diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp index 67f8f527..95de2096 100644 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp @@ -59,10 +59,11 @@ namespace javacard { static std::unique_ptr pTransportFactory = nullptr; constexpr size_t kOperationTableSize = 4; -/* Key is the newly generated operation handle. Value is a pair with first element having - * original operation handle and second element represents SW or SB operation. +/* + * Key is the operation handle generated by either SoftKM or StrongboxKM and + * value is either PUBLIC_OPERATION or PRIVATE_OPERATION */ -std::map> operationTable; +std::map operationTable; struct KM_AUTH_LIST_Delete { void operator()(KM_AUTH_LIST* p) { KM_AUTH_LIST_free(p); } @@ -183,51 +184,20 @@ static T translateExtendedErrorsToHalErrors(T& errorCode) { return err; } -/* Generate new operation handle */ -static ErrorCode generateOperationHandle(uint64_t& oprHandle) { - std::map>::iterator it; - do { - keymaster_error_t err = GenerateRandom(reinterpret_cast(&oprHandle), (size_t)sizeof(oprHandle)); - if (err != KM_ERROR_OK) { - return legacy_enum_conversion(err); - } - it = operationTable.find(oprHandle); - } while (it != operationTable.end()); - return ErrorCode::OK; -} - -/* Create a new operation handle entry in operation table.*/ -static ErrorCode createOprHandleEntry(uint64_t origOprHandle, uint64_t keymasterSrc, uint64_t& newOperationHandle) { - ErrorCode errorCode = ErrorCode::OK; - if (ErrorCode::OK != (errorCode = generateOperationHandle(newOperationHandle))) { - return errorCode; - } - operationTable[newOperationHandle] = std::make_pair(origOprHandle, keymasterSrc); - return errorCode; -} - -/* Get original operation handle generated by softkeymaster/strongboxkeymaster. */ -static ErrorCode getOrigOperationHandle(uint64_t halGeneratedOperationHandle, uint64_t& origOprHandle) { - std::map>::iterator it = operationTable.find(halGeneratedOperationHandle); - if (it == operationTable.end()) { - return ErrorCode::INVALID_OPERATION_HANDLE; +/* Returns true if operation handle exists, otherwise false */ +static inline bool isOperationHandleExists(uint64_t opHandle) { + if (operationTable.end() == operationTable.find(opHandle)) { + return false; } - origOprHandle = it->second.first; - return ErrorCode::OK; + return true; } -/* Tells if the operation handle belongs to strongbox keymaster. */ -static bool isStrongboxOperation(uint64_t halGeneratedOperationHandle) { - std::map>::iterator it = operationTable.find(halGeneratedOperationHandle); +static inline OperationType getOperationType(uint64_t operationHandle) { + auto it = operationTable.find(operationHandle); if (it == operationTable.end()) { - return false; + return OperationType::UNKNOWN; } - return (SB_KM_OPR == it->second.second); -} - -/* Delete the operation handle entry from operation table. */ -static void deleteOprHandleEntry(uint64_t halGeneratedOperationHandle) { - operationTable.erase(halGeneratedOperationHandle); + return it->second; } /* Clears all the strongbox operation handle entries from operation table */ @@ -235,9 +205,9 @@ static void clearStrongboxOprHandleEntries(const std::unique_ptrsecond.second == SB_KM_OPR) { //Strongbox operation + if (it->second == OperationType::PRIVATE_OPERATION) { //Strongbox operation LOG(INFO) << "operation handle: " << it->first << " is removed"; - oprCtx->clearOperationData(it->second.first); + oprCtx->clearOperationData(it->first); it = operationTable.erase(it); } else { ++it; @@ -1026,55 +996,97 @@ Return JavacardKeymaster4Device::destroyAttestationIds() { return errorCode; } -Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams, const HardwareAuthToken& authToken, begin_cb _hidl_cb) { + +Return JavacardKeymaster4Device::begin(KeyPurpose purpose, + const hidl_vec& keyBlob, + const hidl_vec& inParams, + const HardwareAuthToken& authToken, + begin_cb _hidl_cb) { ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - hidl_vec outParams; uint64_t operationHandle = 0; - hidl_vec resultParams; - uint64_t generatedOpHandle = 0; - - if(keyBlob.size() == 0) { - LOG(ERROR) << "Error in INS_BEGIN_OPERATION_CMD, keyblob size is 0"; - _hidl_cb(ErrorCode::INVALID_ARGUMENT, resultParams, operationHandle); - return Void(); - } - /* Asymmetric public key operations like RSA Verify, RSA Encrypt, ECDSA verify - * are handled by softkeymaster. + OperationType operType = OperationType::PRIVATE_OPERATION; + hidl_vec outParams; + LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD purpose: " << (int32_t)purpose; + /* + * Asymmetric public key operations are processed inside softkeymaster and private + * key operations are processed inside strongbox keymaster. + * All symmetric key operations are processed inside strongbox keymaster. + * If the purpose is either ENCRYPT / VERIFY then the operation type is set + * to public operation and in case if the key turned out to be a symmetric key then + * handleBeginOperation() function fallbacks to private key operation. */ LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD purpose: " << (int32_t)purpose; if (KeyPurpose::ENCRYPT == purpose || KeyPurpose::VERIFY == purpose) { - BeginOperationRequest request; - request.purpose = legacy_enum_conversion(purpose); - request.SetKeyMaterial(keyBlob.data(), keyBlob.size()); - request.additional_params.Reinitialize(KmParamSet(inParams)); - - BeginOperationResponse response; - /* For Symmetric key operation, the BeginOperation returns KM_ERROR_INCOMPATIBLE_ALGORITHM error. */ - softKm_->BeginOperation(request, &response); - errorCode = legacy_enum_conversion(response.error); - LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD softkm BeginOperation status: " << (int32_t) errorCode; - if (errorCode != ErrorCode::OK) - LOG(ERROR) << "INS_BEGIN_OPERATION_CMD error in softkm BeginOperation status: " << (int32_t) errorCode; - - if (response.error == KM_ERROR_OK) { - resultParams = kmParamSet2Hidl(response.output_params); - } - if (response.error != KM_ERROR_INCOMPATIBLE_ALGORITHM) { /*Incompatible algorithm could be handled by JavaCard*/ - errorCode = legacy_enum_conversion(response.error); - /* Create a new operation handle and add a entry inside the operation table map with - * key - new operation handle - * value - hal generated operation handle. - */ - if (errorCode == ErrorCode::OK) { - errorCode = createOprHandleEntry(response.op_handle, SW_KM_OPR, generatedOpHandle); - if (errorCode != ErrorCode::OK) - LOG(ERROR) << "INS_BEGIN_OPERATION_CMD error while creating new operation handle: " << (int32_t) errorCode; + operType = OperationType::PUBLIC_OPERATION; + } + errorCode = handleBeginOperation(purpose, keyBlob, inParams, authToken, outParams, + operationHandle, operType); + if (errorCode == ErrorCode::OK && isOperationHandleExists(operationHandle)) { + LOG(DEBUG) << "Operation handle " << operationHandle << "already exists" + "in the opertion table. so aborting this opertaion."; + // abort the operation. + errorCode = abortOperation(operationHandle, operType); + if (errorCode == ErrorCode::OK) { + // retry begin to get an another operation handle. + errorCode = + handleBeginOperation(purpose, keyBlob, inParams, authToken, outParams, + operationHandle, operType); + if (errorCode == ErrorCode::OK && isOperationHandleExists(operationHandle)) { + errorCode = ErrorCode::UNKNOWN_ERROR; + LOG(ERROR) + << "INS_BEGIN_OPERATION_CMD: Failed in begin operation as the" + "operation handle already exists in the operation table." + << (int32_t)errorCode; + // abort the operation. + auto abortErr = abortOperation(operationHandle, operType); + if (abortErr != ErrorCode::OK) { + LOG(ERROR) << "Fail to abort the operation."; + errorCode = abortErr; + } } - _hidl_cb(errorCode, resultParams, generatedOpHandle); - return Void(); } } + // Create an entry inside the operation table for the new operation + // handle. + if (ErrorCode::OK == errorCode) + operationTable[operationHandle] = operType; + + _hidl_cb(errorCode, outParams, operationHandle); + return Void(); +} + +ErrorCode JavacardKeymaster4Device::handleBeginPublicKeyOperation( + KeyPurpose purpose, const hidl_vec& keyBlob, + const hidl_vec& inParams, hidl_vec& outParams, + uint64_t& operationHandle) { + BeginOperationRequest request; + request.purpose = legacy_enum_conversion(purpose); + request.SetKeyMaterial(keyBlob.data(), keyBlob.size()); + request.additional_params.Reinitialize(KmParamSet(inParams)); + + BeginOperationResponse response; + /* For Symmetric key operation, the BeginOperation returns + * KM_ERROR_INCOMPATIBLE_ALGORITHM error. */ + softKm_->BeginOperation(request, &response); + ErrorCode errorCode = legacy_enum_conversion(response.error); + LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD softkm BeginOperation status: " + << (int32_t)errorCode; + if (ErrorCode::OK == errorCode) { + outParams = kmParamSet2Hidl(response.output_params); + operationHandle = response.op_handle; + } else { + LOG(ERROR) + << "INS_BEGIN_OPERATION_CMD error in softkm BeginOperation status: " + << (int32_t)errorCode; + } + return errorCode; +} +ErrorCode JavacardKeymaster4Device::handleBeginPrivateKeyOperation( + KeyPurpose purpose, const hidl_vec& keyBlob, + const hidl_vec& inParams, const HardwareAuthToken& authToken, + hidl_vec& outParams, uint64_t& operationHandle) { + ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; cppbor::Array array; std::vector cborOutData; std::unique_ptr item; @@ -1089,78 +1101,107 @@ Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec< cborConverter_.addHardwareAuthToken(array, authToken); std::vector cborData = array.encode(); - // keyCharacteristics.hardwareEnforced is required to store algorithm, digest and padding values in operationInfo - // structure. To retrieve keyCharacteristics.hardwareEnforced, call getKeyCharacateristics. - // By calling getKeyCharacateristics also helps in finding a corrupted keyblob. + // keyCharacteristics.hardwareEnforced is required to store algorithm, digest + // and padding values in operationInfo structure. To retrieve + // keyCharacteristics.hardwareEnforced, call getKeyCharacateristics. By + // calling getKeyCharacateristics also helps in finding a corrupted keyblob. hidl_vec applicationId; hidl_vec applicationData; - if(getTag(inParams, Tag::APPLICATION_ID, param)) { + if (getTag(inParams, Tag::APPLICATION_ID, param)) { applicationId = param.blob; } - if(getTag(inParams, Tag::APPLICATION_DATA, param)) { + if (getTag(inParams, Tag::APPLICATION_DATA, param)) { applicationData = param.blob; } - //Call to getKeyCharacteristics. + // Call to getKeyCharacteristics. getKeyCharacteristics(keyBlob, applicationId, applicationData, - [&](ErrorCode error, KeyCharacteristics keyChars) { - errorCode = error; - keyCharacteristics = keyChars; - }); - LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD getKeyCharacteristics status: " << (int32_t) errorCode; - - if(errorCode == ErrorCode::OK) { + [&](ErrorCode error, KeyCharacteristics keyChars) { + errorCode = error; + keyCharacteristics = keyChars; + }); + LOG(DEBUG) + << "INS_BEGIN_OPERATION_CMD StrongboxKM getKeyCharacteristics status: " + << (int32_t)errorCode; + + if (errorCode == ErrorCode::OK) { errorCode = ErrorCode::UNKNOWN_ERROR; - if(getTag(keyCharacteristics.hardwareEnforced, Tag::ALGORITHM, param)) { - errorCode = sendData(Instruction::INS_BEGIN_OPERATION_CMD, cborData, cborOutData); - if(errorCode == ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), + if (getTag(keyCharacteristics.hardwareEnforced, Tag::ALGORITHM, param)) { + errorCode = + sendData(Instruction::INS_BEGIN_OPERATION_CMD, cborData, cborOutData); + if (errorCode == ErrorCode::OK) { + // Skip last 2 bytes in cborData, it contains status. + std::tie(item, errorCode) = decodeData( + cborConverter_, + std::vector(cborOutData.begin(), cborOutData.end() - 2), true, oprCtx_); if (item != nullptr) { - if(!cborConverter_.getKeyParameters(item, 1, outParams) || - !cborConverter_.getUint64(item, 2, operationHandle)) { + if (!cborConverter_.getKeyParameters(item, 1, outParams) || + !cborConverter_.getUint64(item, 2, operationHandle)) { errorCode = ErrorCode::UNKNOWN_ERROR; outParams.setToExternal(nullptr, 0); operationHandle = 0; - LOG(ERROR) << "INS_BEGIN_OPERATION_CMD: error in converting cbor data, status: " << (int32_t) errorCode; + LOG(ERROR) << "INS_BEGIN_OPERATION_CMD: error in converting cbor " + "data, status: " + << (int32_t)errorCode; } else { /* Store the operationInfo */ - oprCtx_->setOperationInfo(operationHandle, purpose, param.f.algorithm, inParams); + oprCtx_->setOperationInfo(operationHandle, purpose, + param.f.algorithm, inParams); } } } } else { - LOG(ERROR) << "INS_BEGIN_OPERATION_CMD couldn't find algorithm tag: " << (int32_t)Tag::ALGORITHM; + LOG(ERROR) << "INS_BEGIN_OPERATION_CMD couldn't find algorithm tag: " + << (int32_t)Tag::ALGORITHM; } } else { - LOG(ERROR) << "INS_BEGIN_OPERATION_CMD error in getKeyCharacteristics status: " << (int32_t) errorCode; + LOG(ERROR) + << "INS_BEGIN_OPERATION_CMD error in getKeyCharacteristics status: " + << (int32_t)errorCode; } - /* Create a new operation handle and add a entry inside the operation table map with - * key - new operation handle - * value - hal generated operation handle. - */ - if (ErrorCode::OK == errorCode) - errorCode = createOprHandleEntry(operationHandle, SB_KM_OPR, generatedOpHandle); + return errorCode; +} - _hidl_cb(errorCode, outParams, generatedOpHandle); - return Void(); +ErrorCode JavacardKeymaster4Device::handleBeginOperation( + KeyPurpose purpose, const hidl_vec& keyBlob, + const hidl_vec& inParams, const HardwareAuthToken& authToken, + hidl_vec& outParams, uint64_t& operationHandle, + OperationType& operType) { + ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; + if (operType == OperationType::PUBLIC_OPERATION) { + errorCode = handleBeginPublicKeyOperation(purpose, keyBlob, inParams, + outParams, operationHandle); + + // For Symmetric operations handleBeginPublicKeyOperation function + // returns INCOMPATIBLE_ALGORITHM error. Based on this error + // condition it fallbacks to private key operation. + if (errorCode == ErrorCode::INCOMPATIBLE_ALGORITHM) { + operType = OperationType::PRIVATE_OPERATION; + } + } + + if (operType == OperationType::PRIVATE_OPERATION) { + errorCode = handleBeginPrivateKeyOperation( + purpose, keyBlob, inParams, authToken, outParams, operationHandle); + } + return errorCode; } -Return JavacardKeymaster4Device::update(uint64_t halGeneratedOprHandle, const hidl_vec& inParams, const hidl_vec& input, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, update_cb _hidl_cb) { +Return JavacardKeymaster4Device::update(uint64_t operationHandle, const hidl_vec& inParams, const hidl_vec& input, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, update_cb _hidl_cb) { ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; uint32_t inputConsumed = 0; hidl_vec outParams; hidl_vec output; - uint64_t operationHandle; UpdateOperationResponse response; - if (ErrorCode::OK != (errorCode = getOrigOperationHandle(halGeneratedOprHandle, operationHandle))) { + OperationType operType = getOperationType(operationHandle); + if (OperationType::UNKNOWN == operType) { // operation handle not found LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle is passed or if" << " secure element reset occurred."; - _hidl_cb(errorCode, inputConsumed, outParams, output); + _hidl_cb(ErrorCode::INVALID_OPERATION_HANDLE, inputConsumed, outParams, output); return Void(); } - if (!isStrongboxOperation(halGeneratedOprHandle)) { + if (OperationType::PUBLIC_OPERATION == operType) { /* SW keymaster (Public key operation) */ LOG(DEBUG) << "INS_UPDATE_OPERATION_CMD - swkm operation "; UpdateOperationRequest request; @@ -1249,34 +1290,34 @@ Return JavacardKeymaster4Device::update(uint64_t halGeneratedOprHandle, co LOG(DEBUG) << "Update operation status: " << (int32_t) errorCode; if(ErrorCode::OK != errorCode) { LOG(ERROR) << "Error in update operation, status: " << (int32_t) errorCode; - abort(halGeneratedOprHandle); + abort(operationHandle); } } if(ErrorCode::OK != errorCode) { /* Delete the entry from operation table. */ LOG(ERROR) << "Delete entry from operation table, status: " << (int32_t) errorCode; - deleteOprHandleEntry(halGeneratedOprHandle); + operationTable.erase(operationHandle); } _hidl_cb(errorCode, inputConsumed, outParams, output); return Void(); } -Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, const hidl_vec& inParams, const hidl_vec& input, const hidl_vec& signature, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, finish_cb _hidl_cb) { +Return JavacardKeymaster4Device::finish(uint64_t operationHandle, const hidl_vec& inParams, const hidl_vec& input, const hidl_vec& signature, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, finish_cb _hidl_cb) { ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - uint64_t operationHandle; hidl_vec outParams; hidl_vec output; FinishOperationResponse response; + OperationType operType = getOperationType(operationHandle); - if (ErrorCode::OK != (errorCode = getOrigOperationHandle(halGeneratedOprHandle, operationHandle))) { + if (OperationType::UNKNOWN == operType) { // operation handle not found LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle is passed or if" << " secure element reset occurred."; - _hidl_cb(errorCode, outParams, output); + _hidl_cb(ErrorCode::INVALID_OPERATION_HANDLE, outParams, output); return Void(); } - if (!isStrongboxOperation(halGeneratedOprHandle)) { + if (OperationType::PUBLIC_OPERATION == operType) { /* SW keymaster (Public key operation) */ LOG(DEBUG) << "FINISH - swkm operation "; FinishOperationRequest request; @@ -1386,54 +1427,83 @@ Return JavacardKeymaster4Device::finish(uint64_t halGeneratedOprHandle, co } if (ErrorCode::OK != errorCode) { LOG(ERROR) << "Error in finish operation, status: " << (int32_t) errorCode; - abort(halGeneratedOprHandle); + abort(operationHandle); } } /* Delete the entry from operation table. */ - deleteOprHandleEntry(halGeneratedOprHandle); + operationTable.erase(operationHandle); oprCtx_->clearOperationData(operationHandle); LOG(DEBUG) << "finish operation, status: " << (int32_t) errorCode; _hidl_cb(errorCode, outParams, output); return Void(); } -Return JavacardKeymaster4Device::abort(uint64_t halGeneratedOprHandle) { - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - uint64_t operationHandle; - if (ErrorCode::OK != (errorCode = getOrigOperationHandle(halGeneratedOprHandle, operationHandle))) { - LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle is passed or if" - << " secure element reset occurred."; - return errorCode; - } - AbortOperationRequest request; - request.op_handle = operationHandle; +ErrorCode JavacardKeymaster4Device::abortPrivateKeyOperation( + uint64_t operationHandle) { + ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; + cppbor::Array array; + std::unique_ptr item; + std::vector cborOutData; + + /* Convert input data to cbor format */ + array.add(operationHandle); + std::vector cborData = array.encode(); + + errorCode = + sendData(Instruction::INS_ABORT_OPERATION_CMD, cborData, cborOutData); + + if (errorCode == ErrorCode::OK) { + // Skip last 2 bytes in cborData, it contains status. + std::tie(item, errorCode) = decodeData( + cborConverter_, + std::vector(cborOutData.begin(), cborOutData.end() - 2), true, + oprCtx_); + } + return errorCode; +} - AbortOperationResponse response; - softKm_->AbortOperation(request, &response); +ErrorCode JavacardKeymaster4Device::abortPublicKeyOperation( + uint64_t operationHandle) { + ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; + AbortOperationRequest request; + request.op_handle = operationHandle; - errorCode = legacy_enum_conversion(response.error); - LOG(DEBUG) << "swkm abort operation, status: " << (int32_t) errorCode; - if (response.error == KM_ERROR_INVALID_OPERATION_HANDLE) { - cppbor::Array array; - std::unique_ptr item; - std::vector cborOutData; - - /* Convert input data to cbor format */ - array.add(operationHandle); - std::vector cborData = array.encode(); - - errorCode = sendData(Instruction::INS_ABORT_OPERATION_CMD, cborData, cborOutData); - - if(errorCode == ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), - true, oprCtx_); - } + AbortOperationResponse response; + softKm_->AbortOperation(request, &response); + + errorCode = legacy_enum_conversion(response.error); + return errorCode; +} + +ErrorCode JavacardKeymaster4Device::abortOperation(uint64_t operationHandle, + OperationType operType) { + if (operType == OperationType::UNKNOWN) + return ErrorCode::UNKNOWN_ERROR; + + if (OperationType::PUBLIC_OPERATION == operType) { + return abortPublicKeyOperation(operationHandle); + } else { + return abortPrivateKeyOperation(operationHandle); } - /* Delete the entry on this operationHandle */ - oprCtx_->clearOperationData(operationHandle); - deleteOprHandleEntry(halGeneratedOprHandle); - return errorCode; +} + +Return JavacardKeymaster4Device::abort(uint64_t operationHandle) { + ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; + OperationType operType = getOperationType(operationHandle); + if (OperationType::UNKNOWN == operType) { // operation handle not found + LOG(ERROR) << " Operation handle is invalid. This could happen if invalid " + "operation handle is passed or if" + << " secure element reset occurred."; + return ErrorCode::INVALID_OPERATION_HANDLE; + } + + errorCode = abortOperation(operationHandle, operType); + if (errorCode == ErrorCode::OK) { + /* Delete the entry on this operationHandle */ + oprCtx_->clearOperationData(operationHandle); + operationTable.erase(operationHandle); + } + return errorCode; } // Methods from ::android::hardware::keymaster::V4_1::IKeymasterDevice follow. diff --git a/HAL/keymaster/include/JavacardKeymaster4Device.h b/HAL/keymaster/include/JavacardKeymaster4Device.h index c8ada383..ddb6b24a 100644 --- a/HAL/keymaster/include/JavacardKeymaster4Device.h +++ b/HAL/keymaster/include/JavacardKeymaster4Device.h @@ -54,6 +54,15 @@ using ::android::hardware::keymaster::V4_0::Tag; using V41ErrorCode = ::android::hardware::keymaster::V4_1::ErrorCode; +enum class OperationType { + /* Public operations are processed inside softkeymaster */ + PUBLIC_OPERATION = 0, + /* Private operations are processed inside strongbox */ + PRIVATE_OPERATION = 1, + UNKNOWN = 2, +}; + + class JavacardKeymaster4Device : public IKeymasterDevice { public: @@ -87,8 +96,33 @@ class JavacardKeymaster4Device : public IKeymasterDevice { protected: CborConverter cborConverter_; - -private: + + private: + ErrorCode handleBeginPublicKeyOperation( + KeyPurpose purpose, const hidl_vec& keyBlob, + const hidl_vec& inParams, hidl_vec& outParams, + uint64_t& operationHandle); + + ErrorCode handleBeginPrivateKeyOperation( + KeyPurpose purpose, const hidl_vec& keyBlob, + const hidl_vec& inParams, + const HardwareAuthToken& authToken, hidl_vec& outParams, + uint64_t& operationHandle); + + ErrorCode handleBeginOperation(KeyPurpose purpose, + const hidl_vec& keyBlob, + const hidl_vec& inParams, + const HardwareAuthToken& authToken, + hidl_vec& outParams, + uint64_t& operationHandle, + OperationType& operType); + + ErrorCode abortOperation(uint64_t operationHandle, OperationType operType); + + ErrorCode abortPublicKeyOperation(uint64_t operationHandle); + + ErrorCode abortPrivateKeyOperation(uint64_t operationHandle); + std::unique_ptr<::keymaster::AndroidKeymaster> softKm_; std::unique_ptr oprCtx_; bool isEachSystemPropertySet;