tequilaOS/platform_hardware_interfaces
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge "Add support lib wrappers for clients" am: b2f3e87ce3

Browse source 
Change-Id: If4f081c444e653b02f08c33ebdb2725a4be3a6b7
This commit is contained in:
Automerger Merge Worker 2020-02-12 01:06:54 +00:00
commit ec48df715a
14 changed files with 416 additions and 302 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
keymaster/4.0/support/Android.bp
View file

@ -27,11 +27,10 @@ cc_library {
"authorization_set.cpp",
"key_param_output.cpp",
"keymaster_utils.cpp",
"Keymaster.cpp",
"Keymaster3.cpp",
"Keymaster4.cpp",
],
export_include_dirs: ["include"],
export_include_dirs: [
"include",
],
shared_libs: [
"android.hardware.keymaster@3.0",
"android.hardware.keymaster@4.0",
@ -39,6 +38,5 @@ cc_library {
"libcrypto",
"libhardware",
"libhidlbase",
"libutils",
]
],
}

160
keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h
View file

@ -1,160 +0,0 @@
/*
**
** Copyright 2017, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
#ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_4_H_
#define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_4_H_
#include "Keymaster.h"
namespace android {
namespace hardware {
namespace keymaster {
namespace V4_0 {
namespace support {
using android::sp;
using IKeymaster4Device = ::android::hardware::keymaster::V4_0::IKeymasterDevice;
class Keymaster4 : public Keymaster {
public:
using WrappedIKeymasterDevice = IKeymaster4Device;
Keymaster4(sp<IKeymasterDevice> km4_dev, const hidl_string& instanceName)
: Keymaster(IKeymaster4Device::descriptor, instanceName),
haveVersion_(false),
dev_(km4_dev) {}
const VersionResult& halVersion() const override {
const_cast<Keymaster4*>(this)->getVersionIfNeeded();
return version_;
}
Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb) override {
return dev_->getHardwareInfo(_hidl_cb);
}
Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override {
return dev_->getHmacSharingParameters(_hidl_cb);
}
Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>& params,
computeSharedHmac_cb _hidl_cb) override {
return dev_->computeSharedHmac(params, _hidl_cb);
}
Return<void> verifyAuthorization(uint64_t operationHandle, const hidl_vec<KeyParameter>& params,
const HardwareAuthToken& authToken,
verifyAuthorization_cb _hidl_cb) override {
return dev_->verifyAuthorization(operationHandle, params, authToken, _hidl_cb);
}
Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override {
return dev_->addRngEntropy(data);
}
Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
generateKey_cb _hidl_cb) override {
return dev_->generateKey(keyParams, _hidl_cb);
}
Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
const hidl_vec<uint8_t>& clientId,
const hidl_vec<uint8_t>& appData,
getKeyCharacteristics_cb _hidl_cb) override {
return dev_->getKeyCharacteristics(keyBlob, clientId, appData, _hidl_cb);
}
Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override {
return dev_->importKey(params, keyFormat, keyData, _hidl_cb);
}
Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
const hidl_vec<uint8_t>& wrappingKeyBlob,
const hidl_vec<uint8_t>& maskingKey,
const hidl_vec<KeyParameter>& unwrappingParams,
uint64_t passwordSid, uint64_t biometricSid,
importWrappedKey_cb _hidl_cb) {
return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, unwrappingParams,
passwordSid, biometricSid, _hidl_cb);
}
Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
exportKey_cb _hidl_cb) override {
return dev_->exportKey(exportFormat, keyBlob, clientId, appData, _hidl_cb);
}
Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
const hidl_vec<KeyParameter>& attestParams,
attestKey_cb _hidl_cb) override {
return dev_->attestKey(keyToAttest, attestParams, _hidl_cb);
}
Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
const hidl_vec<KeyParameter>& upgradeParams,
upgradeKey_cb _hidl_cb) override {
return dev_->upgradeKey(keyBlobToUpgrade, upgradeParams, _hidl_cb);
}
Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override {
return dev_->deleteKey(keyBlob);
}
Return<ErrorCode> deleteAllKeys() override { return dev_->deleteAllKeys(); }
Return<ErrorCode> destroyAttestationIds() override { return dev_->destroyAttestationIds(); }
Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
begin_cb _hidl_cb) override {
return dev_->begin(purpose, key, inParams, authToken, _hidl_cb);
}
Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
const VerificationToken& verificationToken, update_cb _hidl_cb) override {
return dev_->update(operationHandle, inParams, input, authToken, verificationToken,
_hidl_cb);
}
Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
const HardwareAuthToken& authToken,
const VerificationToken& verificationToken, finish_cb _hidl_cb) override {
return dev_->finish(operationHandle, inParams, input, signature, authToken,
verificationToken, _hidl_cb);
}
Return<ErrorCode> abort(uint64_t operationHandle) override {
return dev_->abort(operationHandle);
}
private:
void getVersionIfNeeded();
bool haveVersion_;
VersionResult version_;
sp<IKeymaster4Device> dev_;
};
} // namespace support
} // namespace V4_0
} // namespace keymaster
} // namespace hardware
} // namespace android
#endif // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_4_H_

1
keymaster/4.1/default/Android.bp
View file

@ -31,6 +31,7 @@ cc_binary {
"libhidlbase",
"libkeymaster4",
"libkeymaster41",
"libkeymaster4_1support",
"liblog",
"libutils",
],

8
keymaster/4.1/support/Android.bp
View file

@ -24,6 +24,9 @@ cc_library {
],
srcs: [
"attestation_record.cpp",
"Keymaster.cpp",
"Keymaster3.cpp",
"Keymaster4.cpp",
],
export_include_dirs: ["include"],
shared_libs: [
@ -34,5 +37,10 @@ cc_library {
"libcrypto",
"libhidlbase",
"libkeymaster4support",
"libutils",
],
export_shared_lib_headers: [
"android.hardware.keymaster@4.1",
"libkeymaster4support",
],
}

52
keymaster/4.0/support/Keymaster.cpp → keymaster/4.1/support/Keymaster.cpp
View file

@ -14,19 +14,18 @@
** limitations under the License.
*/
#include <keymasterV4_0/Keymaster.h>
#include <keymasterV4_1/Keymaster.h>
#include <iomanip>
#include <android-base/logging.h>
#include <android/hidl/manager/1.2/IServiceManager.h>
#include <keymasterV4_0/Keymaster3.h>
#include <keymasterV4_0/Keymaster4.h>
#include <keymasterV4_0/key_param_output.h>
#include <keymasterV4_0/keymaster_utils.h>
#include <keymasterV4_1/Keymaster3.h>
#include <keymasterV4_1/Keymaster4.h>
namespace android {
namespace hardware {
namespace android::hardware {
template <class T>
std::ostream& operator<<(std::ostream& os, const hidl_vec<T>& vec) {
@ -57,6 +56,7 @@ std::ostream& operator<<(std::ostream& os, const hidl_array<uint8_t, N>& vec) {
}
namespace keymaster {
namespace V4_0 {
std::ostream& operator<<(std::ostream& os, const HmacSharingParameters& params) {
@ -66,7 +66,9 @@ std::ostream& operator<<(std::ostream& os, const HmacSharingParameters& params)
return os;
}
namespace support {
} // namespace V4_0
namespace V4_1::support {
using ::android::sp;
using ::android::hidl::manager::V1_2::IServiceManager;
@ -81,7 +83,7 @@ std::ostream& operator<<(std::ostream& os, const Keymaster& keymaster) {
template <typename Wrapper>
std::vector<std::unique_ptr<Keymaster>> enumerateDevices(
const sp<IServiceManager>& serviceManager) {
const sp<IServiceManager>& serviceManager) {
Keymaster::KeymasterSet result;
bool foundDefault = false;
@ -141,14 +143,14 @@ Keymaster::KeymasterSet Keymaster::enumerateAvailableDevices() {
}
static hidl_vec<HmacSharingParameters> getHmacParameters(
const Keymaster::KeymasterSet& keymasters) {
const Keymaster::KeymasterSet& keymasters) {
std::vector<HmacSharingParameters> params_vec;
params_vec.reserve(keymasters.size());
for (auto& keymaster : keymasters) {
if (keymaster->halVersion().majorVersion < 4) continue;
auto rc = keymaster->getHmacSharingParameters([&](auto error, auto& params) {
CHECK(error == ErrorCode::OK)
<< "Failed to get HMAC parameters from " << *keymaster << " error " << error;
CHECK(error == V4_0::ErrorCode::OK)
<< "Failed to get HMAC parameters from " << *keymaster << " error " << error;
params_vec.push_back(params);
});
CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster
@ -170,18 +172,18 @@ static void computeHmac(const Keymaster::KeymasterSet& keymasters,
if (keymaster->halVersion().majorVersion < 4) continue;
LOG(DEBUG) << "Computing HMAC for " << *keymaster;
auto rc = keymaster->computeSharedHmac(
params, [&](ErrorCode error, const hidl_vec<uint8_t>& curSharingCheck) {
CHECK(error == ErrorCode::OK)
<< "Failed to get HMAC parameters from " << *keymaster << " error " << error;
if (firstKeymaster) {
sharingCheck = curSharingCheck;
firstKeymaster = false;
}
if (curSharingCheck != sharingCheck)
LOG(WARNING) << "HMAC computation failed for " << *keymaster //
<< " Expected: " << sharingCheck //
<< " got: " << curSharingCheck;
});
params, [&](V4_0::ErrorCode error, const hidl_vec<uint8_t>& curSharingCheck) {
CHECK(error == V4_0::ErrorCode::OK) << "Failed to get HMAC parameters from "
<< *keymaster << " error " << error;
if (firstKeymaster) {
sharingCheck = curSharingCheck;
firstKeymaster = false;
}
if (curSharingCheck != sharingCheck)
LOG(WARNING) << "HMAC computation failed for " << *keymaster //
<< " Expected: " << sharingCheck //
<< " got: " << curSharingCheck;
});
CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster
<< " error: " << rc.description();
}
@ -191,8 +193,6 @@ void Keymaster::performHmacKeyAgreement(const KeymasterSet& keymasters) {
computeHmac(keymasters, getHmacParameters(keymasters));
}
} // namespace support
} // namespace V4_0
} // namespace V4_1::support
} // namespace keymaster
} // namespace hardware
} // namespace android
} // namespace android::hardware

71
keymaster/4.0/support/Keymaster3.cpp → keymaster/4.1/support/Keymaster3.cpp
View file

@ -15,23 +15,19 @@
** limitations under the License.
*/
#include <keymasterV4_0/Keymaster3.h>
#include <keymasterV4_1/Keymaster3.h>
#include <android-base/logging.h>
#include <keymasterV4_0/keymaster_utils.h>
namespace android {
namespace hardware {
namespace keymaster {
namespace V4_0 {
namespace support {
namespace android::hardware::keymaster::V4_1::support {
using android::hardware::details::StatusOf;
namespace {
ErrorCode convert(V3_0::ErrorCode error) {
return static_cast<ErrorCode>(error);
V4_0::ErrorCode convert(V3_0::ErrorCode error) {
return static_cast<V4_0::ErrorCode>(error);
}
V3_0::KeyPurpose convert(KeyPurpose purpose) {
@ -53,7 +49,7 @@ V3_0::KeyParameter convert(const KeyParameter& param) {
KeyParameter convert(const V3_0::KeyParameter& param) {
KeyParameter converted;
converted.tag = static_cast<Tag>(param.tag);
converted.tag = static_cast<V4_0::Tag>(param.tag);
static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
memcpy(&converted.f, &param.f, sizeof(param.f));
converted.blob = param.blob;
@ -89,7 +85,7 @@ hidl_vec<V3_0::KeyParameter> convertAndAddAuthToken(const hidl_vec<KeyParameter>
converted[i] = convert(params[i]);
}
converted[params.size()].tag = V3_0::Tag::AUTH_TOKEN;
converted[params.size()].blob = authToken2HidlVec(authToken);
converted[params.size()].blob = V4_0::support::authToken2HidlVec(authToken);
return converted;
}
@ -107,16 +103,19 @@ void Keymaster3::getVersionIfNeeded() {
if (haveVersion_) return;
auto rc = km3_dev_->getHardwareFeatures(
[&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName,
const hidl_string& keymasterAuthorName) {
version_ = {keymasterName, keymasterAuthorName, 0 /* major version, filled below */,
isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE,
supportsEllipticCurve};
supportsSymmetricCryptography_ = supportsSymmetricCryptography;
supportsAttestation_ = supportsAttestation;
supportsAllDigests_ = supportsAllDigests;
});
[&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName,
const hidl_string& keymasterAuthorName) {
version_ = {keymasterName,
keymasterAuthorName,
0 /* major version, filled below */,
0 /* minor version */,
isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE,
supportsEllipticCurve};
supportsSymmetricCryptography_ = supportsSymmetricCryptography;
supportsAttestation_ = supportsAttestation;
supportsAllDigests_ = supportsAllDigests;
});
CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features";
@ -139,10 +138,10 @@ Return<void> Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb
return Void();
}
Return<ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) {
Return<V4_0::ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) {
auto rc = km3_dev_->addRngEntropy(data);
if (!rc.isOk()) {
return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
}
return convert(rc);
}
@ -215,21 +214,21 @@ Return<void> Keymaster3::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
return rc;
}
Return<ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
Return<V4_0::ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
auto rc = km3_dev_->deleteKey(keyBlob);
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
return convert(rc);
}
Return<ErrorCode> Keymaster3::deleteAllKeys() {
Return<V4_0::ErrorCode> Keymaster3::deleteAllKeys() {
auto rc = km3_dev_->deleteAllKeys();
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
return convert(rc);
}
Return<ErrorCode> Keymaster3::destroyAttestationIds() {
Return<V4_0::ErrorCode> Keymaster3::destroyAttestationIds() {
auto rc = km3_dev_->destroyAttestationIds();
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
return convert(rc);
}
@ -242,7 +241,7 @@ Return<void> Keymaster3::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
};
auto rc =
km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb);
km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb);
rc.isOk(); // move ctor prereq
return rc;
}
@ -256,8 +255,8 @@ Return<void> Keymaster3::update(uint64_t operationHandle, const hidl_vec<KeyPara
_hidl_cb(convert(error), inputConsumed, convert(outParams), output);
};
auto rc =
km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input, cb);
auto rc = km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input,
cb);
rc.isOk(); // move ctor prereq
return rc;
}
@ -278,14 +277,10 @@ Return<void> Keymaster3::finish(uint64_t operationHandle, const hidl_vec<KeyPara
return rc;
}
Return<ErrorCode> Keymaster3::abort(uint64_t operationHandle) {
Return<V4_0::ErrorCode> Keymaster3::abort(uint64_t operationHandle) {
auto rc = km3_dev_->abort(operationHandle);
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
return convert(rc);
}
} // namespace support
} // namespace V4_0
} // namespace keymaster
} // namespace hardware
} // namespace android
} // namespace android::hardware::keymaster::V4_1::support

33
keymaster/4.0/support/Keymaster4.cpp → keymaster/4.1/support/Keymaster4.cpp
View file

@ -1,5 +1,4 @@
/*
**
** Copyright 2017, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
@ -15,32 +14,28 @@
** limitations under the License.
*/
#include <keymasterV4_0/Keymaster4.h>
#include <keymasterV4_1/Keymaster4.h>
#include <android-base/logging.h>
namespace android {
namespace hardware {
namespace keymaster {
namespace V4_0 {
namespace support {
namespace android::hardware::keymaster::V4_1::support {
void Keymaster4::getVersionIfNeeded() {
if (haveVersion_) return;
auto rc =
dev_->getHardwareInfo([&](SecurityLevel securityLevel, const hidl_string& keymasterName,
const hidl_string& authorName) {
version_ = {keymasterName, authorName, 4 /* major version */, securityLevel,
true /* supportsEc */};
haveVersion_ = true;
});
auto rc = km4_0_dev_->getHardwareInfo([&](SecurityLevel securityLevel,
const hidl_string& keymasterName,
const hidl_string& authorName) {
version_ = {keymasterName,
authorName,
4 /* major version */,
static_cast<uint8_t>((km4_1_dev_) ? 1 : 0) /* minor version */,
securityLevel,
true /* supportsEc */};
haveVersion_ = true;
});
CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware info";
}
} // namespace support
} // namespace V4_0
} // namespace keymaster
} // namespace hardware
} // namespace android
} // namespace android::hardware::keymaster::V4_1::support

45
keymaster/4.0/support/include/keymasterV4_0/Keymaster.h → keymaster/4.1/support/include/keymasterV4_1/Keymaster.h
View file

@ -15,31 +15,31 @@
** limitations under the License.
*/
#ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_
#define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_
#include <android/hardware/keymaster/4.0/IKeymasterDevice.h>
#pragma once
#include <memory>
#include <vector>
namespace android {
namespace hardware {
namespace keymaster {
namespace V4_0 {
namespace support {
#include <android/hardware/keymaster/4.1/IKeymasterDevice.h>
#include <keymasterV4_1/keymaster_tags.h>
namespace android::hardware::keymaster::V4_1::support {
/**
* Keymaster abstracts the underlying V4_0::IKeymasterDevice. There is one implementation
* (Keymaster4) which is a trivial passthrough and one that wraps a V3_0::IKeymasterDevice.
* Keymaster abstracts the underlying V4_1::IKeymasterDevice. There are two implementations,
* Keymaster3 which wraps a V3_0::IKeymasterDevice and Keymaster4, which wraps either a
* V4_0::IKeymasterDevice or a V4_1::IKeymasterDevice. There is a V3_0::IKeymasterDevice
* implementation that is used to wrap pre-HIDL keymaster implementations, and Keymaster3 will wrap
* that.
*
* The reason for adding this additional layer, rather than simply using the latest HAL directly and
* subclassing it to wrap any older HAL, is because this provides a place to put additional methods
* which clients can use when they need to distinguish between different underlying HAL versions,
* while still having to use only the latest interface.
* while still having to use only the latest interface. Plus it's a handy place to keep some
* convenience methods.
*/
class Keymaster : public IKeymasterDevice {
public:
public:
using KeymasterSet = std::vector<std::unique_ptr<Keymaster>>;
Keymaster(const hidl_string& descriptor, const hidl_string& instanceName)
@ -50,12 +50,14 @@ class Keymaster : public IKeymasterDevice {
hidl_string keymasterName;
hidl_string authorName;
uint8_t majorVersion;
uint8_t minorVersion;
SecurityLevel securityLevel;
bool supportsEc;
bool operator>(const VersionResult& other) const {
auto lhs = std::tie(securityLevel, majorVersion, supportsEc);
auto rhs = std::tie(other.securityLevel, other.majorVersion, other.supportsEc);
auto lhs = std::tie(securityLevel, majorVersion, minorVersion, supportsEc);
auto rhs = std::tie(other.securityLevel, other.majorVersion, other.minorVersion,
other.supportsEc);
return lhs > rhs;
}
};
@ -69,6 +71,9 @@ class Keymaster : public IKeymasterDevice {
* There are no side effects otherwise.
*/
void logIfKeymasterVendorError(ErrorCode ec) const;
void logIfKeymasterVendorError(V4_0::ErrorCode ec) const {
logIfKeymasterVendorError(static_cast<ErrorCode>(ec));
}
/**
* Returns all available Keymaster3 and Keymaster4 instances, in order of most secure to least
@ -86,17 +91,11 @@ class Keymaster : public IKeymasterDevice {
*/
static void performHmacKeyAgreement(const KeymasterSet& keymasters);
private:
private:
hidl_string descriptor_;
hidl_string instanceName_;
};
std::ostream& operator<<(std::ostream& os, const Keymaster& keymaster);
} // namespace support
} // namespace V4_0
} // namespace keymaster
} // namespace hardware
} // namespace android
#endif // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_
} // namespace android::hardware::keymaster::V4_1::support

65
keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h → keymaster/4.1/support/include/keymasterV4_1/Keymaster3.h
View file

@ -1,5 +1,4 @@
/*
**
** Copyright 2017, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
@ -15,18 +14,14 @@
** limitations under the License.
*/
#ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_3_H_
#define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_3_H_
#pragma once
#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
#include "Keymaster.h"
#include "Operation.h"
namespace android {
namespace hardware {
namespace keymaster {
namespace V4_0 {
namespace support {
namespace android::hardware::keymaster::V4_1::support {
using IKeymaster3Device = ::android::hardware::keymaster::V3_0::IKeymasterDevice;
@ -38,8 +33,10 @@ using ::android::hardware::Void;
using ::android::hardware::details::return_status;
class Keymaster3 : public Keymaster {
public:
public:
// This definition is used for device enumeration.
using WrappedIKeymasterDevice = IKeymaster3Device;
Keymaster3(sp<IKeymaster3Device> km3_dev, const hidl_string& instanceName)
: Keymaster(IKeymaster3Device::descriptor, instanceName),
km3_dev_(km3_dev),
@ -53,24 +50,24 @@ class Keymaster3 : public Keymaster {
Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb);
Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override {
_hidl_cb(ErrorCode::UNIMPLEMENTED, {});
_hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {});
return Void();
}
Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>&,
computeSharedHmac_cb _hidl_cb) override {
_hidl_cb(ErrorCode::UNIMPLEMENTED, {});
_hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {});
return Void();
}
Return<void> verifyAuthorization(uint64_t, const hidl_vec<KeyParameter>&,
const HardwareAuthToken&,
verifyAuthorization_cb _hidl_cb) override {
_hidl_cb(ErrorCode::UNIMPLEMENTED, {});
_hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {});
return Void();
}
Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override;
Return<V4_0::ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override;
Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
generateKey_cb _hidl_cb) override;
Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
@ -86,7 +83,7 @@ class Keymaster3 : public Keymaster {
const hidl_vec<KeyParameter>& /* unwrappingParams */,
uint64_t /* passwordSid */, uint64_t /* biometricSid */,
importWrappedKey_cb _hidl_cb) {
_hidl_cb(ErrorCode::UNIMPLEMENTED, {}, {});
_hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {}, {});
return Void();
}
@ -99,9 +96,9 @@ class Keymaster3 : public Keymaster {
Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
const hidl_vec<KeyParameter>& upgradeParams,
upgradeKey_cb _hidl_cb) override;
Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override;
Return<ErrorCode> deleteAllKeys() override;
Return<ErrorCode> destroyAttestationIds() override;
Return<V4_0::ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override;
Return<V4_0::ErrorCode> deleteAllKeys() override;
Return<V4_0::ErrorCode> destroyAttestationIds() override;
Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
begin_cb _hidl_cb) override;
@ -112,9 +109,31 @@ class Keymaster3 : public Keymaster {
const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
const HardwareAuthToken& authToken,
const VerificationToken& verificationToken, finish_cb _hidl_cb) override;
Return<ErrorCode> abort(uint64_t operationHandle) override;
Return<V4_0::ErrorCode> abort(uint64_t operationHandle) override;
private:
/**********************************
* V4_1::IKeymasterDevice methods *
*********************************/
Return<ErrorCode> deviceLocked(bool /* passwordOnly */,
const VerificationToken& /* verificationToken */) override {
return ErrorCode::UNIMPLEMENTED;
}
Return<ErrorCode> earlyBootEnded() override { return ErrorCode::UNIMPLEMENTED; }
Return<void> beginOp(KeyPurpose purpose, const hidl_vec<uint8_t>& keyBlob,
const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
beginOp_cb _hidl_cb) override {
return begin(purpose, keyBlob, inParams, authToken,
[&_hidl_cb](V4_0::ErrorCode errorCode, const hidl_vec<KeyParameter>& outParams,
OperationHandle operationHandle) {
_hidl_cb(static_cast<ErrorCode>(errorCode), outParams,
new Operation(operationHandle));
});
}
private:
void getVersionIfNeeded();
sp<IKeymaster3Device> km3_dev_;
@ -126,10 +145,4 @@ class Keymaster3 : public Keymaster {
bool supportsAllDigests_;
};
} // namespace support
} // namespace V4_0
} // namespace keymaster
} // namespace hardware
} // namespace android
#endif // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_3_H_
} // namespace android::hardware::keymaster::V4_1::support

197
keymaster/4.1/support/include/keymasterV4_1/Keymaster4.h Normal file
View file

@ -0,0 +1,197 @@
/*
** Copyright 2020, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
#pragma once
#include "Keymaster.h"
#include "Operation.h"
namespace android::hardware::keymaster::V4_1::support {
using android::sp;
/**
* This class can wrap either a V4_0 or V4_1 IKeymasterDevice.
*/
class Keymaster4 : public Keymaster {
public:
// This definition is used for device enumeration; enumerating 4.0 devices will also
// enumerate 4.1. devices.
using WrappedIKeymasterDevice = V4_0::IKeymasterDevice;
Keymaster4(sp<V4_1::IKeymasterDevice> km4_1_dev, const hidl_string& instanceName)
: Keymaster(V4_1::IKeymasterDevice::descriptor, instanceName),
haveVersion_(false),
km4_0_dev_(km4_1_dev),
km4_1_dev_(km4_1_dev) {}
Keymaster4(sp<V4_0::IKeymasterDevice> km4_0_dev, const hidl_string& instanceName)
: Keymaster(V4_1::IKeymasterDevice::descriptor, instanceName),
haveVersion_(false),
km4_0_dev_(km4_0_dev),
km4_1_dev_() {}
const VersionResult& halVersion() const override {
const_cast<Keymaster4*>(this)->getVersionIfNeeded();
return version_;
}
/**********************************
* V4_0::IKeymasterDevice methods *
*********************************/
Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb) override {
return km4_0_dev_->getHardwareInfo(_hidl_cb);
}
Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override {
return km4_0_dev_->getHmacSharingParameters(_hidl_cb);
}
Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>& params,
computeSharedHmac_cb _hidl_cb) override {
return km4_0_dev_->computeSharedHmac(params, _hidl_cb);
}
Return<void> verifyAuthorization(uint64_t operationHandle, const hidl_vec<KeyParameter>& params,
const HardwareAuthToken& authToken,
verifyAuthorization_cb _hidl_cb) override {
return km4_0_dev_->verifyAuthorization(operationHandle, params, authToken, _hidl_cb);
}
Return<V4_0::ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override {
return km4_0_dev_->addRngEntropy(data);
}
Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
generateKey_cb _hidl_cb) override {
return km4_0_dev_->generateKey(keyParams, _hidl_cb);
}
Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
const hidl_vec<uint8_t>& clientId,
const hidl_vec<uint8_t>& appData,
getKeyCharacteristics_cb _hidl_cb) override {
return km4_0_dev_->getKeyCharacteristics(keyBlob, clientId, appData, _hidl_cb);
}
Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override {
return km4_0_dev_->importKey(params, keyFormat, keyData, _hidl_cb);
}
Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
const hidl_vec<uint8_t>& wrappingKeyBlob,
const hidl_vec<uint8_t>& maskingKey,
const hidl_vec<KeyParameter>& unwrappingParams,
uint64_t passwordSid, uint64_t biometricSid,
importWrappedKey_cb _hidl_cb) {
return km4_0_dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey,
unwrappingParams, passwordSid, biometricSid, _hidl_cb);
}
Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
exportKey_cb _hidl_cb) override {
return km4_0_dev_->exportKey(exportFormat, keyBlob, clientId, appData, _hidl_cb);
}
Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
const hidl_vec<KeyParameter>& attestParams,
attestKey_cb _hidl_cb) override {
return km4_0_dev_->attestKey(keyToAttest, attestParams, _hidl_cb);
}
Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
const hidl_vec<KeyParameter>& upgradeParams,
upgradeKey_cb _hidl_cb) override {
return km4_0_dev_->upgradeKey(keyBlobToUpgrade, upgradeParams, _hidl_cb);
}
Return<V4_0::ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override {
return km4_0_dev_->deleteKey(keyBlob);
}
Return<V4_0::ErrorCode> deleteAllKeys() override { return km4_0_dev_->deleteAllKeys(); }
Return<V4_0::ErrorCode> destroyAttestationIds() override {
return km4_0_dev_->destroyAttestationIds();
}
Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
begin_cb _hidl_cb) override {
return km4_0_dev_->begin(purpose, key, inParams, authToken, _hidl_cb);
}
Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
const VerificationToken& verificationToken, update_cb _hidl_cb) override {
return km4_0_dev_->update(operationHandle, inParams, input, authToken, verificationToken,
_hidl_cb);
}
Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
const HardwareAuthToken& authToken,
const VerificationToken& verificationToken, finish_cb _hidl_cb) override {
return km4_0_dev_->finish(operationHandle, inParams, input, signature, authToken,
verificationToken, _hidl_cb);
}
Return<V4_0::ErrorCode> abort(uint64_t operationHandle) override {
return km4_0_dev_->abort(operationHandle);
}
/**********************************
* V4_1::IKeymasterDevice methods *
*********************************/
Return<ErrorCode> deviceLocked(bool passwordOnly,
const VerificationToken& verificationToken) override {
if (km4_1_dev_) return km4_1_dev_->deviceLocked(passwordOnly, verificationToken);
return ErrorCode::UNIMPLEMENTED;
}
Return<ErrorCode> earlyBootEnded() override {
if (km4_1_dev_) return km4_1_dev_->earlyBootEnded();
return ErrorCode::UNIMPLEMENTED;
}
Return<void> beginOp(KeyPurpose purpose, const hidl_vec<uint8_t>& keyBlob,
const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
beginOp_cb _hidl_cb) override {
if (km4_1_dev_) return km4_1_dev_->beginOp(purpose, keyBlob, inParams, authToken, _hidl_cb);
return km4_0_dev_->begin(
purpose, keyBlob, inParams, authToken,
[&_hidl_cb](V4_0::ErrorCode errorCode, const hidl_vec<KeyParameter>& outParams,
OperationHandle operationHandle) {
_hidl_cb(static_cast<ErrorCode>(errorCode), outParams,
new Operation(operationHandle));
});
}
private:
void getVersionIfNeeded();
bool haveVersion_;
VersionResult version_;
sp<V4_0::IKeymasterDevice> km4_0_dev_;
sp<V4_1::IKeymasterDevice> km4_1_dev_;
}; // namespace android::hardware::keymaster::V4_1::support
} // namespace android::hardware::keymaster::V4_1::support

38
keymaster/4.1/support/include/keymasterV4_1/Operation.h Normal file
View file

@ -0,0 +1,38 @@
/*
** Copyright 2020, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
#pragma once
#include <android/hardware/keymaster/4.1/IOperation.h>
#include <keymasterV4_1/keymaster_tags.h>
namespace android::hardware::keymaster::V4_1::support {
class Operation : public IOperation {
public:
Operation(OperationHandle handle) : handle_(handle) {}
Return<void> getOperationChallenge(getOperationChallenge_cb _hidl_cb) override {
_hidl_cb(V4_1::ErrorCode::OK, handle_);
return Void();
}
private:
OperationHandle handle_;
};
} // namespace android::hardware::keymaster::V4_1::support

5
keymaster/4.1/support/include/keymasterV4_1/authorization_set.h
View file

@ -14,8 +14,7 @@
* limitations under the License.
*/
#ifndef HARDWARE_INTERFACES_KEYMASTER_V4_1_SUPPORT_INCLUDE_AUTHORIZATION_SET_H_
#define HARDWARE_INTERFACES_KEYMASTER_V4_1_SUPPORT_INCLUDE_AUTHORIZATION_SET_H_
#pragma once
#include <keymasterV4_0/authorization_set.h>
@ -28,5 +27,3 @@ using V4_0::AuthorizationSetBuilder;
using V4_0::KeyParameter;
} // namespace android::hardware::keymaster::V4_1
#endif // HARDWARE_INTERFACES_KEYMASTER_V4_1_SUPPORT_INCLUDE_AUTHORIZATION_SET_H_

7
keymaster/4.1/support/include/keymasterV4_1/keymaster_tags.h
View file

@ -23,19 +23,26 @@
namespace android::hardware::keymaster::V4_1 {
using V4_0::Algorithm;
using V4_0::BlockMode;
using V4_0::Digest;
using V4_0::EcCurve;
using V4_0::HardwareAuthenticatorType;
using V4_0::HardwareAuthToken;
using V4_0::HmacSharingParameters;
using V4_0::KeyBlobUsageRequirements;
using V4_0::KeyCharacteristics;
using V4_0::KeyFormat;
using V4_0::KeyOrigin;
using V4_0::KeyParameter;
using V4_0::KeyPurpose;
using V4_0::OperationHandle;
using V4_0::PaddingMode;
using V4_0::SecurityLevel;
using V4_0::TagType;
using V4_0::VerificationToken;
using V4_0::NullOr;
using V4_0::TypedTag;
using V4_0::TAG_ACTIVE_DATETIME;

26
keymaster/4.1/support/include/keymasterV4_1/keymaster_utils.h Normal file
View file

@ -0,0 +1,26 @@
/*
* Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#pragma once
#include <keymasterV4_0/keymaster_utils.h>
namespace android::hardware::keymaster::V4_1::support {
using V4_0::support::blob2hidlVec;
using V4_0::support::hidlVec2AuthToken;
} // namespace android::hardware::keymaster::V4_1::support