Various cleanups
Mostly just removal of old-style #include guards in favor of #pragm
once, reorganization of header includes, correction of copyright
years, etc.
Test: VtsAidlKeyMintTargetTest
Change-Id: I070584ecec550a2f133b1c19f36f99e7b5544e7c
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
index 76effcf..052736b 100644
--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
+++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h
@@ -14,19 +14,17 @@
* limitations under the License.
*/
-#ifndef VTS_KEYMINT_AIDL_TEST_UTILS_H
-#define VTS_KEYMINT_AIDL_TEST_UTILS_H
-
#pragma once
#include <aidl/Gtest.h>
#include <aidl/Vintf.h>
-#include <android/hardware/security/keymint/ErrorCode.h>
-#include <android/hardware/security/keymint/IKeyMintDevice.h>
#include <binder/IServiceManager.h>
#include <binder/ProcessState.h>
#include <gtest/gtest.h>
+#include <android/hardware/security/keymint/ErrorCode.h>
+#include <android/hardware/security/keymint/IKeyMintDevice.h>
+
#include <keymint_support/authorization_set.h>
namespace android::hardware::security::keymint::test {
@@ -187,5 +185,3 @@
android::PrintInstanceNameToString)
} // namespace android::hardware::security::keymint::test
-
-#endif // VTS_KEYMINT_AIDL_TEST_UTILS_H
diff --git a/security/keymint/support/attestation_record.cpp b/security/keymint/support/attestation_record.cpp
index afdb208..1b07495 100644
--- a/security/keymint/support/attestation_record.cpp
+++ b/security/keymint/support/attestation_record.cpp
@@ -18,6 +18,9 @@
#include <assert.h>
+#include <android/hardware/security/keymint/Tag.h>
+#include <android/hardware/security/keymint/TagType.h>
+
#include <android-base/logging.h>
#include <openssl/asn1t.h>
@@ -25,9 +28,6 @@
#include <openssl/evp.h>
#include <openssl/x509.h>
-#include <android/hardware/security/keymint/Tag.h>
-#include <android/hardware/security/keymint/TagType.h>
-
#include <keymint_support/authorization_set.h>
#include <keymint_support/openssl_utils.h>
@@ -326,9 +326,8 @@
}
ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
- vector<uint8_t>* verified_boot_key,
- keymint_verified_boot_t* verified_boot_state, bool* device_locked,
- vector<uint8_t>* verified_boot_hash) {
+ vector<uint8_t>* verified_boot_key, VerifiedBoot* verified_boot_state,
+ bool* device_locked, vector<uint8_t>* verified_boot_hash) {
if (!verified_boot_key || !verified_boot_state || !device_locked || !verified_boot_hash) {
LOG(ERROR) << AT << "null pointer input(s)";
return ErrorCode::INVALID_ARGUMENT;
@@ -358,8 +357,8 @@
verified_boot_key->resize(vb_key->length);
memcpy(verified_boot_key->data(), vb_key->data, vb_key->length);
- *verified_boot_state = static_cast<keymint_verified_boot_t>(
- ASN1_ENUMERATED_get(root_of_trust->verified_boot_state));
+ *verified_boot_state =
+ static_cast<VerifiedBoot>(ASN1_ENUMERATED_get(root_of_trust->verified_boot_state));
if (!verified_boot_state) {
LOG(ERROR) << AT << " Failed verified boot state parsing";
return ErrorCode::INVALID_ARGUMENT;
diff --git a/security/keymint/support/authorization_set.cpp b/security/keymint/support/authorization_set.cpp
index aa9638f..eaacd1f 100644
--- a/security/keymint/support/authorization_set.cpp
+++ b/security/keymint/support/authorization_set.cpp
@@ -76,16 +76,6 @@
}
}
-void AuthorizationSet::Filter(std::function<bool(const KeyParameter&)> doKeep) {
- std::vector<KeyParameter> result;
- for (auto& param : data_) {
- if (doKeep(param)) {
- result.push_back(std::move(param));
- }
- }
- std::swap(data_, result);
-}
-
KeyParameter& AuthorizationSet::operator[](int at) {
return data_[at];
}
diff --git a/security/keymint/support/include/keymint_support/attestation_record.h b/security/keymint/support/include/keymint_support/attestation_record.h
index d71624c..0739569 100644
--- a/security/keymint/support/include/keymint_support/attestation_record.h
+++ b/security/keymint/support/include/keymint_support/attestation_record.h
@@ -43,18 +43,18 @@
*/
static const char kAttestionRecordOid[] = "1.3.6.1.4.1.11129.2.1.17";
-enum keymint_verified_boot_t {
- KM_VERIFIED_BOOT_VERIFIED = 0,
- KM_VERIFIED_BOOT_SELF_SIGNED = 1,
- KM_VERIFIED_BOOT_UNVERIFIED = 2,
- KM_VERIFIED_BOOT_FAILED = 3,
+enum class VerifiedBoot : uint8_t {
+ VERIFIED = 0,
+ SELF_SIGNED = 1,
+ UNVERIFIED = 2,
+ FAILED = 3,
};
struct RootOfTrust {
SecurityLevel security_level;
vector<uint8_t> verified_boot_key;
vector<uint8_t> verified_boot_hash;
- keymint_verified_boot_t verified_boot_state;
+ VerifiedBoot verified_boot_state;
bool device_locked;
};
@@ -81,7 +81,7 @@
ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
std::vector<uint8_t>* verified_boot_key,
- keymint_verified_boot_t* verified_boot_state, bool* device_locked,
+ VerifiedBoot* verified_boot_state, bool* device_locked,
std::vector<uint8_t>* verified_boot_hash);
} // namespace android::hardware::security::keymint
diff --git a/security/keymint/support/include/keymint_support/authorization_set.h b/security/keymint/support/include/keymint_support/authorization_set.h
index 97e1022..01c4080 100644
--- a/security/keymint/support/include/keymint_support/authorization_set.h
+++ b/security/keymint/support/include/keymint_support/authorization_set.h
@@ -14,8 +14,7 @@
* limitations under the License.
*/
-#ifndef SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_
-#define SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_
+#pragma once
#include <vector>
@@ -138,19 +137,16 @@
/**
* Returns iterator (pointer) to beginning of elems array, to enable STL-style iteration
*/
- std::vector<KeyParameter>::const_iterator begin() const { return data_.begin(); }
+ auto begin() { return data_.begin(); }
+ auto begin() const { return data_.begin(); }
/**
* Returns iterator (pointer) one past end of elems array, to enable STL-style iteration
*/
- std::vector<KeyParameter>::const_iterator end() const { return data_.end(); }
+ auto end() { return data_.end(); }
+ auto end() const { return data_.end(); }
/**
- * Modifies this Authorization set such that it only keeps the entries for which doKeep
- * returns true.
- */
- void Filter(std::function<bool(const KeyParameter&)> doKeep);
- /**
* Returns the nth element of the set.
* Like for std::vector::operator[] there is no range check performed. Use of out of range
* indices is undefined.
@@ -316,5 +312,3 @@
};
} // namespace android::hardware::security::keymint
-
-#endif // SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_
diff --git a/security/keymint/support/include/keymint_support/key_param_output.h b/security/keymint/support/include/keymint_support/key_param_output.h
index 82c9689..b109105 100644
--- a/security/keymint/support/include/keymint_support/key_param_output.h
+++ b/security/keymint/support/include/keymint_support/key_param_output.h
@@ -14,8 +14,7 @@
* limitations under the License.
*/
-#ifndef HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_
-#define HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_
+#pragma once
#include <iostream>
#include <vector>
@@ -98,5 +97,3 @@
}
} // namespace android::hardware::security::keymint
-
-#endif // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_
diff --git a/security/keymint/support/include/keymint_support/keymint_tags.h b/security/keymint/support/include/keymint_support/keymint_tags.h
index f23e4f2..d418fec 100644
--- a/security/keymint/support/include/keymint_support/keymint_tags.h
+++ b/security/keymint/support/include/keymint_support/keymint_tags.h
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2019 The Android Open Source Project
+ * Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,8 +14,7 @@
* limitations under the License.
*/
-#ifndef HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_
-#define HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_
+#pragma once
#include <android/hardware/security/keymint/Algorithm.h>
#include <android/hardware/security/keymint/BlockMode.h>
@@ -32,22 +31,15 @@
namespace android::hardware::security::keymint {
-// The following create the numeric values that KM_TAG_PADDING and KM_TAG_DIGEST used to have. We
-// need these old values to be able to support old keys that use them.
-// TODO(seleneh) we should delete this code when we stop supporting keymaster1
-// and deletes it.
-static const int32_t KM_TAG_DIGEST_OLD = static_cast<int32_t>(TagType::ENUM) | 5;
-static const int32_t KM_TAG_PADDING_OLD = static_cast<int32_t>(TagType::ENUM) | 7;
-
constexpr TagType typeFromTag(Tag tag) {
return static_cast<TagType>(static_cast<uint32_t>(tag) & static_cast<uint32_t>(0xf0000000));
}
/**
- * TypedTag is a templatized version of Tag, which provides compile-time checking of
- * keymint tag types. Instances are convertible to Tag, so they can be used wherever
- * Tag is expected, and because they encode the tag type it's possible to create
- * function overloads that only operate on tags with a particular type.
+ * TypedTag is a templatized version of Tag, which provides compile-time checking of KeyMint tag
+ * types. Instances are convertible to Tag, so they can be used wherever Tag is expected, and
+ * because they encode the tag type it's possible to create function overloads that only operate on
+ * tags with a particular type.
*/
template <TagType tag_type, Tag tag>
struct TypedTag {
@@ -334,5 +326,3 @@
}
} // namespace android::hardware::security::keymint
-
-#endif // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_
diff --git a/security/keymint/support/include/keymint_support/keymint_utils.h b/security/keymint/support/include/keymint_support/keymint_utils.h
index fda1b6c..878b7df 100644
--- a/security/keymint/support/include/keymint_support/keymint_utils.h
+++ b/security/keymint/support/include/keymint_support/keymint_utils.h
@@ -16,9 +16,6 @@
#pragma once
-#ifndef HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_
-#define HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_
-
#include <android/hardware/security/keymint/HardwareAuthToken.h>
namespace android::hardware::security::keymint {
@@ -43,5 +40,3 @@
uint32_t getOsPatchlevel();
} // namespace android::hardware::security::keymint
-
-#endif // HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_
diff --git a/security/keymint/support/include/keymint_support/openssl_utils.h b/security/keymint/support/include/keymint_support/openssl_utils.h
index cb09968..0878810 100644
--- a/security/keymint/support/include/keymint_support/openssl_utils.h
+++ b/security/keymint/support/include/keymint_support/openssl_utils.h
@@ -1,5 +1,5 @@
/*
- * Copyright 2017 The Android Open Source Project
+ * Copyright 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -14,8 +14,7 @@
* limitations under the License.
*/
-#ifndef HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_
-#define HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_
+#pragma once
#include <android/hardware/security/keymint/Digest.h>
@@ -63,5 +62,3 @@
}
} // namespace android::hardware::security::keymint
-
-#endif // HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_
diff --git a/security/keymint/support/key_param_output.cpp b/security/keymint/support/key_param_output.cpp
index b699b22..d8e2fff 100644
--- a/security/keymint/support/key_param_output.cpp
+++ b/security/keymint/support/key_param_output.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2017 The Android Open Source Project
+ * Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
diff --git a/security/keymint/support/keymint_utils.cpp b/security/keymint/support/keymint_utils.cpp
index cd4cca2..63606f4 100644
--- a/security/keymint/support/keymint_utils.cpp
+++ b/security/keymint/support/keymint_utils.cpp
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2018 The Android Open Source Project
+ * Copyright (C) 2020 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@@ -16,11 +16,12 @@
#include <regex.h>
+#include <arpa/inet.h>
+
#include <android-base/properties.h>
#include <hardware/hw_auth_token.h>
-#include <keymint_support/keymint_utils.h>
-#include <arpa/inet.h>
+#include <keymint_support/keymint_utils.h>
namespace android::hardware::security::keymint {