Merge "Add additional parameters to importWrappedKey"

5 files changed, 32 insertions, 9 deletions

diff --git a/android_keymaster/android_keymaster.cpp b/android_keymaster/android_keymaster.cpp
index 137fa32..cceba59 100644
--- a/android_keymaster/android_keymaster.cpp
+++ b/android_keymaster/android_keymaster.cpp
@@ -498,10 +498,23 @@ void AndroidKeymaster::ImportWrappedKey(const ImportWrappedKeyRequest& request,
         return;
     }
 
+    int sid_idx = key_description.find(TAG_USER_SECURE_ID);
+    if (sid_idx != -1) {
+        uint8_t sids = key_description[sid_idx].long_integer;
+        if (!key_description.erase(sid_idx)) {
+            response->error = KM_ERROR_UNKNOWN_ERROR;
+            return;
+        }
+        if (sids & HW_AUTH_PASSWORD) {
+            key_description.push_back(TAG_USER_SECURE_ID, request.password_sid);
+        }
+        if (sids & HW_AUTH_FINGERPRINT) {
+            key_description.push_back(TAG_USER_SECURE_ID, request.biometric_sid);
+        }
+    }
+
     keymaster_algorithm_t algorithm;
-    key_description.GetTagValue(TAG_ALGORITHM, &algorithm);
     KeyFactory* factory = 0;
-
     if (!key_description.GetTagValue(TAG_ALGORITHM, &algorithm) ||
         !(factory = context_->GetKeyFactory(algorithm))) {
         response->error = KM_ERROR_UNSUPPORTED_ALGORITHM;
diff --git a/android_keymaster/android_keymaster_messages.cpp b/android_keymaster/android_keymaster_messages.cpp
index cdb6679..d5aa953 100644
--- a/android_keymaster/android_keymaster_messages.cpp
+++ b/android_keymaster/android_keymaster_messages.cpp
@@ -642,14 +642,18 @@ uint8_t* ImportWrappedKeyRequest::Serialize(uint8_t* buf, const uint8_t* end) co
     serialize_key_blob(wrapped_key, buf, end);
     serialize_key_blob(wrapping_key, buf, end);
     serialize_key_blob(masking_key, buf, end);
-    return additional_params.Serialize(buf, end);
+    buf = additional_params.Serialize(buf, end);
+    buf = append_uint64_to_buf(buf, end, password_sid);
+    return append_uint64_to_buf(buf, end, biometric_sid);
 }
 
 bool ImportWrappedKeyRequest::Deserialize(const uint8_t** buf_ptr, const uint8_t* end) {
     return deserialize_key_blob(&wrapped_key, buf_ptr, end) &&
            deserialize_key_blob(&wrapping_key, buf_ptr, end) &&
            deserialize_key_blob(&masking_key, buf_ptr, end) &&
-           additional_params.Deserialize(buf_ptr, end);
+           additional_params.Deserialize(buf_ptr, end) &&
+           copy_uint64_from_buf(buf_ptr, end, &password_sid) &&
+           copy_uint64_from_buf(buf_ptr, end, &biometric_sid);
 }
 
 void ImportWrappedKeyRequest::SetWrappedMaterial(const void* key_material, size_t length) {
diff --git a/include/keymaster/android_keymaster_messages.h b/include/keymaster/android_keymaster_messages.h
index 9c49145..ec7bb58 100644
--- a/include/keymaster/android_keymaster_messages.h
+++ b/include/keymaster/android_keymaster_messages.h
@@ -790,6 +790,8 @@ struct ImportWrappedKeyRequest : public KeymasterMessage {
     KeymasterKeyBlob wrapping_key;
     KeymasterKeyBlob masking_key;
     AuthorizationSet additional_params;
+    uint64_t password_sid;
+    uint64_t biometric_sid;
 };
 
 struct ImportWrappedKeyResponse : public KeymasterResponse {
diff --git a/ng/AndroidKeymaster4Device.cpp b/ng/AndroidKeymaster4Device.cpp
index 1ccb15a..69cb6c9 100644
--- a/ng/AndroidKeymaster4Device.cpp
+++ b/ng/AndroidKeymaster4Device.cpp
@@ -366,16 +366,18 @@ Return<void> AndroidKeymaster4Device::importKey(const hidl_vec<KeyParameter>& pa
     return Void();
 }
 
-Return<void> AndroidKeymaster4Device::importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
-                                                       const hidl_vec<uint8_t>& wrappingKeyBlob,
-                                                       const hidl_vec<uint8_t>& maskingKey,
-                                                       importWrappedKey_cb _hidl_cb) {
+Return<void> AndroidKeymaster4Device::importWrappedKey(
+    const hidl_vec<uint8_t>& wrappedKeyData, const hidl_vec<uint8_t>& wrappingKeyBlob,
+    const hidl_vec<uint8_t>& maskingKey, const hidl_vec<KeyParameter>& unwrappingParams,
+    uint64_t passwordSid, uint64_t biometricSid, importWrappedKey_cb _hidl_cb) {
 
     ImportWrappedKeyRequest request;
     request.SetWrappedMaterial(wrappedKeyData.data(), wrappedKeyData.size());
     request.SetWrappingMaterial(wrappingKeyBlob.data(), wrappingKeyBlob.size());
     request.SetMaskingKeyMaterial(maskingKey.data(), maskingKey.size());
-    // TODO(franksalim): set request.additional_params when wrapping key params are allowed
+    request.additional_params.Reinitialize(KmParamSet(unwrappingParams));
+    request.password_sid = passwordSid;
+    request.biometric_sid = biometricSid;
 
     ImportWrappedKeyResponse response;
     impl_->ImportWrappedKey(request, &response);
diff --git a/ng/include/AndroidKeymaster4Device.h b/ng/include/AndroidKeymaster4Device.h
index 8ea1144..069bb7c 100644
--- a/ng/include/AndroidKeymaster4Device.h
+++ b/ng/include/AndroidKeymaster4Device.h
@@ -71,6 +71,8 @@ class AndroidKeymaster4Device : public IKeymasterDevice {
     Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
                                   const hidl_vec<uint8_t>& wrappingKeyBlob,
                                   const hidl_vec<uint8_t>& maskingKey,
+                                  const hidl_vec<KeyParameter>& unwrappingParams,
+                                  uint64_t passwordSid, uint64_t biometricSid,
                                   importWrappedKey_cb _hidl_cb) override;
     Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
                            const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,