Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ce223a5c authored by Tri Vo's avatar Tri Vo
Browse files

Trusty IRemotelyProvisionedComponent v3 HAL implementation 

Bug: 235265072
Test: VtsHalRemotelyProvisionedComponentTargetTest
Change-Id: If0ea94710d0d0e18020a0a4b9c05ef915bbf61fa
parent 025b7f3c

trusty/keymaster/TrustyKeymaster.cpp

+5 −0
Original line number Diff line number Diff line
@@ -178,6 +178,11 @@ void TrustyKeymaster::GenerateCsr(const GenerateCsrRequest& request, 
    ForwardCommand(KM_GENERATE_CSR, request, response);

}



void TrustyKeymaster::GenerateCsrV2(const GenerateCsrV2Request& request,

                                    GenerateCsrV2Response* response) {

    ForwardCommand(KM_GENERATE_CSR_V2, request, response);

}



void TrustyKeymaster::GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,

                                            GetKeyCharacteristicsResponse* response) {

    ForwardCommand(KM_GET_KEY_CHARACTERISTICS, request, response);

trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h

+1 −0
Original line number Diff line number Diff line
@@ -44,6 +44,7 @@ class TrustyKeymaster { 
    void GenerateKey(const GenerateKeyRequest& request, GenerateKeyResponse* response);

    void GenerateRkpKey(const GenerateRkpKeyRequest& request, GenerateRkpKeyResponse* response);

    void GenerateCsr(const GenerateCsrRequest& request, GenerateCsrResponse* response);

    void GenerateCsrV2(const GenerateCsrV2Request& request, GenerateCsrV2Response* response);

    void GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,

                               GetKeyCharacteristicsResponse* response);

    void ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response);

trusty/keymaster/include/trusty_keymaster/TrustyRemotelyProvisionedComponentDevice.h

+4 −0
Original line number Diff line number Diff line
@@ -46,6 +46,10 @@ class TrustyRemotelyProvisionedComponentDevice : public BnRemotelyProvisionedCom 
                                             DeviceInfo* deviceInfo, ProtectedData* protectedData,

                                             std::vector<uint8_t>* keysToSignMac) override;



    ScopedAStatus generateCertificateRequestV2(const std::vector<MacedPublicKey>& keysToSign,

                                               const std::vector<uint8_t>& challenge,

                                               std::vector<uint8_t>* csr) override;



  private:

    std::shared_ptr<::keymaster::TrustyKeymaster> impl_;

};

trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h

+1 −0
Original line number Diff line number Diff line
@@ -61,6 +61,7 @@ enum keymaster_command : uint32_t { 
    KM_CONFIGURE_VENDOR_PATCHLEVEL  = (33 << KEYMASTER_REQ_SHIFT),

    KM_GET_ROOT_OF_TRUST            = (34 << KEYMASTER_REQ_SHIFT),

    KM_GET_HW_INFO                  = (35 << KEYMASTER_REQ_SHIFT),

    KM_GENERATE_CSR_V2              = (36 << KEYMASTER_REQ_SHIFT),



    // Bootloader/provisioning calls.

    KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),

trusty/keymaster/keymint/TrustyRemotelyProvisionedComponentDevice.cpp

+24 −0
Original line number Diff line number Diff line
@@ -28,11 +28,14 @@ namespace aidl::android::hardware::security::keymint::trusty { 


using keymaster::GenerateCsrRequest;

using keymaster::GenerateCsrResponse;

using keymaster::GenerateCsrV2Request;

using keymaster::GenerateCsrV2Response;

using keymaster::GenerateRkpKeyRequest;

using keymaster::GenerateRkpKeyResponse;

using keymaster::GetHwInfoRequest;

using keymaster::GetHwInfoResponse;

using keymaster::KeymasterBlob;

using km_utils::kmError2ScopedAStatus;

using ::std::string;

using ::std::unique_ptr;

using ::std::vector;
@@ -125,4 +128,25 @@ ScopedAStatus TrustyRemotelyProvisionedComponentDevice::generateCertificateReque 
    return ScopedAStatus::ok();

}



ScopedAStatus TrustyRemotelyProvisionedComponentDevice::generateCertificateRequestV2(

        const std::vector<MacedPublicKey>& keysToSign, const std::vector<uint8_t>& challenge,

        std::vector<uint8_t>* csr) {

    GenerateCsrV2Request request(impl_->message_version());

    if (!request.InitKeysToSign(keysToSign.size())) {

        return kmError2ScopedAStatus(static_cast<keymaster_error_t>(STATUS_FAILED));

    }

    for (size_t i = 0; i < keysToSign.size(); i++) {

        request.SetKeyToSign(i, keysToSign[i].macedKey.data(), keysToSign[i].macedKey.size());

    }

    request.SetChallenge(challenge.data(), challenge.size());

    GenerateCsrV2Response response(impl_->message_version());

    impl_->GenerateCsrV2(request, &response);



    if (response.error != KM_ERROR_OK) {

        return Status(-static_cast<int32_t>(response.error), "Failure in CSR v2 generation.");

    }

    *csr = km_utils::kmBlob2vector(response.csr);

    return ScopedAStatus::ok();

}



}  // namespace aidl::android::hardware::security::keymint::trusty