Get rid of manually created IKeystoreService.
Generated IKeystoreService has different signature, which required lots
of refactoring.
After update methods relevant data using last parameter.
Test: cts-tradefed run cts -m CtsKeystoreTestCases
Bug: 68389643
Change-Id: I0ca36a2e9e007143a3b403b306a8f979ee98b232
diff --git a/keystore/include/keystore/ExportResult.h b/keystore/include/keystore/ExportResult.h
new file mode 100644
index 0000000..c85f5ab
--- /dev/null
+++ b/keystore/include/keystore/ExportResult.h
@@ -0,0 +1,47 @@
+// Copyright 2017 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef KEYSTORE_INCLUDE_KEYSTORE_EXPORTRESULT_H_
+#define KEYSTORE_INCLUDE_KEYSTORE_EXPORTRESULT_H_
+
+#include <stdint.h>
+
+#include <memory>
+#include <vector>
+
+#include <binder/Parcelable.h>
+#include <hardware/keymaster_defs.h>
+
+#include "keystore_return_types.h"
+#include "utils.h"
+
+namespace android {
+namespace security {
+namespace keymaster {
+
+struct ExportResult : public ::android::Parcelable {
+ ExportResult();
+ ~ExportResult();
+ status_t readFromParcel(const Parcel* in) override;
+ status_t writeToParcel(Parcel* out) const override;
+
+ ::keystore::KeyStoreServiceReturnCode resultCode;
+ hardware::hidl_vec<uint8_t> exportData;
+};
+
+} // namespace keymaster
+} // namespace security
+} // namespace android
+
+#endif // KEYSTORE_INCLUDE_KEYSTORE_EXPORTRESULT_H_
diff --git a/keystore/include/keystore/IKeystoreService.h b/keystore/include/keystore/IKeystoreService.h
deleted file mode 100644
index a045679..0000000
--- a/keystore/include/keystore/IKeystoreService.h
+++ /dev/null
@@ -1,254 +0,0 @@
-/*
- * Copyright (C) 2012 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#ifndef KEYSTORE_IKEYSTORESERVICE_H
-#define KEYSTORE_IKEYSTORESERVICE_H
-
-#include "keystore.h"
-#include "keystore_return_types.h"
-#include <binder/IInterface.h>
-#include <binder/Parcel.h>
-#include <keystore/keymaster_tags.h>
-#include <utils/RefBase.h>
-#include <vector>
-
-namespace android {
-
-class KeystoreArg : public RefBase {
- public:
- KeystoreArg(const void* data, size_t len);
- ~KeystoreArg();
-
- const void* data() const;
- size_t size() const;
-
- private:
- const void* mData;
- size_t mSize;
-};
-
-struct MallocDeleter {
- void operator()(uint8_t* p) { free(p); }
-};
-
-// struct for serializing the results of begin/update/finish
-struct OperationResult : public ::android::Parcelable {
- OperationResult();
- ~OperationResult();
- status_t readFromParcel(const Parcel* in) override;
- status_t writeToParcel(Parcel* out) const override;
-
- ::keystore::KeyStoreServiceReturnCode resultCode;
- sp<IBinder> token;
- uint64_t handle;
- int inputConsumed;
- ::keystore::hidl_vec<uint8_t> data;
- ::keystore::hidl_vec<::keystore::KeyParameter> outParams;
-};
-
-// struct for serializing the results of export
-struct ExportResult : public ::android::Parcelable {
- ExportResult();
- ~ExportResult();
- status_t readFromParcel(const Parcel* in) override;
- status_t writeToParcel(Parcel* out) const override;
-
- ::keystore::KeyStoreServiceReturnCode resultCode;
- ::keystore::hidl_vec<uint8_t> exportData;
-};
-
-/*
- * This must be kept manually in sync with frameworks/base's IKeystoreService.java
- */
-class IKeystoreService : public IInterface {
- public:
- enum {
- GET_STATE = IBinder::FIRST_CALL_TRANSACTION + 0,
- GET = IBinder::FIRST_CALL_TRANSACTION + 1,
- INSERT = IBinder::FIRST_CALL_TRANSACTION + 2,
- DEL = IBinder::FIRST_CALL_TRANSACTION + 3,
- EXIST = IBinder::FIRST_CALL_TRANSACTION + 4,
- LIST = IBinder::FIRST_CALL_TRANSACTION + 5,
- RESET = IBinder::FIRST_CALL_TRANSACTION + 6,
- ON_USER_PASSWORD_CHANGED = IBinder::FIRST_CALL_TRANSACTION + 7,
- LOCK = IBinder::FIRST_CALL_TRANSACTION + 8,
- UNLOCK = IBinder::FIRST_CALL_TRANSACTION + 9,
- IS_EMPTY = IBinder::FIRST_CALL_TRANSACTION + 10,
- GENERATE = IBinder::FIRST_CALL_TRANSACTION + 11,
- IMPORT = IBinder::FIRST_CALL_TRANSACTION + 12,
- SIGN = IBinder::FIRST_CALL_TRANSACTION + 13,
- VERIFY = IBinder::FIRST_CALL_TRANSACTION + 14,
- GET_PUBKEY = IBinder::FIRST_CALL_TRANSACTION + 15,
- GRANT = IBinder::FIRST_CALL_TRANSACTION + 16,
- UNGRANT = IBinder::FIRST_CALL_TRANSACTION + 17,
- GETMTIME = IBinder::FIRST_CALL_TRANSACTION + 18,
- DUPLICATE = IBinder::FIRST_CALL_TRANSACTION + 19,
- IS_HARDWARE_BACKED = IBinder::FIRST_CALL_TRANSACTION + 20,
- CLEAR_UID = IBinder::FIRST_CALL_TRANSACTION + 21,
- ADD_RNG_ENTROPY = IBinder::FIRST_CALL_TRANSACTION + 22,
- GENERATE_KEY = IBinder::FIRST_CALL_TRANSACTION + 23,
- GET_KEY_CHARACTERISTICS = IBinder::FIRST_CALL_TRANSACTION + 24,
- IMPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 25,
- EXPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 26,
- BEGIN = IBinder::FIRST_CALL_TRANSACTION + 27,
- UPDATE = IBinder::FIRST_CALL_TRANSACTION + 28,
- FINISH = IBinder::FIRST_CALL_TRANSACTION + 29,
- ABORT = IBinder::FIRST_CALL_TRANSACTION + 30,
- IS_OPERATION_AUTHORIZED = IBinder::FIRST_CALL_TRANSACTION + 31,
- ADD_AUTH_TOKEN = IBinder::FIRST_CALL_TRANSACTION + 32,
- ON_USER_ADDED = IBinder::FIRST_CALL_TRANSACTION + 33,
- ON_USER_REMOVED = IBinder::FIRST_CALL_TRANSACTION + 34,
- ATTEST_KEY = IBinder::FIRST_CALL_TRANSACTION + 35,
- ATTEST_DEVICE_IDS = IBinder::FIRST_CALL_TRANSACTION + 36,
- ON_DEVICE_OFF_BODY = IBinder::FIRST_CALL_TRANSACTION + 37,
- };
-
- DECLARE_META_INTERFACE(KeystoreService);
-
- virtual ::keystore::KeyStoreServiceReturnCode getState(int32_t userId) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode get(const String16& name, int32_t uid,
- ::keystore::hidl_vec<uint8_t>* item) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode insert(const String16& name,
- const ::keystore::hidl_vec<uint8_t>& item,
- int uid, int32_t flags) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode del(const String16& name, int uid) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode exist(const String16& name, int uid) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode list(const String16& prefix, int uid,
- Vector<String16>* matches) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode reset() = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode
- onUserPasswordChanged(int32_t userId, const String16& newPassword) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode lock(int32_t userId) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode unlock(int32_t userId,
- const String16& password) = 0;
-
- virtual bool isEmpty(int32_t userId) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode generate(const String16& name, int32_t uid,
- int32_t keyType, int32_t keySize,
- int32_t flags,
- Vector<sp<KeystoreArg>>* args) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode import(const String16& name,
- const ::keystore::hidl_vec<uint8_t>& data,
- int uid, int32_t flags) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode sign(const String16& name,
- const ::keystore::hidl_vec<uint8_t>& data,
- ::keystore::hidl_vec<uint8_t>* out) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode
- verify(const String16& name, const ::keystore::hidl_vec<uint8_t>& data,
- const ::keystore::hidl_vec<uint8_t>& signature) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode
- get_pubkey(const String16& name, ::keystore::hidl_vec<uint8_t>* pubKey) = 0;
-
- virtual String16 grant(const String16& name, int32_t granteeUid) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode ungrant(const String16& name,
- int32_t granteeUid) = 0;
-
- virtual int64_t getmtime(const String16& name, int32_t uid) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode
- duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, int32_t destUid) = 0;
-
- virtual int32_t is_hardware_backed(const String16& keyType) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode clear_uid(int64_t uid) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode
- addRngEntropy(const ::keystore::hidl_vec<uint8_t>& entropy) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode
- generateKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params,
- const ::keystore::hidl_vec<uint8_t>& entropy, int uid, int flags,
- ::keystore::KeyCharacteristics* outCharacteristics) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode
- getKeyCharacteristics(const String16& name, const ::keystore::hidl_vec<uint8_t>& clientId,
- const ::keystore::hidl_vec<uint8_t>& appData, int32_t uid,
- ::keystore::KeyCharacteristics* outCharacteristics) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode
- importKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params,
- ::keystore::KeyFormat format, const ::keystore::hidl_vec<uint8_t>& key, int uid,
- int flags, ::keystore::KeyCharacteristics* outCharacteristics) = 0;
-
- virtual void exportKey(const String16& name, ::keystore::KeyFormat format,
- const ::keystore::hidl_vec<uint8_t>& clientId,
- const ::keystore::hidl_vec<uint8_t>& appData, int uid,
- ExportResult* result) = 0;
-
- virtual void begin(const sp<IBinder>& apptoken, const String16& name,
- ::keystore::KeyPurpose purpose, bool pruneable,
- const ::keystore::hidl_vec<::keystore::KeyParameter>& params,
- const ::keystore::hidl_vec<uint8_t>& entropy, int32_t uid,
- OperationResult* opResult) = 0;
-
- virtual void update(const sp<IBinder>& token,
- const ::keystore::hidl_vec<::keystore::KeyParameter>& params,
- const ::keystore::hidl_vec<uint8_t>& data, OperationResult* opResult) = 0;
-
- virtual void finish(const sp<IBinder>& token,
- const ::keystore::hidl_vec<::keystore::KeyParameter>& params,
- const ::keystore::hidl_vec<uint8_t>& signature,
- const ::keystore::hidl_vec<uint8_t>& entropy,
- OperationResult* opResult) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode abort(const sp<IBinder>& handle) = 0;
-
- virtual bool isOperationAuthorized(const sp<IBinder>& handle) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode addAuthToken(const uint8_t* token,
- size_t length) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode onUserAdded(int32_t userId, int32_t parentId) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode onUserRemoved(int32_t userId) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode
- attestKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params,
- ::keystore::hidl_vec<::keystore::hidl_vec<uint8_t>>* outChain) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode attestDeviceIds(
- const ::keystore::hidl_vec<::keystore::KeyParameter>& params,
- ::keystore::hidl_vec<::keystore::hidl_vec<uint8_t>>* outChain) = 0;
-
- virtual ::keystore::KeyStoreServiceReturnCode onDeviceOffBody() = 0;
-};
-
-// ----------------------------------------------------------------------------
-
-class BnKeystoreService : public BnInterface<IKeystoreService> {
- public:
- virtual status_t onTransact(uint32_t code, const Parcel& data, Parcel* reply,
- uint32_t flags = 0);
-};
-
-} // namespace android
-
-#endif
diff --git a/keystore/include/keystore/KeyAttestationApplicationId.h b/keystore/include/keystore/KeyAttestationApplicationId.h
index a7ce210..5161d4b 100644
--- a/keystore/include/keystore/KeyAttestationApplicationId.h
+++ b/keystore/include/keystore/KeyAttestationApplicationId.h
@@ -15,12 +15,13 @@
#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONAPPLICATIONID_H_
#define KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONAPPLICATIONID_H_
-#include "KeyAttestationPackageInfo.h"
#include "utils.h"
#include <binder/Parcelable.h>
#include <memory>
#include <vector>
+#include "KeyAttestationPackageInfo.h"
+
namespace android {
namespace security {
namespace keymaster {
@@ -46,6 +47,6 @@
} // namespace keymaster
} // namespace security
-} // namsepace android
+} // namespace android
#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONAPPLICATIONID_H_
diff --git a/keystore/include/keystore/KeyCharacteristics.h b/keystore/include/keystore/KeyCharacteristics.h
new file mode 100644
index 0000000..c1bffb2
--- /dev/null
+++ b/keystore/include/keystore/KeyCharacteristics.h
@@ -0,0 +1,47 @@
+// Copyright 2017 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYCHARACTERISTICS_H_
+#define KEYSTORE_INCLUDE_KEYSTORE_KEYCHARACTERISTICS_H_
+
+#include <binder/Parcelable.h>
+#include <hardware/keymaster_defs.h>
+
+#include "KeymasterArguments.h"
+
+namespace android {
+namespace security {
+namespace keymaster {
+
+using hardware::keymaster::V3_0::KeyParameter;
+
+// Parcelable version of hardware::keymaster::V3_0::KeyCharacteristics
+struct KeyCharacteristics : public ::android::Parcelable {
+ KeyCharacteristics(){};
+ explicit KeyCharacteristics(const android::hardware::keymaster::V3_0::KeyCharacteristics& other) {
+ softwareEnforced = KeymasterArguments(other.softwareEnforced);
+ teeEnforced = KeymasterArguments(other.teeEnforced);
+ }
+ status_t readFromParcel(const Parcel* in) override;
+ status_t writeToParcel(Parcel* out) const override;
+
+ KeymasterArguments softwareEnforced;
+ KeymasterArguments teeEnforced;
+};
+
+} // namespace keymaster
+} // namespace security
+} // namespace android
+
+#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYCHARACTERISTICS_H_
diff --git a/keystore/include/keystore/KeymasterArguments.h b/keystore/include/keystore/KeymasterArguments.h
new file mode 100644
index 0000000..d14e270
--- /dev/null
+++ b/keystore/include/keystore/KeymasterArguments.h
@@ -0,0 +1,46 @@
+// Copyright 2017 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERARGUMENTS_H_
+#define KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERARGUMENTS_H_
+
+#include "authorization_set.h"
+#include <binder/Parcelable.h>
+#include <hardware/keymaster_defs.h>
+
+namespace android {
+namespace security {
+namespace keymaster {
+
+using hardware::keymaster::V3_0::KeyParameter;
+
+// struct for serializing/deserializing a list of KeyParameter's
+struct KeymasterArguments : public Parcelable {
+ KeymasterArguments(){};
+ explicit KeymasterArguments(const hardware::hidl_vec<KeyParameter>& other);
+
+ status_t readFromParcel(const Parcel* in) override;
+ status_t writeToParcel(Parcel* out) const override;
+
+ const inline hardware::hidl_vec<KeyParameter>& getParameters() const { return data_; }
+
+ private:
+ hardware::hidl_vec<KeyParameter> data_;
+};
+
+} // namespace keymaster
+} // namespace security
+} // namespace android
+
+#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERARGUMENTS_H_
diff --git a/keystore/include/keystore/KeymasterBlob.h b/keystore/include/keystore/KeymasterBlob.h
new file mode 100644
index 0000000..47cb7ee
--- /dev/null
+++ b/keystore/include/keystore/KeymasterBlob.h
@@ -0,0 +1,42 @@
+// Copyright 2017 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERBLOB_H_
+#define KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERBLOB_H_
+
+#include "authorization_set.h"
+#include <binder/Parcelable.h>
+#include <hardware/keymaster_defs.h>
+
+namespace android {
+namespace security {
+namespace keymaster {
+
+// Parcelable which wraps hardware::hidl_vec<uint8_t>
+struct KeymasterBlob : public ::android::Parcelable {
+ KeymasterBlob(){};
+ explicit KeymasterBlob(hardware::hidl_vec<uint8_t> data) : data_(data) {}
+ status_t readFromParcel(const Parcel* in) override;
+ status_t writeToParcel(Parcel* out) const override;
+ const hardware::hidl_vec<uint8_t>& getData() const { return data_; }
+
+ private:
+ hardware::hidl_vec<uint8_t> data_;
+};
+
+} // namespace keymaster
+} // namespace security
+} // namespace android
+
+#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERBLOB_H_
diff --git a/keystore/include/keystore/KeymasterCertificateChain.h b/keystore/include/keystore/KeymasterCertificateChain.h
new file mode 100644
index 0000000..8c0a6fc
--- /dev/null
+++ b/keystore/include/keystore/KeymasterCertificateChain.h
@@ -0,0 +1,44 @@
+// Copyright 2017 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERCERTIFICATECHAIN_H_
+#define KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERCERTIFICATECHAIN_H_
+
+#include "authorization_set.h"
+#include <binder/Parcelable.h>
+#include <hardware/keymaster_defs.h>
+
+namespace android {
+namespace security {
+namespace keymaster {
+
+// struct for serializing keymaster_cert_chain_t's
+struct KeymasterCertificateChain : public ::android::Parcelable {
+ KeymasterCertificateChain(){};
+ explicit KeymasterCertificateChain(hardware::hidl_vec<hardware::hidl_vec<uint8_t>> other)
+ : chain(std::move(other)) {}
+
+ status_t readFromParcel(const Parcel* in) override;
+ status_t writeToParcel(Parcel* out) const override;
+
+ private:
+ // The structure is only used as output and doesn't have getter.
+ hardware::hidl_vec<hardware::hidl_vec<uint8_t>> chain;
+};
+
+} // namespace keymaster
+} // namespace security
+} // namespace android
+
+#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERCERTIFICATECHAIN_H_
diff --git a/keystore/include/keystore/KeystoreArg.h b/keystore/include/keystore/KeystoreArg.h
new file mode 100644
index 0000000..31496f0
--- /dev/null
+++ b/keystore/include/keystore/KeystoreArg.h
@@ -0,0 +1,50 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYSTOREARG_H
+#define KEYSTORE_INCLUDE_KEYSTORE_KEYSTOREARG_H
+
+#include <vector>
+
+#include <binder/IInterface.h>
+#include <binder/Parcel.h>
+#include <keystore/keymaster_tags.h>
+#include <utils/RefBase.h>
+
+#include "keystore.h"
+#include "keystore_return_types.h"
+
+namespace android {
+namespace security {
+
+// Simple pair of generic pointer and length of corresponding data structure.
+class KeystoreArg : public RefBase {
+ public:
+ KeystoreArg(const void* data, size_t len) : mData(data), mSize(len) {}
+ ~KeystoreArg() {}
+
+ const void* data() const { return mData; }
+ size_t size() const { return mSize; }
+
+ private:
+ const void* mData; // provider of the data must handle memory clean-up.
+ size_t mSize;
+};
+
+} // namespace security
+} // namespace android
+
+#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYSTOREARG_H
diff --git a/keystore/include/keystore/KeystoreArguments.h b/keystore/include/keystore/KeystoreArguments.h
new file mode 100644
index 0000000..44e1436
--- /dev/null
+++ b/keystore/include/keystore/KeystoreArguments.h
@@ -0,0 +1,40 @@
+// Copyright 2017 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYSTOREARGUMENTS_H_
+#define KEYSTORE_INCLUDE_KEYSTORE_KEYSTOREARGUMENTS_H_
+
+#include "KeystoreArg.h"
+#include <binder/Parcelable.h>
+#include <hardware/keymaster_defs.h>
+#include <utils/RefBase.h>
+
+namespace android {
+namespace security {
+
+// Parcelable KeystoreArguments.java which simply holds byte[][].
+struct KeystoreArguments : public ::android::Parcelable, public RefBase {
+ status_t readFromParcel(const Parcel* in) override;
+ status_t writeToParcel(Parcel* out) const override;
+
+ const Vector<sp<KeystoreArg>>& getArguments() const { return args; }
+
+ private:
+ Vector<sp<KeystoreArg>> args;
+};
+
+} // namespace security
+} // namespace android
+
+#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYSTOREARGUMENTS_H_
diff --git a/keystore/include/keystore/OperationResult.h b/keystore/include/keystore/OperationResult.h
new file mode 100644
index 0000000..e84d1e9
--- /dev/null
+++ b/keystore/include/keystore/OperationResult.h
@@ -0,0 +1,46 @@
+// Copyright 2017 The Android Open Source Project
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#ifndef KEYSTORE_INCLUDE_KEYSTORE_OPERATIONRESULT_H_
+#define KEYSTORE_INCLUDE_KEYSTORE_OPERATIONRESULT_H_
+
+#include "KeymasterArguments.h"
+#include "keystore_return_types.h"
+#include <binder/Parcelable.h>
+#include <binder/Parcel.h>
+#include <hardware/keymaster_defs.h>
+
+namespace android {
+namespace security {
+namespace keymaster {
+
+struct OperationResult : public ::android::Parcelable {
+ OperationResult();
+ status_t readFromParcel(const Parcel* in) override;
+ status_t writeToParcel(Parcel* out) const override;
+
+ // Native code may need to use KeyStoreNativeReturnCode
+ ::keystore::KeyStoreServiceReturnCode resultCode;
+ sp<IBinder> token;
+ uint64_t handle;
+ int inputConsumed;
+ ::keystore::hidl_vec<uint8_t> data;
+ ::keystore::hidl_vec<::keystore::KeyParameter> outParams;
+};
+
+} // namespace keymaster
+} // namespace security
+} // namespace android
+
+#endif // KEYSTORE_INCLUDE_KEYSTORE_OPERATIONRESULT_H_
diff --git a/keystore/include/keystore/keystore.h b/keystore/include/keystore/keystore.h
index bfcf51c..cb64498 100644
--- a/keystore/include/keystore/keystore.h
+++ b/keystore/include/keystore/keystore.h
@@ -26,6 +26,7 @@
STATE_UNINITIALIZED = 3,
};
+// must be in sync with KeyStore.java,
enum class ResponseCode: int32_t {
NO_ERROR = STATE_NO_ERROR, // 1
LOCKED = STATE_LOCKED, // 2
diff --git a/keystore/include/keystore/keystore_client.h b/keystore/include/keystore/keystore_client.h
index 2ba7fd4..928b2e6 100644
--- a/keystore/include/keystore/keystore_client.h
+++ b/keystore/include/keystore/keystore_client.h
@@ -27,8 +27,6 @@
namespace keystore {
-
-
// An abstract class providing a convenient interface to keystore services. This
// interface is designed to:
// - hide details of the IPC mechanism (e.g. binder)
@@ -87,17 +85,18 @@
// Adds |entropy| to the random number generator. Returns KM_ERROR_OK on
// success and a Keystore ResponseCode or keymaster_error_t on failure.
- virtual KeyStoreNativeReturnCode addRandomNumberGeneratorEntropy(const std::string& entropy) = 0;
+ virtual KeyStoreNativeReturnCode
+ addRandomNumberGeneratorEntropy(const std::string& entropy) = 0;
// Generates a key according to the given |key_parameters| and stores it with
// the given |key_name|. The [hardware|software]_enforced_characteristics of
// the key are provided on success. Returns KM_ERROR_OK on success. Returns
// KM_ERROR_OK on success and a Keystore ResponseCode or keymaster_error_t on
// failure.
- virtual KeyStoreNativeReturnCode generateKey(const std::string& key_name,
- const keystore::AuthorizationSet& key_parameters,
- keystore::AuthorizationSet* hardware_enforced_characteristics,
- keystore::AuthorizationSet* software_enforced_characteristics) = 0;
+ virtual KeyStoreNativeReturnCode
+ generateKey(const std::string& key_name, const keystore::AuthorizationSet& key_parameters,
+ keystore::AuthorizationSet* hardware_enforced_characteristics,
+ keystore::AuthorizationSet* software_enforced_characteristics) = 0;
// Provides the [hardware|software]_enforced_characteristics of a key
// identified by |key_name|. Returns KM_ERROR_OK on success and a Keystore
@@ -112,17 +111,17 @@
// [hardware|software]_enforced_characteristics of the key are provided on
// success. Returns KM_ERROR_OK on success and a Keystore ResponseCode or
// keymaster_error_t on failure.
- virtual KeyStoreNativeReturnCode importKey(const std::string& key_name,
- const keystore::AuthorizationSet& key_parameters,
- KeyFormat key_format, const std::string& key_data,
- keystore::AuthorizationSet* hardware_enforced_characteristics,
- keystore::AuthorizationSet* software_enforced_characteristics) = 0;
+ virtual KeyStoreNativeReturnCode
+ importKey(const std::string& key_name, const keystore::AuthorizationSet& key_parameters,
+ KeyFormat key_format, const std::string& key_data,
+ keystore::AuthorizationSet* hardware_enforced_characteristics,
+ keystore::AuthorizationSet* software_enforced_characteristics) = 0;
// Exports the public key identified by |key_name| to |export_data| using
// |export_format|. Returns KM_ERROR_OK on success and a Keystore ResponseCode
// or keymaster_error_t on failure.
virtual KeyStoreNativeReturnCode exportKey(KeyFormat export_format, const std::string& key_name,
- std::string* export_data) = 0;
+ std::string* export_data) = 0;
// Deletes the key identified by |key_name|. Returns KM_ERROR_OK on success
// and a Keystore ResponseCode or keymaster_error_t on failure.
@@ -137,32 +136,30 @@
// |input_parameters|. On success, any |output_parameters| and an operation
// |handle| are populated. Returns KM_ERROR_OK on success and a Keystore
// ResponseCode or keymaster_error_t on failure.
- virtual KeyStoreNativeReturnCode beginOperation(KeyPurpose purpose, const std::string& key_name,
- const keystore::AuthorizationSet& input_parameters,
- keystore::AuthorizationSet* output_parameters,
- uint64_t* handle) = 0;
+ virtual KeyStoreNativeReturnCode
+ beginOperation(KeyPurpose purpose, const std::string& key_name,
+ const keystore::AuthorizationSet& input_parameters,
+ keystore::AuthorizationSet* output_parameters, uint64_t* handle) = 0;
// Continues the operation associated with |handle| using the given
// |input_parameters| and |input_data|. On success, the
// |num_input_bytes_consumed| and any |output_parameters| are populated. Any
// |output_data| will be appended. Returns KM_ERROR_OK on success and a
// Keystore ResponseCode or keymaster_error_t on failure.
- virtual KeyStoreNativeReturnCode updateOperation(uint64_t handle,
- const keystore::AuthorizationSet& input_parameters,
- const std::string& input_data, size_t* num_input_bytes_consumed,
- keystore::AuthorizationSet* output_parameters,
- std::string* output_data) = 0;
+ virtual KeyStoreNativeReturnCode
+ updateOperation(uint64_t handle, const keystore::AuthorizationSet& input_parameters,
+ const std::string& input_data, size_t* num_input_bytes_consumed,
+ keystore::AuthorizationSet* output_parameters, std::string* output_data) = 0;
// Finishes the operation associated with |handle| using the given
// |input_parameters| and, if necessary, a |signature_to_verify|. On success,
// any |output_parameters| are populated and |output_data| is appended.
// Returns KM_ERROR_OK on success and a Keystore ResponseCode or
// keymaster_error_t on failure.
- virtual KeyStoreNativeReturnCode finishOperation(uint64_t handle,
- const keystore::AuthorizationSet& input_parameters,
- const std::string& signature_to_verify,
- keystore::AuthorizationSet* output_parameters,
- std::string* output_data) = 0;
+ virtual KeyStoreNativeReturnCode
+ finishOperation(uint64_t handle, const keystore::AuthorizationSet& input_parameters,
+ const std::string& signature_to_verify,
+ keystore::AuthorizationSet* output_parameters, std::string* output_data) = 0;
// Aborts the operation associated with |handle|. Returns KM_ERROR_OK on
// success and a Keystore ResponseCode or keymaster_error_t on failure.
diff --git a/keystore/include/keystore/keystore_client_impl.h b/keystore/include/keystore/keystore_client_impl.h
index eb02275..a11e2fe 100644
--- a/keystore/include/keystore/keystore_client_impl.h
+++ b/keystore/include/keystore/keystore_client_impl.h
@@ -17,13 +17,13 @@
#include "keystore_client.h"
-#include <string>
#include <map>
+#include <string>
#include <vector>
+#include <android/security/IKeystoreService.h>
#include <binder/IBinder.h>
#include <binder/IServiceManager.h>
-#include "IKeystoreService.h"
#include <utils/StrongPointer.h>
namespace keystore {
@@ -44,37 +44,38 @@
keystore::AuthorizationSet* output_parameters,
std::string* output_data) override;
KeyStoreNativeReturnCode addRandomNumberGeneratorEntropy(const std::string& entropy) override;
- KeyStoreNativeReturnCode generateKey(const std::string& key_name,
- const keystore::AuthorizationSet& key_parameters,
- keystore::AuthorizationSet* hardware_enforced_characteristics,
- keystore::AuthorizationSet* software_enforced_characteristics) override;
+ KeyStoreNativeReturnCode
+ generateKey(const std::string& key_name, const keystore::AuthorizationSet& key_parameters,
+ keystore::AuthorizationSet* hardware_enforced_characteristics,
+ keystore::AuthorizationSet* software_enforced_characteristics) override;
KeyStoreNativeReturnCode
getKeyCharacteristics(const std::string& key_name,
keystore::AuthorizationSet* hardware_enforced_characteristics,
keystore::AuthorizationSet* software_enforced_characteristics) override;
- KeyStoreNativeReturnCode importKey(const std::string& key_name,
- const keystore::AuthorizationSet& key_parameters,
- KeyFormat key_format, const std::string& key_data,
- keystore::AuthorizationSet* hardware_enforced_characteristics,
- keystore::AuthorizationSet* software_enforced_characteristics) override;
+ KeyStoreNativeReturnCode
+ importKey(const std::string& key_name, const keystore::AuthorizationSet& key_parameters,
+ KeyFormat key_format, const std::string& key_data,
+ keystore::AuthorizationSet* hardware_enforced_characteristics,
+ keystore::AuthorizationSet* software_enforced_characteristics) override;
KeyStoreNativeReturnCode exportKey(KeyFormat export_format, const std::string& key_name,
- std::string* export_data) override;
+ std::string* export_data) override;
KeyStoreNativeReturnCode deleteKey(const std::string& key_name) override;
KeyStoreNativeReturnCode deleteAllKeys() override;
KeyStoreNativeReturnCode beginOperation(KeyPurpose purpose, const std::string& key_name,
- const keystore::AuthorizationSet& input_parameters,
- keystore::AuthorizationSet* output_parameters,
- uint64_t* handle) override;
+ const keystore::AuthorizationSet& input_parameters,
+ keystore::AuthorizationSet* output_parameters,
+ uint64_t* handle) override;
KeyStoreNativeReturnCode updateOperation(uint64_t handle,
- const keystore::AuthorizationSet& input_parameters,
- const std::string& input_data, size_t* num_input_bytes_consumed,
- keystore::AuthorizationSet* output_parameters,
- std::string* output_data) override;
+ const keystore::AuthorizationSet& input_parameters,
+ const std::string& input_data,
+ size_t* num_input_bytes_consumed,
+ keystore::AuthorizationSet* output_parameters,
+ std::string* output_data) override;
KeyStoreNativeReturnCode finishOperation(uint64_t handle,
- const keystore::AuthorizationSet& input_parameters,
- const std::string& signature_to_verify,
- keystore::AuthorizationSet* output_parameters,
- std::string* output_data) override;
+ const keystore::AuthorizationSet& input_parameters,
+ const std::string& signature_to_verify,
+ keystore::AuthorizationSet* output_parameters,
+ std::string* output_data) override;
KeyStoreNativeReturnCode abortOperation(uint64_t handle) override;
bool doesKeyExist(const std::string& key_name) override;
bool listKeys(const std::string& prefix, std::vector<std::string>* key_name_list) override;
@@ -85,7 +86,7 @@
// Maps a keystore error code to a code where all success cases use
// KM_ERROR_OK (not keystore's NO_ERROR).
-// int32_t mapKeystoreError(int32_t keystore_error);
+ // int32_t mapKeystoreError(int32_t keystore_error);
// Creates an encryption key suitable for EncryptWithAuthentication or
// verifies attributes if the key already exists. Returns true on success.
@@ -107,7 +108,7 @@
android::sp<android::IServiceManager> service_manager_;
android::sp<android::IBinder> keystore_binder_;
- android::sp<android::IKeystoreService> keystore_;
+ android::sp<android::security::IKeystoreService> keystore_;
uint64_t next_virtual_handle_ = 1;
std::map<uint64_t, android::sp<android::IBinder>> active_operations_;
diff --git a/keystore/include/keystore/keystore_client_mock.h b/keystore/include/keystore/keystore_client_mock.h
index 2d1f499..b16367f 100644
--- a/keystore/include/keystore/keystore_client_mock.h
+++ b/keystore/include/keystore/keystore_client_mock.h
@@ -15,8 +15,8 @@
#ifndef KEYSTORE_KEYSTORE_CLIENT_MOCK_H_
#define KEYSTORE_KEYSTORE_CLIENT_MOCK_H_
-#include "gmock/gmock.h"
#include "keystore/keystore_client.h"
+#include "gmock/gmock.h"
using testing::_;
diff --git a/keystore/include/keystore/keystore_get.h b/keystore/include/keystore/keystore_get.h
index 4bddd70..4c3d838 100644
--- a/keystore/include/keystore/keystore_get.h
+++ b/keystore/include/keystore/keystore_get.h
@@ -30,7 +30,7 @@
* length. The third argument is a pointer to an array that will be malloc()
* and the caller is responsible for calling free() on the buffer.
*/
-ssize_t keystore_get(const char *key, size_t length, uint8_t** value);
+ssize_t keystore_get(const char* key, size_t length, uint8_t** value);
#ifdef __cplusplus
}
diff --git a/keystore/include/keystore/keystore_return_types.h b/keystore/include/keystore/keystore_return_types.h
index 70380c3..52d700a 100644
--- a/keystore/include/keystore/keystore_return_types.h
+++ b/keystore/include/keystore/keystore_return_types.h
@@ -46,6 +46,7 @@
KeyStoreServiceReturnCode(const KeyStoreServiceReturnCode& errorCode)
: errorCode_(errorCode.errorCode_) {}
KeyStoreServiceReturnCode(const KeyStoreNativeReturnCode& errorCode);
+ explicit inline KeyStoreServiceReturnCode(const int32_t& errorCode) : errorCode_(errorCode) {}
inline KeyStoreServiceReturnCode& operator=(const ErrorCode& errorCode) {
errorCode_ = int32_t(errorCode);
return *this;
@@ -62,8 +63,9 @@
return errorCode_ == static_cast<int32_t>(ResponseCode::NO_ERROR) ||
errorCode_ == static_cast<int32_t>(ErrorCode::OK);
}
+
inline operator int32_t() const {
- if (!errorCode_) return static_cast<int32_t>(ResponseCode::NO_ERROR);
+ if (!errorCode_) return static_cast<int32_t>(ResponseCode::NO_ERROR /* 1 */);
return errorCode_;
}
inline bool operator==(const ResponseCode& rhs) const {
@@ -117,6 +119,7 @@
KeyStoreNativeReturnCode(const ResponseCode& errorCode) : errorCode_(int32_t(errorCode)) {}
KeyStoreNativeReturnCode(const KeyStoreNativeReturnCode& errorCode)
: errorCode_(errorCode.errorCode_) {}
+ explicit inline KeyStoreNativeReturnCode(const int32_t& errorCode) : errorCode_(errorCode) {}
KeyStoreNativeReturnCode(const KeyStoreServiceReturnCode& errorcode);
inline KeyStoreNativeReturnCode& operator=(const ErrorCode& errorCode) {
errorCode_ = int32_t(errorCode);
@@ -135,8 +138,8 @@
errorCode_ == static_cast<int32_t>(ErrorCode::OK);
}
inline operator int32_t() const {
- if (errorCode_ == static_cast<int32_t>(ResponseCode::NO_ERROR)) {
- return static_cast<int32_t>(ErrorCode::OK);
+ if (errorCode_ == static_cast<int32_t>(ResponseCode::NO_ERROR) /* 1 */) {
+ return static_cast<int32_t>(ErrorCode::OK) /* 0 */;
}
return errorCode_;
}