1 /*
2 * Copyright 2020, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 /******************************************************************************
17 *
18 * The original Work has been changed by NXP.
19 *
20 * Licensed under the Apache License, Version 2.0 (the "License");
21 * you may not use this file except in compliance with the License.
22 * You may obtain a copy of the License at
23 *
24 * http://www.apache.org/licenses/LICENSE-2.0
25 *
26 * Unless required by applicable law or agreed to in writing, software
27 * distributed under the License is distributed on an "AS IS" BASIS,
28 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
29 * See the License for the specific language governing permissions and
30 * limitations under the License.
31 *
32 * Copyright 2022-2023 NXP
33 *
34 ******************************************************************************/
35 #define LOG_TAG "javacard.keymint.device.strongbox-impl"
36 #include "JavacardKeyMintDevice.h"
37 #include "JavacardKeyMintOperation.h"
38 #include "JavacardSharedSecret.h"
39 #include <JavacardKeyMintUtils.h>
40 #include <algorithm>
41 #include <android-base/logging.h>
42 #include <android-base/properties.h>
43 #include <hardware/hw_auth_token.h>
44 #include <iostream>
45 #include <iterator>
46 #include <keymaster/android_keymaster_messages.h>
47 #include <keymaster/wrapped_key.h>
48 #include <memory>
49 #include <memunreachable/memunreachable.h>
50 #include <regex.h>
51 #include <string>
52 #include <vector>
53
54 namespace aidl::android::hardware::security::keymint {
55 using cppbor::Array;
56 using cppbor::Bstr;
57 using cppbor::Uint;
58 using ::keymaster::AuthorizationSet;
59 using ::keymaster::dup_buffer;
60 using ::keymaster::KeymasterBlob;
61 using ::keymaster::KeymasterKeyBlob;
62 using ::keymint::javacard::Instruction;
63
defaultHwInfo(KeyMintHardwareInfo * info)64 ScopedAStatus JavacardKeyMintDevice::defaultHwInfo(KeyMintHardwareInfo* info) {
65 info->versionNumber = 1;
66 info->keyMintAuthorName = "Google";
67 info->keyMintName = "JavacardKeymintDevice";
68 info->securityLevel = securitylevel_;
69 info->timestampTokenRequired = true;
70 return ScopedAStatus::ok();
71 }
72
73
getHardwareInfo(KeyMintHardwareInfo * info)74 ScopedAStatus JavacardKeyMintDevice::getHardwareInfo(KeyMintHardwareInfo* info) {
75 uint64_t tsRequired = 1;
76 auto [item, err] = card_->sendRequest(Instruction::INS_GET_HW_INFO_CMD);
77 uint32_t secLevel;
78 uint32_t version;
79 if (err != KM_ERROR_OK || !cbor_.getUint64<uint32_t>(item, 1, version) ||
80 !cbor_.getUint64<uint32_t>(item, 2, secLevel) ||
81 !cbor_.getBinaryArray(item, 3, info->keyMintName) ||
82 !cbor_.getBinaryArray(item, 4, info->keyMintAuthorName) ||
83 !cbor_.getUint64<uint64_t>(item, 5, tsRequired)) {
84 // TODO should we return HARDWARE_NOT_YET_AVAILABLE instead of default Hardware Info.
85 LOG(ERROR) << "Error in response of getHardwareInfo.";
86 LOG(INFO) << "Returning defaultHwInfo in getHardwareInfo.";
87 return defaultHwInfo(info);
88 }
89 card_->initializeJavacard();
90 info->timestampTokenRequired = (tsRequired == 1);
91 info->securityLevel = static_cast<SecurityLevel>(secLevel);
92 info->versionNumber = static_cast<int32_t>(version);
93 return ScopedAStatus::ok();
94 }
95
generateKey(const vector<KeyParameter> & keyParams,const optional<AttestationKey> & attestationKey,KeyCreationResult * creationResult)96 ScopedAStatus JavacardKeyMintDevice::generateKey(const vector<KeyParameter>& keyParams,
97 const optional<AttestationKey>& attestationKey,
98 KeyCreationResult* creationResult) {
99 Array array;
100 // add key params
101 cbor_.addKeyparameters(array, keyParams);
102 // add attestation key if any
103 cbor_.addAttestationKey(array, attestationKey);
104 auto [item, err] = card_->sendRequest(Instruction::INS_GENERATE_KEY_CMD, array);
105 if (err != KM_ERROR_OK) {
106 LOG(ERROR) << "Error in sending generateKey.";
107 return km_utils::kmError2ScopedAStatus(err);
108 }
109 if (!cbor_.getBinaryArray(item, 1, creationResult->keyBlob) ||
110 !cbor_.getKeyCharacteristics(item, 2, creationResult->keyCharacteristics) ||
111 !cbor_.getCertificateChain(item, 3, creationResult->certificateChain)) {
112 LOG(ERROR) << "Error in decoding og response in generateKey.";
113 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
114 }
115 return ScopedAStatus::ok();
116 }
117
addRngEntropy(const vector<uint8_t> & data)118 ScopedAStatus JavacardKeyMintDevice::addRngEntropy(const vector<uint8_t>& data) {
119 Array request;
120 // add key data
121 request.add(Bstr(data));
122 auto [item, err] = card_->sendRequest(Instruction::INS_ADD_RNG_ENTROPY_CMD, request);
123 if (err != KM_ERROR_OK) {
124 LOG(ERROR) << "Error in sending addRngEntropy.";
125 return km_utils::kmError2ScopedAStatus(err);
126 }
127 return ScopedAStatus::ok();
128 }
129
importKey(const vector<KeyParameter> & keyParams,KeyFormat keyFormat,const vector<uint8_t> & keyData,const optional<AttestationKey> & attestationKey,KeyCreationResult * creationResult)130 ScopedAStatus JavacardKeyMintDevice::importKey(const vector<KeyParameter>& keyParams,
131 KeyFormat keyFormat, const vector<uint8_t>& keyData,
132 const optional<AttestationKey>& attestationKey,
133 KeyCreationResult* creationResult) {
134
135 Array request;
136 // add key params
137 cbor_.addKeyparameters(request, keyParams);
138 // add key format
139 request.add(Uint(static_cast<uint8_t>(keyFormat)));
140 // add key data
141 request.add(Bstr(keyData));
142 // add attestation key if any
143 cbor_.addAttestationKey(request, attestationKey);
144
145 auto [item, err] = card_->sendRequest(Instruction::INS_IMPORT_KEY_CMD, request);
146 if (err != KM_ERROR_OK) {
147 LOG(ERROR) << "Error in sending data in importKey.";
148 return km_utils::kmError2ScopedAStatus(err);
149 }
150 if (!cbor_.getBinaryArray(item, 1, creationResult->keyBlob) ||
151 !cbor_.getKeyCharacteristics(item, 2, creationResult->keyCharacteristics) ||
152 !cbor_.getCertificateChain(item, 3, creationResult->certificateChain)) {
153 LOG(ERROR) << "Error in decoding response in importKey.";
154 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
155 }
156 return ScopedAStatus::ok();
157 }
158
159 // import wrapped key is divided into 2 stage operation.
importWrappedKey(const vector<uint8_t> & wrappedKeyData,const vector<uint8_t> & wrappingKeyBlob,const vector<uint8_t> & maskingKey,const vector<KeyParameter> & unwrappingParams,int64_t passwordSid,int64_t biometricSid,KeyCreationResult * creationResult)160 ScopedAStatus JavacardKeyMintDevice::importWrappedKey(const vector<uint8_t>& wrappedKeyData,
161 const vector<uint8_t>& wrappingKeyBlob,
162 const vector<uint8_t>& maskingKey,
163 const vector<KeyParameter>& unwrappingParams,
164 int64_t passwordSid, int64_t biometricSid,
165 KeyCreationResult* creationResult) {
166 Array request;
167 std::unique_ptr<Item> item;
168 vector<uint8_t> keyBlob;
169 std::vector<uint8_t> response;
170 vector<KeyCharacteristics> keyCharacteristics;
171 std::vector<uint8_t> iv;
172 std::vector<uint8_t> transitKey;
173 std::vector<uint8_t> secureKey;
174 std::vector<uint8_t> tag;
175 vector<KeyParameter> authList;
176 KeyFormat keyFormat;
177 std::vector<uint8_t> wrappedKeyDescription;
178 keymaster_error_t errorCode = parseWrappedKey(wrappedKeyData, iv, transitKey, secureKey, tag,
179 authList, keyFormat, wrappedKeyDescription);
180 if (errorCode != KM_ERROR_OK) {
181 LOG(ERROR) << "Error in parse wrapped key in importWrappedKey.";
182 return km_utils::kmError2ScopedAStatus(errorCode);
183 }
184
185 // begin import
186 std::tie(item, errorCode) =
187 sendBeginImportWrappedKeyCmd(transitKey, wrappingKeyBlob, maskingKey, unwrappingParams);
188 if (errorCode != KM_ERROR_OK) {
189 LOG(ERROR) << "Error in send begin import wrapped key in importWrappedKey.";
190 return km_utils::kmError2ScopedAStatus(errorCode);
191 }
192 // Finish the import
193 std::tie(item, errorCode) = sendFinishImportWrappedKeyCmd(
194 authList, keyFormat, secureKey, tag, iv, wrappedKeyDescription, passwordSid, biometricSid);
195 if (errorCode != KM_ERROR_OK) {
196 LOG(ERROR) << "Error in send finish import wrapped key in importWrappedKey.";
197 return km_utils::kmError2ScopedAStatus(errorCode);
198 }
199 if (!cbor_.getBinaryArray(item, 1, creationResult->keyBlob) ||
200 !cbor_.getKeyCharacteristics(item, 2, creationResult->keyCharacteristics) ||
201 !cbor_.getCertificateChain(item, 3, creationResult->certificateChain)) {
202 LOG(ERROR) << "Error in decoding the response in importWrappedKey.";
203 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
204 }
205 return ScopedAStatus::ok();
206 }
207
208 std::tuple<std::unique_ptr<Item>, keymaster_error_t>
sendBeginImportWrappedKeyCmd(const std::vector<uint8_t> & transitKey,const std::vector<uint8_t> & wrappingKeyBlob,const std::vector<uint8_t> & maskingKey,const vector<KeyParameter> & unwrappingParams)209 JavacardKeyMintDevice::sendBeginImportWrappedKeyCmd(const std::vector<uint8_t>& transitKey,
210 const std::vector<uint8_t>& wrappingKeyBlob,
211 const std::vector<uint8_t>& maskingKey,
212 const vector<KeyParameter>& unwrappingParams) {
213 Array request;
214 request.add(std::vector<uint8_t>(transitKey));
215 request.add(std::vector<uint8_t>(wrappingKeyBlob));
216 request.add(std::vector<uint8_t>(maskingKey));
217 cbor_.addKeyparameters(request, unwrappingParams);
218 return card_->sendRequest(Instruction::INS_BEGIN_IMPORT_WRAPPED_KEY_CMD, request);
219 }
220
221 std::tuple<std::unique_ptr<Item>, keymaster_error_t>
sendFinishImportWrappedKeyCmd(const vector<KeyParameter> & keyParams,KeyFormat keyFormat,const std::vector<uint8_t> & secureKey,const std::vector<uint8_t> & tag,const std::vector<uint8_t> & iv,const std::vector<uint8_t> & wrappedKeyDescription,int64_t passwordSid,int64_t biometricSid)222 JavacardKeyMintDevice::sendFinishImportWrappedKeyCmd(
223 const vector<KeyParameter>& keyParams, KeyFormat keyFormat,
224 const std::vector<uint8_t>& secureKey, const std::vector<uint8_t>& tag,
225 const std::vector<uint8_t>& iv, const std::vector<uint8_t>& wrappedKeyDescription,
226 int64_t passwordSid, int64_t biometricSid) {
227 Array request;
228 cbor_.addKeyparameters(request, keyParams);
229 request.add(static_cast<uint64_t>(keyFormat));
230 request.add(std::vector<uint8_t>(secureKey));
231 request.add(std::vector<uint8_t>(tag));
232 request.add(std::vector<uint8_t>(iv));
233 request.add(std::vector<uint8_t>(wrappedKeyDescription));
234 request.add(Uint(passwordSid));
235 request.add(Uint(biometricSid));
236 return card_->sendRequest(Instruction::INS_FINISH_IMPORT_WRAPPED_KEY_CMD, request);
237 }
238
upgradeKey(const vector<uint8_t> & keyBlobToUpgrade,const vector<KeyParameter> & upgradeParams,vector<uint8_t> * keyBlob)239 ScopedAStatus JavacardKeyMintDevice::upgradeKey(const vector<uint8_t>& keyBlobToUpgrade,
240 const vector<KeyParameter>& upgradeParams,
241 vector<uint8_t>* keyBlob) {
242 Array request;
243 // add key blob
244 request.add(Bstr(keyBlobToUpgrade));
245 // add key params
246 cbor_.addKeyparameters(request, upgradeParams);
247 auto [item, err] = card_->sendRequest(Instruction::INS_UPGRADE_KEY_CMD, request);
248 if (err != KM_ERROR_OK) {
249 LOG(ERROR) << "Error in sending in upgradeKey.";
250 return km_utils::kmError2ScopedAStatus(err);
251 }
252 if (!cbor_.getBinaryArray(item, 1, *keyBlob)) {
253 LOG(ERROR) << "Error in decoding the response in upgradeKey.";
254 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
255 }
256 return ScopedAStatus::ok();
257 }
258
deleteKey(const vector<uint8_t> & keyBlob)259 ScopedAStatus JavacardKeyMintDevice::deleteKey(const vector<uint8_t>& keyBlob) {
260 Array request;
261 request.add(Bstr(keyBlob));
262 auto [item, err] = card_->sendRequest(Instruction::INS_DELETE_KEY_CMD, request);
263 if (err != KM_ERROR_OK) {
264 LOG(ERROR) << "Error in sending in deleteKey.";
265 return km_utils::kmError2ScopedAStatus(err);
266 }
267 return ScopedAStatus::ok();
268 }
269
deleteAllKeys()270 ScopedAStatus JavacardKeyMintDevice::deleteAllKeys() {
271 auto [item, err] = card_->sendRequest(Instruction::INS_DELETE_ALL_KEYS_CMD);
272 if (err != KM_ERROR_OK) {
273 LOG(ERROR) << "Error in sending in deleteAllKeys.";
274 return km_utils::kmError2ScopedAStatus(err);
275 }
276 return ScopedAStatus::ok();
277 }
278
destroyAttestationIds()279 ScopedAStatus JavacardKeyMintDevice::destroyAttestationIds() {
280 auto [item, err] = card_->sendRequest(Instruction::INS_DESTROY_ATT_IDS_CMD);
281 if (err != KM_ERROR_OK) {
282 LOG(ERROR) << "Error in sending in destroyAttestationIds.";
283 return km_utils::kmError2ScopedAStatus(err);
284 }
285 return ScopedAStatus::ok();
286 }
287
begin(KeyPurpose purpose,const std::vector<uint8_t> & keyBlob,const std::vector<KeyParameter> & params,const std::optional<HardwareAuthToken> & authToken,BeginResult * result)288 ScopedAStatus JavacardKeyMintDevice::begin(KeyPurpose purpose, const std::vector<uint8_t>& keyBlob,
289 const std::vector<KeyParameter>& params,
290 const std::optional<HardwareAuthToken>& authToken,
291 BeginResult* result) {
292
293 Array array;
294 std::vector<uint8_t> response;
295 // make request
296 array.add(Uint(static_cast<uint64_t>(purpose)));
297 array.add(Bstr(keyBlob));
298 cbor_.addKeyparameters(array, params);
299 HardwareAuthToken token = authToken.value_or(HardwareAuthToken());
300 cbor_.addHardwareAuthToken(array, token);
301
302 // Send earlyBootEnded if there is any pending earlybootEnded event.
303 handleSendEarlyBootEndedEvent();
304
305 auto [item, err] = card_->sendRequest(Instruction::INS_BEGIN_OPERATION_CMD, array);
306 if (err != KM_ERROR_OK) {
307 LOG(ERROR) << "Error in sending in begin.";
308 return km_utils::kmError2ScopedAStatus(err);
309 }
310 // return the result
311 uint64_t opHandle;
312 uint8_t bufMode;
313 uint16_t macLength;
314 if (!cbor_.getKeyParameters(item, 1, result->params) ||
315 !cbor_.getUint64<uint64_t>(item, 2, opHandle) ||
316 !cbor_.getUint64<uint8_t>(item, 3, bufMode) ||
317 !cbor_.getUint64<uint16_t>(item, 4, macLength)) {
318 LOG(ERROR) << "Error in decoding the response in begin.";
319 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
320 }
321 result->challenge = opHandle;
322 result->operation = ndk::SharedRefBase::make<JavacardKeyMintOperation>(
323 static_cast<keymaster_operation_handle_t>(opHandle), static_cast<BufferingMode>(bufMode),
324 macLength, card_);
325 return ScopedAStatus::ok();
326 }
327
328 // TODO
329 ScopedAStatus
deviceLocked(bool passwordOnly,const std::optional<TimeStampToken> & timestampToken)330 JavacardKeyMintDevice::deviceLocked(bool passwordOnly,
331 const std::optional<TimeStampToken>& timestampToken) {
332 Array request;
333 int8_t password = 1;
334 if (!passwordOnly) {
335 password = 0;
336 }
337 request.add(Uint(password));
338 cbor_.addTimeStampToken(request, timestampToken.value_or(TimeStampToken()));
339 auto [item, err] = card_->sendRequest(Instruction::INS_DEVICE_LOCKED_CMD, request);
340 if (err != KM_ERROR_OK) {
341 return km_utils::kmError2ScopedAStatus(err);
342 }
343 return ScopedAStatus::ok();
344 }
345
handleSendEarlyBootEndedEvent()346 void JavacardKeyMintDevice::handleSendEarlyBootEndedEvent() {
347 if (isEarlyBootEventPending) {
348 LOG(INFO) << "JavacardKeyMintDevice::handleSendEarlyBootEndedEvent send earlyBootEnded Event.";
349 if (earlyBootEnded().isOk()) {
350 isEarlyBootEventPending = false;
351 }
352 }
353 }
354
earlyBootEnded()355 ScopedAStatus JavacardKeyMintDevice::earlyBootEnded() {
356 auto [item, err] = card_->sendRequest(Instruction::INS_EARLY_BOOT_ENDED_CMD);
357 if (err != KM_ERROR_OK) {
358 // In case of failure cache the event and send in the next immediate request to Applet.
359 isEarlyBootEventPending = true;
360 return km_utils::kmError2ScopedAStatus(err);
361 }
362 isEarlyBootEventPending = false;
363 return ScopedAStatus::ok();
364 }
365
getKeyCharacteristics(const std::vector<uint8_t> & keyBlob,const std::vector<uint8_t> & appId,const std::vector<uint8_t> & appData,std::vector<KeyCharacteristics> * result)366 ScopedAStatus JavacardKeyMintDevice::getKeyCharacteristics(
367 const std::vector<uint8_t>& keyBlob, const std::vector<uint8_t>& appId,
368 const std::vector<uint8_t>& appData, std::vector<KeyCharacteristics>* result) {
369 Array request;
370 request.add(vector<uint8_t>(keyBlob));
371 request.add(vector<uint8_t>(appId));
372 request.add(vector<uint8_t>(appData));
373 auto [item, err] = card_->sendRequest(Instruction::INS_GET_KEY_CHARACTERISTICS_CMD, request);
374 if (err != KM_ERROR_OK) {
375 LOG(ERROR) << "Error in sending in getKeyCharacteristics.";
376 return km_utils::kmError2ScopedAStatus(err);
377 }
378 if (!cbor_.getKeyCharacteristics(item, 1, *result)) {
379 LOG(ERROR) << "Error in sending in upgradeKey.";
380 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
381 }
382 return ScopedAStatus::ok();
383 }
384
getRootOfTrustChallenge(std::array<uint8_t,16> * challenge)385 ScopedAStatus JavacardKeyMintDevice::getRootOfTrustChallenge(std::array<uint8_t, 16>* challenge) {
386 auto [item, err] = card_->sendRequest(Instruction::INS_GET_ROT_CHALLENGE_CMD);
387 if (err != KM_ERROR_OK) {
388 LOG(ERROR) << "Error in getRootOfTrustChallenge.";
389 return km_utils::kmError2ScopedAStatus(err);
390 }
391 std::vector<uint8_t> rotChallenge;
392 if (!cbor_.getBinaryArray(item, 1, rotChallenge) ||
393 (rotChallenge.size() != 16)) {
394 LOG(ERROR) << "Error in RotChallenge Data";
395 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR);
396 }
397 std::copy_n(rotChallenge.begin(), 16, challenge->begin());
398 return ScopedAStatus::ok();
399 }
400
getRootOfTrust(const std::array<uint8_t,16> & in_challenge,std::vector<uint8_t> * rootOfTrust)401 ScopedAStatus JavacardKeyMintDevice::getRootOfTrust(__attribute__((unused)) const std::array<uint8_t, 16>& in_challenge,
402 __attribute__((unused)) std::vector<uint8_t>* rootOfTrust) {
403 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED);
404 }
405
sendRootOfTrust(const std::vector<uint8_t> & in_rootOfTrust)406 ScopedAStatus JavacardKeyMintDevice::sendRootOfTrust(const std::vector<uint8_t>& in_rootOfTrust) {
407 std::vector<uint8_t> rootOfTrust(in_rootOfTrust);
408 auto [item, err] = card_->sendRequest(Instruction::INS_SEND_ROT_DATA_CMD, rootOfTrust);
409 if (err != KM_ERROR_OK) {
410 LOG(ERROR) << "Error in sendRootOfTrust.";
411 return km_utils::kmError2ScopedAStatus(err);
412 }
413 return ScopedAStatus::ok();
414 }
415
416 keymaster_error_t
parseWrappedKey(const vector<uint8_t> & wrappedKeyData,std::vector<uint8_t> & iv,std::vector<uint8_t> & transitKey,std::vector<uint8_t> & secureKey,std::vector<uint8_t> & tag,vector<KeyParameter> & authList,KeyFormat & keyFormat,std::vector<uint8_t> & wrappedKeyDescription)417 JavacardKeyMintDevice::parseWrappedKey(const vector<uint8_t>& wrappedKeyData,
418 std::vector<uint8_t>& iv, std::vector<uint8_t>& transitKey,
419 std::vector<uint8_t>& secureKey, std::vector<uint8_t>& tag,
420 vector<KeyParameter>& authList, KeyFormat& keyFormat,
421 std::vector<uint8_t>& wrappedKeyDescription) {
422 KeymasterBlob kmIv;
423 KeymasterKeyBlob kmTransitKey;
424 KeymasterKeyBlob kmSecureKey;
425 KeymasterBlob kmTag;
426 AuthorizationSet authSet;
427 keymaster_key_format_t kmKeyFormat;
428 KeymasterBlob kmWrappedKeyDescription;
429
430 size_t keyDataLen = wrappedKeyData.size();
431 uint8_t* keyData = dup_buffer(wrappedKeyData.data(), keyDataLen);
432 keymaster_key_blob_t keyMaterial = {keyData, keyDataLen};
433 keymaster_error_t error =
434 parse_wrapped_key(KeymasterKeyBlob(keyMaterial), &kmIv, &kmTransitKey, &kmSecureKey, &kmTag,
435 &authSet, &kmKeyFormat, &kmWrappedKeyDescription);
436 if (error != KM_ERROR_OK) {
437 LOG(ERROR) << "Error parsing wrapped key.";
438 return error;
439 }
440 iv = km_utils::kmBlob2vector(kmIv);
441 transitKey = km_utils::kmBlob2vector(kmTransitKey);
442 secureKey = km_utils::kmBlob2vector(kmSecureKey);
443 tag = km_utils::kmBlob2vector(kmTag);
444 authList = km_utils::kmParamSet2Aidl(authSet);
445 keyFormat = static_cast<KeyFormat>(kmKeyFormat);
446 wrappedKeyDescription = km_utils::kmBlob2vector(kmWrappedKeyDescription);
447 return KM_ERROR_OK;
448 }
449
convertStorageKeyToEphemeral(const std::vector<uint8_t> &,std::vector<uint8_t> *)450 ScopedAStatus JavacardKeyMintDevice::convertStorageKeyToEphemeral(
451 const std::vector<uint8_t>& /* storageKeyBlob */,
452 std::vector<uint8_t>* /* ephemeralKeyBlob */) {
453 return km_utils::kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED);
454 }
455
dump(int,const char **,uint32_t)456 binder_status_t JavacardKeyMintDevice::dump(int /* fd */, const char** /* p */, uint32_t /* q */) {
457 LOG(INFO) << "\n KeyMint-JavacardKeyMintDevice HAL MemoryLeak Info = \n"
458 << ::android::GetUnreachableMemoryString(true, 10000).c_str();
459 return STATUS_OK;
460 }
461 } // namespace aidl::android::hardware::security::keymint
462