Merge "Fixed an incorrect path for the include header file in a comment"
diff --git a/include/hardware/hwcomposer.h b/include/hardware/hwcomposer.h
index b78746c..32ba90c 100644
--- a/include/hardware/hwcomposer.h
+++ b/include/hardware/hwcomposer.h
@@ -28,7 +28,10 @@
/*****************************************************************************/
-#define HWC_API_VERSION HARDWARE_DEVICE_API_VERSION(0,2)
+#define HWC_DEVICE_API_VERSION HARDWARE_DEVICE_API_VERSION(0, 2)
+#define HWC_MODULE_API_VERSION HARDWARE_MODULE_API_VERSION(0, 1)
+// for compatibility
+#define HWC_API_VERSION HWC_DEVICE_API_VERSION
/**
* The id of this module
diff --git a/include/hardware/keymaster.h b/include/hardware/keymaster.h
index 3c7799a..e0014c8 100644
--- a/include/hardware/keymaster.h
+++ b/include/hardware/keymaster.h
@@ -39,6 +39,20 @@
*/
#define KEYMASTER_API_VERSION 1
+/**
+ * Flags for keymaster_device::flags
+ */
+enum {
+ /*
+ * Indicates this keymaster implementation does not have hardware that
+ * keeps private keys out of user space.
+ *
+ * This should not be implemented on anything other than the default
+ * implementation.
+ */
+ KEYMASTER_SOFTWARE_ONLY = 0x00000001,
+};
+
struct keystore_module {
hw_module_t common;
};
@@ -85,6 +99,11 @@
uint32_t client_version;
+ /**
+ * See flags defined for keymaster_device::flags above.
+ */
+ uint32_t flags;
+
void* context;
/**
@@ -122,11 +141,27 @@
/**
* Deletes the key pair associated with the key blob.
+ *
+ * This function is optional and should be set to NULL if it is not
+ * implemented.
+ *
+ * Returns 0 on success or an error code less than 0.
*/
int (*delete_keypair)(const struct keymaster_device* dev,
const uint8_t* key_blob, const size_t key_blob_length);
/**
+ * Deletes all keys in the hardware keystore. Used when keystore is
+ * reset completely.
+ *
+ * This function is optional and should be set to NULL if it is not
+ * implemented.
+ *
+ * Returns 0 on success or an error code less than 0.
+ */
+ int (*delete_all)(const struct keymaster_device* dev);
+
+ /**
* Signs data using a key-blob generated before. This can use either
* an asymmetric key or a secret key.
*
diff --git a/tests/keymaster/keymaster_test.cpp b/tests/keymaster/keymaster_test.cpp
index 98e9407..f4cfcd2 100644
--- a/tests/keymaster/keymaster_test.cpp
+++ b/tests/keymaster/keymaster_test.cpp
@@ -751,4 +751,43 @@
<< "Should fail on null signature";
}
+TEST_F(KeymasterTest, EraseAll_Success) {
+ uint8_t *key1_blob, *key2_blob;
+ size_t key1_blob_length, key2_blob_length;
+
+ // Only test this if the device says it supports delete_all
+ if (sDevice->delete_all == NULL) {
+ return;
+ }
+
+ ASSERT_EQ(0,
+ sDevice->import_keypair(sDevice, TEST_SIGN_KEY_1, sizeof(TEST_SIGN_KEY_1),
+ &key1_blob, &key1_blob_length))
+ << "Should successfully import an RSA key";
+ UniqueKey key1(&sDevice, key1_blob, key1_blob_length);
+
+ ASSERT_EQ(0,
+ sDevice->import_keypair(sDevice, TEST_KEY_1, sizeof(TEST_KEY_1),
+ &key2_blob, &key2_blob_length))
+ << "Should successfully import an RSA key";
+ UniqueKey key2(&sDevice, key2_blob, key2_blob_length);
+
+ EXPECT_EQ(0, sDevice->delete_all(sDevice))
+ << "Should erase all keys";
+
+ key1.reset();
+
+ uint8_t* x509_data;
+ size_t x509_data_length;
+ ASSERT_EQ(-1,
+ sDevice->get_keypair_public(sDevice, key1_blob, key1_blob_length,
+ &x509_data, &x509_data_length))
+ << "Should be able to retrieve RSA public key 1 successfully";
+
+ ASSERT_EQ(-1,
+ sDevice->get_keypair_public(sDevice, key2_blob, key2_blob_length,
+ &x509_data, &x509_data_length))
+ << "Should be able to retrieve RSA public key 2 successfully";
+}
+
}