Merge "Move keymint to android.hardware.security." am: 0a89757936
am: 640d1c8a40
Original change: https://android-review.googlesource.com/c/platform/hardware/interfaces/+/1519122 MUST ONLY BE SUBMITTED BY AUTOMERGER Change-Id: I10f92fa6fe76da15f9093d23a71d9c7456db5b10
This commit is contained in:
commit
5a1001361d
79 changed files with 294 additions and 448 deletions
|
@ -299,7 +299,7 @@
|
|||
</interface>
|
||||
</hal>
|
||||
<hal format="aidl" optional="true">
|
||||
<name>android.hardware.keymint</name>
|
||||
<name>android.hardware.security.keymint</name>
|
||||
<interface>
|
||||
<name>IKeyMintDevice</name>
|
||||
<instance>default</instance>
|
||||
|
|
|
@ -1,33 +0,0 @@
|
|||
///////////////////////////////////////////////////////////////////////////////
|
||||
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
|
||||
///////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
|
||||
// edit this file. It looks like you are doing that because you have modified
|
||||
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
|
||||
// from an interface or a field from a parcelable and it broke the build. That
|
||||
// breakage is intended.
|
||||
//
|
||||
// You must not make a backward incompatible changes to the AIDL files built
|
||||
// with the aidl_interface module type with versions property set. The module
|
||||
// type is used to build AIDL files in a way that they can be used across
|
||||
// independently updatable components of the system. If a device is shipped
|
||||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
@VintfStability
|
||||
interface IKeyMintDevice {
|
||||
android.hardware.keymint.KeyMintHardwareInfo getHardwareInfo();
|
||||
android.hardware.keymint.VerificationToken verifyAuthorization(in long challenge, in android.hardware.keymint.HardwareAuthToken token);
|
||||
void addRngEntropy(in byte[] data);
|
||||
void generateKey(in android.hardware.keymint.KeyParameter[] keyParams, out android.hardware.keymint.ByteArray generatedKeyBlob, out android.hardware.keymint.KeyCharacteristics generatedKeyCharacteristics, out android.hardware.keymint.Certificate[] outCertChain);
|
||||
void importKey(in android.hardware.keymint.KeyParameter[] inKeyParams, in android.hardware.keymint.KeyFormat inKeyFormat, in byte[] inKeyData, out android.hardware.keymint.ByteArray outImportedKeyBlob, out android.hardware.keymint.KeyCharacteristics outImportedKeyCharacteristics, out android.hardware.keymint.Certificate[] outCertChain);
|
||||
void importWrappedKey(in byte[] inWrappedKeyData, in byte[] inWrappingKeyBlob, in byte[] inMaskingKey, in android.hardware.keymint.KeyParameter[] inUnwrappingParams, in long inPasswordSid, in long inBiometricSid, out android.hardware.keymint.ByteArray outImportedKeyBlob, out android.hardware.keymint.KeyCharacteristics outImportedKeyCharacteristics);
|
||||
byte[] upgradeKey(in byte[] inKeyBlobToUpgrade, in android.hardware.keymint.KeyParameter[] inUpgradeParams);
|
||||
void deleteKey(in byte[] inKeyBlob);
|
||||
void deleteAllKeys();
|
||||
void destroyAttestationIds();
|
||||
android.hardware.keymint.BeginResult begin(in android.hardware.keymint.KeyPurpose inPurpose, in byte[] inKeyBlob, in android.hardware.keymint.KeyParameter[] inParams, in android.hardware.keymint.HardwareAuthToken inAuthToken);
|
||||
const int AUTH_TOKEN_MAC_LENGTH = 32;
|
||||
}
|
|
@ -1,3 +0,0 @@
|
|||
service vendor.keymint-default /vendor/bin/hw/android.hardware.keymint@1.0-service
|
||||
class early_hal
|
||||
user nobody
|
|
@ -1,8 +1,8 @@
|
|||
aidl_interface {
|
||||
name: "android.hardware.keymint",
|
||||
name: "android.hardware.security.keymint",
|
||||
vendor_available: true,
|
||||
srcs: [
|
||||
"android/hardware/keymint/*.aidl",
|
||||
"android/hardware/security/keymint/*.aidl",
|
||||
],
|
||||
stability: "vintf",
|
||||
backend: {
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@Backing(type="int") @VintfStability
|
||||
enum Algorithm {
|
||||
RSA = 1,
|
|
@ -15,10 +15,10 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@VintfStability
|
||||
parcelable BeginResult {
|
||||
long challenge;
|
||||
android.hardware.keymint.KeyParameter[] params;
|
||||
android.hardware.keymint.IKeyMintOperation operation;
|
||||
android.hardware.security.keymint.KeyParameter[] params;
|
||||
android.hardware.security.keymint.IKeyMintOperation operation;
|
||||
}
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@Backing(type="int") @VintfStability
|
||||
enum BlockMode {
|
||||
ECB = 1,
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@VintfStability
|
||||
parcelable ByteArray {
|
||||
byte[] data;
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@VintfStability
|
||||
parcelable Certificate {
|
||||
byte[] encodedCertificate;
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@Backing(type="int") @VintfStability
|
||||
enum Digest {
|
||||
NONE = 0,
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@Backing(type="int") @VintfStability
|
||||
enum EcCurve {
|
||||
P_224 = 0,
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@Backing(type="int") @VintfStability
|
||||
enum ErrorCode {
|
||||
OK = 0,
|
|
@ -15,13 +15,13 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@VintfStability
|
||||
parcelable HardwareAuthToken {
|
||||
long challenge;
|
||||
long userId;
|
||||
long authenticatorId;
|
||||
android.hardware.keymint.HardwareAuthenticatorType authenticatorType;
|
||||
android.hardware.keymint.Timestamp timestamp;
|
||||
android.hardware.security.keymint.HardwareAuthenticatorType authenticatorType;
|
||||
android.hardware.security.keymint.Timestamp timestamp;
|
||||
byte[] mac;
|
||||
}
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@Backing(type="int") @VintfStability
|
||||
enum HardwareAuthenticatorType {
|
||||
NONE = 0,
|
|
@ -0,0 +1,33 @@
|
|||
///////////////////////////////////////////////////////////////////////////////
|
||||
// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. //
|
||||
///////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
|
||||
// edit this file. It looks like you are doing that because you have modified
|
||||
// an AIDL interface in a backward-incompatible way, e.g., deleting a function
|
||||
// from an interface or a field from a parcelable and it broke the build. That
|
||||
// breakage is intended.
|
||||
//
|
||||
// You must not make a backward incompatible changes to the AIDL files built
|
||||
// with the aidl_interface module type with versions property set. The module
|
||||
// type is used to build AIDL files in a way that they can be used across
|
||||
// independently updatable components of the system. If a device is shipped
|
||||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.security.keymint;
|
||||
@VintfStability
|
||||
interface IKeyMintDevice {
|
||||
android.hardware.security.keymint.KeyMintHardwareInfo getHardwareInfo();
|
||||
android.hardware.security.keymint.VerificationToken verifyAuthorization(in long challenge, in android.hardware.security.keymint.HardwareAuthToken token);
|
||||
void addRngEntropy(in byte[] data);
|
||||
void generateKey(in android.hardware.security.keymint.KeyParameter[] keyParams, out android.hardware.security.keymint.ByteArray generatedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics generatedKeyCharacteristics, out android.hardware.security.keymint.Certificate[] outCertChain);
|
||||
void importKey(in android.hardware.security.keymint.KeyParameter[] inKeyParams, in android.hardware.security.keymint.KeyFormat inKeyFormat, in byte[] inKeyData, out android.hardware.security.keymint.ByteArray outImportedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics outImportedKeyCharacteristics, out android.hardware.security.keymint.Certificate[] outCertChain);
|
||||
void importWrappedKey(in byte[] inWrappedKeyData, in byte[] inWrappingKeyBlob, in byte[] inMaskingKey, in android.hardware.security.keymint.KeyParameter[] inUnwrappingParams, in long inPasswordSid, in long inBiometricSid, out android.hardware.security.keymint.ByteArray outImportedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics outImportedKeyCharacteristics);
|
||||
byte[] upgradeKey(in byte[] inKeyBlobToUpgrade, in android.hardware.security.keymint.KeyParameter[] inUpgradeParams);
|
||||
void deleteKey(in byte[] inKeyBlob);
|
||||
void deleteAllKeys();
|
||||
void destroyAttestationIds();
|
||||
android.hardware.security.keymint.BeginResult begin(in android.hardware.security.keymint.KeyPurpose inPurpose, in byte[] inKeyBlob, in android.hardware.security.keymint.KeyParameter[] inParams, in android.hardware.security.keymint.HardwareAuthToken inAuthToken);
|
||||
const int AUTH_TOKEN_MAC_LENGTH = 32;
|
||||
}
|
|
@ -15,10 +15,10 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@VintfStability
|
||||
interface IKeyMintOperation {
|
||||
int update(in @nullable android.hardware.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.keymint.KeyParameterArray outParams, out @nullable android.hardware.keymint.ByteArray output);
|
||||
byte[] finish(in @nullable android.hardware.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.keymint.HardwareAuthToken authToken, in @nullable android.hardware.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.keymint.KeyParameterArray outParams);
|
||||
int update(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.security.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams, out @nullable android.hardware.security.keymint.ByteArray output);
|
||||
byte[] finish(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams);
|
||||
void abort();
|
||||
}
|
|
@ -15,9 +15,9 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@VintfStability
|
||||
parcelable KeyCharacteristics {
|
||||
android.hardware.keymint.KeyParameter[] softwareEnforced;
|
||||
android.hardware.keymint.KeyParameter[] hardwareEnforced;
|
||||
android.hardware.security.keymint.KeyParameter[] softwareEnforced;
|
||||
android.hardware.security.keymint.KeyParameter[] hardwareEnforced;
|
||||
}
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@Backing(type="int") @VintfStability
|
||||
enum KeyDerivationFunction {
|
||||
NONE = 0,
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@Backing(type="int") @VintfStability
|
||||
enum KeyFormat {
|
||||
X509 = 0,
|
|
@ -15,11 +15,11 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@VintfStability
|
||||
parcelable KeyMintHardwareInfo {
|
||||
int versionNumber;
|
||||
android.hardware.keymint.SecurityLevel securityLevel;
|
||||
android.hardware.security.keymint.SecurityLevel securityLevel;
|
||||
@utf8InCpp String keyMintName;
|
||||
@utf8InCpp String keyMintAuthorName;
|
||||
}
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@Backing(type="int") @VintfStability
|
||||
enum KeyOrigin {
|
||||
GENERATED = 0,
|
|
@ -15,10 +15,10 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@VintfStability
|
||||
parcelable KeyParameter {
|
||||
android.hardware.keymint.Tag tag;
|
||||
android.hardware.security.keymint.Tag tag;
|
||||
boolean boolValue;
|
||||
int integer;
|
||||
long longInteger;
|
|
@ -15,8 +15,8 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@VintfStability
|
||||
parcelable KeyParameterArray {
|
||||
android.hardware.keymint.KeyParameter[] params;
|
||||
android.hardware.security.keymint.KeyParameter[] params;
|
||||
}
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@Backing(type="int") @VintfStability
|
||||
enum KeyPurpose {
|
||||
ENCRYPT = 0,
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@Backing(type="int") @VintfStability
|
||||
enum PaddingMode {
|
||||
NONE = 1,
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@Backing(type="int") @VintfStability
|
||||
enum SecurityLevel {
|
||||
SOFTWARE = 0,
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@Backing(type="int") @VintfStability
|
||||
enum Tag {
|
||||
INVALID = 0,
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@Backing(type="int") @VintfStability
|
||||
enum TagType {
|
||||
INVALID = 0,
|
|
@ -15,7 +15,7 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@VintfStability
|
||||
parcelable Timestamp {
|
||||
long milliSeconds;
|
|
@ -15,11 +15,11 @@
|
|||
// with such a backward incompatible change, it has a high risk of breaking
|
||||
// later when a module using the interface is updated, e.g., Mainline modules.
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
@VintfStability
|
||||
parcelable VerificationToken {
|
||||
long challenge;
|
||||
android.hardware.keymint.Timestamp timestamp;
|
||||
android.hardware.keymint.SecurityLevel securityLevel;
|
||||
android.hardware.security.keymint.Timestamp timestamp;
|
||||
android.hardware.security.keymint.SecurityLevel securityLevel;
|
||||
byte[] mac;
|
||||
}
|
|
@ -14,8 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* Algorithms provided by IKeyMintDevice implementations.
|
|
@ -14,12 +14,10 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
|
||||
|
||||
import android.hardware.keymint.IKeyMintOperation;
|
||||
import android.hardware.keymint.KeyParameter;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
import android.hardware.security.keymint.IKeyMintOperation;
|
||||
import android.hardware.security.keymint.KeyParameter;
|
||||
|
||||
/**
|
||||
* This is all the results returned by the IKeyMintDevice begin() function.
|
|
@ -14,8 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* Symmetric block cipher modes provided by IKeyMintDevice implementations.
|
|
@ -14,8 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* This is used to contain a byte[], to make out parameters of byte arrays
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* This encodes the IKeyMintDevice attestation generated certificate.
|
|
@ -14,8 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* Digests provided by keyMint implementations.
|
|
@ -14,8 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* Supported EC curves, used in ECDSA
|
|
@ -14,8 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* KeyMint error codes. Aidl will return these error codes as service specific
|
|
@ -14,10 +14,10 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
import android.hardware.keymint.Timestamp;
|
||||
import android.hardware.keymint.HardwareAuthenticatorType;
|
||||
import android.hardware.security.keymint.Timestamp;
|
||||
import android.hardware.security.keymint.HardwareAuthenticatorType;
|
||||
|
||||
/**
|
||||
* HardwareAuthToken is used to prove successful user authentication, to unlock the use of a key.
|
||||
|
@ -30,7 +30,6 @@ import android.hardware.keymint.HardwareAuthenticatorType;
|
|||
*/
|
||||
@VintfStability
|
||||
parcelable HardwareAuthToken {
|
||||
|
||||
/**
|
||||
* challenge is a value that's used to enable authentication tokens to authorize specific
|
||||
* events. The primary use case for challenge is to authorize an IKeyMintDevice cryptographic
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* Hardware authentication type, used by HardwareAuthTokens to specify the mechanism used to
|
|
@ -14,20 +14,20 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
import android.hardware.keymint.BeginResult;
|
||||
import android.hardware.keymint.ByteArray;
|
||||
import android.hardware.keymint.Certificate;
|
||||
import android.hardware.keymint.HardwareAuthToken;
|
||||
import android.hardware.keymint.IKeyMintOperation;
|
||||
import android.hardware.keymint.KeyCharacteristics;
|
||||
import android.hardware.keymint.KeyFormat;
|
||||
import android.hardware.keymint.KeyParameter;
|
||||
import android.hardware.keymint.KeyMintHardwareInfo;
|
||||
import android.hardware.keymint.KeyPurpose;
|
||||
import android.hardware.keymint.SecurityLevel;
|
||||
import android.hardware.keymint.VerificationToken;
|
||||
import android.hardware.security.keymint.BeginResult;
|
||||
import android.hardware.security.keymint.ByteArray;
|
||||
import android.hardware.security.keymint.Certificate;
|
||||
import android.hardware.security.keymint.HardwareAuthToken;
|
||||
import android.hardware.security.keymint.IKeyMintOperation;
|
||||
import android.hardware.security.keymint.KeyCharacteristics;
|
||||
import android.hardware.security.keymint.KeyFormat;
|
||||
import android.hardware.security.keymint.KeyParameter;
|
||||
import android.hardware.security.keymint.KeyMintHardwareInfo;
|
||||
import android.hardware.security.keymint.KeyPurpose;
|
||||
import android.hardware.security.keymint.SecurityLevel;
|
||||
import android.hardware.security.keymint.VerificationToken;
|
||||
|
||||
/**
|
||||
* KeyMint device definition.
|
|
@ -14,13 +14,13 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
import android.hardware.keymint.ByteArray;
|
||||
import android.hardware.keymint.HardwareAuthToken;
|
||||
import android.hardware.keymint.KeyParameter;
|
||||
import android.hardware.keymint.KeyParameterArray;
|
||||
import android.hardware.keymint.VerificationToken;
|
||||
import android.hardware.security.keymint.ByteArray;
|
||||
import android.hardware.security.keymint.HardwareAuthToken;
|
||||
import android.hardware.security.keymint.KeyParameter;
|
||||
import android.hardware.security.keymint.KeyParameterArray;
|
||||
import android.hardware.security.keymint.VerificationToken;
|
||||
|
||||
@VintfStability
|
||||
interface IKeyMintOperation {
|
|
@ -14,9 +14,9 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
import android.hardware.keymint.KeyParameter;
|
||||
import android.hardware.security.keymint.KeyParameter;
|
||||
|
||||
/**
|
||||
* KeyCharacteristics defines the attributes of a key, including cryptographic parameters, and usage
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* Key derivation functions, mostly used in ECIES.
|
|
@ -14,8 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* Formats for key import and export.
|
|
@ -14,15 +14,13 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
|
||||
import android.hardware.keymint.SecurityLevel;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
import android.hardware.security.keymint.SecurityLevel;
|
||||
|
||||
/**
|
||||
* KeyMintHardwareInfo is the hardware information returned by calling KeyMint getHardwareInfo()
|
||||
*/
|
||||
|
||||
@VintfStability
|
||||
parcelable KeyMintHardwareInfo {
|
||||
/**
|
|
@ -14,8 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* The origin of a key (or pair), i.e. where it was generated. Note that ORIGIN can be found in
|
|
@ -14,20 +14,19 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
|
||||
import android.hardware.keymint.Algorithm;
|
||||
import android.hardware.keymint.BlockMode;
|
||||
import android.hardware.keymint.Digest;
|
||||
import android.hardware.keymint.EcCurve;
|
||||
import android.hardware.keymint.HardwareAuthenticatorType;
|
||||
import android.hardware.keymint.KeyDerivationFunction;
|
||||
import android.hardware.keymint.KeyOrigin;
|
||||
import android.hardware.keymint.KeyPurpose;
|
||||
import android.hardware.keymint.PaddingMode;
|
||||
import android.hardware.keymint.SecurityLevel;
|
||||
import android.hardware.keymint.Tag;
|
||||
import android.hardware.security.keymint.Algorithm;
|
||||
import android.hardware.security.keymint.BlockMode;
|
||||
import android.hardware.security.keymint.Digest;
|
||||
import android.hardware.security.keymint.EcCurve;
|
||||
import android.hardware.security.keymint.HardwareAuthenticatorType;
|
||||
import android.hardware.security.keymint.KeyDerivationFunction;
|
||||
import android.hardware.security.keymint.KeyOrigin;
|
||||
import android.hardware.security.keymint.KeyPurpose;
|
||||
import android.hardware.security.keymint.PaddingMode;
|
||||
import android.hardware.security.keymint.SecurityLevel;
|
||||
import android.hardware.security.keymint.Tag;
|
||||
|
||||
|
||||
/**
|
|
@ -14,9 +14,9 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
import android.hardware.keymint.KeyParameter;
|
||||
import android.hardware.security.keymint.KeyParameter;
|
||||
|
||||
/**
|
||||
* Identifies the key authorization parameters to be used with keyMint. This is usually
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
|
||||
/**
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* TODO(seleneh) update the description.
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* Device security levels.
|
|
@ -14,9 +14,9 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
import android.hardware.keymint.TagType;
|
||||
import android.hardware.security.keymint.TagType;
|
||||
|
||||
// TODO(seleneh) : note aidl currently does not support double nested enum definitions such as
|
||||
// ROOT_OF_TRUST = TagType:BYTES | 704. So we are forced to write definations as
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* TagType classifies Tags in Tag.aidl into various groups of data.
|
|
@ -14,7 +14,7 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
/**
|
||||
* Time in milliseconds since some arbitrary point in time. Time must be monotonically increasing,
|
|
@ -14,10 +14,10 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package android.hardware.keymint;
|
||||
package android.hardware.security.keymint;
|
||||
|
||||
import android.hardware.keymint.SecurityLevel;
|
||||
import android.hardware.keymint.Timestamp;
|
||||
import android.hardware.security.keymint.SecurityLevel;
|
||||
import android.hardware.security.keymint.Timestamp;
|
||||
|
||||
/**
|
||||
* VerificationToken instances are used for secure environments to authenticate one another.
|
||||
|
@ -48,7 +48,7 @@ parcelable VerificationToken {
|
|||
* 32-byte HMAC-SHA256 of the above values, computed as:
|
||||
*
|
||||
* HMAC(H,
|
||||
* "Auth Verification" || challenge || timestamp || securityLevel || parametersVerified)
|
||||
* "Auth Verification" || challenge || timestamp || securityLevel)
|
||||
*
|
||||
* where:
|
||||
*
|
||||
|
@ -58,11 +58,6 @@ parcelable VerificationToken {
|
|||
*
|
||||
* The representation of challenge and timestamp is as 64-bit unsigned integers in big-endian
|
||||
* order. securityLevel is represented as a 32-bit unsigned integer in big-endian order.
|
||||
*
|
||||
* If parametersVerified is non-empty, the representation of parametersVerified is an ASN.1 DER
|
||||
* encoded representation of the values. The ASN.1 schema used is the AuthorizationList schema
|
||||
* from the Keystore attestation documentation. If parametersVerified is empty, it is simply
|
||||
* omitted from the HMAC computation.
|
||||
*/
|
||||
byte[] mac;
|
||||
}
|
|
@ -1,22 +1,22 @@
|
|||
cc_binary {
|
||||
name: "android.hardware.keymint@1.0-service",
|
||||
name: "android.hardware.security.keymint-service",
|
||||
relative_install_path: "hw",
|
||||
init_rc: ["android.hardware.keymint@1.0-service.rc"],
|
||||
vintf_fragments: ["android.hardware.keymint@1.0-service.xml"],
|
||||
init_rc: ["android.hardware.security.keymint-service.rc"],
|
||||
vintf_fragments: ["android.hardware.security.keymint-service.xml"],
|
||||
vendor: true,
|
||||
cflags: [
|
||||
"-Wall",
|
||||
"-Wextra",
|
||||
],
|
||||
shared_libs: [
|
||||
"android.hardware.keymint-ndk_platform",
|
||||
"android.hardware.security.keymint-ndk_platform",
|
||||
"libbase",
|
||||
"libbinder_ndk",
|
||||
"libcppbor",
|
||||
"libcrypto",
|
||||
"liblog",
|
||||
"libkeymaster_portable",
|
||||
"libkeymint1",
|
||||
"libkeymint",
|
||||
"liblog",
|
||||
"libpuresoftkeymasterdevice",
|
||||
"libutils",
|
||||
],
|
|
@ -0,0 +1,3 @@
|
|||
service vendor.keymint-default /vendor/bin/hw/android.hardware.security.keymint-service
|
||||
class early_hal
|
||||
user nobody
|
|
@ -1,6 +1,6 @@
|
|||
<manifest version="1.0" type="device">
|
||||
<hal format="aidl">
|
||||
<name>android.hardware.keymint</name>
|
||||
<name>android.hardware.security.keymint</name>
|
||||
<fqname>IKeyMintDevice/default</fqname>
|
||||
</hal>
|
||||
</manifest>
|
|
@ -14,30 +14,30 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#define LOG_TAG "android.hardware.keymint1-service"
|
||||
#define LOG_TAG "android.hardware.security.keymint-service"
|
||||
|
||||
#include <android-base/logging.h>
|
||||
#include <android/binder_manager.h>
|
||||
#include <android/binder_process.h>
|
||||
|
||||
#include <AndroidKeyMint1Device.h>
|
||||
#include <AndroidKeyMintDevice.h>
|
||||
#include <keymaster/soft_keymaster_logger.h>
|
||||
|
||||
using aidl::android::hardware::keymint::SecurityLevel;
|
||||
using aidl::android::hardware::keymint::V1_0::AndroidKeyMint1Device;
|
||||
using aidl::android::hardware::security::keymint::AndroidKeyMintDevice;
|
||||
using aidl::android::hardware::security::keymint::SecurityLevel;
|
||||
|
||||
int main() {
|
||||
// Zero threads seems like a useless pool, but below we'll join this thread to it, increasing
|
||||
// the pool size to 1.
|
||||
ABinderProcess_setThreadPoolMaxThreadCount(0);
|
||||
std::shared_ptr<AndroidKeyMint1Device> km5 =
|
||||
ndk::SharedRefBase::make<AndroidKeyMint1Device>(SecurityLevel::SOFTWARE);
|
||||
std::shared_ptr<AndroidKeyMintDevice> keyMint =
|
||||
ndk::SharedRefBase::make<AndroidKeyMintDevice>(SecurityLevel::SOFTWARE);
|
||||
|
||||
keymaster::SoftKeymasterLogger logger;
|
||||
const auto instanceName = std::string(AndroidKeyMint1Device::descriptor) + "/default";
|
||||
const auto instanceName = std::string(AndroidKeyMintDevice::descriptor) + "/default";
|
||||
LOG(INFO) << "instance: " << instanceName;
|
||||
binder_status_t status =
|
||||
AServiceManager_addService(km5->asBinder().get(), instanceName.c_str());
|
||||
AServiceManager_addService(keyMint->asBinder().get(), instanceName.c_str());
|
||||
CHECK(status == STATUS_OK);
|
||||
|
||||
ABinderProcess_joinThreadPool();
|
|
@ -15,25 +15,25 @@
|
|||
//
|
||||
|
||||
cc_test {
|
||||
name: "VtsAidlKeyMintV1_0TargetTest",
|
||||
name: "VtsAidlKeyMintTargetTest",
|
||||
defaults: [
|
||||
"VtsHalTargetTestDefaults",
|
||||
"use_libaidlvintf_gtest_helper_static",
|
||||
],
|
||||
srcs: [
|
||||
"keyMint1Test.cpp",
|
||||
"KeyMintTest.cpp",
|
||||
"VerificationTokenTest.cpp",
|
||||
],
|
||||
shared_libs: [
|
||||
"libbinder",
|
||||
"libcrypto",
|
||||
"libkeymint1",
|
||||
"libkeymintSupport",
|
||||
"libkeymint",
|
||||
"libkeymint_support",
|
||||
],
|
||||
static_libs: [
|
||||
"android.hardware.keymint-cpp",
|
||||
"libcppbor",
|
||||
"libkeyMint1VtsTestUtil",
|
||||
"android.hardware.security.keymint-cpp",
|
||||
"libcppbor_external",
|
||||
"libkeymint_vts_test_utils",
|
||||
],
|
||||
test_suites: [
|
||||
"general-tests",
|
||||
|
@ -42,7 +42,7 @@ cc_test {
|
|||
}
|
||||
|
||||
cc_test_library {
|
||||
name: "libkeyMint1VtsTestUtil",
|
||||
name: "libkeymint_vts_test_utils",
|
||||
defaults: [
|
||||
"VtsHalTargetTestDefaults",
|
||||
"use_libaidlvintf_gtest_helper_static",
|
||||
|
@ -56,11 +56,11 @@ cc_test_library {
|
|||
shared_libs: [
|
||||
"libbinder",
|
||||
"libcrypto",
|
||||
"libkeymint1",
|
||||
"libkeymintSupport",
|
||||
"libkeymint",
|
||||
"libkeymint_support",
|
||||
],
|
||||
static_libs: [
|
||||
"android.hardware.keymint-cpp",
|
||||
"android.hardware.security.keymint-cpp",
|
||||
"libcppbor",
|
||||
],
|
||||
}
|
|
@ -21,12 +21,10 @@
|
|||
|
||||
#include <android-base/logging.h>
|
||||
|
||||
#include <keymintSupport/key_param_output.h>
|
||||
#include <keymintSupport/keymint_utils.h>
|
||||
#include <keymint_support/key_param_output.h>
|
||||
#include <keymint_support/keymint_utils.h>
|
||||
|
||||
namespace android {
|
||||
namespace hardware {
|
||||
namespace keymint {
|
||||
namespace android::hardware::security::keymint {
|
||||
|
||||
using namespace std::literals::chrono_literals;
|
||||
using std::endl;
|
||||
|
@ -751,6 +749,5 @@ vector<Digest> KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) {
|
|||
}
|
||||
|
||||
} // namespace test
|
||||
} // namespace keymint
|
||||
} // namespace hardware
|
||||
} // namespace android
|
||||
|
||||
} // namespace android::hardware::security::keymint
|
|
@ -21,18 +21,15 @@
|
|||
|
||||
#include <aidl/Gtest.h>
|
||||
#include <aidl/Vintf.h>
|
||||
#include <android/hardware/keymint/ErrorCode.h>
|
||||
#include <android/hardware/keymint/IKeyMintDevice.h>
|
||||
#include <android/hardware/security/keymint/ErrorCode.h>
|
||||
#include <android/hardware/security/keymint/IKeyMintDevice.h>
|
||||
#include <binder/IServiceManager.h>
|
||||
#include <binder/ProcessState.h>
|
||||
#include <gtest/gtest.h>
|
||||
|
||||
#include <keymintSupport/authorization_set.h>
|
||||
#include <keymint_support/authorization_set.h>
|
||||
|
||||
namespace android {
|
||||
namespace hardware {
|
||||
namespace keymint {
|
||||
namespace test {
|
||||
namespace android::hardware::security::keymint::test {
|
||||
|
||||
using ::android::sp;
|
||||
using binder::Status;
|
||||
|
@ -189,9 +186,6 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
|
|||
testing::ValuesIn(KeyMintAidlTestBase::build_params()), \
|
||||
android::PrintInstanceNameToString)
|
||||
|
||||
} // namespace test
|
||||
} // namespace keymint
|
||||
} // namespace hardware
|
||||
} // namespace android
|
||||
} // namespace android::hardware::security::keymint::test
|
||||
|
||||
#endif // VTS_KEYMINT_AIDL_TEST_UTILS_H
|
|
@ -26,36 +26,32 @@
|
|||
|
||||
#include <cutils/properties.h>
|
||||
|
||||
#include <android/hardware/keymint/KeyFormat.h>
|
||||
#include <android/hardware/security/keymint/KeyFormat.h>
|
||||
|
||||
#include <keymintSupport/attestation_record.h>
|
||||
#include <keymintSupport/key_param_output.h>
|
||||
#include <keymintSupport/openssl_utils.h>
|
||||
#include <keymint_support/attestation_record.h>
|
||||
#include <keymint_support/key_param_output.h>
|
||||
#include <keymint_support/openssl_utils.h>
|
||||
|
||||
#include "KeyMintAidlTestBase.h"
|
||||
|
||||
static bool arm_deleteAllKeys = false;
|
||||
static bool dump_Attestations = false;
|
||||
|
||||
using android::hardware::keymint::AuthorizationSet;
|
||||
using android::hardware::keymint::KeyCharacteristics;
|
||||
using android::hardware::keymint::KeyFormat;
|
||||
using android::hardware::security::keymint::AuthorizationSet;
|
||||
using android::hardware::security::keymint::KeyCharacteristics;
|
||||
using android::hardware::security::keymint::KeyFormat;
|
||||
|
||||
namespace android {
|
||||
namespace hardware {
|
||||
|
||||
namespace keymint {
|
||||
namespace android::hardware::security::keymint {
|
||||
|
||||
bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) {
|
||||
return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin());
|
||||
}
|
||||
} // namespace keymint
|
||||
} // namespace hardware
|
||||
} // namespace android
|
||||
|
||||
} // namespace android::hardware::security::keymint
|
||||
|
||||
namespace std {
|
||||
|
||||
using namespace android::hardware::keymint;
|
||||
using namespace android::hardware::security::keymint;
|
||||
|
||||
template <>
|
||||
struct std::equal_to<KeyCharacteristics> {
|
||||
|
@ -77,10 +73,8 @@ struct std::equal_to<KeyCharacteristics> {
|
|||
|
||||
} // namespace std
|
||||
|
||||
namespace android {
|
||||
namespace hardware {
|
||||
namespace keymint {
|
||||
namespace test {
|
||||
namespace android::hardware::security::keymint::test {
|
||||
|
||||
namespace {
|
||||
|
||||
template <TagType tag_type, Tag tag, typename ValueT>
|
||||
|
@ -4046,10 +4040,7 @@ TEST_P(TransportLimitTest, LargeFinishInput) {
|
|||
|
||||
INSTANTIATE_KEYMINT_AIDL_TEST(TransportLimitTest);
|
||||
|
||||
} // namespace test
|
||||
} // namespace keymint
|
||||
} // namespace hardware
|
||||
} // namespace android
|
||||
} // namespace android::hardware::security::keymint::test
|
||||
|
||||
int main(int argc, char** argv) {
|
||||
::testing::InitGoogleTest(&argc, argv);
|
||||
|
@ -4063,7 +4054,5 @@ int main(int argc, char** argv) {
|
|||
}
|
||||
}
|
||||
}
|
||||
int status = RUN_ALL_TESTS();
|
||||
ALOGI("Test result = %d", status);
|
||||
return status;
|
||||
return RUN_ALL_TESTS();
|
||||
}
|
|
@ -16,10 +16,7 @@
|
|||
|
||||
#include "KeyMintAidlTestBase.h"
|
||||
|
||||
namespace android {
|
||||
namespace hardware {
|
||||
namespace keymint {
|
||||
namespace test {
|
||||
namespace android::hardware::security::keymint::test {
|
||||
|
||||
class VerificationTokenTest : public KeyMintAidlTestBase {
|
||||
protected:
|
||||
|
@ -168,7 +165,4 @@ TEST_P(VerificationTokenTest, MacChangesOnChangingTimestamp) {
|
|||
|
||||
INSTANTIATE_KEYMINT_AIDL_TEST(VerificationTokenTest);
|
||||
|
||||
} // namespace test
|
||||
} // namespace keymint
|
||||
} // namespace hardware
|
||||
} // namespace android
|
||||
} // namespace android::hardware::security::keymint::test
|
|
@ -15,7 +15,7 @@
|
|||
//
|
||||
|
||||
cc_library {
|
||||
name: "libkeymintSupport",
|
||||
name: "libkeymint_support",
|
||||
cflags: [
|
||||
"-Wall",
|
||||
"-Wextra",
|
||||
|
@ -31,7 +31,7 @@ cc_library {
|
|||
"include",
|
||||
],
|
||||
shared_libs: [
|
||||
"android.hardware.keymint-cpp",
|
||||
"android.hardware.security.keymint-cpp",
|
||||
"libbase",
|
||||
"libcrypto",
|
||||
"libutils",
|
|
@ -14,27 +14,26 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <keymintSupport/attestation_record.h>
|
||||
#include <keymint_support/attestation_record.h>
|
||||
|
||||
#include <android/hardware/keymint/Tag.h>
|
||||
#include <android/hardware/keymint/TagType.h>
|
||||
#include <assert.h>
|
||||
|
||||
#include <android-base/logging.h>
|
||||
#include <assert.h>
|
||||
|
||||
#include <openssl/asn1t.h>
|
||||
#include <openssl/bn.h>
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
#include <keymintSupport/authorization_set.h>
|
||||
#include <keymintSupport/openssl_utils.h>
|
||||
#include <android/hardware/security/keymint/Tag.h>
|
||||
#include <android/hardware/security/keymint/TagType.h>
|
||||
|
||||
#include <keymint_support/authorization_set.h>
|
||||
#include <keymint_support/openssl_utils.h>
|
||||
|
||||
#define AT __FILE__ ":" << __LINE__
|
||||
|
||||
namespace android {
|
||||
namespace hardware {
|
||||
namespace keymint {
|
||||
namespace android::hardware::security::keymint {
|
||||
|
||||
struct stack_st_ASN1_TYPE_Delete {
|
||||
void operator()(stack_st_ASN1_TYPE* p) { sk_ASN1_TYPE_free(p); }
|
||||
|
@ -382,6 +381,4 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc
|
|||
return ErrorCode::OK; // KM_ERROR_OK;
|
||||
}
|
||||
|
||||
} // namespace keymint
|
||||
} // namespace hardware
|
||||
} // namespace android
|
||||
} // namespace android::hardware::security::keymint
|
|
@ -14,23 +14,21 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <keymintSupport/authorization_set.h>
|
||||
#include <keymint_support/authorization_set.h>
|
||||
|
||||
#include <assert.h>
|
||||
|
||||
#include <android-base/logging.h>
|
||||
#include <sstream>
|
||||
|
||||
#include <android/hardware/keymint/Algorithm.h>
|
||||
#include <android/hardware/keymint/BlockMode.h>
|
||||
#include <android/hardware/keymint/Digest.h>
|
||||
#include <android/hardware/keymint/KeyParameter.h>
|
||||
#include <android/hardware/keymint/KeyPurpose.h>
|
||||
#include <android/hardware/keymint/TagType.h>
|
||||
#include <android-base/logging.h>
|
||||
|
||||
namespace android {
|
||||
namespace hardware {
|
||||
namespace keymint {
|
||||
#include <android/hardware/security/keymint/Algorithm.h>
|
||||
#include <android/hardware/security/keymint/BlockMode.h>
|
||||
#include <android/hardware/security/keymint/Digest.h>
|
||||
#include <android/hardware/security/keymint/KeyParameter.h>
|
||||
#include <android/hardware/security/keymint/KeyPurpose.h>
|
||||
#include <android/hardware/security/keymint/TagType.h>
|
||||
|
||||
namespace android::hardware::security::keymint {
|
||||
|
||||
void AuthorizationSet::Sort() {
|
||||
std::sort(data_.begin(), data_.end());
|
||||
|
@ -220,10 +218,11 @@ struct choose_serializer<> {
|
|||
};
|
||||
|
||||
template <TagType tag_type, Tag tag, typename... Tail>
|
||||
struct choose_serializer<android::hardware::keymint::TypedTag<tag_type, tag>, Tail...> {
|
||||
struct choose_serializer<android::hardware::security::keymint::TypedTag<tag_type, tag>, Tail...> {
|
||||
static OutStreams& serialize(OutStreams& out, const KeyParameter& param) {
|
||||
if (param.tag == tag) {
|
||||
return android::hardware::keymint::serialize(TypedTag<tag_type, tag>(), out, param);
|
||||
return android::hardware::security::keymint::serialize(TypedTag<tag_type, tag>(), out,
|
||||
param);
|
||||
} else {
|
||||
return choose_serializer<Tail...>::serialize(out, param);
|
||||
}
|
||||
|
@ -329,7 +328,8 @@ template <TagType tag_type, Tag tag, typename... Tail>
|
|||
struct choose_deserializer<TypedTag<tag_type, tag>, Tail...> {
|
||||
static InStreams& deserialize(InStreams& in, KeyParameter* param) {
|
||||
if (param->tag == tag) {
|
||||
return android::hardware::keymint::deserialize(TypedTag<tag_type, tag>(), in, param);
|
||||
return android::hardware::security::keymint::deserialize(TypedTag<tag_type, tag>(), in,
|
||||
param);
|
||||
} else {
|
||||
return choose_deserializer<Tail...>::deserialize(in, param);
|
||||
}
|
||||
|
@ -501,15 +501,14 @@ AuthorizationSetBuilder& AuthorizationSetBuilder::GcmModeMacLen(uint32_t macLeng
|
|||
}
|
||||
|
||||
AuthorizationSetBuilder& AuthorizationSetBuilder::BlockMode(
|
||||
std::initializer_list<android::hardware::keymint::BlockMode> blockModes) {
|
||||
std::initializer_list<android::hardware::security::keymint::BlockMode> blockModes) {
|
||||
for (auto mode : blockModes) {
|
||||
push_back(TAG_BLOCK_MODE, mode);
|
||||
}
|
||||
return *this;
|
||||
}
|
||||
|
||||
AuthorizationSetBuilder& AuthorizationSetBuilder::Digest(
|
||||
std::vector<android::hardware::keymint::Digest> digests) {
|
||||
AuthorizationSetBuilder& AuthorizationSetBuilder::Digest(std::vector<keymint::Digest> digests) {
|
||||
for (auto digest : digests) {
|
||||
push_back(TAG_DIGEST, digest);
|
||||
}
|
||||
|
@ -524,6 +523,4 @@ AuthorizationSetBuilder& AuthorizationSetBuilder::Padding(
|
|||
return *this;
|
||||
}
|
||||
|
||||
} // namespace keymint
|
||||
} // namespace hardware
|
||||
} // namespace android
|
||||
} // namespace android::hardware::security::keymint
|
|
@ -16,20 +16,14 @@
|
|||
|
||||
#pragma once
|
||||
|
||||
#include <android/hardware/keymint/ErrorCode.h>
|
||||
#include <android/hardware/keymint/IKeyMintDevice.h>
|
||||
#include <android/hardware/security/keymint/ErrorCode.h>
|
||||
#include <android/hardware/security/keymint/IKeyMintDevice.h>
|
||||
|
||||
#include <keymintSupport/attestation_record.h>
|
||||
#include <keymintSupport/authorization_set.h>
|
||||
#include <keymintSupport/openssl_utils.h>
|
||||
#include <keymint_support/attestation_record.h>
|
||||
#include <keymint_support/authorization_set.h>
|
||||
#include <keymint_support/openssl_utils.h>
|
||||
|
||||
namespace android {
|
||||
namespace hardware {
|
||||
namespace keymint {
|
||||
|
||||
using android::hardware::keymint::KeyParameter;
|
||||
using android::hardware::keymint::Tag;
|
||||
using android::hardware::keymint::TAG_ALGORITHM;
|
||||
namespace android::hardware::security::keymint {
|
||||
|
||||
class AuthorizationSet;
|
||||
|
||||
|
@ -90,6 +84,4 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc
|
|||
keymint_verified_boot_t* verified_boot_state, bool* device_locked,
|
||||
std::vector<uint8_t>* verified_boot_hash);
|
||||
|
||||
} // namespace keymint
|
||||
} // namespace hardware
|
||||
} // namespace android
|
||||
} // namespace android::hardware::security::keymint
|
|
@ -19,21 +19,14 @@
|
|||
|
||||
#include <vector>
|
||||
|
||||
#include <android/hardware/keymint/BlockMode.h>
|
||||
#include <android/hardware/keymint/Digest.h>
|
||||
#include <android/hardware/keymint/EcCurve.h>
|
||||
#include <android/hardware/keymint/PaddingMode.h>
|
||||
#include <android/hardware/security/keymint/BlockMode.h>
|
||||
#include <android/hardware/security/keymint/Digest.h>
|
||||
#include <android/hardware/security/keymint/EcCurve.h>
|
||||
#include <android/hardware/security/keymint/PaddingMode.h>
|
||||
|
||||
#include <keymintSupport/keymint_tags.h>
|
||||
#include <keymint_support/keymint_tags.h>
|
||||
|
||||
namespace android {
|
||||
namespace hardware {
|
||||
namespace keymint {
|
||||
|
||||
using android::hardware::keymint::BlockMode;
|
||||
using android::hardware::keymint::Digest;
|
||||
using android::hardware::keymint::EcCurve;
|
||||
using android::hardware::keymint::PaddingMode;
|
||||
namespace android::hardware::security::keymint {
|
||||
|
||||
using std::vector;
|
||||
|
||||
|
@ -322,8 +315,6 @@ class AuthorizationSetBuilder : public AuthorizationSet {
|
|||
}
|
||||
};
|
||||
|
||||
} // namespace keymint
|
||||
} // namespace hardware
|
||||
} // namespace android
|
||||
} // namespace android::hardware::security::keymint
|
||||
|
||||
#endif // SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_
|
|
@ -1,5 +1,5 @@
|
|||
/*
|
||||
* Copyright (C) 2017 The Android Open Source Project
|
||||
* Copyright (C) 2020 The Android Open Source Project
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
|
@ -20,28 +20,24 @@
|
|||
#include <iostream>
|
||||
#include <vector>
|
||||
|
||||
#include <android/hardware/security/keymint/Algorithm.h>
|
||||
#include <android/hardware/security/keymint/BlockMode.h>
|
||||
#include <android/hardware/security/keymint/Digest.h>
|
||||
#include <android/hardware/security/keymint/EcCurve.h>
|
||||
#include <android/hardware/security/keymint/ErrorCode.h>
|
||||
#include <android/hardware/security/keymint/HardwareAuthenticatorType.h>
|
||||
#include <android/hardware/security/keymint/KeyCharacteristics.h>
|
||||
#include <android/hardware/security/keymint/KeyOrigin.h>
|
||||
#include <android/hardware/security/keymint/KeyParameter.h>
|
||||
#include <android/hardware/security/keymint/KeyPurpose.h>
|
||||
#include <android/hardware/security/keymint/PaddingMode.h>
|
||||
#include <android/hardware/security/keymint/SecurityLevel.h>
|
||||
#include <android/hardware/security/keymint/Tag.h>
|
||||
#include <android/hardware/security/keymint/TagType.h>
|
||||
|
||||
#include "keymint_tags.h"
|
||||
|
||||
#include <android/hardware/keymint/Algorithm.h>
|
||||
#include <android/hardware/keymint/BlockMode.h>
|
||||
#include <android/hardware/keymint/Digest.h>
|
||||
#include <android/hardware/keymint/EcCurve.h>
|
||||
#include <android/hardware/keymint/ErrorCode.h>
|
||||
#include <android/hardware/keymint/HardwareAuthenticatorType.h>
|
||||
#include <android/hardware/keymint/KeyCharacteristics.h>
|
||||
#include <android/hardware/keymint/KeyOrigin.h>
|
||||
#include <android/hardware/keymint/KeyParameter.h>
|
||||
#include <android/hardware/keymint/KeyPurpose.h>
|
||||
#include <android/hardware/keymint/PaddingMode.h>
|
||||
#include <android/hardware/keymint/SecurityLevel.h>
|
||||
#include <android/hardware/keymint/Tag.h>
|
||||
#include <android/hardware/keymint/TagType.h>
|
||||
|
||||
namespace android {
|
||||
namespace hardware {
|
||||
namespace keymint {
|
||||
|
||||
using namespace ::android::hardware::keymint;
|
||||
namespace android::hardware::security::keymint {
|
||||
|
||||
inline ::std::ostream& operator<<(::std::ostream& os, Algorithm value) {
|
||||
return os << toString(value);
|
||||
|
@ -101,8 +97,6 @@ inline ::std::ostream& operator<<(::std::ostream& os, Tag tag) {
|
|||
return os << toString(tag);
|
||||
}
|
||||
|
||||
} // namespace keymint
|
||||
} // namespace hardware
|
||||
} // namespace android
|
||||
} // namespace android::hardware::security::keymint
|
||||
|
||||
#endif // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_
|
|
@ -17,24 +17,20 @@
|
|||
#ifndef HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_
|
||||
#define HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_
|
||||
|
||||
#include <android/hardware/keymint/Algorithm.h>
|
||||
#include <android/hardware/keymint/BlockMode.h>
|
||||
#include <android/hardware/keymint/Digest.h>
|
||||
#include <android/hardware/keymint/EcCurve.h>
|
||||
#include <android/hardware/keymint/HardwareAuthenticatorType.h>
|
||||
#include <android/hardware/keymint/KeyOrigin.h>
|
||||
#include <android/hardware/keymint/KeyParameter.h>
|
||||
#include <android/hardware/keymint/KeyPurpose.h>
|
||||
#include <android/hardware/keymint/PaddingMode.h>
|
||||
#include <android/hardware/keymint/SecurityLevel.h>
|
||||
#include <android/hardware/keymint/Tag.h>
|
||||
#include <android/hardware/keymint/TagType.h>
|
||||
#include <android/hardware/security/keymint/Algorithm.h>
|
||||
#include <android/hardware/security/keymint/BlockMode.h>
|
||||
#include <android/hardware/security/keymint/Digest.h>
|
||||
#include <android/hardware/security/keymint/EcCurve.h>
|
||||
#include <android/hardware/security/keymint/HardwareAuthenticatorType.h>
|
||||
#include <android/hardware/security/keymint/KeyOrigin.h>
|
||||
#include <android/hardware/security/keymint/KeyParameter.h>
|
||||
#include <android/hardware/security/keymint/KeyPurpose.h>
|
||||
#include <android/hardware/security/keymint/PaddingMode.h>
|
||||
#include <android/hardware/security/keymint/SecurityLevel.h>
|
||||
#include <android/hardware/security/keymint/Tag.h>
|
||||
#include <android/hardware/security/keymint/TagType.h>
|
||||
|
||||
namespace android::hardware::keymint {
|
||||
|
||||
using android::hardware::keymint::KeyParameter;
|
||||
using android::hardware::keymint::Tag;
|
||||
using android::hardware::keymint::TagType;
|
||||
namespace android::hardware::security::keymint {
|
||||
|
||||
// The following create the numeric values that KM_TAG_PADDING and KM_TAG_DIGEST used to have. We
|
||||
// need these old values to be able to support old keys that use them.
|
||||
|
@ -337,78 +333,6 @@ inline NullOr<const typename TypedTag2ValueType<TypedTag<tag_type, tag>>::type&>
|
|||
return accessTagValue(ttag, param);
|
||||
}
|
||||
|
||||
} // namespace android::hardware::keymint
|
||||
|
||||
namespace std {
|
||||
|
||||
using namespace android::hardware::keymint;
|
||||
|
||||
// Aidl generates KeyParameter operator<, >, ==, != for cpp translation but not ndk
|
||||
// translations. So we cannot straight forward overload these operators.
|
||||
// However we need our custom comparison for KeyParameters. So we will
|
||||
// overload std::less, equal_to instead.
|
||||
template <>
|
||||
struct std::less<KeyParameter> {
|
||||
bool operator()(const KeyParameter& a, const KeyParameter& b) const {
|
||||
if (a.tag != b.tag) return a.tag < b.tag;
|
||||
int retval;
|
||||
switch (typeFromTag(a.tag)) {
|
||||
case TagType::INVALID:
|
||||
case TagType::BOOL:
|
||||
return false;
|
||||
case TagType::ENUM:
|
||||
case TagType::ENUM_REP:
|
||||
case TagType::UINT:
|
||||
case TagType::UINT_REP:
|
||||
return a.integer < b.integer;
|
||||
case TagType::ULONG:
|
||||
case TagType::ULONG_REP:
|
||||
case TagType::DATE:
|
||||
return a.longInteger < b.longInteger;
|
||||
case TagType::BIGNUM:
|
||||
case TagType::BYTES:
|
||||
// Handle the empty cases.
|
||||
if (a.blob.size() == 0) return b.blob.size() != 0;
|
||||
if (b.blob.size() == 0) return false;
|
||||
retval = memcmp(&a.blob[0], &b.blob[0], std::min(a.blob.size(), b.blob.size()));
|
||||
// if one is the prefix of the other the longer wins
|
||||
if (retval == 0) return a.blob.size() < b.blob.size();
|
||||
// Otherwise a is less if a is less.
|
||||
else
|
||||
return retval < 0;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
};
|
||||
|
||||
template <>
|
||||
struct std::equal_to<KeyParameter> {
|
||||
bool operator()(const KeyParameter& a, const KeyParameter& b) const {
|
||||
if (a.tag != b.tag) {
|
||||
return false;
|
||||
}
|
||||
switch (typeFromTag(a.tag)) {
|
||||
case TagType::INVALID:
|
||||
case TagType::BOOL:
|
||||
return true;
|
||||
case TagType::ENUM:
|
||||
case TagType::ENUM_REP:
|
||||
case TagType::UINT:
|
||||
case TagType::UINT_REP:
|
||||
return a.integer == b.integer;
|
||||
case TagType::ULONG:
|
||||
case TagType::ULONG_REP:
|
||||
case TagType::DATE:
|
||||
return a.longInteger == b.longInteger;
|
||||
case TagType::BIGNUM:
|
||||
case TagType::BYTES:
|
||||
if (a.blob.size() != b.blob.size()) return false;
|
||||
return a.blob.size() == 0 || memcmp(&a.blob[0], &b.blob[0], a.blob.size()) == 0;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
};
|
||||
|
||||
} // namespace std
|
||||
} // namespace android::hardware::security::keymint
|
||||
|
||||
#endif // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_
|
|
@ -19,11 +19,9 @@
|
|||
#ifndef HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_
|
||||
#define HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_
|
||||
|
||||
#include <android/hardware/keymint/HardwareAuthToken.h>
|
||||
#include <android/hardware/security/keymint/HardwareAuthToken.h>
|
||||
|
||||
namespace android {
|
||||
namespace hardware {
|
||||
namespace keymint {
|
||||
namespace android::hardware::security::keymint {
|
||||
|
||||
using std::vector;
|
||||
|
||||
|
@ -44,8 +42,6 @@ vector<uint8_t> authToken2vector(const HardwareAuthToken& token);
|
|||
uint32_t getOsVersion();
|
||||
uint32_t getOsPatchlevel();
|
||||
|
||||
} // namespace keymint
|
||||
} // namespace hardware
|
||||
} // namespace android
|
||||
} // namespace android::hardware::security::keymint
|
||||
|
||||
#endif // HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_
|
|
@ -17,11 +17,13 @@
|
|||
#ifndef HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_
|
||||
#define HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_
|
||||
|
||||
#include <android/hardware/keymint/Digest.h>
|
||||
#include <android/hardware/security/keymint/Digest.h>
|
||||
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/x509.h>
|
||||
|
||||
namespace android::hardware::security::keymint {
|
||||
|
||||
template <typename T, void (*F)(T*)>
|
||||
struct UniquePtrDeleter {
|
||||
void operator()(T* p) const { F(p); }
|
||||
|
@ -40,24 +42,26 @@ MAKE_OPENSSL_PTR_TYPE(BN_CTX)
|
|||
|
||||
typedef std::unique_ptr<BIGNUM, UniquePtrDeleter<BIGNUM, BN_free>> BIGNUM_Ptr;
|
||||
|
||||
inline const EVP_MD* openssl_digest(android::hardware::keymint::Digest digest) {
|
||||
inline const EVP_MD* openssl_digest(Digest digest) {
|
||||
switch (digest) {
|
||||
case android::hardware::keymint::Digest::NONE:
|
||||
case Digest::NONE:
|
||||
return nullptr;
|
||||
case android::hardware::keymint::Digest::MD5:
|
||||
case Digest::MD5:
|
||||
return EVP_md5();
|
||||
case android::hardware::keymint::Digest::SHA1:
|
||||
case Digest::SHA1:
|
||||
return EVP_sha1();
|
||||
case android::hardware::keymint::Digest::SHA_2_224:
|
||||
case Digest::SHA_2_224:
|
||||
return EVP_sha224();
|
||||
case android::hardware::keymint::Digest::SHA_2_256:
|
||||
case Digest::SHA_2_256:
|
||||
return EVP_sha256();
|
||||
case android::hardware::keymint::Digest::SHA_2_384:
|
||||
case Digest::SHA_2_384:
|
||||
return EVP_sha384();
|
||||
case android::hardware::keymint::Digest::SHA_2_512:
|
||||
case Digest::SHA_2_512:
|
||||
return EVP_sha512();
|
||||
}
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
} // namespace android::hardware::security::keymint
|
||||
|
||||
#endif // HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_
|
|
@ -14,15 +14,13 @@
|
|||
* limitations under the License.
|
||||
*/
|
||||
|
||||
#include <keymintSupport/key_param_output.h>
|
||||
|
||||
#include <keymintSupport/keymint_tags.h>
|
||||
#include <keymint_support/key_param_output.h>
|
||||
|
||||
#include <iomanip>
|
||||
|
||||
namespace android {
|
||||
namespace hardware {
|
||||
namespace keymint {
|
||||
#include <keymint_support/keymint_tags.h>
|
||||
|
||||
namespace android::hardware::security::keymint {
|
||||
|
||||
using ::std::endl;
|
||||
using ::std::ostream;
|
||||
|
@ -71,6 +69,4 @@ ostream& operator<<(ostream& os, const KeyParameter& param) {
|
|||
return os << "UNKNOWN TAG TYPE!";
|
||||
}
|
||||
|
||||
} // namespace keymint
|
||||
} // namespace hardware
|
||||
} // namespace android
|
||||
} // namespace android::hardware::security::keymint
|
|
@ -18,11 +18,11 @@
|
|||
|
||||
#include <android-base/properties.h>
|
||||
#include <hardware/hw_auth_token.h>
|
||||
#include <keymintSupport/keymint_utils.h>
|
||||
#include <keymint_support/keymint_utils.h>
|
||||
|
||||
#include <arpa/inet.h>
|
||||
|
||||
namespace android::hardware::keymint {
|
||||
namespace android::hardware::security::keymint {
|
||||
|
||||
namespace {
|
||||
|
||||
|
@ -111,4 +111,4 @@ uint32_t getOsPatchlevel() {
|
|||
return getOsPatchlevel(patchlevel.c_str());
|
||||
}
|
||||
|
||||
} // namespace android::hardware::keymint
|
||||
} // namespace android::hardware::security::keymint
|
Loading…
Reference in a new issue