_t>& appId, + const std::vector<uint8_t>& appData, std::vector<KeyCharacteristics>* keyCharacteristics) override; shared_ptr<::keymaster::AndroidKeymaster>& getKeymasterImpl() { return impl_; } |