Merge "Splitting out Trusty IPC into a library." into sc-dev
diff --git a/debuggerd/handler/debuggerd_fallback.cpp b/debuggerd/handler/debuggerd_fallback.cpp
index feafa73..f615780 100644
--- a/debuggerd/handler/debuggerd_fallback.cpp
+++ b/debuggerd/handler/debuggerd_fallback.cpp
@@ -87,6 +87,12 @@
// TODO: Create this once and store it in a global?
unwindstack::UnwinderFromPid unwinder(kMaxFrames, getpid());
+ // Do not use the thread cache here because it will call pthread_key_create
+ // which doesn't work in linker code. See b/189803009.
+ // Use a normal cached object because the process is stopped, and there
+ // is no chance of data changing between reads.
+ auto process_memory = unwindstack::Memory::CreateProcessMemoryCached(getpid());
+ unwinder.SetProcessMemory(process_memory);
dump_backtrace_thread(output_fd, &unwinder, thread);
}
__linker_disable_fallback_allocator();
diff --git a/fastboot/fastboot.cpp b/fastboot/fastboot.cpp
index e5319a5..6a49fdf 100644
--- a/fastboot/fastboot.cpp
+++ b/fastboot/fastboot.cpp
@@ -166,6 +166,11 @@
"vbmeta_system.sig",
"vbmeta_system",
true, ImageType::BootCritical },
+ { "vbmeta_vendor",
+ "vbmeta_vendor.img",
+ "vbmeta_vendor.sig",
+ "vbmeta_vendor",
+ true, ImageType::BootCritical },
{ "vendor", "vendor.img", "vendor.sig", "vendor", true, ImageType::Normal },
{ "vendor_boot",
"vendor_boot.img", "vendor_boot.sig",
diff --git a/init/Android.bp b/init/Android.bp
index 98e62fe..7eeafa2 100644
--- a/init/Android.bp
+++ b/init/Android.bp
@@ -387,6 +387,7 @@
srcs: [
"devices_test.cpp",
+ "epoll_test.cpp",
"firmware_handler_test.cpp",
"init_test.cpp",
"keychords_test.cpp",
diff --git a/init/epoll.cpp b/init/epoll.cpp
index 17d63fa..74d8aac 100644
--- a/init/epoll.cpp
+++ b/init/epoll.cpp
@@ -38,11 +38,12 @@
return {};
}
-Result<void> Epoll::RegisterHandler(int fd, std::function<void()> handler, uint32_t events) {
+Result<void> Epoll::RegisterHandler(int fd, Handler handler, uint32_t events) {
if (!events) {
return Error() << "Must specify events";
}
- auto [it, inserted] = epoll_handlers_.emplace(fd, std::move(handler));
+ auto sp = std::make_shared<decltype(handler)>(std::move(handler));
+ auto [it, inserted] = epoll_handlers_.emplace(fd, std::move(sp));
if (!inserted) {
return Error() << "Cannot specify two epoll handlers for a given FD";
}
@@ -69,7 +70,7 @@
return {};
}
-Result<std::vector<std::function<void()>*>> Epoll::Wait(
+Result<std::vector<std::shared_ptr<Epoll::Handler>>> Epoll::Wait(
std::optional<std::chrono::milliseconds> timeout) {
int timeout_ms = -1;
if (timeout && timeout->count() < INT_MAX) {
@@ -81,9 +82,10 @@
if (num_events == -1) {
return ErrnoError() << "epoll_wait failed";
}
- std::vector<std::function<void()>*> pending_functions;
+ std::vector<std::shared_ptr<Handler>> pending_functions;
for (int i = 0; i < num_events; ++i) {
- pending_functions.emplace_back(reinterpret_cast<std::function<void()>*>(ev[i].data.ptr));
+ auto sp = *reinterpret_cast<std::shared_ptr<Handler>*>(ev[i].data.ptr);
+ pending_functions.emplace_back(std::move(sp));
}
return pending_functions;
diff --git a/init/epoll.h b/init/epoll.h
index c32a661..0df5289 100644
--- a/init/epoll.h
+++ b/init/epoll.h
@@ -22,6 +22,7 @@
#include <chrono>
#include <functional>
#include <map>
+#include <memory>
#include <optional>
#include <vector>
@@ -36,15 +37,17 @@
public:
Epoll();
+ typedef std::function<void()> Handler;
+
Result<void> Open();
- Result<void> RegisterHandler(int fd, std::function<void()> handler, uint32_t events = EPOLLIN);
+ Result<void> RegisterHandler(int fd, Handler handler, uint32_t events = EPOLLIN);
Result<void> UnregisterHandler(int fd);
- Result<std::vector<std::function<void()>*>> Wait(
+ Result<std::vector<std::shared_ptr<Handler>>> Wait(
std::optional<std::chrono::milliseconds> timeout);
private:
android::base::unique_fd epoll_fd_;
- std::map<int, std::function<void()>> epoll_handlers_;
+ std::map<int, std::shared_ptr<Handler>> epoll_handlers_;
};
} // namespace init
diff --git a/init/epoll_test.cpp b/init/epoll_test.cpp
new file mode 100644
index 0000000..9236cd5
--- /dev/null
+++ b/init/epoll_test.cpp
@@ -0,0 +1,76 @@
+/*
+ * Copyright (C) 2021 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "epoll.h"
+
+#include <sys/unistd.h>
+
+#include <unordered_set>
+
+#include <android-base/file.h>
+#include <gtest/gtest.h>
+
+namespace android {
+namespace init {
+
+std::unordered_set<void*> sValidObjects;
+
+class CatchDtor final {
+ public:
+ CatchDtor() { sValidObjects.emplace(this); }
+ CatchDtor(const CatchDtor&) { sValidObjects.emplace(this); }
+ ~CatchDtor() {
+ auto iter = sValidObjects.find(this);
+ if (iter != sValidObjects.end()) {
+ sValidObjects.erase(iter);
+ }
+ }
+};
+
+TEST(epoll, UnregisterHandler) {
+ Epoll epoll;
+ ASSERT_RESULT_OK(epoll.Open());
+
+ int fds[2];
+ ASSERT_EQ(pipe(fds), 0);
+
+ CatchDtor catch_dtor;
+ bool handler_invoked;
+ auto handler = [&, catch_dtor]() -> void {
+ auto result = epoll.UnregisterHandler(fds[0]);
+ ASSERT_EQ(result.ok(), !handler_invoked);
+ handler_invoked = true;
+ ASSERT_NE(sValidObjects.find((void*)&catch_dtor), sValidObjects.end());
+ };
+
+ epoll.RegisterHandler(fds[0], std::move(handler));
+
+ uint8_t byte = 0xee;
+ ASSERT_TRUE(android::base::WriteFully(fds[1], &byte, sizeof(byte)));
+
+ auto results = epoll.Wait({});
+ ASSERT_RESULT_OK(results);
+ ASSERT_EQ(results->size(), size_t(1));
+
+ for (const auto& function : *results) {
+ (*function)();
+ (*function)();
+ }
+ ASSERT_TRUE(handler_invoked);
+}
+
+} // namespace init
+} // namespace android
diff --git a/libprocessgroup/profiles/task_profiles.json b/libprocessgroup/profiles/task_profiles.json
index bd94621..b5fa475 100644
--- a/libprocessgroup/profiles/task_profiles.json
+++ b/libprocessgroup/profiles/task_profiles.json
@@ -476,6 +476,33 @@
},
{
+ "Name": "SFMainPolicy",
+ "Actions": [
+ {
+ "Name": "JoinCgroup",
+ "Params":
+ {
+ "Controller": "cpuset",
+ "Path": "system-background"
+ }
+ }
+ ]
+ },
+ {
+ "Name": "SFRenderEnginePolicy",
+ "Actions": [
+ {
+ "Name": "JoinCgroup",
+ "Params":
+ {
+ "Controller": "cpuset",
+ "Path": "system-background"
+ }
+ }
+ ]
+ },
+
+ {
"Name": "PerfBoost",
"Actions": [
{
diff --git a/libutils/String16.cpp b/libutils/String16.cpp
index faf90c2..d08b212 100644
--- a/libutils/String16.cpp
+++ b/libutils/String16.cpp
@@ -186,99 +186,59 @@
return NO_MEMORY;
}
-status_t String16::append(const String16& other)
-{
- const size_t myLen = size();
- const size_t otherLen = other.size();
- if (myLen == 0) {
- setTo(other);
- return OK;
- } else if (otherLen == 0) {
- return OK;
- }
-
- if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) {
- android_errorWriteLog(0x534e4554, "73826242");
- abort();
- }
-
- SharedBuffer* buf =
- static_cast<SharedBuffer*>(editResize((myLen + otherLen + 1) * sizeof(char16_t)));
- if (buf) {
- char16_t* str = (char16_t*)buf->data();
- memcpy(str+myLen, other, (otherLen+1)*sizeof(char16_t));
- mString = str;
- return OK;
- }
- return NO_MEMORY;
+status_t String16::append(const String16& other) {
+ return append(other.string(), other.size());
}
-status_t String16::append(const char16_t* chrs, size_t otherLen)
-{
+status_t String16::append(const char16_t* chrs, size_t otherLen) {
const size_t myLen = size();
- if (myLen == 0) {
- setTo(chrs, otherLen);
- return OK;
- } else if (otherLen == 0) {
- return OK;
- }
- if (myLen >= SIZE_MAX / sizeof(char16_t) - otherLen) {
- android_errorWriteLog(0x534e4554, "73826242");
- abort();
- }
+ if (myLen == 0) return setTo(chrs, otherLen);
- SharedBuffer* buf =
- static_cast<SharedBuffer*>(editResize((myLen + otherLen + 1) * sizeof(char16_t)));
- if (buf) {
- char16_t* str = (char16_t*)buf->data();
- memcpy(str+myLen, chrs, otherLen*sizeof(char16_t));
- str[myLen+otherLen] = 0;
- mString = str;
- return OK;
- }
- return NO_MEMORY;
+ if (otherLen == 0) return OK;
+
+ size_t size = myLen;
+ if (__builtin_add_overflow(size, otherLen, &size) ||
+ __builtin_add_overflow(size, 1, &size) ||
+ __builtin_mul_overflow(size, sizeof(char16_t), &size)) return NO_MEMORY;
+
+ SharedBuffer* buf = static_cast<SharedBuffer*>(editResize(size));
+ if (!buf) return NO_MEMORY;
+
+ char16_t* str = static_cast<char16_t*>(buf->data());
+ memcpy(str + myLen, chrs, otherLen * sizeof(char16_t));
+ str[myLen + otherLen] = 0;
+ mString = str;
+ return OK;
}
-status_t String16::insert(size_t pos, const char16_t* chrs)
-{
+status_t String16::insert(size_t pos, const char16_t* chrs) {
return insert(pos, chrs, strlen16(chrs));
}
-status_t String16::insert(size_t pos, const char16_t* chrs, size_t len)
-{
+status_t String16::insert(size_t pos, const char16_t* chrs, size_t otherLen) {
const size_t myLen = size();
- if (myLen == 0) {
- return setTo(chrs, len);
- return OK;
- } else if (len == 0) {
- return OK;
- }
+
+ if (myLen == 0) return setTo(chrs, otherLen);
+
+ if (otherLen == 0) return OK;
if (pos > myLen) pos = myLen;
- #if 0
- printf("Insert in to %s: pos=%d, len=%d, myLen=%d, chrs=%s\n",
- String8(*this).string(), pos,
- len, myLen, String8(chrs, len).string());
- #endif
+ size_t size = myLen;
+ if (__builtin_add_overflow(size, otherLen, &size) ||
+ __builtin_add_overflow(size, 1, &size) ||
+ __builtin_mul_overflow(size, sizeof(char16_t), &size)) return NO_MEMORY;
- SharedBuffer* buf =
- static_cast<SharedBuffer*>(editResize((myLen + len + 1) * sizeof(char16_t)));
- if (buf) {
- char16_t* str = (char16_t*)buf->data();
- if (pos < myLen) {
- memmove(str+pos+len, str+pos, (myLen-pos)*sizeof(char16_t));
- }
- memcpy(str+pos, chrs, len*sizeof(char16_t));
- str[myLen+len] = 0;
- mString = str;
- #if 0
- printf("Result (%d chrs): %s\n", size(), String8(*this).string());
- #endif
- return OK;
- }
- return NO_MEMORY;
+ SharedBuffer* buf = static_cast<SharedBuffer*>(editResize(size));
+ if (!buf) return NO_MEMORY;
+
+ char16_t* str = static_cast<char16_t*>(buf->data());
+ if (pos < myLen) memmove(str + pos + otherLen, str + pos, (myLen - pos) * sizeof(char16_t));
+ memcpy(str + pos, chrs, otherLen * sizeof(char16_t));
+ str[myLen + otherLen] = 0;
+ mString = str;
+ return OK;
}
ssize_t String16::findFirst(char16_t c) const
diff --git a/libutils/String16_test.cpp b/libutils/String16_test.cpp
index 54662ac..c478321 100644
--- a/libutils/String16_test.cpp
+++ b/libutils/String16_test.cpp
@@ -19,7 +19,7 @@
#include <gtest/gtest.h>
-namespace android {
+using namespace android;
::testing::AssertionResult Char16_tStringEquals(const char16_t* a, const char16_t* b) {
if (strcmp16(a, b) != 0) {
@@ -197,4 +197,36 @@
EXPECT_STR16EQ(another, u"abcdef");
}
-} // namespace android
+TEST(String16Test, append) {
+ String16 s;
+ EXPECT_EQ(OK, s.append(String16(u"foo")));
+ EXPECT_STR16EQ(u"foo", s);
+ EXPECT_EQ(OK, s.append(String16(u"bar")));
+ EXPECT_STR16EQ(u"foobar", s);
+ EXPECT_EQ(OK, s.append(u"baz", 0));
+ EXPECT_STR16EQ(u"foobar", s);
+ EXPECT_EQ(NO_MEMORY, s.append(u"baz", SIZE_MAX));
+ EXPECT_STR16EQ(u"foobar", s);
+}
+
+TEST(String16Test, insert) {
+ String16 s;
+
+ // Inserting into the empty string inserts at the start.
+ EXPECT_EQ(OK, s.insert(123, u"foo"));
+ EXPECT_STR16EQ(u"foo", s);
+
+ // Inserting zero characters at any position is okay, but won't expand the string.
+ EXPECT_EQ(OK, s.insert(123, u"foo", 0));
+ EXPECT_STR16EQ(u"foo", s);
+
+ // Inserting past the end of a non-empty string appends.
+ EXPECT_EQ(OK, s.insert(123, u"bar"));
+ EXPECT_STR16EQ(u"foobar", s);
+
+ EXPECT_EQ(OK, s.insert(3, u"!"));
+ EXPECT_STR16EQ(u"foo!bar", s);
+
+ EXPECT_EQ(NO_MEMORY, s.insert(3, u"", SIZE_MAX));
+ EXPECT_STR16EQ(u"foo!bar", s);
+}
diff --git a/libutils/String8.cpp b/libutils/String8.cpp
index df16044..b391b1a 100644
--- a/libutils/String8.cpp
+++ b/libutils/String8.cpp
@@ -327,21 +327,23 @@
return result;
}
-status_t String8::real_append(const char* other, size_t otherLen)
-{
+status_t String8::real_append(const char* other, size_t otherLen) {
const size_t myLen = bytes();
- SharedBuffer* buf = SharedBuffer::bufferFromData(mString)
- ->editResize(myLen+otherLen+1);
- if (buf) {
- char* str = (char*)buf->data();
- mString = str;
- str += myLen;
- memcpy(str, other, otherLen);
- str[otherLen] = '\0';
- return OK;
+ SharedBuffer* buf;
+ size_t newLen;
+ if (__builtin_add_overflow(myLen, otherLen, &newLen) ||
+ __builtin_add_overflow(newLen, 1, &newLen) ||
+ (buf = SharedBuffer::bufferFromData(mString)->editResize(newLen)) == nullptr) {
+ return NO_MEMORY;
}
- return NO_MEMORY;
+
+ char* str = (char*)buf->data();
+ mString = str;
+ str += myLen;
+ memcpy(str, other, otherLen);
+ str[otherLen] = '\0';
+ return OK;
}
char* String8::lockBuffer(size_t size)
diff --git a/libutils/String8_test.cpp b/libutils/String8_test.cpp
index 9efcc6f..1356cd0 100644
--- a/libutils/String8_test.cpp
+++ b/libutils/String8_test.cpp
@@ -15,13 +15,14 @@
*/
#define LOG_TAG "String8_test"
+
#include <utils/Log.h>
#include <utils/String8.h>
#include <utils/String16.h>
#include <gtest/gtest.h>
-namespace android {
+using namespace android;
class String8Test : public testing::Test {
protected:
@@ -101,4 +102,15 @@
String8 valid = String8(String16(tmp));
EXPECT_STREQ(valid, "abcdef");
}
+
+TEST_F(String8Test, append) {
+ String8 s;
+ EXPECT_EQ(OK, s.append("foo"));
+ EXPECT_STREQ("foo", s);
+ EXPECT_EQ(OK, s.append("bar"));
+ EXPECT_STREQ("foobar", s);
+ EXPECT_EQ(OK, s.append("baz", 0));
+ EXPECT_STREQ("foobar", s);
+ EXPECT_EQ(NO_MEMORY, s.append("baz", SIZE_MAX));
+ EXPECT_STREQ("foobar", s);
}
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 1013d41..6e85da5 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -762,7 +762,7 @@
# profile file layout
mkdir /data/misc/profiles 0771 system system
mkdir /data/misc/profiles/cur 0771 system system
- mkdir /data/misc/profiles/ref 0770 system system
+ mkdir /data/misc/profiles/ref 0771 system system
mkdir /data/misc/profman 0770 system shell
mkdir /data/misc/gcov 0770 root root
mkdir /data/misc/installd 0700 root root
diff --git a/trusty/keymaster/3.0/service.cpp b/trusty/keymaster/3.0/service.cpp
index 0d8436e..b916c37 100644
--- a/trusty/keymaster/3.0/service.cpp
+++ b/trusty/keymaster/3.0/service.cpp
@@ -24,7 +24,7 @@
int main() {
::android::hardware::configureRpcThreadpool(1, true);
auto trustyKeymaster = new keymaster::TrustyKeymaster();
- int err = trustyKeymaster->Initialize();
+ int err = trustyKeymaster->Initialize(keymaster::KmVersion::KEYMASTER_3);
if (err != 0) {
LOG(FATAL) << "Could not initialize TrustyKeymaster (" << err << ")";
return -1;
diff --git a/trusty/keymaster/4.0/service.cpp b/trusty/keymaster/4.0/service.cpp
index 96eb584..0e5144d 100644
--- a/trusty/keymaster/4.0/service.cpp
+++ b/trusty/keymaster/4.0/service.cpp
@@ -24,7 +24,7 @@
int main() {
::android::hardware::configureRpcThreadpool(1, true);
auto trustyKeymaster = new keymaster::TrustyKeymaster();
- int err = trustyKeymaster->Initialize();
+ int err = trustyKeymaster->Initialize(keymaster::KmVersion::KEYMASTER_4);
if (err != 0) {
LOG(FATAL) << "Could not initialize TrustyKeymaster (" << err << ")";
return -1;
diff --git a/trusty/keymaster/Android.bp b/trusty/keymaster/Android.bp
index fccd0ce..33eb335 100644
--- a/trusty/keymaster/Android.bp
+++ b/trusty/keymaster/Android.bp
@@ -80,6 +80,49 @@
vintf_fragments: ["4.0/android.hardware.keymaster@4.0-service.trusty.xml"],
}
+cc_binary {
+ name: "android.hardware.security.keymint-service.trusty",
+ relative_install_path: "hw",
+ init_rc: ["keymint/android.hardware.security.keymint-service.trusty.rc"],
+ vintf_fragments: [
+ "keymint/android.hardware.security.keymint-service.trusty.xml",
+ ],
+ vendor: true,
+ cflags: [
+ "-Wall",
+ "-Wextra",
+ ],
+ local_include_dirs: [
+ "include",
+ ],
+ srcs: [
+ "TrustyKeymaster.cpp",
+ "ipc/trusty_keymaster_ipc.cpp",
+ "keymint/TrustyKeyMintDevice.cpp",
+ "keymint/TrustyKeyMintOperation.cpp",
+ "keymint/TrustySecureClock.cpp",
+ "keymint/TrustySharedSecret.cpp",
+ "keymint/service.cpp",
+ ],
+ shared_libs: [
+ "android.hardware.security.keymint-V1-ndk_platform",
+ "android.hardware.security.secureclock-V1-ndk_platform",
+ "android.hardware.security.sharedsecret-V1-ndk_platform",
+ "lib_android_keymaster_keymint_utils",
+ "libbase",
+ "libbinder_ndk",
+ "libhardware",
+ "libkeymaster_messages",
+ "libkeymint",
+ "liblog",
+ "libtrusty",
+ ],
+ required: [
+ "RemoteProvisioner",
+ "android.hardware.hardware_keystore.xml",
+ ],
+}
+
prebuilt_etc {
name: "keymaster_soft_attestation_keys.xml",
vendor: true,
diff --git a/trusty/keymaster/TrustyKeymaster.cpp b/trusty/keymaster/TrustyKeymaster.cpp
index 23e0433..ef5fc3f 100644
--- a/trusty/keymaster/TrustyKeymaster.cpp
+++ b/trusty/keymaster/TrustyKeymaster.cpp
@@ -14,7 +14,9 @@
* limitations under the License.
*/
-#include <cutils/log.h>
+#define LOG_TAG "trusty_keymaster_hal"
+#include <android-base/logging.h>
+
#include <keymaster/android_keymaster_messages.h>
#include <keymaster/keymaster_configuration.h>
#include <trusty_keymaster/TrustyKeymaster.h>
@@ -22,24 +24,28 @@
namespace keymaster {
-int TrustyKeymaster::Initialize() {
+int TrustyKeymaster::Initialize(KmVersion version) {
int err;
+ LOG(INFO) << "Initializing TrustyKeymaster as KmVersion: " << (int)version;
+
err = trusty_keymaster_connect();
if (err) {
- ALOGE("Failed to connect to trusty keymaster %d", err);
+ LOG(ERROR) << "Failed to connect to trusty keymaster (1st try)" << err;
return err;
}
// Try GetVersion2 first.
GetVersion2Request versionReq;
+ versionReq.max_message_version = MessageVersion(version);
GetVersion2Response versionRsp = GetVersion2(versionReq);
if (versionRsp.error != KM_ERROR_OK) {
- ALOGW("TA appears not to support GetVersion2, falling back (err = %d)", versionRsp.error);
+ LOG(WARNING) << "TA appears not to support GetVersion2, falling back (err = "
+ << versionRsp.error << ")";
err = trusty_keymaster_connect();
if (err) {
- ALOGE("Failed to connect to trusty keymaster %d", err);
+ LOG(FATAL) << "Failed to connect to trusty keymaster (2nd try) " << err;
return err;
}
@@ -47,13 +53,13 @@
GetVersionResponse versionRsp;
GetVersion(versionReq, &versionRsp);
if (versionRsp.error != KM_ERROR_OK) {
- ALOGE("Failed to get TA version %d", versionRsp.error);
+ LOG(FATAL) << "Failed to get TA version " << versionRsp.error;
return -1;
} else {
keymaster_error_t error;
message_version_ = NegotiateMessageVersion(versionRsp, &error);
if (error != KM_ERROR_OK) {
- ALOGE("Failed to negotiate message version %d", error);
+ LOG(FATAL) << "Failed to negotiate message version " << error;
return -1;
}
}
@@ -69,7 +75,7 @@
Configure(req, &rsp);
if (rsp.error != KM_ERROR_OK) {
- ALOGE("Failed to configure keymaster %d", rsp.error);
+ LOG(FATAL) << "Failed to configure keymaster " << rsp.error;
return -1;
}
@@ -87,7 +93,7 @@
keymaster_error_t err;
err = trusty_keymaster_send(command, req, rsp);
if (err != KM_ERROR_OK) {
- ALOGE("Failed to send cmd %d err: %d", command, err);
+ LOG(ERROR) << "Cmd " << command << " returned error: " << err;
rsp->error = err;
}
}
@@ -137,14 +143,19 @@
void TrustyKeymaster::GenerateKey(const GenerateKeyRequest& request,
GenerateKeyResponse* response) {
- GenerateKeyRequest datedRequest(request.message_version);
- datedRequest.key_description = request.key_description;
+ if (message_version_ < 4) {
+ // Pre-KeyMint we need to add TAG_CREATION_DATETIME if not provided by the caller.
+ GenerateKeyRequest datedRequest(request.message_version);
+ datedRequest.key_description = request.key_description;
- if (!request.key_description.Contains(TAG_CREATION_DATETIME)) {
- datedRequest.key_description.push_back(TAG_CREATION_DATETIME, java_time(time(NULL)));
+ if (!request.key_description.Contains(TAG_CREATION_DATETIME)) {
+ datedRequest.key_description.push_back(TAG_CREATION_DATETIME, java_time(time(NULL)));
+ }
+
+ ForwardCommand(KM_GENERATE_KEY, datedRequest, response);
+ } else {
+ ForwardCommand(KM_GENERATE_KEY, request, response);
}
-
- ForwardCommand(KM_GENERATE_KEY, datedRequest, response);
}
void TrustyKeymaster::GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
@@ -229,4 +240,16 @@
return response;
}
+EarlyBootEndedResponse TrustyKeymaster::EarlyBootEnded() {
+ EarlyBootEndedResponse response(message_version());
+ ForwardCommand(KM_EARLY_BOOT_ENDED, EarlyBootEndedRequest(message_version()), &response);
+ return response;
+}
+
+DeviceLockedResponse TrustyKeymaster::DeviceLocked(const DeviceLockedRequest& request) {
+ DeviceLockedResponse response(message_version());
+ ForwardCommand(KM_DEVICE_LOCKED, request, &response);
+ return response;
+}
+
} // namespace keymaster
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h
new file mode 100644
index 0000000..5fd628f
--- /dev/null
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintDevice.h
@@ -0,0 +1,88 @@
+/*
+ * Copyright 2021, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <aidl/android/hardware/security/keymint/BnKeyMintDevice.h>
+#include <aidl/android/hardware/security/keymint/BnKeyMintOperation.h>
+#include <aidl/android/hardware/security/keymint/HardwareAuthToken.h>
+
+#include <trusty_keymaster/TrustyKeymaster.h>
+
+namespace aidl::android::hardware::security::keymint::trusty {
+
+using ::keymaster::TrustyKeymaster;
+using ::ndk::ScopedAStatus;
+using secureclock::TimeStampToken;
+using ::std::optional;
+using ::std::shared_ptr;
+using ::std::vector;
+
+class TrustyKeyMintDevice : public BnKeyMintDevice {
+ public:
+ explicit TrustyKeyMintDevice(shared_ptr<TrustyKeymaster> impl) : impl_(std::move(impl)) {}
+ virtual ~TrustyKeyMintDevice() = default;
+
+ ScopedAStatus getHardwareInfo(KeyMintHardwareInfo* info) override;
+
+ ScopedAStatus addRngEntropy(const vector<uint8_t>& data) override;
+
+ ScopedAStatus generateKey(const vector<KeyParameter>& keyParams,
+ const optional<AttestationKey>& attestationKey,
+ KeyCreationResult* creationResult) override;
+
+ ScopedAStatus getKeyCharacteristics(const vector<uint8_t>& keyBlob,
+ const vector<uint8_t>& clientId,
+ const vector<uint8_t>& appData,
+ vector<KeyCharacteristics>* characteristics) override;
+
+ ScopedAStatus importKey(const vector<KeyParameter>& keyParams, KeyFormat keyFormat,
+ const vector<uint8_t>& keyData,
+ const optional<AttestationKey>& attestationKey,
+ KeyCreationResult* creationResult) override;
+
+ ScopedAStatus importWrappedKey(const vector<uint8_t>& wrappedKeyData,
+ const vector<uint8_t>& wrappingKeyBlob,
+ const vector<uint8_t>& maskingKey,
+ const vector<KeyParameter>& unwrappingParams,
+ int64_t passwordSid, int64_t biometricSid,
+ KeyCreationResult* creationResult) override;
+
+ ScopedAStatus upgradeKey(const vector<uint8_t>& keyBlobToUpgrade,
+ const vector<KeyParameter>& upgradeParams,
+ vector<uint8_t>* keyBlob) override;
+
+ ScopedAStatus deleteKey(const vector<uint8_t>& keyBlob) override;
+ ScopedAStatus deleteAllKeys() override;
+ ScopedAStatus destroyAttestationIds() override;
+
+ ScopedAStatus begin(KeyPurpose purpose, const vector<uint8_t>& keyBlob,
+ const vector<KeyParameter>& params,
+ const optional<HardwareAuthToken>& authToken, BeginResult* result) override;
+
+ ScopedAStatus deviceLocked(bool passwordOnly,
+ const optional<TimeStampToken>& timestampToken) override;
+ ScopedAStatus earlyBootEnded() override;
+
+ ScopedAStatus convertStorageKeyToEphemeral(const std::vector<uint8_t>& storageKeyBlob,
+ std::vector<uint8_t>* ephemeralKeyBlob) override;
+
+ protected:
+ std::shared_ptr<TrustyKeymaster> impl_;
+ SecurityLevel securityLevel_;
+};
+
+} // namespace aidl::android::hardware::security::keymint::trusty
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintOperation.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintOperation.h
new file mode 100644
index 0000000..65fd2f5
--- /dev/null
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeyMintOperation.h
@@ -0,0 +1,64 @@
+/*
+ * Copyright 2021, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <aidl/android/hardware/security/keymint/BnKeyMintOperation.h>
+#include <aidl/android/hardware/security/secureclock/ISecureClock.h>
+
+#include <trusty_keymaster/TrustyKeymaster.h>
+
+#include <hardware/keymaster_defs.h>
+
+namespace aidl::android::hardware::security::keymint {
+
+using ::keymaster::TrustyKeymaster;
+using ::ndk::ScopedAStatus;
+using secureclock::TimeStampToken;
+using std::optional;
+using std::shared_ptr;
+using std::string;
+using std::vector;
+
+class TrustyKeyMintOperation : public BnKeyMintOperation {
+ public:
+ explicit TrustyKeyMintOperation(shared_ptr<TrustyKeymaster> implementation,
+ keymaster_operation_handle_t opHandle);
+ virtual ~TrustyKeyMintOperation();
+
+ ScopedAStatus updateAad(const vector<uint8_t>& input,
+ const optional<HardwareAuthToken>& authToken,
+ const optional<TimeStampToken>& timestampToken) override;
+
+ ScopedAStatus update(const vector<uint8_t>& input, const optional<HardwareAuthToken>& authToken,
+ const optional<TimeStampToken>& timestampToken,
+ vector<uint8_t>* output) override;
+
+ ScopedAStatus finish(const optional<vector<uint8_t>>& input, //
+ const optional<vector<uint8_t>>& signature, //
+ const optional<HardwareAuthToken>& authToken, //
+ const optional<TimeStampToken>& timestampToken,
+ const optional<vector<uint8_t>>& confirmationToken,
+ vector<uint8_t>* output) override;
+
+ ScopedAStatus abort() override;
+
+ protected:
+ std::shared_ptr<TrustyKeymaster> impl_;
+ keymaster_operation_handle_t opHandle_;
+};
+
+} // namespace aidl::android::hardware::security::keymint
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
index bec2a2a..45ebf7f 100644
--- a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
@@ -25,7 +25,7 @@
public:
TrustyKeymaster();
~TrustyKeymaster();
- int Initialize();
+ int Initialize(KmVersion version);
void GetVersion(const GetVersionRequest& request, GetVersionResponse* response);
void SupportedAlgorithms(const SupportedAlgorithmsRequest& request,
SupportedAlgorithmsResponse* response);
@@ -60,6 +60,8 @@
ComputeSharedHmacResponse ComputeSharedHmac(const ComputeSharedHmacRequest& request);
VerifyAuthorizationResponse VerifyAuthorization(const VerifyAuthorizationRequest& request);
GetVersion2Response GetVersion2(const GetVersion2Request& request);
+ EarlyBootEndedResponse EarlyBootEnded();
+ DeviceLockedResponse DeviceLocked(const DeviceLockedRequest& request);
uint32_t message_version() const { return message_version_; }
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustySecureClock.h b/trusty/keymaster/include/trusty_keymaster/TrustySecureClock.h
new file mode 100644
index 0000000..f077b27
--- /dev/null
+++ b/trusty/keymaster/include/trusty_keymaster/TrustySecureClock.h
@@ -0,0 +1,38 @@
+/*
+ * Copyright 2021, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <aidl/android/hardware/security/secureclock/BnSecureClock.h>
+#include <aidl/android/hardware/security/secureclock/TimeStampToken.h>
+#include <aidl/android/hardware/security/secureclock/Timestamp.h>
+
+#include <trusty_keymaster/TrustyKeymaster.h>
+
+namespace aidl::android::hardware::security::secureclock::trusty {
+
+class TrustySecureClock : public BnSecureClock {
+ public:
+ explicit TrustySecureClock(std::shared_ptr<::keymaster::TrustyKeymaster> impl)
+ : impl_(std::move(impl)) {}
+ ~TrustySecureClock() = default;
+ ::ndk::ScopedAStatus generateTimeStamp(int64_t challenge, TimeStampToken* token) override;
+
+ private:
+ std::shared_ptr<::keymaster::TrustyKeymaster> impl_;
+};
+
+} // namespace aidl::android::hardware::security::secureclock::trusty
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustySharedSecret.h b/trusty/keymaster/include/trusty_keymaster/TrustySharedSecret.h
new file mode 100644
index 0000000..946f57e
--- /dev/null
+++ b/trusty/keymaster/include/trusty_keymaster/TrustySharedSecret.h
@@ -0,0 +1,39 @@
+/*
+ * Copyright 2021, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <aidl/android/hardware/security/sharedsecret/BnSharedSecret.h>
+#include <aidl/android/hardware/security/sharedsecret/SharedSecretParameters.h>
+
+#include <trusty_keymaster/TrustyKeymaster.h>
+
+namespace aidl::android::hardware::security::sharedsecret::trusty {
+
+class TrustySharedSecret : public BnSharedSecret {
+ public:
+ explicit TrustySharedSecret(std::shared_ptr<::keymaster::TrustyKeymaster> impl)
+ : impl_(std::move(impl)) {}
+ ~TrustySharedSecret() = default;
+
+ ::ndk::ScopedAStatus getSharedSecretParameters(SharedSecretParameters* params) override;
+ ::ndk::ScopedAStatus computeSharedSecret(const std::vector<SharedSecretParameters>& params,
+ std::vector<uint8_t>* sharingCheck) override;
+
+ private:
+ std::shared_ptr<::keymaster::TrustyKeymaster> impl_;
+};
+} // namespace aidl::android::hardware::security::sharedsecret::trusty
diff --git a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
index 370e09f..71f3ccf 100644
--- a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
+++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
@@ -54,6 +54,8 @@
KM_DESTROY_ATTESTATION_IDS = (24 << KEYMASTER_REQ_SHIFT),
KM_IMPORT_WRAPPED_KEY = (25 << KEYMASTER_REQ_SHIFT),
KM_GET_VERSION_2 = (28 << KEYMASTER_REQ_SHIFT),
+ KM_EARLY_BOOT_ENDED = (29 << KEYMASTER_REQ_SHIFT),
+ KM_DEVICE_LOCKED = (30 << KEYMASTER_REQ_SHIFT),
// Bootloader/provisioning calls.
KM_SET_BOOT_PARAMS = (0x1000 << KEYMASTER_REQ_SHIFT),
diff --git a/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp b/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp
new file mode 100644
index 0000000..5f8524b
--- /dev/null
+++ b/trusty/keymaster/keymint/TrustyKeyMintDevice.cpp
@@ -0,0 +1,324 @@
+/*
+
+ * Copyright 2021, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <trusty_keymaster/TrustyKeyMintDevice.h>
+
+#define TAG TrustyKeyMintDevice
+#include <android-base/logging.h>
+
+#include <keymaster/android_keymaster_messages.h>
+#include <keymaster/authorization_set.h>
+
+#include <KeyMintUtils.h>
+
+#include <trusty_keymaster/TrustyKeyMintOperation.h>
+
+namespace aidl::android::hardware::security::keymint::trusty {
+
+using keymaster::KeymasterBlob;
+using keymaster::KeymasterKeyBlob;
+using keymaster::TAG_APPLICATION_DATA;
+using keymaster::TAG_APPLICATION_ID;
+using keymaster::TAG_AUTH_TOKEN;
+using km_utils::authToken2AidlVec;
+using km_utils::kmBlob2vector;
+using km_utils::kmError2ScopedAStatus;
+using km_utils::kmParam2Aidl;
+using km_utils::KmParamSet;
+using km_utils::kmParamSet2Aidl;
+using km_utils::legacy_enum_conversion;
+
+namespace {
+
+auto kSecurityLevel = SecurityLevel::TRUSTED_ENVIRONMENT;
+
+KeyCharacteristics convertAuthSet(SecurityLevel securityLevel,
+ const keymaster::AuthorizationSet& authorizations) {
+ KeyCharacteristics retval{securityLevel, {}};
+ std::transform(authorizations.begin(), authorizations.end(),
+ std::back_inserter(retval.authorizations), kmParam2Aidl);
+ return retval;
+}
+
+vector<KeyCharacteristics> convertKeyCharacteristics(const keymaster::AuthorizationSet& sw_enforced,
+ const keymaster::AuthorizationSet& hw_enforced,
+ bool includeKeystoreEnforced = true) {
+ KeyCharacteristics keyMintEnforced = convertAuthSet(kSecurityLevel, hw_enforced);
+ KeyCharacteristics keystoreEnforced = convertAuthSet(SecurityLevel::KEYSTORE, sw_enforced);
+
+ vector<KeyCharacteristics> retval;
+ retval.reserve(2);
+
+ if (!keyMintEnforced.authorizations.empty()) retval.push_back(std::move(keyMintEnforced));
+ if (includeKeystoreEnforced && !keystoreEnforced.authorizations.empty()) {
+ retval.push_back(std::move(keystoreEnforced));
+ }
+
+ return retval;
+}
+
+Certificate convertCertificate(const keymaster_blob_t& cert) {
+ return {std::vector<uint8_t>(cert.data, cert.data + cert.data_length)};
+}
+
+vector<Certificate> convertCertificateChain(const keymaster::CertificateChain& chain) {
+ vector<Certificate> retval;
+ std::transform(chain.begin(), chain.end(), std::back_inserter(retval), convertCertificate);
+ return retval;
+}
+
+void addClientAndAppData(const vector<uint8_t>& clientId, const vector<uint8_t>& appData,
+ ::keymaster::AuthorizationSet* params) {
+ params->Clear();
+ if (clientId.size()) params->push_back(TAG_APPLICATION_ID, clientId.data(), clientId.size());
+ if (appData.size()) params->push_back(TAG_APPLICATION_DATA, appData.data(), appData.size());
+}
+
+} // namespace
+
+ScopedAStatus TrustyKeyMintDevice::getHardwareInfo(KeyMintHardwareInfo* info) {
+ info->versionNumber = 1;
+ info->securityLevel = kSecurityLevel;
+ info->keyMintName = "TrustyKeyMintDevice";
+ info->keyMintAuthorName = "Google";
+ info->timestampTokenRequired = false;
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus TrustyKeyMintDevice::addRngEntropy(const vector<uint8_t>& data) {
+ if (data.size() == 0) return ScopedAStatus::ok();
+ if (data.size() > 2048) {
+ LOG(DEBUG) << "Too-large entropy update of " << data.size() << " bytes.";
+ return kmError2ScopedAStatus(KM_ERROR_INVALID_INPUT_LENGTH);
+ }
+
+ keymaster::AddEntropyRequest request(impl_->message_version());
+ request.random_data.Reinitialize(data.data(), data.size());
+
+ keymaster::AddEntropyResponse response(impl_->message_version());
+ impl_->AddRngEntropy(request, &response);
+
+ return kmError2ScopedAStatus(response.error);
+}
+
+ScopedAStatus TrustyKeyMintDevice::generateKey(const vector<KeyParameter>& keyParams,
+ const optional<AttestationKey>& attestationKey,
+ KeyCreationResult* creationResult) {
+ keymaster::GenerateKeyRequest request(impl_->message_version());
+ request.key_description.Reinitialize(KmParamSet(keyParams));
+ if (attestationKey) {
+ request.attestation_signing_key_blob =
+ KeymasterKeyBlob(attestationKey->keyBlob.data(), attestationKey->keyBlob.size());
+ request.attest_key_params.Reinitialize(KmParamSet(attestationKey->attestKeyParams));
+ request.issuer_subject = KeymasterBlob(attestationKey->issuerSubjectName.data(),
+ attestationKey->issuerSubjectName.size());
+ }
+
+ keymaster::GenerateKeyResponse response(impl_->message_version());
+ impl_->GenerateKey(request, &response);
+
+ if (response.error != KM_ERROR_OK) return kmError2ScopedAStatus(response.error);
+
+ creationResult->keyBlob = kmBlob2vector(response.key_blob);
+ creationResult->keyCharacteristics =
+ convertKeyCharacteristics(response.unenforced, response.enforced);
+ creationResult->certificateChain = convertCertificateChain(response.certificate_chain);
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus TrustyKeyMintDevice::getKeyCharacteristics(
+ const vector<uint8_t>& keyBlob,
+ const vector<uint8_t>& clientId, //
+ const vector<uint8_t>& appData, //
+ vector<KeyCharacteristics>* characteristics) {
+ keymaster::GetKeyCharacteristicsRequest request(impl_->message_version());
+ request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
+ addClientAndAppData(clientId, appData, &request.additional_params);
+
+ keymaster::GetKeyCharacteristicsResponse response(impl_->message_version());
+ impl_->GetKeyCharacteristics(request, &response);
+
+ if (response.error != KM_ERROR_OK) return kmError2ScopedAStatus(response.error);
+
+ *characteristics = convertKeyCharacteristics(response.unenforced, response.enforced,
+ false /* includeKeystoreEnforced */);
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus TrustyKeyMintDevice::importKey(const vector<KeyParameter>& keyParams,
+ KeyFormat keyFormat, const vector<uint8_t>& keyData,
+ const optional<AttestationKey>& attestationKey,
+ KeyCreationResult* creationResult) {
+ keymaster::ImportKeyRequest request(impl_->message_version());
+ request.key_description.Reinitialize(KmParamSet(keyParams));
+ request.key_format = legacy_enum_conversion(keyFormat);
+ request.key_data = KeymasterKeyBlob(keyData.data(), keyData.size());
+ if (attestationKey) {
+ request.attestation_signing_key_blob =
+ KeymasterKeyBlob(attestationKey->keyBlob.data(), attestationKey->keyBlob.size());
+ request.attest_key_params.Reinitialize(KmParamSet(attestationKey->attestKeyParams));
+ request.issuer_subject = KeymasterBlob(attestationKey->issuerSubjectName.data(),
+ attestationKey->issuerSubjectName.size());
+ }
+
+ keymaster::ImportKeyResponse response(impl_->message_version());
+ impl_->ImportKey(request, &response);
+
+ if (response.error != KM_ERROR_OK) {
+ return kmError2ScopedAStatus(response.error);
+ }
+
+ creationResult->keyBlob = kmBlob2vector(response.key_blob);
+ creationResult->keyCharacteristics =
+ convertKeyCharacteristics(response.unenforced, response.enforced);
+ creationResult->certificateChain = convertCertificateChain(response.certificate_chain);
+
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus TrustyKeyMintDevice::importWrappedKey(const vector<uint8_t>& wrappedKeyData,
+ const vector<uint8_t>& wrappingKeyBlob, //
+ const vector<uint8_t>& maskingKey,
+ const vector<KeyParameter>& unwrappingParams,
+ int64_t passwordSid, //
+ int64_t biometricSid,
+ KeyCreationResult* creationResult) {
+ keymaster::ImportWrappedKeyRequest request(impl_->message_version());
+ request.SetWrappedMaterial(wrappedKeyData.data(), wrappedKeyData.size());
+ request.SetWrappingMaterial(wrappingKeyBlob.data(), wrappingKeyBlob.size());
+ request.SetMaskingKeyMaterial(maskingKey.data(), maskingKey.size());
+ request.additional_params.Reinitialize(KmParamSet(unwrappingParams));
+ request.password_sid = static_cast<uint64_t>(passwordSid);
+ request.biometric_sid = static_cast<uint64_t>(biometricSid);
+
+ keymaster::ImportWrappedKeyResponse response(impl_->message_version());
+ impl_->ImportWrappedKey(request, &response);
+
+ if (response.error != KM_ERROR_OK) {
+ return kmError2ScopedAStatus(response.error);
+ }
+
+ creationResult->keyBlob = kmBlob2vector(response.key_blob);
+ creationResult->keyCharacteristics =
+ convertKeyCharacteristics(response.unenforced, response.enforced);
+ creationResult->certificateChain = convertCertificateChain(response.certificate_chain);
+
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus TrustyKeyMintDevice::upgradeKey(const vector<uint8_t>& keyBlobToUpgrade,
+ const vector<KeyParameter>& upgradeParams,
+ vector<uint8_t>* keyBlob) {
+ keymaster::UpgradeKeyRequest request(impl_->message_version());
+ request.SetKeyMaterial(keyBlobToUpgrade.data(), keyBlobToUpgrade.size());
+ request.upgrade_params.Reinitialize(KmParamSet(upgradeParams));
+
+ keymaster::UpgradeKeyResponse response(impl_->message_version());
+ impl_->UpgradeKey(request, &response);
+
+ if (response.error != KM_ERROR_OK) {
+ return kmError2ScopedAStatus(response.error);
+ }
+
+ *keyBlob = kmBlob2vector(response.upgraded_key);
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus TrustyKeyMintDevice::deleteKey(const vector<uint8_t>& keyBlob) {
+ keymaster::DeleteKeyRequest request(impl_->message_version());
+ request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
+
+ keymaster::DeleteKeyResponse response(impl_->message_version());
+ impl_->DeleteKey(request, &response);
+
+ return kmError2ScopedAStatus(response.error);
+}
+
+ScopedAStatus TrustyKeyMintDevice::deleteAllKeys() {
+ // There's nothing to be done to delete software key blobs.
+ keymaster::DeleteAllKeysRequest request(impl_->message_version());
+ keymaster::DeleteAllKeysResponse response(impl_->message_version());
+ impl_->DeleteAllKeys(request, &response);
+
+ return kmError2ScopedAStatus(response.error);
+}
+
+ScopedAStatus TrustyKeyMintDevice::destroyAttestationIds() {
+ return kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED);
+}
+
+ScopedAStatus TrustyKeyMintDevice::begin(KeyPurpose purpose, const vector<uint8_t>& keyBlob,
+ const vector<KeyParameter>& params,
+ const optional<HardwareAuthToken>& authToken,
+ BeginResult* result) {
+ keymaster::BeginOperationRequest request(impl_->message_version());
+ request.purpose = legacy_enum_conversion(purpose);
+ request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
+ request.additional_params.Reinitialize(KmParamSet(params));
+
+ vector<uint8_t> vector_token = authToken2AidlVec(authToken);
+ request.additional_params.push_back(
+ TAG_AUTH_TOKEN, reinterpret_cast<uint8_t*>(vector_token.data()), vector_token.size());
+
+ keymaster::BeginOperationResponse response(impl_->message_version());
+ impl_->BeginOperation(request, &response);
+
+ if (response.error != KM_ERROR_OK) {
+ return kmError2ScopedAStatus(response.error);
+ }
+
+ result->params = kmParamSet2Aidl(response.output_params);
+ result->challenge = response.op_handle;
+ result->operation = ndk::SharedRefBase::make<TrustyKeyMintOperation>(impl_, response.op_handle);
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus TrustyKeyMintDevice::deviceLocked(
+ bool passwordOnly, const std::optional<secureclock::TimeStampToken>& timestampToken) {
+ keymaster::DeviceLockedRequest request(impl_->message_version());
+ request.passwordOnly = passwordOnly;
+ if (timestampToken.has_value()) {
+ request.token.challenge = timestampToken->challenge;
+ request.token.mac = {timestampToken->mac.data(), timestampToken->mac.size()};
+ request.token.timestamp = timestampToken->timestamp.milliSeconds;
+ }
+ keymaster::DeviceLockedResponse response = impl_->DeviceLocked(request);
+ return kmError2ScopedAStatus(response.error);
+}
+
+ScopedAStatus TrustyKeyMintDevice::earlyBootEnded() {
+ keymaster::EarlyBootEndedResponse response = impl_->EarlyBootEnded();
+ return kmError2ScopedAStatus(response.error);
+}
+
+ScopedAStatus TrustyKeyMintDevice::convertStorageKeyToEphemeral(
+ const std::vector<uint8_t>& storageKeyBlob, std::vector<uint8_t>* ephemeralKeyBlob) {
+ keymaster::ExportKeyRequest request(impl_->message_version());
+ request.SetKeyMaterial(storageKeyBlob.data(), storageKeyBlob.size());
+ request.key_format = KM_KEY_FORMAT_RAW;
+
+ keymaster::ExportKeyResponse response(impl_->message_version());
+ impl_->ExportKey(request, &response);
+
+ if (response.error != KM_ERROR_OK) return kmError2ScopedAStatus(response.error);
+ if (response.key_data) {
+ *ephemeralKeyBlob = {response.key_data, response.key_data + response.key_data_length};
+ }
+ return ScopedAStatus::ok();
+}
+
+} // namespace aidl::android::hardware::security::keymint::trusty
diff --git a/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp b/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp
new file mode 100644
index 0000000..41a21e9
--- /dev/null
+++ b/trusty/keymaster/keymint/TrustyKeyMintOperation.cpp
@@ -0,0 +1,168 @@
+/*
+ * Copyright 2021, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <trusty_keymaster/TrustyKeyMintOperation.h>
+
+#define TAG TrustyKeyMintOperation
+#include <android-base/logging.h>
+
+#include <aidl/android/hardware/security/keymint/ErrorCode.h>
+#include <aidl/android/hardware/security/secureclock/ISecureClock.h>
+
+#include <KeyMintUtils.h>
+#include <keymaster/android_keymaster.h>
+#include <trusty_keymaster/ipc/trusty_keymaster_ipc.h>
+
+namespace aidl::android::hardware::security::keymint {
+
+using ::keymaster::AbortOperationRequest;
+using ::keymaster::AbortOperationResponse;
+using ::keymaster::FinishOperationRequest;
+using ::keymaster::FinishOperationResponse;
+using ::keymaster::TAG_ASSOCIATED_DATA;
+using ::keymaster::TAG_AUTH_TOKEN;
+using ::keymaster::UpdateOperationRequest;
+using ::keymaster::UpdateOperationResponse;
+using km_utils::authToken2AidlVec;
+using km_utils::kmError2ScopedAStatus;
+using secureclock::TimeStampToken;
+
+TrustyKeyMintOperation::TrustyKeyMintOperation(shared_ptr<TrustyKeymaster> implementation,
+ keymaster_operation_handle_t opHandle)
+ : impl_(std::move(implementation)), opHandle_(opHandle) {}
+
+TrustyKeyMintOperation::~TrustyKeyMintOperation() {
+ if (opHandle_ != 0) {
+ abort();
+ }
+}
+
+ScopedAStatus TrustyKeyMintOperation::updateAad(
+ const vector<uint8_t>& input, const optional<HardwareAuthToken>& /* authToken */,
+ const optional<TimeStampToken>& /* timestampToken */) {
+ UpdateOperationRequest request(impl_->message_version());
+ request.op_handle = opHandle_;
+ request.additional_params.push_back(TAG_ASSOCIATED_DATA, input.data(), input.size());
+
+ UpdateOperationResponse response(impl_->message_version());
+ impl_->UpdateOperation(request, &response);
+
+ return kmError2ScopedAStatus(response.error);
+}
+
+ScopedAStatus TrustyKeyMintOperation::update(const vector<uint8_t>& input,
+ const optional<HardwareAuthToken>& authToken,
+ const optional<TimeStampToken>& /* timestampToken */,
+ vector<uint8_t>* output) {
+ if (!output) return kmError2ScopedAStatus(KM_ERROR_OUTPUT_PARAMETER_NULL);
+
+ UpdateOperationRequest request(impl_->message_version());
+ request.op_handle = opHandle_;
+ if (authToken) {
+ auto tokenAsVec(authToken2AidlVec(*authToken));
+ request.additional_params.push_back(TAG_AUTH_TOKEN, tokenAsVec.data(), tokenAsVec.size());
+ }
+
+ size_t serialized_size = request.SerializedSize();
+ if (serialized_size > TRUSTY_KEYMASTER_SEND_BUF_SIZE) {
+ return kmError2ScopedAStatus(KM_ERROR_INVALID_INPUT_LENGTH);
+ }
+
+ const uint8_t* input_pos = input.data();
+ const uint8_t* input_end = input.data() + input.size();
+ const size_t max_chunk_size = TRUSTY_KEYMASTER_SEND_BUF_SIZE - serialized_size;
+ output->clear();
+
+ while (input_pos < input_end) {
+ size_t to_send = std::min(max_chunk_size, static_cast<size_t>(input_end - input_pos));
+ LOG(DEBUG) << "update: Sending " << to_send << " of " << (input_end - input_pos)
+ << " bytes";
+ request.input.Reinitialize(input_pos, to_send);
+
+ UpdateOperationResponse response(impl_->message_version());
+ impl_->UpdateOperation(request, &response);
+ if (response.error != KM_ERROR_OK) {
+ opHandle_ = 0; // Operation has ended, the handle is invalid. This saves an abort().
+ return kmError2ScopedAStatus(response.error);
+ }
+
+ input_pos += response.input_consumed;
+ output->insert(output->end(), response.output.begin(), response.output.end());
+ }
+
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus TrustyKeyMintOperation::finish(
+ const optional<vector<uint8_t>>& input, //
+ const optional<vector<uint8_t>>& signature, //
+ const optional<HardwareAuthToken>& authToken,
+ const optional<TimeStampToken>& /* timestampToken */,
+ const optional<vector<uint8_t>>& /* confirmationToken */, vector<uint8_t>* output) {
+ if (!output) {
+ return ScopedAStatus(AStatus_fromServiceSpecificError(
+ static_cast<int32_t>(ErrorCode::OUTPUT_PARAMETER_NULL)));
+ }
+ output->clear();
+
+ FinishOperationRequest request(impl_->message_version());
+ request.op_handle = opHandle_;
+ if (signature) request.signature.Reinitialize(signature->data(), signature->size());
+ size_t serialized_size = request.SerializedSize();
+ if (serialized_size > TRUSTY_KEYMASTER_SEND_BUF_SIZE) {
+ return kmError2ScopedAStatus(KM_ERROR_INVALID_INPUT_LENGTH);
+ }
+
+ if (input) {
+ const size_t max_chunk_size = TRUSTY_KEYMASTER_SEND_BUF_SIZE - serialized_size;
+
+ if (input->size() > max_chunk_size) {
+ LOG(DEBUG) << "Sending an update to process finish() data";
+ // Use update to process all but the last max_chunk_size bytes.
+ auto result = update({input->begin(), input->end() - max_chunk_size}, authToken,
+ std::nullopt /* timestampToken */, output);
+ if (!result.isOk()) return result;
+
+ // Process the last max_chunk_size with finish.
+ request.input.Reinitialize(input->data() + (input->size() - max_chunk_size),
+ max_chunk_size);
+ } else {
+ request.input.Reinitialize(input->data(), input->size());
+ }
+ }
+
+ FinishOperationResponse response(impl_->message_version());
+ impl_->FinishOperation(request, &response);
+ opHandle_ = 0;
+
+ if (response.error != KM_ERROR_OK) return kmError2ScopedAStatus(response.error);
+
+ *output = {response.output.begin(), response.output.end()};
+ return ScopedAStatus::ok();
+}
+
+ScopedAStatus TrustyKeyMintOperation::abort() {
+ AbortOperationRequest request(impl_->message_version());
+ request.op_handle = opHandle_;
+
+ AbortOperationResponse response(impl_->message_version());
+ impl_->AbortOperation(request, &response);
+ opHandle_ = 0;
+
+ return kmError2ScopedAStatus(response.error);
+}
+
+} // namespace aidl::android::hardware::security::keymint
diff --git a/trusty/keymaster/keymint/TrustySecureClock.cpp b/trusty/keymaster/keymint/TrustySecureClock.cpp
new file mode 100644
index 0000000..fed5420
--- /dev/null
+++ b/trusty/keymaster/keymint/TrustySecureClock.cpp
@@ -0,0 +1,42 @@
+/*
+ * Copyright 2021, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <trusty_keymaster/TrustySecureClock.h>
+
+#include <aidl/android/hardware/security/keymint/ErrorCode.h>
+
+#include <KeyMintUtils.h>
+
+namespace aidl::android::hardware::security::secureclock::trusty {
+
+using keymint::km_utils::kmBlob2vector;
+using keymint::km_utils::kmError2ScopedAStatus;
+
+::ndk::ScopedAStatus TrustySecureClock::generateTimeStamp(int64_t challenge,
+ TimeStampToken* token) {
+ keymaster::VerifyAuthorizationRequest request(impl_->message_version());
+ request.challenge = challenge;
+
+ auto response = impl_->VerifyAuthorization(request);
+ if (response.error != KM_ERROR_OK) return kmError2ScopedAStatus(response.error);
+
+ token->challenge = response.token.challenge;
+ token->timestamp.milliSeconds = static_cast<int64_t>(response.token.timestamp);
+ token->mac = kmBlob2vector(response.token.mac);
+ return ::ndk::ScopedAStatus::ok();
+}
+
+} // namespace aidl::android::hardware::security::secureclock::trusty
diff --git a/trusty/keymaster/keymint/TrustySharedSecret.cpp b/trusty/keymaster/keymint/TrustySharedSecret.cpp
new file mode 100644
index 0000000..8109168
--- /dev/null
+++ b/trusty/keymaster/keymint/TrustySharedSecret.cpp
@@ -0,0 +1,54 @@
+/*
+ * Copyright 2020, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <trusty_keymaster/TrustySharedSecret.h>
+
+#include <aidl/android/hardware/security/keymint/ErrorCode.h>
+#include <keymaster/android_keymaster.h>
+#include "KeyMintUtils.h"
+
+namespace aidl::android::hardware::security::sharedsecret::trusty {
+
+using keymint::km_utils::kmBlob2vector;
+using keymint::km_utils::kmError2ScopedAStatus;
+
+::ndk::ScopedAStatus TrustySharedSecret::getSharedSecretParameters(SharedSecretParameters* params) {
+ auto response = impl_->GetHmacSharingParameters();
+ params->seed = kmBlob2vector(response.params.seed);
+ params->nonce = {std::begin(response.params.nonce), std::end(response.params.nonce)};
+ return kmError2ScopedAStatus(response.error);
+}
+
+::ndk::ScopedAStatus TrustySharedSecret::computeSharedSecret(
+ const std::vector<SharedSecretParameters>& params, std::vector<uint8_t>* sharingCheck) {
+ keymaster::ComputeSharedHmacRequest request(impl_->message_version());
+ request.params_array.params_array = new keymaster::HmacSharingParameters[params.size()];
+ request.params_array.num_params = params.size();
+ for (size_t i = 0; i < params.size(); ++i) {
+ request.params_array.params_array[i].seed = {params[i].seed.data(), params[i].seed.size()};
+ if (sizeof(request.params_array.params_array[i].nonce) != params[i].nonce.size()) {
+ return kmError2ScopedAStatus(KM_ERROR_INVALID_ARGUMENT);
+ }
+ memcpy(request.params_array.params_array[i].nonce, params[i].nonce.data(),
+ params[i].nonce.size());
+ }
+
+ auto response = impl_->ComputeSharedHmac(request);
+ if (response.error == KM_ERROR_OK) *sharingCheck = kmBlob2vector(response.sharing_check);
+ return kmError2ScopedAStatus(response.error);
+}
+
+} // namespace aidl::android::hardware::security::sharedsecret::trusty
diff --git a/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.rc b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.rc
new file mode 100644
index 0000000..389af41
--- /dev/null
+++ b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.rc
@@ -0,0 +1,4 @@
+service vendor.keymint-trusty /vendor/bin/hw/android.hardware.security.keymint-service.trusty
+ class early_hal
+ user nobody
+ group drmrpc
diff --git a/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
new file mode 100644
index 0000000..0ab3d64
--- /dev/null
+++ b/trusty/keymaster/keymint/android.hardware.security.keymint-service.trusty.xml
@@ -0,0 +1,14 @@
+<manifest version="1.0" type="device">
+ <hal format="aidl">
+ <name>android.hardware.security.keymint</name>
+ <fqname>IKeyMintDevice/default</fqname>
+ </hal>
+ <hal format="aidl">
+ <name>android.hardware.security.secureclock</name>
+ <fqname>ISecureClock/default</fqname>
+ </hal>
+ <hal format="aidl">
+ <name>android.hardware.security.sharedsecret</name>
+ <fqname>ISharedSecret/default</fqname>
+ </hal>
+</manifest>
diff --git a/trusty/keymaster/keymint/service.cpp b/trusty/keymaster/keymint/service.cpp
new file mode 100644
index 0000000..8f5f0f8
--- /dev/null
+++ b/trusty/keymaster/keymint/service.cpp
@@ -0,0 +1,58 @@
+/*
+ * Copyright 2021, The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "android.hardware.security.keymint-service.trusty"
+#include <android-base/logging.h>
+#include <android/binder_manager.h>
+#include <android/binder_process.h>
+
+#include <trusty_keymaster/TrustyKeyMintDevice.h>
+#include <trusty_keymaster/TrustySecureClock.h>
+#include <trusty_keymaster/TrustySharedSecret.h>
+
+using aidl::android::hardware::security::keymint::trusty::TrustyKeyMintDevice;
+using aidl::android::hardware::security::secureclock::trusty::TrustySecureClock;
+using aidl::android::hardware::security::sharedsecret::trusty::TrustySharedSecret;
+
+template <typename T, class... Args>
+std::shared_ptr<T> addService(Args&&... args) {
+ std::shared_ptr<T> service = std::make_shared<T>(std::forward<Args>(args)...);
+ auto instanceName = std::string(T::descriptor) + "/default";
+ LOG(ERROR) << "Adding service instance: " << instanceName;
+ auto status = AServiceManager_addService(service->asBinder().get(), instanceName.c_str());
+ CHECK(status == STATUS_OK) << "Failed to add service " << instanceName;
+ return service;
+}
+
+int main() {
+ auto trustyKeymaster = std::make_shared<keymaster::TrustyKeymaster>();
+ int err = trustyKeymaster->Initialize(keymaster::KmVersion::KEYMINT_1);
+ if (err != 0) {
+ LOG(FATAL) << "Could not initialize TrustyKeymaster for KeyMint (" << err << ")";
+ return -1;
+ }
+
+ // Zero threads seems like a useless pool but below we'll join this thread to it, increasing
+ // the pool size to 1.
+ ABinderProcess_setThreadPoolMaxThreadCount(0);
+
+ auto keyMint = addService<TrustyKeyMintDevice>(trustyKeymaster);
+ auto secureClock = addService<TrustySecureClock>(trustyKeymaster);
+ auto sharedSecret = addService<TrustySharedSecret>(trustyKeymaster);
+
+ ABinderProcess_joinThreadPool();
+ return EXIT_FAILURE; // should not reach
+}