Loading trusty/keymaster/Android.bp +1 −1 Original line number Diff line number Diff line Loading @@ -100,6 +100,7 @@ cc_binary { "ipc/trusty_keymaster_ipc.cpp", "keymint/TrustyKeyMintDevice.cpp", "keymint/TrustyKeyMintOperation.cpp", "keymint/TrustyRemotelyProvisionedComponentDevice.cpp", "keymint/TrustySecureClock.cpp", "keymint/TrustySharedSecret.cpp", "keymint/service.cpp", Loading @@ -118,7 +119,6 @@ cc_binary { "libtrusty", ], required: [ "RemoteProvisioner", "android.hardware.hardware_keystore.xml", ], } Loading trusty/keymaster/TrustyKeymaster.cpp +10 −0 Original line number Diff line number Diff line Loading @@ -158,6 +158,16 @@ void TrustyKeymaster::GenerateKey(const GenerateKeyRequest& request, } } void TrustyKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request, GenerateRkpKeyResponse* response) { ForwardCommand(KM_GENERATE_RKP_KEY, request, response); } void TrustyKeymaster::GenerateCsr(const GenerateCsrRequest& request, GenerateCsrResponse* response) { ForwardCommand(KM_GENERATE_CSR, request, response); } void TrustyKeymaster::GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request, GetKeyCharacteristicsResponse* response) { ForwardCommand(KM_GET_KEY_CHARACTERISTICS, request, response); Loading trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h +2 −0 Original line number Diff line number Diff line Loading @@ -42,6 +42,8 @@ class TrustyKeymaster { void AddRngEntropy(const AddEntropyRequest& request, AddEntropyResponse* response); void Configure(const ConfigureRequest& request, ConfigureResponse* response); void GenerateKey(const GenerateKeyRequest& request, GenerateKeyResponse* response); void GenerateRkpKey(const GenerateRkpKeyRequest& request, GenerateRkpKeyResponse* response); void GenerateCsr(const GenerateCsrRequest& request, GenerateCsrResponse* response); void GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request, GetKeyCharacteristicsResponse* response); void ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response); Loading trusty/keymaster/include/trusty_keymaster/TrustyRemotelyProvisionedComponentDevice.h 0 → 100644 +53 −0 Original line number Diff line number Diff line /* * Copyright 2021, The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #pragma once #include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h> #include <aidl/android/hardware/security/keymint/RpcHardwareInfo.h> #include <aidl/android/hardware/security/keymint/SecurityLevel.h> #include <trusty_keymaster/TrustyKeymaster.h> namespace aidl::android::hardware::security::keymint::trusty { using ::keymaster::TrustyKeymaster; using ::ndk::ScopedAStatus; using ::std::shared_ptr; class TrustyRemotelyProvisionedComponentDevice : public BnRemotelyProvisionedComponent { public: explicit TrustyRemotelyProvisionedComponentDevice(shared_ptr<TrustyKeymaster> impl) : impl_(std::move(impl)) {} virtual ~TrustyRemotelyProvisionedComponentDevice() = default; ScopedAStatus getHardwareInfo(RpcHardwareInfo* info) override; ScopedAStatus generateEcdsaP256KeyPair(bool testMode, MacedPublicKey* macedPublicKey, std::vector<uint8_t>* privateKeyHandle) override; ScopedAStatus generateCertificateRequest(bool testMode, const std::vector<MacedPublicKey>& keysToSign, const std::vector<uint8_t>& endpointEncCertChain, const std::vector<uint8_t>& challenge, DeviceInfo* deviceInfo, ProtectedData* protectedData, std::vector<uint8_t>* keysToSignMac) override; private: std::shared_ptr<::keymaster::TrustyKeymaster> impl_; }; } // namespace aidl::android::hardware::security::keymint::trusty trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h +2 −0 Original line number Diff line number Diff line Loading @@ -56,6 +56,8 @@ enum keymaster_command : uint32_t { KM_GET_VERSION_2 = (28 << KEYMASTER_REQ_SHIFT), KM_EARLY_BOOT_ENDED = (29 << KEYMASTER_REQ_SHIFT), KM_DEVICE_LOCKED = (30 << KEYMASTER_REQ_SHIFT), KM_GENERATE_RKP_KEY = (31 << KEYMASTER_REQ_SHIFT), KM_GENERATE_CSR = (32 << KEYMASTER_REQ_SHIFT), // Bootloader/provisioning calls. KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT), Loading Loading
trusty/keymaster/Android.bp +1 −1 Original line number Diff line number Diff line Loading @@ -100,6 +100,7 @@ cc_binary { "ipc/trusty_keymaster_ipc.cpp", "keymint/TrustyKeyMintDevice.cpp", "keymint/TrustyKeyMintOperation.cpp", "keymint/TrustyRemotelyProvisionedComponentDevice.cpp", "keymint/TrustySecureClock.cpp", "keymint/TrustySharedSecret.cpp", "keymint/service.cpp", Loading @@ -118,7 +119,6 @@ cc_binary { "libtrusty", ], required: [ "RemoteProvisioner", "android.hardware.hardware_keystore.xml", ], } Loading
trusty/keymaster/TrustyKeymaster.cpp +10 −0 Original line number Diff line number Diff line Loading @@ -158,6 +158,16 @@ void TrustyKeymaster::GenerateKey(const GenerateKeyRequest& request, } } void TrustyKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request, GenerateRkpKeyResponse* response) { ForwardCommand(KM_GENERATE_RKP_KEY, request, response); } void TrustyKeymaster::GenerateCsr(const GenerateCsrRequest& request, GenerateCsrResponse* response) { ForwardCommand(KM_GENERATE_CSR, request, response); } void TrustyKeymaster::GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request, GetKeyCharacteristicsResponse* response) { ForwardCommand(KM_GET_KEY_CHARACTERISTICS, request, response); Loading
trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h +2 −0 Original line number Diff line number Diff line Loading @@ -42,6 +42,8 @@ class TrustyKeymaster { void AddRngEntropy(const AddEntropyRequest& request, AddEntropyResponse* response); void Configure(const ConfigureRequest& request, ConfigureResponse* response); void GenerateKey(const GenerateKeyRequest& request, GenerateKeyResponse* response); void GenerateRkpKey(const GenerateRkpKeyRequest& request, GenerateRkpKeyResponse* response); void GenerateCsr(const GenerateCsrRequest& request, GenerateCsrResponse* response); void GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request, GetKeyCharacteristicsResponse* response); void ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response); Loading
trusty/keymaster/include/trusty_keymaster/TrustyRemotelyProvisionedComponentDevice.h 0 → 100644 +53 −0 Original line number Diff line number Diff line /* * Copyright 2021, The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #pragma once #include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h> #include <aidl/android/hardware/security/keymint/RpcHardwareInfo.h> #include <aidl/android/hardware/security/keymint/SecurityLevel.h> #include <trusty_keymaster/TrustyKeymaster.h> namespace aidl::android::hardware::security::keymint::trusty { using ::keymaster::TrustyKeymaster; using ::ndk::ScopedAStatus; using ::std::shared_ptr; class TrustyRemotelyProvisionedComponentDevice : public BnRemotelyProvisionedComponent { public: explicit TrustyRemotelyProvisionedComponentDevice(shared_ptr<TrustyKeymaster> impl) : impl_(std::move(impl)) {} virtual ~TrustyRemotelyProvisionedComponentDevice() = default; ScopedAStatus getHardwareInfo(RpcHardwareInfo* info) override; ScopedAStatus generateEcdsaP256KeyPair(bool testMode, MacedPublicKey* macedPublicKey, std::vector<uint8_t>* privateKeyHandle) override; ScopedAStatus generateCertificateRequest(bool testMode, const std::vector<MacedPublicKey>& keysToSign, const std::vector<uint8_t>& endpointEncCertChain, const std::vector<uint8_t>& challenge, DeviceInfo* deviceInfo, ProtectedData* protectedData, std::vector<uint8_t>* keysToSignMac) override; private: std::shared_ptr<::keymaster::TrustyKeymaster> impl_; }; } // namespace aidl::android::hardware::security::keymint::trusty
trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h +2 −0 Original line number Diff line number Diff line Loading @@ -56,6 +56,8 @@ enum keymaster_command : uint32_t { KM_GET_VERSION_2 = (28 << KEYMASTER_REQ_SHIFT), KM_EARLY_BOOT_ENDED = (29 << KEYMASTER_REQ_SHIFT), KM_DEVICE_LOCKED = (30 << KEYMASTER_REQ_SHIFT), KM_GENERATE_RKP_KEY = (31 << KEYMASTER_REQ_SHIFT), KM_GENERATE_CSR = (32 << KEYMASTER_REQ_SHIFT), // Bootloader/provisioning calls. KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT), Loading
