Add support lib wrappers for clients
Test: CtsKeystoreTestCases
Change-Id: I0157df310f85d83cef07282ea80204c035626518
diff --git a/keymaster/4.1/default/Android.bp b/keymaster/4.1/default/Android.bp
index b06878b..27297b9 100644
--- a/keymaster/4.1/default/Android.bp
+++ b/keymaster/4.1/default/Android.bp
@@ -31,6 +31,7 @@
"libhidlbase",
"libkeymaster4",
"libkeymaster41",
+ "libkeymaster4_1support",
"liblog",
"libutils",
],
diff --git a/keymaster/4.1/support/Android.bp b/keymaster/4.1/support/Android.bp
index e4c3d47..bdd0ca8 100644
--- a/keymaster/4.1/support/Android.bp
+++ b/keymaster/4.1/support/Android.bp
@@ -24,6 +24,9 @@
],
srcs: [
"attestation_record.cpp",
+ "Keymaster.cpp",
+ "Keymaster3.cpp",
+ "Keymaster4.cpp",
],
export_include_dirs: ["include"],
shared_libs: [
@@ -34,5 +37,10 @@
"libcrypto",
"libhidlbase",
"libkeymaster4support",
+ "libutils",
+ ],
+ export_shared_lib_headers: [
+ "android.hardware.keymaster@4.1",
+ "libkeymaster4support",
],
}
diff --git a/keymaster/4.1/support/Keymaster.cpp b/keymaster/4.1/support/Keymaster.cpp
new file mode 100644
index 0000000..ea6604e
--- /dev/null
+++ b/keymaster/4.1/support/Keymaster.cpp
@@ -0,0 +1,197 @@
+/*
+ ** Copyright 2018, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ ** http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+#include <keymasterV4_1/Keymaster.h>
+
+#include <iomanip>
+
+#include <android-base/logging.h>
+#include <android/hidl/manager/1.2/IServiceManager.h>
+#include <keymasterV4_0/key_param_output.h>
+#include <keymasterV4_0/keymaster_utils.h>
+#include <keymasterV4_1/Keymaster3.h>
+#include <keymasterV4_1/Keymaster4.h>
+
+namespace android::hardware {
+
+template <class T>
+std::ostream& operator<<(std::ostream& os, const hidl_vec<T>& vec) {
+ os << "{ ";
+ if (vec.size()) {
+ for (size_t i = 0; i < vec.size() - 1; ++i) os << vec[i] << ", ";
+ os << vec[vec.size() - 1];
+ }
+ os << " }";
+ return os;
+}
+
+std::ostream& operator<<(std::ostream& os, const hidl_vec<uint8_t>& vec) {
+ std::ios_base::fmtflags flags(os.flags());
+ os << std::setw(2) << std::setfill('0') << std::hex;
+ for (uint8_t c : vec) os << static_cast<int>(c);
+ os.flags(flags);
+ return os;
+}
+
+template <size_t N>
+std::ostream& operator<<(std::ostream& os, const hidl_array<uint8_t, N>& vec) {
+ std::ios_base::fmtflags flags(os.flags());
+ os << std::setw(2) << std::setfill('0') << std::hex;
+ for (size_t i = 0; i < N; ++i) os << static_cast<int>(vec[i]);
+ os.flags(flags);
+ return os;
+}
+
+namespace keymaster {
+
+namespace V4_0 {
+
+std::ostream& operator<<(std::ostream& os, const HmacSharingParameters& params) {
+ // Note that by design, although seed and nonce are used to compute a secret, they are
+ // not secrets and it's just fine to log them.
+ os << "(seed: " << params.seed << ", nonce: " << params.nonce << ')';
+ return os;
+}
+
+} // namespace V4_0
+
+namespace V4_1::support {
+
+using ::android::sp;
+using ::android::hidl::manager::V1_2::IServiceManager;
+
+std::ostream& operator<<(std::ostream& os, const Keymaster& keymaster) {
+ auto& version = keymaster.halVersion();
+ os << version.keymasterName << " from " << version.authorName
+ << " SecurityLevel: " << toString(version.securityLevel)
+ << " HAL: " << keymaster.descriptor() << "/" << keymaster.instanceName();
+ return os;
+}
+
+template <typename Wrapper>
+Keymaster::KeymasterSet enumerateDevices(const sp<IServiceManager>& serviceManager) {
+ Keymaster::KeymasterSet result;
+
+ bool foundDefault = false;
+ auto& descriptor = Wrapper::WrappedIKeymasterDevice::descriptor;
+ serviceManager->listManifestByInterface(descriptor, [&](const hidl_vec<hidl_string>& names) {
+ for (auto& name : names) {
+ if (name == "default") foundDefault = true;
+ auto device = Wrapper::WrappedIKeymasterDevice::getService(name);
+ CHECK(device) << "Failed to get service for " << descriptor << " with interface name "
+ << name;
+ result.push_back(new Wrapper(device, name));
+ }
+ });
+
+ if (!foundDefault) {
+ // "default" wasn't provided by listManifestByInterface. Maybe there's a passthrough
+ // implementation.
+ auto device = Wrapper::WrappedIKeymasterDevice::getService("default");
+ if (device) result.push_back(new Wrapper(device, "default"));
+ }
+
+ return result;
+}
+
+void Keymaster::logIfKeymasterVendorError(ErrorCode ec) const {
+ static constexpr int32_t k_keymaster_vendor_error_code_range_max = -10000;
+ if (static_cast<int32_t>(ec) <= k_keymaster_vendor_error_code_range_max) {
+ const auto& versionInfo = halVersion();
+ LOG(ERROR) << "Keymaster reported error: " << static_cast<int32_t>(ec) << "\n"
+ << "NOTE: This is an error in the vendor specific error range.\n"
+ << " Refer to the vendor of the implementation for details.\n"
+ << " Implementation name: " << versionInfo.keymasterName << "\n"
+ << " Vendor name: " << versionInfo.authorName << "\n"
+ << " MajorVersion: " << versionInfo.majorVersion;
+ }
+}
+
+Keymaster::KeymasterSet Keymaster::enumerateAvailableDevices() {
+ auto serviceManager = IServiceManager::getService();
+ CHECK(serviceManager) << "Could not retrieve ServiceManager";
+
+ auto km4s = enumerateDevices<Keymaster4>(serviceManager);
+ auto km3s = enumerateDevices<Keymaster3>(serviceManager);
+
+ auto result = std::move(km4s);
+ result.insert(result.end(), std::make_move_iterator(km3s.begin()),
+ std::make_move_iterator(km3s.end()));
+
+ std::sort(result.begin(), result.end(),
+ [](auto& a, auto& b) { return a->halVersion() > b->halVersion(); });
+
+ size_t i = 1;
+ LOG(INFO) << "List of Keymaster HALs found:";
+ for (auto& hal : result) LOG(INFO) << "Keymaster HAL #" << i++ << ": " << *hal;
+
+ return result;
+}
+
+static hidl_vec<HmacSharingParameters> getHmacParameters(
+ const Keymaster::KeymasterSet& keymasters) {
+ std::vector<HmacSharingParameters> params_vec;
+ params_vec.reserve(keymasters.size());
+ for (auto& keymaster : keymasters) {
+ if (keymaster->halVersion().majorVersion < 4) continue;
+ auto rc = keymaster->getHmacSharingParameters([&](auto error, auto& params) {
+ CHECK(error == V4_0::ErrorCode::OK)
+ << "Failed to get HMAC parameters from " << *keymaster << " error " << error;
+ params_vec.push_back(params);
+ });
+ CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster
+ << " error: " << rc.description();
+ }
+ std::sort(params_vec.begin(), params_vec.end());
+
+ return params_vec;
+}
+
+static void computeHmac(const Keymaster::KeymasterSet& keymasters,
+ const hidl_vec<HmacSharingParameters>& params) {
+ if (!params.size()) return;
+
+ hidl_vec<uint8_t> sharingCheck;
+ bool firstKeymaster = true;
+ LOG(DEBUG) << "Computing HMAC with params " << params;
+ for (auto& keymaster : keymasters) {
+ if (keymaster->halVersion().majorVersion < 4) continue;
+ LOG(DEBUG) << "Computing HMAC for " << *keymaster;
+ auto rc = keymaster->computeSharedHmac(
+ params, [&](V4_0::ErrorCode error, const hidl_vec<uint8_t>& curSharingCheck) {
+ CHECK(error == V4_0::ErrorCode::OK) << "Failed to get HMAC parameters from "
+ << *keymaster << " error " << error;
+ if (firstKeymaster) {
+ sharingCheck = curSharingCheck;
+ firstKeymaster = false;
+ }
+ if (curSharingCheck != sharingCheck)
+ LOG(WARNING) << "HMAC computation failed for " << *keymaster //
+ << " Expected: " << sharingCheck //
+ << " got: " << curSharingCheck;
+ });
+ CHECK(rc.isOk()) << "Failed to communicate with " << *keymaster
+ << " error: " << rc.description();
+ }
+}
+
+void Keymaster::performHmacKeyAgreement(const KeymasterSet& keymasters) {
+ computeHmac(keymasters, getHmacParameters(keymasters));
+}
+
+} // namespace V4_1::support
+} // namespace keymaster
+} // namespace android::hardware
diff --git a/keymaster/4.1/support/Keymaster3.cpp b/keymaster/4.1/support/Keymaster3.cpp
new file mode 100644
index 0000000..b665689
--- /dev/null
+++ b/keymaster/4.1/support/Keymaster3.cpp
@@ -0,0 +1,286 @@
+/*
+ **
+ ** Copyright 2017, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ ** http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+#include <keymasterV4_1/Keymaster3.h>
+
+#include <android-base/logging.h>
+#include <keymasterV4_0/keymaster_utils.h>
+
+namespace android::hardware::keymaster::V4_1::support {
+
+using android::hardware::details::StatusOf;
+
+namespace {
+
+V4_0::ErrorCode convert(V3_0::ErrorCode error) {
+ return static_cast<V4_0::ErrorCode>(error);
+}
+
+V3_0::KeyPurpose convert(KeyPurpose purpose) {
+ return static_cast<V3_0::KeyPurpose>(purpose);
+}
+
+V3_0::KeyFormat convert(KeyFormat purpose) {
+ return static_cast<V3_0::KeyFormat>(purpose);
+}
+
+V3_0::KeyParameter convert(const KeyParameter& param) {
+ V3_0::KeyParameter converted;
+ converted.tag = static_cast<V3_0::Tag>(param.tag);
+ static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
+ memcpy(&converted.f, ¶m.f, sizeof(param.f));
+ converted.blob = param.blob;
+ return converted;
+}
+
+KeyParameter convert(const V3_0::KeyParameter& param) {
+ KeyParameter converted;
+ converted.tag = static_cast<V4_0::Tag>(param.tag);
+ static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
+ memcpy(&converted.f, ¶m.f, sizeof(param.f));
+ converted.blob = param.blob;
+ return converted;
+}
+
+hidl_vec<V3_0::KeyParameter> convert(const hidl_vec<KeyParameter>& params) {
+ hidl_vec<V3_0::KeyParameter> converted(params.size());
+ for (size_t i = 0; i < params.size(); ++i) {
+ converted[i] = convert(params[i]);
+ }
+ return converted;
+}
+
+hidl_vec<KeyParameter> convert(const hidl_vec<V3_0::KeyParameter>& params) {
+ hidl_vec<KeyParameter> converted(params.size());
+ for (size_t i = 0; i < params.size(); ++i) {
+ converted[i] = convert(params[i]);
+ }
+ return converted;
+}
+
+template <typename T, typename OutIter>
+inline static OutIter copy_bytes_to_iterator(const T& value, OutIter dest) {
+ const uint8_t* value_ptr = reinterpret_cast<const uint8_t*>(&value);
+ return std::copy(value_ptr, value_ptr + sizeof(value), dest);
+}
+
+hidl_vec<V3_0::KeyParameter> convertAndAddAuthToken(const hidl_vec<KeyParameter>& params,
+ const HardwareAuthToken& authToken) {
+ hidl_vec<V3_0::KeyParameter> converted(params.size() + 1);
+ for (size_t i = 0; i < params.size(); ++i) {
+ converted[i] = convert(params[i]);
+ }
+ converted[params.size()].tag = V3_0::Tag::AUTH_TOKEN;
+ converted[params.size()].blob = V4_0::support::authToken2HidlVec(authToken);
+
+ return converted;
+}
+
+KeyCharacteristics convert(const V3_0::KeyCharacteristics& chars) {
+ KeyCharacteristics converted;
+ converted.hardwareEnforced = convert(chars.teeEnforced);
+ converted.softwareEnforced = convert(chars.softwareEnforced);
+ return converted;
+}
+
+} // namespace
+
+void Keymaster3::getVersionIfNeeded() {
+ if (haveVersion_) return;
+
+ auto rc = km3_dev_->getHardwareFeatures(
+ [&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
+ bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName,
+ const hidl_string& keymasterAuthorName) {
+ version_ = {keymasterName,
+ keymasterAuthorName,
+ 0 /* major version, filled below */,
+ 0 /* minor version */,
+ isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE,
+ supportsEllipticCurve};
+ supportsSymmetricCryptography_ = supportsSymmetricCryptography;
+ supportsAttestation_ = supportsAttestation;
+ supportsAllDigests_ = supportsAllDigests;
+ });
+
+ CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features";
+
+ if (version_.securityLevel == SecurityLevel::SOFTWARE) {
+ version_.majorVersion = 3;
+ } else if (supportsAttestation_) {
+ version_.majorVersion = 3; // Could be 2, doesn't matter.
+ } else if (supportsSymmetricCryptography_) {
+ version_.majorVersion = 1;
+ } else {
+ version_.majorVersion = 0;
+ }
+}
+
+Return<void> Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb) {
+ getVersionIfNeeded();
+ _hidl_cb(version_.securityLevel,
+ std::string(version_.keymasterName) + " (wrapped by keystore::Keymaster3)",
+ version_.authorName);
+ return Void();
+}
+
+Return<V4_0::ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) {
+ auto rc = km3_dev_->addRngEntropy(data);
+ if (!rc.isOk()) {
+ return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
+ }
+ return convert(rc);
+}
+
+Return<void> Keymaster3::generateKey(const hidl_vec<KeyParameter>& keyParams,
+ generateKey_cb _hidl_cb) {
+ auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
+ const V3_0::KeyCharacteristics& characteristics) {
+ _hidl_cb(convert(error), keyBlob, convert(characteristics));
+ };
+ auto rc = km3_dev_->generateKey(convert(keyParams), cb);
+ rc.isOk(); // move ctor prereq
+ return rc;
+}
+
+Return<void> Keymaster3::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId,
+ const hidl_vec<uint8_t>& appData,
+ getKeyCharacteristics_cb _hidl_cb) {
+ auto cb = [&](V3_0::ErrorCode error, const V3_0::KeyCharacteristics& chars) {
+ _hidl_cb(convert(error), convert(chars));
+ };
+
+ auto rc = km3_dev_->getKeyCharacteristics(keyBlob, clientId, appData, cb);
+ rc.isOk(); // move ctor prereq
+ return rc;
+}
+
+Return<void> Keymaster3::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
+ const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) {
+ auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
+ const V3_0::KeyCharacteristics& chars) {
+ _hidl_cb(convert(error), keyBlob, convert(chars));
+ };
+ auto rc = km3_dev_->importKey(convert(params), convert(keyFormat), keyData, cb);
+ rc.isOk(); // move ctor prereq
+ return rc;
+}
+
+Return<void> Keymaster3::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId,
+ const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) {
+ auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& keyMaterial) {
+ _hidl_cb(convert(error), keyMaterial);
+ };
+ auto rc = km3_dev_->exportKey(convert(exportFormat), keyBlob, clientId, appData, cb);
+ rc.isOk(); // move ctor prereq
+ return rc;
+}
+
+Return<void> Keymaster3::attestKey(const hidl_vec<uint8_t>& keyToAttest,
+ const hidl_vec<KeyParameter>& attestParams,
+ attestKey_cb _hidl_cb) {
+ auto cb = [&](V3_0::ErrorCode error, const hidl_vec<hidl_vec<uint8_t>>& certChain) {
+ _hidl_cb(convert(error), certChain);
+ };
+ auto rc = km3_dev_->attestKey(keyToAttest, convert(attestParams), cb);
+ rc.isOk(); // move ctor prereq
+ return rc;
+}
+
+Return<void> Keymaster3::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
+ const hidl_vec<KeyParameter>& upgradeParams,
+ upgradeKey_cb _hidl_cb) {
+ auto cb = [&](V3_0::ErrorCode error, const hidl_vec<uint8_t>& upgradedKeyBlob) {
+ _hidl_cb(convert(error), upgradedKeyBlob);
+ };
+ auto rc = km3_dev_->upgradeKey(keyBlobToUpgrade, convert(upgradeParams), cb);
+ rc.isOk(); // move ctor prereq
+ return rc;
+}
+
+Return<V4_0::ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
+ auto rc = km3_dev_->deleteKey(keyBlob);
+ if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
+ return convert(rc);
+}
+
+Return<V4_0::ErrorCode> Keymaster3::deleteAllKeys() {
+ auto rc = km3_dev_->deleteAllKeys();
+ if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
+ return convert(rc);
+}
+
+Return<V4_0::ErrorCode> Keymaster3::destroyAttestationIds() {
+ auto rc = km3_dev_->destroyAttestationIds();
+ if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
+ return convert(rc);
+}
+
+Return<void> Keymaster3::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
+ const hidl_vec<KeyParameter>& inParams,
+ const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
+ auto cb = [&](V3_0::ErrorCode error, const hidl_vec<V3_0::KeyParameter>& outParams,
+ OperationHandle operationHandle) {
+ _hidl_cb(convert(error), convert(outParams), operationHandle);
+ };
+
+ auto rc =
+ km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb);
+ rc.isOk(); // move ctor prereq
+ return rc;
+}
+
+Return<void> Keymaster3::update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
+ const VerificationToken& /* verificationToken */,
+ update_cb _hidl_cb) {
+ auto cb = [&](V3_0::ErrorCode error, uint32_t inputConsumed,
+ const hidl_vec<V3_0::KeyParameter>& outParams, const hidl_vec<uint8_t>& output) {
+ _hidl_cb(convert(error), inputConsumed, convert(outParams), output);
+ };
+
+ auto rc = km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input,
+ cb);
+ rc.isOk(); // move ctor prereq
+ return rc;
+}
+
+Return<void> Keymaster3::finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
+ const HardwareAuthToken& authToken,
+ const VerificationToken& /* verificationToken */,
+ finish_cb _hidl_cb) {
+ auto cb = [&](V3_0::ErrorCode error, const hidl_vec<V3_0::KeyParameter>& outParams,
+ const hidl_vec<uint8_t>& output) {
+ _hidl_cb(convert(error), convert(outParams), output);
+ };
+
+ auto rc = km3_dev_->finish(operationHandle, convertAndAddAuthToken(inParams, authToken), input,
+ signature, cb);
+ rc.isOk(); // move ctor prereq
+ return rc;
+}
+
+Return<V4_0::ErrorCode> Keymaster3::abort(uint64_t operationHandle) {
+ auto rc = km3_dev_->abort(operationHandle);
+ if (!rc.isOk()) return StatusOf<V3_0::ErrorCode, V4_0::ErrorCode>(rc);
+ return convert(rc);
+}
+
+} // namespace android::hardware::keymaster::V4_1::support
diff --git a/keymaster/4.1/support/Keymaster4.cpp b/keymaster/4.1/support/Keymaster4.cpp
new file mode 100644
index 0000000..33f4bb1
--- /dev/null
+++ b/keymaster/4.1/support/Keymaster4.cpp
@@ -0,0 +1,41 @@
+/*
+** Copyright 2017, The Android Open Source Project
+**
+** Licensed under the Apache License, Version 2.0 (the "License");
+** you may not use this file except in compliance with the License.
+** You may obtain a copy of the License at
+**
+** http://www.apache.org/licenses/LICENSE-2.0
+**
+** Unless required by applicable law or agreed to in writing, software
+** distributed under the License is distributed on an "AS IS" BASIS,
+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+** See the License for the specific language governing permissions and
+** limitations under the License.
+*/
+
+#include <keymasterV4_1/Keymaster4.h>
+
+#include <android-base/logging.h>
+
+namespace android::hardware::keymaster::V4_1::support {
+
+void Keymaster4::getVersionIfNeeded() {
+ if (haveVersion_) return;
+
+ auto rc = km4_0_dev_->getHardwareInfo([&](SecurityLevel securityLevel,
+ const hidl_string& keymasterName,
+ const hidl_string& authorName) {
+ version_ = {keymasterName,
+ authorName,
+ 4 /* major version */,
+ static_cast<uint8_t>((km4_1_dev_) ? 1 : 0) /* minor version */,
+ securityLevel,
+ true /* supportsEc */};
+ haveVersion_ = true;
+ });
+
+ CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware info";
+}
+
+} // namespace android::hardware::keymaster::V4_1::support
diff --git a/keymaster/4.1/support/include/keymasterV4_1/Keymaster.h b/keymaster/4.1/support/include/keymasterV4_1/Keymaster.h
new file mode 100644
index 0000000..1f49e18
--- /dev/null
+++ b/keymaster/4.1/support/include/keymasterV4_1/Keymaster.h
@@ -0,0 +1,101 @@
+/*
+ **
+ ** Copyright 2017, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ ** http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+#pragma once
+
+#include <memory>
+#include <vector>
+
+#include <android/hardware/keymaster/4.1/IKeymasterDevice.h>
+#include <keymasterV4_1/keymaster_tags.h>
+
+namespace android::hardware::keymaster::V4_1::support {
+
+/**
+ * Keymaster abstracts the underlying V4_1::IKeymasterDevice. There are two implementations,
+ * Keymaster3 which wraps a V3_0::IKeymasterDevice and Keymaster4, which wraps either a
+ * V4_0::IKeymasterDevice or a V4_1::IKeymasterDevice. There is a V3_0::IKeymasterDevice
+ * implementation that is used to wrap pre-HIDL keymaster implementations, and Keymaster3 will wrap
+ * that.
+ *
+ * The reason for adding this additional layer, rather than simply using the latest HAL directly and
+ * subclassing it to wrap any older HAL, is because this provides a place to put additional methods
+ * which clients can use when they need to distinguish between different underlying HAL versions,
+ * while still having to use only the latest interface. Plus it's a handy place to keep some
+ * convenience methods.
+ */
+class Keymaster : public IKeymasterDevice {
+ public:
+ using KeymasterSet = std::vector<android::sp<Keymaster>>;
+
+ Keymaster(const hidl_string& descriptor, const hidl_string& instanceName)
+ : descriptor_(descriptor), instanceName_(instanceName) {}
+ virtual ~Keymaster() {}
+
+ struct VersionResult {
+ hidl_string keymasterName;
+ hidl_string authorName;
+ uint8_t majorVersion;
+ uint8_t minorVersion;
+ SecurityLevel securityLevel;
+ bool supportsEc;
+
+ bool operator>(const VersionResult& other) const {
+ auto lhs = std::tie(securityLevel, majorVersion, minorVersion, supportsEc);
+ auto rhs = std::tie(other.securityLevel, other.majorVersion, other.minorVersion,
+ other.supportsEc);
+ return lhs > rhs;
+ }
+ };
+
+ virtual const VersionResult& halVersion() const = 0;
+ const hidl_string& descriptor() const { return descriptor_; }
+ const hidl_string& instanceName() const { return instanceName_; }
+
+ /**
+ * If ec is in the vendor error code range (<-10000), logs the fact to logcat.
+ * There are no side effects otherwise.
+ */
+ void logIfKeymasterVendorError(ErrorCode ec) const;
+ void logIfKeymasterVendorError(V4_0::ErrorCode ec) const {
+ logIfKeymasterVendorError(static_cast<ErrorCode>(ec));
+ }
+
+ /**
+ * Returns all available Keymaster3 and Keymaster4 instances, in order of most secure to least
+ * secure (as defined by VersionResult::operator<).
+ */
+ static KeymasterSet enumerateAvailableDevices();
+
+ /**
+ * Ask provided Keymaster instances to compute a shared HMAC key using
+ * getHmacSharingParameters() and computeSharedHmac(). This computation is idempotent as long
+ * as the same set of Keymaster instances is used each time (and if all of the instances work
+ * correctly). It must be performed once per boot, but should do no harm to be repeated.
+ *
+ * If key agreement fails, this method will crash the process (with CHECK).
+ */
+ static void performHmacKeyAgreement(const KeymasterSet& keymasters);
+
+ private:
+ hidl_string descriptor_;
+ hidl_string instanceName_;
+};
+
+std::ostream& operator<<(std::ostream& os, const Keymaster& keymaster);
+
+} // namespace android::hardware::keymaster::V4_1::support
diff --git a/keymaster/4.1/support/include/keymasterV4_1/Keymaster3.h b/keymaster/4.1/support/include/keymasterV4_1/Keymaster3.h
new file mode 100644
index 0000000..c201e8c
--- /dev/null
+++ b/keymaster/4.1/support/include/keymasterV4_1/Keymaster3.h
@@ -0,0 +1,148 @@
+/*
+ ** Copyright 2017, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ ** http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+#pragma once
+
+#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
+
+#include "Keymaster.h"
+#include "Operation.h"
+
+namespace android::hardware::keymaster::V4_1::support {
+
+using IKeymaster3Device = ::android::hardware::keymaster::V3_0::IKeymasterDevice;
+
+using ::android::sp;
+using ::android::hardware::hidl_string;
+using ::android::hardware::hidl_vec;
+using ::android::hardware::Return;
+using ::android::hardware::Void;
+using ::android::hardware::details::return_status;
+
+class Keymaster3 : public Keymaster {
+ public:
+ // This definition is used for device enumeration.
+ using WrappedIKeymasterDevice = IKeymaster3Device;
+
+ Keymaster3(sp<IKeymaster3Device> km3_dev, const hidl_string& instanceName)
+ : Keymaster(IKeymaster3Device::descriptor, instanceName),
+ km3_dev_(km3_dev),
+ haveVersion_(false) {}
+
+ const VersionResult& halVersion() const override {
+ const_cast<Keymaster3*>(this)->getVersionIfNeeded();
+ return version_;
+ }
+
+ Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb);
+
+ Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override {
+ _hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {});
+ return Void();
+ }
+
+ Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>&,
+ computeSharedHmac_cb _hidl_cb) override {
+ _hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {});
+ return Void();
+ }
+
+ Return<void> verifyAuthorization(uint64_t, const hidl_vec<KeyParameter>&,
+ const HardwareAuthToken&,
+ verifyAuthorization_cb _hidl_cb) override {
+ _hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {});
+ return Void();
+ }
+
+ Return<V4_0::ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override;
+ Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
+ generateKey_cb _hidl_cb) override;
+ Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId,
+ const hidl_vec<uint8_t>& appData,
+ getKeyCharacteristics_cb _hidl_cb) override;
+ Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
+ const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override;
+
+ Return<void> importWrappedKey(const hidl_vec<uint8_t>& /* wrappedKeyData */,
+ const hidl_vec<uint8_t>& /* wrappingKeyBlob */,
+ const hidl_vec<uint8_t>& /* maskingKey */,
+ const hidl_vec<KeyParameter>& /* unwrappingParams */,
+ uint64_t /* passwordSid */, uint64_t /* biometricSid */,
+ importWrappedKey_cb _hidl_cb) {
+ _hidl_cb(V4_0::ErrorCode::UNIMPLEMENTED, {}, {});
+ return Void();
+ }
+
+ Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
+ exportKey_cb _hidl_cb) override;
+ Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
+ const hidl_vec<KeyParameter>& attestParams,
+ attestKey_cb _hidl_cb) override;
+ Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
+ const hidl_vec<KeyParameter>& upgradeParams,
+ upgradeKey_cb _hidl_cb) override;
+ Return<V4_0::ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override;
+ Return<V4_0::ErrorCode> deleteAllKeys() override;
+ Return<V4_0::ErrorCode> destroyAttestationIds() override;
+ Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
+ const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
+ begin_cb _hidl_cb) override;
+ Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
+ const VerificationToken& verificationToken, update_cb _hidl_cb) override;
+ Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
+ const HardwareAuthToken& authToken,
+ const VerificationToken& verificationToken, finish_cb _hidl_cb) override;
+ Return<V4_0::ErrorCode> abort(uint64_t operationHandle) override;
+
+ /**********************************
+ * V4_1::IKeymasterDevice methods *
+ *********************************/
+
+ Return<ErrorCode> deviceLocked(bool /* passwordOnly */,
+ const VerificationToken& /* verificationToken */) override {
+ return ErrorCode::UNIMPLEMENTED;
+ }
+
+ Return<ErrorCode> earlyBootEnded() override { return ErrorCode::UNIMPLEMENTED; }
+
+ Return<void> beginOp(KeyPurpose purpose, const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
+ beginOp_cb _hidl_cb) override {
+ return begin(purpose, keyBlob, inParams, authToken,
+ [&_hidl_cb](V4_0::ErrorCode errorCode, const hidl_vec<KeyParameter>& outParams,
+ OperationHandle operationHandle) {
+ _hidl_cb(static_cast<ErrorCode>(errorCode), outParams,
+ new Operation(operationHandle));
+ });
+ }
+
+ private:
+ void getVersionIfNeeded();
+
+ sp<IKeymaster3Device> km3_dev_;
+
+ bool haveVersion_;
+ VersionResult version_;
+ bool supportsSymmetricCryptography_;
+ bool supportsAttestation_;
+ bool supportsAllDigests_;
+};
+
+} // namespace android::hardware::keymaster::V4_1::support
diff --git a/keymaster/4.1/support/include/keymasterV4_1/Keymaster4.h b/keymaster/4.1/support/include/keymasterV4_1/Keymaster4.h
new file mode 100644
index 0000000..6d74d98
--- /dev/null
+++ b/keymaster/4.1/support/include/keymasterV4_1/Keymaster4.h
@@ -0,0 +1,197 @@
+/*
+ ** Copyright 2020, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ ** http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+#pragma once
+
+#include "Keymaster.h"
+#include "Operation.h"
+
+namespace android::hardware::keymaster::V4_1::support {
+
+using android::sp;
+
+/**
+ * This class can wrap either a V4_0 or V4_1 IKeymasterDevice.
+ */
+class Keymaster4 : public Keymaster {
+ public:
+ // This definition is used for device enumeration; enumerating 4.0 devices will also
+ // enumerate 4.1. devices.
+ using WrappedIKeymasterDevice = V4_0::IKeymasterDevice;
+
+ Keymaster4(sp<V4_1::IKeymasterDevice> km4_1_dev, const hidl_string& instanceName)
+ : Keymaster(V4_1::IKeymasterDevice::descriptor, instanceName),
+ haveVersion_(false),
+ km4_0_dev_(km4_1_dev),
+ km4_1_dev_(km4_1_dev) {}
+
+ Keymaster4(sp<V4_0::IKeymasterDevice> km4_0_dev, const hidl_string& instanceName)
+ : Keymaster(V4_1::IKeymasterDevice::descriptor, instanceName),
+ haveVersion_(false),
+ km4_0_dev_(km4_0_dev),
+ km4_1_dev_() {}
+
+ const VersionResult& halVersion() const override {
+ const_cast<Keymaster4*>(this)->getVersionIfNeeded();
+ return version_;
+ }
+
+ /**********************************
+ * V4_0::IKeymasterDevice methods *
+ *********************************/
+
+ Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb) override {
+ return km4_0_dev_->getHardwareInfo(_hidl_cb);
+ }
+
+ Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override {
+ return km4_0_dev_->getHmacSharingParameters(_hidl_cb);
+ }
+
+ Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>& params,
+ computeSharedHmac_cb _hidl_cb) override {
+ return km4_0_dev_->computeSharedHmac(params, _hidl_cb);
+ }
+
+ Return<void> verifyAuthorization(uint64_t operationHandle, const hidl_vec<KeyParameter>& params,
+ const HardwareAuthToken& authToken,
+ verifyAuthorization_cb _hidl_cb) override {
+ return km4_0_dev_->verifyAuthorization(operationHandle, params, authToken, _hidl_cb);
+ }
+
+ Return<V4_0::ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override {
+ return km4_0_dev_->addRngEntropy(data);
+ }
+
+ Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
+ generateKey_cb _hidl_cb) override {
+ return km4_0_dev_->generateKey(keyParams, _hidl_cb);
+ }
+
+ Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId,
+ const hidl_vec<uint8_t>& appData,
+ getKeyCharacteristics_cb _hidl_cb) override {
+ return km4_0_dev_->getKeyCharacteristics(keyBlob, clientId, appData, _hidl_cb);
+ }
+
+ Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
+ const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override {
+ return km4_0_dev_->importKey(params, keyFormat, keyData, _hidl_cb);
+ }
+
+ Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
+ const hidl_vec<uint8_t>& wrappingKeyBlob,
+ const hidl_vec<uint8_t>& maskingKey,
+ const hidl_vec<KeyParameter>& unwrappingParams,
+ uint64_t passwordSid, uint64_t biometricSid,
+ importWrappedKey_cb _hidl_cb) {
+ return km4_0_dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey,
+ unwrappingParams, passwordSid, biometricSid, _hidl_cb);
+ }
+
+ Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
+ exportKey_cb _hidl_cb) override {
+ return km4_0_dev_->exportKey(exportFormat, keyBlob, clientId, appData, _hidl_cb);
+ }
+
+ Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
+ const hidl_vec<KeyParameter>& attestParams,
+ attestKey_cb _hidl_cb) override {
+ return km4_0_dev_->attestKey(keyToAttest, attestParams, _hidl_cb);
+ }
+
+ Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
+ const hidl_vec<KeyParameter>& upgradeParams,
+ upgradeKey_cb _hidl_cb) override {
+ return km4_0_dev_->upgradeKey(keyBlobToUpgrade, upgradeParams, _hidl_cb);
+ }
+
+ Return<V4_0::ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override {
+ return km4_0_dev_->deleteKey(keyBlob);
+ }
+
+ Return<V4_0::ErrorCode> deleteAllKeys() override { return km4_0_dev_->deleteAllKeys(); }
+
+ Return<V4_0::ErrorCode> destroyAttestationIds() override {
+ return km4_0_dev_->destroyAttestationIds();
+ }
+
+ Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
+ const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
+ begin_cb _hidl_cb) override {
+ return km4_0_dev_->begin(purpose, key, inParams, authToken, _hidl_cb);
+ }
+
+ Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
+ const VerificationToken& verificationToken, update_cb _hidl_cb) override {
+ return km4_0_dev_->update(operationHandle, inParams, input, authToken, verificationToken,
+ _hidl_cb);
+ }
+
+ Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
+ const HardwareAuthToken& authToken,
+ const VerificationToken& verificationToken, finish_cb _hidl_cb) override {
+ return km4_0_dev_->finish(operationHandle, inParams, input, signature, authToken,
+ verificationToken, _hidl_cb);
+ }
+
+ Return<V4_0::ErrorCode> abort(uint64_t operationHandle) override {
+ return km4_0_dev_->abort(operationHandle);
+ }
+
+ /**********************************
+ * V4_1::IKeymasterDevice methods *
+ *********************************/
+
+ Return<ErrorCode> deviceLocked(bool passwordOnly,
+ const VerificationToken& verificationToken) override {
+ if (km4_1_dev_) return km4_1_dev_->deviceLocked(passwordOnly, verificationToken);
+ return ErrorCode::UNIMPLEMENTED;
+ }
+
+ Return<ErrorCode> earlyBootEnded() override {
+ if (km4_1_dev_) return km4_1_dev_->earlyBootEnded();
+ return ErrorCode::UNIMPLEMENTED;
+ }
+
+ Return<void> beginOp(KeyPurpose purpose, const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
+ beginOp_cb _hidl_cb) override {
+ if (km4_1_dev_) return km4_1_dev_->beginOp(purpose, keyBlob, inParams, authToken, _hidl_cb);
+
+ return km4_0_dev_->begin(
+ purpose, keyBlob, inParams, authToken,
+ [&_hidl_cb](V4_0::ErrorCode errorCode, const hidl_vec<KeyParameter>& outParams,
+ OperationHandle operationHandle) {
+ _hidl_cb(static_cast<ErrorCode>(errorCode), outParams,
+ new Operation(operationHandle));
+ });
+ }
+
+ private:
+ void getVersionIfNeeded();
+
+ bool haveVersion_;
+ VersionResult version_;
+ sp<V4_0::IKeymasterDevice> km4_0_dev_;
+ sp<V4_1::IKeymasterDevice> km4_1_dev_;
+}; // namespace android::hardware::keymaster::V4_1::support
+
+} // namespace android::hardware::keymaster::V4_1::support
diff --git a/keymaster/4.1/support/include/keymasterV4_1/Operation.h b/keymaster/4.1/support/include/keymasterV4_1/Operation.h
new file mode 100644
index 0000000..902d49a
--- /dev/null
+++ b/keymaster/4.1/support/include/keymasterV4_1/Operation.h
@@ -0,0 +1,38 @@
+/*
+ ** Copyright 2020, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ ** http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+#pragma once
+
+#include <android/hardware/keymaster/4.1/IOperation.h>
+
+#include <keymasterV4_1/keymaster_tags.h>
+
+namespace android::hardware::keymaster::V4_1::support {
+
+class Operation : public IOperation {
+ public:
+ Operation(OperationHandle handle) : handle_(handle) {}
+
+ Return<void> getOperationChallenge(getOperationChallenge_cb _hidl_cb) override {
+ _hidl_cb(V4_1::ErrorCode::OK, handle_);
+ return Void();
+ }
+
+ private:
+ OperationHandle handle_;
+};
+
+} // namespace android::hardware::keymaster::V4_1::support
diff --git a/keymaster/4.1/support/include/keymasterV4_1/authorization_set.h b/keymaster/4.1/support/include/keymasterV4_1/authorization_set.h
index afc0eaf..01605b7 100644
--- a/keymaster/4.1/support/include/keymasterV4_1/authorization_set.h
+++ b/keymaster/4.1/support/include/keymasterV4_1/authorization_set.h
@@ -14,8 +14,7 @@
* limitations under the License.
*/
-#ifndef HARDWARE_INTERFACES_KEYMASTER_V4_1_SUPPORT_INCLUDE_AUTHORIZATION_SET_H_
-#define HARDWARE_INTERFACES_KEYMASTER_V4_1_SUPPORT_INCLUDE_AUTHORIZATION_SET_H_
+#pragma once
#include <keymasterV4_0/authorization_set.h>
@@ -28,5 +27,3 @@
using V4_0::KeyParameter;
} // namespace android::hardware::keymaster::V4_1
-
-#endif // HARDWARE_INTERFACES_KEYMASTER_V4_1_SUPPORT_INCLUDE_AUTHORIZATION_SET_H_
diff --git a/keymaster/4.1/support/include/keymasterV4_1/keymaster_tags.h b/keymaster/4.1/support/include/keymasterV4_1/keymaster_tags.h
index a90ad8e..c5ce950 100644
--- a/keymaster/4.1/support/include/keymasterV4_1/keymaster_tags.h
+++ b/keymaster/4.1/support/include/keymasterV4_1/keymaster_tags.h
@@ -23,19 +23,26 @@
namespace android::hardware::keymaster::V4_1 {
+using V4_0::Algorithm;
using V4_0::BlockMode;
using V4_0::Digest;
using V4_0::EcCurve;
+using V4_0::HardwareAuthenticatorType;
using V4_0::HardwareAuthToken;
+using V4_0::HmacSharingParameters;
+using V4_0::KeyBlobUsageRequirements;
using V4_0::KeyCharacteristics;
+using V4_0::KeyFormat;
using V4_0::KeyOrigin;
using V4_0::KeyParameter;
using V4_0::KeyPurpose;
+using V4_0::OperationHandle;
using V4_0::PaddingMode;
using V4_0::SecurityLevel;
using V4_0::TagType;
using V4_0::VerificationToken;
+using V4_0::NullOr;
using V4_0::TypedTag;
using V4_0::TAG_ACTIVE_DATETIME;
diff --git a/keymaster/4.1/support/include/keymasterV4_1/keymaster_utils.h b/keymaster/4.1/support/include/keymasterV4_1/keymaster_utils.h
new file mode 100644
index 0000000..2e28002
--- /dev/null
+++ b/keymaster/4.1/support/include/keymasterV4_1/keymaster_utils.h
@@ -0,0 +1,26 @@
+/*
+ * Copyright (C) 2020 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#pragma once
+
+#include <keymasterV4_0/keymaster_utils.h>
+
+namespace android::hardware::keymaster::V4_1::support {
+
+using V4_0::support::blob2hidlVec;
+using V4_0::support::hidlVec2AuthToken;
+
+} // namespace android::hardware::keymaster::V4_1::support