b3ed3772b9
AttestKeyResponse may be larger than 4K (always less than 8K) when
attesting an RSA key. This change allows the non-secure side to read a
response that may be larger than 4K by adding an additional bit
indicating the end of a response. If a message command has the
KEYMASTER_STOP_BIT set, then the non-secure side knows that the response
has been fully read.
Test: android.keystore.cts.KeyAttestationTest#testRsaAttestation passes
with production attestation key and chain, when AttestKeyResponse is
larger than 4K.
Tested with other CTS tests when keymaster messages are smaller
than 4K, still passes.
Manual test to verify that a tipc error due to large message size is
handled correctly.
Bug: 63335726
Change-Id: I8776ba7ca70da893648e15cfa770784ab31a2cb0
63 lines
2.4 KiB
C
63 lines
2.4 KiB
C
/*
|
|
* Copyright (C) 2012 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#pragma once
|
|
|
|
// clang-format off
|
|
|
|
#define KEYMASTER_PORT "com.android.trusty.keymaster"
|
|
#define KEYMASTER_MAX_BUFFER_LENGTH 4096
|
|
|
|
// Commands
|
|
enum keymaster_command : uint32_t {
|
|
KEYMASTER_RESP_BIT = 1,
|
|
KEYMASTER_STOP_BIT = 2,
|
|
KEYMASTER_REQ_SHIFT = 2,
|
|
|
|
KM_GENERATE_KEY = (0 << KEYMASTER_REQ_SHIFT),
|
|
KM_BEGIN_OPERATION = (1 << KEYMASTER_REQ_SHIFT),
|
|
KM_UPDATE_OPERATION = (2 << KEYMASTER_REQ_SHIFT),
|
|
KM_FINISH_OPERATION = (3 << KEYMASTER_REQ_SHIFT),
|
|
KM_ABORT_OPERATION = (4 << KEYMASTER_REQ_SHIFT),
|
|
KM_IMPORT_KEY = (5 << KEYMASTER_REQ_SHIFT),
|
|
KM_EXPORT_KEY = (6 << KEYMASTER_REQ_SHIFT),
|
|
KM_GET_VERSION = (7 << KEYMASTER_REQ_SHIFT),
|
|
KM_ADD_RNG_ENTROPY = (8 << KEYMASTER_REQ_SHIFT),
|
|
KM_GET_SUPPORTED_ALGORITHMS = (9 << KEYMASTER_REQ_SHIFT),
|
|
KM_GET_SUPPORTED_BLOCK_MODES = (10 << KEYMASTER_REQ_SHIFT),
|
|
KM_GET_SUPPORTED_PADDING_MODES = (11 << KEYMASTER_REQ_SHIFT),
|
|
KM_GET_SUPPORTED_DIGESTS = (12 << KEYMASTER_REQ_SHIFT),
|
|
KM_GET_SUPPORTED_IMPORT_FORMATS = (13 << KEYMASTER_REQ_SHIFT),
|
|
KM_GET_SUPPORTED_EXPORT_FORMATS = (14 << KEYMASTER_REQ_SHIFT),
|
|
KM_GET_KEY_CHARACTERISTICS = (15 << KEYMASTER_REQ_SHIFT),
|
|
KM_ATTEST_KEY = (16 << KEYMASTER_REQ_SHIFT),
|
|
KM_UPGRADE_KEY = (17 << KEYMASTER_REQ_SHIFT),
|
|
KM_CONFIGURE = (18 << KEYMASTER_REQ_SHIFT),
|
|
};
|
|
|
|
#ifdef __ANDROID__
|
|
|
|
/**
|
|
* keymaster_message - Serial header for communicating with KM server
|
|
* @cmd: the command, one of keymaster_command.
|
|
* @payload: start of the serialized command specific payload
|
|
*/
|
|
struct keymaster_message {
|
|
uint32_t cmd;
|
|
uint8_t payload[0];
|
|
};
|
|
|
|
#endif
|