diff options
author | Chad Brubaker <cbrubaker@google.com> | 2015-06-01 12:59:00 -0700 |
---|---|---|
committer | Chad Brubaker <cbrubaker@google.com> | 2015-06-01 22:22:40 -0700 |
commit | 57e106dc183744cdc05c62bea11bc285b3346846 (patch) | |
tree | 5da0142d738e3c9a14342cac6706f9ca8655f33c | |
parent | 7d0e9a4170ec1b1ed0f80c1a75131dadf3dd6abe (diff) | |
download | android_system_security-57e106dc183744cdc05c62bea11bc285b3346846.tar.gz android_system_security-57e106dc183744cdc05c62bea11bc285b3346846.tar.bz2 android_system_security-57e106dc183744cdc05c62bea11bc285b3346846.zip |
Track keymaster method changes
Change-Id: If0b274118a2d238b18c0a06ee3fe7f0798a44a1c
-rw-r--r-- | keystore/IKeystoreService.cpp | 16 | ||||
-rw-r--r-- | keystore/include/keystore/IKeystoreService.h | 24 | ||||
-rw-r--r-- | keystore/keystore.cpp | 90 |
3 files changed, 65 insertions, 65 deletions
diff --git a/keystore/IKeystoreService.cpp b/keystore/IKeystoreService.cpp index 1d9d48d..fc0b8da 100644 --- a/keystore/IKeystoreService.cpp +++ b/keystore/IKeystoreService.cpp @@ -76,6 +76,7 @@ void OperationResult::readFromParcel(const Parcel& in) { ALOGE("Failed to readInplace OperationResult data"); } } + outParams.readFromParcel(in); } void OperationResult::writeToParcel(Parcel* out) const { @@ -92,6 +93,7 @@ void OperationResult::writeToParcel(Parcel* out) const { ALOGE("Failed to writeInplace OperationResult data."); } } + outParams.writeToParcel(out); } ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) { @@ -1066,10 +1068,9 @@ public: virtual void begin(const sp<IBinder>& appToken, const String16& name, keymaster_purpose_t purpose, bool pruneable, const KeymasterArguments& params, const uint8_t* entropy, - size_t entropyLength, KeymasterArguments* outParams, - OperationResult* result) + size_t entropyLength, OperationResult* result) { - if (!result || !outParams) { + if (!result) { return; } Parcel data, reply; @@ -1096,9 +1097,6 @@ public: if (reply.readInt32() != 0) { result->readFromParcel(reply); } - if (reply.readInt32() != 0) { - outParams->readFromParcel(reply); - } } virtual void update(const sp<IBinder>& token, const KeymasterArguments& params, @@ -1650,15 +1648,11 @@ status_t BnKeystoreService::onTransact( const uint8_t* entropy = NULL; size_t entropyLength = 0; readByteArray(data, &entropy, &entropyLength); - KeymasterArguments outArgs; OperationResult result; - begin(token, name, purpose, pruneable, args, entropy, entropyLength, &outArgs, - &result); + begin(token, name, purpose, pruneable, args, entropy, entropyLength, &result); reply->writeNoException(); reply->writeInt32(1); result.writeToParcel(reply); - reply->writeInt32(1); - outArgs.writeToParcel(reply); return NO_ERROR; } diff --git a/keystore/include/keystore/IKeystoreService.h b/keystore/include/keystore/IKeystoreService.h index d208325..6ad752e 100644 --- a/keystore/include/keystore/IKeystoreService.h +++ b/keystore/include/keystore/IKeystoreService.h @@ -42,6 +42,16 @@ struct MallocDeleter { void operator()(uint8_t* p) { free(p); } }; +// struct for serializing/deserializing a list of keymaster_key_param_t's +struct KeymasterArguments { + KeymasterArguments(); + ~KeymasterArguments(); + void readFromParcel(const Parcel& in); + void writeToParcel(Parcel* out) const; + + std::vector<keymaster_key_param_t> params; +}; + // struct for serializing the results of begin/update/finish struct OperationResult { OperationResult(); @@ -55,6 +65,7 @@ struct OperationResult { int inputConsumed; std::unique_ptr<uint8_t[], MallocDeleter> data; size_t dataLength; + KeymasterArguments outParams; }; // struct for serializing the results of export @@ -69,16 +80,6 @@ struct ExportResult { size_t dataLength; }; -// struct for serializing/deserializing a list of keymaster_key_param_t's -struct KeymasterArguments { - KeymasterArguments(); - ~KeymasterArguments(); - void readFromParcel(const Parcel& in); - void writeToParcel(Parcel* out) const; - - std::vector<keymaster_key_param_t> params; -}; - // struct for serializing keymaster_key_characteristics_t's struct KeyCharacteristics { KeyCharacteristics(); @@ -210,8 +211,7 @@ public: virtual void begin(const sp<IBinder>& apptoken, const String16& name, keymaster_purpose_t purpose, bool pruneable, const KeymasterArguments& params, const uint8_t* entropy, - size_t entropyLength, KeymasterArguments* outParams, - OperationResult* result) = 0; + size_t entropyLength, OperationResult* result) = 0; virtual void update(const sp<IBinder>& token, const KeymasterArguments& params, const uint8_t* data, size_t dataLength, OperationResult* result) = 0; diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index 6bcbace..2208936 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -2353,6 +2353,8 @@ public: const keymaster1_device_t* device = mKeyStore->getDevice(); const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); + std::vector<keymaster_key_param_t> opParams(params.params); + const keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; if (device == NULL) { return ::SYSTEM_ERROR; } @@ -2367,8 +2369,7 @@ public: rc = KM_ERROR_UNIMPLEMENTED; } if (rc == KM_ERROR_OK) { - rc = device->generate_key(device, params.params.data(), params.params.size(), - &blob, &out); + rc = device->generate_key(device, &inParams, &blob, &out); } } // If the HW device didn't support generate_key or generate_key failed @@ -2383,9 +2384,7 @@ public: rc = KM_ERROR_UNIMPLEMENTED; } if (rc == KM_ERROR_OK) { - rc = fallback->generate_key(fallback, params.params.data(), params.params.size(), - &blob, - &out); + rc = fallback->generate_key(fallback, &inParams, &blob, &out); } } @@ -2468,18 +2467,19 @@ public: const keymaster1_device_t* device = mKeyStore->getDevice(); const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); + std::vector<keymaster_key_param_t> opParams(params.params); + const keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; + const keymaster_blob_t input = {keyData, keyLength}; if (device == NULL) { return ::SYSTEM_ERROR; } if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && device->import_key != NULL) { - rc = device->import_key(device, params.params.data(), params.params.size(), - format, keyData, keyLength, &blob, &out); + rc = device->import_key(device, &inParams, format,&input, &blob, &out); } if (rc && fallback->import_key != NULL) { isFallback = true; - rc = fallback->import_key(fallback, params.params.data(), params.params.size(), - format, keyData, keyLength, &blob, &out); + rc = fallback->import_key(fallback, &inParams, format, &input, &blob, &out); } if (out) { if (outCharacteristics) { @@ -2529,21 +2529,17 @@ public: result->resultCode = KM_ERROR_UNIMPLEMENTED; return; } - uint8_t* ptr = NULL; - rc = dev->export_key(dev, format, &key, clientId, appData, - &ptr, &result->dataLength); - result->exportData.reset(ptr); + keymaster_blob_t output = {NULL, 0}; + rc = dev->export_key(dev, format, &key, clientId, appData, &output); + result->exportData.reset(const_cast<uint8_t*>(output.data)); + result->dataLength = output.data_length; result->resultCode = rc ? rc : ::NO_ERROR; } void begin(const sp<IBinder>& appToken, const String16& name, keymaster_purpose_t purpose, bool pruneable, const KeymasterArguments& params, const uint8_t* entropy, - size_t entropyLength, KeymasterArguments* outParams, OperationResult* result) { - if (!result || !outParams) { - ALOGE("Unexpected null arguments to begin()"); - return; - } + size_t entropyLength, OperationResult* result) { uid_t callingUid = IPCThreadState::self()->getCallingUid(); if (!pruneable && get_app_id(callingUid) != AID_SYSTEM) { ALOGE("Non-system uid %d trying to start non-pruneable operation", callingUid); @@ -2565,8 +2561,6 @@ public: keymaster_key_blob_t key; key.key_material_size = keyBlob.getLength(); key.key_material = keyBlob.getValue(); - keymaster_key_param_t* out; - size_t outSize; keymaster_operation_handle_t handle; keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); keymaster_error_t err = KM_ERROR_UNIMPLEMENTED; @@ -2601,8 +2595,9 @@ public: return; } } - err = dev->begin(dev, purpose, &key, opParams.data(), opParams.size(), &out, &outSize, - &handle); + keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; + keymaster_key_param_set_t outParams = {NULL, 0}; + err = dev->begin(dev, purpose, &key, &inParams, &outParams, &handle); // If there are too many operations abort the oldest operation that was // started as pruneable and try again. @@ -2612,17 +2607,12 @@ public: if (abort(oldest) != ::NO_ERROR) { break; } - err = dev->begin(dev, purpose, &key, opParams.data(), opParams.size(), &out, &outSize, - &handle); + err = dev->begin(dev, purpose, &key, &inParams, &outParams, &handle); } if (err) { result->resultCode = err; return; } - if (out) { - outParams->params.assign(out, out + outSize); - free(out); - } sp<IBinder> operationToken = mOperationMap.addOperation(handle, dev, appToken, characteristics.release(), @@ -2638,6 +2628,10 @@ public: result->resultCode = authResult; result->token = operationToken; result->handle = handle; + if (outParams.params) { + result->outParams.params.assign(outParams.params, outParams.params + outParams.length); + free(outParams.params); + } } void update(const sp<IBinder>& token, const KeymasterArguments& params, const uint8_t* data, @@ -2652,21 +2646,28 @@ public: result->resultCode = KM_ERROR_INVALID_OPERATION_HANDLE; return; } - uint8_t* output_buf = NULL; - size_t output_length = 0; - size_t consumed = 0; std::vector<keymaster_key_param_t> opParams(params.params); int32_t authResult = addOperationAuthTokenIfNeeded(token, &opParams); if (authResult != ::NO_ERROR) { result->resultCode = authResult; return; } - keymaster_error_t err = dev->update(dev, handle, opParams.data(), opParams.size(), data, - dataLength, &consumed, &output_buf, &output_length); - result->data.reset(output_buf); - result->dataLength = output_length; + keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; + keymaster_blob_t input = {data, dataLength}; + size_t consumed = 0; + keymaster_blob_t output = {NULL, 0}; + keymaster_key_param_set_t outParams = {NULL, 0}; + + keymaster_error_t err = dev->update(dev, handle, &inParams, &input, &consumed, &outParams, + &output); + result->data.reset(const_cast<uint8_t*>(output.data)); + result->dataLength = output.data_length; result->inputConsumed = consumed; result->resultCode = err ? (int32_t) err : ::NO_ERROR; + if (outParams.params) { + result->outParams.params.assign(outParams.params, outParams.params + outParams.length); + free(outParams.params); + } } void finish(const sp<IBinder>& token, const KeymasterArguments& params, @@ -2681,8 +2682,6 @@ public: result->resultCode = KM_ERROR_INVALID_OPERATION_HANDLE; return; } - uint8_t* output_buf = NULL; - size_t output_length = 0; std::vector<keymaster_key_param_t> opParams(params.params); int32_t authResult = addOperationAuthTokenIfNeeded(token, &opParams); if (authResult != ::NO_ERROR) { @@ -2690,15 +2689,22 @@ public: return; } - keymaster_error_t err = dev->finish(dev, handle, opParams.data(), opParams.size(), - signature, signatureLength, &output_buf, - &output_length); + keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; + keymaster_blob_t input = {signature, signatureLength}; + keymaster_blob_t output = {NULL, 0}; + keymaster_key_param_set_t outParams = {NULL, 0}; + keymaster_error_t err = dev->finish(dev, handle, &inParams, &input, &outParams, &output); // Remove the operation regardless of the result mOperationMap.removeOperation(token); mAuthTokenTable.MarkCompleted(handle); - result->data.reset(output_buf); - result->dataLength = output_length; + + result->data.reset(const_cast<uint8_t*>(output.data)); + result->dataLength = output.data_length; result->resultCode = err ? (int32_t) err : ::NO_ERROR; + if (outParams.params) { + result->outParams.params.assign(outParams.params, outParams.params + outParams.length); + free(outParams.params); + } } int32_t abort(const sp<IBinder>& token) { |