commit 50eb1b2f89ca455b2e9caa635bfe0b5ed94b416a
author Shawn Willden <swillden@google.com> Thu Jan 21 12:41:23 2016 -0700
committer Shawn Willden <swillden@google.com> Wed Jan 27 20:25:38 2016 -0700
tree f6bf4b89bc812d9561e1055296f0a145976839e5
parent fd50293cd5f91936ea954b0556f3f434243adf27

Add attestation support to keystore.

Bug: 22914603
Change-Id: I14fbfbe30b96c5c29278fa548e06b65f15942fe2

keystore/key_store_service.cpp

diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 9fbb6bc..759ef06 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -1076,6 +1076,40 @@
     return ::NO_ERROR;
 }
 
+int32_t KeyStoreService::attestKey(const String16& name, const KeymasterArguments& params,
+                                   KeymasterCertificateChain* outChain) {
+    if (!outChain)
+        return KM_ERROR_OUTPUT_PARAMETER_NULL;
+
+    if (!checkAllowedOperationParams(params.params)) {
+        return KM_ERROR_INVALID_ARGUMENT;
+    }
+
+    uid_t callingUid = IPCThreadState::self()->getCallingUid();
+
+    Blob keyBlob;
+    String8 name8(name);
+    ResponseCode responseCode =
+        mKeyStore->getKeyForName(&keyBlob, name8, callingUid, TYPE_KEYMASTER_10);
+    if (responseCode != ::NO_ERROR) {
+        return responseCode;
+    }
+
+    keymaster_key_blob_t key = {keyBlob.getValue(),
+                                static_cast<size_t>(std::max(0, keyBlob.getLength()))};
+    auto* dev = mKeyStore->getDeviceForBlob(keyBlob);
+    if (!dev->attest_key)
+        return KM_ERROR_UNIMPLEMENTED;
+
+    const keymaster_key_param_set_t in_params = {
+        const_cast<keymaster_key_param_t*>(params.params.data()), params.params.size()};
+    outChain->chain = {nullptr, 0};
+    int32_t rc = dev->attest_key(dev, &key, &in_params, &outChain->chain);
+    if (rc)
+        return rc;
+    return ::NO_ERROR;
+}
+
 /**
  * Prune the oldest pruneable operation.
  */