summaryrefslogtreecommitdiffstats
path: root/keymaster
diff options
context:
space:
mode:
authorTreeHugger Robot <treehugger-gerrit@google.com>2018-01-22 20:18:17 +0000
committerAndroid (Google) Code Review <android-gerrit@google.com>2018-01-22 20:18:17 +0000
commitaf4d761cf50936c4f52f7b488b6fa3339e8e3156 (patch)
tree2b0396b7a302191c5a050a832d32f72d1c03f61f /keymaster
parent1b19360b4cf3de2201ea48bf191aa5c0c379f789 (diff)
parent8d28efa9b81a717fb839111e13ba51104269877a (diff)
downloadandroid_hardware_interfaces-af4d761cf50936c4f52f7b488b6fa3339e8e3156.tar.gz
android_hardware_interfaces-af4d761cf50936c4f52f7b488b6fa3339e8e3156.tar.bz2
android_hardware_interfaces-af4d761cf50936c4f52f7b488b6fa3339e8e3156.zip
Merge "Add additional parameters to importWrappedKey"
Diffstat (limited to 'keymaster')
-rw-r--r--keymaster/4.0/IKeymasterDevice.hal22
-rw-r--r--keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h8
-rw-r--r--keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h5
-rw-r--r--keymaster/4.0/vts/functional/KeymasterHidlTest.cpp5
-rw-r--r--keymaster/4.0/vts/functional/KeymasterHidlTest.h3
-rw-r--r--keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp22
6 files changed, 50 insertions, 15 deletions
diff --git a/keymaster/4.0/IKeymasterDevice.hal b/keymaster/4.0/IKeymasterDevice.hal
index 14c9c354d..5dac9291b 100644
--- a/keymaster/4.0/IKeymasterDevice.hal
+++ b/keymaster/4.0/IKeymasterDevice.hal
@@ -274,6 +274,23 @@ interface IKeymasterDevice {
* @param maskingKey The 32-byte value XOR'd with the transport key in the SecureWrappedKey
* structure.
*
+ * @param unwrappingParams must contain any parameters needed to perform the unwrapping
+ * operation. For example, if the wrapping key is an AES key the block and padding modes
+ * must be specified in this argument.
+ *
+ * @param passwordSid specifies the password secure ID (SID) of the user that owns the key being
+ * installed. If the authorization list in wrappedKeyData contains a Tag::USER_SECURE_ID
+ * with a value that has the HardwareAuthenticatorType::PASSWORD bit set, the constructed
+ * key must be bound to the SID value provided by this argument. If the wrappedKeyData
+ * does not contain such a tag and value, this argument must be ignored.
+ *
+ * @param biometricSid specifies the biometric secure ID (SID) of the user that owns the key
+ * being installed. If the authorization list in wrappedKeyData contains a
+ * Tag::USER_SECURE_ID with a value that has the HardwareAuthenticatorType::FINGERPRINT
+ * bit set, the constructed key must be bound to the SID value provided by this argument.
+ * If the wrappedKeyData does not contain such a tag and value, this argument must be
+ * ignored.
+ *
* @return error See the ErrorCode enum.
*
* @return keyBlob Opaque descriptor of the imported key. It is recommended that the keyBlob
@@ -281,8 +298,9 @@ interface IKeymasterDevice {
* hardware.
*/
importWrappedKey(vec<uint8_t> wrappedKeyData, vec<uint8_t> wrappingKeyBlob,
- vec<uint8_t> maskingKey)
- generates (ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);
+ vec<uint8_t> maskingKey, vec<KeyParameter> unwrappingParams,
+ uint64_t passwordSid, uint64_t biometricSid)
+ generates(ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);
/**
* Returns the characteristics of the specified key, if the keyBlob is valid (implementations
diff --git a/keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h b/keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h
index 051e5700a..4054620b6 100644
--- a/keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h
+++ b/keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h
@@ -74,8 +74,12 @@ class Keymaster3 : public Keymaster {
Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override;
- Return<void> importWrappedKey(const hidl_vec<uint8_t>&, const hidl_vec<uint8_t>&,
- const hidl_vec<uint8_t>&, importWrappedKey_cb _hidl_cb) {
+ Return<void> importWrappedKey(const hidl_vec<uint8_t>& /* wrappedKeyData */,
+ const hidl_vec<uint8_t>& /* wrappingKeyBlob */,
+ const hidl_vec<uint8_t>& /* maskingKey */,
+ const hidl_vec<KeyParameter>& /* unwrappingParams */,
+ uint64_t /* passwordSid */, uint64_t /* biometricSid */,
+ importWrappedKey_cb _hidl_cb) {
_hidl_cb(ErrorCode::UNIMPLEMENTED, {}, {});
return Void();
}
diff --git a/keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h b/keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h
index ffddcac2d..86ef4f855 100644
--- a/keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h
+++ b/keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h
@@ -81,8 +81,11 @@ class Keymaster4 : public Keymaster {
Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
const hidl_vec<uint8_t>& wrappingKeyBlob,
const hidl_vec<uint8_t>& maskingKey,
+ const hidl_vec<KeyParameter>& unwrappingParams,
+ uint64_t passwordSid, uint64_t biometricSid,
importWrappedKey_cb _hidl_cb) {
- return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, _hidl_cb);
+ return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, unwrappingParams,
+ passwordSid, biometricSid, _hidl_cb);
}
Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
diff --git a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
index 13b6b2f7d..37d8c4251 100644
--- a/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
+++ b/keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
@@ -137,11 +137,14 @@ ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyForm
ErrorCode KeymasterHidlTest::ImportWrappedKey(string wrapped_key, string wrapping_key,
const AuthorizationSet& wrapping_key_desc,
- string masking_key) {
+ string masking_key,
+ const AuthorizationSet& unwrapping_params) {
ErrorCode error;
ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key);
EXPECT_TRUE(keymaster_
->importWrappedKey(HidlBuf(wrapped_key), key_blob_, HidlBuf(masking_key),
+ unwrapping_params.hidl_data(), 0 /* passwordSid */,
+ 0 /* biometricSid */,
[&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
const KeyCharacteristics& hidl_key_characteristics) {
error = hidl_error;
diff --git a/keymaster/4.0/vts/functional/KeymasterHidlTest.h b/keymaster/4.0/vts/functional/KeymasterHidlTest.h
index 6d28f176b..36d3fc21b 100644
--- a/keymaster/4.0/vts/functional/KeymasterHidlTest.h
+++ b/keymaster/4.0/vts/functional/KeymasterHidlTest.h
@@ -116,7 +116,8 @@ class KeymasterHidlTest : public ::testing::VtsHalHidlTargetTestBase {
const string& key_material);
ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
- const AuthorizationSet& wrapping_key_desc, string masking_key);
+ const AuthorizationSet& wrapping_key_desc, string masking_key,
+ const AuthorizationSet& unwrapping_params);
ErrorCode ExportKey(KeyFormat format, const HidlBuf& key_blob, const HidlBuf& client_id,
const HidlBuf& app_data, HidlBuf* key_material);
diff --git a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
index 31d6ad191..1d8dfdf83 100644
--- a/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
+++ b/keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
@@ -1857,7 +1857,9 @@ TEST_F(ImportWrappedKeyTest, Success) {
.Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY);
ASSERT_EQ(ErrorCode::OK,
- ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, zero_masking_key));
+ ImportWrappedKey(
+ wrapped_key, wrapping_key, wrapping_key_desc, zero_masking_key,
+ AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP)));
string message = "Hello World!";
auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7);
@@ -1874,7 +1876,9 @@ TEST_F(ImportWrappedKeyTest, SuccessMasked) {
.Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY);
ASSERT_EQ(ErrorCode::OK,
- ImportWrappedKey(wrapped_key_masked, wrapping_key, wrapping_key_desc, masking_key));
+ ImportWrappedKey(
+ wrapped_key_masked, wrapping_key, wrapping_key_desc, masking_key,
+ AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP)));
}
TEST_F(ImportWrappedKeyTest, WrongMask) {
@@ -1884,9 +1888,10 @@ TEST_F(ImportWrappedKeyTest, WrongMask) {
.Padding(PaddingMode::RSA_OAEP)
.Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY);
- ASSERT_EQ(
- ErrorCode::VERIFICATION_FAILED,
- ImportWrappedKey(wrapped_key_masked, wrapping_key, wrapping_key_desc, zero_masking_key));
+ ASSERT_EQ(ErrorCode::VERIFICATION_FAILED,
+ ImportWrappedKey(
+ wrapped_key_masked, wrapping_key, wrapping_key_desc, zero_masking_key,
+ AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP)));
}
TEST_F(ImportWrappedKeyTest, WrongPurpose) {
@@ -1895,9 +1900,10 @@ TEST_F(ImportWrappedKeyTest, WrongPurpose) {
.Digest(Digest::SHA1)
.Padding(PaddingMode::RSA_OAEP);
- ASSERT_EQ(
- ErrorCode::INCOMPATIBLE_PURPOSE,
- ImportWrappedKey(wrapped_key_masked, wrapping_key, wrapping_key_desc, zero_masking_key));
+ ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
+ ImportWrappedKey(
+ wrapped_key_masked, wrapping_key, wrapping_key_desc, zero_masking_key,
+ AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP)));
}
typedef KeymasterHidlTest EncryptionOperationsTest;