Merge "Trusty IRemotelyProvisionedComponent v3 HAL implementation"

2022-10-20 02:43:12 +00:00 · 2022-10-20 02:43:12 +00:00 · a693071690
commit a693071690
parent 9c3113ab46 ce223a5c6f
6 changed files with 36 additions and 1 deletions
--- a/trusty/keymaster/TrustyKeymaster.cpp
+++ b/trusty/keymaster/TrustyKeymaster.cpp
@ -178,6 +178,11 @@ void TrustyKeymaster::GenerateCsr(const GenerateCsrRequest& request,
    ForwardCommand(KM_GENERATE_CSR, request, response);
 }

+void TrustyKeymaster::GenerateCsrV2(const GenerateCsrV2Request& request,
+                                    GenerateCsrV2Response* response) {
+    ForwardCommand(KM_GENERATE_CSR_V2, request, response);
+}
+
 void TrustyKeymaster::GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
                                            GetKeyCharacteristicsResponse* response) {
    ForwardCommand(KM_GET_KEY_CHARACTERISTICS, request, response);
--- a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
@ -44,6 +44,7 @@ class TrustyKeymaster {
    void GenerateKey(const GenerateKeyRequest& request, GenerateKeyResponse* response);
    void GenerateRkpKey(const GenerateRkpKeyRequest& request, GenerateRkpKeyResponse* response);
    void GenerateCsr(const GenerateCsrRequest& request, GenerateCsrResponse* response);
+    void GenerateCsrV2(const GenerateCsrV2Request& request, GenerateCsrV2Response* response);
    void GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
                               GetKeyCharacteristicsResponse* response);
    void ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response);
--- a/trusty/keymaster/include/trusty_keymaster/TrustyRemotelyProvisionedComponentDevice.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyRemotelyProvisionedComponentDevice.h
@ -46,6 +46,10 @@ class TrustyRemotelyProvisionedComponentDevice : public BnRemotelyProvisionedCom
                                             DeviceInfo* deviceInfo, ProtectedData* protectedData,
                                             std::vector<uint8_t>* keysToSignMac) override;

+    ScopedAStatus generateCertificateRequestV2(const std::vector<MacedPublicKey>& keysToSign,
+                                               const std::vector<uint8_t>& challenge,
+                                               std::vector<uint8_t>* csr) override;
+
  private:
    std::shared_ptr<::keymaster::TrustyKeymaster> impl_;
 };
--- a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
+++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
@ -61,6 +61,7 @@ enum keymaster_command : uint32_t {
    KM_CONFIGURE_VENDOR_PATCHLEVEL  = (33 << KEYMASTER_REQ_SHIFT),
    KM_GET_ROOT_OF_TRUST            = (34 << KEYMASTER_REQ_SHIFT),
    KM_GET_HW_INFO                  = (35 << KEYMASTER_REQ_SHIFT),
+    KM_GENERATE_CSR_V2              = (36 << KEYMASTER_REQ_SHIFT),

    // Bootloader/provisioning calls.
    KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),
--- a/trusty/keymaster/keymint/TrustyRemotelyProvisionedComponentDevice.cpp
+++ b/trusty/keymaster/keymint/TrustyRemotelyProvisionedComponentDevice.cpp
@ -28,11 +28,14 @@ namespace aidl::android::hardware::security::keymint::trusty {

 using keymaster::GenerateCsrRequest;
 using keymaster::GenerateCsrResponse;
+using keymaster::GenerateCsrV2Request;
+using keymaster::GenerateCsrV2Response;
 using keymaster::GenerateRkpKeyRequest;
 using keymaster::GenerateRkpKeyResponse;
 using keymaster::GetHwInfoRequest;
 using keymaster::GetHwInfoResponse;
 using keymaster::KeymasterBlob;
+using km_utils::kmError2ScopedAStatus;
 using ::std::string;
 using ::std::unique_ptr;
 using ::std::vector;
@ -125,4 +128,25 @@ ScopedAStatus TrustyRemotelyProvisionedComponentDevice::generateCertificateReque
    return ScopedAStatus::ok();
 }

+ScopedAStatus TrustyRemotelyProvisionedComponentDevice::generateCertificateRequestV2(
+        const std::vector<MacedPublicKey>& keysToSign, const std::vector<uint8_t>& challenge,
+        std::vector<uint8_t>* csr) {
+    GenerateCsrV2Request request(impl_->message_version());
+    if (!request.InitKeysToSign(keysToSign.size())) {
+        return kmError2ScopedAStatus(static_cast<keymaster_error_t>(STATUS_FAILED));
+    }
+    for (size_t i = 0; i < keysToSign.size(); i++) {
+        request.SetKeyToSign(i, keysToSign[i].macedKey.data(), keysToSign[i].macedKey.size());
+    }
+    request.SetChallenge(challenge.data(), challenge.size());
+    GenerateCsrV2Response response(impl_->message_version());
+    impl_->GenerateCsrV2(request, &response);
+
+    if (response.error != KM_ERROR_OK) {
+        return Status(-static_cast<int32_t>(response.error), "Failure in CSR v2 generation.");
+    }
+    *csr = km_utils::kmBlob2vector(response.csr);
+    return ScopedAStatus::ok();
+}
+
 }  // namespace aidl::android::hardware::security::keymint::trusty
--- a/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
+++ b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
@ -14,7 +14,7 @@
    </hal>
    <hal format="aidl">
        <name>android.hardware.security.keymint</name>
-        <version>2</version>
+        <version>3</version>
        <fqname>IRemotelyProvisionedComponent/default</fqname>
    </hal>
 </manifest>