Skip to content

Handle extended errorcodes #44

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
BKSSMVenkateswarlu merged 3 commits into from
Jan 21, 2021
Merged

Handle extended errorcodes #44

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
25325b3
Handle extended errorcodes in HAL
Jan 19, 2021
6c97a25
Corrected the extended error code values.
Jan 20, 2021
2023d6d
Renamed SHARED_SECRET to PRESHARED_SECRET
Jan 21, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
104 changes: 82 additions & 22 deletions HAL/keymaster/4.1/JavacardKeymaster4Device.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,6 +94,23 @@ enum class Instruction {
INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD+22
};

//Extended error codes
enum ExtendedErrors {
SW_CONDITIONS_NOT_SATISFIED = -10001,
UNSUPPORTED_CLA = -10002,
INVALID_P1P2 = -10003,
UNSUPPORTED_INSTRUCTION = -10004,
CMD_NOT_ALLOWED = -10005,
SW_WRONG_LENGTH = -10006,
INVALID_DATA = -10007,
CRYPTO_ILLEGAL_USE = -10008,
CRYPTO_ILLEGAL_VALUE = -10009,
CRYPTO_INVALID_INIT = -10010,
CRYPTO_NO_SUCH_ALGORITHM = -10011,
CRYPTO_UNINITIALIZED_KEY = -10012,
GENERIC_UNKNOWN_ERROR = -10013
};

static inline std::unique_ptr<se_transport::TransportFactory>& getTransportFactoryInstance() {
if(pTransportFactory == nullptr) {
pTransportFactory = std::unique_ptr<se_transport::TransportFactory>(new se_transport::TransportFactory(
Expand Down Expand Up @@ -123,6 +140,48 @@ static inline bool getTag(const hidl_vec<KeyParameter>& params, Tag tag, KeyPara
return false;
}

template<typename T = ErrorCode>
static T translateExtendedErrorsToHalErrors(T& errorCode) {
T err;
switch(static_cast<int32_t>(errorCode)) {
case SW_CONDITIONS_NOT_SATISFIED:
case UNSUPPORTED_CLA:
case INVALID_P1P2:
case INVALID_DATA:
case CRYPTO_ILLEGAL_USE:
case CRYPTO_ILLEGAL_VALUE:
case CRYPTO_INVALID_INIT:
case CRYPTO_UNINITIALIZED_KEY:
case GENERIC_UNKNOWN_ERROR:
err = T::UNKNOWN_ERROR;
break;
case CRYPTO_NO_SUCH_ALGORITHM:
err = T::UNSUPPORTED_ALGORITHM;
break;
case UNSUPPORTED_INSTRUCTION:
case CMD_NOT_ALLOWED:
case SW_WRONG_LENGTH:
err = T::UNIMPLEMENTED;
break;
default:
err = static_cast<T>(errorCode);
break;
}
return err;
}

template<typename T = ErrorCode>
static std::tuple<std::unique_ptr<Item>, T> decodeData(CborConverter& cb, const std::vector<uint8_t>& response, bool
hasErrorCode) {
std::unique_ptr<Item> item(nullptr);
T errorCode = T::OK;
std::tie(item, errorCode) = cb.decodeData<T>(response, hasErrorCode);

if (T::OK != errorCode)
errorCode = translateExtendedErrorsToHalErrors<T>(errorCode);
return {std::move(item), errorCode};
}

/* Generate new operation handle */
static ErrorCode generateOperationHandle(uint64_t& oprHandle) {
std::map<uint64_t, std::pair<uint64_t, uint64_t>>::iterator it;
Expand Down Expand Up @@ -390,7 +449,7 @@ Return<void> JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingPa
errorCode = sendData(Instruction::INS_GET_HMAC_SHARING_PARAM_CMD, input, cborData);
if (ErrorCode::OK == errorCode) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborData.begin(), cborData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborData.begin(), cborData.end()-2),
true);
if (item != nullptr) {
if(!cborConverter_.getHmacSharingParameters(item, 1, hmacSharingParameters)) {
Expand Down Expand Up @@ -441,7 +500,7 @@ Return<void> JavacardKeymaster4Device::computeSharedHmac(const hidl_vec<HmacShar
errorCode = sendData(Instruction::INS_COMPUTE_SHARED_HMAC_CMD, cborData, cborOutData);
if (ErrorCode::OK == errorCode) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
if (item != nullptr) {
std::vector<uint8_t> bstr;
Expand Down Expand Up @@ -498,7 +557,7 @@ Return<ErrorCode> JavacardKeymaster4Device::addRngEntropy(const hidl_vec<uint8_t
errorCode = sendData(Instruction::INS_ADD_RNG_ENTROPY_CMD, cborData, cborOutData);
if(errorCode == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
}
return errorCode;
Expand Down Expand Up @@ -530,7 +589,7 @@ Return<void> JavacardKeymaster4Device::generateKey(const hidl_vec<KeyParameter>&

if(errorCode == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
if (item != nullptr) {
if(!cborConverter_.getBinaryArray(item, 1, keyBlob) ||
Expand Down Expand Up @@ -576,7 +635,7 @@ Return<void> JavacardKeymaster4Device::importKey(const hidl_vec<KeyParameter>& k

if(errorCode == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
if (item != nullptr) {
if(!cborConverter_.getBinaryArray(item, 1, keyBlob) ||
Expand Down Expand Up @@ -631,7 +690,7 @@ Return<void> JavacardKeymaster4Device::importWrappedKey(const hidl_vec<uint8_t>&

if(errorCode == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
if (item != nullptr) {
if(!cborConverter_.getBinaryArray(item, 1, keyBlob) ||
Expand Down Expand Up @@ -664,7 +723,7 @@ Return<void> JavacardKeymaster4Device::getKeyCharacteristics(const hidl_vec<uint

if(errorCode == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
if (item != nullptr) {
if(!cborConverter_.getKeyCharacteristics(item, 1, keyCharacteristics)) {
Expand Down Expand Up @@ -730,7 +789,7 @@ Return<void> JavacardKeymaster4Device::attestKey(const hidl_vec<uint8_t>& keyToA
std::vector<std::vector<uint8_t>> temp;
std::vector<uint8_t> rootCert;
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
if (item != nullptr) {
if(!cborConverter_.getMultiBinaryArray(item, 1, temp)) {
Expand All @@ -741,7 +800,8 @@ Return<void> JavacardKeymaster4Device::attestKey(const hidl_vec<uint8_t>& keyToA
errorCode = sendData(Instruction::INS_GET_CERT_CHAIN_CMD, cborData, cborOutData, true);
if(errorCode == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(),
cborOutData.end()-2),
true);
if (item != nullptr) {
std::vector<uint8_t> chain;
Expand Down Expand Up @@ -779,7 +839,7 @@ Return<void> JavacardKeymaster4Device::upgradeKey(const hidl_vec<uint8_t>& keyBl

if(errorCode == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
if (item != nullptr) {
if(!cborConverter_.getBinaryArray(item, 1, upgradedKeyBlob))
Expand All @@ -802,7 +862,7 @@ Return<ErrorCode> JavacardKeymaster4Device::deleteKey(const hidl_vec<uint8_t>& k

if(errorCode == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
}
return errorCode;
Expand All @@ -818,7 +878,7 @@ Return<ErrorCode> JavacardKeymaster4Device::deleteAllKeys() {

if(errorCode == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
}
return errorCode;
Expand All @@ -834,7 +894,7 @@ Return<ErrorCode> JavacardKeymaster4Device::destroyAttestationIds() {

if(errorCode == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
}
return errorCode;
Expand Down Expand Up @@ -918,7 +978,7 @@ Return<void> JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec<
errorCode = sendData(Instruction::INS_BEGIN_OPERATION_CMD, cborData, cborOutData);
if(errorCode == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
if (item != nullptr) {
if(!cborConverter_.getKeyParameters(item, 1, outParams) ||
Expand Down Expand Up @@ -1007,7 +1067,7 @@ Return<void> JavacardKeymaster4Device::update(uint64_t halGeneratedOprHandle, co

if(errorCode == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
if (item != nullptr) {
/*Ignore inputConsumed from javacard SE since HAL consumes all the input */
Expand Down Expand Up @@ -1065,10 +1125,10 @@ Return<void> JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co
request.signature.Reinitialize(signature.data(), signature.size());
request.additional_params.Reinitialize(KmParamSet(inParams));

//FinishOperationResponse response;
softKm_->FinishOperation(request, &response);

errorCode = legacy_enum_conversion(response.error);

if (response.error == KM_ERROR_OK) {
outParams = kmParamSet2Hidl(response.output_params);
output = kmBuffer2hidlVec(response.output);
Expand Down Expand Up @@ -1135,7 +1195,7 @@ Return<void> JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co

if(errorCode == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
if (item != nullptr) {
//There is a change that this finish callback may gets called multiple times if the input data size
Expand Down Expand Up @@ -1194,7 +1254,7 @@ Return<ErrorCode> JavacardKeymaster4Device::abort(uint64_t halGeneratedOprHandle

if(errorCode == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
std::tie(item, errorCode) = decodeData(cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
}
}
Expand Down Expand Up @@ -1226,8 +1286,8 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device

if(ret == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData<::android::hardware::keymaster::V4_1::ErrorCode>(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
std::tie(item, errorCode) = decodeData<::android::hardware::keymaster::V4_1::ErrorCode>(
cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2), true);
}
return errorCode;
}
Expand All @@ -1243,8 +1303,8 @@ Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device

if(ret == ErrorCode::OK) {
//Skip last 2 bytes in cborData, it contains status.
std::tie(item, errorCode) = cborConverter_.decodeData<::android::hardware::keymaster::V4_1::ErrorCode>(std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2),
true);
std::tie(item, errorCode) = decodeData<::android::hardware::keymaster::V4_1::ErrorCode>(
cborConverter_, std::vector<uint8_t>(cborOutData.begin(), cborOutData.end()-2), true);
}
return errorCode;
}
Expand Down
8 changes: 4 additions & 4 deletions HAL/keymaster/4.1/Provision.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ enum class Instruction {
INS_PROVISION_CERT_CHAIN_CMD = INS_BEGIN_KM_CMD+2,
INS_PROVISION_CERT_PARAMS_CMD = INS_BEGIN_KM_CMD+3,
INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD+4,
INS_PROVISION_SHARED_SECRET_CMD = INS_BEGIN_KM_CMD+5,
INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD+5,
INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD+6,
INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD+7,
INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+8,
Expand All @@ -61,7 +61,7 @@ enum ProvisionStatus {
PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02,
PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04,
PROVISION_STATUS_ATTEST_IDS = 0x08,
PROVISION_STATUS_SHARED_SECRET = 0x10,
PROVISION_STATUS_PRESHARED_SECRET = 0x10,
PROVISION_STATUS_BOOT_PARAM = 0x20,
PROVISION_STATUS_PROVISIONING_LOCKED = 0x40,
};
Expand Down Expand Up @@ -406,7 +406,7 @@ static ErrorCode provisionAttestationIDs(std::unique_ptr<se_transport::Transport
static ErrorCode provisionSharedSecret(std::unique_ptr<se_transport::TransportFactory>& transport) {
ErrorCode errorCode = ErrorCode::OK;
cppbor::Array array;
Instruction ins = Instruction::INS_PROVISION_SHARED_SECRET_CMD;
Instruction ins = Instruction::INS_PROVISION_PRESHARED_SECRET_CMD;
std::vector<uint8_t> response;
std::vector<uint8_t> masterKey(kFakeKeyAgreementKey, kFakeKeyAgreementKey +
sizeof(kFakeKeyAgreementKey)/sizeof(kFakeKeyAgreementKey[0]));
Expand Down Expand Up @@ -484,7 +484,7 @@ static bool isSEProvisioned(uint64_t status) {

if(status != (ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY | ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN |
ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS | ProvisionStatus::PROVISION_STATUS_ATTEST_IDS |
ProvisionStatus::PROVISION_STATUS_SHARED_SECRET | ProvisionStatus::PROVISION_STATUS_BOOT_PARAM
ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET | ProvisionStatus::PROVISION_STATUS_BOOT_PARAM
|ProvisionStatus::PROVISION_STATUS_PROVISIONING_LOCKED)) {
ret = false;
}
Expand Down