1 /* 2 * Copyright 2017 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include "proto_utils.h" 18 19 #include <android-base/logging.h> 20 #include <android/hardware/keymaster/4.0/types.h> 21 #include <keymasterV4_0/key_param_output.h> 22 23 namespace android { 24 namespace hardware { 25 namespace keymaster { 26 27 // HAL 28 using ::android::hardware::keymaster::V4_0::Algorithm; 29 using ::android::hardware::keymaster::V4_0::BlockMode; 30 using ::android::hardware::keymaster::V4_0::Digest; 31 using ::android::hardware::keymaster::V4_0::EcCurve; 32 using ::android::hardware::keymaster::V4_0::HardwareAuthenticatorType; 33 using ::android::hardware::keymaster::V4_0::KeyDerivationFunction; 34 using ::android::hardware::keymaster::V4_0::KeyOrigin; 35 using ::android::hardware::keymaster::V4_0::KeyPurpose; 36 using ::android::hardware::keymaster::V4_0::KeyBlobUsageRequirements; 37 using ::android::hardware::keymaster::V4_0::PaddingMode; 38 using ::android::hardware::keymaster::V4_0::Tag; 39 using ::android::hardware::keymaster::V4_0::TagType; 40 41 static TagType type_from_tag(Tag tag) 42 { 43 return static_cast<TagType>(tag & (0xF << 28)); 44 } 45 46 static nosapp::TagType type_from_tag(nosapp::Tag tag) 47 { 48 return static_cast<nosapp::TagType>(tag & (0xF << 16)); 49 } 50 51 static nosapp::Tag translate_tag(Tag tag) 52 { 53 enum TagType tag_type = type_from_tag(tag); 54 55 /* TODO: This is gross. The alternative is to have a complete table. */ 56 return static_cast<nosapp::Tag>( 57 (((uint32_t)tag_type >> 28) << 16) | (tag & 0xffff)); 58 } 59 60 static Tag translate_tag(nosapp::Tag tag) 61 { 62 enum nosapp::TagType tag_type = type_from_tag(tag); 63 64 /* TODO: This is gross. The alternative is to have a complete table. */ 65 return static_cast<Tag>( 66 (((uint32_t)tag_type >> 16) << 28) | (tag & 0xffff)); 67 } 68 69 static nosapp::KeyPurpose translate_purpose(KeyPurpose purpose) 70 { 71 switch (purpose) { 72 case KeyPurpose::ENCRYPT: 73 return nosapp::KeyPurpose::ENCRYPT; 74 case KeyPurpose::DECRYPT: 75 return nosapp::KeyPurpose::DECRYPT; 76 case KeyPurpose::SIGN: 77 return nosapp::KeyPurpose::SIGN; 78 case KeyPurpose::VERIFY: 79 return nosapp::KeyPurpose::VERIFY; 80 case KeyPurpose::WRAP_KEY: 81 return nosapp::KeyPurpose::WRAP_KEY; 82 default: 83 return nosapp::KeyPurpose::PURPOSE_MAX; 84 } 85 } 86 87 static ErrorCode translate_purpose(nosapp::KeyPurpose purpose, KeyPurpose *out) 88 { 89 switch (purpose) { 90 case nosapp::KeyPurpose::ENCRYPT: 91 *out = KeyPurpose::ENCRYPT; 92 break; 93 case nosapp::KeyPurpose::DECRYPT: 94 *out = KeyPurpose::DECRYPT; 95 break; 96 case nosapp::KeyPurpose::SIGN: 97 *out = KeyPurpose::SIGN; 98 break; 99 case nosapp::KeyPurpose::VERIFY: 100 *out = KeyPurpose::VERIFY; 101 break; 102 case nosapp::KeyPurpose::WRAP_KEY: 103 *out = KeyPurpose::WRAP_KEY; 104 break; 105 default: 106 return ErrorCode::UNKNOWN_ERROR; 107 } 108 109 return ErrorCode::OK; 110 } 111 112 static nosapp::Algorithm translate_algorithm(Algorithm algorithm) 113 { 114 switch (algorithm) { 115 case Algorithm::RSA: 116 return nosapp::Algorithm::RSA; 117 case Algorithm::EC: 118 return nosapp::Algorithm::EC; 119 case Algorithm::AES: 120 return nosapp::Algorithm::AES; 121 case Algorithm::TRIPLE_DES: 122 return nosapp::Algorithm::DES; 123 case Algorithm::HMAC: 124 return nosapp::Algorithm::HMAC; 125 default: 126 return nosapp::Algorithm::ALGORITHM_MAX; 127 } 128 } 129 130 ErrorCode translate_algorithm(nosapp::Algorithm algorithm, 131 Algorithm *out) 132 { 133 switch (algorithm) { 134 case nosapp::Algorithm::RSA: 135 *out = Algorithm::RSA; 136 break; 137 case nosapp::Algorithm::EC: 138 *out = Algorithm::EC; 139 break; 140 case nosapp::Algorithm::AES: 141 *out = Algorithm::AES; 142 break; 143 case nosapp::Algorithm::DES: 144 *out = Algorithm::TRIPLE_DES; 145 break; 146 case nosapp::Algorithm::HMAC: 147 *out = Algorithm::HMAC; 148 break; 149 default: 150 return ErrorCode::UNKNOWN_ERROR; 151 } 152 153 return ErrorCode::OK; 154 } 155 156 static nosapp::BlockMode translate_block_mode(BlockMode block_mode) 157 { 158 switch (block_mode) { 159 case BlockMode::ECB: 160 return nosapp::BlockMode::ECB; 161 case BlockMode::CBC: 162 return nosapp::BlockMode::CBC; 163 case BlockMode::CTR: 164 return nosapp::BlockMode::CTR; 165 case BlockMode::GCM: 166 return nosapp::BlockMode::GCM; 167 default: 168 return nosapp::BlockMode::BLOCK_MODE_MAX; 169 } 170 } 171 172 static ErrorCode translate_block_mode(nosapp::BlockMode block_mode, 173 BlockMode *out) 174 { 175 switch (block_mode) { 176 case nosapp::BlockMode::ECB: 177 *out = BlockMode::ECB; 178 break; 179 case nosapp::BlockMode::CBC: 180 *out = BlockMode::CBC; 181 break; 182 case nosapp::BlockMode::CTR: 183 *out = BlockMode::CTR; 184 break; 185 case nosapp::BlockMode::GCM: 186 *out = BlockMode::GCM; 187 break; 188 default: 189 return ErrorCode::UNKNOWN_ERROR; 190 break; 191 } 192 193 return ErrorCode::OK; 194 } 195 196 static nosapp::Digest translate_digest(Digest digest) 197 { 198 switch (digest) { 199 case Digest::NONE: 200 return nosapp::Digest::DIGEST_NONE; 201 case Digest::MD5: 202 return nosapp::Digest::DIGEST_MD5; 203 case Digest::SHA1: 204 return nosapp::Digest::DIGEST_SHA1; 205 case Digest::SHA_2_224: 206 return nosapp::Digest::DIGEST_SHA_2_224; 207 case Digest::SHA_2_256: 208 return nosapp::Digest::DIGEST_SHA_2_256; 209 case Digest::SHA_2_384: 210 return nosapp::Digest::DIGEST_SHA_2_384; 211 case Digest::SHA_2_512: 212 return nosapp::Digest::DIGEST_SHA_2_512; 213 default: 214 return nosapp::Digest::DIGEST_MAX; 215 } 216 } 217 218 static ErrorCode translate_digest(nosapp::Digest digest, 219 Digest *out) 220 { 221 switch (digest) { 222 case nosapp::Digest::DIGEST_NONE: 223 *out = Digest::NONE; 224 break; 225 case nosapp::Digest::DIGEST_MD5: 226 *out = Digest::MD5; 227 break; 228 case nosapp::Digest::DIGEST_SHA1: 229 *out = Digest::SHA1; 230 break; 231 case nosapp::Digest::DIGEST_SHA_2_224: 232 *out = Digest::SHA_2_224; 233 break; 234 case nosapp::Digest::DIGEST_SHA_2_256: 235 *out = Digest::SHA_2_256; 236 break; 237 case nosapp::Digest::DIGEST_SHA_2_384: 238 *out = Digest::SHA_2_384; 239 break; 240 case nosapp::Digest::DIGEST_SHA_2_512: 241 *out = Digest::SHA_2_512; 242 break; 243 default: 244 return ErrorCode::UNKNOWN_ERROR; 245 } 246 247 return ErrorCode::OK; 248 } 249 250 static nosapp::PaddingMode translate_padding_mode(PaddingMode padding_mode) 251 { 252 switch (padding_mode) { 253 case PaddingMode::NONE: 254 return nosapp::PaddingMode::PADDING_NONE; 255 case PaddingMode::RSA_OAEP: 256 return nosapp::PaddingMode::PADDING_RSA_OAEP; 257 case PaddingMode::RSA_PSS: 258 return nosapp::PaddingMode::PADDING_RSA_PSS; 259 case PaddingMode::RSA_PKCS1_1_5_ENCRYPT: 260 return nosapp::PaddingMode::PADDING_RSA_PKCS1_1_5_ENCRYPT; 261 case PaddingMode::RSA_PKCS1_1_5_SIGN: 262 return nosapp::PaddingMode::PADDING_RSA_PKCS1_1_5_SIGN; 263 case PaddingMode::PKCS7: 264 return nosapp::PaddingMode::PADDING_PKCS7; 265 default: 266 return nosapp::PaddingMode::PADDING_MODE_MAX; 267 } 268 } 269 270 static ErrorCode translate_padding_mode(nosapp::PaddingMode padding_mode, 271 PaddingMode *out) 272 { 273 switch (padding_mode) { 274 case nosapp::PaddingMode::PADDING_NONE: 275 *out = PaddingMode::NONE; 276 break; 277 case nosapp::PaddingMode::PADDING_RSA_OAEP: 278 *out = PaddingMode::RSA_OAEP; 279 break; 280 case nosapp::PaddingMode::PADDING_RSA_PSS: 281 *out = PaddingMode::RSA_PSS; 282 break; 283 case nosapp::PaddingMode::PADDING_RSA_PKCS1_1_5_ENCRYPT: 284 *out = PaddingMode::RSA_PKCS1_1_5_ENCRYPT; 285 break; 286 case nosapp::PaddingMode::PADDING_RSA_PKCS1_1_5_SIGN: 287 *out = PaddingMode::RSA_PKCS1_1_5_SIGN; 288 break; 289 case nosapp::PaddingMode::PADDING_PKCS7: 290 *out = PaddingMode::PKCS7; 291 break; 292 default: 293 return ErrorCode::UNKNOWN_ERROR; 294 } 295 296 return ErrorCode::OK; 297 } 298 299 static nosapp::EcCurve translate_ec_curve(EcCurve ec_curve) 300 { 301 switch (ec_curve) { 302 case EcCurve::P_224: 303 return nosapp::EcCurve::P_224; 304 case EcCurve::P_256: 305 return nosapp::EcCurve::P_256; 306 case EcCurve::P_384: 307 return nosapp::EcCurve::P_384; 308 case EcCurve::P_521: 309 return nosapp::EcCurve::P_521; 310 default: 311 return nosapp::EcCurve::EC_CURVE_MAX; 312 } 313 } 314 315 ErrorCode translate_ec_curve(nosapp::EcCurve ec_curve, EcCurve *out) 316 { 317 switch (ec_curve) { 318 case nosapp::EcCurve::P_224: 319 *out = EcCurve::P_224; 320 break; 321 case nosapp::EcCurve::P_256: 322 *out = EcCurve::P_256; 323 break; 324 case nosapp::EcCurve::P_384: 325 *out = EcCurve::P_384; 326 break; 327 case nosapp::EcCurve::P_521: 328 *out = EcCurve::P_521; 329 break; 330 default: 331 return ErrorCode::UNKNOWN_ERROR; 332 } 333 334 return ErrorCode::OK; 335 } 336 337 static nosapp::KeyBlobUsageRequirements translate_key_blob_usage_requirements( 338 KeyBlobUsageRequirements usage) 339 { 340 switch (usage) { 341 case KeyBlobUsageRequirements::STANDALONE: 342 return nosapp::KeyBlobUsageRequirements::STANDALONE; 343 case KeyBlobUsageRequirements::REQUIRES_FILE_SYSTEM: 344 return nosapp::KeyBlobUsageRequirements::REQUIRES_FILE_SYSTEM; 345 default: 346 return nosapp::KeyBlobUsageRequirements::KEY_USAGE_MAX; 347 break; 348 } 349 } 350 351 static ErrorCode translate_key_blob_usage_requirements( 352 nosapp::KeyBlobUsageRequirements usage, KeyBlobUsageRequirements *out) 353 { 354 switch (usage) { 355 case nosapp::KeyBlobUsageRequirements::STANDALONE: 356 *out = KeyBlobUsageRequirements::STANDALONE; 357 break; 358 case nosapp::KeyBlobUsageRequirements::REQUIRES_FILE_SYSTEM: 359 *out = KeyBlobUsageRequirements::REQUIRES_FILE_SYSTEM; 360 break; 361 default: 362 return ErrorCode::UNKNOWN_ERROR; 363 } 364 365 return ErrorCode::UNKNOWN_ERROR; 366 } 367 368 static nosapp::KeyOrigin translate_key_origin(KeyOrigin key_origin) 369 { 370 switch (key_origin) { 371 case KeyOrigin::GENERATED: 372 return nosapp::KeyOrigin::GENERATED; 373 case KeyOrigin::DERIVED: 374 return nosapp::KeyOrigin::DERIVED; 375 case KeyOrigin::IMPORTED: 376 return nosapp::KeyOrigin::IMPORTED; 377 case KeyOrigin::UNKNOWN: 378 return nosapp::KeyOrigin::UNKNOWN; 379 default: 380 return nosapp::KeyOrigin::KEY_ORIGIN_MAX; 381 } 382 } 383 384 static ErrorCode translate_key_origin(nosapp::KeyOrigin key_origin, 385 KeyOrigin *out) 386 { 387 switch (key_origin) { 388 case nosapp::KeyOrigin::GENERATED: 389 *out = KeyOrigin::GENERATED; 390 break; 391 case nosapp::KeyOrigin::DERIVED: 392 *out = KeyOrigin::DERIVED; 393 break; 394 case nosapp::KeyOrigin::IMPORTED: 395 *out = KeyOrigin::IMPORTED; 396 break; 397 case nosapp::KeyOrigin::UNKNOWN: 398 *out = KeyOrigin::UNKNOWN; 399 break; 400 default: 401 return ErrorCode::UNKNOWN_ERROR; 402 } 403 404 return ErrorCode::OK; 405 } 406 407 ErrorCode translate_auth_token(const HardwareAuthToken& auth_token, 408 nosapp::HardwareAuthToken *out) 409 { 410 out->set_challenge(auth_token.challenge); 411 out->set_user_id(auth_token.userId); 412 out->set_authenticator_id(auth_token.authenticatorId); 413 out->set_authenticator_type((uint32_t)auth_token.authenticatorType); 414 out->set_timestamp(auth_token.timestamp); 415 out->set_mac(&auth_token.mac[0], auth_token.mac.size()); 416 417 return ErrorCode::OK; 418 } 419 420 void translate_verification_token( 421 const VerificationToken& verification_token, 422 nosapp::VerificationToken *out) 423 { 424 out->set_challenge(verification_token.challenge); 425 out->set_timestamp(verification_token.timestamp); 426 hidl_params_to_pb(verification_token.parametersVerified, 427 out->mutable_params_verified()); 428 out->set_security_level(static_cast<nosapp::SecurityLevel>( 429 verification_token.securityLevel)); 430 out->set_mac(verification_token.mac.data(), 431 verification_token.mac.size()); 432 } 433 434 ErrorCode key_parameter_to_pb(const KeyParameter& param, 435 nosapp::KeyParameter *pb) 436 { 437 switch (param.tag) { 438 case Tag::INVALID: 439 LOG(ERROR) << "key_parameter_to_pb: invalid Tag received: " 440 << (uint32_t)param.tag; 441 return ErrorCode::INVALID_ARGUMENT; 442 break; 443 case Tag::PURPOSE: // (TagType:ENUM_REP | 1) 444 pb->set_integer((uint32_t)translate_purpose(param.f.purpose)); 445 break; 446 case Tag::ALGORITHM: // (TagType:ENUM | 2) 447 pb->set_integer((uint32_t)translate_algorithm(param.f.algorithm)); 448 break; 449 case Tag::KEY_SIZE: // (TagType:UINT | 3) 450 pb->set_integer(param.f.integer); 451 break; 452 case Tag::BLOCK_MODE: // (TagType:ENUM_REP | 4) 453 pb->set_integer((uint32_t)translate_block_mode(param.f.blockMode)); 454 break; 455 case Tag::DIGEST: // (TagType:ENUM_REP | 5) 456 pb->set_integer((uint32_t)translate_digest(param.f.digest)); 457 break; 458 case Tag::PADDING:; // (TagType:ENUM_REP | 6) 459 pb->set_integer((uint32_t)translate_padding_mode(param.f.paddingMode)); 460 break; 461 case Tag::CALLER_NONCE: // (TagType:BOOL | 7) 462 pb->set_integer(param.f.boolValue); 463 break; 464 case Tag::MIN_MAC_LENGTH: // (TagType:UINT | 8) 465 pb->set_integer(param.f.integer); 466 break; 467 case Tag::EC_CURVE: // (TagType:ENUM | 10) 468 pb->set_integer((uint32_t)translate_ec_curve(param.f.ecCurve)); 469 break; 470 case Tag::RSA_PUBLIC_EXPONENT: // (TagType:ULONG | 200) 471 pb->set_long_integer(param.f.longInteger); 472 break; 473 case Tag::INCLUDE_UNIQUE_ID: // (TagType:BOOL | 202) 474 pb->set_integer(param.f.boolValue); 475 break; 476 case Tag::BLOB_USAGE_REQUIREMENTS: // (TagType:ENUM | 301) 477 pb->set_integer((uint32_t)translate_key_blob_usage_requirements( 478 param.f.keyBlobUsageRequirements)); 479 break; 480 case Tag::BOOTLOADER_ONLY: // (TagType:BOOL | 302) 481 pb->set_integer(param.f.boolValue); 482 break; 483 case Tag::ROLLBACK_RESISTANCE: // (TagType:BOOL | 303) 484 pb->set_integer(param.f.boolValue); 485 break; 486 case Tag::HARDWARE_TYPE: // (TagType:ENUM | 304) 487 break; 488 case Tag::ACTIVE_DATETIME: // (TagType:DATE | 400) 489 pb->set_long_integer(param.f.dateTime); 490 break; 491 case Tag::ORIGINATION_EXPIRE_DATETIME: // (TagType:DATE | 401) 492 case Tag::USAGE_EXPIRE_DATETIME: // (TagType:DATE | 402) 493 pb->set_long_integer(param.f.dateTime); 494 break; 495 case Tag::MIN_SECONDS_BETWEEN_OPS: // (TagType:UINT | 403) 496 case Tag::MAX_USES_PER_BOOT: // (TagType:UINT | 404) 497 pb->set_integer(param.f.integer); 498 break; 499 case Tag::USER_SECURE_ID: // (TagType:ULONG_REP | 502) 500 pb->set_long_integer(param.f.longInteger); 501 break; 502 case Tag::NO_AUTH_REQUIRED: // (TagType:BOOL | 503) 503 pb->set_integer(param.f.boolValue); 504 break; 505 case Tag::USER_AUTH_TYPE: // (TagType:ENUM | 504) 506 // This field is an OR'd bitfield of HAL enum values from 507 // ::android::hardware::keymaster::V4_0::HardwareAuthenticatorType. 508 pb->set_integer((uint32_t)param.f.hardwareAuthenticatorType); 509 break; 510 case Tag::AUTH_TIMEOUT: // (TagType:UINT | 505) 511 pb->set_integer(param.f.integer); 512 break; 513 case Tag::ALLOW_WHILE_ON_BODY: // (TagType:BOOL | 506) 514 pb->set_integer(param.f.boolValue); 515 break; 516 case Tag::TRUSTED_USER_PRESENCE_REQUIRED: // (TagType:BOOL | 507) 517 pb->set_integer(param.f.boolValue); 518 break; 519 case Tag::TRUSTED_CONFIRMATION_REQUIRED: // (TagType:BOOL | 508) 520 pb->set_integer(param.f.boolValue); 521 break; 522 case Tag::APPLICATION_ID: // (TagType:BYTES | 601) 523 pb->set_blob(¶m.blob[0], param.blob.size()); 524 break; 525 case Tag::APPLICATION_DATA: // (TagType:BYTES | 700) 526 pb->set_blob(¶m.blob[0], param.blob.size()); 527 break; 528 case Tag::CREATION_DATETIME: // (TagType:DATE | 701) 529 pb->set_long_integer(param.f.dateTime); 530 break; 531 case Tag::ORIGIN: // (TagType:ENUM | 702) 532 pb->set_integer((uint32_t)translate_key_origin(param.f.origin)); 533 break; 534 case Tag::ROOT_OF_TRUST: // (TagType:BYTES | 704) 535 pb->set_blob(¶m.blob[0], param.blob.size()); 536 break; 537 case Tag::OS_VERSION: // (TagType:UINT | 705) 538 case Tag::OS_PATCHLEVEL: // (TagType:UINT | 706) 539 pb->set_integer(param.f.integer); 540 break; 541 case Tag::UNIQUE_ID: // (TagType:BYTES | 707) 542 case Tag::ATTESTATION_CHALLENGE: // (TagType:BYTES | 708) 543 case Tag::ATTESTATION_APPLICATION_ID: // (TagType:BYTES | 709) 544 case Tag::ATTESTATION_ID_BRAND: // (TagType:BYTES | 710) 545 case Tag::ATTESTATION_ID_DEVICE: // (TagType:BYTES | 711) 546 case Tag::ATTESTATION_ID_PRODUCT: // (TagType:BYTES | 712) 547 case Tag::ATTESTATION_ID_SERIAL: // (TagType:BYTES | 713) 548 case Tag::ATTESTATION_ID_IMEI: // (TagType:BYTES | 714) 549 case Tag::ATTESTATION_ID_MEID: // (TagType:BYTES | 715) 550 case Tag::ATTESTATION_ID_MANUFACTURER: // (TagType:BYTES | 716) 551 case Tag::ATTESTATION_ID_MODEL: // (TagType:BYTES | 717) 552 pb->set_blob(¶m.blob[0], param.blob.size()); 553 break; 554 case Tag::VENDOR_PATCHLEVEL: // (TagType:UINT | 718) 555 case Tag::BOOT_PATCHLEVEL: // (TagType:UINT | 719) 556 pb->set_integer(param.f.integer); 557 break; 558 case Tag::ASSOCIATED_DATA: // (TagType:BYTES | 1000) 559 case Tag::NONCE: // (TagType:BYTES | 1001) 560 case Tag::CONFIRMATION_TOKEN: // (TagType:BYTES | 1005) 561 pb->set_blob(¶m.blob[0], param.blob.size()); 562 break; 563 case Tag::MAC_LENGTH: // (TagType:UINT | 1003) 564 pb->set_integer(param.f.integer); 565 break; 566 case Tag::RESET_SINCE_ID_ROTATION: // (TagType:BOOL | 1004) 567 pb->set_integer(param.f.boolValue); 568 break; 569 default: 570 LOG(ERROR) << "Unhandled tag value in key_parameter_to_pb: " 571 << (uint32_t) param.tag; 572 } 573 574 pb->set_tag(translate_tag(param.tag)); 575 return ErrorCode::OK; 576 } 577 578 ErrorCode pb_to_key_parameter(const nosapp::KeyParameter& param, 579 KeyParameter *kp) 580 { 581 switch (param.tag()) { 582 case nosapp::Tag::TAG_INVALID: 583 LOG(ERROR) << "pb_to_key_parameter: invalid Tag received: " 584 << (uint32_t)param.tag(); 585 return ErrorCode::UNKNOWN_ERROR; 586 break; 587 case nosapp::Tag::PURPOSE: // (TagType:ENUM_REP | 1) 588 if (translate_purpose(static_cast<nosapp::KeyPurpose>(param.integer()), 589 &kp->f.purpose) != ErrorCode::OK) { 590 return ErrorCode::UNKNOWN_ERROR; 591 } 592 break; 593 case nosapp::Tag::ALGORITHM: // (TagType:ENUM | 2) 594 if (translate_algorithm(static_cast<nosapp::Algorithm>(param.integer()), 595 &kp->f.algorithm) != ErrorCode::OK) { 596 return ErrorCode::UNKNOWN_ERROR; 597 } 598 break; 599 case nosapp::Tag::KEY_SIZE: // (TagType:UINT | 3) 600 kp->f.integer = param.integer(); 601 break; 602 case nosapp::Tag::BLOCK_MODE: // (TagType:ENUM_REP | 4) 603 if (translate_block_mode( 604 static_cast<nosapp::BlockMode>(param.integer()), 605 &kp->f.blockMode) != ErrorCode::OK) { 606 return ErrorCode::UNKNOWN_ERROR; 607 } 608 break; 609 case nosapp::Tag::DIGEST: // (TagType:ENUM_REP | 5) 610 if (translate_digest( 611 static_cast<nosapp::Digest>(param.integer()), 612 &kp->f.digest) != ErrorCode::OK) { 613 return ErrorCode::UNKNOWN_ERROR; 614 } 615 break; 616 case nosapp::Tag::PADDING:; // (TagType:ENUM_REP | 6) 617 if (translate_padding_mode( 618 static_cast<nosapp::PaddingMode>(param.integer()), 619 &kp->f.paddingMode) != ErrorCode::OK) { 620 return ErrorCode::UNKNOWN_ERROR; 621 } 622 break; 623 case nosapp::Tag::CALLER_NONCE: // (TagType:BOOL | 7) 624 kp->f.boolValue = (bool)param.integer(); 625 break; 626 case nosapp::Tag::MIN_MAC_LENGTH: // (TagType:UINT | 8) 627 kp->f.integer = param.integer(); 628 break; 629 case nosapp::Tag::EC_CURVE: // (TagType:ENUM | 10) 630 if (translate_ec_curve( 631 static_cast<nosapp::EcCurve>(param.integer()), 632 &kp->f.ecCurve) != ErrorCode::OK) { 633 return ErrorCode::UNKNOWN_ERROR; 634 } 635 break; 636 case nosapp::Tag::RSA_PUBLIC_EXPONENT: // (TagType:ULONG | 200) 637 kp->f.longInteger = param.long_integer(); 638 break; 639 case nosapp::Tag::INCLUDE_UNIQUE_ID: // (TagType:BOOL | 202) 640 kp->f.boolValue = (bool)param.integer(); 641 break; 642 case nosapp::Tag::BLOB_USAGE_REQUIREMENTS: // (TagType:ENUM | 301) 643 if (translate_key_blob_usage_requirements( 644 static_cast<nosapp::KeyBlobUsageRequirements>(param.integer()), 645 &kp->f.keyBlobUsageRequirements) != ErrorCode::OK) { 646 return ErrorCode::UNKNOWN_ERROR; 647 } 648 break; 649 case nosapp::Tag::BOOTLOADER_ONLY: // (TagType:BOOL | 302) 650 case nosapp::Tag::ROLLBACK_RESISTANCE: // (TagType:BOOL | 303) 651 kp->f.boolValue = (bool)param.integer(); 652 break; 653 case nosapp::Tag::ACTIVE_DATETIME: // (TagType:DATE | 400) 654 case nosapp::Tag::ORIGINATION_EXPIRE_DATETIME: // (TagType:DATE | 401) 655 case nosapp::Tag::USAGE_EXPIRE_DATETIME: // (TagType:DATE | 402) 656 kp->f.dateTime = param.long_integer(); 657 break; 658 case nosapp::Tag::MIN_SECONDS_BETWEEN_OPS: // (TagType:UINT | 403) 659 case nosapp::Tag::MAX_USES_PER_BOOT: // (TagType:UINT | 404) 660 kp->f.integer = param.integer(); 661 break; 662 case nosapp::Tag::USER_SECURE_ID: // (TagType:ULONG_REP | 502) 663 kp->f.longInteger = param.long_integer(); 664 break; 665 case nosapp::Tag::NO_AUTH_REQUIRED: // (TagType:BOOL | 503) 666 kp->f.boolValue = (bool)param.integer(); 667 break; 668 case nosapp::Tag::USER_AUTH_TYPE: // (TagType:ENUM | 504) 669 // This field is an OR'd bitfield of HAL enum values from 670 // ::android::hardware::keymaster::V4_0::HardwareAuthenticatorType. 671 kp->f.hardwareAuthenticatorType = 672 static_cast<HardwareAuthenticatorType>(param.integer()); 673 break; 674 case nosapp::Tag::AUTH_TIMEOUT: // (TagType:UINT | 505) 675 kp->f.integer = param.integer(); 676 break; 677 case nosapp::Tag::ALLOW_WHILE_ON_BODY: // (TagType:BOOL | 506) 678 kp->f.boolValue = (bool)param.integer(); 679 break; 680 case nosapp::Tag::TRUSTED_USER_PRESENCE_REQUIRED: // (TagType:BOOL | 507) 681 kp->f.boolValue = (bool)param.integer(); 682 break; 683 case nosapp::Tag::TRUSTED_CONFIRMATION_REQUIRED: // (TagType:BOOL | 508) 684 kp->f.boolValue = (bool)param.integer(); 685 break; 686 case nosapp::Tag::APPLICATION_ID: // (TagType:BYTES | 601) 687 kp->blob.setToExternal( 688 reinterpret_cast<uint8_t *>( 689 const_cast<char *>(param.blob().data())), param.blob().size());; 690 break; 691 case nosapp::Tag::APPLICATION_DATA: // (TagType:BYTES | 700) 692 kp->blob.setToExternal( 693 reinterpret_cast<uint8_t *>( 694 const_cast<char *>(param.blob().data())), param.blob().size());; 695 break; 696 case nosapp::Tag::CREATION_DATETIME: // (TagType:DATE | 701) 697 kp->f.dateTime = param.long_integer(); 698 break; 699 case nosapp::Tag::ORIGIN: // (TagType:ENUM | 702) 700 if (translate_key_origin( 701 static_cast<nosapp::KeyOrigin>(param.integer()), 702 &kp->f.origin) != ErrorCode::OK) { 703 return ErrorCode::UNKNOWN_ERROR; 704 } 705 break; 706 case nosapp::Tag::ROOT_OF_TRUST: // (TagType:BYTES | 704) 707 kp->blob.setToExternal( 708 reinterpret_cast<uint8_t *>( 709 const_cast<char *>(param.blob().data())), param.blob().size()); 710 break; 711 case nosapp::Tag::OS_VERSION: // (TagType:UINT | 705) 712 case nosapp::Tag::OS_PATCHLEVEL: // (TagType:UINT | 706) 713 kp->f.integer = param.integer(); 714 break; 715 case nosapp::Tag::UNIQUE_ID: // (TagType:BYTES | 707) 716 case nosapp::Tag::ATTESTATION_CHALLENGE: // (TagType:BYTES | 708) 717 case nosapp::Tag::ATTESTATION_APPLICATION_ID: // (TagType:BYTES | 709) 718 case nosapp::Tag::ATTESTATION_ID_BRAND: // (TagType:BYTES | 710) 719 case nosapp::Tag::ATTESTATION_ID_DEVICE: // (TagType:BYTES | 711) 720 case nosapp::Tag::ATTESTATION_ID_PRODUCT: // (TagType:BYTES | 712) 721 case nosapp::Tag::ATTESTATION_ID_SERIAL: // (TagType:BYTES | 713) 722 case nosapp::Tag::ATTESTATION_ID_IMEI: // (TagType:BYTES | 714) 723 case nosapp::Tag::ATTESTATION_ID_MEID: // (TagType:BYTES | 715) 724 case nosapp::Tag::ATTESTATION_ID_MANUFACTURER: // (TagType:BYTES | 716) 725 case nosapp::Tag::ATTESTATION_ID_MODEL: // (TagType:BYTES | 717) 726 kp->blob.setToExternal( 727 reinterpret_cast<uint8_t *>( 728 const_cast<char *>(param.blob().data())), param.blob().size()); 729 break; 730 case nosapp::Tag::VENDOR_PATCHLEVEL: // (TagType:UINT | 718) 731 case nosapp::Tag::BOOT_PATCHLEVEL: // (TagType:UINT | 719) 732 kp->f.integer = param.integer(); 733 break; 734 case nosapp::Tag::ASSOCIATED_DATA: // (TagType:BYTES | 1000) 735 case nosapp::Tag::NONCE: // (TagType:BYTES | 1001) 736 kp->blob.setToExternal( 737 reinterpret_cast<uint8_t *>( 738 const_cast<char *>(param.blob().data())), param.blob().size()); 739 break; 740 case nosapp::Tag::MAC_LENGTH: // (TagType:UINT | 1003) 741 kp->f.integer = param.integer(); 742 break; 743 case nosapp::Tag::RESET_SINCE_ID_ROTATION: // (TagType:BOOL | 1004) 744 kp->f.boolValue = (bool)param.integer(); 745 break; 746 case nosapp::Tag::CONFIRMATION_TOKEN: // (TagType:BOOL | 1005) 747 kp->blob.setToExternal( 748 reinterpret_cast<uint8_t *>( 749 const_cast<char *>(param.blob().data())), param.blob().size()); 750 break; 751 default: 752 return ErrorCode::UNKNOWN_ERROR; 753 } 754 755 kp->tag = translate_tag(param.tag()); 756 return ErrorCode::OK; 757 } 758 759 ErrorCode hidl_params_to_pb(const hidl_vec<KeyParameter>& params, 760 nosapp::KeyParameters *pb) 761 { 762 for (size_t i = 0; i < params.size(); i++) { 763 nosapp::KeyParameter *param = pb->add_params(); 764 ErrorCode error = key_parameter_to_pb(params[i], param); 765 if (error != ErrorCode::OK) { 766 return ErrorCode::INVALID_ARGUMENT; 767 } 768 } 769 770 return ErrorCode::OK; 771 } 772 773 ErrorCode hidl_params_to_map(const hidl_vec<KeyParameter>& params, 774 tag_map_t *tag_map) 775 { 776 for (size_t i = 0; i < params.size(); i++) { 777 switch (type_from_tag(params[i].tag)) { 778 case TagType::INVALID: 779 return ErrorCode::INVALID_ARGUMENT; 780 break; 781 case TagType::ENUM: 782 case TagType::UINT: 783 case TagType::ULONG: 784 case TagType::DATE: 785 case TagType::BOOL: 786 case TagType::BIGNUM: 787 case TagType::BYTES: 788 if (tag_map->find(params[i].tag) != tag_map->end()) { 789 // Duplicates not allowed for these tags types. 790 return ErrorCode::INVALID_ARGUMENT; 791 } 792 FALLTHROUGH_INTENDED; 793 case TagType::ENUM_REP: 794 FALLTHROUGH_INTENDED; 795 case TagType::UINT_REP: 796 FALLTHROUGH_INTENDED; 797 case TagType::ULONG_REP: 798 if (tag_map->find(params[i].tag) == tag_map->end()) { 799 vector<KeyParameter> v{params[i]}; 800 tag_map->insert( 801 std::pair<Tag, vector<KeyParameter> >( 802 params[i].tag, v)); 803 } else { 804 (*tag_map)[params[i].tag].push_back(params[i]); 805 } 806 break; 807 default: 808 /* Unrecognized TagType. */ 809 return ErrorCode::INVALID_ARGUMENT; 810 break; 811 } 812 } 813 814 return ErrorCode::OK; 815 } 816 817 ErrorCode map_params_to_pb(const tag_map_t& params, 818 nosapp::KeyParameters *pbParams) 819 { 820 for (const auto& it : params) { 821 for (const auto& pt : it.second) { 822 nosapp::KeyParameter *param = pbParams->add_params(); 823 ErrorCode error = key_parameter_to_pb(pt, param); 824 if (error != ErrorCode::OK) { 825 return error; 826 } 827 } 828 } 829 830 return ErrorCode::OK; 831 } 832 833 ErrorCode pb_to_hidl_params(const nosapp::KeyParameters& pbParams, 834 hidl_vec<KeyParameter> *params) 835 { 836 std::vector<KeyParameter> kpv; 837 for (size_t i = 0; i < (size_t)pbParams.params_size(); i++) { 838 KeyParameter kp; 839 const nosapp::KeyParameter& param = pbParams.params(i); 840 841 ErrorCode error = pb_to_key_parameter(param, &kp); 842 if (error != ErrorCode::OK) { 843 return ErrorCode::UNKNOWN_ERROR; 844 } 845 846 kpv.push_back(kp); 847 } 848 849 *params = kpv; 850 return ErrorCode::OK; 851 } 852 853 ErrorCode translate_error_code(nosapp::ErrorCode error_code) 854 { 855 switch (error_code) { 856 case nosapp::ErrorCode::OK: 857 return ErrorCode::OK; 858 case nosapp::ErrorCode::ROOT_OF_TRUST_ALREADY_SET: 859 return ErrorCode::ROOT_OF_TRUST_ALREADY_SET; 860 case nosapp::ErrorCode::UNSUPPORTED_PURPOSE: 861 return ErrorCode::UNSUPPORTED_PURPOSE; 862 case nosapp::ErrorCode::INCOMPATIBLE_PURPOSE: 863 return ErrorCode::INCOMPATIBLE_PURPOSE; 864 case nosapp::ErrorCode::UNSUPPORTED_ALGORITHM: 865 return ErrorCode::UNSUPPORTED_ALGORITHM; 866 case nosapp::ErrorCode::INCOMPATIBLE_ALGORITHM: 867 return ErrorCode::INCOMPATIBLE_ALGORITHM; 868 case nosapp::ErrorCode::UNSUPPORTED_KEY_SIZE: 869 return ErrorCode::UNSUPPORTED_KEY_SIZE; 870 case nosapp::ErrorCode::UNSUPPORTED_BLOCK_MODE: 871 return ErrorCode::UNSUPPORTED_BLOCK_MODE; 872 case nosapp::ErrorCode::INCOMPATIBLE_BLOCK_MODE: 873 return ErrorCode::INCOMPATIBLE_BLOCK_MODE; 874 case nosapp::ErrorCode::UNSUPPORTED_MAC_LENGTH: 875 return ErrorCode::UNSUPPORTED_MAC_LENGTH; 876 case nosapp::ErrorCode::UNSUPPORTED_PADDING_MODE: 877 return ErrorCode::UNSUPPORTED_PADDING_MODE; 878 case nosapp::ErrorCode::INCOMPATIBLE_PADDING_MODE: 879 return ErrorCode::INCOMPATIBLE_PADDING_MODE; 880 case nosapp::ErrorCode::UNSUPPORTED_DIGEST: 881 return ErrorCode::UNSUPPORTED_DIGEST; 882 case nosapp::ErrorCode::INCOMPATIBLE_DIGEST: 883 return ErrorCode::INCOMPATIBLE_DIGEST; 884 case nosapp::ErrorCode::INVALID_EXPIRATION_TIME: 885 return ErrorCode::INVALID_EXPIRATION_TIME; 886 case nosapp::ErrorCode::INVALID_USER_ID: 887 return ErrorCode::INVALID_USER_ID; 888 case nosapp::ErrorCode::INVALID_AUTHORIZATION_TIMEOUT: 889 return ErrorCode::INVALID_AUTHORIZATION_TIMEOUT; 890 case nosapp::ErrorCode::UNSUPPORTED_KEY_FORMAT: 891 return ErrorCode::UNSUPPORTED_KEY_FORMAT; 892 case nosapp::ErrorCode::INCOMPATIBLE_KEY_FORMAT: 893 return ErrorCode::INCOMPATIBLE_KEY_FORMAT; 894 case nosapp::ErrorCode::UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM: 895 return ErrorCode::UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM; 896 case nosapp::ErrorCode::UNSUPPORTED_KEY_VERIFICATION_ALGORITHM: 897 return ErrorCode::UNSUPPORTED_KEY_VERIFICATION_ALGORITHM; 898 case nosapp::ErrorCode::INVALID_INPUT_LENGTH: 899 return ErrorCode::INVALID_INPUT_LENGTH; 900 case nosapp::ErrorCode::KEY_EXPORT_OPTIONS_INVALID: 901 return ErrorCode::KEY_EXPORT_OPTIONS_INVALID; 902 case nosapp::ErrorCode::DELEGATION_NOT_ALLOWED: 903 return ErrorCode::DELEGATION_NOT_ALLOWED; 904 case nosapp::ErrorCode::KEY_NOT_YET_VALID: 905 return ErrorCode::KEY_NOT_YET_VALID; 906 case nosapp::ErrorCode::KEY_EXPIRED: 907 return ErrorCode::KEY_EXPIRED; 908 case nosapp::ErrorCode::KEY_USER_NOT_AUTHENTICATED: 909 return ErrorCode::KEY_USER_NOT_AUTHENTICATED; 910 case nosapp::ErrorCode::OUTPUT_PARAMETER_NULL: 911 return ErrorCode::OUTPUT_PARAMETER_NULL; 912 case nosapp::ErrorCode::INVALID_OPERATION_HANDLE: 913 return ErrorCode::INVALID_OPERATION_HANDLE; 914 case nosapp::ErrorCode::INSUFFICIENT_BUFFER_SPACE: 915 return ErrorCode::INSUFFICIENT_BUFFER_SPACE; 916 case nosapp::ErrorCode::VERIFICATION_FAILED: 917 return ErrorCode::VERIFICATION_FAILED; 918 case nosapp::ErrorCode::TOO_MANY_OPERATIONS: 919 return ErrorCode::TOO_MANY_OPERATIONS; 920 case nosapp::ErrorCode::UNEXPECTED_NULL_POINTER: 921 return ErrorCode::UNEXPECTED_NULL_POINTER; 922 case nosapp::ErrorCode::INVALID_KEY_BLOB: 923 return ErrorCode::INVALID_KEY_BLOB; 924 case nosapp::ErrorCode::IMPORTED_KEY_NOT_ENCRYPTED: 925 return ErrorCode::IMPORTED_KEY_NOT_ENCRYPTED; 926 case nosapp::ErrorCode::IMPORTED_KEY_DECRYPTION_FAILED: 927 return ErrorCode::IMPORTED_KEY_DECRYPTION_FAILED; 928 case nosapp::ErrorCode::IMPORTED_KEY_NOT_SIGNED: 929 return ErrorCode::IMPORTED_KEY_NOT_SIGNED; 930 case nosapp::ErrorCode::IMPORTED_KEY_VERIFICATION_FAILED: 931 return ErrorCode::IMPORTED_KEY_VERIFICATION_FAILED; 932 case nosapp::ErrorCode::INVALID_ARGUMENT: 933 return ErrorCode::INVALID_ARGUMENT; 934 case nosapp::ErrorCode::UNSUPPORTED_TAG: 935 return ErrorCode::UNSUPPORTED_TAG; 936 case nosapp::ErrorCode::INVALID_TAG: 937 return ErrorCode::INVALID_TAG; 938 case nosapp::ErrorCode::MEMORY_ALLOCATION_FAILED: 939 return ErrorCode::MEMORY_ALLOCATION_FAILED; 940 case nosapp::ErrorCode::IMPORT_PARAMETER_MISMATCH: 941 return ErrorCode::IMPORT_PARAMETER_MISMATCH; 942 case nosapp::ErrorCode::SECURE_HW_ACCESS_DENIED: 943 return ErrorCode::SECURE_HW_ACCESS_DENIED; 944 case nosapp::ErrorCode::OPERATION_CANCELLED: 945 return ErrorCode::OPERATION_CANCELLED; 946 case nosapp::ErrorCode::CONCURRENT_ACCESS_CONFLICT: 947 return ErrorCode::CONCURRENT_ACCESS_CONFLICT; 948 case nosapp::ErrorCode::SECURE_HW_BUSY: 949 return ErrorCode::SECURE_HW_BUSY; 950 case nosapp::ErrorCode::SECURE_HW_COMMUNICATION_FAILED: 951 return ErrorCode::SECURE_HW_COMMUNICATION_FAILED; 952 case nosapp::ErrorCode::UNSUPPORTED_EC_FIELD: 953 return ErrorCode::UNSUPPORTED_EC_FIELD; 954 case nosapp::ErrorCode::MISSING_NONCE: 955 return ErrorCode::MISSING_NONCE; 956 case nosapp::ErrorCode::INVALID_NONCE: 957 return ErrorCode::INVALID_NONCE; 958 case nosapp::ErrorCode::MISSING_MAC_LENGTH: 959 return ErrorCode::MISSING_MAC_LENGTH; 960 case nosapp::ErrorCode::KEY_RATE_LIMIT_EXCEEDED: 961 return ErrorCode::KEY_RATE_LIMIT_EXCEEDED; 962 case nosapp::ErrorCode::CALLER_NONCE_PROHIBITED: 963 return ErrorCode::CALLER_NONCE_PROHIBITED; 964 case nosapp::ErrorCode::KEY_MAX_OPS_EXCEEDED: 965 return ErrorCode::KEY_MAX_OPS_EXCEEDED; 966 case nosapp::ErrorCode::INVALID_MAC_LENGTH: 967 return ErrorCode::INVALID_MAC_LENGTH; 968 case nosapp::ErrorCode::MISSING_MIN_MAC_LENGTH: 969 return ErrorCode::MISSING_MIN_MAC_LENGTH; 970 case nosapp::ErrorCode::UNSUPPORTED_MIN_MAC_LENGTH: 971 return ErrorCode::UNSUPPORTED_MIN_MAC_LENGTH; 972 case nosapp::ErrorCode::UNSUPPORTED_KDF: 973 return ErrorCode::UNSUPPORTED_KDF; 974 case nosapp::ErrorCode::UNSUPPORTED_EC_CURVE: 975 return ErrorCode::UNSUPPORTED_EC_CURVE; 976 case nosapp::ErrorCode::KEY_REQUIRES_UPGRADE: 977 return ErrorCode::KEY_REQUIRES_UPGRADE; 978 case nosapp::ErrorCode::ATTESTATION_CHALLENGE_MISSING: 979 return ErrorCode::ATTESTATION_CHALLENGE_MISSING; 980 case nosapp::ErrorCode::KEYMASTER_NOT_CONFIGURED: 981 return ErrorCode::KEYMASTER_NOT_CONFIGURED; 982 case nosapp::ErrorCode::ATTESTATION_APPLICATION_ID_MISSING: 983 return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING; 984 case nosapp::ErrorCode::CANNOT_ATTEST_IDS: 985 return ErrorCode::CANNOT_ATTEST_IDS; 986 case nosapp::ErrorCode::UNIMPLEMENTED: 987 return ErrorCode::UNIMPLEMENTED; 988 case nosapp::ErrorCode::VERSION_MISMATCH: 989 return ErrorCode::VERSION_MISMATCH; 990 case nosapp::ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE: 991 return ErrorCode::ROLLBACK_RESISTANCE_UNAVAILABLE; 992 case nosapp::ErrorCode::HARDWARE_TYPE_UNAVAILABLE: 993 return ErrorCode::HARDWARE_TYPE_UNAVAILABLE; 994 case nosapp::ErrorCode::PROOF_OF_PRESENCE_REQUIRED: 995 return ErrorCode::PROOF_OF_PRESENCE_REQUIRED; 996 case nosapp::ErrorCode::CONCURRENT_PROOF_OF_PRESENCE_REQUESTED: 997 return ErrorCode::CONCURRENT_PROOF_OF_PRESENCE_REQUESTED; 998 case nosapp::ErrorCode::UNKNOWN_ERROR: 999 return ErrorCode::UNKNOWN_ERROR; 1000 case nosapp::ErrorCode::NO_USER_CONFIRMATION: 1001 return ErrorCode::NO_USER_CONFIRMATION; 1002 1003 /* Private error codes, unused by HAL. */ 1004 case nosapp::ErrorCode::INVALID_DEVICE_IDS: 1005 case nosapp::ErrorCode::PRODUCTION_MODE_PROVISIONING: 1006 case nosapp::ErrorCode::ErrorCode_INT_MIN_SENTINEL_DO_NOT_USE_: 1007 case nosapp::ErrorCode::ErrorCode_INT_MAX_SENTINEL_DO_NOT_USE_: 1008 default: 1009 LOG(ERROR) << "Unrecognized error_code: " << error_code; 1010 return ErrorCode::UNKNOWN_ERROR; 1011 } 1012 } 1013 1014 } // namespace keymaster 1015 } // hardware 1016 } // android 1017