Move Keymaster wrappers to the KM4 support lib
Test: CTS
Change-Id: Id84de1d4bcc9643ffa24a678ad5d0d2385baec5e
diff --git a/keystore/Android.bp b/keystore/Android.bp
index de11ec6..c97862a 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -22,8 +22,6 @@
srcs: [
":IKeyAttestationApplicationIdProvider.aidl",
"KeyStore.cpp",
- "Keymaster3.cpp",
- "Keymaster4.cpp",
"auth_token_table.cpp",
"blob.cpp",
"entropy.cpp",
diff --git a/keystore/KeyStore.h b/keystore/KeyStore.h
index cfc5c31..23476d2 100644
--- a/keystore/KeyStore.h
+++ b/keystore/KeyStore.h
@@ -18,12 +18,11 @@
#define KEYSTORE_KEYSTORE_H_
#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
-
+#include <keymasterV4_0/Keymaster.h>
#include <utils/Vector.h>
#include <keystore/keymaster_types.h>
-#include "Keymaster.h"
#include "blob.h"
#include "grant_store.h"
#include "user_state.h"
@@ -31,6 +30,7 @@
namespace keystore {
using ::android::sp;
+using keymaster::support::Keymaster;
class KeymasterDevices : public std::array<sp<Keymaster>, 3> {
public:
diff --git a/keystore/Keymaster.h b/keystore/Keymaster.h
deleted file mode 100644
index 4712eec..0000000
--- a/keystore/Keymaster.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- **
- ** Copyright 2017, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- ** http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#ifndef SYSTEM_SECURITY_KEYSTORE_KEYMASTER__H_
-#define SYSTEM_SECURITY_KEYSTORE_KEYMASTER__H_
-
-#include <keystore/keymaster_types.h>
-
-namespace keystore {
-
-/**
- * Keymaster abstracts the underlying Keymaster device. It will always inherit from the latest
- * keymaster HAL interface, and there will be one subclass which is a trivial passthrough, for
- * devices that actually support the latest version. One or more additional subclasses will handle
- * wrapping older HAL versions, if needed.
- *
- * The reason for adding this additional layer, rather than simply using the latest HAL directly and
- * subclassing it to wrap any older HAL, is because this provides a place to put additional
- * methods which keystore can use when it needs to distinguish between different underlying HAL
- * versions, while still having to use only the latest interface.
- */
-class Keymaster : public keymaster::IKeymasterDevice {
- public:
- virtual ~Keymaster() {}
-
- struct VersionResult {
- ErrorCode error;
- uint8_t majorVersion;
- SecurityLevel securityLevel;
- bool supportsEc;
- };
-
- virtual VersionResult halVersion() = 0;
-};
-
-} // namespace keystore
-
-#endif // SYSTEM_SECURITY_KEYSTORE_KEYMASTER_DEVICE_H_
diff --git a/keystore/Keymaster3.cpp b/keystore/Keymaster3.cpp
deleted file mode 100644
index 9ca6a08..0000000
--- a/keystore/Keymaster3.cpp
+++ /dev/null
@@ -1,287 +0,0 @@
-/*
- **
- ** Copyright 2017, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- ** http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#include "Keymaster3.h"
-
-#include <android-base/logging.h>
-
-#include <keystore/keystore_hidl_support.h>
-
-namespace keystore {
-
-namespace oldkeymaster = ::android::hardware::keymaster::V3_0;
-using android::hardware::details::StatusOf;
-
-namespace {
-
-ErrorCode convert(oldkeymaster::ErrorCode error) {
- return static_cast<ErrorCode>(error);
-}
-
-oldkeymaster::KeyPurpose convert(KeyPurpose purpose) {
- return static_cast<oldkeymaster::KeyPurpose>(purpose);
-}
-
-oldkeymaster::KeyFormat convert(KeyFormat purpose) {
- return static_cast<oldkeymaster::KeyFormat>(purpose);
-}
-
-oldkeymaster::KeyParameter convert(const KeyParameter& param) {
- oldkeymaster::KeyParameter converted;
- converted.tag = static_cast<oldkeymaster::Tag>(param.tag);
- static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
- memcpy(&converted.f, ¶m.f, sizeof(param.f));
- converted.blob = param.blob;
- return converted;
-}
-
-KeyParameter convert(const oldkeymaster::KeyParameter& param) {
- KeyParameter converted;
- converted.tag = static_cast<Tag>(param.tag);
- static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
- memcpy(&converted.f, ¶m.f, sizeof(param.f));
- converted.blob = param.blob;
- return converted;
-}
-
-hidl_vec<oldkeymaster::KeyParameter> convert(const hidl_vec<KeyParameter>& params) {
- hidl_vec<oldkeymaster::KeyParameter> converted(params.size());
- for (size_t i = 0; i < params.size(); ++i) {
- converted[i] = convert(params[i]);
- }
- return converted;
-}
-
-hidl_vec<KeyParameter> convert(const hidl_vec<oldkeymaster::KeyParameter>& params) {
- hidl_vec<KeyParameter> converted(params.size());
- for (size_t i = 0; i < params.size(); ++i) {
- converted[i] = convert(params[i]);
- }
- return converted;
-}
-
-hidl_vec<oldkeymaster::KeyParameter> convertAndAddAuthToken(const hidl_vec<KeyParameter>& params,
- const HardwareAuthToken& authToken) {
- hidl_vec<oldkeymaster::KeyParameter> converted(params.size() + 1);
- for (size_t i = 0; i < params.size(); ++i) {
- converted[i] = convert(params[i]);
- }
- converted[params.size()].tag = oldkeymaster::Tag::AUTH_TOKEN;
- converted[params.size()].blob = authToken2HidlVec(authToken);
-
- return converted;
-}
-
-KeyCharacteristics convert(const oldkeymaster::KeyCharacteristics& chars) {
- KeyCharacteristics converted;
- converted.hardwareEnforced = convert(chars.teeEnforced);
- converted.softwareEnforced = convert(chars.softwareEnforced);
- return converted;
-}
-
-} // namespace
-
-void Keymaster3::getVersionIfNeeded() {
- if (haveVersion_) return;
-
- auto rc = km3_dev_->getHardwareFeatures(
- [&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
- bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName,
- const hidl_string& keymasterAuthorName) {
- securityLevel_ =
- isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE;
- supportsEllipticCurve_ = supportsEllipticCurve;
- supportsSymmetricCryptography_ = supportsSymmetricCryptography;
- supportsAttestation_ = supportsAttestation;
- supportsAllDigests_ = supportsAllDigests;
- keymasterName_ = keymasterName;
- authorName_ = keymasterAuthorName;
- });
-
- CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features";
-
- if (securityLevel_ == SecurityLevel::SOFTWARE) {
- majorVersion_ = 3;
- } else if (supportsAttestation_) {
- majorVersion_ = 3; // Could be 2, doesn't matter.
- } else if (supportsSymmetricCryptography_) {
- majorVersion_ = 1;
- } else {
- majorVersion_ = 0;
- }
-}
-
-Keymaster::VersionResult Keymaster3::halVersion() {
- getVersionIfNeeded();
- return {ErrorCode::OK, majorVersion_, securityLevel_, supportsEllipticCurve_};
-}
-
-Return<void> Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb) {
- getVersionIfNeeded();
- _hidl_cb(securityLevel_, keymasterName_ + " (wrapped by keystore::Keymaster3)", authorName_);
- return Void();
-}
-
-Return<ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) {
- auto rc = km3_dev_->addRngEntropy(data);
- if (!rc.isOk()) {
- return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
- }
- return convert(rc);
-}
-
-Return<void> Keymaster3::generateKey(const hidl_vec<KeyParameter>& keyParams,
- generateKey_cb _hidl_cb) {
- auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
- const oldkeymaster::KeyCharacteristics& characteristics) {
- _hidl_cb(convert(error), keyBlob, convert(characteristics));
- };
- auto rc = km3_dev_->generateKey(convert(keyParams), cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<void> Keymaster3::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
- const hidl_vec<uint8_t>& clientId,
- const hidl_vec<uint8_t>& appData,
- getKeyCharacteristics_cb _hidl_cb) {
- auto cb = [&](oldkeymaster::ErrorCode error, const oldkeymaster::KeyCharacteristics& chars) {
- _hidl_cb(convert(error), convert(chars));
- };
-
- auto rc = km3_dev_->getKeyCharacteristics(keyBlob, clientId, appData, cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<void> Keymaster3::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
- const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) {
- auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
- const oldkeymaster::KeyCharacteristics& chars) {
- _hidl_cb(convert(error), keyBlob, convert(chars));
- };
- auto rc = km3_dev_->importKey(convert(params), convert(keyFormat), keyData, cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<void> Keymaster3::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
- const hidl_vec<uint8_t>& clientId,
- const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) {
- auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyMaterial) {
- _hidl_cb(convert(error), keyMaterial);
- };
- auto rc = km3_dev_->exportKey(convert(exportFormat), keyBlob, clientId, appData, cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<void> Keymaster3::attestKey(const hidl_vec<uint8_t>& keyToAttest,
- const hidl_vec<KeyParameter>& attestParams,
- attestKey_cb _hidl_cb) {
- auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<hidl_vec<uint8_t>>& certChain) {
- _hidl_cb(convert(error), certChain);
- };
- auto rc = km3_dev_->attestKey(keyToAttest, convert(attestParams), cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<void> Keymaster3::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
- const hidl_vec<KeyParameter>& upgradeParams,
- upgradeKey_cb _hidl_cb) {
- auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& upgradedKeyBlob) {
- _hidl_cb(convert(error), upgradedKeyBlob);
- };
- auto rc = km3_dev_->upgradeKey(keyBlobToUpgrade, convert(upgradeParams), cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
- auto rc = km3_dev_->deleteKey(keyBlob);
- if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
- return convert(rc);
-}
-
-Return<ErrorCode> Keymaster3::deleteAllKeys() {
- auto rc = km3_dev_->deleteAllKeys();
- if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
- return convert(rc);
-}
-
-Return<ErrorCode> Keymaster3::destroyAttestationIds() {
- auto rc = km3_dev_->destroyAttestationIds();
- if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
- return convert(rc);
-}
-
-Return<void> Keymaster3::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
- const hidl_vec<KeyParameter>& inParams,
- const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
- auto cb = [&](oldkeymaster::ErrorCode error,
- const hidl_vec<oldkeymaster::KeyParameter>& outParams,
- OperationHandle operationHandle) {
- _hidl_cb(convert(error), convert(outParams), operationHandle);
- };
-
- auto rc =
- km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<void> Keymaster3::update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
- const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
- const VerificationToken& /* verificationToken */,
- update_cb _hidl_cb) {
- auto cb = [&](oldkeymaster::ErrorCode error, uint32_t inputConsumed,
- const hidl_vec<oldkeymaster::KeyParameter>& outParams,
- const hidl_vec<uint8_t>& output) {
- _hidl_cb(convert(error), inputConsumed, convert(outParams), output);
- };
-
- auto rc =
- km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input, cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<void> Keymaster3::finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
- const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
- const HardwareAuthToken& authToken,
- const VerificationToken& /* verificationToken */,
- finish_cb _hidl_cb) {
- auto cb = [&](oldkeymaster::ErrorCode error,
- const hidl_vec<oldkeymaster::KeyParameter>& outParams,
- const hidl_vec<uint8_t>& output) {
- _hidl_cb(convert(error), convert(outParams), output);
- };
-
- auto rc = km3_dev_->finish(operationHandle, convertAndAddAuthToken(inParams, authToken), input,
- signature, cb);
- rc.isOk(); // move ctor prereq
- return rc;
-}
-
-Return<ErrorCode> Keymaster3::abort(uint64_t operationHandle) {
- auto rc = km3_dev_->abort(operationHandle);
- if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
- return convert(rc);
-}
-
-} // namespace keystore
diff --git a/keystore/Keymaster3.h b/keystore/Keymaster3.h
deleted file mode 100644
index 6d74a12..0000000
--- a/keystore/Keymaster3.h
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- **
- ** Copyright 2017, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- ** http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#ifndef KEYMASTER_3_DEVICE_WRAPPER_H_
-#define KEYMASTER_3_DEVICE_WRAPPER_H_
-
-#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
-#include <keystore/keymaster_types.h>
-
-#include "Keymaster.h"
-
-namespace keystore {
-
-using IKeymaster3Device = ::android::hardware::keymaster::V3_0::IKeymasterDevice;
-
-using ::android::sp;
-using ::android::hardware::hidl_string;
-using ::android::hardware::hidl_vec;
-using ::android::hardware::Return;
-using ::android::hardware::Void;
-using ::android::hardware::details::return_status;
-
-class Keymaster3 : public Keymaster {
- public:
- using WrappedIKeymasterDevice = IKeymaster3Device;
- Keymaster3(sp<IKeymaster3Device> km3_dev) : km3_dev_(km3_dev), haveVersion_(false) {}
-
- VersionResult halVersion() override;
-
- Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb);
-
- Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override {
- _hidl_cb(ErrorCode::UNIMPLEMENTED, {});
- return Void();
- }
-
- Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>&,
- computeSharedHmac_cb _hidl_cb) override {
- _hidl_cb(ErrorCode::UNIMPLEMENTED, {});
- return Void();
- }
-
- Return<void> verifyAuthorization(uint64_t, const hidl_vec<KeyParameter>&,
- const HardwareAuthToken&,
- verifyAuthorization_cb _hidl_cb) override {
- _hidl_cb(ErrorCode::UNIMPLEMENTED, {});
- return Void();
- }
-
- Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override;
- Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
- generateKey_cb _hidl_cb) override;
- Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
- const hidl_vec<uint8_t>& clientId,
- const hidl_vec<uint8_t>& appData,
- getKeyCharacteristics_cb _hidl_cb) override;
- Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
- const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override;
-
- Return<void> importWrappedKey(const hidl_vec<uint8_t>&, const hidl_vec<uint8_t>&,
- const hidl_vec<uint8_t>&, importWrappedKey_cb _hidl_cb) {
- _hidl_cb(ErrorCode::UNIMPLEMENTED, {}, {});
- return Void();
- }
-
- Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
- const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
- exportKey_cb _hidl_cb) override;
- Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
- const hidl_vec<KeyParameter>& attestParams,
- attestKey_cb _hidl_cb) override;
- Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
- const hidl_vec<KeyParameter>& upgradeParams,
- upgradeKey_cb _hidl_cb) override;
- Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override;
- Return<ErrorCode> deleteAllKeys() override;
- Return<ErrorCode> destroyAttestationIds() override;
- Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
- const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
- begin_cb _hidl_cb) override;
- Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
- const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
- const VerificationToken& verificationToken, update_cb _hidl_cb) override;
- Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
- const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
- const HardwareAuthToken& authToken,
- const VerificationToken& verificationToken, finish_cb _hidl_cb) override;
- Return<ErrorCode> abort(uint64_t operationHandle) override;
-
- private:
- void getVersionIfNeeded();
-
- sp<IKeymaster3Device> km3_dev_;
-
- bool haveVersion_;
- uint8_t majorVersion_;
- SecurityLevel securityLevel_;
- bool supportsEllipticCurve_;
- bool supportsSymmetricCryptography_;
- bool supportsAttestation_;
- bool supportsAllDigests_;
- std::string keymasterName_;
- std::string authorName_;
-};
-
-sp<IKeymaster3Device> makeSoftwareKeymasterDevice();
-
-} // namespace keystore
-
-#endif // KEYMASTER_3_DEVICE_WRAPPER_H_
diff --git a/keystore/Keymaster4.cpp b/keystore/Keymaster4.cpp
deleted file mode 100644
index 3edfb53..0000000
--- a/keystore/Keymaster4.cpp
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
-**
-** Copyright 2017, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
-#include "Keymaster4.h"
-
-#include <android-base/logging.h>
-
-namespace keystore {
-
-void Keymaster4::getVersionIfNeeded() {
- if (haveVersion_) return;
-
- auto rc = dev_->getHardwareInfo([&](SecurityLevel securityLevel, auto...) {
- securityLevel_ = securityLevel;
- haveVersion_ = true;
- });
-
- CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware info";
-}
-
-Keymaster::VersionResult Keymaster4::halVersion() {
- getVersionIfNeeded();
- return {ErrorCode::OK, halMajorVersion(), securityLevel_, true};
-}
-
-} // namespace keystore
diff --git a/keystore/Keymaster4.h b/keystore/Keymaster4.h
deleted file mode 100644
index 53ca08a..0000000
--- a/keystore/Keymaster4.h
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- **
- ** Copyright 2017, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- ** http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#ifndef KEYSTORE_KEYMASTER_4_H_
-#define KEYSTORE_KEYMASTER_4_H_
-
-#include <keystore/keymaster_types.h>
-#include <utils/StrongPointer.h>
-
-#include "Keymaster.h"
-
-namespace keystore {
-
-using android::sp;
-using IKeymaster4Device = ::android::hardware::keymaster::V4_0::IKeymasterDevice;
-
-class Keymaster4 : public Keymaster {
- public:
- using WrappedIKeymasterDevice = IKeymaster4Device;
- Keymaster4(sp<IKeymasterDevice> km4_dev) : haveVersion_(false), dev_(km4_dev) {}
-
- uint8_t halMajorVersion() { return 4; }
-
- VersionResult halVersion() override;
-
- Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb) override {
- return dev_->getHardwareInfo(_hidl_cb);
- }
-
- Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override {
- return dev_->getHmacSharingParameters(_hidl_cb);
- }
-
- Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>& params,
- computeSharedHmac_cb _hidl_cb) override {
- return dev_->computeSharedHmac(params, _hidl_cb);
- }
-
- Return<void> verifyAuthorization(uint64_t operationHandle, const hidl_vec<KeyParameter>& params,
- const HardwareAuthToken& authToken,
- verifyAuthorization_cb _hidl_cb) override {
- return dev_->verifyAuthorization(operationHandle, params, authToken, _hidl_cb);
- }
-
- Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override {
- return dev_->addRngEntropy(data);
- }
-
- Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
- generateKey_cb _hidl_cb) override {
- return dev_->generateKey(keyParams, _hidl_cb);
- }
-
- Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
- const hidl_vec<uint8_t>& clientId,
- const hidl_vec<uint8_t>& appData,
- getKeyCharacteristics_cb _hidl_cb) override {
- return dev_->getKeyCharacteristics(keyBlob, clientId, appData, _hidl_cb);
- }
-
- Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
- const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override {
- return dev_->importKey(params, keyFormat, keyData, _hidl_cb);
- }
-
- Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
- const hidl_vec<uint8_t>& wrappingKeyBlob,
- const hidl_vec<uint8_t>& maskingKey,
- importWrappedKey_cb _hidl_cb) {
- return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, _hidl_cb);
- }
-
- Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
- const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
- exportKey_cb _hidl_cb) override {
- return dev_->exportKey(exportFormat, keyBlob, clientId, appData, _hidl_cb);
- }
-
- Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
- const hidl_vec<KeyParameter>& attestParams,
- attestKey_cb _hidl_cb) override {
- return dev_->attestKey(keyToAttest, attestParams, _hidl_cb);
- }
-
- Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
- const hidl_vec<KeyParameter>& upgradeParams,
- upgradeKey_cb _hidl_cb) override {
- return dev_->upgradeKey(keyBlobToUpgrade, upgradeParams, _hidl_cb);
- }
-
- Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override {
- return dev_->deleteKey(keyBlob);
- }
-
- Return<ErrorCode> deleteAllKeys() override { return dev_->deleteAllKeys(); }
-
- Return<ErrorCode> destroyAttestationIds() override { return dev_->destroyAttestationIds(); }
-
- Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
- const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
- begin_cb _hidl_cb) override {
- return dev_->begin(purpose, key, inParams, authToken, _hidl_cb);
- }
-
- Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
- const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
- const VerificationToken& verificationToken, update_cb _hidl_cb) override {
- return dev_->update(operationHandle, inParams, input, authToken, verificationToken,
- _hidl_cb);
- }
-
- Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
- const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
- const HardwareAuthToken& authToken,
- const VerificationToken& verificationToken, finish_cb _hidl_cb) override {
- return dev_->finish(operationHandle, inParams, input, signature, authToken,
- verificationToken, _hidl_cb);
- }
-
- Return<ErrorCode> abort(uint64_t operationHandle) override {
- return dev_->abort(operationHandle);
- }
-
- private:
- void getVersionIfNeeded();
-
- bool haveVersion_;
- SecurityLevel securityLevel_;
- sp<IKeymaster4Device> dev_;
-};
-
-} // namespace keystore
-
-#endif // KEYSTORE_KEYMASTER_3_H_
diff --git a/keystore/keystore_main.cpp b/keystore/keystore_main.cpp
index d5e20ba..e1fdd3f 100644
--- a/keystore/keystore_main.cpp
+++ b/keystore/keystore_main.cpp
@@ -23,6 +23,8 @@
#include <binder/IPCThreadState.h>
#include <binder/IServiceManager.h>
#include <hidl/HidlTransportSupport.h>
+#include <keymasterV4_0/Keymaster3.h>
+#include <keymasterV4_0/Keymaster4.h>
#include <utils/StrongPointer.h>
#include <wifikeystorehal/keystore.h>
@@ -30,8 +32,6 @@
#include <keystore/keystore_return_types.h>
#include "KeyStore.h"
-#include "Keymaster3.h"
-#include "Keymaster4.h"
#include "entropy.h"
#include "key_store_service.h"
#include "legacy_keymaster_device_wrapper.h"
@@ -54,9 +54,9 @@
using ::android::hardware::keymaster::V4_0::HmacSharingParameters;
using ::android::hardware::keymaster::V4_0::ErrorCode;
-using keystore::Keymaster;
-using keystore::Keymaster3;
-using keystore::Keymaster4;
+using ::keystore::keymaster::support::Keymaster;
+using ::keystore::keymaster::support::Keymaster3;
+using ::keystore::keymaster::support::Keymaster4;
using keystore::KeymasterDevices;
@@ -175,7 +175,7 @@
if (!result[SecurityLevel::SOFTWARE]) {
auto fbdev = android::keystore::makeSoftwareKeymasterDevice();
CHECK(fbdev.get()) << "Unable to create Software Keymaster Device";
- result[SecurityLevel::SOFTWARE] = new keystore::Keymaster3(fbdev);
+ result[SecurityLevel::SOFTWARE] = new Keymaster3(fbdev);
}
return result;
}
diff --git a/keystore/operation.h b/keystore/operation.h
index 6f640da..0acb70c 100644
--- a/keystore/operation.h
+++ b/keystore/operation.h
@@ -22,16 +22,16 @@
#include <binder/Binder.h>
#include <binder/IBinder.h>
+#include <keymasterV4_0/Keymaster.h>
#include <utils/StrongPointer.h>
#include <keystore/keymaster_types.h>
-#include "Keymaster.h"
-
namespace keystore {
using ::android::IBinder;
using ::android::sp;
+using keymaster::support::Keymaster;
/**
* OperationMap handles the translation of uint64_t's and keymaster2_device_t's to opaque binder