Add additional parameters to importWrappedKey
Bug: 31675676 Test: VtsHalKeymasterV4_0TargetTest Change-Id: I31166d0c562d92bbdcf3357782ac2a076a1bc2d9
This commit is contained in:
Shawn Willden
parent
1b2ad166a4
commit
8d28efa9b8
6 changed files with 50 additions and 15 deletions
|
|
@ -274,6 +274,23 @@ interface IKeymasterDevice {
|
|||
* @param maskingKey The 32-byte value XOR'd with the transport key in the SecureWrappedKey
|
||||
* structure.
|
||||
*
|
||||
* @param unwrappingParams must contain any parameters needed to perform the unwrapping
|
||||
* operation. For example, if the wrapping key is an AES key the block and padding modes
|
||||
* must be specified in this argument.
|
||||
*
|
||||
* @param passwordSid specifies the password secure ID (SID) of the user that owns the key being
|
||||
* installed. If the authorization list in wrappedKeyData contains a Tag::USER_SECURE_ID
|
||||
* with a value that has the HardwareAuthenticatorType::PASSWORD bit set, the constructed
|
||||
* key must be bound to the SID value provided by this argument. If the wrappedKeyData
|
||||
* does not contain such a tag and value, this argument must be ignored.
|
||||
*
|
||||
* @param biometricSid specifies the biometric secure ID (SID) of the user that owns the key
|
||||
* being installed. If the authorization list in wrappedKeyData contains a
|
||||
* Tag::USER_SECURE_ID with a value that has the HardwareAuthenticatorType::FINGERPRINT
|
||||
* bit set, the constructed key must be bound to the SID value provided by this argument.
|
||||
* If the wrappedKeyData does not contain such a tag and value, this argument must be
|
||||
* ignored.
|
||||
*
|
||||
* @return error See the ErrorCode enum.
|
||||
*
|
||||
* @return keyBlob Opaque descriptor of the imported key. It is recommended that the keyBlob
|
||||
|
|
@ -281,8 +298,9 @@ interface IKeymasterDevice {
|
|||
* hardware.
|
||||
*/
|
||||
importWrappedKey(vec<uint8_t> wrappedKeyData, vec<uint8_t> wrappingKeyBlob,
|
||||
vec<uint8_t> maskingKey)
|
||||
generates (ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);
|
||||
vec<uint8_t> maskingKey, vec<KeyParameter> unwrappingParams,
|
||||
uint64_t passwordSid, uint64_t biometricSid)
|
||||
generates(ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);
|
||||
|
||||
/**
|
||||
* Returns the characteristics of the specified key, if the keyBlob is valid (implementations
|
||||
|
|
|
|||
|
|
@ -74,8 +74,12 @@ class Keymaster3 : public Keymaster {
|
|||
Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
|
||||
const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override;
|
||||
|
||||
Return<void> importWrappedKey(const hidl_vec<uint8_t>&, const hidl_vec<uint8_t>&,
|
||||
const hidl_vec<uint8_t>&, importWrappedKey_cb _hidl_cb) {
|
||||
Return<void> importWrappedKey(const hidl_vec<uint8_t>& /* wrappedKeyData */,
|
||||
const hidl_vec<uint8_t>& /* wrappingKeyBlob */,
|
||||
const hidl_vec<uint8_t>& /* maskingKey */,
|
||||
const hidl_vec<KeyParameter>& /* unwrappingParams */,
|
||||
uint64_t /* passwordSid */, uint64_t /* biometricSid */,
|
||||
importWrappedKey_cb _hidl_cb) {
|
||||
_hidl_cb(ErrorCode::UNIMPLEMENTED, {}, {});
|
||||
return Void();
|
||||
}
|
||||
|
|
|
|||
|
|
@ -81,8 +81,11 @@ class Keymaster4 : public Keymaster {
|
|||
Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
|
||||
const hidl_vec<uint8_t>& wrappingKeyBlob,
|
||||
const hidl_vec<uint8_t>& maskingKey,
|
||||
const hidl_vec<KeyParameter>& unwrappingParams,
|
||||
uint64_t passwordSid, uint64_t biometricSid,
|
||||
importWrappedKey_cb _hidl_cb) {
|
||||
return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, _hidl_cb);
|
||||
return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, unwrappingParams,
|
||||
passwordSid, biometricSid, _hidl_cb);
|
||||
}
|
||||
|
||||
Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
|
||||
|
|
|
|||
|
|
@ -137,11 +137,14 @@ ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyForm
|
|||
|
||||
ErrorCode KeymasterHidlTest::ImportWrappedKey(string wrapped_key, string wrapping_key,
|
||||
const AuthorizationSet& wrapping_key_desc,
|
||||
string masking_key) {
|
||||
string masking_key,
|
||||
const AuthorizationSet& unwrapping_params) {
|
||||
ErrorCode error;
|
||||
ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key);
|
||||
EXPECT_TRUE(keymaster_
|
||||
->importWrappedKey(HidlBuf(wrapped_key), key_blob_, HidlBuf(masking_key),
|
||||
unwrapping_params.hidl_data(), 0 /* passwordSid */,
|
||||
0 /* biometricSid */,
|
||||
[&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
|
||||
const KeyCharacteristics& hidl_key_characteristics) {
|
||||
error = hidl_error;
|
||||
|
|
|
|||
|
|
@ -116,7 +116,8 @@ class KeymasterHidlTest : public ::testing::VtsHalHidlTargetTestBase {
|
|||
const string& key_material);
|
||||
|
||||
ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
|
||||
const AuthorizationSet& wrapping_key_desc, string masking_key);
|
||||
const AuthorizationSet& wrapping_key_desc, string masking_key,
|
||||
const AuthorizationSet& unwrapping_params);
|
||||
|
||||
ErrorCode ExportKey(KeyFormat format, const HidlBuf& key_blob, const HidlBuf& client_id,
|
||||
const HidlBuf& app_data, HidlBuf* key_material);
|
||||
|
|
|
|||
|
|
@ -1943,7 +1943,9 @@ TEST_F(ImportWrappedKeyTest, Success) {
|
|||
.Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY);
|
||||
|
||||
ASSERT_EQ(ErrorCode::OK,
|
||||
ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, zero_masking_key));
|
||||
ImportWrappedKey(
|
||||
wrapped_key, wrapping_key, wrapping_key_desc, zero_masking_key,
|
||||
AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP)));
|
||||
|
||||
string message = "Hello World!";
|
||||
auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7);
|
||||
|
|
@ -1960,7 +1962,9 @@ TEST_F(ImportWrappedKeyTest, SuccessMasked) {
|
|||
.Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY);
|
||||
|
||||
ASSERT_EQ(ErrorCode::OK,
|
||||
ImportWrappedKey(wrapped_key_masked, wrapping_key, wrapping_key_desc, masking_key));
|
||||
ImportWrappedKey(
|
||||
wrapped_key_masked, wrapping_key, wrapping_key_desc, masking_key,
|
||||
AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP)));
|
||||
}
|
||||
|
||||
TEST_F(ImportWrappedKeyTest, WrongMask) {
|
||||
|
|
@ -1970,9 +1974,10 @@ TEST_F(ImportWrappedKeyTest, WrongMask) {
|
|||
.Padding(PaddingMode::RSA_OAEP)
|
||||
.Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY);
|
||||
|
||||
ASSERT_EQ(
|
||||
ErrorCode::VERIFICATION_FAILED,
|
||||
ImportWrappedKey(wrapped_key_masked, wrapping_key, wrapping_key_desc, zero_masking_key));
|
||||
ASSERT_EQ(ErrorCode::VERIFICATION_FAILED,
|
||||
ImportWrappedKey(
|
||||
wrapped_key_masked, wrapping_key, wrapping_key_desc, zero_masking_key,
|
||||
AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP)));
|
||||
}
|
||||
|
||||
TEST_F(ImportWrappedKeyTest, WrongPurpose) {
|
||||
|
|
@ -1981,9 +1986,10 @@ TEST_F(ImportWrappedKeyTest, WrongPurpose) {
|
|||
.Digest(Digest::SHA1)
|
||||
.Padding(PaddingMode::RSA_OAEP);
|
||||
|
||||
ASSERT_EQ(
|
||||
ErrorCode::INCOMPATIBLE_PURPOSE,
|
||||
ImportWrappedKey(wrapped_key_masked, wrapping_key, wrapping_key_desc, zero_masking_key));
|
||||
ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
|
||||
ImportWrappedKey(
|
||||
wrapped_key_masked, wrapping_key, wrapping_key_desc, zero_masking_key,
|
||||
AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP)));
|
||||
}
|
||||
|
||||
typedef KeymasterHidlTest EncryptionOperationsTest;
|
||||
|
|
|
|||
Loading…
Reference in a new issue