tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add additional parameters to importWrappedKey

Browse source 
Bug: 31675676
Test: VtsHalKeymasterV4_0TargetTest
Change-Id: I31166d0c562d92bbdcf3357782ac2a076a1bc2d9
This commit is contained in:
Shawn Willden 2018-01-19 13:37:42 -07:00
parent 1b2ad166a4
commit 8d28efa9b8
6 changed files with 50 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
keymaster/4.0/IKeymasterDevice.hal
View file

@ -274,6 +274,23 @@ interface IKeymasterDevice {
* @param maskingKey The 32-byte value XOR'd with the transport key in the SecureWrappedKey * @param maskingKey The 32-byte value XOR'd with the transport key in the SecureWrappedKey
* structure. * structure.
* *
* @param unwrappingParams must contain any parameters needed to perform the unwrapping
* operation. For example, if the wrapping key is an AES key the block and padding modes
* must be specified in this argument.
*
* @param passwordSid specifies the password secure ID (SID) of the user that owns the key being
* installed. If the authorization list in wrappedKeyData contains a Tag::USER_SECURE_ID
* with a value that has the HardwareAuthenticatorType::PASSWORD bit set, the constructed
* key must be bound to the SID value provided by this argument. If the wrappedKeyData
* does not contain such a tag and value, this argument must be ignored.
*
* @param biometricSid specifies the biometric secure ID (SID) of the user that owns the key
* being installed. If the authorization list in wrappedKeyData contains a
* Tag::USER_SECURE_ID with a value that has the HardwareAuthenticatorType::FINGERPRINT
* bit set, the constructed key must be bound to the SID value provided by this argument.
* If the wrappedKeyData does not contain such a tag and value, this argument must be
* ignored.
*
* @return error See the ErrorCode enum. * @return error See the ErrorCode enum.
* *
* @return keyBlob Opaque descriptor of the imported key. It is recommended that the keyBlob * @return keyBlob Opaque descriptor of the imported key. It is recommended that the keyBlob
@ -281,8 +298,9 @@ interface IKeymasterDevice {
* hardware. * hardware.
*/ */
importWrappedKey(vec<uint8_t> wrappedKeyData, vec<uint8_t> wrappingKeyBlob, importWrappedKey(vec<uint8_t> wrappedKeyData, vec<uint8_t> wrappingKeyBlob,
vec<uint8_t> maskingKey) vec<uint8_t> maskingKey, vec<KeyParameter> unwrappingParams,
generates (ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics); uint64_t passwordSid, uint64_t biometricSid)
generates(ErrorCode error, vec<uint8_t> keyBlob, KeyCharacteristics keyCharacteristics);
/** /**
* Returns the characteristics of the specified key, if the keyBlob is valid (implementations * Returns the characteristics of the specified key, if the keyBlob is valid (implementations

8
keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h
View file

@ -74,8 +74,12 @@ class Keymaster3 : public Keymaster {
Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat, Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override; const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override;
Return<void> importWrappedKey(const hidl_vec<uint8_t>&, const hidl_vec<uint8_t>&, Return<void> importWrappedKey(const hidl_vec<uint8_t>& /* wrappedKeyData */,
const hidl_vec<uint8_t>&, importWrappedKey_cb _hidl_cb) { const hidl_vec<uint8_t>& /* wrappingKeyBlob */,
const hidl_vec<uint8_t>& /* maskingKey */,
const hidl_vec<KeyParameter>& /* unwrappingParams */,
uint64_t /* passwordSid */, uint64_t /* biometricSid */,
importWrappedKey_cb _hidl_cb) {
_hidl_cb(ErrorCode::UNIMPLEMENTED, {}, {}); _hidl_cb(ErrorCode::UNIMPLEMENTED, {}, {});
return Void(); return Void();
} }

5
keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h
View file

@ -81,8 +81,11 @@ class Keymaster4 : public Keymaster {
Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData, Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
const hidl_vec<uint8_t>& wrappingKeyBlob, const hidl_vec<uint8_t>& wrappingKeyBlob,
const hidl_vec<uint8_t>& maskingKey, const hidl_vec<uint8_t>& maskingKey,
const hidl_vec<KeyParameter>& unwrappingParams,
uint64_t passwordSid, uint64_t biometricSid,
importWrappedKey_cb _hidl_cb) { importWrappedKey_cb _hidl_cb) {
return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, _hidl_cb); return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, unwrappingParams,
passwordSid, biometricSid, _hidl_cb);
} }
Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob, Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,

5
keymaster/4.0/vts/functional/KeymasterHidlTest.cpp
View file

@ -137,11 +137,14 @@ ErrorCode KeymasterHidlTest::ImportKey(const AuthorizationSet& key_desc, KeyForm
ErrorCode KeymasterHidlTest::ImportWrappedKey(string wrapped_key, string wrapping_key, ErrorCode KeymasterHidlTest::ImportWrappedKey(string wrapped_key, string wrapping_key,
const AuthorizationSet& wrapping_key_desc, const AuthorizationSet& wrapping_key_desc,
string masking_key) { string masking_key,
const AuthorizationSet& unwrapping_params) {
ErrorCode error; ErrorCode error;
ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key); ImportKey(wrapping_key_desc, KeyFormat::PKCS8, wrapping_key);
EXPECT_TRUE(keymaster_ EXPECT_TRUE(keymaster_
->importWrappedKey(HidlBuf(wrapped_key), key_blob_, HidlBuf(masking_key), ->importWrappedKey(HidlBuf(wrapped_key), key_blob_, HidlBuf(masking_key),
unwrapping_params.hidl_data(), 0 /* passwordSid */,
0 /* biometricSid */,
[&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob, [&](ErrorCode hidl_error, const HidlBuf& hidl_key_blob,
const KeyCharacteristics& hidl_key_characteristics) { const KeyCharacteristics& hidl_key_characteristics) {
error = hidl_error; error = hidl_error;

3
keymaster/4.0/vts/functional/KeymasterHidlTest.h
View file

@ -116,7 +116,8 @@ class KeymasterHidlTest : public ::testing::VtsHalHidlTargetTestBase {
const string& key_material); const string& key_material);
ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key, ErrorCode ImportWrappedKey(string wrapped_key, string wrapping_key,
const AuthorizationSet& wrapping_key_desc, string masking_key); const AuthorizationSet& wrapping_key_desc, string masking_key,
const AuthorizationSet& unwrapping_params);
ErrorCode ExportKey(KeyFormat format, const HidlBuf& key_blob, const HidlBuf& client_id, ErrorCode ExportKey(KeyFormat format, const HidlBuf& key_blob, const HidlBuf& client_id,
const HidlBuf& app_data, HidlBuf* key_material); const HidlBuf& app_data, HidlBuf* key_material);

22
keymaster/4.0/vts/functional/keymaster_hidl_hal_test.cpp
View file

@ -1943,7 +1943,9 @@ TEST_F(ImportWrappedKeyTest, Success) {
.Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY); .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY);
ASSERT_EQ(ErrorCode::OK, ASSERT_EQ(ErrorCode::OK,
ImportWrappedKey(wrapped_key, wrapping_key, wrapping_key_desc, zero_masking_key)); ImportWrappedKey(
wrapped_key, wrapping_key, wrapping_key_desc, zero_masking_key,
AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP)));
string message = "Hello World!"; string message = "Hello World!";
auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7); auto params = AuthorizationSetBuilder().BlockMode(BlockMode::ECB).Padding(PaddingMode::PKCS7);
@ -1960,7 +1962,9 @@ TEST_F(ImportWrappedKeyTest, SuccessMasked) {
.Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY); .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY);
ASSERT_EQ(ErrorCode::OK, ASSERT_EQ(ErrorCode::OK,
ImportWrappedKey(wrapped_key_masked, wrapping_key, wrapping_key_desc, masking_key)); ImportWrappedKey(
wrapped_key_masked, wrapping_key, wrapping_key_desc, masking_key,
AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP)));
} }
TEST_F(ImportWrappedKeyTest, WrongMask) { TEST_F(ImportWrappedKeyTest, WrongMask) {
@ -1970,9 +1974,10 @@ TEST_F(ImportWrappedKeyTest, WrongMask) {
.Padding(PaddingMode::RSA_OAEP) .Padding(PaddingMode::RSA_OAEP)
.Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY); .Authorization(TAG_PURPOSE, KeyPurpose::WRAP_KEY);
ASSERT_EQ( ASSERT_EQ(ErrorCode::VERIFICATION_FAILED,
ErrorCode::VERIFICATION_FAILED, ImportWrappedKey(
ImportWrappedKey(wrapped_key_masked, wrapping_key, wrapping_key_desc, zero_masking_key)); wrapped_key_masked, wrapping_key, wrapping_key_desc, zero_masking_key,
AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP)));
} }
TEST_F(ImportWrappedKeyTest, WrongPurpose) { TEST_F(ImportWrappedKeyTest, WrongPurpose) {
@ -1981,9 +1986,10 @@ TEST_F(ImportWrappedKeyTest, WrongPurpose) {
.Digest(Digest::SHA1) .Digest(Digest::SHA1)
.Padding(PaddingMode::RSA_OAEP); .Padding(PaddingMode::RSA_OAEP);
ASSERT_EQ( ASSERT_EQ(ErrorCode::INCOMPATIBLE_PURPOSE,
ErrorCode::INCOMPATIBLE_PURPOSE, ImportWrappedKey(
ImportWrappedKey(wrapped_key_masked, wrapping_key, wrapping_key_desc, zero_masking_key)); wrapped_key_masked, wrapping_key, wrapping_key_desc, zero_masking_key,
AuthorizationSetBuilder().Digest(Digest::SHA1).Padding(PaddingMode::RSA_OAEP)));
} }
typedef KeymasterHidlTest EncryptionOperationsTest; typedef KeymasterHidlTest EncryptionOperationsTest;