Merge "Trusty IRemotelyProvisionedComponent v3 HAL implementation" am: a693071690

Original change: https://android-review.googlesource.com/c/platform/system/core/+/2239818 Change-Id: I190b63aa9c9a2bb3fe1090e6b85170f60a37b4f9 Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-10-20 03:15:00 +00:00 · 2022-10-20 03:15:00 +00:00 · 2f6849126e
commit 2f6849126e
parent a0d6b24f9d a693071690
6 changed files with 36 additions and 1 deletions
--- a/trusty/keymaster/TrustyKeymaster.cpp
+++ b/trusty/keymaster/TrustyKeymaster.cpp
@ -178,6 +178,11 @@ void TrustyKeymaster::GenerateCsr(const GenerateCsrRequest& request,
    ForwardCommand(KM_GENERATE_CSR, request, response);
 }
 void TrustyKeymaster::GenerateCsrV2(const GenerateCsrV2Request& request,
                                    GenerateCsrV2Response* response) {
    ForwardCommand(KM_GENERATE_CSR_V2, request, response);
 }
 void TrustyKeymaster::GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
                                            GetKeyCharacteristicsResponse* response) {
    ForwardCommand(KM_GET_KEY_CHARACTERISTICS, request, response);
--- a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
@ -44,6 +44,7 @@ class TrustyKeymaster {
    void GenerateKey(const GenerateKeyRequest& request, GenerateKeyResponse* response);
    void GenerateRkpKey(const GenerateRkpKeyRequest& request, GenerateRkpKeyResponse* response);
    void GenerateCsr(const GenerateCsrRequest& request, GenerateCsrResponse* response);
    void GenerateCsrV2(const GenerateCsrV2Request& request, GenerateCsrV2Response* response);
    void GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
                               GetKeyCharacteristicsResponse* response);
    void ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response);
--- a/trusty/keymaster/include/trusty_keymaster/TrustyRemotelyProvisionedComponentDevice.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyRemotelyProvisionedComponentDevice.h
@ -46,6 +46,10 @@ class TrustyRemotelyProvisionedComponentDevice : public BnRemotelyProvisionedCom
                                             DeviceInfo* deviceInfo, ProtectedData* protectedData,
                                             std::vector<uint8_t>* keysToSignMac) override;
    ScopedAStatus generateCertificateRequestV2(const std::vector<MacedPublicKey>& keysToSign,
                                               const std::vector<uint8_t>& challenge,
                                               std::vector<uint8_t>* csr) override;
  private:
    std::shared_ptr<::keymaster::TrustyKeymaster> impl_;
 };
--- a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
+++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
@ -61,6 +61,7 @@ enum keymaster_command : uint32_t {
    KM_CONFIGURE_VENDOR_PATCHLEVEL  = (33 << KEYMASTER_REQ_SHIFT),
    KM_GET_ROOT_OF_TRUST            = (34 << KEYMASTER_REQ_SHIFT),
    KM_GET_HW_INFO                  = (35 << KEYMASTER_REQ_SHIFT),
    KM_GENERATE_CSR_V2              = (36 << KEYMASTER_REQ_SHIFT),
    // Bootloader/provisioning calls.
    KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),
--- a/trusty/keymaster/keymint/TrustyRemotelyProvisionedComponentDevice.cpp
+++ b/trusty/keymaster/keymint/TrustyRemotelyProvisionedComponentDevice.cpp
@ -28,11 +28,14 @@ namespace aidl::android::hardware::security::keymint::trusty {
 using keymaster::GenerateCsrRequest;
 using keymaster::GenerateCsrResponse;
 using keymaster::GenerateCsrV2Request;
 using keymaster::GenerateCsrV2Response;
 using keymaster::GenerateRkpKeyRequest;
 using keymaster::GenerateRkpKeyResponse;
 using keymaster::GetHwInfoRequest;
 using keymaster::GetHwInfoResponse;
 using keymaster::KeymasterBlob;
 using km_utils::kmError2ScopedAStatus;
 using ::std::string;
 using ::std::unique_ptr;
 using ::std::vector;
@ -125,4 +128,25 @@ ScopedAStatus TrustyRemotelyProvisionedComponentDevice::generateCertificateReque
    return ScopedAStatus::ok();
 }
 ScopedAStatus TrustyRemotelyProvisionedComponentDevice::generateCertificateRequestV2(
        const std::vector<MacedPublicKey>& keysToSign, const std::vector<uint8_t>& challenge,
        std::vector<uint8_t>* csr) {
    GenerateCsrV2Request request(impl_->message_version());
    if (!request.InitKeysToSign(keysToSign.size())) {
        return kmError2ScopedAStatus(static_cast<keymaster_error_t>(STATUS_FAILED));
    }
    for (size_t i = 0; i < keysToSign.size(); i++) {
        request.SetKeyToSign(i, keysToSign[i].macedKey.data(), keysToSign[i].macedKey.size());
    }
    request.SetChallenge(challenge.data(), challenge.size());
    GenerateCsrV2Response response(impl_->message_version());
    impl_->GenerateCsrV2(request, &response);
    if (response.error != KM_ERROR_OK) {
        return Status(-static_cast<int32_t>(response.error), "Failure in CSR v2 generation.");
    }
    *csr = km_utils::kmBlob2vector(response.csr);
    return ScopedAStatus::ok();
 }
 }  // namespace aidl::android::hardware::security::keymint::trusty
--- a/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
+++ b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
@ -14,7 +14,7 @@
    </hal>
    <hal format="aidl">
        <name>android.hardware.security.keymint</name>
-        <version>2</version>
+        <version>3</version>
        <fqname>IRemotelyProvisionedComponent/default</fqname>
    </hal>
 </manifest>