Add support lib wrappers for clients
Test: CtsKeystoreTestCases
Change-Id: I0157df310f85d83cef07282ea80204c035626518
diff --git a/keymaster/4.0/support/Android.bp b/keymaster/4.0/support/Android.bp
index 2f40282..9c5fbab 100644
--- a/keymaster/4.0/support/Android.bp
+++ b/keymaster/4.0/support/Android.bp
@@ -27,11 +27,10 @@
"authorization_set.cpp",
"key_param_output.cpp",
"keymaster_utils.cpp",
- "Keymaster.cpp",
- "Keymaster3.cpp",
- "Keymaster4.cpp",
],
- export_include_dirs: ["include"],
+ export_include_dirs: [
+ "include",
+ ],
shared_libs: [
"android.hardware.keymaster@3.0",
"android.hardware.keymaster@4.0",
@@ -39,6 +38,5 @@
"libcrypto",
"libhardware",
"libhidlbase",
- "libutils",
- ]
+ ],
}
diff --git a/keymaster/4.0/support/Keymaster.cpp b/keymaster/4.0/support/Keymaster.cpp
deleted file mode 100644
index f20f951..0000000
--- a/keymaster/4.0/support/Keymaster.cpp
+++ /dev/null
@@ -1,197 +0,0 @@
-/*
- ** Copyright 2018, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- ** http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#include <keymasterV4_0/Keymaster.h>
-
-#include <iomanip>
-
-#include <android-base/logging.h>
-#include <android/hidl/manager/1.2/IServiceManager.h>
-#include <keymasterV4_0/Keymaster3.h>
-#include <keymasterV4_0/Keymaster4.h>
-#include <keymasterV4_0/key_param_output.h>
-#include <keymasterV4_0/keymaster_utils.h>
-
-namespace android {
-namespace hardware {
-
-template <class T>
-std::ostream& operator<<(std::ostream& os, const hidl_vec<T>& vec) {
- os << "{ ";
- if (vec.size()) {
- for (size_t i = 0; i < vec.size() - 1; ++i) os << vec[i] << ", ";
- os << vec[vec.size() - 1];
- }
- os << " }";
- return os;
-}
-
-std::ostream& operator<<(std::ostream& os, const hidl_vec<uint8_t>& vec) {
- std::ios_base::fmtflags flags(os.flags());
- os << std::setw(2) << std::setfill('0') << std::hex;
- for (uint8_t c : vec) os << static_cast<int>(c);
- os.flags(flags);
- return os;
-}
-
-template <size_t N>
-std::ostream& operator<<(std::ostream& os, const hidl_array<uint8_t, N>& vec) {
- std::ios_base::fmtflags flags(os.flags());
- os << std::setw(2) << std::setfill('0') << std::hex;
- for (size_t i = 0; i < N; ++i) os << static_cast<int>(vec[i]);
- os.flags(flags);
- return os;
-}
-
-namespace keymaster {
-namespace V4_0 {
-
-std::ostream& operator<<(std::ostream& os, const HmacSharingParameters& params) {
- // Note that by design, although seed and nonce are used to compute a secret, they are
- // not secrets and it's just fine to log them.
- os << "(seed: " << params.seed << ", nonce: " << params.nonce << ')';
- return os;
-}
-
-namespace support {
-
-using ::android::sp;
-using ::android::hidl::manager::V1_2::IServiceManager;
-
-std::ostream& operator<<(std::ostream& os, const Keymaster& keymaster) {
- auto& version = keymaster.halVersion();
- os << version.keymasterName << " from " << version.authorName
- << " SecurityLevel: " << toString(version.securityLevel)
- << " HAL: " << keymaster.descriptor() << "/" << keymaster.instanceName();
- return os;
-}
-
-template <typename Wrapper>
-Keymaster::KeymasterSet enumerateDevices(const sp<IServiceManager>& serviceManager) {
- Keymaster::KeymasterSet result;
-
- bool foundDefault = false;
- auto& descriptor = Wrapper::WrappedIKeymasterDevice::descriptor;
- serviceManager->listManifestByInterface(descriptor, [&](const hidl_vec<hidl_string>& names) {
- for (auto& name : names) {
- if (name == "default") foundDefault = true;
- auto device = Wrapper::WrappedIKeymasterDevice::getService(name);
- CHECK(device) << "Failed to get service for " << descriptor << " with interface name "
- << name;
- result.push_back(new Wrapper(device, name));
- }
- });
-
- if (!foundDefault) {
- // "default" wasn't provided by listManifestByInterface. Maybe there's a passthrough
- // implementation.
- auto device = Wrapper::WrappedIKeymasterDevice::getService("default");
- if (device) result.push_back(new Wrapper(device, "default"));
- }
-
- return result;
-}
-
-void Keymaster::logIfKeymasterVendorError(ErrorCode ec) const {
- static constexpr int32_t k_keymaster_vendor_error_code_range_max = -10000;
- if (static_cast<int32_t>(ec) <= k_keymaster_vendor_error_code_range_max) {
- const auto& versionInfo = halVersion();
- LOG(ERROR) << "Keymaster reported error: " << static_cast<int32_t>(ec) << "\n"
- << "NOTE: This is an error in the vendor specific error range.\n"
- << " Refer to the vendor of the implementation for details.\n"
- << " Implementation name: " << versionInfo.keymasterName << "\n"
- << " Vendor name: " << versionInfo.authorName << "\n"
- << " MajorVersion: " << versionInfo.majorVersion;
- }
-}
-
-Keymaster::KeymasterSet Keymaster::enumerateAvailableDevices() {
- auto serviceManager = IServiceManager::getService();
- CHECK(serviceManager) << "Could not retrieve ServiceManager";
-
- auto km4s = enumerateDevices<Keymaster4>(serviceManager);
- auto km3s = enumerateDevices<Keymaster3>(serviceManager);
-
- auto result = std::move(km4s);
- result.insert(result.end(), std::make_move_iterator(km3s.begin()),
- std::make_move_iterator(km3s.end()));
-
- std::sort(result.begin(), result.end(),
- [](auto& a, auto& b) { return a->halVersion() > b->halVersion(); });
-
- size_t i = 1;
- LOG(INFO) << "List of Keymaster HALs found:";
- for (auto& hal : result) LOG(INFO) << "Keymaster HAL #" << i++ << ": " << *hal;
-
- return result;
-}
-
-static hidl_vec<HmacSharingParameters> getHmacParameters(
- const Keymaster::KeymasterSet& keymasters) {
- std::vector<HmacSharingParameters> params_vec;
- params_vec.reserve(keymasters.size());
- for (auto& keymaster : keymasters) {
- if (keymaster->halVersion().majorVersion < 4) continue;
- auto rc = keymaster->getHmacSharingParameters([&](auto error, auto& params) {
- CHECK(error == ErrorCode::OK)
- << "Failed to get HMAC parameters from " << *keymaster << " error " << error;
- params_vec.push_back(params);
- });
- CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster
- << " error: " << rc.description();
- }
- std::sort(params_vec.begin(), params_vec.end());
-
- return params_vec;
-}
-
-static void computeHmac(const Keymaster::KeymasterSet& keymasters,
- const hidl_vec<HmacSharingParameters>& params) {
- if (!params.size()) return;
-
- hidl_vec<uint8_t> sharingCheck;
- bool firstKeymaster = true;
- LOG(DEBUG) << "Computing HMAC with params " << params;
- for (auto& keymaster : keymasters) {
- if (keymaster->halVersion().majorVersion < 4) continue;
- LOG(DEBUG) << "Computing HMAC for " << *keymaster;
- auto rc = keymaster->computeSharedHmac(
- params, [&](ErrorCode error, const hidl_vec<uint8_t>& curSharingCheck) {
- CHECK(error == ErrorCode::OK)
- << "Failed to get HMAC parameters from " << *keymaster << " error " << error;
- if (firstKeymaster) {
- sharingCheck = curSharingCheck;
- firstKeymaster = false;
- }
- if (curSharingCheck != sharingCheck)
- LOG(WARNING) << "HMAC computation failed for " << *keymaster //
- << " Expected: " << sharingCheck //
- << " got: " << curSharingCheck;
- });
- CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster
- << " error: " << rc.description();
- }
-}
-
-void Keymaster::performHmacKeyAgreement(const KeymasterSet& keymasters) {
- computeHmac(keymasters, getHmacParameters(keymasters));
-}
-
-} // namespace support
-} // namespace V4_0
-} // namespace keymaster
-} // namespace hardware
-} // namespace android
diff --git a/keymaster/4.0/support/Keymaster3.cpp b/keymaster/4.0/support/Keymaster3.cpp
deleted file mode 100644
index b2cdbd9..0000000
--- a/keymaster/4.0/support/Keymaster3.cpp
+++ /dev/null
@@ -1,291 +0,0 @@
-/*
- **
- ** Copyright 2017, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- ** http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#include <keymasterV4_0/Keymaster3.h>
-
-#include <android-base/logging.h>
-#include <keymasterV4_0/keymaster_utils.h>
-
-namespace android {
-namespace hardware {
-namespace keymaster {
-namespace V4_0 {
-namespace support {
-
-using android::hardware::details::StatusOf;
-
-namespace {
-
-ErrorCode convert(V3_0::ErrorCode error) {
- return static_cast<ErrorCode>(error);
-}
-
-V3_0::KeyPurpose convert(KeyPurpose purpose) {
- return static_cast<V3_0::KeyPurpose>(purpose);
-}
-
-V3_0::KeyFormat convert(KeyFormat purpose) {
- return static_cast<V3_0::KeyFormat>(purpose);
-}
-
-V3_0::KeyParameter convert(const KeyParameter& param) {
- V3_0::KeyParameter converted;
- converted.tag = static_cast<V3_0::Tag>(param.tag);
- static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
- memcpy(&converted.f, ¶m.f, sizeof(param.f));
- converted.blob = param.blob;
- return converted;
-}
-
-KeyParameter convert(const V3_0::KeyParameter& param) {
- KeyParameter converted;
- converted.tag = static_cast<Tag>(param.tag);
- static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
- memcpy(&converted.f, ¶m.f, sizeof(param.f));
- converted.blob = param.blob;
- return converted;
-}
-
-hidl_vec<V3_0::KeyParameter> convert(const hidl_vec<KeyParameter>& params) {
- hidl_vec<V3_0::KeyParameter> converted(params.size());
- for (size_t i = 0; i < params.size(); ++i) {
- converted[i] = convert(params[i]);
- }
- return converted;
-}
-
-hidl_vec<KeyParameter> convert(const hidl_vec<V3_0::KeyParameter>& params) {
- hidl_vec<KeyParameter> converted(params.size());
- for (size_t i = 0; i < params.size(); ++i) {
- converted[i] = convert(params[i]);
- }
- return converted;
-}
-
-template <typename T, typename OutIter>
-inline static OutIter copy_bytes_to_iterator(const T& value, OutIter dest) {
- const uint8_t* value_ptr = reinterpret_cast<const uint8_t*>(&value);
- return std::copy(value_ptr, value_ptr + sizeof(value), dest);
-}
-
-hidl_vec<V3_0::KeyParameter> convertAndAddAuthToken(const hidl_vec<KeyParameter>& params,
- const HardwareAuthToken& authToken) {
- hidl_vec<V3_0::KeyParameter> converted(params.size() + 1);
- for (size_t i = 0; i < params.size(); ++i) {
- converted[i] = convert(params[i]);
- }
- converted[params.size()].tag = V3_0::Tag::AUTH_TOKEN;
- converted[params.size()].blob = authToken2HidlVec(authToken);
-
- return converted;
-}
-
-KeyCharacteristics convert(const V3_0::KeyCharacteristics& chars) {
- KeyCharacteristics converted;
- converted.hardwareEnforced = convert(chars.teeEnforced);
- converted.softwareEnforced = convert(chars.softwareEnforced);
- return converted;
-}
-
-} // namespace
-
-void Keymaster3::getVersionIfNeeded() {
- if (haveVersion_) return;
-
- auto rc = km3_dev_->getHardwareFeatures(
- [&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
- bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName,
- const hidl_string& keymasterAuthorName) {
- version_ = {keymasterName, keymasterAuthorName, 0 /* major version, filled below */,
- isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE,
- supportsEllipticCurve};
- supportsSymmetricCryptography_ = supportsSymmetricCryptography;
- supportsAttestation_ = supportsAttestation;
- supportsAllDigests_ = supportsAllDigests;
- });
-
- CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features";
-
- if (version_.securityLevel == SecurityLevel::SOFTWARE) {
- version_.majorVersion = 3;
- } else if (supportsAttestation_) {
- version_.majorVersion = 3; // Could be 2, doesn't matter.
- } else if (supportsSymmetricCryptography_) {
- version_.majorVersion = 1;
- } else {
- version_.majorVersion = 0;
- }
-}
-
-Return<void> Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb) {
- getVersionIfNeeded();
- _hidl_cb(version_.securityLevel,
- std::string(version_.keymasterName) + " (wrapped by keystore::Keymaster3)",
- version_.authorName);
- return Void();
-}
-
-Return<ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) {
- auto rc = km3_dev_->addRngEntropy(data);
- if (!rc.isOk()) {
- return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
- }
- return convert(rc);
-}
-
-Return<void> Keymaster3::generateKey(const hidl_vec<KeyParameter>& keyParams,
- generateKey_cb _hidl_cb) {
- auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
- const V3_0::KeyCharacteristics& characteristics) {
- _hidl_cb(convert(error), keyBlob, convert(characteristics));
- };
- auto rc = km3_dev_->generateKey(convert(keyParams), cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<void> Keymaster3::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
- const hidl_vec<uint8_t>& clientId,
- const hidl_vec<uint8_t>& appData,
- getKeyCharacteristics_cb _hidl_cb) {
- auto cb = [&](V3_0::ErrorCode error, const V3_0::KeyCharacteristics& chars) {
- _hidl_cb(convert(error), convert(chars));
- };
-
- auto rc = km3_dev_->getKeyCharacteristics(keyBlob, clientId, appData, cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<void> Keymaster3::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
- const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) {
- auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
- const V3_0::KeyCharacteristics& chars) {
- _hidl_cb(convert(error), keyBlob, convert(chars));
- };
- auto rc = km3_dev_->importKey(convert(params), convert(keyFormat), keyData, cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<void> Keymaster3::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
- const hidl_vec<uint8_t>& clientId,
- const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) {
- auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyMaterial) {
- _hidl_cb(convert(error), keyMaterial);
- };
- auto rc = km3_dev_->exportKey(convert(exportFormat), keyBlob, clientId, appData, cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<void> Keymaster3::attestKey(const hidl_vec<uint8_t>& keyToAttest,
- const hidl_vec<KeyParameter>& attestParams,
- attestKey_cb _hidl_cb) {
- auto cb = [&](V3_0::ErrorCode error, const hidl_vec<hidl_vec<uint8_t>>& certChain) {
- _hidl_cb(convert(error), certChain);
- };
- auto rc = km3_dev_->attestKey(keyToAttest, convert(attestParams), cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<void> Keymaster3::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
- const hidl_vec<KeyParameter>& upgradeParams,
- upgradeKey_cb _hidl_cb) {
- auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& upgradedKeyBlob) {
- _hidl_cb(convert(error), upgradedKeyBlob);
- };
- auto rc = km3_dev_->upgradeKey(keyBlobToUpgrade, convert(upgradeParams), cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
- auto rc = km3_dev_->deleteKey(keyBlob);
- if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
- return convert(rc);
-}
-
-Return<ErrorCode> Keymaster3::deleteAllKeys() {
- auto rc = km3_dev_->deleteAllKeys();
- if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
- return convert(rc);
-}
-
-Return<ErrorCode> Keymaster3::destroyAttestationIds() {
- auto rc = km3_dev_->destroyAttestationIds();
- if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
- return convert(rc);
-}
-
-Return<void> Keymaster3::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
- const hidl_vec<KeyParameter>& inParams,
- const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
- auto cb = [&](V3_0::ErrorCode error, const hidl_vec<V3_0::KeyParameter>& outParams,
- OperationHandle operationHandle) {
- _hidl_cb(convert(error), convert(outParams), operationHandle);
- };
-
- auto rc =
- km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<void> Keymaster3::update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
- const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
- const VerificationToken& /* verificationToken */,
- update_cb _hidl_cb) {
- auto cb = [&](V3_0::ErrorCode error, uint32_t inputConsumed,
- const hidl_vec<V3_0::KeyParameter>& outParams, const hidl_vec<uint8_t>& output) {
- _hidl_cb(convert(error), inputConsumed, convert(outParams), output);
- };
-
- auto rc =
- km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input, cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<void> Keymaster3::finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
- const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
- const HardwareAuthToken& authToken,
- const VerificationToken& /* verificationToken */,
- finish_cb _hidl_cb) {
- auto cb = [&](V3_0::ErrorCode error, const hidl_vec<V3_0::KeyParameter>& outParams,
- const hidl_vec<uint8_t>& output) {
- _hidl_cb(convert(error), convert(outParams), output);
- };
-
- auto rc = km3_dev_->finish(operationHandle, convertAndAddAuthToken(inParams, authToken), input,
- signature, cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<ErrorCode> Keymaster3::abort(uint64_t operationHandle) {
- auto rc = km3_dev_->abort(operationHandle);
- if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, ErrorCode>(rc);
- return convert(rc);
-}
-
-} // namespace support
-} // namespace V4_0
-} // namespace keymaster
-} // namespace hardware
-} // namespace android
diff --git a/keymaster/4.0/support/Keymaster4.cpp b/keymaster/4.0/support/Keymaster4.cpp
deleted file mode 100644
index cc3d656..0000000
--- a/keymaster/4.0/support/Keymaster4.cpp
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
-**
-** Copyright 2017, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
-
-#include <keymasterV4_0/Keymaster4.h>
-
-#include <android-base/logging.h>
-
-namespace android {
-namespace hardware {
-namespace keymaster {
-namespace V4_0 {
-namespace support {
-
-void Keymaster4::getVersionIfNeeded() {
- if (haveVersion_) return;
-
- auto rc =
- dev_->getHardwareInfo([&](SecurityLevel securityLevel, const hidl_string& keymasterName,
- const hidl_string& authorName) {
- version_ = {keymasterName, authorName, 4 /* major version */, securityLevel,
- true /* supportsEc */};
- haveVersion_ = true;
- });
-
- CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware info";
-}
-
-} // namespace support
-} // namespace V4_0
-} // namespace keymaster
-} // namespace hardware
-} // namespace android
diff --git a/keymaster/4.0/support/include/keymasterV4_0/Keymaster.h b/keymaster/4.0/support/include/keymasterV4_0/Keymaster.h
deleted file mode 100644
index ad83f17..0000000
--- a/keymaster/4.0/support/include/keymasterV4_0/Keymaster.h
+++ /dev/null
@@ -1,102 +0,0 @@
-/*
- **
- ** Copyright 2017, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- ** http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_
-#define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_
-
-#include <android/hardware/keymaster/4.0/IKeymasterDevice.h>
-
-#include <memory>
-#include <vector>
-
-namespace android {
-namespace hardware {
-namespace keymaster {
-namespace V4_0 {
-namespace support {
-
-/**
- * Keymaster abstracts the underlying V4_0::IKeymasterDevice. There is one implementation
- * (Keymaster4) which is a trivial passthrough and one that wraps a V3_0::IKeymasterDevice.
- *
- * The reason for adding this additional layer, rather than simply using the latest HAL directly and
- * subclassing it to wrap any older HAL, is because this provides a place to put additional methods
- * which clients can use when they need to distinguish between different underlying HAL versions,
- * while still having to use only the latest interface.
- */
-class Keymaster : public IKeymasterDevice {
- public:
- using KeymasterSet = std::vector<android::sp<Keymaster>>;
-
- Keymaster(const hidl_string& descriptor, const hidl_string& instanceName)
- : descriptor_(descriptor), instanceName_(instanceName) {}
- virtual ~Keymaster() {}
-
- struct VersionResult {
- hidl_string keymasterName;
- hidl_string authorName;
- uint8_t majorVersion;
- SecurityLevel securityLevel;
- bool supportsEc;
-
- bool operator>(const VersionResult& other) const {
- auto lhs = std::tie(securityLevel, majorVersion, supportsEc);
- auto rhs = std::tie(other.securityLevel, other.majorVersion, other.supportsEc);
- return lhs > rhs;
- }
- };
-
- virtual const VersionResult& halVersion() const = 0;
- const hidl_string& descriptor() const { return descriptor_; }
- const hidl_string& instanceName() const { return instanceName_; }
-
- /**
- * If ec is in the vendor error code range (<-10000), logs the fact to logcat.
- * There are no side effects otherwise.
- */
- void logIfKeymasterVendorError(ErrorCode ec) const;
-
- /**
- * Returns all available Keymaster3 and Keymaster4 instances, in order of most secure to least
- * secure (as defined by VersionResult::operator<).
- */
- static KeymasterSet enumerateAvailableDevices();
-
- /**
- * Ask provided Keymaster instances to compute a shared HMAC key using
- * getHmacSharingParameters() and computeSharedHmac(). This computation is idempotent as long
- * as the same set of Keymaster instances is used each time (and if all of the instances work
- * correctly). It must be performed once per boot, but should do no harm to be repeated.
- *
- * If key agreement fails, this method will crash the process (with CHECK).
- */
- static void performHmacKeyAgreement(const KeymasterSet& keymasters);
-
- private:
- hidl_string descriptor_;
- hidl_string instanceName_;
-};
-
-std::ostream& operator<<(std::ostream& os, const Keymaster& keymaster);
-
-} // namespace support
-} // namespace V4_0
-} // namespace keymaster
-} // namespace hardware
-} // namespace android
-
-#endif // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_
diff --git a/keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h b/keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h
deleted file mode 100644
index c40be7c..0000000
--- a/keymaster/4.0/support/include/keymasterV4_0/Keymaster3.h
+++ /dev/null
@@ -1,135 +0,0 @@
-/*
- **
- ** Copyright 2017, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- ** http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_3_H_
-#define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_3_H_
-
-#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
-
-#include "Keymaster.h"
-
-namespace android {
-namespace hardware {
-namespace keymaster {
-namespace V4_0 {
-namespace support {
-
-using IKeymaster3Device = ::android::hardware::keymaster::V3_0::IKeymasterDevice;
-
-using ::android::sp;
-using ::android::hardware::hidl_string;
-using ::android::hardware::hidl_vec;
-using ::android::hardware::Return;
-using ::android::hardware::Void;
-using ::android::hardware::details::return_status;
-
-class Keymaster3 : public Keymaster {
- public:
- using WrappedIKeymasterDevice = IKeymaster3Device;
- Keymaster3(sp<IKeymaster3Device> km3_dev, const hidl_string& instanceName)
- : Keymaster(IKeymaster3Device::descriptor, instanceName),
- km3_dev_(km3_dev),
- haveVersion_(false) {}
-
- const VersionResult& halVersion() const override {
- const_cast<Keymaster3*>(this)->getVersionIfNeeded();
- return version_;
- }
-
- Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb);
-
- Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override {
- _hidl_cb(ErrorCode::UNIMPLEMENTED, {});
- return Void();
- }
-
- Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>&,
- computeSharedHmac_cb _hidl_cb) override {
- _hidl_cb(ErrorCode::UNIMPLEMENTED, {});
- return Void();
- }
-
- Return<void> verifyAuthorization(uint64_t, const hidl_vec<KeyParameter>&,
- const HardwareAuthToken&,
- verifyAuthorization_cb _hidl_cb) override {
- _hidl_cb(ErrorCode::UNIMPLEMENTED, {});
- return Void();
- }
-
- Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override;
- Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
- generateKey_cb _hidl_cb) override;
- Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
- const hidl_vec<uint8_t>& clientId,
- const hidl_vec<uint8_t>& appData,
- getKeyCharacteristics_cb _hidl_cb) override;
- Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
- const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override;
-
- Return<void> importWrappedKey(const hidl_vec<uint8_t>& /* wrappedKeyData */,
- const hidl_vec<uint8_t>& /* wrappingKeyBlob */,
- const hidl_vec<uint8_t>& /* maskingKey */,
- const hidl_vec<KeyParameter>& /* unwrappingParams */,
- uint64_t /* passwordSid */, uint64_t /* biometricSid */,
- importWrappedKey_cb _hidl_cb) {
- _hidl_cb(ErrorCode::UNIMPLEMENTED, {}, {});
- return Void();
- }
-
- Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
- const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
- exportKey_cb _hidl_cb) override;
- Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
- const hidl_vec<KeyParameter>& attestParams,
- attestKey_cb _hidl_cb) override;
- Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
- const hidl_vec<KeyParameter>& upgradeParams,
- upgradeKey_cb _hidl_cb) override;
- Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override;
- Return<ErrorCode> deleteAllKeys() override;
- Return<ErrorCode> destroyAttestationIds() override;
- Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
- const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
- begin_cb _hidl_cb) override;
- Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
- const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
- const VerificationToken& verificationToken, update_cb _hidl_cb) override;
- Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
- const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
- const HardwareAuthToken& authToken,
- const VerificationToken& verificationToken, finish_cb _hidl_cb) override;
- Return<ErrorCode> abort(uint64_t operationHandle) override;
-
- private:
- void getVersionIfNeeded();
-
- sp<IKeymaster3Device> km3_dev_;
-
- bool haveVersion_;
- VersionResult version_;
- bool supportsSymmetricCryptography_;
- bool supportsAttestation_;
- bool supportsAllDigests_;
-};
-
-} // namespace support
-} // namespace V4_0
-} // namespace keymaster
-} // namespace hardware
-} // namespace android
-
-#endif // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_3_H_
diff --git a/keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h b/keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h
deleted file mode 100644
index dfd03ef..0000000
--- a/keymaster/4.0/support/include/keymasterV4_0/Keymaster4.h
+++ /dev/null
@@ -1,160 +0,0 @@
-/*
- **
- ** Copyright 2017, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- ** http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_4_H_
-#define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_4_H_
-
-#include "Keymaster.h"
-
-namespace android {
-namespace hardware {
-namespace keymaster {
-namespace V4_0 {
-namespace support {
-
-using android::sp;
-using IKeymaster4Device = ::android::hardware::keymaster::V4_0::IKeymasterDevice;
-
-class Keymaster4 : public Keymaster {
- public:
- using WrappedIKeymasterDevice = IKeymaster4Device;
- Keymaster4(sp<IKeymasterDevice> km4_dev, const hidl_string& instanceName)
- : Keymaster(IKeymaster4Device::descriptor, instanceName),
- haveVersion_(false),
- dev_(km4_dev) {}
-
- const VersionResult& halVersion() const override {
- const_cast<Keymaster4*>(this)->getVersionIfNeeded();
- return version_;
- }
-
- Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb) override {
- return dev_->getHardwareInfo(_hidl_cb);
- }
-
- Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override {
- return dev_->getHmacSharingParameters(_hidl_cb);
- }
-
- Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>& params,
- computeSharedHmac_cb _hidl_cb) override {
- return dev_->computeSharedHmac(params, _hidl_cb);
- }
-
- Return<void> verifyAuthorization(uint64_t operationHandle, const hidl_vec<KeyParameter>& params,
- const HardwareAuthToken& authToken,
- verifyAuthorization_cb _hidl_cb) override {
- return dev_->verifyAuthorization(operationHandle, params, authToken, _hidl_cb);
- }
-
- Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override {
- return dev_->addRngEntropy(data);
- }
-
- Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
- generateKey_cb _hidl_cb) override {
- return dev_->generateKey(keyParams, _hidl_cb);
- }
-
- Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
- const hidl_vec<uint8_t>& clientId,
- const hidl_vec<uint8_t>& appData,
- getKeyCharacteristics_cb _hidl_cb) override {
- return dev_->getKeyCharacteristics(keyBlob, clientId, appData, _hidl_cb);
- }
-
- Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
- const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override {
- return dev_->importKey(params, keyFormat, keyData, _hidl_cb);
- }
-
- Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
- const hidl_vec<uint8_t>& wrappingKeyBlob,
- const hidl_vec<uint8_t>& maskingKey,
- const hidl_vec<KeyParameter>& unwrappingParams,
- uint64_t passwordSid, uint64_t biometricSid,
- importWrappedKey_cb _hidl_cb) {
- return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, unwrappingParams,
- passwordSid, biometricSid, _hidl_cb);
- }
-
- Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
- const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
- exportKey_cb _hidl_cb) override {
- return dev_->exportKey(exportFormat, keyBlob, clientId, appData, _hidl_cb);
- }
-
- Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
- const hidl_vec<KeyParameter>& attestParams,
- attestKey_cb _hidl_cb) override {
- return dev_->attestKey(keyToAttest, attestParams, _hidl_cb);
- }
-
- Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
- const hidl_vec<KeyParameter>& upgradeParams,
- upgradeKey_cb _hidl_cb) override {
- return dev_->upgradeKey(keyBlobToUpgrade, upgradeParams, _hidl_cb);
- }
-
- Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override {
- return dev_->deleteKey(keyBlob);
- }
-
- Return<ErrorCode> deleteAllKeys() override { return dev_->deleteAllKeys(); }
-
- Return<ErrorCode> destroyAttestationIds() override { return dev_->destroyAttestationIds(); }
-
- Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
- const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
- begin_cb _hidl_cb) override {
- return dev_->begin(purpose, key, inParams, authToken, _hidl_cb);
- }
-
- Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
- const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
- const VerificationToken& verificationToken, update_cb _hidl_cb) override {
- return dev_->update(operationHandle, inParams, input, authToken, verificationToken,
- _hidl_cb);
- }
-
- Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
- const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
- const HardwareAuthToken& authToken,
- const VerificationToken& verificationToken, finish_cb _hidl_cb) override {
- return dev_->finish(operationHandle, inParams, input, signature, authToken,
- verificationToken, _hidl_cb);
- }
-
- Return<ErrorCode> abort(uint64_t operationHandle) override {
- return dev_->abort(operationHandle);
- }
-
- private:
- void getVersionIfNeeded();
-
- bool haveVersion_;
- VersionResult version_;
- sp<IKeymaster4Device> dev_;
-};
-
-} // namespace support
-} // namespace V4_0
-} // namespace keymaster
-} // namespace hardware
-} // namespace android
-
-#endif // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_4_H_