Merge "Making software km implementation both backup and default"
diff --git a/identity/Android.bp b/identity/Android.bp
index 240e107..ad9bd72 100644
--- a/identity/Android.bp
+++ b/identity/Android.bp
@@ -37,6 +37,7 @@
"libhidlbase",
"android.hardware.identity-support-lib",
"libkeymaster4support",
+ "libkeystore-attestation-application-id",
],
static_libs: [
"libcppbor",
diff --git a/identity/WritableCredential.cpp b/identity/WritableCredential.cpp
index f58ec16..86c604d 100644
--- a/identity/WritableCredential.cpp
+++ b/identity/WritableCredential.cpp
@@ -17,15 +17,12 @@
#define LOG_TAG "WritableCredential"
#include <android-base/logging.h>
-
#include <android/hardware/identity/support/IdentityCredentialSupport.h>
-
#include <android/security/identity/ICredentialStore.h>
-
#include <binder/IPCThreadState.h>
-
#include <cppbor.h>
#include <cppbor_parse.h>
+#include <keystore/keystore_attestation_id.h>
#include "CredentialData.h"
#include "Util.h"
@@ -60,11 +57,23 @@
return Status::ok();
}
+ const int32_t callingUid = IPCThreadState::self()->getCallingUid();
+ auto asn1AttestationId = android::security::gather_attestation_application_id(callingUid);
+ if (!asn1AttestationId.isOk()) {
+ LOG(ERROR) << "Failed gathering AttestionApplicationId";
+ return Status::fromServiceSpecificError(ICredentialStore::ERROR_GENERIC,
+ "Failed gathering AttestionApplicationId");
+ }
+
Result result;
halBinder_->getAttestationCertificate(
- challenge, [&](const Result& _result, const hidl_vec<uint8_t>& _attestationCertificate) {
+ asn1AttestationId.value(), challenge,
+ [&](const Result& _result, const hidl_vec<hidl_vec<uint8_t>>& _splitCerts) {
result = _result;
- attestationCertificate = _attestationCertificate;
+ vector<vector<uint8_t>> splitCerts;
+ std::copy(_splitCerts.begin(), _splitCerts.end(), std::back_inserter(splitCerts));
+ attestationCertificate =
+ ::android::hardware::identity::support::certificateChainJoin(splitCerts);
});
if (result.code != ResultCode::OK) {
LOG(ERROR) << "Error calling getAttestationCertificate()";
diff --git a/keystore/Android.bp b/keystore/Android.bp
index f3a7531..6145047 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -29,7 +29,6 @@
defaults: ["keystore_defaults"],
srcs: [
- ":IKeyAttestationApplicationIdProvider.aidl",
"KeyStore.cpp",
"auth_token_table.cpp",
"blob.cpp",
@@ -41,7 +40,6 @@
"keyblob_utils.cpp",
"keymaster_enforcement.cpp",
"keymaster_worker.cpp",
- "keystore_attestation_id.cpp",
"keystore_main.cpp",
"keystore_utils.cpp",
"legacy_keymaster_device_wrapper.cpp",
@@ -55,6 +53,7 @@
"android.hardware.confirmationui@1.0",
"android.hardware.keymaster@3.0",
"android.hardware.keymaster@4.0",
+ "android.hardware.keymaster@4.1",
"libbase",
"libbinder",
"libcrypto",
@@ -62,8 +61,10 @@
"libhardware",
"libhidlbase",
"libkeymaster4support",
+ "libkeymaster4_1support",
"libkeymaster_messages",
"libkeymaster_portable",
+ "libkeystore-attestation-application-id",
"libkeystore_aidl",
"libkeystore_binder",
"libkeystore_parcelables",
@@ -144,29 +145,30 @@
defaults: ["keystore_defaults"],
export_include_dirs: ["include"],
srcs: [
- "KeyAttestationApplicationId.cpp",
- "KeyAttestationPackageInfo.cpp",
"KeymasterArguments.cpp",
"keystore_aidl_hidl_marshalling_utils.cpp",
"KeystoreResponse.cpp",
"OperationResult.cpp",
- "Signature.cpp",
],
shared_libs: [
"android.hardware.keymaster@4.0",
+ "android.hardware.keymaster@4.1",
"libbinder",
"libhardware",
"libhidlbase",
"libkeymaster4support",
+ "libkeymaster4_1support",
"liblog",
"libprotobuf-cpp-lite",
"libutils",
+ "libkeystore-attestation-application-id",
],
export_shared_lib_headers: [
"android.hardware.keymaster@4.0",
+ "android.hardware.keymaster@4.1",
"libbinder",
"libhidlbase",
- "libkeymaster4support",
+ "libkeymaster4_1support",
],
}
// Library for keystore clients
@@ -210,6 +212,31 @@
],
}
+// Library used by both keystore and credstore for generating the ASN.1 stored
+// in Tag::ATTESTATION_APPLICATION_ID
+cc_library_shared {
+ name: "libkeystore-attestation-application-id",
+ defaults: ["keystore_defaults"],
+
+ srcs: [
+ ":IKeyAttestationApplicationIdProvider.aidl",
+ "keystore_attestation_id.cpp",
+ "KeyAttestationApplicationId.cpp",
+ "KeyAttestationPackageInfo.cpp",
+ "Signature.cpp",
+ ],
+ shared_libs: [
+ "libbase",
+ "libbinder",
+ "libhidlbase",
+ "liblog",
+ "libutils",
+ "libcrypto",
+ ],
+
+ export_include_dirs: ["include"],
+}
+
// Library for keystore clients using the WiFi HIDL interface
cc_library_shared {
name: "libkeystore-wifi-hidl",
@@ -235,13 +262,8 @@
defaults: ["keystore_defaults"],
srcs: [
- ":IKeyAttestationApplicationIdProvider.aidl",
"auth_token_table.cpp",
"blob.cpp",
- "keystore_attestation_id.cpp",
- "KeyAttestationApplicationId.cpp",
- "KeyAttestationPackageInfo.cpp",
- "Signature.cpp",
],
cflags: [ "-O0", ],
static_libs: ["libgtest_main"],
@@ -251,6 +273,7 @@
"libcrypto",
"libhidlbase",
"libkeymaster4support",
+ "libkeystore-attestation-application-id",
"libutils",
"libkeystore_aidl",
"libkeystore_parcelables",
diff --git a/keystore/KeyStore.h b/keystore/KeyStore.h
index a7fbab4..0027ec8 100644
--- a/keystore/KeyStore.h
+++ b/keystore/KeyStore.h
@@ -18,7 +18,7 @@
#define KEYSTORE_KEYSTORE_H_
#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
-#include <keymasterV4_0/Keymaster.h>
+#include <keymasterV4_1/Keymaster.h>
#include <utils/Vector.h>
#include <keystore/keymaster_types.h>
diff --git a/keystore/OperationResult.cpp b/keystore/OperationResult.cpp
index 3ff8bc3..dec4d40 100644
--- a/keystore/OperationResult.cpp
+++ b/keystore/OperationResult.cpp
@@ -29,8 +29,8 @@
namespace security {
namespace keymaster {
-using keystore::keymaster::ErrorCode;
using ::android::status_t;
+using ::keystore::ErrorCode;
OperationResult::OperationResult() : resultCode(), token(), handle(0), inputConsumed(0), data() {}
diff --git a/keystore/auth_token_table.h b/keystore/auth_token_table.h
index 86d65de..787b9b1 100644
--- a/keystore/auth_token_table.h
+++ b/keystore/auth_token_table.h
@@ -25,8 +25,6 @@
namespace keystore {
-using keymaster::HardwareAuthToken;
-
namespace test {
class AuthTokenTableTest;
} // namespace test
diff --git a/keystore/include/keystore/keymaster_types.h b/keystore/include/keystore/keymaster_types.h
index f3c6907..8da9682 100644
--- a/keystore/include/keystore/keymaster_types.h
+++ b/keystore/include/keystore/keymaster_types.h
@@ -16,11 +16,11 @@
#define SECURITY_KEYSTORE_INCLUDE_KEYSTORE_KEYMASTER_TYPES_H_
#include <android/hardware/keymaster/3.0/types.h>
-#include <android/hardware/keymaster/4.0/IKeymasterDevice.h>
-#include <android/hardware/keymaster/4.0/types.h>
+#include <android/hardware/keymaster/4.1/IKeymasterDevice.h>
+#include <android/hardware/keymaster/4.1/types.h>
-#include <keymasterV4_0/authorization_set.h>
-#include <keymasterV4_0/keymaster_tags.h>
+#include <keymasterV4_1/authorization_set.h>
+#include <keymasterV4_1/keymaster_tags.h>
/**
* This header lifts the types from the current Keymaster version into the keystore namespace.
@@ -29,7 +29,7 @@
namespace keystore {
// Changing this namespace alias will change the keymaster version.
-namespace keymaster = ::android::hardware::keymaster::V4_0;
+namespace keymaster = ::android::hardware::keymaster::V4_1;
using android::hardware::hidl_vec;
using android::hardware::Return;
@@ -40,11 +40,17 @@
using keymaster::AuthorizationSet;
using keymaster::AuthorizationSetBuilder;
+// It's more convenient to use the V4.0 error and tag types by default.
+using ::android::hardware::keymaster::V4_0::ErrorCode;
+using ::android::hardware::keymaster::V4_0::Tag;
+
+using V4_1_ErrorCode = ::android::hardware::keymaster::V4_1::ErrorCode;
+using V4_1_Tag = ::android::hardware::keymaster::V4_1::Tag;
+
using keymaster::Algorithm;
using keymaster::BlockMode;
using keymaster::Digest;
using keymaster::EcCurve;
-using keymaster::ErrorCode;
using keymaster::HardwareAuthenticatorType;
using keymaster::HardwareAuthToken;
using keymaster::HmacSharingParameters;
@@ -55,7 +61,6 @@
using keymaster::OperationHandle;
using keymaster::PaddingMode;
using keymaster::SecurityLevel;
-using keymaster::Tag;
using keymaster::TagType;
using keymaster::VerificationToken;
diff --git a/keystore/keystore_attestation_id.h b/keystore/include/keystore/keystore_attestation_id.h
similarity index 98%
rename from keystore/keystore_attestation_id.h
rename to keystore/include/keystore/keystore_attestation_id.h
index 63015ee..238f4b1 100644
--- a/keystore/keystore_attestation_id.h
+++ b/keystore/include/keystore/keystore_attestation_id.h
@@ -51,7 +51,7 @@
::android::status_t status() const { return _status; }
- const T& value() const & { return _value; }
+ const T& value() const& { return _value; }
T& value() & { return _value; }
T&& value() && { return std::move(_value); }
diff --git a/keystore/include/keystore/keystore_return_types.h b/keystore/include/keystore/keystore_return_types.h
index f8cf1cc..2762f8d 100644
--- a/keystore/include/keystore/keystore_return_types.h
+++ b/keystore/include/keystore/keystore_return_types.h
@@ -23,8 +23,6 @@
namespace keystore {
-using keymaster::ErrorCode;
-
class KeyStoreServiceReturnCode;
class KeyStoreNativeReturnCode;
diff --git a/keystore/key_proto_handler.cpp b/keystore/key_proto_handler.cpp
index a106213..f8400af 100644
--- a/keystore/key_proto_handler.cpp
+++ b/keystore/key_proto_handler.cpp
@@ -19,7 +19,7 @@
#include <android/os/DropBoxManager.h>
#include <google/protobuf/message_lite.h>
-#include <keymasterV4_0/Keymaster.h>
+#include <keymasterV4_1/Keymaster.h>
#include <keystore/keymaster_types.h>
#include <utils/String16.h>
#include <utils/StrongPointer.h>
diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp
index 41b4109..666b48a 100644
--- a/keystore/key_store_service.cpp
+++ b/keystore/key_store_service.cpp
@@ -42,9 +42,9 @@
#include "defaults.h"
#include "key_proto_handler.h"
-#include "keystore_attestation_id.h"
#include "keystore_keymaster_enforcement.h"
#include "keystore_utils.h"
+#include <keystore/keystore_attestation_id.h>
#include <keystore/keystore_hidl_support.h>
#include <keystore/keystore_return_types.h>
diff --git a/keystore/keymaster_worker.h b/keystore/keymaster_worker.h
index 3165763..8e35c16 100644
--- a/keystore/keymaster_worker.h
+++ b/keystore/keymaster_worker.h
@@ -20,7 +20,7 @@
#include <condition_variable>
#include <functional>
-#include <keymasterV4_0/Keymaster.h>
+#include <keymasterV4_1/Keymaster.h>
#include <memory>
#include <mutex>
#include <optional>
@@ -32,6 +32,7 @@
#include <keystore/KeyCharacteristics.h>
#include <keystore/KeymasterBlob.h>
#include <keystore/OperationResult.h>
+#include <keystore/keymaster_types.h>
#include <keystore/keystore_return_types.h>
#include "blob.h"
@@ -43,16 +44,7 @@
using ::android::hardware::hidl_vec;
using ::android::hardware::Return;
using ::android::hardware::Void;
-using android::hardware::keymaster::V4_0::ErrorCode;
-using android::hardware::keymaster::V4_0::HardwareAuthToken;
-using android::hardware::keymaster::V4_0::HmacSharingParameters;
-using android::hardware::keymaster::V4_0::KeyCharacteristics;
-using android::hardware::keymaster::V4_0::KeyFormat;
-using android::hardware::keymaster::V4_0::KeyParameter;
-using android::hardware::keymaster::V4_0::KeyPurpose;
-using android::hardware::keymaster::V4_0::VerificationToken;
-using android::hardware::keymaster::V4_0::support::Keymaster;
-// using KeystoreCharacteristics = ::android::security::keymaster::KeyCharacteristics;
+using android::hardware::keymaster::V4_1::support::Keymaster;
using ::android::security::keymaster::KeymasterBlob;
class KeyStore;
diff --git a/keystore/keystore_aidl_hidl_marshalling_utils.cpp b/keystore/keystore_aidl_hidl_marshalling_utils.cpp
index 49e18f0..823ca58 100644
--- a/keystore/keystore_aidl_hidl_marshalling_utils.cpp
+++ b/keystore/keystore_aidl_hidl_marshalling_utils.cpp
@@ -205,7 +205,7 @@
namespace keymaster {
using ::android::status_t;
-using ::keystore::keymaster::ErrorCode;
+using ::keystore::ErrorCode;
ExportResult::ExportResult() : resultCode() {}
diff --git a/keystore/keystore_attestation_id.cpp b/keystore/keystore_attestation_id.cpp
index b48639f..3d9e87e 100644
--- a/keystore/keystore_attestation_id.cpp
+++ b/keystore/keystore_attestation_id.cpp
@@ -13,7 +13,8 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*/
-#include "keystore_attestation_id.h"
+
+#include <keystore/keystore_attestation_id.h>
#define LOG_TAG "keystore_att_id"
diff --git a/keystore/keystore_main.cpp b/keystore/keystore_main.cpp
index 8e9c699..7b7430f 100644
--- a/keystore/keystore_main.cpp
+++ b/keystore/keystore_main.cpp
@@ -21,8 +21,8 @@
#include <android/security/keystore/IKeystoreService.h>
#include <binder/IPCThreadState.h>
#include <binder/IServiceManager.h>
-#include <keymasterV4_0/Keymaster3.h>
-#include <keymasterV4_0/Keymaster4.h>
+#include <keymasterV4_1/Keymaster3.h>
+#include <keymasterV4_1/Keymaster4.h>
#include <utils/StrongPointer.h>
#include <keystore/keystore_hidl_support.h>
diff --git a/keystore/operation.h b/keystore/operation.h
index e0865a4..ef880a7 100644
--- a/keystore/operation.h
+++ b/keystore/operation.h
@@ -26,7 +26,7 @@
#include <binder/Binder.h>
#include <binder/IBinder.h>
-#include <keymasterV4_0/Keymaster.h>
+#include <keymasterV4_1/Keymaster.h>
#include <utils/StrongPointer.h>
#include <keystore/keymaster_types.h>
diff --git a/keystore/operation_proto_handler.cpp b/keystore/operation_proto_handler.cpp
index dfc0692..3b3d3fc 100644
--- a/keystore/operation_proto_handler.cpp
+++ b/keystore/operation_proto_handler.cpp
@@ -19,7 +19,7 @@
#include <android/os/DropBoxManager.h>
#include <google/protobuf/message_lite.h>
-#include <keymasterV4_0/Keymaster.h>
+#include <keymasterV4_1/Keymaster.h>
#include <keystore/keymaster_types.h>
#include <keystore/keystore_hidl_support.h>
#include <utils/String16.h>
diff --git a/keystore/operation_struct.h b/keystore/operation_struct.h
index 84265b6..23e79fc 100644
--- a/keystore/operation_struct.h
+++ b/keystore/operation_struct.h
@@ -19,7 +19,7 @@
#include <binder/Binder.h>
#include <binder/IBinder.h>
-#include <keymasterV4_0/Keymaster.h>
+#include <keymasterV4_1/Keymaster.h>
#include <utils/StrongPointer.h>
#include <keystore/keymaster_types.h>
diff --git a/keystore/tests/Android.bp b/keystore/tests/Android.bp
index bbcc1c2..eac6fe6 100644
--- a/keystore/tests/Android.bp
+++ b/keystore/tests/Android.bp
@@ -24,6 +24,7 @@
"libgtest_main",
"libhidlbase",
"libkeymaster4support",
+ "libkeymaster4_1support",
"libkeystore_test",
"liblog",
"libutils",
@@ -31,6 +32,7 @@
shared_libs: [
"libbinder",
"libkeymaster_messages",
+ "libkeystore-attestation-application-id",
"libvndksupport",
],
sanitize: {
diff --git a/keystore/tests/aaid_truncation_test.cpp b/keystore/tests/aaid_truncation_test.cpp
index e5d5e9f..45c54df 100644
--- a/keystore/tests/aaid_truncation_test.cpp
+++ b/keystore/tests/aaid_truncation_test.cpp
@@ -19,8 +19,8 @@
#include <string>
#include <utils/String16.h>
-#include "../keystore_attestation_id.h"
#include <keymaster/logger.h>
+#include <keystore/keystore_attestation_id.h>
#include <keystore/KeyAttestationApplicationId.h>
#include <keystore/KeyAttestationPackageInfo.h>