From 3d035b9c0ba1dfc508e10e65e8c63ee458e4ab91 Mon Sep 17 00:00:00 2001 From: Shawn Willden Date: Thu, 16 Jan 2020 13:07:36 -0700 Subject: [PATCH] Add support lib wrappers for clients Test: CtsKeystoreTestCases Change-Id: I0157df310f85d83cef07282ea80204c035626518 --- keymaster/4.0/support/Android.bp | 10 +- .../include/keymasterV4_0/Keymaster4.h | 160 -------------- keymaster/4.1/default/Android.bp | 1 + keymaster/4.1/support/Android.bp | 8 + keymaster/{4.0 => 4.1}/support/Keymaster.cpp | 50 ++--- keymaster/{4.0 => 4.1}/support/Keymaster3.cpp | 71 +++---- keymaster/{4.0 => 4.1}/support/Keymaster4.cpp | 33 ++- .../include/keymasterV4_1}/Keymaster.h | 41 ++-- .../include/keymasterV4_1}/Keymaster3.h | 65 +++--- .../include/keymasterV4_1/Keymaster4.h | 197 ++++++++++++++++++ .../support/include/keymasterV4_1/Operation.h | 38 ++++ .../include/keymasterV4_1/authorization_set.h | 5 +- .../include/keymasterV4_1/keymaster_tags.h | 7 + .../include/keymasterV4_1/keymaster_utils.h | 26 +++ 14 files changed, 413 insertions(+), 299 deletions(-) delete mode 100644 keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h rename keymaster/{4.0 => 4.1}/support/Keymaster.cpp (85%) rename keymaster/{4.0 => 4.1}/support/Keymaster3.cpp (81%) rename keymaster/{4.0 => 4.1}/support/Keymaster4.cpp (54%) rename keymaster/{4.0/support/include/keymasterV4_0 => 4.1/support/include/keymasterV4_1}/Keymaster.h (73%) rename keymaster/{4.0/support/include/keymasterV4_0 => 4.1/support/include/keymasterV4_1}/Keymaster3.h (72%) create mode 100644 keymaster/4.1/support/include/keymasterV4_1/Keymaster4.h create mode 100644 keymaster/4.1/support/include/keymasterV4_1/Operation.h create mode 100644 keymaster/4.1/support/include/keymasterV4_1/keymaster_utils.h diff --git a/keymaster/4.0/support/Android.bp b/keymaster/4.0/support/Android.bp index 2f40282351..9c5fbab735 100644 --- a/keymaster/4.0/support/Android.bp +++ b/keymaster/4.0/support/Android.bp @@ -27,11 +27,10 @@ cc_library { "authorization_set.cpp", "key_param_output.cpp", "keymaster_utils.cpp", - "Keymaster.cpp", - "Keymaster3.cpp", - "Keymaster4.cpp", ], - export_include_dirs: ["include"], + export_include_dirs: [ + "include", + ], shared_libs: [ "android.hardware.keymaster@3.0", "android.hardware.keymaster@4.0", @@ -39,6 +38,5 @@ cc_library { "libcrypto", "libhardware", "libhidlbase", - "libutils", - ] + ], } diff --git a/keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h b/keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h deleted file mode 100644 index dfd03ef69f..0000000000 --- a/keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h +++ /dev/null @@ -1,160 +0,0 @@ -/* - ** - ** Copyright 2017, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ - -#ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_4_H_ -#define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_4_H_ - -#include "Keymaster.h" - -namespace android { -namespace hardware { -namespace keymaster { -namespace V4_0 { -namespace support { - -using android::sp; -using IKeymaster4Device = ::android::hardware::keymaster::V4_0::IKeymasterDevice; - -class Keymaster4 : public Keymaster { - public: - using WrappedIKeymasterDevice = IKeymaster4Device; - Keymaster4(sp km4_dev, const hidl_string& instanceName) - : Keymaster(IKeymaster4Device::descriptor, instanceName), - haveVersion_(false), - dev_(km4_dev) {} - - const VersionResult& halVersion() const override { - const_cast(this)->getVersionIfNeeded(); - return version_; - } - - Return getHardwareInfo(getHardwareInfo_cb _hidl_cb) override { - return dev_->getHardwareInfo(_hidl_cb); - } - - Return getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override { - return dev_->getHmacSharingParameters(_hidl_cb); - } - - Return computeSharedHmac(const hidl_vec& params, - computeSharedHmac_cb _hidl_cb) override { - return dev_->computeSharedHmac(params, _hidl_cb); - } - - Return verifyAuthorization(uint64_t operationHandle, const hidl_vec& params, - const HardwareAuthToken& authToken, - verifyAuthorization_cb _hidl_cb) override { - return dev_->verifyAuthorization(operationHandle, params, authToken, _hidl_cb); - } - - Return addRngEntropy(const hidl_vec& data) override { - return dev_->addRngEntropy(data); - } - - Return generateKey(const hidl_vec& keyParams, - generateKey_cb _hidl_cb) override { - return dev_->generateKey(keyParams, _hidl_cb); - } - - Return getKeyCharacteristics(const hidl_vec& keyBlob, - const hidl_vec& clientId, - const hidl_vec& appData, - getKeyCharacteristics_cb _hidl_cb) override { - return dev_->getKeyCharacteristics(keyBlob, clientId, appData, _hidl_cb); - } - - Return importKey(const hidl_vec& params, KeyFormat keyFormat, - const hidl_vec& keyData, importKey_cb _hidl_cb) override { - return dev_->importKey(params, keyFormat, keyData, _hidl_cb); - } - - Return importWrappedKey(const hidl_vec& wrappedKeyData, - const hidl_vec& wrappingKeyBlob, - const hidl_vec& maskingKey, - const hidl_vec& unwrappingParams, - uint64_t passwordSid, uint64_t biometricSid, - importWrappedKey_cb _hidl_cb) { - return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, unwrappingParams, - passwordSid, biometricSid, _hidl_cb); - } - - Return exportKey(KeyFormat exportFormat, const hidl_vec& keyBlob, - const hidl_vec& clientId, const hidl_vec& appData, - exportKey_cb _hidl_cb) override { - return dev_->exportKey(exportFormat, keyBlob, clientId, appData, _hidl_cb); - } - - Return attestKey(const hidl_vec& keyToAttest, - const hidl_vec& attestParams, - attestKey_cb _hidl_cb) override { - return dev_->attestKey(keyToAttest, attestParams, _hidl_cb); - } - - Return upgradeKey(const hidl_vec& keyBlobToUpgrade, - const hidl_vec& upgradeParams, - upgradeKey_cb _hidl_cb) override { - return dev_->upgradeKey(keyBlobToUpgrade, upgradeParams, _hidl_cb); - } - - Return deleteKey(const hidl_vec& keyBlob) override { - return dev_->deleteKey(keyBlob); - } - - Return deleteAllKeys() override { return dev_->deleteAllKeys(); } - - Return destroyAttestationIds() override { return dev_->destroyAttestationIds(); } - - Return begin(KeyPurpose purpose, const hidl_vec& key, - const hidl_vec& inParams, const HardwareAuthToken& authToken, - begin_cb _hidl_cb) override { - return dev_->begin(purpose, key, inParams, authToken, _hidl_cb); - } - - Return update(uint64_t operationHandle, const hidl_vec& inParams, - const hidl_vec& input, const HardwareAuthToken& authToken, - const VerificationToken& verificationToken, update_cb _hidl_cb) override { - return dev_->update(operationHandle, inParams, input, authToken, verificationToken, - _hidl_cb); - } - - Return finish(uint64_t operationHandle, const hidl_vec& inParams, - const hidl_vec& input, const hidl_vec& signature, - const HardwareAuthToken& authToken, - const VerificationToken& verificationToken, finish_cb _hidl_cb) override { - return dev_->finish(operationHandle, inParams, input, signature, authToken, - verificationToken, _hidl_cb); - } - - Return abort(uint64_t operationHandle) override { - return dev_->abort(operationHandle); - } - - private: - void getVersionIfNeeded(); - - bool haveVersion_; - VersionResult version_; - sp dev_; -}; - -} // namespace support -} // namespace V4_0 -} // namespace keymaster -} // namespace hardware -} // namespace android - -#endif // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_4_H_ diff --git a/keymaster/4.1/default/Android.bp b/keymaster/4.1/default/Android.bp index b06878bc77..27297b9e45 100644 --- a/keymaster/4.1/default/Android.bp +++ b/keymaster/4.1/default/Android.bp @@ -31,6 +31,7 @@ cc_binary { "libhidlbase", "libkeymaster4", "libkeymaster41", + "libkeymaster4_1support", "liblog", "libutils", ], diff --git a/keymaster/4.1/support/Android.bp b/keymaster/4.1/support/Android.bp index e4c3d47080..bdd0ca89ae 100644 --- a/keymaster/4.1/support/Android.bp +++ b/keymaster/4.1/support/Android.bp @@ -24,6 +24,9 @@ cc_library { ], srcs: [ "attestation_record.cpp", + "Keymaster.cpp", + "Keymaster3.cpp", + "Keymaster4.cpp", ], export_include_dirs: ["include"], shared_libs: [ @@ -34,5 +37,10 @@ cc_library { "libcrypto", "libhidlbase", "libkeymaster4support", + "libutils", + ], + export_shared_lib_headers: [ + "android.hardware.keymaster@4.1", + "libkeymaster4support", ], } diff --git a/keymaster/4.0/support/Keymaster.cpp b/keymaster/4.1/support/Keymaster.cpp similarity index 85% rename from keymaster/4.0/support/Keymaster.cpp rename to keymaster/4.1/support/Keymaster.cpp index f20f9511fc..ea6604e326 100644 --- a/keymaster/4.0/support/Keymaster.cpp +++ b/keymaster/4.1/support/Keymaster.cpp @@ -14,19 +14,18 @@ ** limitations under the License. */ -#include +#include #include #include #include -#include -#include #include #include +#include +#include -namespace android { -namespace hardware { +namespace android::hardware { template std::ostream& operator<<(std::ostream& os, const hidl_vec& vec) { @@ -57,6 +56,7 @@ std::ostream& operator<<(std::ostream& os, const hidl_array& vec) { } namespace keymaster { + namespace V4_0 { std::ostream& operator<<(std::ostream& os, const HmacSharingParameters& params) { @@ -66,7 +66,9 @@ std::ostream& operator<<(std::ostream& os, const HmacSharingParameters& params) return os; } -namespace support { +} // namespace V4_0 + +namespace V4_1::support { using ::android::sp; using ::android::hidl::manager::V1_2::IServiceManager; @@ -140,14 +142,14 @@ Keymaster::KeymasterSet Keymaster::enumerateAvailableDevices() { } static hidl_vec getHmacParameters( - const Keymaster::KeymasterSet& keymasters) { + const Keymaster::KeymasterSet& keymasters) { std::vector params_vec; params_vec.reserve(keymasters.size()); for (auto& keymaster : keymasters) { if (keymaster->halVersion().majorVersion < 4) continue; auto rc = keymaster->getHmacSharingParameters([&](auto error, auto& params) { - CHECK(error == ErrorCode::OK) - << "Failed to get HMAC parameters from " << *keymaster << " error " << error; + CHECK(error == V4_0::ErrorCode::OK) + << "Failed to get HMAC parameters from " << *keymaster << " error " << error; params_vec.push_back(params); }); CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster @@ -169,18 +171,18 @@ static void computeHmac(const Keymaster::KeymasterSet& keymasters, if (keymaster->halVersion().majorVersion < 4) continue; LOG(DEBUG) << "Computing HMAC for " << *keymaster; auto rc = keymaster->computeSharedHmac( - params, [&](ErrorCode error, const hidl_vec& curSharingCheck) { - CHECK(error == ErrorCode::OK) - << "Failed to get HMAC parameters from " << *keymaster << " error " << error; - if (firstKeymaster) { - sharingCheck = curSharingCheck; - firstKeymaster = false; - } - if (curSharingCheck != sharingCheck) - LOG(WARNING) << "HMAC computation failed for " << *keymaster // - << " Expected: " << sharingCheck // - << " got: " << curSharingCheck; - }); + params, [&](V4_0::ErrorCode error, const hidl_vec& curSharingCheck) { + CHECK(error == V4_0::ErrorCode::OK) << "Failed to get HMAC parameters from " + << *keymaster << " error " << error; + if (firstKeymaster) { + sharingCheck = curSharingCheck; + firstKeymaster = false; + } + if (curSharingCheck != sharingCheck) + LOG(WARNING) << "HMAC computation failed for " << *keymaster // + << " Expected: " << sharingCheck // + << " got: " << curSharingCheck; + }); CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster << " error: " << rc.description(); } @@ -190,8 +192,6 @@ void Keymaster::performHmacKeyAgreement(const KeymasterSet& keymasters) { computeHmac(keymasters, getHmacParameters(keymasters)); } -} // namespace support -} // namespace V4_0 +} // namespace V4_1::support } // namespace keymaster -} // namespace hardware -} // namespace android +} // namespace android::hardware diff --git a/keymaster/4.0/support/Keymaster3.cpp b/keymaster/4.1/support/Keymaster3.cpp similarity index 81% rename from keymaster/4.0/support/Keymaster3.cpp rename to keymaster/4.1/support/Keymaster3.cpp index b2cdbd9263..b6656895c7 100644 --- a/keymaster/4.0/support/Keymaster3.cpp +++ b/keymaster/4.1/support/Keymaster3.cpp @@ -15,23 +15,19 @@ ** limitations under the License. */ -#include +#include #include #include -namespace android { -namespace hardware { -namespace keymaster { -namespace V4_0 { -namespace support { +namespace android::hardware::keymaster::V4_1::support { using android::hardware::details::StatusOf; namespace { -ErrorCode convert(V3_0::ErrorCode error) { - return static_cast(error); +V4_0::ErrorCode convert(V3_0::ErrorCode error) { + return static_cast(error); } V3_0::KeyPurpose convert(KeyPurpose purpose) { @@ -53,7 +49,7 @@ V3_0::KeyParameter convert(const KeyParameter& param) { KeyParameter convert(const V3_0::KeyParameter& param) { KeyParameter converted; - converted.tag = static_cast(param.tag); + converted.tag = static_cast(param.tag); static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match"); memcpy(&converted.f, ¶m.f, sizeof(param.f)); converted.blob = param.blob; @@ -89,7 +85,7 @@ hidl_vec convertAndAddAuthToken(const hidl_vec converted[i] = convert(params[i]); } converted[params.size()].tag = V3_0::Tag::AUTH_TOKEN; - converted[params.size()].blob = authToken2HidlVec(authToken); + converted[params.size()].blob = V4_0::support::authToken2HidlVec(authToken); return converted; } @@ -107,16 +103,19 @@ void Keymaster3::getVersionIfNeeded() { if (haveVersion_) return; auto rc = km3_dev_->getHardwareFeatures( - [&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography, - bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName, - const hidl_string& keymasterAuthorName) { - version_ = {keymasterName, keymasterAuthorName, 0 /* major version, filled below */, - isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE, - supportsEllipticCurve}; - supportsSymmetricCryptography_ = supportsSymmetricCryptography; - supportsAttestation_ = supportsAttestation; - supportsAllDigests_ = supportsAllDigests; - }); + [&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography, + bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName, + const hidl_string& keymasterAuthorName) { + version_ = {keymasterName, + keymasterAuthorName, + 0 /* major version, filled below */, + 0 /* minor version */, + isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE, + supportsEllipticCurve}; + supportsSymmetricCryptography_ = supportsSymmetricCryptography; + supportsAttestation_ = supportsAttestation; + supportsAllDigests_ = supportsAllDigests; + }); CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features"; @@ -139,10 +138,10 @@ Return Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb return Void(); } -Return Keymaster3::addRngEntropy(const hidl_vec& data) { +Return Keymaster3::addRngEntropy(const hidl_vec& data) { auto rc = km3_dev_->addRngEntropy(data); if (!rc.isOk()) { - return StatusOf(rc); + return StatusOf(rc); } return convert(rc); } @@ -215,21 +214,21 @@ Return Keymaster3::upgradeKey(const hidl_vec& keyBlobToUpgrade, return rc; } -Return Keymaster3::deleteKey(const hidl_vec& keyBlob) { +Return Keymaster3::deleteKey(const hidl_vec& keyBlob) { auto rc = km3_dev_->deleteKey(keyBlob); - if (!rc.isOk()) return StatusOf(rc); + if (!rc.isOk()) return StatusOf(rc); return convert(rc); } -Return Keymaster3::deleteAllKeys() { +Return Keymaster3::deleteAllKeys() { auto rc = km3_dev_->deleteAllKeys(); - if (!rc.isOk()) return StatusOf(rc); + if (!rc.isOk()) return StatusOf(rc); return convert(rc); } -Return Keymaster3::destroyAttestationIds() { +Return Keymaster3::destroyAttestationIds() { auto rc = km3_dev_->destroyAttestationIds(); - if (!rc.isOk()) return StatusOf(rc); + if (!rc.isOk()) return StatusOf(rc); return convert(rc); } @@ -242,7 +241,7 @@ Return Keymaster3::begin(KeyPurpose purpose, const hidl_vec& key, }; auto rc = - km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb); + km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb); rc.isOk(); // move ctor prereq return rc; } @@ -256,8 +255,8 @@ Return Keymaster3::update(uint64_t operationHandle, const hidl_vecupdate(operationHandle, convertAndAddAuthToken(inParams, authToken), input, cb); + auto rc = km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input, + cb); rc.isOk(); // move ctor prereq return rc; } @@ -278,14 +277,10 @@ Return Keymaster3::finish(uint64_t operationHandle, const hidl_vec Keymaster3::abort(uint64_t operationHandle) { +Return Keymaster3::abort(uint64_t operationHandle) { auto rc = km3_dev_->abort(operationHandle); - if (!rc.isOk()) return StatusOf(rc); + if (!rc.isOk()) return StatusOf(rc); return convert(rc); } -} // namespace support -} // namespace V4_0 -} // namespace keymaster -} // namespace hardware -} // namespace android +} // namespace android::hardware::keymaster::V4_1::support diff --git a/keymaster/4.0/support/Keymaster4.cpp b/keymaster/4.1/support/Keymaster4.cpp similarity index 54% rename from keymaster/4.0/support/Keymaster4.cpp rename to keymaster/4.1/support/Keymaster4.cpp index cc3d656f07..33f4bb1037 100644 --- a/keymaster/4.0/support/Keymaster4.cpp +++ b/keymaster/4.1/support/Keymaster4.cpp @@ -1,5 +1,4 @@ /* -** ** Copyright 2017, The Android Open Source Project ** ** Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,32 +14,28 @@ ** limitations under the License. */ -#include +#include #include -namespace android { -namespace hardware { -namespace keymaster { -namespace V4_0 { -namespace support { +namespace android::hardware::keymaster::V4_1::support { void Keymaster4::getVersionIfNeeded() { if (haveVersion_) return; - auto rc = - dev_->getHardwareInfo([&](SecurityLevel securityLevel, const hidl_string& keymasterName, - const hidl_string& authorName) { - version_ = {keymasterName, authorName, 4 /* major version */, securityLevel, - true /* supportsEc */}; - haveVersion_ = true; - }); + auto rc = km4_0_dev_->getHardwareInfo([&](SecurityLevel securityLevel, + const hidl_string& keymasterName, + const hidl_string& authorName) { + version_ = {keymasterName, + authorName, + 4 /* major version */, + static_cast((km4_1_dev_) ? 1 : 0) /* minor version */, + securityLevel, + true /* supportsEc */}; + haveVersion_ = true; + }); CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware info"; } -} // namespace support -} // namespace V4_0 -} // namespace keymaster -} // namespace hardware -} // namespace android +} // namespace android::hardware::keymaster::V4_1::support diff --git a/keymaster/4.0/support/include/keymasterV4_0/Keymaster.h b/keymaster/4.1/support/include/keymasterV4_1/Keymaster.h similarity index 73% rename from keymaster/4.0/support/include/keymasterV4_0/Keymaster.h rename to keymaster/4.1/support/include/keymasterV4_1/Keymaster.h index ad83f17106..1f49e184e6 100644 --- a/keymaster/4.0/support/include/keymasterV4_0/Keymaster.h +++ b/keymaster/4.1/support/include/keymasterV4_1/Keymaster.h @@ -15,28 +15,28 @@ ** limitations under the License. */ -#ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_ -#define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_ - -#include +#pragma once #include #include -namespace android { -namespace hardware { -namespace keymaster { -namespace V4_0 { -namespace support { +#include +#include + +namespace android::hardware::keymaster::V4_1::support { /** - * Keymaster abstracts the underlying V4_0::IKeymasterDevice. There is one implementation - * (Keymaster4) which is a trivial passthrough and one that wraps a V3_0::IKeymasterDevice. + * Keymaster abstracts the underlying V4_1::IKeymasterDevice. There are two implementations, + * Keymaster3 which wraps a V3_0::IKeymasterDevice and Keymaster4, which wraps either a + * V4_0::IKeymasterDevice or a V4_1::IKeymasterDevice. There is a V3_0::IKeymasterDevice + * implementation that is used to wrap pre-HIDL keymaster implementations, and Keymaster3 will wrap + * that. * * The reason for adding this additional layer, rather than simply using the latest HAL directly and * subclassing it to wrap any older HAL, is because this provides a place to put additional methods * which clients can use when they need to distinguish between different underlying HAL versions, - * while still having to use only the latest interface. + * while still having to use only the latest interface. Plus it's a handy place to keep some + * convenience methods. */ class Keymaster : public IKeymasterDevice { public: @@ -50,12 +50,14 @@ class Keymaster : public IKeymasterDevice { hidl_string keymasterName; hidl_string authorName; uint8_t majorVersion; + uint8_t minorVersion; SecurityLevel securityLevel; bool supportsEc; bool operator>(const VersionResult& other) const { - auto lhs = std::tie(securityLevel, majorVersion, supportsEc); - auto rhs = std::tie(other.securityLevel, other.majorVersion, other.supportsEc); + auto lhs = std::tie(securityLevel, majorVersion, minorVersion, supportsEc); + auto rhs = std::tie(other.securityLevel, other.majorVersion, other.minorVersion, + other.supportsEc); return lhs > rhs; } }; @@ -69,6 +71,9 @@ class Keymaster : public IKeymasterDevice { * There are no side effects otherwise. */ void logIfKeymasterVendorError(ErrorCode ec) const; + void logIfKeymasterVendorError(V4_0::ErrorCode ec) const { + logIfKeymasterVendorError(static_cast(ec)); + } /** * Returns all available Keymaster3 and Keymaster4 instances, in order of most secure to least @@ -93,10 +98,4 @@ class Keymaster : public IKeymasterDevice { std::ostream& operator<<(std::ostream& os, const Keymaster& keymaster); -} // namespace support -} // namespace V4_0 -} // namespace keymaster -} // namespace hardware -} // namespace android - -#endif // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_ +} // namespace android::hardware::keymaster::V4_1::support diff --git a/keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h b/keymaster/4.1/support/include/keymasterV4_1/Keymaster3.h similarity index 72% rename from keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h rename to keymaster/4.1/support/include/keymasterV4_1/Keymaster3.h index c40be7c757..c201e8c0b2 100644 --- a/keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h +++ b/keymaster/4.1/support/include/keymasterV4_1/Keymaster3.h @@ -1,5 +1,4 @@ /* - ** ** Copyright 2017, The Android Open Source Project ** ** Licensed under the Apache License, Version 2.0 (the "License"); @@ -15,18 +14,14 @@ ** limitations under the License. */ -#ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_3_H_ -#define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_3_H_ +#pragma once #include #include "Keymaster.h" +#include "Operation.h" -namespace android { -namespace hardware { -namespace keymaster { -namespace V4_0 { -namespace support { +namespace android::hardware::keymaster::V4_1::support { using IKeymaster3Device = ::android::hardware::keymaster::V3_0::IKeymasterDevice; @@ -38,8 +33,10 @@ using ::android::hardware::Void; using ::android::hardware::details::return_status; class Keymaster3 : public Keymaster { - public: + public: + // This definition is used for device enumeration. using WrappedIKeymasterDevice = IKeymaster3Device; + Keymaster3(sp km3_dev, const hidl_string& instanceName) : Keymaster(IKeymaster3Device::descriptor, instanceName), km3_dev_(km3_dev), @@ -53,24 +50,24 @@ class Keymaster3 : public Keymaster { Return getHardwareInfo(getHardwareInfo_cb _hidl_cb); Return getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override { - _hidl_cb(ErrorCode::UNIMPLEMENTED, {}); + _hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {}); return Void(); } Return computeSharedHmac(const hidl_vec&, computeSharedHmac_cb _hidl_cb) override { - _hidl_cb(ErrorCode::UNIMPLEMENTED, {}); + _hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {}); return Void(); } Return verifyAuthorization(uint64_t, const hidl_vec&, const HardwareAuthToken&, verifyAuthorization_cb _hidl_cb) override { - _hidl_cb(ErrorCode::UNIMPLEMENTED, {}); + _hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {}); return Void(); } - Return addRngEntropy(const hidl_vec& data) override; + Return addRngEntropy(const hidl_vec& data) override; Return generateKey(const hidl_vec& keyParams, generateKey_cb _hidl_cb) override; Return getKeyCharacteristics(const hidl_vec& keyBlob, @@ -86,7 +83,7 @@ class Keymaster3 : public Keymaster { const hidl_vec& /* unwrappingParams */, uint64_t /* passwordSid */, uint64_t /* biometricSid */, importWrappedKey_cb _hidl_cb) { - _hidl_cb(ErrorCode::UNIMPLEMENTED, {}, {}); + _hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {}, {}); return Void(); } @@ -99,9 +96,9 @@ class Keymaster3 : public Keymaster { Return upgradeKey(const hidl_vec& keyBlobToUpgrade, const hidl_vec& upgradeParams, upgradeKey_cb _hidl_cb) override; - Return deleteKey(const hidl_vec& keyBlob) override; - Return deleteAllKeys() override; - Return destroyAttestationIds() override; + Return deleteKey(const hidl_vec& keyBlob) override; + Return deleteAllKeys() override; + Return destroyAttestationIds() override; Return begin(KeyPurpose purpose, const hidl_vec& key, const hidl_vec& inParams, const HardwareAuthToken& authToken, begin_cb _hidl_cb) override; @@ -112,9 +109,31 @@ class Keymaster3 : public Keymaster { const hidl_vec& input, const hidl_vec& signature, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, finish_cb _hidl_cb) override; - Return abort(uint64_t operationHandle) override; + Return abort(uint64_t operationHandle) override; - private: + /********************************** + * V4_1::IKeymasterDevice methods * + *********************************/ + + Return deviceLocked(bool /* passwordOnly */, + const VerificationToken& /* verificationToken */) override { + return ErrorCode::UNIMPLEMENTED; + } + + Return earlyBootEnded() override { return ErrorCode::UNIMPLEMENTED; } + + Return beginOp(KeyPurpose purpose, const hidl_vec& keyBlob, + const hidl_vec& inParams, const HardwareAuthToken& authToken, + beginOp_cb _hidl_cb) override { + return begin(purpose, keyBlob, inParams, authToken, + [&_hidl_cb](V4_0::ErrorCode errorCode, const hidl_vec& outParams, + OperationHandle operationHandle) { + _hidl_cb(static_cast(errorCode), outParams, + new Operation(operationHandle)); + }); + } + + private: void getVersionIfNeeded(); sp km3_dev_; @@ -126,10 +145,4 @@ class Keymaster3 : public Keymaster { bool supportsAllDigests_; }; -} // namespace support -} // namespace V4_0 -} // namespace keymaster -} // namespace hardware -} // namespace android - -#endif // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_3_H_ +} // namespace android::hardware::keymaster::V4_1::support diff --git a/keymaster/4.1/support/include/keymasterV4_1/Keymaster4.h b/keymaster/4.1/support/include/keymasterV4_1/Keymaster4.h new file mode 100644 index 0000000000..6d74d980a0 --- /dev/null +++ b/keymaster/4.1/support/include/keymasterV4_1/Keymaster4.h @@ -0,0 +1,197 @@ +/* + ** Copyright 2020, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ + +#pragma once + +#include "Keymaster.h" +#include "Operation.h" + +namespace android::hardware::keymaster::V4_1::support { + +using android::sp; + +/** + * This class can wrap either a V4_0 or V4_1 IKeymasterDevice. + */ +class Keymaster4 : public Keymaster { + public: + // This definition is used for device enumeration; enumerating 4.0 devices will also + // enumerate 4.1. devices. + using WrappedIKeymasterDevice = V4_0::IKeymasterDevice; + + Keymaster4(sp km4_1_dev, const hidl_string& instanceName) + : Keymaster(V4_1::IKeymasterDevice::descriptor, instanceName), + haveVersion_(false), + km4_0_dev_(km4_1_dev), + km4_1_dev_(km4_1_dev) {} + + Keymaster4(sp km4_0_dev, const hidl_string& instanceName) + : Keymaster(V4_1::IKeymasterDevice::descriptor, instanceName), + haveVersion_(false), + km4_0_dev_(km4_0_dev), + km4_1_dev_() {} + + const VersionResult& halVersion() const override { + const_cast(this)->getVersionIfNeeded(); + return version_; + } + + /********************************** + * V4_0::IKeymasterDevice methods * + *********************************/ + + Return getHardwareInfo(getHardwareInfo_cb _hidl_cb) override { + return km4_0_dev_->getHardwareInfo(_hidl_cb); + } + + Return getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override { + return km4_0_dev_->getHmacSharingParameters(_hidl_cb); + } + + Return computeSharedHmac(const hidl_vec& params, + computeSharedHmac_cb _hidl_cb) override { + return km4_0_dev_->computeSharedHmac(params, _hidl_cb); + } + + Return verifyAuthorization(uint64_t operationHandle, const hidl_vec& params, + const HardwareAuthToken& authToken, + verifyAuthorization_cb _hidl_cb) override { + return km4_0_dev_->verifyAuthorization(operationHandle, params, authToken, _hidl_cb); + } + + Return addRngEntropy(const hidl_vec& data) override { + return km4_0_dev_->addRngEntropy(data); + } + + Return generateKey(const hidl_vec& keyParams, + generateKey_cb _hidl_cb) override { + return km4_0_dev_->generateKey(keyParams, _hidl_cb); + } + + Return getKeyCharacteristics(const hidl_vec& keyBlob, + const hidl_vec& clientId, + const hidl_vec& appData, + getKeyCharacteristics_cb _hidl_cb) override { + return km4_0_dev_->getKeyCharacteristics(keyBlob, clientId, appData, _hidl_cb); + } + + Return importKey(const hidl_vec& params, KeyFormat keyFormat, + const hidl_vec& keyData, importKey_cb _hidl_cb) override { + return km4_0_dev_->importKey(params, keyFormat, keyData, _hidl_cb); + } + + Return importWrappedKey(const hidl_vec& wrappedKeyData, + const hidl_vec& wrappingKeyBlob, + const hidl_vec& maskingKey, + const hidl_vec& unwrappingParams, + uint64_t passwordSid, uint64_t biometricSid, + importWrappedKey_cb _hidl_cb) { + return km4_0_dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, + unwrappingParams, passwordSid, biometricSid, _hidl_cb); + } + + Return exportKey(KeyFormat exportFormat, const hidl_vec& keyBlob, + const hidl_vec& clientId, const hidl_vec& appData, + exportKey_cb _hidl_cb) override { + return km4_0_dev_->exportKey(exportFormat, keyBlob, clientId, appData, _hidl_cb); + } + + Return attestKey(const hidl_vec& keyToAttest, + const hidl_vec& attestParams, + attestKey_cb _hidl_cb) override { + return km4_0_dev_->attestKey(keyToAttest, attestParams, _hidl_cb); + } + + Return upgradeKey(const hidl_vec& keyBlobToUpgrade, + const hidl_vec& upgradeParams, + upgradeKey_cb _hidl_cb) override { + return km4_0_dev_->upgradeKey(keyBlobToUpgrade, upgradeParams, _hidl_cb); + } + + Return deleteKey(const hidl_vec& keyBlob) override { + return km4_0_dev_->deleteKey(keyBlob); + } + + Return deleteAllKeys() override { return km4_0_dev_->deleteAllKeys(); } + + Return destroyAttestationIds() override { + return km4_0_dev_->destroyAttestationIds(); + } + + Return begin(KeyPurpose purpose, const hidl_vec& key, + const hidl_vec& inParams, const HardwareAuthToken& authToken, + begin_cb _hidl_cb) override { + return km4_0_dev_->begin(purpose, key, inParams, authToken, _hidl_cb); + } + + Return update(uint64_t operationHandle, const hidl_vec& inParams, + const hidl_vec& input, const HardwareAuthToken& authToken, + const VerificationToken& verificationToken, update_cb _hidl_cb) override { + return km4_0_dev_->update(operationHandle, inParams, input, authToken, verificationToken, + _hidl_cb); + } + + Return finish(uint64_t operationHandle, const hidl_vec& inParams, + const hidl_vec& input, const hidl_vec& signature, + const HardwareAuthToken& authToken, + const VerificationToken& verificationToken, finish_cb _hidl_cb) override { + return km4_0_dev_->finish(operationHandle, inParams, input, signature, authToken, + verificationToken, _hidl_cb); + } + + Return abort(uint64_t operationHandle) override { + return km4_0_dev_->abort(operationHandle); + } + + /********************************** + * V4_1::IKeymasterDevice methods * + *********************************/ + + Return deviceLocked(bool passwordOnly, + const VerificationToken& verificationToken) override { + if (km4_1_dev_) return km4_1_dev_->deviceLocked(passwordOnly, verificationToken); + return ErrorCode::UNIMPLEMENTED; + } + + Return earlyBootEnded() override { + if (km4_1_dev_) return km4_1_dev_->earlyBootEnded(); + return ErrorCode::UNIMPLEMENTED; + } + + Return beginOp(KeyPurpose purpose, const hidl_vec& keyBlob, + const hidl_vec& inParams, const HardwareAuthToken& authToken, + beginOp_cb _hidl_cb) override { + if (km4_1_dev_) return km4_1_dev_->beginOp(purpose, keyBlob, inParams, authToken, _hidl_cb); + + return km4_0_dev_->begin( + purpose, keyBlob, inParams, authToken, + [&_hidl_cb](V4_0::ErrorCode errorCode, const hidl_vec& outParams, + OperationHandle operationHandle) { + _hidl_cb(static_cast(errorCode), outParams, + new Operation(operationHandle)); + }); + } + + private: + void getVersionIfNeeded(); + + bool haveVersion_; + VersionResult version_; + sp km4_0_dev_; + sp km4_1_dev_; +}; // namespace android::hardware::keymaster::V4_1::support + +} // namespace android::hardware::keymaster::V4_1::support diff --git a/keymaster/4.1/support/include/keymasterV4_1/Operation.h b/keymaster/4.1/support/include/keymasterV4_1/Operation.h new file mode 100644 index 0000000000..902d49ac20 --- /dev/null +++ b/keymaster/4.1/support/include/keymasterV4_1/Operation.h @@ -0,0 +1,38 @@ +/* + ** Copyright 2020, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ + +#pragma once + +#include + +#include + +namespace android::hardware::keymaster::V4_1::support { + +class Operation : public IOperation { + public: + Operation(OperationHandle handle) : handle_(handle) {} + + Return getOperationChallenge(getOperationChallenge_cb _hidl_cb) override { + _hidl_cb(V4_1::ErrorCode::OK, handle_); + return Void(); + } + + private: + OperationHandle handle_; +}; + +} // namespace android::hardware::keymaster::V4_1::support diff --git a/keymaster/4.1/support/include/keymasterV4_1/authorization_set.h b/keymaster/4.1/support/include/keymasterV4_1/authorization_set.h index afc0eafdc7..01605b7f4a 100644 --- a/keymaster/4.1/support/include/keymasterV4_1/authorization_set.h +++ b/keymaster/4.1/support/include/keymasterV4_1/authorization_set.h @@ -14,8 +14,7 @@ * limitations under the License. */ -#ifndef HARDWARE_INTERFACES_KEYMASTER_V4_1_SUPPORT_INCLUDE_AUTHORIZATION_SET_H_ -#define HARDWARE_INTERFACES_KEYMASTER_V4_1_SUPPORT_INCLUDE_AUTHORIZATION_SET_H_ +#pragma once #include @@ -28,5 +27,3 @@ using V4_0::AuthorizationSetBuilder; using V4_0::KeyParameter; } // namespace android::hardware::keymaster::V4_1 - -#endif // HARDWARE_INTERFACES_KEYMASTER_V4_1_SUPPORT_INCLUDE_AUTHORIZATION_SET_H_ diff --git a/keymaster/4.1/support/include/keymasterV4_1/keymaster_tags.h b/keymaster/4.1/support/include/keymasterV4_1/keymaster_tags.h index a90ad8ef14..c5ce9505d3 100644 --- a/keymaster/4.1/support/include/keymasterV4_1/keymaster_tags.h +++ b/keymaster/4.1/support/include/keymasterV4_1/keymaster_tags.h @@ -23,19 +23,26 @@ namespace android::hardware::keymaster::V4_1 { +using V4_0::Algorithm; using V4_0::BlockMode; using V4_0::Digest; using V4_0::EcCurve; +using V4_0::HardwareAuthenticatorType; using V4_0::HardwareAuthToken; +using V4_0::HmacSharingParameters; +using V4_0::KeyBlobUsageRequirements; using V4_0::KeyCharacteristics; +using V4_0::KeyFormat; using V4_0::KeyOrigin; using V4_0::KeyParameter; using V4_0::KeyPurpose; +using V4_0::OperationHandle; using V4_0::PaddingMode; using V4_0::SecurityLevel; using V4_0::TagType; using V4_0::VerificationToken; +using V4_0::NullOr; using V4_0::TypedTag; using V4_0::TAG_ACTIVE_DATETIME; diff --git a/keymaster/4.1/support/include/keymasterV4_1/keymaster_utils.h b/keymaster/4.1/support/include/keymasterV4_1/keymaster_utils.h new file mode 100644 index 0000000000..2e280020e6 --- /dev/null +++ b/keymaster/4.1/support/include/keymasterV4_1/keymaster_utils.h @@ -0,0 +1,26 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include + +namespace android::hardware::keymaster::V4_1::support { + +using V4_0::support::blob2hidlVec; +using V4_0::support::hidlVec2AuthToken; + +} // namespace android::hardware::keymaster::V4_1::support