Merge "Move keymint to android.hardware.security." am: 0a89757936 am: 640d1c8a40

Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1519122

MUST ONLY BE SUBMITTED BY AUTOMERGER

Change-Id: I10f92fa6fe76da15f9093d23a71d9c7456db5b10
This commit is contained in:
Shawn Willden 2020-12-10 23:49:39 +00:00 committed by Automerger Merge Worker
commit 5a1001361d
79 changed files with 294 additions and 448 deletions

View file

@ -299,7 +299,7 @@
</interface>
</hal>
<hal format="aidl" optional="true">
<name>android.hardware.keymint</name>
<name>android.hardware.security.keymint</name>
<interface>
<name>IKeyMintDevice</name>
<instance>default</instance>

View file

@ -1,33 +0,0 @@
///////////////////////////////////////////////////////////////////////////////
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
//
// You must not make a backward incompatible changes to the AIDL files built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
@VintfStability
interface IKeyMintDevice {
android.hardware.keymint.KeyMintHardwareInfo getHardwareInfo();
android.hardware.keymint.VerificationToken verifyAuthorization(in long challenge, in android.hardware.keymint.HardwareAuthToken token);
void addRngEntropy(in byte[] data);
void generateKey(in android.hardware.keymint.KeyParameter[] keyParams, out android.hardware.keymint.ByteArray generatedKeyBlob, out android.hardware.keymint.KeyCharacteristics generatedKeyCharacteristics, out android.hardware.keymint.Certificate[] outCertChain);
void importKey(in android.hardware.keymint.KeyParameter[] inKeyParams, in android.hardware.keymint.KeyFormat inKeyFormat, in byte[] inKeyData, out android.hardware.keymint.ByteArray outImportedKeyBlob, out android.hardware.keymint.KeyCharacteristics outImportedKeyCharacteristics, out android.hardware.keymint.Certificate[] outCertChain);
void importWrappedKey(in byte[] inWrappedKeyData, in byte[] inWrappingKeyBlob, in byte[] inMaskingKey, in android.hardware.keymint.KeyParameter[] inUnwrappingParams, in long inPasswordSid, in long inBiometricSid, out android.hardware.keymint.ByteArray outImportedKeyBlob, out android.hardware.keymint.KeyCharacteristics outImportedKeyCharacteristics);
byte[] upgradeKey(in byte[] inKeyBlobToUpgrade, in android.hardware.keymint.KeyParameter[] inUpgradeParams);
void deleteKey(in byte[] inKeyBlob);
void deleteAllKeys();
void destroyAttestationIds();
android.hardware.keymint.BeginResult begin(in android.hardware.keymint.KeyPurpose inPurpose, in byte[] inKeyBlob, in android.hardware.keymint.KeyParameter[] inParams, in android.hardware.keymint.HardwareAuthToken inAuthToken);
const int AUTH_TOKEN_MAC_LENGTH = 32;
}

View file

@ -1,3 +0,0 @@
service vendor.keymint-default /vendor/bin/hw/android.hardware.keymint@1.0-service
class early_hal
user nobody

View file

@ -1,8 +1,8 @@
aidl_interface {
name: "android.hardware.keymint",
name: "android.hardware.security.keymint",
vendor_available: true,
srcs: [
"android/hardware/keymint/*.aidl",
"android/hardware/security/keymint/*.aidl",
],
stability: "vintf",
backend: {

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@Backing(type="int") @VintfStability
enum Algorithm {
RSA = 1,

View file

@ -15,10 +15,10 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@VintfStability
parcelable BeginResult {
long challenge;
android.hardware.keymint.KeyParameter[] params;
android.hardware.keymint.IKeyMintOperation operation;
android.hardware.security.keymint.KeyParameter[] params;
android.hardware.security.keymint.IKeyMintOperation operation;
}

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@Backing(type="int") @VintfStability
enum BlockMode {
ECB = 1,

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@VintfStability
parcelable ByteArray {
byte[] data;

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@VintfStability
parcelable Certificate {
byte[] encodedCertificate;

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@Backing(type="int") @VintfStability
enum Digest {
NONE = 0,

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@Backing(type="int") @VintfStability
enum EcCurve {
P_224 = 0,

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@Backing(type="int") @VintfStability
enum ErrorCode {
OK = 0,

View file

@ -15,13 +15,13 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@VintfStability
parcelable HardwareAuthToken {
long challenge;
long userId;
long authenticatorId;
android.hardware.keymint.HardwareAuthenticatorType authenticatorType;
android.hardware.keymint.Timestamp timestamp;
android.hardware.security.keymint.HardwareAuthenticatorType authenticatorType;
android.hardware.security.keymint.Timestamp timestamp;
byte[] mac;
}

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@Backing(type="int") @VintfStability
enum HardwareAuthenticatorType {
NONE = 0,

View file

@ -0,0 +1,33 @@
///////////////////////////////////////////////////////////////////////////////
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
///////////////////////////////////////////////////////////////////////////////
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
// edit this file. It looks like you are doing that because you have modified
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
// from an interface or a field from a parcelable and it broke the build. That
// breakage is intended.
//
// You must not make a backward incompatible changes to the AIDL files built
// with the aidl_interface module type with versions property set. The module
// type is used to build AIDL files in a way that they can be used across
// independently updatable components of the system. If a device is shipped
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.security.keymint;
@VintfStability
interface IKeyMintDevice {
android.hardware.security.keymint.KeyMintHardwareInfo getHardwareInfo();
android.hardware.security.keymint.VerificationToken verifyAuthorization(in long challenge, in android.hardware.security.keymint.HardwareAuthToken token);
void addRngEntropy(in byte[] data);
void generateKey(in android.hardware.security.keymint.KeyParameter[] keyParams, out android.hardware.security.keymint.ByteArray generatedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics generatedKeyCharacteristics, out android.hardware.security.keymint.Certificate[] outCertChain);
void importKey(in android.hardware.security.keymint.KeyParameter[] inKeyParams, in android.hardware.security.keymint.KeyFormat inKeyFormat, in byte[] inKeyData, out android.hardware.security.keymint.ByteArray outImportedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics outImportedKeyCharacteristics, out android.hardware.security.keymint.Certificate[] outCertChain);
void importWrappedKey(in byte[] inWrappedKeyData, in byte[] inWrappingKeyBlob, in byte[] inMaskingKey, in android.hardware.security.keymint.KeyParameter[] inUnwrappingParams, in long inPasswordSid, in long inBiometricSid, out android.hardware.security.keymint.ByteArray outImportedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics outImportedKeyCharacteristics);
byte[] upgradeKey(in byte[] inKeyBlobToUpgrade, in android.hardware.security.keymint.KeyParameter[] inUpgradeParams);
void deleteKey(in byte[] inKeyBlob);
void deleteAllKeys();
void destroyAttestationIds();
android.hardware.security.keymint.BeginResult begin(in android.hardware.security.keymint.KeyPurpose inPurpose, in byte[] inKeyBlob, in android.hardware.security.keymint.KeyParameter[] inParams, in android.hardware.security.keymint.HardwareAuthToken inAuthToken);
const int AUTH_TOKEN_MAC_LENGTH = 32;
}

View file

@ -15,10 +15,10 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@VintfStability
interface IKeyMintOperation {
int update(in @nullable android.hardware.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.keymint.KeyParameterArray outParams, out @nullable android.hardware.keymint.ByteArray output);
byte[] finish(in @nullable android.hardware.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.keymint.HardwareAuthToken authToken, in @nullable android.hardware.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.keymint.KeyParameterArray outParams);
int update(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.security.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams, out @nullable android.hardware.security.keymint.ByteArray output);
byte[] finish(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams);
void abort();
}

View file

@ -15,9 +15,9 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@VintfStability
parcelable KeyCharacteristics {
android.hardware.keymint.KeyParameter[] softwareEnforced;
android.hardware.keymint.KeyParameter[] hardwareEnforced;
android.hardware.security.keymint.KeyParameter[] softwareEnforced;
android.hardware.security.keymint.KeyParameter[] hardwareEnforced;
}

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@Backing(type="int") @VintfStability
enum KeyDerivationFunction {
NONE = 0,

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@Backing(type="int") @VintfStability
enum KeyFormat {
X509 = 0,

View file

@ -15,11 +15,11 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@VintfStability
parcelable KeyMintHardwareInfo {
int versionNumber;
android.hardware.keymint.SecurityLevel securityLevel;
android.hardware.security.keymint.SecurityLevel securityLevel;
@utf8InCpp String keyMintName;
@utf8InCpp String keyMintAuthorName;
}

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@Backing(type="int") @VintfStability
enum KeyOrigin {
GENERATED = 0,

View file

@ -15,10 +15,10 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@VintfStability
parcelable KeyParameter {
android.hardware.keymint.Tag tag;
android.hardware.security.keymint.Tag tag;
boolean boolValue;
int integer;
long longInteger;

View file

@ -15,8 +15,8 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@VintfStability
parcelable KeyParameterArray {
android.hardware.keymint.KeyParameter[] params;
android.hardware.security.keymint.KeyParameter[] params;
}

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@Backing(type="int") @VintfStability
enum KeyPurpose {
ENCRYPT = 0,

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@Backing(type="int") @VintfStability
enum PaddingMode {
NONE = 1,

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@Backing(type="int") @VintfStability
enum SecurityLevel {
SOFTWARE = 0,

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@Backing(type="int") @VintfStability
enum Tag {
INVALID = 0,

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@Backing(type="int") @VintfStability
enum TagType {
INVALID = 0,

View file

@ -15,7 +15,7 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@VintfStability
parcelable Timestamp {
long milliSeconds;

View file

@ -15,11 +15,11 @@
// with such a backward incompatible change, it has a high risk of breaking
// later when a module using the interface is updated, e.g., Mainline modules.
package android.hardware.keymint;
package android.hardware.security.keymint;
@VintfStability
parcelable VerificationToken {
long challenge;
android.hardware.keymint.Timestamp timestamp;
android.hardware.keymint.SecurityLevel securityLevel;
android.hardware.security.keymint.Timestamp timestamp;
android.hardware.security.keymint.SecurityLevel securityLevel;
byte[] mac;
}

View file

@ -14,8 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* Algorithms provided by IKeyMintDevice implementations.

View file

@ -14,12 +14,10 @@
* limitations under the License.
*/
package android.hardware.keymint;
import android.hardware.keymint.IKeyMintOperation;
import android.hardware.keymint.KeyParameter;
package android.hardware.security.keymint;
import android.hardware.security.keymint.IKeyMintOperation;
import android.hardware.security.keymint.KeyParameter;
/**
* This is all the results returned by the IKeyMintDevice begin() function.

View file

@ -14,8 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* Symmetric block cipher modes provided by IKeyMintDevice implementations.

View file

@ -14,8 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* This is used to contain a byte[], to make out parameters of byte arrays

View file

@ -14,7 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* This encodes the IKeyMintDevice attestation generated certificate.

View file

@ -14,8 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* Digests provided by keyMint implementations.

View file

@ -14,8 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* Supported EC curves, used in ECDSA

View file

@ -14,8 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* KeyMint error codes. Aidl will return these error codes as service specific

View file

@ -14,10 +14,10 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
import android.hardware.keymint.Timestamp;
import android.hardware.keymint.HardwareAuthenticatorType;
import android.hardware.security.keymint.Timestamp;
import android.hardware.security.keymint.HardwareAuthenticatorType;
/**
* HardwareAuthToken is used to prove successful user authentication, to unlock the use of a key.
@ -30,7 +30,6 @@ import android.hardware.keymint.HardwareAuthenticatorType;
*/
@VintfStability
parcelable HardwareAuthToken {
/**
* challenge is a value that's used to enable authentication tokens to authorize specific
* events. The primary use case for challenge is to authorize an IKeyMintDevice cryptographic

View file

@ -14,7 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* Hardware authentication type, used by HardwareAuthTokens to specify the mechanism used to

View file

@ -14,20 +14,20 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
import android.hardware.keymint.BeginResult;
import android.hardware.keymint.ByteArray;
import android.hardware.keymint.Certificate;
import android.hardware.keymint.HardwareAuthToken;
import android.hardware.keymint.IKeyMintOperation;
import android.hardware.keymint.KeyCharacteristics;
import android.hardware.keymint.KeyFormat;
import android.hardware.keymint.KeyParameter;
import android.hardware.keymint.KeyMintHardwareInfo;
import android.hardware.keymint.KeyPurpose;
import android.hardware.keymint.SecurityLevel;
import android.hardware.keymint.VerificationToken;
import android.hardware.security.keymint.BeginResult;
import android.hardware.security.keymint.ByteArray;
import android.hardware.security.keymint.Certificate;
import android.hardware.security.keymint.HardwareAuthToken;
import android.hardware.security.keymint.IKeyMintOperation;
import android.hardware.security.keymint.KeyCharacteristics;
import android.hardware.security.keymint.KeyFormat;
import android.hardware.security.keymint.KeyParameter;
import android.hardware.security.keymint.KeyMintHardwareInfo;
import android.hardware.security.keymint.KeyPurpose;
import android.hardware.security.keymint.SecurityLevel;
import android.hardware.security.keymint.VerificationToken;
/**
* KeyMint device definition.

View file

@ -14,13 +14,13 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
import android.hardware.keymint.ByteArray;
import android.hardware.keymint.HardwareAuthToken;
import android.hardware.keymint.KeyParameter;
import android.hardware.keymint.KeyParameterArray;
import android.hardware.keymint.VerificationToken;
import android.hardware.security.keymint.ByteArray;
import android.hardware.security.keymint.HardwareAuthToken;
import android.hardware.security.keymint.KeyParameter;
import android.hardware.security.keymint.KeyParameterArray;
import android.hardware.security.keymint.VerificationToken;
@VintfStability
interface IKeyMintOperation {

View file

@ -14,9 +14,9 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
import android.hardware.keymint.KeyParameter;
import android.hardware.security.keymint.KeyParameter;
/**
* KeyCharacteristics defines the attributes of a key, including cryptographic parameters, and usage

View file

@ -14,7 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* Key derivation functions, mostly used in ECIES.

View file

@ -14,8 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* Formats for key import and export.

View file

@ -14,15 +14,13 @@
* limitations under the License.
*/
package android.hardware.keymint;
import android.hardware.keymint.SecurityLevel;
package android.hardware.security.keymint;
import android.hardware.security.keymint.SecurityLevel;
/**
* KeyMintHardwareInfo is the hardware information returned by calling KeyMint getHardwareInfo()
*/
@VintfStability
parcelable KeyMintHardwareInfo {
/**

View file

@ -14,8 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* The origin of a key (or pair), i.e. where it was generated. Note that ORIGIN can be found in

View file

@ -14,20 +14,19 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
import android.hardware.keymint.Algorithm;
import android.hardware.keymint.BlockMode;
import android.hardware.keymint.Digest;
import android.hardware.keymint.EcCurve;
import android.hardware.keymint.HardwareAuthenticatorType;
import android.hardware.keymint.KeyDerivationFunction;
import android.hardware.keymint.KeyOrigin;
import android.hardware.keymint.KeyPurpose;
import android.hardware.keymint.PaddingMode;
import android.hardware.keymint.SecurityLevel;
import android.hardware.keymint.Tag;
import android.hardware.security.keymint.Algorithm;
import android.hardware.security.keymint.BlockMode;
import android.hardware.security.keymint.Digest;
import android.hardware.security.keymint.EcCurve;
import android.hardware.security.keymint.HardwareAuthenticatorType;
import android.hardware.security.keymint.KeyDerivationFunction;
import android.hardware.security.keymint.KeyOrigin;
import android.hardware.security.keymint.KeyPurpose;
import android.hardware.security.keymint.PaddingMode;
import android.hardware.security.keymint.SecurityLevel;
import android.hardware.security.keymint.Tag;
/**

View file

@ -14,9 +14,9 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
import android.hardware.keymint.KeyParameter;
import android.hardware.security.keymint.KeyParameter;
/**
* Identifies the key authorization parameters to be used with keyMint. This is usually

View file

@ -14,7 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**

View file

@ -14,7 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* TODO(seleneh) update the description.

View file

@ -14,7 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* Device security levels.

View file

@ -14,9 +14,9 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
import android.hardware.keymint.TagType;
import android.hardware.security.keymint.TagType;
// TODO(seleneh) : note aidl currently does not support double nested enum definitions such as
// ROOT_OF_TRUST = TagType:BYTES | 704. So we are forced to write definations as

View file

@ -14,7 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* TagType classifies Tags in Tag.aidl into various groups of data.

View file

@ -14,7 +14,7 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
/**
* Time in milliseconds since some arbitrary point in time. Time must be monotonically increasing,

View file

@ -14,10 +14,10 @@
* limitations under the License.
*/
package android.hardware.keymint;
package android.hardware.security.keymint;
import android.hardware.keymint.SecurityLevel;
import android.hardware.keymint.Timestamp;
import android.hardware.security.keymint.SecurityLevel;
import android.hardware.security.keymint.Timestamp;
/**
* VerificationToken instances are used for secure environments to authenticate one another.
@ -48,7 +48,7 @@ parcelable VerificationToken {
* 32-byte HMAC-SHA256 of the above values, computed as:
*
* HMAC(H,
* "Auth Verification" || challenge || timestamp || securityLevel || parametersVerified)
* "Auth Verification" || challenge || timestamp || securityLevel)
*
* where:
*
@ -58,11 +58,6 @@ parcelable VerificationToken {
*
* The representation of challenge and timestamp is as 64-bit unsigned integers in big-endian
* order. securityLevel is represented as a 32-bit unsigned integer in big-endian order.
*
* If parametersVerified is non-empty, the representation of parametersVerified is an ASN.1 DER
* encoded representation of the values. The ASN.1 schema used is the AuthorizationList schema
* from the Keystore attestation documentation. If parametersVerified is empty, it is simply
* omitted from the HMAC computation.
*/
byte[] mac;
}

View file

@ -1,22 +1,22 @@
cc_binary {
name: "android.hardware.keymint@1.0-service",
name: "android.hardware.security.keymint-service",
relative_install_path: "hw",
init_rc: ["android.hardware.keymint@1.0-service.rc"],
vintf_fragments: ["android.hardware.keymint@1.0-service.xml"],
init_rc: ["android.hardware.security.keymint-service.rc"],
vintf_fragments: ["android.hardware.security.keymint-service.xml"],
vendor: true,
cflags: [
"-Wall",
"-Wextra",
],
shared_libs: [
"android.hardware.keymint-ndk_platform",
"android.hardware.security.keymint-ndk_platform",
"libbase",
"libbinder_ndk",
"libcppbor",
"libcrypto",
"liblog",
"libkeymaster_portable",
"libkeymint1",
"libkeymint",
"liblog",
"libpuresoftkeymasterdevice",
"libutils",
],

View file

@ -0,0 +1,3 @@
service vendor.keymint-default /vendor/bin/hw/android.hardware.security.keymint-service
class early_hal
user nobody

View file

@ -1,6 +1,6 @@
<manifest version="1.0" type="device">
<hal format="aidl">
<name>android.hardware.keymint</name>
<name>android.hardware.security.keymint</name>
<fqname>IKeyMintDevice/default</fqname>
</hal>
</manifest>

View file

@ -14,30 +14,30 @@
* limitations under the License.
*/
#define LOG_TAG "android.hardware.keymint1-service"
#define LOG_TAG "android.hardware.security.keymint-service"
#include <android-base/logging.h>
#include <android/binder_manager.h>
#include <android/binder_process.h>
#include <AndroidKeyMint1Device.h>
#include <AndroidKeyMintDevice.h>
#include <keymaster/soft_keymaster_logger.h>
using aidl::android::hardware::keymint::SecurityLevel;
using aidl::android::hardware::keymint::V1_0::AndroidKeyMint1Device;
using aidl::android::hardware::security::keymint::AndroidKeyMintDevice;
using aidl::android::hardware::security::keymint::SecurityLevel;
int main() {
// Zero threads seems like a useless pool, but below we'll join this thread to it, increasing
// the pool size to 1.
ABinderProcess_setThreadPoolMaxThreadCount(0);
std::shared_ptr<AndroidKeyMint1Device> km5 =
ndk::SharedRefBase::make<AndroidKeyMint1Device>(SecurityLevel::SOFTWARE);
std::shared_ptr<AndroidKeyMintDevice> keyMint =
ndk::SharedRefBase::make<AndroidKeyMintDevice>(SecurityLevel::SOFTWARE);
keymaster::SoftKeymasterLogger logger;
const auto instanceName = std::string(AndroidKeyMint1Device::descriptor) + "/default";
const auto instanceName = std::string(AndroidKeyMintDevice::descriptor) + "/default";
LOG(INFO) << "instance: " << instanceName;
binder_status_t status =
AServiceManager_addService(km5->asBinder().get(), instanceName.c_str());
AServiceManager_addService(keyMint->asBinder().get(), instanceName.c_str());
CHECK(status == STATUS_OK);
ABinderProcess_joinThreadPool();

View file

@ -15,25 +15,25 @@
//
cc_test {
name: "VtsAidlKeyMintV1_0TargetTest",
name: "VtsAidlKeyMintTargetTest",
defaults: [
"VtsHalTargetTestDefaults",
"use_libaidlvintf_gtest_helper_static",
],
srcs: [
"keyMint1Test.cpp",
"KeyMintTest.cpp",
"VerificationTokenTest.cpp",
],
shared_libs: [
"libbinder",
"libcrypto",
"libkeymint1",
"libkeymintSupport",
"libkeymint",
"libkeymint_support",
],
static_libs: [
"android.hardware.keymint-cpp",
"libcppbor",
"libkeyMint1VtsTestUtil",
"android.hardware.security.keymint-cpp",
"libcppbor_external",
"libkeymint_vts_test_utils",
],
test_suites: [
"general-tests",
@ -42,7 +42,7 @@ cc_test {
}
cc_test_library {
name: "libkeyMint1VtsTestUtil",
name: "libkeymint_vts_test_utils",
defaults: [
"VtsHalTargetTestDefaults",
"use_libaidlvintf_gtest_helper_static",
@ -56,11 +56,11 @@ cc_test_library {
shared_libs: [
"libbinder",
"libcrypto",
"libkeymint1",
"libkeymintSupport",
"libkeymint",
"libkeymint_support",
],
static_libs: [
"android.hardware.keymint-cpp",
"android.hardware.security.keymint-cpp",
"libcppbor",
],
}

View file

@ -21,12 +21,10 @@
#include <android-base/logging.h>
#include <keymintSupport/key_param_output.h>
#include <keymintSupport/keymint_utils.h>
#include <keymint_support/key_param_output.h>
#include <keymint_support/keymint_utils.h>
namespace android {
namespace hardware {
namespace keymint {
namespace android::hardware::security::keymint {
using namespace std::literals::chrono_literals;
using std::endl;
@ -751,6 +749,5 @@ vector<Digest> KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) {
}
} // namespace test
} // namespace keymint
} // namespace hardware
} // namespace android
} // namespace android::hardware::security::keymint

View file

@ -21,18 +21,15 @@
#include <aidl/Gtest.h>
#include <aidl/Vintf.h>
#include <android/hardware/keymint/ErrorCode.h>
#include <android/hardware/keymint/IKeyMintDevice.h>
#include <android/hardware/security/keymint/ErrorCode.h>
#include <android/hardware/security/keymint/IKeyMintDevice.h>
#include <binder/IServiceManager.h>
#include <binder/ProcessState.h>
#include <gtest/gtest.h>
#include <keymintSupport/authorization_set.h>
#include <keymint_support/authorization_set.h>
namespace android {
namespace hardware {
namespace keymint {
namespace test {
namespace android::hardware::security::keymint::test {
using ::android::sp;
using binder::Status;
@ -189,9 +186,6 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
testing::ValuesIn(KeyMintAidlTestBase::build_params()), \
android::PrintInstanceNameToString)
} // namespace test
} // namespace keymint
} // namespace hardware
} // namespace android
} // namespace android::hardware::security::keymint::test
#endif // VTS_KEYMINT_AIDL_TEST_UTILS_H

View file

@ -26,36 +26,32 @@
#include <cutils/properties.h>
#include <android/hardware/keymint/KeyFormat.h>
#include <android/hardware/security/keymint/KeyFormat.h>
#include <keymintSupport/attestation_record.h>
#include <keymintSupport/key_param_output.h>
#include <keymintSupport/openssl_utils.h>
#include <keymint_support/attestation_record.h>
#include <keymint_support/key_param_output.h>
#include <keymint_support/openssl_utils.h>
#include "KeyMintAidlTestBase.h"
static bool arm_deleteAllKeys = false;
static bool dump_Attestations = false;
using android::hardware::keymint::AuthorizationSet;
using android::hardware::keymint::KeyCharacteristics;
using android::hardware::keymint::KeyFormat;
using android::hardware::security::keymint::AuthorizationSet;
using android::hardware::security::keymint::KeyCharacteristics;
using android::hardware::security::keymint::KeyFormat;
namespace android {
namespace hardware {
namespace keymint {
namespace android::hardware::security::keymint {
bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) {
return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin());
}
} // namespace keymint
} // namespace hardware
} // namespace android
} // namespace android::hardware::security::keymint
namespace std {
using namespace android::hardware::keymint;
using namespace android::hardware::security::keymint;
template <>
struct std::equal_to<KeyCharacteristics> {
@ -77,10 +73,8 @@ struct std::equal_to<KeyCharacteristics> {
} // namespace std
namespace android {
namespace hardware {
namespace keymint {
namespace test {
namespace android::hardware::security::keymint::test {
namespace {
template <TagType tag_type, Tag tag, typename ValueT>
@ -4046,10 +4040,7 @@ TEST_P(TransportLimitTest, LargeFinishInput) {
INSTANTIATE_KEYMINT_AIDL_TEST(TransportLimitTest);
} // namespace test
} // namespace keymint
} // namespace hardware
} // namespace android
} // namespace android::hardware::security::keymint::test
int main(int argc, char** argv) {
::testing::InitGoogleTest(&argc, argv);
@ -4063,7 +4054,5 @@ int main(int argc, char** argv) {
}
}
}
int status = RUN_ALL_TESTS();
ALOGI("Test result = %d", status);
return status;
return RUN_ALL_TESTS();
}

View file

@ -16,10 +16,7 @@
#include "KeyMintAidlTestBase.h"
namespace android {
namespace hardware {
namespace keymint {
namespace test {
namespace android::hardware::security::keymint::test {
class VerificationTokenTest : public KeyMintAidlTestBase {
protected:
@ -168,7 +165,4 @@ TEST_P(VerificationTokenTest, MacChangesOnChangingTimestamp) {
INSTANTIATE_KEYMINT_AIDL_TEST(VerificationTokenTest);
} // namespace test
} // namespace keymint
} // namespace hardware
} // namespace android
} // namespace android::hardware::security::keymint::test

View file

@ -15,7 +15,7 @@
//
cc_library {
name: "libkeymintSupport",
name: "libkeymint_support",
cflags: [
"-Wall",
"-Wextra",
@ -31,7 +31,7 @@ cc_library {
"include",
],
shared_libs: [
"android.hardware.keymint-cpp",
"android.hardware.security.keymint-cpp",
"libbase",
"libcrypto",
"libutils",

View file

@ -14,27 +14,26 @@
* limitations under the License.
*/
#include <keymintSupport/attestation_record.h>
#include <keymint_support/attestation_record.h>
#include <android/hardware/keymint/Tag.h>
#include <android/hardware/keymint/TagType.h>
#include <assert.h>
#include <android-base/logging.h>
#include <assert.h>
#include <openssl/asn1t.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
#include <keymintSupport/authorization_set.h>
#include <keymintSupport/openssl_utils.h>
#include <android/hardware/security/keymint/Tag.h>
#include <android/hardware/security/keymint/TagType.h>
#include <keymint_support/authorization_set.h>
#include <keymint_support/openssl_utils.h>
#define AT __FILE__ ":" << __LINE__
namespace android {
namespace hardware {
namespace keymint {
namespace android::hardware::security::keymint {
struct stack_st_ASN1_TYPE_Delete {
void operator()(stack_st_ASN1_TYPE* p) { sk_ASN1_TYPE_free(p); }
@ -382,6 +381,4 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc
return ErrorCode::OK; // KM_ERROR_OK;
}
} // namespace keymint
} // namespace hardware
} // namespace android
} // namespace android::hardware::security::keymint

View file

@ -14,23 +14,21 @@
* limitations under the License.
*/
#include <keymintSupport/authorization_set.h>
#include <keymint_support/authorization_set.h>
#include <assert.h>
#include <android-base/logging.h>
#include <sstream>
#include <android/hardware/keymint/Algorithm.h>
#include <android/hardware/keymint/BlockMode.h>
#include <android/hardware/keymint/Digest.h>
#include <android/hardware/keymint/KeyParameter.h>
#include <android/hardware/keymint/KeyPurpose.h>
#include <android/hardware/keymint/TagType.h>
#include <android-base/logging.h>
namespace android {
namespace hardware {
namespace keymint {
#include <android/hardware/security/keymint/Algorithm.h>
#include <android/hardware/security/keymint/BlockMode.h>
#include <android/hardware/security/keymint/Digest.h>
#include <android/hardware/security/keymint/KeyParameter.h>
#include <android/hardware/security/keymint/KeyPurpose.h>
#include <android/hardware/security/keymint/TagType.h>
namespace android::hardware::security::keymint {
void AuthorizationSet::Sort() {
std::sort(data_.begin(), data_.end());
@ -220,10 +218,11 @@ struct choose_serializer<> {
};
template <TagType tag_type, Tag tag, typename... Tail>
struct choose_serializer<android::hardware::keymint::TypedTag<tag_type, tag>, Tail...> {
struct choose_serializer<android::hardware::security::keymint::TypedTag<tag_type, tag>, Tail...> {
static OutStreams& serialize(OutStreams& out, const KeyParameter& param) {
if (param.tag == tag) {
return android::hardware::keymint::serialize(TypedTag<tag_type, tag>(), out, param);
return android::hardware::security::keymint::serialize(TypedTag<tag_type, tag>(), out,
param);
} else {
return choose_serializer<Tail...>::serialize(out, param);
}
@ -329,7 +328,8 @@ template <TagType tag_type, Tag tag, typename... Tail>
struct choose_deserializer<TypedTag<tag_type, tag>, Tail...> {
static InStreams& deserialize(InStreams& in, KeyParameter* param) {
if (param->tag == tag) {
return android::hardware::keymint::deserialize(TypedTag<tag_type, tag>(), in, param);
return android::hardware::security::keymint::deserialize(TypedTag<tag_type, tag>(), in,
param);
} else {
return choose_deserializer<Tail...>::deserialize(in, param);
}
@ -501,15 +501,14 @@ AuthorizationSetBuilder& AuthorizationSetBuilder::GcmModeMacLen(uint32_t macLeng
}
AuthorizationSetBuilder& AuthorizationSetBuilder::BlockMode(
std::initializer_list<android::hardware::keymint::BlockMode> blockModes) {
std::initializer_list<android::hardware::security::keymint::BlockMode> blockModes) {
for (auto mode : blockModes) {
push_back(TAG_BLOCK_MODE, mode);
}
return *this;
}
AuthorizationSetBuilder& AuthorizationSetBuilder::Digest(
std::vector<android::hardware::keymint::Digest> digests) {
AuthorizationSetBuilder& AuthorizationSetBuilder::Digest(std::vector<keymint::Digest> digests) {
for (auto digest : digests) {
push_back(TAG_DIGEST, digest);
}
@ -524,6 +523,4 @@ AuthorizationSetBuilder& AuthorizationSetBuilder::Padding(
return *this;
}
} // namespace keymint
} // namespace hardware
} // namespace android
} // namespace android::hardware::security::keymint

View file

@ -16,20 +16,14 @@
#pragma once
#include <android/hardware/keymint/ErrorCode.h>
#include <android/hardware/keymint/IKeyMintDevice.h>
#include <android/hardware/security/keymint/ErrorCode.h>
#include <android/hardware/security/keymint/IKeyMintDevice.h>
#include <keymintSupport/attestation_record.h>
#include <keymintSupport/authorization_set.h>
#include <keymintSupport/openssl_utils.h>
#include <keymint_support/attestation_record.h>
#include <keymint_support/authorization_set.h>
#include <keymint_support/openssl_utils.h>
namespace android {
namespace hardware {
namespace keymint {
using android::hardware::keymint::KeyParameter;
using android::hardware::keymint::Tag;
using android::hardware::keymint::TAG_ALGORITHM;
namespace android::hardware::security::keymint {
class AuthorizationSet;
@ -90,6 +84,4 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc
keymint_verified_boot_t* verified_boot_state, bool* device_locked,
std::vector<uint8_t>* verified_boot_hash);
} // namespace keymint
} // namespace hardware
} // namespace android
} // namespace android::hardware::security::keymint

View file

@ -19,21 +19,14 @@
#include <vector>
#include <android/hardware/keymint/BlockMode.h>
#include <android/hardware/keymint/Digest.h>
#include <android/hardware/keymint/EcCurve.h>
#include <android/hardware/keymint/PaddingMode.h>
#include <android/hardware/security/keymint/BlockMode.h>
#include <android/hardware/security/keymint/Digest.h>
#include <android/hardware/security/keymint/EcCurve.h>
#include <android/hardware/security/keymint/PaddingMode.h>
#include <keymintSupport/keymint_tags.h>
#include <keymint_support/keymint_tags.h>
namespace android {
namespace hardware {
namespace keymint {
using android::hardware::keymint::BlockMode;
using android::hardware::keymint::Digest;
using android::hardware::keymint::EcCurve;
using android::hardware::keymint::PaddingMode;
namespace android::hardware::security::keymint {
using std::vector;
@ -322,8 +315,6 @@ class AuthorizationSetBuilder : public AuthorizationSet {
}
};
} // namespace keymint
} // namespace hardware
} // namespace android
} // namespace android::hardware::security::keymint
#endif // SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_

View file

@ -1,5 +1,5 @@
/*
* Copyright (C) 2017 The Android Open Source Project
* Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -20,28 +20,24 @@
#include <iostream>
#include <vector>
#include <android/hardware/security/keymint/Algorithm.h>
#include <android/hardware/security/keymint/BlockMode.h>
#include <android/hardware/security/keymint/Digest.h>
#include <android/hardware/security/keymint/EcCurve.h>
#include <android/hardware/security/keymint/ErrorCode.h>
#include <android/hardware/security/keymint/HardwareAuthenticatorType.h>
#include <android/hardware/security/keymint/KeyCharacteristics.h>
#include <android/hardware/security/keymint/KeyOrigin.h>
#include <android/hardware/security/keymint/KeyParameter.h>
#include <android/hardware/security/keymint/KeyPurpose.h>
#include <android/hardware/security/keymint/PaddingMode.h>
#include <android/hardware/security/keymint/SecurityLevel.h>
#include <android/hardware/security/keymint/Tag.h>
#include <android/hardware/security/keymint/TagType.h>
#include "keymint_tags.h"
#include <android/hardware/keymint/Algorithm.h>
#include <android/hardware/keymint/BlockMode.h>
#include <android/hardware/keymint/Digest.h>
#include <android/hardware/keymint/EcCurve.h>
#include <android/hardware/keymint/ErrorCode.h>
#include <android/hardware/keymint/HardwareAuthenticatorType.h>
#include <android/hardware/keymint/KeyCharacteristics.h>
#include <android/hardware/keymint/KeyOrigin.h>
#include <android/hardware/keymint/KeyParameter.h>
#include <android/hardware/keymint/KeyPurpose.h>
#include <android/hardware/keymint/PaddingMode.h>
#include <android/hardware/keymint/SecurityLevel.h>
#include <android/hardware/keymint/Tag.h>
#include <android/hardware/keymint/TagType.h>
namespace android {
namespace hardware {
namespace keymint {
using namespace ::android::hardware::keymint;
namespace android::hardware::security::keymint {
inline ::std::ostream& operator<<(::std::ostream& os, Algorithm value) {
return os << toString(value);
@ -101,8 +97,6 @@ inline ::std::ostream& operator<<(::std::ostream& os, Tag tag) {
return os << toString(tag);
}
} // namespace keymint
} // namespace hardware
} // namespace android
} // namespace android::hardware::security::keymint
#endif // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_

View file

@ -17,24 +17,20 @@
#ifndef HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_
#define HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_
#include <android/hardware/keymint/Algorithm.h>
#include <android/hardware/keymint/BlockMode.h>
#include <android/hardware/keymint/Digest.h>
#include <android/hardware/keymint/EcCurve.h>
#include <android/hardware/keymint/HardwareAuthenticatorType.h>
#include <android/hardware/keymint/KeyOrigin.h>
#include <android/hardware/keymint/KeyParameter.h>
#include <android/hardware/keymint/KeyPurpose.h>
#include <android/hardware/keymint/PaddingMode.h>
#include <android/hardware/keymint/SecurityLevel.h>
#include <android/hardware/keymint/Tag.h>
#include <android/hardware/keymint/TagType.h>
#include <android/hardware/security/keymint/Algorithm.h>
#include <android/hardware/security/keymint/BlockMode.h>
#include <android/hardware/security/keymint/Digest.h>
#include <android/hardware/security/keymint/EcCurve.h>
#include <android/hardware/security/keymint/HardwareAuthenticatorType.h>
#include <android/hardware/security/keymint/KeyOrigin.h>
#include <android/hardware/security/keymint/KeyParameter.h>
#include <android/hardware/security/keymint/KeyPurpose.h>
#include <android/hardware/security/keymint/PaddingMode.h>
#include <android/hardware/security/keymint/SecurityLevel.h>
#include <android/hardware/security/keymint/Tag.h>
#include <android/hardware/security/keymint/TagType.h>
namespace android::hardware::keymint {
using android::hardware::keymint::KeyParameter;
using android::hardware::keymint::Tag;
using android::hardware::keymint::TagType;
namespace android::hardware::security::keymint {
// The following create the numeric values that KM_TAG_PADDING and KM_TAG_DIGEST used to have. We
// need these old values to be able to support old keys that use them.
@ -337,78 +333,6 @@ inline NullOr<const typename TypedTag2ValueType<TypedTag<tag_type, tag>>::type&>
return accessTagValue(ttag, param);
}
} // namespace android::hardware::keymint
namespace std {
using namespace android::hardware::keymint;
// Aidl generates KeyParameter operator<, >, ==, != for cpp translation but not ndk
// translations. So we cannot straight forward overload these operators.
// However we need our custom comparison for KeyParameters. So we will
// overload std::less, equal_to instead.
template <>
struct std::less<KeyParameter> {
bool operator()(const KeyParameter& a, const KeyParameter& b) const {
if (a.tag != b.tag) return a.tag < b.tag;
int retval;
switch (typeFromTag(a.tag)) {
case TagType::INVALID:
case TagType::BOOL:
return false;
case TagType::ENUM:
case TagType::ENUM_REP:
case TagType::UINT:
case TagType::UINT_REP:
return a.integer < b.integer;
case TagType::ULONG:
case TagType::ULONG_REP:
case TagType::DATE:
return a.longInteger < b.longInteger;
case TagType::BIGNUM:
case TagType::BYTES:
// Handle the empty cases.
if (a.blob.size() == 0) return b.blob.size() != 0;
if (b.blob.size() == 0) return false;
retval = memcmp(&a.blob[0], &b.blob[0], std::min(a.blob.size(), b.blob.size()));
// if one is the prefix of the other the longer wins
if (retval == 0) return a.blob.size() < b.blob.size();
// Otherwise a is less if a is less.
else
return retval < 0;
}
return false;
}
};
template <>
struct std::equal_to<KeyParameter> {
bool operator()(const KeyParameter& a, const KeyParameter& b) const {
if (a.tag != b.tag) {
return false;
}
switch (typeFromTag(a.tag)) {
case TagType::INVALID:
case TagType::BOOL:
return true;
case TagType::ENUM:
case TagType::ENUM_REP:
case TagType::UINT:
case TagType::UINT_REP:
return a.integer == b.integer;
case TagType::ULONG:
case TagType::ULONG_REP:
case TagType::DATE:
return a.longInteger == b.longInteger;
case TagType::BIGNUM:
case TagType::BYTES:
if (a.blob.size() != b.blob.size()) return false;
return a.blob.size() == 0 || memcmp(&a.blob[0], &b.blob[0], a.blob.size()) == 0;
}
return false;
}
};
} // namespace std
} // namespace android::hardware::security::keymint
#endif // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_

View file

@ -19,11 +19,9 @@
#ifndef HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_
#define HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_
#include <android/hardware/keymint/HardwareAuthToken.h>
#include <android/hardware/security/keymint/HardwareAuthToken.h>
namespace android {
namespace hardware {
namespace keymint {
namespace android::hardware::security::keymint {
using std::vector;
@ -44,8 +42,6 @@ vector<uint8_t> authToken2vector(const HardwareAuthToken& token);
uint32_t getOsVersion();
uint32_t getOsPatchlevel();
} // namespace keymint
} // namespace hardware
} // namespace android
} // namespace android::hardware::security::keymint
#endif // HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_

View file

@ -17,11 +17,13 @@
#ifndef HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_
#define HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_
#include <android/hardware/keymint/Digest.h>
#include <android/hardware/security/keymint/Digest.h>
#include <openssl/evp.h>
#include <openssl/x509.h>
namespace android::hardware::security::keymint {
template <typename T, void (*F)(T*)>
struct UniquePtrDeleter {
void operator()(T* p) const { F(p); }
@ -40,24 +42,26 @@ MAKE_OPENSSL_PTR_TYPE(BN_CTX)
typedef std::unique_ptr<BIGNUM, UniquePtrDeleter<BIGNUM, BN_free>> BIGNUM_Ptr;
inline const EVP_MD* openssl_digest(android::hardware::keymint::Digest digest) {
inline const EVP_MD* openssl_digest(Digest digest) {
switch (digest) {
case android::hardware::keymint::Digest::NONE:
case Digest::NONE:
return nullptr;
case android::hardware::keymint::Digest::MD5:
case Digest::MD5:
return EVP_md5();
case android::hardware::keymint::Digest::SHA1:
case Digest::SHA1:
return EVP_sha1();
case android::hardware::keymint::Digest::SHA_2_224:
case Digest::SHA_2_224:
return EVP_sha224();
case android::hardware::keymint::Digest::SHA_2_256:
case Digest::SHA_2_256:
return EVP_sha256();
case android::hardware::keymint::Digest::SHA_2_384:
case Digest::SHA_2_384:
return EVP_sha384();
case android::hardware::keymint::Digest::SHA_2_512:
case Digest::SHA_2_512:
return EVP_sha512();
}
return nullptr;
}
} // namespace android::hardware::security::keymint
#endif // HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_

View file

@ -14,15 +14,13 @@
* limitations under the License.
*/
#include <keymintSupport/key_param_output.h>
#include <keymintSupport/keymint_tags.h>
#include <keymint_support/key_param_output.h>
#include <iomanip>
namespace android {
namespace hardware {
namespace keymint {
#include <keymint_support/keymint_tags.h>
namespace android::hardware::security::keymint {
using ::std::endl;
using ::std::ostream;
@ -71,6 +69,4 @@ ostream& operator<<(ostream& os, const KeyParameter& param) {
return os << "UNKNOWN TAG TYPE!";
}
} // namespace keymint
} // namespace hardware
} // namespace android
} // namespace android::hardware::security::keymint

View file

@ -18,11 +18,11 @@
#include <android-base/properties.h>
#include <hardware/hw_auth_token.h>
#include <keymintSupport/keymint_utils.h>
#include <keymint_support/keymint_utils.h>
#include <arpa/inet.h>
namespace android::hardware::keymint {
namespace android::hardware::security::keymint {
namespace {
@ -111,4 +111,4 @@ uint32_t getOsPatchlevel() {
return getOsPatchlevel(patchlevel.c_str());
}
} // namespace android::hardware::keymint
} // namespace android::hardware::security::keymint