Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b3cae813 authored by Seth Moore's avatar Seth Moore Committed by Automerger Merge Worker
Browse files

Merge "Client side implementation of Trusty IRPC HAL" am: 8fe56020 

Original change: https://android-review.googlesource.com/c/platform/system/core/+/1756551

Change-Id: I6e6032b0d8f61554cdef19c699c2102149ae2218
parents a1a4b281 8fe56020

trusty/keymaster/Android.bp

+1 −1
Original line number Diff line number Diff line
@@ -100,6 +100,7 @@ cc_binary { 
        "ipc/trusty_keymaster_ipc.cpp",

        "keymint/TrustyKeyMintDevice.cpp",

        "keymint/TrustyKeyMintOperation.cpp",

        "keymint/TrustyRemotelyProvisionedComponentDevice.cpp",

        "keymint/TrustySecureClock.cpp",

        "keymint/TrustySharedSecret.cpp",

        "keymint/service.cpp",
@@ -118,7 +119,6 @@ cc_binary { 
        "libtrusty",

    ],

    required: [

        "RemoteProvisioner",

        "android.hardware.hardware_keystore.xml",

    ],

}

trusty/keymaster/TrustyKeymaster.cpp

+10 −0
Original line number Diff line number Diff line
@@ -158,6 +158,16 @@ void TrustyKeymaster::GenerateKey(const GenerateKeyRequest& request, 
    }

}



void TrustyKeymaster::GenerateRkpKey(const GenerateRkpKeyRequest& request,

                                     GenerateRkpKeyResponse* response) {

    ForwardCommand(KM_GENERATE_RKP_KEY, request, response);

}



void TrustyKeymaster::GenerateCsr(const GenerateCsrRequest& request,

                                  GenerateCsrResponse* response) {

    ForwardCommand(KM_GENERATE_CSR, request, response);

}



void TrustyKeymaster::GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,

                                            GetKeyCharacteristicsResponse* response) {

    ForwardCommand(KM_GET_KEY_CHARACTERISTICS, request, response);

trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h

+2 −0
Original line number Diff line number Diff line
@@ -42,6 +42,8 @@ class TrustyKeymaster { 
    void AddRngEntropy(const AddEntropyRequest& request, AddEntropyResponse* response);

    void Configure(const ConfigureRequest& request, ConfigureResponse* response);

    void GenerateKey(const GenerateKeyRequest& request, GenerateKeyResponse* response);

    void GenerateRkpKey(const GenerateRkpKeyRequest& request, GenerateRkpKeyResponse* response);

    void GenerateCsr(const GenerateCsrRequest& request, GenerateCsrResponse* response);

    void GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,

                               GetKeyCharacteristicsResponse* response);

    void ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response);

trusty/keymaster/include/trusty_keymaster/TrustyRemotelyProvisionedComponentDevice.h

0 → 100644
+53 −0
Original line number Diff line number Diff line 
/*

 * Copyright 2021, The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *     http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */



#pragma once



#include <aidl/android/hardware/security/keymint/BnRemotelyProvisionedComponent.h>

#include <aidl/android/hardware/security/keymint/RpcHardwareInfo.h>

#include <aidl/android/hardware/security/keymint/SecurityLevel.h>



#include <trusty_keymaster/TrustyKeymaster.h>



namespace aidl::android::hardware::security::keymint::trusty {



using ::keymaster::TrustyKeymaster;

using ::ndk::ScopedAStatus;

using ::std::shared_ptr;



class TrustyRemotelyProvisionedComponentDevice : public BnRemotelyProvisionedComponent {

  public:

    explicit TrustyRemotelyProvisionedComponentDevice(shared_ptr<TrustyKeymaster> impl)

        : impl_(std::move(impl)) {}

    virtual ~TrustyRemotelyProvisionedComponentDevice() = default;



    ScopedAStatus getHardwareInfo(RpcHardwareInfo* info) override;



    ScopedAStatus generateEcdsaP256KeyPair(bool testMode, MacedPublicKey* macedPublicKey,

                                           std::vector<uint8_t>* privateKeyHandle) override;



    ScopedAStatus generateCertificateRequest(bool testMode,

                                             const std::vector<MacedPublicKey>& keysToSign,

                                             const std::vector<uint8_t>& endpointEncCertChain,

                                             const std::vector<uint8_t>& challenge,

                                             DeviceInfo* deviceInfo, ProtectedData* protectedData,

                                             std::vector<uint8_t>* keysToSignMac) override;



  private:

    std::shared_ptr<::keymaster::TrustyKeymaster> impl_;

};



}  // namespace aidl::android::hardware::security::keymint::trusty

trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h

+2 −0
Original line number Diff line number Diff line
@@ -56,6 +56,8 @@ enum keymaster_command : uint32_t { 
    KM_GET_VERSION_2                = (28 << KEYMASTER_REQ_SHIFT),

    KM_EARLY_BOOT_ENDED             = (29 << KEYMASTER_REQ_SHIFT),

    KM_DEVICE_LOCKED                = (30 << KEYMASTER_REQ_SHIFT),

    KM_GENERATE_RKP_KEY             = (31 << KEYMASTER_REQ_SHIFT),

    KM_GENERATE_CSR                 = (32 << KEYMASTER_REQ_SHIFT),



    // Bootloader/provisioning calls.

    KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),