Stub out ATTEST_KEY support.
Bug: 171845787
Test: Build
Change-Id: I243d58f72a55af4b299ff48c419b0cde4e64cbce
diff --git a/keystore2/src/km_compat/certificate_test.cpp b/keystore2/src/km_compat/certificate_test.cpp
index d6bece7..de1d60a 100644
--- a/keystore2/src/km_compat/certificate_test.cpp
+++ b/keystore2/src/km_compat/certificate_test.cpp
@@ -50,7 +50,7 @@
return ScopedAStatus::fromStatus(STATUS_NAME_NOT_FOUND);
}
KeyCreationResult creationResult;
- auto status = device->generateKey(keyParams, &creationResult);
+ auto status = device->generateKey(keyParams, std::nullopt /* attest_key */, &creationResult);
if (!status.isOk()) {
return status;
}
diff --git a/keystore2/src/km_compat/km_compat.cpp b/keystore2/src/km_compat/km_compat.cpp
index dedca6d..812f513 100644
--- a/keystore2/src/km_compat/km_compat.cpp
+++ b/keystore2/src/km_compat/km_compat.cpp
@@ -333,8 +333,10 @@
return convertErrorCode(result);
}
-ScopedAStatus KeyMintDevice::generateKey(const std::vector<KeyParameter>& inKeyParams,
- KeyCreationResult* out_creationResult) {
+ScopedAStatus
+KeyMintDevice::generateKey(const std::vector<KeyParameter>& inKeyParams,
+ const std::optional<AttestationKey>& /* in_attestationKey */,
+ KeyCreationResult* out_creationResult) {
auto legacyKeyGenParams = convertKeyParametersToLegacy(extractGenerationParams(inKeyParams));
KMV1::ErrorCode errorCode;
auto result = mDevice->generateKey(
@@ -368,6 +370,7 @@
ScopedAStatus KeyMintDevice::importKey(const std::vector<KeyParameter>& inKeyParams,
KeyFormat in_inKeyFormat,
const std::vector<uint8_t>& in_inKeyData,
+ const std::optional<AttestationKey>& /* in_attestationKey */,
KeyCreationResult* out_creationResult) {
auto legacyKeyGENParams = convertKeyParametersToLegacy(extractGenerationParams(inKeyParams));
auto legacyKeyFormat = convertKeyFormatToLegacy(in_inKeyFormat);
@@ -401,11 +404,13 @@
return convertErrorCode(errorCode);
}
-ScopedAStatus KeyMintDevice::importWrappedKey(
- const std::vector<uint8_t>& in_inWrappedKeyData,
- const std::vector<uint8_t>& in_inWrappingKeyBlob, const std::vector<uint8_t>& in_inMaskingKey,
- const std::vector<KeyParameter>& in_inUnwrappingParams, int64_t in_inPasswordSid,
- int64_t in_inBiometricSid, KeyCreationResult* out_creationResult) {
+ScopedAStatus
+KeyMintDevice::importWrappedKey(const std::vector<uint8_t>& in_inWrappedKeyData,
+ const std::vector<uint8_t>& in_inWrappingKeyBlob, //
+ const std::vector<uint8_t>& in_inMaskingKey,
+ const std::vector<KeyParameter>& in_inUnwrappingParams,
+ int64_t in_inPasswordSid, int64_t in_inBiometricSid,
+ KeyCreationResult* out_creationResult) {
auto legacyUnwrappingParams = convertKeyParametersToLegacy(in_inUnwrappingParams);
KMV1::ErrorCode errorCode;
auto result = mDevice->importWrappedKey(
diff --git a/keystore2/src/km_compat/km_compat.h b/keystore2/src/km_compat/km_compat.h
index 7abccde..57a7bbd 100644
--- a/keystore2/src/km_compat/km_compat.h
+++ b/keystore2/src/km_compat/km_compat.h
@@ -28,6 +28,7 @@
#include "certificate_utils.h"
+using ::aidl::android::hardware::security::keymint::AttestationKey;
using ::aidl::android::hardware::security::keymint::BeginResult;
using ::aidl::android::hardware::security::keymint::ByteArray;
using ::aidl::android::hardware::security::keymint::Certificate;
@@ -90,9 +91,11 @@
ScopedAStatus getHardwareInfo(KeyMintHardwareInfo* _aidl_return) override;
ScopedAStatus addRngEntropy(const std::vector<uint8_t>& in_data) override;
ScopedAStatus generateKey(const std::vector<KeyParameter>& in_keyParams,
+ const std::optional<AttestationKey>& in_attestationKey,
KeyCreationResult* out_creationResult) override;
ScopedAStatus importKey(const std::vector<KeyParameter>& in_inKeyParams,
KeyFormat in_inKeyFormat, const std::vector<uint8_t>& in_inKeyData,
+ const std::optional<AttestationKey>& in_attestationKey,
KeyCreationResult* out_creationResult) override;
ScopedAStatus importWrappedKey(const std::vector<uint8_t>& in_inWrappedKeyData,
const std::vector<uint8_t>& in_inWrappingKeyBlob,
diff --git a/keystore2/src/km_compat/lib.rs b/keystore2/src/km_compat/lib.rs
index eca0a85..9be329f 100644
--- a/keystore2/src/km_compat/lib.rs
+++ b/keystore2/src/km_compat/lib.rs
@@ -71,7 +71,8 @@
// TODO: If I only need the key itself, don't return the other things.
fn generate_key(legacy: &dyn IKeyMintDevice, kps: Vec<KeyParameter>) -> KeyCreationResult {
- let creation_result = legacy.generateKey(&kps).expect("Failed to generate key");
+ let creation_result =
+ legacy.generateKey(&kps, None /* attest_key */).expect("Failed to generate key");
assert_ne!(creation_result.keyBlob.len(), 0);
creation_result
}
@@ -163,7 +164,8 @@
}];
let kf = KeyFormat::RAW;
let kd = [0; 16];
- let creation_result = legacy.importKey(&kps, kf, &kd).expect("Failed to import key");
+ let creation_result =
+ legacy.importKey(&kps, kf, &kd, None /* attest_key */).expect("Failed to import key");
assert_ne!(creation_result.keyBlob.len(), 0);
assert_eq!(creation_result.certificateChain.len(), 0);
}
diff --git a/keystore2/src/km_compat/slot_test.cpp b/keystore2/src/km_compat/slot_test.cpp
index 0859ddf..72d944c 100644
--- a/keystore2/src/km_compat/slot_test.cpp
+++ b/keystore2/src/km_compat/slot_test.cpp
@@ -47,7 +47,7 @@
KMV1::makeKeyParameter(KMV1::TAG_PURPOSE, KeyPurpose::DECRYPT),
});
KeyCreationResult creationResult;
- auto status = device->generateKey(keyParams, &creationResult);
+ auto status = device->generateKey(keyParams, std::nullopt /* attest_key */, &creationResult);
if (!status.isOk()) {
return {};
}
@@ -150,13 +150,13 @@
KMV1::makeKeyParameter(KMV1::TAG_NO_AUTH_REQUIRED, true),
});
KeyCreationResult creationResult;
- status = device->generateKey(kps, &creationResult);
+ status = device->generateKey(kps, std::nullopt /* attest_key */, &creationResult);
ASSERT_TRUE(!status.isOk());
ASSERT_EQ(status.getServiceSpecificError(),
static_cast<int32_t>(ErrorCode::TOO_MANY_OPERATIONS));
// But generating a certificate with signCert does not use a slot.
kps.pop_back();
- status = device->generateKey(kps, &creationResult);
+ status = device->generateKey(kps, std::nullopt /* attest_key */, &creationResult);
ASSERT_TRUE(status.isOk());
// Destructing operations should free up their slots.
diff --git a/keystore2/src/security_level.rs b/keystore2/src/security_level.rs
index c2170b6..b96aea8 100644
--- a/keystore2/src/security_level.rs
+++ b/keystore2/src/security_level.rs
@@ -389,7 +389,7 @@
let km_dev: Strong<dyn IKeyMintDevice> = self.keymint.get_interface()?;
map_km_error(km_dev.addRngEntropy(entropy))
.context("In generate_key: Trying to add entropy.")?;
- let creation_result = map_km_error(km_dev.generateKey(¶ms))
+ let creation_result = map_km_error(km_dev.generateKey(¶ms, None /* attestKey */))
.context("In generate_key: While generating Key")?;
let user_id = uid_to_android_user(caller_uid);
@@ -444,8 +444,9 @@
let km_dev: Strong<dyn IKeyMintDevice> =
self.keymint.get_interface().context("In import_key: Trying to get the KM device")?;
- let creation_result = map_km_error(km_dev.importKey(¶ms, format, key_data))
- .context("In import_key: Trying to call importKey")?;
+ let creation_result =
+ map_km_error(km_dev.importKey(¶ms, format, key_data, None /* attestKey */))
+ .context("In import_key: Trying to call importKey")?;
let user_id = uid_to_android_user(caller_uid);
self.store_new_key(key, creation_result, user_id).context("In import_key.")