Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / c7a9fa29c185a8c1889486d4acf00fd59c513870^! / . / keystore / operation.h
commitc7a9fa29c185a8c1889486d4acf00fd59c513870[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Thu Oct 13 18:43:45 2016 +0100
committerShawn Willden <swillden@google.com>Mon Jan 23 08:30:49 2017 -0700
tree9ed692390227934ce3f9d106ac47f6b3deb23e7f
parent668cd308b7663d9c266aed83f328145086452666 [diff] [blame]
Port to binderized keymaster HAL

This patch ports keystore to the HIDL based binderized keymaster HAL.
Keystore has no more dependencies on legacy keymaster headers, and
therefore data structures, constant declarations, or enums. All
keymaster related data structures and enums used by keystore are the
once defined by the HIDL based keymaster HAL definition.  In the process
of porting, keystore underwent some changes:

* Keystore got a new implementation of AuthorizationSet that is fully
  based on the new HIDL data structures. Key parameters are now either
  organised as AuthorizationSets or hidl_vec<KeyParameter>.  (Formerly,
  this was a mixture of keymaster's AuthorizationSet,
  std::vec<keymaster_key_param_t>, and keymaster_key_param_set_t.)  The
  former is used for memory management and provides algorithms for
  assembling, joining, and subtracting sets of parameters.  The latter
  is used as wire format for the HAL IPC; it can wrap the memory owned
  by an AuthorizationSet for this purpose.  The AuthorizationSet is
  accompanied by a new implementation of type safe functions for
  creating and accessing tagged key parameters,
  Authorizations (keystore/keymaster_tags.h).
* A new type (KSSReturnCode) was introduced that wraps keystore service
  response codes. Keystore has two sets of error codes.  ErrorCode
  errors are less than 0 and use 0 as success value.  ResponseCode
  errors are greater than zero and use 1 as success value.  This patch
  changes ResponseCode to be an enum class so that is no longer
  assignable to int without a cast. The new return type can only be
  initialized by ResponseCode or ErrorCode and when accessed as int32_t,
  which happens on serialization when the response is send to a client,
  the success values are coalesced onto 1 as expected by the
  clients. KSSreturnCode is also comparable to ResponseCode and
  ErrorCode, and the predicate isOk() returns true if it was initialized
  with either ErrorCode::OK (0) or ReponseCode::NO_ERROR (1).
* A bug was fixed, that caused the keystore verify function to return
  success, regardless of the input, internal errors, or lack of
  permissions.
* The marshalling code in IKeystoreService.cpp was rewritten.  For data
  structures that are known to keymaster, the client facing side of
  keystore uses HIDL based data structures as (target) source
  for (un)marshaling to avoid further conversion.  hidl_vecs are used to
  wrap parcel memory without copying and taking ownership where
  possible.
* Explicit use of malloc is reduced (malloc was required by the C nature
  of the old HAL).  The new implementations avoid explicit use of
  malloc/new and waive the use of pointers for return values. Instead,
  functions return by value objects that take ownership of secondary
  memory allocations where required.

Test: runtest --path=cts/tests/tests/keystore/src/android/keystore/cts

Bug: 32020919
Change-Id: I59d3a0f4a6bdf6bb3bbf791ad8827c463effa286

diff --git a/keystore/operation.h b/keystore/operation.h
index 263b5c9..e69b43a 100644
--- a/keystore/operation.h
+++ b/keystore/operation.h

@@ -17,73 +17,74 @@
 #ifndef KEYSTORE_OPERATION_H_
 #define KEYSTORE_OPERATION_H_
 
-#include <hardware/hw_auth_token.h>
-#include <hardware/keymaster2.h>
 #include <binder/Binder.h>
 #include <binder/IBinder.h>
+#include <keystore/keymaster_tags.h>
+#include <map>
 #include <utils/LruCache.h>
 #include <utils/StrongPointer.h>
-#include <map>
 #include <vector>
 
-namespace android {
+namespace keystore {
 
-struct keymaster_key_characteristics_t_Delete {
-    void operator()(keymaster_key_characteristics_t* characteristics) const {
-        keymaster_free_characteristics(characteristics);
-        delete characteristics;
-    }
-};
-typedef std::unique_ptr<keymaster_key_characteristics_t, keymaster_key_characteristics_t_Delete>
-    Unique_keymaster_key_characteristics;
+using ::android::IBinder;
+using ::android::sp;
 
 /**
- * OperationMap handles the translation of keymaster_operation_handle_t's and
- * keymaster2_device_t's to opaque binder tokens that can be used to reference
- * that operation at a later time by applications. It also does LRU tracking
- * for operation pruning and keeps a mapping of clients to operations to allow
- * for graceful handling of application death.
+ * OperationMap handles the translation of uint64_t's and keymaster2_device_t's to opaque binder
+ * tokens that can be used to reference that operation at a later time by applications. It also does
+ * LRU tracking for operation pruning and keeps a mapping of clients to operations to allow for
+ * graceful handling of application death.
  */
+
 class OperationMap {
-public:
+    typedef ::android::sp<::android::hardware::keymaster::V3_0::IKeymasterDevice> km_device_t;
+
+  public:
     explicit OperationMap(IBinder::DeathRecipient* deathRecipient);
-    sp<IBinder> addOperation(keymaster_operation_handle_t handle, uint64_t keyid,
-                             keymaster_purpose_t purpose, const keymaster2_device_t* dev,
-                             const sp<IBinder>& appToken, keymaster_key_characteristics_t* characteristics,
-                             bool pruneable);
-    bool getOperation(const sp<IBinder>& token, keymaster_operation_handle_t* outHandle,
-                      uint64_t* outKeyid, keymaster_purpose_t* outPurpose,
-                      const keymaster2_device_t** outDev,
-                      const keymaster_key_characteristics_t** outCharacteristics);
-    bool removeOperation(const sp<IBinder>& token);
+    android::sp<android::IBinder> addOperation(uint64_t handle, uint64_t keyid, KeyPurpose purpose,
+                                               const km_device_t& dev,
+                                               const android::sp<android::IBinder>& appToken,
+                                               KeyCharacteristics&& characteristics,
+                                               bool pruneable);
+    bool getOperation(const android::sp<android::IBinder>& token, uint64_t* outHandle,
+                      uint64_t* outKeyid, KeyPurpose* outPurpose, km_device_t* outDev,
+                      const KeyCharacteristics** outCharacteristics);
+    bool removeOperation(const android::sp<android::IBinder>& token);
     bool hasPruneableOperation() const;
     size_t getOperationCount() const { return mMap.size(); }
     size_t getPruneableOperationCount() const;
-    bool getOperationAuthToken(const sp<IBinder>& token, const hw_auth_token_t** outToken);
-    bool setOperationAuthToken(const sp<IBinder>& token, const hw_auth_token_t* authToken);
-    sp<IBinder> getOldestPruneableOperation();
-    std::vector<sp<IBinder>> getOperationsForToken(const sp<IBinder>& appToken);
+    bool getOperationAuthToken(const android::sp<android::IBinder>& token,
+                               const HardwareAuthToken** outToken);
+    bool setOperationAuthToken(const android::sp<android::IBinder>& token,
+                               const HardwareAuthToken* authToken);
+    android::sp<android::IBinder> getOldestPruneableOperation();
+    std::vector<android::sp<android::IBinder>>
+    getOperationsForToken(const android::sp<android::IBinder>& appToken);
 
-private:
-    void updateLru(const sp<IBinder>& token);
-    void removeOperationTracking(const sp<IBinder>& token, const sp<IBinder>& appToken);
+  private:
+    void updateLru(const android::sp<android::IBinder>& token);
+    void removeOperationTracking(const android::sp<android::IBinder>& token,
+                                 const android::sp<android::IBinder>& appToken);
     struct Operation {
         Operation();
-        Operation(keymaster_operation_handle_t handle, uint64_t keyid, keymaster_purpose_t purpose,
-                  const keymaster2_device_t* device,
-                  keymaster_key_characteristics_t* characteristics, sp<IBinder> appToken);
-        keymaster_operation_handle_t handle;
+        Operation(uint64_t handle, uint64_t keyid, KeyPurpose purpose, const km_device_t& device,
+                  KeyCharacteristics&& characteristics, android::sp<android::IBinder> appToken);
+        uint64_t handle;
         uint64_t keyid;
-        keymaster_purpose_t purpose;
-        const keymaster2_device_t* device;
-        Unique_keymaster_key_characteristics characteristics;
-        sp<IBinder> appToken;
-        std::unique_ptr<hw_auth_token_t> authToken;
+        KeyPurpose purpose;
+        km_device_t device;
+        KeyCharacteristics characteristics;
+        android::sp<android::IBinder> appToken;
+        std::unique_ptr<HardwareAuthToken> authToken;
     };
-    std::map<sp<IBinder>, struct Operation> mMap;
-    std::vector<sp<IBinder>> mLru;
-    std::map<sp<IBinder>, std::vector<sp<IBinder>>> mAppTokenMap;
-    IBinder::DeathRecipient* mDeathRecipient;
+    std::map<android::sp<android::IBinder>, Operation> mMap;
+    std::vector<android::sp<android::IBinder>> mLru;
+    std::map<android::sp<android::IBinder>, std::vector<android::sp<android::IBinder>>>
+        mAppTokenMap;
+    android::IBinder::DeathRecipient* mDeathRecipient;
 };
-} // namespace android
+
+}  // namespace keystore
+
 #endif