commit 3dc27a14dacf52e5616037e9398177ceca8476e0
author ichihlu <ichihlu@google.com> Thu Dec 24 06:25:48 2020 +0000
committer I-Chih Lu <ichihlu@google.com> Fri Jan 08 03:21:24 2021 +0000
tree 9566f1dd0b22e4dd870ccf51925f3f59f041e32b
parent af75ee2838030786e9933689f4b26713b0b93123

Use compiler option to choose the signing key.

Use the key from keymaster when in the real target.

Bug: 176508836

Change-Id: Ib641c0817ca4d38f36698dcc2c029e15714e4c51

rules.mk

diff --git a/rules.mk b/rules.mk
index e2ad59f..cddf0b5 100644
--- a/rules.mk
+++ b/rules.mk
@@ -30,6 +30,7 @@
 	$(LOCAL_DIR)/src/trusty_time_stamper.cpp \
 
 MODULE_DEPS += \
+	trusty/user/base/lib/keymaster \
 	trusty/user/base/lib/libc-trusty \
 	trusty/user/base/lib/libstdc++-trusty \
 	trusty/user/base/lib/rng \

src/main.cpp

diff --git a/src/main.cpp b/src/main.cpp
index 1cd1cc0..5079509 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -28,6 +28,8 @@
 
 #include "trusty_operation.h"
 
+#include <lib/keymaster/keymaster.h>
+
 #define CONFIRMATIONUI_PORT_NAME "com.android.trusty.confirmationui"
 
 /*
@@ -66,8 +68,6 @@
 };
 
 static constexpr const size_t kMessageSize = 0x2000;  // 8K
-constexpr const auto kTestKey = teeui::AuthTokenKey::fill(
-        static_cast<uint8_t>(teeui::TestKeyBits::BYTE));
 
 enum class IpcState {
     SENDING,
@@ -88,6 +88,31 @@
     }
 }
 
+static bool get_auth_token_key(teeui::AuthTokenKey& authKey) {
+    long rc = keymaster_open();
+
+    if (rc < 0) {
+        return false;
+    }
+
+    keymaster_session_t session = (keymaster_session_t)rc;
+    uint8_t* key = nullptr;
+    uint32_t local_length = 0;
+    rc = keymaster_get_auth_token_key(session, &key, &local_length);
+    keymaster_close(session);
+    TLOGD("%s, key length = %u\n", __func__, local_length);
+    if (local_length != teeui::kAuthTokenKeySize) {
+        return false;
+    }
+    if (rc == NO_ERROR) {
+        memcpy(authKey.data(), key, teeui::kAuthTokenKeySize);
+    } else {
+        return false;
+    }
+
+    return true;
+}
+
 static void port_handler(const struct uevent* event, void* priv) {
     int rc;
     struct uuid peer_uuid;
@@ -115,11 +140,24 @@
         uint32_t msize = aligned_message_size;
         TrustyOperation op;
 
-        /*
-         * TODO: Get the real auth token key form Keymaster and install it
-         * instead of the test key.
-         */
+#if defined(PLATFORM_GENERIC_ARM64)
+        /* Use the test key for emulator */
+        constexpr const auto kTestKey = teeui::AuthTokenKey::fill(
+                static_cast<uint8_t>(teeui::TestKeyBits::BYTE));
         op.setHmacKey(kTestKey);
+#else
+        teeui::AuthTokenKey authKey;
+        if (get_auth_token_key(authKey) == true) {
+            TLOGD("%s, get auth token key successfully\n", __func__);
+        } else {
+            TLOGE("%s, get auth token key failed\n", __func__);
+            /* Abort operation and free all resources */
+            op.abort();
+            close(channel);
+            return;
+        }
+        op.setHmacKey(authKey);
+#endif
 
         IpcState state = IpcState::RECEIVING;