Add attestation app ID to attestation unit tests am: a972444c14 -s ours am: e947686062 -s ours
am: 3eb6ef0fc6 -s ours
Change-Id: I6e88106d2553c68a5bce881a365ad39a572b32ae
diff --git a/Android.bp b/Android.bp
index 46e1269..2da023a 100644
--- a/Android.bp
+++ b/Android.bp
@@ -17,6 +17,9 @@
cc_library_shared {
name: "libkeymaster_messages",
vendor_available: true,
+ vndk: {
+ enabled: true,
+ },
srcs: [
"android_keymaster_messages.cpp",
"android_keymaster_utils.cpp",
@@ -50,6 +53,9 @@
cc_library_shared {
name: "libkeymaster_portable",
vendor_available: true,
+ vndk: {
+ enabled: true,
+ },
srcs: [
"aes_key.cpp",
"aes_operation.cpp",
@@ -121,6 +127,9 @@
cc_library_shared {
name: "libkeymaster_staging",
vendor_available: true,
+ vndk: {
+ enabled: true,
+ },
srcs: [
"ecies_kem.cpp",
"hkdf.cpp",
@@ -157,9 +166,12 @@
// libsoftkeymaster provides a software-based keymaster HAL implementation.
// This is used by keystore as a fallback for when the hardware keymaster does
// not support the request.
-cc_library_shared {
+cc_library {
name: "libsoftkeymasterdevice",
vendor_available: true,
+ vndk: {
+ enabled: true,
+ },
srcs: [
"ec_keymaster0_key.cpp",
"ec_keymaster1_key.cpp",
diff --git a/android_keymaster.cpp b/android_keymaster.cpp
index d573cd2..c5c85c7 100644
--- a/android_keymaster.cpp
+++ b/android_keymaster.cpp
@@ -283,7 +283,7 @@
return;
operation->SetAuthorizations(key->authorizations());
- response->error = operation_table_->Add(operation.release(), &response->op_handle);
+ response->error = operation_table_->Add(operation.release(), *context_, &response->op_handle);
}
void AndroidKeymaster::UpdateOperation(const UpdateOperationRequest& request,
diff --git a/attestation_record.cpp b/attestation_record.cpp
index e74c676..a59148d 100644
--- a/attestation_record.cpp
+++ b/attestation_record.cpp
@@ -495,10 +495,29 @@
} else {
keymaster_security_level = KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT;
switch (context.GetSecurityLevel()) {
- case KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT:
+ case KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT: {
keymaster_version = kCurrentKeymasterVersion;
- break;
+ // Root of trust is only available in TEE
+ KM_AUTH_LIST* tee_record = key_desc->tee_enforced;
+ tee_record->root_of_trust = KM_ROOT_OF_TRUST_new();
+ keymaster_blob_t verified_boot_key;
+ keymaster_verified_boot_t verified_boot_state;
+ bool device_locked;
+ keymaster_error_t error = context.GetVerifiedBootParams(
+ &verified_boot_key, &verified_boot_state, &device_locked);
+ if (error != KM_ERROR_OK)
+ return error;
+ if (verified_boot_key.data_length &&
+ !ASN1_OCTET_STRING_set(tee_record->root_of_trust->verified_boot_key,
+ verified_boot_key.data, verified_boot_key.data_length))
+ return TranslateLastOpenSslError();
+ tee_record->root_of_trust->device_locked = (int*)device_locked;
+ if (!ASN1_ENUMERATED_set(tee_record->root_of_trust->verified_boot_state,
+ verified_boot_state))
+ return TranslateLastOpenSslError();
+ break;
+ }
case KM_SECURITY_LEVEL_SOFTWARE:
// We're running in software, wrapping some KM hardware. Is it KM0 or KM1? KM1 keys
// have the purpose in the tee_enforced list. It's possible that a key could be created
diff --git a/ecdsa_keymaster1_operation.h b/ecdsa_keymaster1_operation.h
index 6045686..2066639 100644
--- a/ecdsa_keymaster1_operation.h
+++ b/ecdsa_keymaster1_operation.h
@@ -43,7 +43,9 @@
keymaster_error_t GetError(EVP_PKEY* ecdsa_key);
- protected:
+ keymaster_operation_handle_t GetOperationHandle() const { return operation_handle_; }
+
+ private:
keymaster_purpose_t purpose_;
keymaster_operation_handle_t operation_handle_;
const Keymaster1Engine* engine_;
@@ -90,6 +92,12 @@
return super::Abort();
}
+ keymaster_error_t CreateOperationHandle(const KeymasterContext& /* context */,
+ keymaster_operation_handle_t* op_handle) override {
+ *op_handle = wrapped_operation_.GetOperationHandle();
+ return KM_ERROR_OK;
+ }
+
private:
EcdsaKeymaster1WrappedOperation wrapped_operation_;
};
diff --git a/include/keymaster/keymaster_context.h b/include/keymaster/keymaster_context.h
index cf18869..01e66db 100644
--- a/include/keymaster/keymaster_context.h
+++ b/include/keymaster/keymaster_context.h
@@ -196,6 +196,18 @@
return KM_ERROR_UNIMPLEMENTED;
}
+ /**
+ * Returns verified boot parameters for the Attestation Extension. For hardware-based
+ * implementations, these will be the values reported by the bootloader. By default, verified
+ * boot state is unknown, and KM_ERROR_UNIMPLEMENTED is returned.
+ */
+ virtual keymaster_error_t
+ GetVerifiedBootParams(keymaster_blob_t* /* verified_boot_key */,
+ keymaster_verified_boot_t* /* verified_boot_state */,
+ bool* /* device_locked */) const {
+ return KM_ERROR_UNIMPLEMENTED;
+ }
+
private:
// Uncopyable.
KeymasterContext(const KeymasterContext&);
diff --git a/openssl_err.cpp b/openssl_err.cpp
index 078b8e3..d8398bd 100644
--- a/openssl_err.cpp
+++ b/openssl_err.cpp
@@ -167,6 +167,7 @@
case RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE:
return KM_ERROR_INVALID_INPUT_LENGTH;
case RSA_R_DATA_TOO_LARGE_FOR_MODULUS:
+ case RSA_R_DATA_TOO_LARGE:
return KM_ERROR_INVALID_ARGUMENT;
default:
return KM_ERROR_UNKNOWN_ERROR;
diff --git a/operation.cpp b/operation.cpp
index 410c9aa..cb46b45 100644
--- a/operation.cpp
+++ b/operation.cpp
@@ -17,6 +17,7 @@
#include "operation.h"
#include <keymaster/authorization_set.h>
+#include <keymaster/keymaster_context.h>
#include "key.h"
@@ -134,6 +135,11 @@
return true;
}
+keymaster_error_t Operation::CreateOperationHandle(const KeymasterContext& context,
+ keymaster_operation_handle_t* op_handle) {
+ return context.GenerateRandom(reinterpret_cast<uint8_t*>(op_handle), sizeof(*op_handle));
+}
+
keymaster_error_t Operation::UpdateForFinish(const AuthorizationSet& input_params,
const Buffer& input) {
if (!input_params.empty() || input.available_read()) {
diff --git a/operation.h b/operation.h
index aadc406..1415f04 100644
--- a/operation.h
+++ b/operation.h
@@ -30,6 +30,7 @@
class AuthorizationSet;
class Key;
+class KeymasterContext;
class Operation;
class OperationFactory {
@@ -109,8 +110,10 @@
const Buffer& signature, AuthorizationSet* output_params,
Buffer* output) = 0;
virtual keymaster_error_t Abort() = 0;
+ virtual keymaster_error_t CreateOperationHandle(const KeymasterContext& context,
+ keymaster_operation_handle_t* op_handle);
-protected:
+ protected:
// Helper function for implementing Finish() methods that need to call Update() to process
// input, but don't expect any output.
keymaster_error_t UpdateForFinish(const AuthorizationSet& input_params, const Buffer& input);
diff --git a/operation_table.cpp b/operation_table.cpp
index 533f754..cf907c8 100644
--- a/operation_table.cpp
+++ b/operation_table.cpp
@@ -31,7 +31,7 @@
handle = 0;
}
-keymaster_error_t OperationTable::Add(Operation* operation,
+keymaster_error_t OperationTable::Add(Operation* operation, const KeymasterContext& context,
keymaster_operation_handle_t* op_handle) {
if (!table_.get()) {
table_.reset(new (std::nothrow) Entry[table_size_]);
@@ -40,8 +40,9 @@
}
UniquePtr<Operation> op(operation);
- if (RAND_bytes(reinterpret_cast<uint8_t*>(op_handle), sizeof(*op_handle)) != 1)
- return TranslateLastOpenSslError();
+ keymaster_error_t error = operation->CreateOperationHandle(context, op_handle);
+ if (error != KM_ERROR_OK)
+ return error;
if (*op_handle == 0) {
// Statistically this is vanishingly unlikely, which means if it ever happens in practice,
// it indicates a broken RNG.
diff --git a/operation_table.h b/operation_table.h
index 0f3f096..3ac8506 100644
--- a/operation_table.h
+++ b/operation_table.h
@@ -23,6 +23,7 @@
namespace keymaster {
+class KeymasterContext;
class Operation;
class OperationTable {
@@ -39,7 +40,8 @@
Operation* operation;
};
- keymaster_error_t Add(Operation* operation, keymaster_operation_handle_t* op_handle);
+ keymaster_error_t Add(Operation* operation, const KeymasterContext& context,
+ keymaster_operation_handle_t* op_handle);
Operation* Find(keymaster_operation_handle_t op_handle);
bool Delete(keymaster_operation_handle_t);
diff --git a/rsa_keymaster1_operation.h b/rsa_keymaster1_operation.h
index 30123f0..1cfa8be 100644
--- a/rsa_keymaster1_operation.h
+++ b/rsa_keymaster1_operation.h
@@ -43,7 +43,9 @@
keymaster_error_t GetError(EVP_PKEY* rsa_key);
- protected:
+ keymaster_operation_handle_t GetOperationHandle() const { return operation_handle_; }
+
+ private:
keymaster_purpose_t purpose_;
keymaster_operation_handle_t operation_handle_;
const Keymaster1Engine* engine_;
@@ -90,6 +92,12 @@
return super::Abort();
}
+ keymaster_error_t CreateOperationHandle(const KeymasterContext& /* context */,
+ keymaster_operation_handle_t* op_handle) override {
+ *op_handle = wrapped_operation_.GetOperationHandle();
+ return KM_ERROR_OK;
+ }
+
private:
RsaKeymaster1WrappedOperation wrapped_operation_;
};