tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Add support lib wrappers for clients"

Browse source
This commit is contained in:
Shawn Willden 2020-01-21 20:48:20 +00:00 committed by Android (Google) Code Review
commit 26a803beef
14 changed files with 413 additions and 299 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
keymaster/4.0/support/Android.bp
View file

@ -27,11 +27,10 @@ cc_library {
"authorization_set.cpp",
"key_param_output.cpp",
"keymaster_utils.cpp",
"Keymaster.cpp",
"Keymaster3.cpp",
"Keymaster4.cpp",
],
export_include_dirs: ["include"],
export_include_dirs: [
"include",
],
shared_libs: [
"android.hardware.keymaster@3.0",
"android.hardware.keymaster@4.0",
@ -39,6 +38,5 @@ cc_library {
"libcrypto",
"libhardware",
"libhidlbase",
"libutils",
]
],
}

160
keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h
View file

@ -1,160 +0,0 @@
/*
**
** Copyright 2017, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
#ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_4_H_
#define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_4_H_
#include "Keymaster.h"
namespace android {
namespace hardware {
namespace keymaster {
namespace V4_0 {
namespace support {
using android::sp;
using IKeymaster4Device = ::android::hardware::keymaster::V4_0::IKeymasterDevice;
class Keymaster4 : public Keymaster {
public:
using WrappedIKeymasterDevice = IKeymaster4Device;
Keymaster4(sp<IKeymasterDevice> km4_dev, const hidl_string& instanceName)
: Keymaster(IKeymaster4Device::descriptor, instanceName),
haveVersion_(false),
dev_(km4_dev) {}
const VersionResult& halVersion() const override {
const_cast<Keymaster4*>(this)->getVersionIfNeeded();
return version_;
}
Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb) override {
return dev_->getHardwareInfo(_hidl_cb);
}
Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override {
return dev_->getHmacSharingParameters(_hidl_cb);
}
Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>& params,
computeSharedHmac_cb _hidl_cb) override {
return dev_->computeSharedHmac(params, _hidl_cb);
}
Return<void> verifyAuthorization(uint64_t operationHandle, const hidl_vec<KeyParameter>& params,
const HardwareAuthToken& authToken,
verifyAuthorization_cb _hidl_cb) override {
return dev_->verifyAuthorization(operationHandle, params, authToken, _hidl_cb);
}
Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override {
return dev_->addRngEntropy(data);
}
Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
generateKey_cb _hidl_cb) override {
return dev_->generateKey(keyParams, _hidl_cb);
}
Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
const hidl_vec<uint8_t>& clientId,
const hidl_vec<uint8_t>& appData,
getKeyCharacteristics_cb _hidl_cb) override {
return dev_->getKeyCharacteristics(keyBlob, clientId, appData, _hidl_cb);
}
Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override {
return dev_->importKey(params, keyFormat, keyData, _hidl_cb);
}
Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
const hidl_vec<uint8_t>& wrappingKeyBlob,
const hidl_vec<uint8_t>& maskingKey,
const hidl_vec<KeyParameter>& unwrappingParams,
uint64_t passwordSid, uint64_t biometricSid,
importWrappedKey_cb _hidl_cb) {
return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, unwrappingParams,
passwordSid, biometricSid, _hidl_cb);
}
Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
exportKey_cb _hidl_cb) override {
return dev_->exportKey(exportFormat, keyBlob, clientId, appData, _hidl_cb);
}
Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
const hidl_vec<KeyParameter>& attestParams,
attestKey_cb _hidl_cb) override {
return dev_->attestKey(keyToAttest, attestParams, _hidl_cb);
}
Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
const hidl_vec<KeyParameter>& upgradeParams,
upgradeKey_cb _hidl_cb) override {
return dev_->upgradeKey(keyBlobToUpgrade, upgradeParams, _hidl_cb);
}
Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override {
return dev_->deleteKey(keyBlob);
}
Return<ErrorCode> deleteAllKeys() override { return dev_->deleteAllKeys(); }
Return<ErrorCode> destroyAttestationIds() override { return dev_->destroyAttestationIds(); }
Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
begin_cb _hidl_cb) override {
return dev_->begin(purpose, key, inParams, authToken, _hidl_cb);
}
Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
const VerificationToken& verificationToken, update_cb _hidl_cb) override {
return dev_->update(operationHandle, inParams, input, authToken, verificationToken,
_hidl_cb);
}
Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
const HardwareAuthToken& authToken,
const VerificationToken& verificationToken, finish_cb _hidl_cb) override {
return dev_->finish(operationHandle, inParams, input, signature, authToken,
verificationToken, _hidl_cb);
}
Return<ErrorCode> abort(uint64_t operationHandle) override {
return dev_->abort(operationHandle);
}
private:
void getVersionIfNeeded();
bool haveVersion_;
VersionResult version_;
sp<IKeymaster4Device> dev_;
};
} // namespace support
} // namespace V4_0
} // namespace keymaster
} // namespace hardware
} // namespace android
#endif // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_4_H_

1
keymaster/4.1/default/Android.bp
View file

@ -31,6 +31,7 @@ cc_binary {
"libhidlbase",
"libkeymaster4",
"libkeymaster41",
"libkeymaster4_1support",
"liblog",
"libutils",
],

8
keymaster/4.1/support/Android.bp
View file

@ -24,6 +24,9 @@ cc_library {
],
srcs: [
"attestation_record.cpp",
"Keymaster.cpp",
"Keymaster3.cpp",
"Keymaster4.cpp",
],
export_include_dirs: ["include"],
shared_libs: [
@ -34,5 +37,10 @@ cc_library {
"libcrypto",
"libhidlbase",
"libkeymaster4support",
"libutils",
],
export_shared_lib_headers: [
"android.hardware.keymaster@4.1",
"libkeymaster4support",
],
}

50
keymaster/4.0/support/Keymaster.cpp → keymaster/4.1/support/Keymaster.cpp
View file

@ -14,19 +14,18 @@
** limitations under the License.
*/
#include <keymasterV4_0/Keymaster.h>
#include <keymasterV4_1/Keymaster.h>
#include <iomanip>
#include <android-base/logging.h>
#include <android/hidl/manager/1.2/IServiceManager.h>
#include <keymasterV4_0/Keymaster3.h>
#include <keymasterV4_0/Keymaster4.h>
#include <keymasterV4_0/key_param_output.h>
#include <keymasterV4_0/keymaster_utils.h>
#include <keymasterV4_1/Keymaster3.h>
#include <keymasterV4_1/Keymaster4.h>
namespace android {
namespace hardware {
namespace android::hardware {
template <class T>
std::ostream& operator<<(std::ostream& os, const hidl_vec<T>& vec) {
@ -57,6 +56,7 @@ std::ostream& operator<<(std::ostream& os, const hidl_array<uint8_t, N>& vec) {
}
namespace keymaster {
namespace V4_0 {
std::ostream& operator<<(std::ostream& os, const HmacSharingParameters& params) {
@ -66,7 +66,9 @@ std::ostream& operator<<(std::ostream& os, const HmacSharingParameters& params)
return os;
}
namespace support {
} // namespace V4_0
namespace V4_1::support {
using ::android::sp;
using ::android::hidl::manager::V1_2::IServiceManager;
@ -140,14 +142,14 @@ Keymaster::KeymasterSet Keymaster::enumerateAvailableDevices() {
}
static hidl_vec<HmacSharingParameters> getHmacParameters(
const Keymaster::KeymasterSet& keymasters) {
const Keymaster::KeymasterSet& keymasters) {
std::vector<HmacSharingParameters> params_vec;
params_vec.reserve(keymasters.size());
for (auto& keymaster : keymasters) {
if (keymaster->halVersion().majorVersion < 4) continue;
auto rc = keymaster->getHmacSharingParameters([&](auto error, auto& params) {
CHECK(error == ErrorCode::OK)
<< "Failed to get HMAC parameters from " << *keymaster << " error " << error;
CHECK(error == V4_0::ErrorCode::OK)
<< "Failed to get HMAC parameters from " << *keymaster << " error " << error;
params_vec.push_back(params);
});
CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster
@ -169,18 +171,18 @@ static void computeHmac(const Keymaster::KeymasterSet& keymasters,
if (keymaster->halVersion().majorVersion < 4) continue;
LOG(DEBUG) << "Computing HMAC for " << *keymaster;
auto rc = keymaster->computeSharedHmac(
params, [&](ErrorCode error, const hidl_vec<uint8_t>& curSharingCheck) {
CHECK(error == ErrorCode::OK)
<< "Failed to get HMAC parameters from " << *keymaster << " error " << error;
if (firstKeymaster) {
sharingCheck = curSharingCheck;
firstKeymaster = false;
}
if (curSharingCheck != sharingCheck)
LOG(WARNING) << "HMAC computation failed for " << *keymaster //
<< " Expected: " << sharingCheck //
<< " got: " << curSharingCheck;
});
params, [&](V4_0::ErrorCode error, const hidl_vec<uint8_t>& curSharingCheck) {
CHECK(error == V4_0::ErrorCode::OK) << "Failed to get HMAC parameters from "
<< *keymaster << " error " << error;
if (firstKeymaster) {
sharingCheck = curSharingCheck;
firstKeymaster = false;
}
if (curSharingCheck != sharingCheck)
LOG(WARNING) << "HMAC computation failed for " << *keymaster //
<< " Expected: " << sharingCheck //
<< " got: " << curSharingCheck;
});
CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster
<< " error: " << rc.description();
}
@ -190,8 +192,6 @@ void Keymaster::performHmacKeyAgreement(const KeymasterSet& keymasters) {
computeHmac(keymasters, getHmacParameters(keymasters));
}
} // namespace support
} // namespace V4_0
} // namespace V4_1::support
} // namespace keymaster
} // namespace hardware
} // namespace android
} // namespace android::hardware

71
keymaster/4.0/support/Keymaster3.cpp → keymaster/4.1/support/Keymaster3.cpp
View file

@ -15,23 +15,19 @@
** limitations under the License.
*/
#include <keymasterV4_0/Keymaster3.h>
#include <keymasterV4_1/Keymaster3.h>
#include <android-base/logging.h>
#include <keymasterV4_0/keymaster_utils.h>
namespace android {
namespace hardware {
namespace keymaster {
namespace V4_0 {
namespace support {
namespace android::hardware::keymaster::V4_1::support {
using android::hardware::details::StatusOf;
namespace {
ErrorCode convert(V3_0::ErrorCode error) {
return static_cast<ErrorCode>(error);
V4_0::ErrorCode convert(V3_0::ErrorCode error) {
return static_cast<V4_0::ErrorCode>(error);
}
V3_0::KeyPurpose convert(KeyPurpose purpose) {
@ -53,7 +49,7 @@ V3_0::KeyParameter convert(const KeyParameter& param) {
KeyParameter convert(const V3_0::KeyParameter& param) {
KeyParameter converted;
converted.tag = static_cast<Tag>(param.tag);
converted.tag = static_cast<V4_0::Tag>(param.tag);
static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
memcpy(&converted.f, &param.f, sizeof(param.f));
converted.blob = param.blob;
@ -89,7 +85,7 @@ hidl_vec<V3_0::KeyParameter> convertAndAddAuthToken(const hidl_vec<KeyParameter>
converted[i] = convert(params[i]);
}
converted[params.size()].tag = V3_0::Tag::AUTH_TOKEN;
converted[params.size()].blob = authToken2HidlVec(authToken);
converted[params.size()].blob = V4_0::support::authToken2HidlVec(authToken);
return converted;
}
@ -107,16 +103,19 @@ void Keymaster3::getVersionIfNeeded() {
if (haveVersion_) return;
auto rc = km3_dev_->getHardwareFeatures(
[&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName,
const hidl_string& keymasterAuthorName) {
version_ = {keymasterName, keymasterAuthorName, 0 /* major version, filled below */,
isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE,
supportsEllipticCurve};
supportsSymmetricCryptography_ = supportsSymmetricCryptography;
supportsAttestation_ = supportsAttestation;
supportsAllDigests_ = supportsAllDigests;
});
[&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName,
const hidl_string& keymasterAuthorName) {
version_ = {keymasterName,
keymasterAuthorName,
0 /* major version, filled below */,
0 /* minor version */,
isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE,
supportsEllipticCurve};
supportsSymmetricCryptography_ = supportsSymmetricCryptography;
supportsAttestation_ = supportsAttestation;
supportsAllDigests_ = supportsAllDigests;
});
CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features";
@ -139,10 +138,10 @@ Return<void> Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb
return Void();
}
Return<ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) {
Return<V4_0::ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) {
auto rc = km3_dev_->addRngEntropy(data);
if (!rc.isOk()) {
return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
}
return convert(rc);
}
@ -215,21 +214,21 @@ Return<void> Keymaster3::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
return rc;
}
Return<ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
Return<V4_0::ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
auto rc = km3_dev_->deleteKey(keyBlob);
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
return convert(rc);
}
Return<ErrorCode> Keymaster3::deleteAllKeys() {
Return<V4_0::ErrorCode> Keymaster3::deleteAllKeys() {
auto rc = km3_dev_->deleteAllKeys();
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
return convert(rc);
}
Return<ErrorCode> Keymaster3::destroyAttestationIds() {
Return<V4_0::ErrorCode> Keymaster3::destroyAttestationIds() {
auto rc = km3_dev_->destroyAttestationIds();
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
return convert(rc);
}
@ -242,7 +241,7 @@ Return<void> Keymaster3::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
};
auto rc =
km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb);
km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb);
rc.isOk(); // move ctor prereq
return rc;
}
@ -256,8 +255,8 @@ Return<void> Keymaster3::update(uint64_t operationHandle, const hidl_vec<KeyPara
_hidl_cb(convert(error), inputConsumed, convert(outParams), output);
};
auto rc =
km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input, cb);
auto rc = km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input,
cb);
rc.isOk(); // move ctor prereq
return rc;
}
@ -278,14 +277,10 @@ Return<void> Keymaster3::finish(uint64_t operationHandle, const hidl_vec<KeyPara
return rc;
}
Return<ErrorCode> Keymaster3::abort(uint64_t operationHandle) {
Return<V4_0::ErrorCode> Keymaster3::abort(uint64_t operationHandle) {
auto rc = km3_dev_->abort(operationHandle);
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
return convert(rc);
}
} // namespace support
} // namespace V4_0
} // namespace keymaster
} // namespace hardware
} // namespace android
} // namespace android::hardware::keymaster::V4_1::support

33
keymaster/4.0/support/Keymaster4.cpp → keymaster/4.1/support/Keymaster4.cpp
View file

@ -1,5 +1,4 @@
/*
**
** Copyright 2017, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
@ -15,32 +14,28 @@
** limitations under the License.
*/
#include <keymasterV4_0/Keymaster4.h>
#include <keymasterV4_1/Keymaster4.h>
#include <android-base/logging.h>
namespace android {
namespace hardware {
namespace keymaster {
namespace V4_0 {
namespace support {
namespace android::hardware::keymaster::V4_1::support {
void Keymaster4::getVersionIfNeeded() {
if (haveVersion_) return;
auto rc =
dev_->getHardwareInfo([&](SecurityLevel securityLevel, const hidl_string& keymasterName,
const hidl_string& authorName) {
version_ = {keymasterName, authorName, 4 /* major version */, securityLevel,
true /* supportsEc */};
haveVersion_ = true;
});
auto rc = km4_0_dev_->getHardwareInfo([&](SecurityLevel securityLevel,
const hidl_string& keymasterName,
const hidl_string& authorName) {
version_ = {keymasterName,
authorName,
4 /* major version */,
static_cast<uint8_t>((km4_1_dev_) ? 1 : 0) /* minor version */,
securityLevel,
true /* supportsEc */};
haveVersion_ = true;
});
CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware info";
}
} // namespace support
} // namespace V4_0
} // namespace keymaster
} // namespace hardware
} // namespace android
} // namespace android::hardware::keymaster::V4_1::support

41
keymaster/4.0/support/include/keymasterV4_0/Keymaster.h → keymaster/4.1/support/include/keymasterV4_1/Keymaster.h
View file

@ -15,28 +15,28 @@
** limitations under the License.
*/
#ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_
#define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_
#include <android/hardware/keymaster/4.0/IKeymasterDevice.h>
#pragma once
#include <memory>
#include <vector>
namespace android {
namespace hardware {
namespace keymaster {
namespace V4_0 {
namespace support {
#include <android/hardware/keymaster/4.1/IKeymasterDevice.h>
#include <keymasterV4_1/keymaster_tags.h>
namespace android::hardware::keymaster::V4_1::support {
/**
* Keymaster abstracts the underlying V4_0::IKeymasterDevice. There is one implementation
* (Keymaster4) which is a trivial passthrough and one that wraps a V3_0::IKeymasterDevice.
* Keymaster abstracts the underlying V4_1::IKeymasterDevice. There are two implementations,
* Keymaster3 which wraps a V3_0::IKeymasterDevice and Keymaster4, which wraps either a
* V4_0::IKeymasterDevice or a V4_1::IKeymasterDevice. There is a V3_0::IKeymasterDevice
* implementation that is used to wrap pre-HIDL keymaster implementations, and Keymaster3 will wrap
* that.
*
* The reason for adding this additional layer, rather than simply using the latest HAL directly and
* subclassing it to wrap any older HAL, is because this provides a place to put additional methods
* which clients can use when they need to distinguish between different underlying HAL versions,
* while still having to use only the latest interface.
* while still having to use only the latest interface. Plus it's a handy place to keep some
* convenience methods.
*/
class Keymaster : public IKeymasterDevice {
public:
@ -50,12 +50,14 @@ class Keymaster : public IKeymasterDevice {
hidl_string keymasterName;
hidl_string authorName;
uint8_t majorVersion;
uint8_t minorVersion;
SecurityLevel securityLevel;
bool supportsEc;
bool operator>(const VersionResult& other) const {
auto lhs = std::tie(securityLevel, majorVersion, supportsEc);
auto rhs = std::tie(other.securityLevel, other.majorVersion, other.supportsEc);
auto lhs = std::tie(securityLevel, majorVersion, minorVersion, supportsEc);
auto rhs = std::tie(other.securityLevel, other.majorVersion, other.minorVersion,
other.supportsEc);
return lhs > rhs;
}
};
@ -69,6 +71,9 @@ class Keymaster : public IKeymasterDevice {
* There are no side effects otherwise.
*/
void logIfKeymasterVendorError(ErrorCode ec) const;
void logIfKeymasterVendorError(V4_0::ErrorCode ec) const {
logIfKeymasterVendorError(static_cast<ErrorCode>(ec));
}
/**
* Returns all available Keymaster3 and Keymaster4 instances, in order of most secure to least
@ -93,10 +98,4 @@ class Keymaster : public IKeymasterDevice {
std::ostream& operator<<(std::ostream& os, const Keymaster& keymaster);
} // namespace support
} // namespace V4_0
} // namespace keymaster
} // namespace hardware
} // namespace android
#endif // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_
} // namespace android::hardware::keymaster::V4_1::support

65
keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h → keymaster/4.1/support/include/keymasterV4_1/Keymaster3.h
View file

@ -1,5 +1,4 @@
/*
**
** Copyright 2017, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
@ -15,18 +14,14 @@
** limitations under the License.
*/
#ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_3_H_
#define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_3_H_
#pragma once
#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
#include "Keymaster.h"
#include "Operation.h"
namespace android {
namespace hardware {
namespace keymaster {
namespace V4_0 {
namespace support {
namespace android::hardware::keymaster::V4_1::support {
using IKeymaster3Device = ::android::hardware::keymaster::V3_0::IKeymasterDevice;
@ -38,8 +33,10 @@ using ::android::hardware::Void;
using ::android::hardware::details::return_status;
class Keymaster3 : public Keymaster {
public:
public:
// This definition is used for device enumeration.
using WrappedIKeymasterDevice = IKeymaster3Device;
Keymaster3(sp<IKeymaster3Device> km3_dev, const hidl_string& instanceName)
: Keymaster(IKeymaster3Device::descriptor, instanceName),
km3_dev_(km3_dev),
@ -53,24 +50,24 @@ class Keymaster3 : public Keymaster {
Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb);
Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override {
_hidl_cb(ErrorCode::UNIMPLEMENTED, {});
_hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {});
return Void();
}
Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>&,
computeSharedHmac_cb _hidl_cb) override {
_hidl_cb(ErrorCode::UNIMPLEMENTED, {});
_hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {});
return Void();
}
Return<void> verifyAuthorization(uint64_t, const hidl_vec<KeyParameter>&,
const HardwareAuthToken&,
verifyAuthorization_cb _hidl_cb) override {
_hidl_cb(ErrorCode::UNIMPLEMENTED, {});
_hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {});
return Void();
}
Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override;
Return<V4_0::ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override;
Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
generateKey_cb _hidl_cb) override;
Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
@ -86,7 +83,7 @@ class Keymaster3 : public Keymaster {
const hidl_vec<KeyParameter>& /* unwrappingParams */,
uint64_t /* passwordSid */, uint64_t /* biometricSid */,
importWrappedKey_cb _hidl_cb) {
_hidl_cb(ErrorCode::UNIMPLEMENTED, {}, {});
_hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {}, {});
return Void();
}
@ -99,9 +96,9 @@ class Keymaster3 : public Keymaster {
Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
const hidl_vec<KeyParameter>& upgradeParams,
upgradeKey_cb _hidl_cb) override;
Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override;
Return<ErrorCode> deleteAllKeys() override;
Return<ErrorCode> destroyAttestationIds() override;
Return<V4_0::ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override;
Return<V4_0::ErrorCode> deleteAllKeys() override;
Return<V4_0::ErrorCode> destroyAttestationIds() override;
Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
begin_cb _hidl_cb) override;
@ -112,9 +109,31 @@ class Keymaster3 : public Keymaster {
const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
const HardwareAuthToken& authToken,
const VerificationToken& verificationToken, finish_cb _hidl_cb) override;
Return<ErrorCode> abort(uint64_t operationHandle) override;
Return<V4_0::ErrorCode> abort(uint64_t operationHandle) override;
private:
/**********************************
* V4_1::IKeymasterDevice methods *
*********************************/
Return<ErrorCode> deviceLocked(bool /* passwordOnly */,
const VerificationToken& /* verificationToken */) override {
return ErrorCode::UNIMPLEMENTED;
}
Return<ErrorCode> earlyBootEnded() override { return ErrorCode::UNIMPLEMENTED; }
Return<void> beginOp(KeyPurpose purpose, const hidl_vec<uint8_t>& keyBlob,
const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
beginOp_cb _hidl_cb) override {
return begin(purpose, keyBlob, inParams, authToken,
[&_hidl_cb](V4_0::ErrorCode errorCode, const hidl_vec<KeyParameter>& outParams,
OperationHandle operationHandle) {
_hidl_cb(static_cast<ErrorCode>(errorCode), outParams,
new Operation(operationHandle));
});
}
private:
void getVersionIfNeeded();
sp<IKeymaster3Device> km3_dev_;
@ -126,10 +145,4 @@ class Keymaster3 : public Keymaster {
bool supportsAllDigests_;
};
} // namespace support
} // namespace V4_0
} // namespace keymaster
} // namespace hardware
} // namespace android
#endif // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_3_H_
} // namespace android::hardware::keymaster::V4_1::support

197
keymaster/4.1/support/include/keymasterV4_1/Keymaster4.h Normal file
View file

@ -0,0 +1,197 @@
/*
** Copyright 2020, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
#pragma once
#include "Keymaster.h"
#include "Operation.h"
namespace android::hardware::keymaster::V4_1::support {
using android::sp;
/**
* This class can wrap either a V4_0 or V4_1 IKeymasterDevice.
*/
class Keymaster4 : public Keymaster {
public:
// This definition is used for device enumeration; enumerating 4.0 devices will also
// enumerate 4.1. devices.
using WrappedIKeymasterDevice = V4_0::IKeymasterDevice;
Keymaster4(sp<V4_1::IKeymasterDevice> km4_1_dev, const hidl_string& instanceName)
: Keymaster(V4_1::IKeymasterDevice::descriptor, instanceName),
haveVersion_(false),
km4_0_dev_(km4_1_dev),
km4_1_dev_(km4_1_dev) {}
Keymaster4(sp<V4_0::IKeymasterDevice> km4_0_dev, const hidl_string& instanceName)
: Keymaster(V4_1::IKeymasterDevice::descriptor, instanceName),
haveVersion_(false),
km4_0_dev_(km4_0_dev),
km4_1_dev_() {}
const VersionResult& halVersion() const override {
const_cast<Keymaster4*>(this)->getVersionIfNeeded();
return version_;
}
/**********************************
* V4_0::IKeymasterDevice methods *
*********************************/
Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb) override {
return km4_0_dev_->getHardwareInfo(_hidl_cb);
}
Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override {
return km4_0_dev_->getHmacSharingParameters(_hidl_cb);
}
Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>& params,
computeSharedHmac_cb _hidl_cb) override {
return km4_0_dev_->computeSharedHmac(params, _hidl_cb);
}
Return<void> verifyAuthorization(uint64_t operationHandle, const hidl_vec<KeyParameter>& params,
const HardwareAuthToken& authToken,
verifyAuthorization_cb _hidl_cb) override {
return km4_0_dev_->verifyAuthorization(operationHandle, params, authToken, _hidl_cb);
}
Return<V4_0::ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override {
return km4_0_dev_->addRngEntropy(data);
}
Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
generateKey_cb _hidl_cb) override {
return km4_0_dev_->generateKey(keyParams, _hidl_cb);
}
Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
const hidl_vec<uint8_t>& clientId,
const hidl_vec<uint8_t>& appData,
getKeyCharacteristics_cb _hidl_cb) override {
return km4_0_dev_->getKeyCharacteristics(keyBlob, clientId, appData, _hidl_cb);
}
Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override {
return km4_0_dev_->importKey(params, keyFormat, keyData, _hidl_cb);
}
Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
const hidl_vec<uint8_t>& wrappingKeyBlob,
const hidl_vec<uint8_t>& maskingKey,
const hidl_vec<KeyParameter>& unwrappingParams,
uint64_t passwordSid, uint64_t biometricSid,
importWrappedKey_cb _hidl_cb) {
return km4_0_dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey,
unwrappingParams, passwordSid, biometricSid, _hidl_cb);
}
Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
exportKey_cb _hidl_cb) override {
return km4_0_dev_->exportKey(exportFormat, keyBlob, clientId, appData, _hidl_cb);
}
Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
const hidl_vec<KeyParameter>& attestParams,
attestKey_cb _hidl_cb) override {
return km4_0_dev_->attestKey(keyToAttest, attestParams, _hidl_cb);
}
Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
const hidl_vec<KeyParameter>& upgradeParams,
upgradeKey_cb _hidl_cb) override {
return km4_0_dev_->upgradeKey(keyBlobToUpgrade, upgradeParams, _hidl_cb);
}
Return<V4_0::ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override {
return km4_0_dev_->deleteKey(keyBlob);
}
Return<V4_0::ErrorCode> deleteAllKeys() override { return km4_0_dev_->deleteAllKeys(); }
Return<V4_0::ErrorCode> destroyAttestationIds() override {
return km4_0_dev_->destroyAttestationIds();
}
Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
begin_cb _hidl_cb) override {
return km4_0_dev_->begin(purpose, key, inParams, authToken, _hidl_cb);
}
Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
const VerificationToken& verificationToken, update_cb _hidl_cb) override {
return km4_0_dev_->update(operationHandle, inParams, input, authToken, verificationToken,
_hidl_cb);
}
Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
const HardwareAuthToken& authToken,
const VerificationToken& verificationToken, finish_cb _hidl_cb) override {
return km4_0_dev_->finish(operationHandle, inParams, input, signature, authToken,
verificationToken, _hidl_cb);
}
Return<V4_0::ErrorCode> abort(uint64_t operationHandle) override {
return km4_0_dev_->abort(operationHandle);
}
/**********************************
* V4_1::IKeymasterDevice methods *
*********************************/
Return<ErrorCode> deviceLocked(bool passwordOnly,
const VerificationToken& verificationToken) override {
if (km4_1_dev_) return km4_1_dev_->deviceLocked(passwordOnly, verificationToken);
return ErrorCode::UNIMPLEMENTED;
}
Return<ErrorCode> earlyBootEnded() override {
if (km4_1_dev_) return km4_1_dev_->earlyBootEnded();
return ErrorCode::UNIMPLEMENTED;
}
Return<void> beginOp(KeyPurpose purpose, const hidl_vec<uint8_t>& keyBlob,
const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
beginOp_cb _hidl_cb) override {
if (km4_1_dev_) return km4_1_dev_->beginOp(purpose, keyBlob, inParams, authToken, _hidl_cb);
return km4_0_dev_->begin(
purpose, keyBlob, inParams, authToken,
[&_hidl_cb](V4_0::ErrorCode errorCode, const hidl_vec<KeyParameter>& outParams,
OperationHandle operationHandle) {
_hidl_cb(static_cast<ErrorCode>(errorCode), outParams,
new Operation(operationHandle));
});
}
private:
void getVersionIfNeeded();
bool haveVersion_;
VersionResult version_;
sp<V4_0::IKeymasterDevice> km4_0_dev_;
sp<V4_1::IKeymasterDevice> km4_1_dev_;
}; // namespace android::hardware::keymaster::V4_1::support
} // namespace android::hardware::keymaster::V4_1::support

38
keymaster/4.1/support/include/keymasterV4_1/Operation.h Normal file
View file

@ -0,0 +1,38 @@
/*
** Copyright 2020, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
#pragma once
#include <android/hardware/keymaster/4.1/IOperation.h>
#include <keymasterV4_1/keymaster_tags.h>
namespace android::hardware::keymaster::V4_1::support {
class Operation : public IOperation {
public:
Operation(OperationHandle handle) : handle_(handle) {}
Return<void> getOperationChallenge(getOperationChallenge_cb _hidl_cb) override {
_hidl_cb(V4_1::ErrorCode::OK, handle_);
return Void();
}
private:
OperationHandle handle_;
};
} // namespace android::hardware::keymaster::V4_1::support

5
keymaster/4.1/support/include/keymasterV4_1/authorization_set.h
View file

@ -14,8 +14,7 @@
* limitations under the License.
*/
#ifndef HARDWARE_INTERFACES_KEYMASTER_V4_1_SUPPORT_INCLUDE_AUTHORIZATION_SET_H_
#define HARDWARE_INTERFACES_KEYMASTER_V4_1_SUPPORT_INCLUDE_AUTHORIZATION_SET_H_
#pragma once
#include <keymasterV4_0/authorization_set.h>
@ -28,5 +27,3 @@ using V4_0::AuthorizationSetBuilder;
using V4_0::KeyParameter;
} // namespace android::hardware::keymaster::V4_1
#endif // HARDWARE_INTERFACES_KEYMASTER_V4_1_SUPPORT_INCLUDE_AUTHORIZATION_SET_H_

7
keymaster/4.1/support/include/keymasterV4_1/keymaster_tags.h
View file

@ -23,19 +23,26 @@
namespace android::hardware::keymaster::V4_1 {
using V4_0::Algorithm;
using V4_0::BlockMode;
using V4_0::Digest;
using V4_0::EcCurve;
using V4_0::HardwareAuthenticatorType;
using V4_0::HardwareAuthToken;
using V4_0::HmacSharingParameters;
using V4_0::KeyBlobUsageRequirements;
using V4_0::KeyCharacteristics;
using V4_0::KeyFormat;
using V4_0::KeyOrigin;
using V4_0::KeyParameter;
using V4_0::KeyPurpose;
using V4_0::OperationHandle;
using V4_0::PaddingMode;
using V4_0::SecurityLevel;
using V4_0::TagType;
using V4_0::VerificationToken;
using V4_0::NullOr;
using V4_0::TypedTag;
using V4_0::TAG_ACTIVE_DATETIME;

26
keymaster/4.1/support/include/keymasterV4_1/keymaster_utils.h Normal file
View file

@ -0,0 +1,26 @@
/*
* Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#pragma once
#include <keymasterV4_0/keymaster_utils.h>
namespace android::hardware::keymaster::V4_1::support {
using V4_0::support::blob2hidlVec;
using V4_0::support::hidlVec2AuthToken;
} // namespace android::hardware::keymaster::V4_1::support