Merge "Revert^2 "Revise KeymasterMessage versioning system""

Return<ErrorCode> TrustyKeymaster3Device::addRngEntropy(const hidl_vec<uint8_t>& data) {

    if (data.size() == 0) return ErrorCode::OK;

    AddEntropyRequest request;

    AddEntropyRequest request(impl_->message_version());

    request.random_data.Reinitialize(data.data(), data.size());

    AddEntropyResponse response;

    AddEntropyResponse response(impl_->message_version());

    impl_->AddRngEntropy(request, &response);

    return legacy_enum_conversion(response.error);

Return<void> TrustyKeymaster3Device::generateKey(const hidl_vec<KeyParameter>& keyParams,

                                                 generateKey_cb _hidl_cb) {

    GenerateKeyRequest request;

    GenerateKeyRequest request(impl_->message_version());

    request.key_description.Reinitialize(KmParamSet(keyParams));

    GenerateKeyResponse response;

    GenerateKeyResponse response(impl_->message_version());

    impl_->GenerateKey(request, &response);

    KeyCharacteristics resultCharacteristics;

                                                           const hidl_vec<uint8_t>& clientId,

                                                           const hidl_vec<uint8_t>& appData,

                                                           getKeyCharacteristics_cb _hidl_cb) {

    GetKeyCharacteristicsRequest request;

    GetKeyCharacteristicsRequest request(impl_->message_version());

    request.SetKeyMaterial(keyBlob.data(), keyBlob.size());

    addClientAndAppData(clientId, appData, &request.additional_params);

    GetKeyCharacteristicsResponse response;

    GetKeyCharacteristicsResponse response(impl_->message_version());

    impl_->GetKeyCharacteristics(request, &response);

    KeyCharacteristics resultCharacteristics;

                                               KeyFormat keyFormat,

                                               const hidl_vec<uint8_t>& keyData,

                                               importKey_cb _hidl_cb) {

    ImportKeyRequest request;

    ImportKeyRequest request(impl_->message_version());

    request.key_description.Reinitialize(KmParamSet(params));

    request.key_format = legacy_enum_conversion(keyFormat);

    request.SetKeyMaterial(keyData.data(), keyData.size());

    ImportKeyResponse response;

    ImportKeyResponse response(impl_->message_version());

    impl_->ImportKey(request, &response);

    KeyCharacteristics resultCharacteristics;

                                               const hidl_vec<uint8_t>& clientId,

                                               const hidl_vec<uint8_t>& appData,

                                               exportKey_cb _hidl_cb) {

    ExportKeyRequest request;

    ExportKeyRequest request(impl_->message_version());

    request.key_format = legacy_enum_conversion(exportFormat);

    request.SetKeyMaterial(keyBlob.data(), keyBlob.size());

    addClientAndAppData(clientId, appData, &request.additional_params);

    ExportKeyResponse response;

    ExportKeyResponse response(impl_->message_version());

    impl_->ExportKey(request, &response);

    hidl_vec<uint8_t> resultKeyBlob;

Return<void> TrustyKeymaster3Device::attestKey(const hidl_vec<uint8_t>& keyToAttest,

                                               const hidl_vec<KeyParameter>& attestParams,

                                               attestKey_cb _hidl_cb) {

    AttestKeyRequest request;

    AttestKeyRequest request(impl_->message_version());

    request.SetKeyMaterial(keyToAttest.data(), keyToAttest.size());

    request.attest_params.Reinitialize(KmParamSet(attestParams));

    AttestKeyResponse response;

    AttestKeyResponse response(impl_->message_version());

    impl_->AttestKey(request, &response);

    hidl_vec<hidl_vec<uint8_t>> resultCertChain;

Return<void> TrustyKeymaster3Device::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,

                                                const hidl_vec<KeyParameter>& upgradeParams,

                                                upgradeKey_cb _hidl_cb) {

    UpgradeKeyRequest request;

    UpgradeKeyRequest request(impl_->message_version());

    request.SetKeyMaterial(keyBlobToUpgrade.data(), keyBlobToUpgrade.size());

    request.upgrade_params.Reinitialize(KmParamSet(upgradeParams));

    UpgradeKeyResponse response;

    UpgradeKeyResponse response(impl_->message_version());

    impl_->UpgradeKey(request, &response);

    if (response.error == KM_ERROR_OK) {

}

Return<ErrorCode> TrustyKeymaster3Device::deleteKey(const hidl_vec<uint8_t>& keyBlob) {

    DeleteKeyRequest request;

    DeleteKeyRequest request(impl_->message_version());

    request.SetKeyMaterial(keyBlob.data(), keyBlob.size());

    DeleteKeyResponse response;

    DeleteKeyResponse response(impl_->message_version());

    impl_->DeleteKey(request, &response);

    return legacy_enum_conversion(response.error);

}

Return<ErrorCode> TrustyKeymaster3Device::deleteAllKeys() {

    DeleteAllKeysRequest request;

    DeleteAllKeysResponse response;

    DeleteAllKeysRequest request(impl_->message_version());

    DeleteAllKeysResponse response(impl_->message_version());

    impl_->DeleteAllKeys(request, &response);

    return legacy_enum_conversion(response.error);

Return<void> TrustyKeymaster3Device::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,

                                           const hidl_vec<KeyParameter>& inParams,

                                           begin_cb _hidl_cb) {

    BeginOperationRequest request;

    BeginOperationRequest request(impl_->message_version());

    request.purpose = legacy_enum_conversion(purpose);

    request.SetKeyMaterial(key.data(), key.size());

    request.additional_params.Reinitialize(KmParamSet(inParams));

    BeginOperationResponse response;

    BeginOperationResponse response(impl_->message_version());

    impl_->BeginOperation(request, &response);

    hidl_vec<KeyParameter> resultParams;

    hidl_vec<KeyParameter> resultParams(impl_->message_version());

    if (response.error == KM_ERROR_OK) {

        resultParams = kmParamSet2Hidl(response.output_params);

    }

Return<void> TrustyKeymaster3Device::update(uint64_t operationHandle,

                                            const hidl_vec<KeyParameter>& inParams,

                                            const hidl_vec<uint8_t>& input, update_cb _hidl_cb) {

    UpdateOperationRequest request;

    UpdateOperationResponse response;

    UpdateOperationRequest request(impl_->message_version());

    UpdateOperationResponse response(impl_->message_version());

    hidl_vec<KeyParameter> resultParams;

    hidl_vec<uint8_t> resultBlob;

    uint32_t resultConsumed = 0;

                                            const hidl_vec<uint8_t>& input,

                                            const hidl_vec<uint8_t>& signature,

                                            finish_cb _hidl_cb) {

    FinishOperationRequest request;

    FinishOperationRequest request(impl_->message_version());

    request.op_handle = operationHandle;

    request.input.Reinitialize(input.data(), input.size());

    request.signature.Reinitialize(signature.data(), signature.size());

    request.additional_params.Reinitialize(KmParamSet(inParams));

    FinishOperationResponse response;

    FinishOperationResponse response(impl_->message_version());

    impl_->FinishOperation(request, &response);

    hidl_vec<KeyParameter> resultParams;

}

Return<ErrorCode> TrustyKeymaster3Device::abort(uint64_t operationHandle) {

    AbortOperationRequest request;

    AbortOperationRequest request(impl_->message_version());

    request.op_handle = operationHandle;

    AbortOperationResponse response;

    AbortOperationResponse response(impl_->message_version());

    impl_->AbortOperation(request, &response);

    return legacy_enum_conversion(response.error);

Return<void> TrustyKeymaster4Device::computeSharedHmac(

        const hidl_vec<HmacSharingParameters>& params, computeSharedHmac_cb _hidl_cb) {

    ComputeSharedHmacRequest request;

    ComputeSharedHmacRequest request(impl_->message_version());

    request.params_array.params_array = new keymaster::HmacSharingParameters[params.size()];

    request.params_array.num_params = params.size();

    for (size_t i = 0; i < params.size(); ++i) {

Return<void> TrustyKeymaster4Device::verifyAuthorization(

        uint64_t challenge, const hidl_vec<KeyParameter>& parametersToVerify,

        const HardwareAuthToken& authToken, verifyAuthorization_cb _hidl_cb) {

    VerifyAuthorizationRequest request;

    VerifyAuthorizationRequest request(impl_->message_version());

    request.challenge = challenge;

    request.parameters_to_verify.Reinitialize(KmParamSet(parametersToVerify));

    request.auth_token.challenge = authToken.challenge;

Return<ErrorCode> TrustyKeymaster4Device::addRngEntropy(const hidl_vec<uint8_t>& data) {

    if (data.size() == 0) return ErrorCode::OK;

    AddEntropyRequest request;

    AddEntropyRequest request(impl_->message_version());

    request.random_data.Reinitialize(data.data(), data.size());

    AddEntropyResponse response;

    AddEntropyResponse response(impl_->message_version());

    impl_->AddRngEntropy(request, &response);

    return legacy_enum_conversion(response.error);

Return<void> TrustyKeymaster4Device::generateKey(const hidl_vec<KeyParameter>& keyParams,

                                                 generateKey_cb _hidl_cb) {

    GenerateKeyRequest request;

    GenerateKeyRequest request(impl_->message_version());

    request.key_description.Reinitialize(KmParamSet(keyParams));

    GenerateKeyResponse response;

    GenerateKeyResponse response(impl_->message_version());

    impl_->GenerateKey(request, &response);

    KeyCharacteristics resultCharacteristics;

                                                           const hidl_vec<uint8_t>& clientId,

                                                           const hidl_vec<uint8_t>& appData,

                                                           getKeyCharacteristics_cb _hidl_cb) {

    GetKeyCharacteristicsRequest request;

    GetKeyCharacteristicsRequest request(impl_->message_version());

    request.SetKeyMaterial(keyBlob.data(), keyBlob.size());

    addClientAndAppData(clientId, appData, &request.additional_params);

    GetKeyCharacteristicsResponse response;

    GetKeyCharacteristicsResponse response(impl_->message_version());

    impl_->GetKeyCharacteristics(request, &response);

    KeyCharacteristics resultCharacteristics;

                                               KeyFormat keyFormat,

                                               const hidl_vec<uint8_t>& keyData,

                                               importKey_cb _hidl_cb) {

    ImportKeyRequest request;

    ImportKeyRequest request(impl_->message_version());

    request.key_description.Reinitialize(KmParamSet(params));

    request.key_format = legacy_enum_conversion(keyFormat);

    request.SetKeyMaterial(keyData.data(), keyData.size());

    ImportKeyResponse response;

    ImportKeyResponse response(impl_->message_version());

    impl_->ImportKey(request, &response);

    KeyCharacteristics resultCharacteristics;

        const hidl_vec<uint8_t>& wrappedKeyData, const hidl_vec<uint8_t>& wrappingKeyBlob,

        const hidl_vec<uint8_t>& maskingKey, const hidl_vec<KeyParameter>& unwrappingParams,

        uint64_t passwordSid, uint64_t biometricSid, importWrappedKey_cb _hidl_cb) {

    ImportWrappedKeyRequest request;

    ImportWrappedKeyRequest request(impl_->message_version());

    request.SetWrappedMaterial(wrappedKeyData.data(), wrappedKeyData.size());

    request.SetWrappingMaterial(wrappingKeyBlob.data(), wrappingKeyBlob.size());

    request.SetMaskingKeyMaterial(maskingKey.data(), maskingKey.size());

    request.password_sid = passwordSid;

    request.biometric_sid = biometricSid;

    ImportWrappedKeyResponse response;

    ImportWrappedKeyResponse response(impl_->message_version());

    impl_->ImportWrappedKey(request, &response);

    KeyCharacteristics resultCharacteristics;

                                               const hidl_vec<uint8_t>& clientId,

                                               const hidl_vec<uint8_t>& appData,

                                               exportKey_cb _hidl_cb) {

    ExportKeyRequest request;

    ExportKeyRequest request(impl_->message_version());

    request.key_format = legacy_enum_conversion(exportFormat);

    request.SetKeyMaterial(keyBlob.data(), keyBlob.size());

    addClientAndAppData(clientId, appData, &request.additional_params);

    ExportKeyResponse response;

    ExportKeyResponse response(impl_->message_version());

    impl_->ExportKey(request, &response);

    hidl_vec<uint8_t> resultKeyBlob;

Return<void> TrustyKeymaster4Device::attestKey(const hidl_vec<uint8_t>& keyToAttest,

                                               const hidl_vec<KeyParameter>& attestParams,

                                               attestKey_cb _hidl_cb) {

    AttestKeyRequest request;

    AttestKeyRequest request(impl_->message_version());

    request.SetKeyMaterial(keyToAttest.data(), keyToAttest.size());

    request.attest_params.Reinitialize(KmParamSet(attestParams));

    AttestKeyResponse response;

    AttestKeyResponse response(impl_->message_version());

    impl_->AttestKey(request, &response);

    hidl_vec<hidl_vec<uint8_t>> resultCertChain;

Return<void> TrustyKeymaster4Device::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,

                                                const hidl_vec<KeyParameter>& upgradeParams,

                                                upgradeKey_cb _hidl_cb) {

    UpgradeKeyRequest request;

    UpgradeKeyRequest request(impl_->message_version());

    request.SetKeyMaterial(keyBlobToUpgrade.data(), keyBlobToUpgrade.size());

    request.upgrade_params.Reinitialize(KmParamSet(upgradeParams));

    UpgradeKeyResponse response;

    UpgradeKeyResponse response(impl_->message_version());

    impl_->UpgradeKey(request, &response);

    if (response.error == KM_ERROR_OK) {

}

Return<ErrorCode> TrustyKeymaster4Device::deleteKey(const hidl_vec<uint8_t>& keyBlob) {

    DeleteKeyRequest request;

    DeleteKeyRequest request(impl_->message_version());

    request.SetKeyMaterial(keyBlob.data(), keyBlob.size());

    DeleteKeyResponse response;

    DeleteKeyResponse response(impl_->message_version());

    impl_->DeleteKey(request, &response);

    return legacy_enum_conversion(response.error);

}

Return<ErrorCode> TrustyKeymaster4Device::deleteAllKeys() {

    DeleteAllKeysRequest request;

    DeleteAllKeysResponse response;

    DeleteAllKeysRequest request(impl_->message_version());

    DeleteAllKeysResponse response(impl_->message_version());

    impl_->DeleteAllKeys(request, &response);

    return legacy_enum_conversion(response.error);

                                           const hidl_vec<KeyParameter>& inParams,

                                           const HardwareAuthToken& authToken, begin_cb _hidl_cb) {

    hidl_vec<KeyParameter> extendedParams = injectAuthToken(inParams, authToken);

    BeginOperationRequest request;

    BeginOperationRequest request(impl_->message_version());

    request.purpose = legacy_enum_conversion(purpose);

    request.SetKeyMaterial(key.data(), key.size());

    request.additional_params.Reinitialize(KmParamSet(extendedParams));

    BeginOperationResponse response;

    BeginOperationResponse response(impl_->message_version());

    impl_->BeginOperation(request, &response);

    hidl_vec<KeyParameter> resultParams;

                                            const VerificationToken& verificationToken,

                                            update_cb _hidl_cb) {

    (void)verificationToken;

    UpdateOperationRequest request;

    UpdateOperationResponse response;

    UpdateOperationRequest request(impl_->message_version());

    UpdateOperationResponse response(impl_->message_version());

    hidl_vec<KeyParameter> resultParams;

    hidl_vec<uint8_t> resultBlob;

    hidl_vec<KeyParameter> extendedParams = injectAuthToken(inParams, authToken);

                                            const VerificationToken& verificationToken,

                                            finish_cb _hidl_cb) {

    (void)verificationToken;

    FinishOperationRequest request;

    FinishOperationRequest request(impl_->message_version());

    hidl_vec<KeyParameter> extendedParams = injectAuthToken(inParams, authToken);

    request.op_handle = operationHandle;

    request.input.Reinitialize(input.data(), input.size());

    request.signature.Reinitialize(signature.data(), signature.size());

    request.additional_params.Reinitialize(KmParamSet(extendedParams));

    FinishOperationResponse response;

    FinishOperationResponse response(impl_->message_version());

    impl_->FinishOperation(request, &response);

    hidl_vec<KeyParameter> resultParams;

}

Return<ErrorCode> TrustyKeymaster4Device::abort(uint64_t operationHandle) {

    AbortOperationRequest request;

    AbortOperationRequest request(impl_->message_version());

    request.op_handle = operationHandle;

    AbortOperationResponse response;

    AbortOperationResponse response(impl_->message_version());

    impl_->AbortOperation(request, &response);

    return legacy_enum_conversion(response.error);

        return err;

    }

    ConfigureRequest req;

    // Try GetVersion2 first.

    GetVersion2Request versionReq;

    GetVersion2Response versionRsp = GetVersion2(versionReq);

    if (versionRsp.error != KM_ERROR_OK) {

        ALOGW("TA appears not to support GetVersion2, falling back (err = %d)", versionRsp.error);

        GetVersionRequest versionReq;

        GetVersionResponse versionRsp;

        GetVersion(versionReq, &versionRsp);

        if (versionRsp.error != KM_ERROR_OK) {

            ALOGE("Failed to get TA version %d", versionRsp.error);

            return -1;

        } else {

            keymaster_error_t error;

            message_version_ = NegotiateMessageVersion(versionRsp, &error);

            if (error != KM_ERROR_OK) {

                ALOGE("Failed to negotiate message version %d", error);

                return -1;

            }

        }

    } else {

        message_version_ = NegotiateMessageVersion(versionReq, versionRsp);

    }

    ConfigureRequest req(message_version());

    req.os_version = GetOsVersion();

    req.os_patchlevel = GetOsPatchlevel();

    ConfigureResponse rsp;

    ConfigureResponse rsp(message_version());

    Configure(req, &rsp);

    if (rsp.error != KM_ERROR_OK) {

    trusty_keymaster_disconnect();

}

static void ForwardCommand(enum keymaster_command command, const Serializable& req,

static void ForwardCommand(enum keymaster_command command, const KeymasterMessage& req,

                           KeymasterResponse* rsp) {

    keymaster_error_t err;

    err = trusty_keymaster_send(command, req, rsp);

}

GetHmacSharingParametersResponse TrustyKeymaster::GetHmacSharingParameters() {

    // Empty buffer to allow ForwardCommand to have something to serialize

    Buffer request;

    GetHmacSharingParametersResponse response;

    GetHmacSharingParametersRequest request(message_version());

    GetHmacSharingParametersResponse response(message_version());

    ForwardCommand(KM_GET_HMAC_SHARING_PARAMETERS, request, &response);

    return response;

}

ComputeSharedHmacResponse TrustyKeymaster::ComputeSharedHmac(

        const ComputeSharedHmacRequest& request) {

    ComputeSharedHmacResponse response;

    ComputeSharedHmacResponse response(message_version());

    ForwardCommand(KM_COMPUTE_SHARED_HMAC, request, &response);

    return response;

}

VerifyAuthorizationResponse TrustyKeymaster::VerifyAuthorization(

        const VerifyAuthorizationRequest& request) {

    VerifyAuthorizationResponse response;

    VerifyAuthorizationResponse response(message_version());

    ForwardCommand(KM_VERIFY_AUTHORIZATION, request, &response);

    return response;

}

GetVersion2Response TrustyKeymaster::GetVersion2(const GetVersion2Request& request) {

    GetVersion2Response response(message_version());

    ForwardCommand(KM_GET_VERSION_2, request, &response);

    return response;

}

}  // namespace keymaster

    GetHmacSharingParametersResponse GetHmacSharingParameters();

    ComputeSharedHmacResponse ComputeSharedHmac(const ComputeSharedHmacRequest& request);

    VerifyAuthorizationResponse VerifyAuthorization(const VerifyAuthorizationRequest& request);

    GetVersion2Response GetVersion2(const GetVersion2Request& request);

    uint32_t message_version() const { return message_version_; }

  private:

    uint32_t message_version_;

};

}  // namespace keymaster

    KM_DELETE_ALL_KEYS              = (23 << KEYMASTER_REQ_SHIFT),

    KM_DESTROY_ATTESTATION_IDS      = (24 << KEYMASTER_REQ_SHIFT),

    KM_IMPORT_WRAPPED_KEY           = (25 << KEYMASTER_REQ_SHIFT),

    KM_GET_VERSION_2                = (28 << KEYMASTER_REQ_SHIFT),

    // Bootloader/provisioning calls.

    KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),