Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f54463fe authored by Arve Hjønnevåg's avatar Arve Hjønnevåg Committed by Automerger Merge Worker
Browse files

Merge "trusty: keymaster: Add set_attestation_key" am: 5ec14a7f

Original change: https://android-review.googlesource.com/c/platform/system/core/+/1417929

Change-Id: I504bdfaf4836641ef34ac843fd60aa667b216b1a
parents 6565677a 5ec14a7f
Loading
Loading
Loading
Loading
+33 −0
Original line number Diff line number Diff line
@@ -75,3 +75,36 @@ cc_binary {

    vintf_fragments: ["4.0/android.hardware.keymaster@4.0-service.trusty.xml"],
}

prebuilt_etc {
    name: "keymaster_soft_attestation_keys.xml",
    vendor: true,
    src: "set_attestation_key/keymaster_soft_attestation_keys.xml",
}

cc_binary {
    name: "trusty_keymaster_set_attestation_key",
    vendor: true,

    srcs: [
        "set_attestation_key/set_attestation_key.cpp",
        "ipc/trusty_keymaster_ipc.cpp",
    ],

    local_include_dirs: ["include"],

    shared_libs: [
        "libc",
        "libcrypto",
        "liblog",
        "libtrusty",
        "libhardware",
        "libkeymaster_messages",
        "libxml2",
    ],
    cflags: [
        "-Wall",
        "-Werror",
    ],
}
+13 −0
Original line number Diff line number Diff line
@@ -53,6 +53,19 @@ enum keymaster_command : uint32_t {
    KM_DELETE_ALL_KEYS              = (23 << KEYMASTER_REQ_SHIFT),
    KM_DESTROY_ATTESTATION_IDS      = (24 << KEYMASTER_REQ_SHIFT),
    KM_IMPORT_WRAPPED_KEY           = (25 << KEYMASTER_REQ_SHIFT),

    // Bootloader/provisioning calls.
    KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),
    KM_SET_ATTESTATION_KEY = (0x2000 << KEYMASTER_REQ_SHIFT),
    KM_APPEND_ATTESTATION_CERT_CHAIN = (0x3000 << KEYMASTER_REQ_SHIFT),
    KM_ATAP_GET_CA_REQUEST = (0x4000 << KEYMASTER_REQ_SHIFT),
    KM_ATAP_SET_CA_RESPONSE_BEGIN = (0x5000 << KEYMASTER_REQ_SHIFT),
    KM_ATAP_SET_CA_RESPONSE_UPDATE = (0x6000 << KEYMASTER_REQ_SHIFT),
    KM_ATAP_SET_CA_RESPONSE_FINISH = (0x7000 << KEYMASTER_REQ_SHIFT),
    KM_ATAP_READ_UUID = (0x8000 << KEYMASTER_REQ_SHIFT),
    KM_SET_PRODUCT_ID = (0x9000 << KEYMASTER_REQ_SHIFT),
    KM_CLEAR_ATTESTATION_CERT_CHAIN = (0xa000 << KEYMASTER_REQ_SHIFT),
    KM_SET_WRAPPED_ATTESTATION_KEY = (0xb000 << KEYMASTER_REQ_SHIFT),
};

#ifdef __ANDROID__
+116 −0
Original line number Diff line number Diff line
<?xml version="1.0"?>
<AndroidAttestation>
  <NumberOfKeyboxes>10</NumberOfKeyboxes>
  <Keybox DeviceID="dev1">
    <Key algorithm="rsa">
      <PrivateKey format="pem">
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQDAgyPcVogbuDAgafWwhWHG7r5/BeL1qEIEir6LR752/q7yXPKb
KvoyABQWAUKZiaFfz8aBXrNjWDwv0vIL5Jgyg92BSxbX4YVBeuVKvClqOm21wAQI
O2jFVsHwIzmRZBmGTVC3TUCuykhMdzVsiVoMJ1q/rEmdXX0jYvKcXgLocQIDAQAB
AoGBAL6GCwuZqAKm+xpZQ4p7txUGWwmjbcbpysxr88AsNNfXnpTGYGQo2Ix7f2V3
wc3qZAdKvo5yht8fCBHclygmCGjeldMu/Ja20IT/JxpfYN78xwPno45uKbqaPF/C
woB2tqiWrx0014gozpvdsfNPnJQEQweBKY4gExZyW728mTpBAkEA4cbZJ2RsCRbs
NoJtWUmDdAwh8bB0xKGlmGfGaXlchdPcRkxbkp6Uv7NODcxQFLEPEzQat/3V9gQU
0qMmytQcxQJBANpIWZd4XNVjD7D9jFJU+Y5TjhiYOq6ea35qWntdNDdVuSGOvUAy
DSg4fXifdvohi8wti2il9kGPu+ylF5qzr70CQFD+/DJklVlhbtZTThVFCTKdk6PY
ENvlvbmCKSz3i9i624Agro1X9LcdBThv/p6dsnHKNHejSZnbdvjl7OnA1J0CQBW3
TPJ8zv+Ls2vwTZ2DRrCaL3DS9EObDyasfgP36dH3fUuRX9KbKCPwOstdUgDghX/y
qAPpPu6W1iNc6VRCvCECQQCQp0XaiXCyzWSWYDJCKMX4KFb/1mW6moXI1g8bi+5x
fs0scurgHa2GunZU1M9FrbXx8rMdn4Eiz6XxpVcPmy0l
-----END RSA PRIVATE KEY-----
      </PrivateKey>
      <CertificateChain>
        <NumberOfCertificates>2</NumberOfCertificates>
        <Certificate format="pem">
-----BEGIN CERTIFICATE-----
MIICtjCCAh+gAwIBAgICEAAwDQYJKoZIhvcNAQELBQAwYzELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFTAT
BgNVBAoMDEdvb2dsZSwgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDAeFw0xNjAxMDQx
MjQwNTNaFw0zNTEyMzAxMjQwNTNaMHYxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApD
YWxpZm9ybmlhMRUwEwYDVQQKDAxHb29nbGUsIEluYy4xEDAOBgNVBAsMB0FuZHJv
aWQxKTAnBgNVBAMMIEFuZHJvaWQgU29mdHdhcmUgQXR0ZXN0YXRpb24gS2V5MIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAgyPcVogbuDAgafWwhWHG7r5/BeL1
qEIEir6LR752/q7yXPKbKvoyABQWAUKZiaFfz8aBXrNjWDwv0vIL5Jgyg92BSxbX
4YVBeuVKvClqOm21wAQIO2jFVsHwIzmRZBmGTVC3TUCuykhMdzVsiVoMJ1q/rEmd
XX0jYvKcXgLocQIDAQABo2YwZDAdBgNVHQ4EFgQU1AwQG/jNY7n3OVK1DhNcpteZ
k4YwHwYDVR0jBBgwFoAUKfrxrMxN0kyWQCd1trDpMuUH/i4wEgYDVR0TAQH/BAgw
BgEB/wIBADAOBgNVHQ8BAf8EBAMCAoQwDQYJKoZIhvcNAQELBQADgYEAni1IX4xn
M9waha2Z11Aj6hTsQ7DhnerCI0YecrUZ3GAi5KVoMWwLVcTmnKItnzpPk2sxixZ4
Fg2Iy9mLzICdhPDCJ+NrOPH90ecXcjFZNX2W88V/q52PlmEmT7K+gbsNSQQiis6f
9/VCLiVE+iEHElqDtVWtGIL4QBSbnCBjBH8=
-----END CERTIFICATE-----
        </Certificate>
        <Certificate format="pem">
-----BEGIN CERTIFICATE-----
MIICpzCCAhCgAwIBAgIJAP+U2d2fB8gMMA0GCSqGSIb3DQEBCwUAMGMxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBW
aWV3MRUwEwYDVQQKDAxHb29nbGUsIEluYy4xEDAOBgNVBAsMB0FuZHJvaWQwHhcN
MTYwMTA0MTIzMTA4WhcNMzUxMjMwMTIzMTA4WjBjMQswCQYDVQQGEwJVUzETMBEG
A1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmlldzEVMBMGA1UE
CgwMR29vZ2xlLCBJbmMuMRAwDgYDVQQLDAdBbmRyb2lkMIGfMA0GCSqGSIb3DQEB
AQUAA4GNADCBiQKBgQCia63rbi5EYe/VDoLmt5TRdSMfd5tjkWP/96r/C3JHTsAs
Q+wzfNes7UA+jCigZtX3hwszl94OuE4TQKuvpSe/lWmgMdsGUmX4RFlXYfC78hdL
t0GAZMAoDo9Sd47b0ke2RekZyOmLw9vCkT/X11DEHTVm+Vfkl5YLCazOkjWFmwID
AQABo2MwYTAdBgNVHQ4EFgQUKfrxrMxN0kyWQCd1trDpMuUH/i4wHwYDVR0jBBgw
FoAUKfrxrMxN0kyWQCd1trDpMuUH/i4wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
Af8EBAMCAoQwDQYJKoZIhvcNAQELBQADgYEAT3LzNlmNDsG5dFsxWfbwjSVJMJ6j
HBwp0kUtILlNX2S06IDHeHqcOd6os/W/L3BfRxBcxebrTQaZYdKumgf/93y4q+uc
DyQHXrF/unlx/U1bnt8Uqf7f7XzAiF343ZtkMlbVNZriE/mPzsF83O+kqrJVw4Op
Lvtc9mL1J1IXvmM=
-----END CERTIFICATE-----
        </Certificate>
      </CertificateChain>
    </Key>
  </Keybox>
  <Keybox DeviceID="dev1">
    <Key algorithm="ecdsa">
      <PrivateKey format="pem">
-----BEGIN EC PRIVATE KEY-----
MHcCAQEEICHghkMqFRmEWc82OlD8FMnarfk19SfC39ceTW28QuVEoAoGCCqGSM49
AwEHoUQDQgAE6555+EJjWazLKpFMiYbMcK2QZpOCqXMmE/6sy/ghJ0whdJdKKv6l
uU1/ZtTgZRBmNbxTt6CjpnFYPts+Ea4QFA==
-----END EC PRIVATE KEY-----
      </PrivateKey>
      <CertificateChain>
        <NumberOfCertificates>2</NumberOfCertificates>
        <Certificate format="pem">
-----BEGIN CERTIFICATE-----
MIICeDCCAh6gAwIBAgICEAEwCgYIKoZIzj0EAwIwgZgxCzAJBgNVBAYTAlVTMRMw
EQYDVQQIDApDYWxpZm9ybmlhMRYwFAYDVQQHDA1Nb3VudGFpbiBWaWV3MRUwEwYD
VQQKDAxHb29nbGUsIEluYy4xEDAOBgNVBAsMB0FuZHJvaWQxMzAxBgNVBAMMKkFu
ZHJvaWQgS2V5c3RvcmUgU29mdHdhcmUgQXR0ZXN0YXRpb24gUm9vdDAeFw0xNjAx
MTEwMDQ2MDlaFw0yNjAxMDgwMDQ2MDlaMIGIMQswCQYDVQQGEwJVUzETMBEGA1UE
CAwKQ2FsaWZvcm5pYTEVMBMGA1UECgwMR29vZ2xlLCBJbmMuMRAwDgYDVQQLDAdB
bmRyb2lkMTswOQYDVQQDDDJBbmRyb2lkIEtleXN0b3JlIFNvZnR3YXJlIEF0dGVz
dGF0aW9uIEludGVybWVkaWF0ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABOue
efhCY1msyyqRTImGzHCtkGaTgqlzJhP+rMv4ISdMIXSXSir+pblNf2bU4GUQZjW8
U7ego6ZxWD7bPhGuEBSjZjBkMB0GA1UdDgQWBBQ//KzWGrE6noEguNUlHMVlux6R
qTAfBgNVHSMEGDAWgBTIrel3TEXDo88NFhDkeUM6IVowzzASBgNVHRMBAf8ECDAG
AQH/AgEAMA4GA1UdDwEB/wQEAwIChDAKBggqhkjOPQQDAgNIADBFAiBLipt77oK8
wDOHri/AiZi03cONqycqRZ9pDMfDktQPjgIhAO7aAV229DLp1IQ7YkyUBO86fMy9
Xvsiu+f+uXc/WT/7
-----END CERTIFICATE-----
        </Certificate>
        <Certificate format="pem">
-----BEGIN CERTIFICATE-----
MIICizCCAjKgAwIBAgIJAKIFntEOQ1tXMAoGCCqGSM49BAMCMIGYMQswCQYDVQQG
EwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNTW91bnRhaW4gVmll
dzEVMBMGA1UECgwMR29vZ2xlLCBJbmMuMRAwDgYDVQQLDAdBbmRyb2lkMTMwMQYD
VQQDDCpBbmRyb2lkIEtleXN0b3JlIFNvZnR3YXJlIEF0dGVzdGF0aW9uIFJvb3Qw
HhcNMTYwMTExMDA0MzUwWhcNMzYwMTA2MDA0MzUwWjCBmDELMAkGA1UEBhMCVVMx
EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFTAT
BgNVBAoMDEdvb2dsZSwgSW5jLjEQMA4GA1UECwwHQW5kcm9pZDEzMDEGA1UEAwwq
QW5kcm9pZCBLZXlzdG9yZSBTb2Z0d2FyZSBBdHRlc3RhdGlvbiBSb290MFkwEwYH
KoZIzj0CAQYIKoZIzj0DAQcDQgAE7l1ex+HA220Dpn7mthvsTWpdamguD/9/SQ59
dx9EIm29sa/6FsvHrcV30lacqrewLVQBXT5DKyqO107sSHVBpKNjMGEwHQYDVR0O
BBYEFMit6XdMRcOjzw0WEOR5QzohWjDPMB8GA1UdIwQYMBaAFMit6XdMRcOjzw0W
EOR5QzohWjDPMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgKEMAoGCCqG
SM49BAMCA0cAMEQCIDUho++LNEYenNVg8x1YiSBq3KNlQfYNns6KGYxmSGB7AiBN
C/NR2TB8fVvaNTQdqEcbY6WFZTytTySn502vQX3xvw==
-----END CERTIFICATE-----
        </Certificate>
      </CertificateChain>
    </Key>
  </Keybox>
</AndroidAttestation>
+357 −0
Original line number Diff line number Diff line
/*
 * Copyright (C) 2020 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#include <errno.h>
#include <getopt.h>
#include <libxml/xmlreader.h>
#include <openssl/pem.h>
#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/uio.h>
#include <unistd.h>
#include <string>

using std::string;

#include <trusty_keymaster/ipc/trusty_keymaster_ipc.h>

static const char* _sopts = "h";
static const struct option _lopts[] = {
        {"help", no_argument, 0, 'h'},
        {0, 0, 0, 0},
};

static const char* usage =
        "Usage: %s [options] xml-file\n"
        "\n"
        "options:\n"
        "  -h, --help            prints this message and exit\n"
        "\n";

static void print_usage_and_exit(const char* prog, int code) {
    fprintf(stderr, usage, prog);
    exit(code);
}

static void parse_options(int argc, char** argv) {
    int c;
    int oidx = 0;

    while (1) {
        c = getopt_long(argc, argv, _sopts, _lopts, &oidx);
        if (c == -1) {
            break; /* done */
        }

        switch (c) {
            case 'h':
                print_usage_and_exit(argv[0], EXIT_SUCCESS);
                break;

            default:
                print_usage_and_exit(argv[0], EXIT_FAILURE);
        }
    }
}

struct SetAttestationKeyRequest : public keymaster::KeymasterMessage {
    explicit SetAttestationKeyRequest(int32_t ver = keymaster::MAX_MESSAGE_VERSION)
        : KeymasterMessage(ver) {}

    size_t SerializedSize() const override { return sizeof(uint32_t) + key_data.SerializedSize(); }
    uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
        buf = keymaster::append_uint32_to_buf(buf, end, algorithm);
        return key_data.Serialize(buf, end);
    }
    bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
        return keymaster::copy_uint32_from_buf(buf_ptr, end, &algorithm) &&
               key_data.Deserialize(buf_ptr, end);
    }

    keymaster_algorithm_t algorithm;
    keymaster::Buffer key_data;
};

struct KeymasterNoResponse : public keymaster::KeymasterResponse {
    explicit KeymasterNoResponse(int32_t ver = keymaster::MAX_MESSAGE_VERSION)
        : keymaster::KeymasterResponse(ver) {}

    size_t NonErrorSerializedSize() const override { return 0; }
    uint8_t* NonErrorSerialize(uint8_t* buf, const uint8_t*) const override { return buf; }
    bool NonErrorDeserialize(const uint8_t**, const uint8_t*) override { return true; }
};

struct SetAttestationKeyResponse : public KeymasterNoResponse {};

struct ClearAttestationCertChainRequest : public keymaster::KeymasterMessage {
    explicit ClearAttestationCertChainRequest(int32_t ver = keymaster::MAX_MESSAGE_VERSION)
        : KeymasterMessage(ver) {}

    size_t SerializedSize() const override { return sizeof(uint32_t); }
    uint8_t* Serialize(uint8_t* buf, const uint8_t* end) const override {
        return keymaster::append_uint32_to_buf(buf, end, algorithm);
    }
    bool Deserialize(const uint8_t** buf_ptr, const uint8_t* end) override {
        return keymaster::copy_uint32_from_buf(buf_ptr, end, &algorithm);
    }

    keymaster_algorithm_t algorithm;
};

struct ClearAttestationCertChainResponse : public KeymasterNoResponse {};

static int set_attestation_key_or_cert_bin(uint32_t cmd, keymaster_algorithm_t algorithm,
                                           const void* key_data, size_t key_data_size) {
    int ret;

    SetAttestationKeyRequest req;
    req.algorithm = algorithm;
    req.key_data.Reinitialize(key_data, key_data_size);
    SetAttestationKeyResponse rsp;

    ret = trusty_keymaster_send(cmd, req, &rsp);
    if (ret) {
        fprintf(stderr, "trusty_keymaster_send cmd 0x%x failed %d\n", cmd, ret);
        return ret;
    }

    return 0;
}

static int set_attestation_key_or_cert_pem(uint32_t cmd, keymaster_algorithm_t algorithm,
                                           const xmlChar* pemkey) {
    int ret;
    int sslret;

    /* Convert from pem to binary */
    BIO* bio = BIO_new_mem_buf(pemkey, xmlStrlen(pemkey));
    if (!bio) {
        fprintf(stderr, "BIO_new_mem_buf failed\n");
        ERR_print_errors_fp(stderr);
        return -1;
    }

    char* key_name;
    char* key_header;
    uint8_t* key;
    long keylen;
    sslret = PEM_read_bio(bio, &key_name, &key_header, &key, &keylen);
    BIO_free(bio);

    if (!sslret) {
        fprintf(stderr, "PEM_read_bio failed\n");
        ERR_print_errors_fp(stderr);
        return -1;
    }

    /* Send key in binary format to trusty */
    ret = set_attestation_key_or_cert_bin(cmd, algorithm, key, keylen);

    OPENSSL_free(key_name);
    OPENSSL_free(key_header);
    OPENSSL_free(key);

    return ret;
}

static int set_attestation_key_or_cert_iecs(uint32_t cmd, keymaster_algorithm_t algorithm,
                                            const xmlChar* key_base64) {
    int ret;
    int sslret;

    /* Remove all whitespace. EVP_DecodeBase64 does not support whitespace. */
    string key_base64_str((const char*)key_base64);
    key_base64_str.erase(remove_if(key_base64_str.begin(), key_base64_str.end(), isspace),
                         key_base64_str.end());

    /* Convert from base64 to binary */
    uint8_t* key;
    size_t keylen;
    size_t key_base64_len = key_base64_str.length();

    sslret = EVP_DecodedLength(&keylen, key_base64_len);
    if (!sslret) {
        fprintf(stderr, "invalid input length, %zu\n", key_base64_len);
        return -1;
    }
    key = (uint8_t*)malloc(keylen);
    if (!key) {
        fprintf(stderr, "failed to allocate key, size %zu\n", key_base64_len);
        return -1;
    }
    sslret = EVP_DecodeBase64(key, &keylen, keylen, (const uint8_t*)key_base64_str.data(),
                              key_base64_len);
    if (!sslret) {
        fprintf(stderr, "EVP_DecodeBase64 failed\n");
        ERR_print_errors_fp(stderr);
        free(key);
        return -1;
    }

    /* Send key in binary format to trusty */
    ret = set_attestation_key_or_cert_bin(cmd, algorithm, key, keylen);

    free(key);

    return ret;
}

static int str_to_algorithm(keymaster_algorithm_t* algorithm, const xmlChar* algorithm_str) {
    if (xmlStrEqual(algorithm_str, BAD_CAST "rsa")) {
        *algorithm = KM_ALGORITHM_RSA;
    } else if (xmlStrEqual(algorithm_str, BAD_CAST "ecdsa")) {
        *algorithm = KM_ALGORITHM_EC;
    } else {
        printf("unsupported algorithm: %s\n", algorithm_str);
        return -1;
    }
    return 0;
}

static int set_attestation_key_or_cert(uint32_t cmd, const xmlChar* algorithm_str,
                                       const xmlChar* format, const xmlChar* str) {
    int ret;
    keymaster_algorithm_t algorithm;

    ret = str_to_algorithm(&algorithm, algorithm_str);
    if (ret) {
        return ret;
    }

    if (xmlStrEqual(format, BAD_CAST "pem")) {
        ret = set_attestation_key_or_cert_pem(cmd, algorithm, str);
    } else if (xmlStrEqual(format, BAD_CAST "iecs")) {
        ret = set_attestation_key_or_cert_iecs(cmd, algorithm, str);
    } else {
        printf("unsupported key/cert format: %s\n", format);
        return -1;
    }
    return ret;
}

static int clear_cert_chain(const xmlChar* algorithm_str) {
    int ret;
    ClearAttestationCertChainRequest req;
    ClearAttestationCertChainResponse rsp;

    ret = str_to_algorithm(&req.algorithm, algorithm_str);
    if (ret) {
        return ret;
    }

    ret = trusty_keymaster_send(KM_CLEAR_ATTESTATION_CERT_CHAIN, req, &rsp);
    if (ret) {
        fprintf(stderr, "%s: trusty_keymaster_send failed %d\n", __func__, ret);
        return ret;
    }
    return 0;
}

static int process_xml(xmlTextReaderPtr xml) {
    int ret;
    const xmlChar* algorithm = NULL;
    const xmlChar* element = NULL;
    const xmlChar* element_format = NULL;

    while ((ret = xmlTextReaderRead(xml)) == 1) {
        int nodetype = xmlTextReaderNodeType(xml);
        const xmlChar *name, *value;
        name = xmlTextReaderConstName(xml);
        switch (nodetype) {
            case XML_READER_TYPE_ELEMENT:
                element = name;
                element_format = xmlTextReaderGetAttribute(xml, BAD_CAST "format");
                if (xmlStrEqual(name, BAD_CAST "Key")) {
                    algorithm = xmlTextReaderGetAttribute(xml, BAD_CAST "algorithm");
                } else if (xmlStrEqual(name, BAD_CAST "CertificateChain")) {
                    ret = clear_cert_chain(algorithm);
                    if (ret) {
                        fprintf(stderr, "%s, algorithm %s: Clear cert chain cmd failed, %d\n",
                                element, algorithm, ret);
                        return ret;
                    }
                    printf("%s, algorithm %s: Clear cert chain cmd done\n", element, algorithm);
                }
                break;
            case XML_READER_TYPE_TEXT:
                value = xmlTextReaderConstValue(xml);
                uint32_t cmd;
                if (xmlStrEqual(element, BAD_CAST "PrivateKey")) {
                    cmd = KM_SET_ATTESTATION_KEY;
                } else if (xmlStrEqual(element, BAD_CAST "WrappedPrivateKey")) {
                    cmd = KM_SET_WRAPPED_ATTESTATION_KEY;
                } else if (xmlStrEqual(element, BAD_CAST "Certificate")) {
                    cmd = KM_APPEND_ATTESTATION_CERT_CHAIN;
                } else {
                    break;
                }

                ret = set_attestation_key_or_cert(cmd, algorithm, element_format, value);
                if (ret) {
                    fprintf(stderr, "%s, algorithm %s, format %s: Cmd 0x%x failed, %d\n", element,
                            algorithm, element_format, cmd, ret);
                    return ret;
                }
                printf("%s, algorithm %s, format %s: Cmd 0x%x done\n", element, algorithm,
                       element_format, cmd);
                break;
            case XML_READER_TYPE_END_ELEMENT:
                element = NULL;
                break;
        }
    }
    return ret;
}

static int parse_xml_file(const char* filename) {
    int ret;
    xmlTextReaderPtr xml = xmlReaderForFile(filename, NULL, 0);
    if (!xml) {
        fprintf(stderr, "failed to open %s\n", filename);
        return -1;
    }

    ret = process_xml(xml);

    xmlFreeTextReader(xml);
    if (ret != 0) {
        fprintf(stderr, "Failed to parse or process %s\n", filename);
        return -1;
    }

    return 0;
}

int main(int argc, char** argv) {
    int ret = 0;

    parse_options(argc, argv);
    if (optind + 1 != argc) {
        print_usage_and_exit(argv[0], EXIT_FAILURE);
    }

    ret = trusty_keymaster_connect();
    if (ret) {
        fprintf(stderr, "trusty_keymaster_connect failed %d\n", ret);
    } else {
        ret = parse_xml_file(argv[optind]);
        trusty_keymaster_disconnect();
    }

    return ret == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
}
+2 −0
Original line number Diff line number Diff line
@@ -14,3 +14,5 @@

PRODUCT_PACKAGES += \
	spiproxyd \
	trusty_keymaster_set_attestation_key \
	keymaster_soft_attestation_keys.xml \
 No newline at end of file