diff options
author | Shawn Willden <swillden@google.com> | 2018-01-18 15:35:46 -0700 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2018-01-18 15:38:55 -0700 |
commit | eedcfe96d1b4517eb5201a8557aedc00d806c88a (patch) | |
tree | 0602f3045e6a978fe8ef46d917f9fff570a82048 | |
parent | 64b967b99b49efacd5f849354a42771ef1cb5a29 (diff) | |
download | security-eedcfe96d1b4517eb5201a8557aedc00d806c88a.tar.gz |
Move Keymaster wrappers to the KM4 support lib
Test: CTS
Change-Id: Id84de1d4bcc9643ffa24a678ad5d0d2385baec5e
-rw-r--r-- | keystore/Android.bp | 2 | ||||
-rw-r--r-- | keystore/KeyStore.h | 4 | ||||
-rw-r--r-- | keystore/Keymaster.h | 52 | ||||
-rw-r--r-- | keystore/Keymaster3.cpp | 287 | ||||
-rw-r--r-- | keystore/Keymaster3.h | 124 | ||||
-rw-r--r-- | keystore/Keymaster4.cpp | 39 | ||||
-rw-r--r-- | keystore/Keymaster4.h | 148 | ||||
-rw-r--r-- | keystore/keystore_main.cpp | 12 | ||||
-rw-r--r-- | keystore/operation.h | 4 |
9 files changed, 10 insertions, 662 deletions
diff --git a/keystore/Android.bp b/keystore/Android.bp index de11ec63..c97862a6 100644 --- a/keystore/Android.bp +++ b/keystore/Android.bp @@ -22,8 +22,6 @@ cc_binary { srcs: [ ":IKeyAttestationApplicationIdProvider.aidl", "KeyStore.cpp", - "Keymaster3.cpp", - "Keymaster4.cpp", "auth_token_table.cpp", "blob.cpp", "entropy.cpp", diff --git a/keystore/KeyStore.h b/keystore/KeyStore.h index cfc5c31a..23476d21 100644 --- a/keystore/KeyStore.h +++ b/keystore/KeyStore.h @@ -18,12 +18,11 @@ #define KEYSTORE_KEYSTORE_H_ #include <android/hardware/keymaster/3.0/IKeymasterDevice.h> - +#include <keymasterV4_0/Keymaster.h> #include <utils/Vector.h> #include <keystore/keymaster_types.h> -#include "Keymaster.h" #include "blob.h" #include "grant_store.h" #include "user_state.h" @@ -31,6 +30,7 @@ namespace keystore { using ::android::sp; +using keymaster::support::Keymaster; class KeymasterDevices : public std::array<sp<Keymaster>, 3> { public: diff --git a/keystore/Keymaster.h b/keystore/Keymaster.h deleted file mode 100644 index 4712eec1..00000000 --- a/keystore/Keymaster.h +++ /dev/null @@ -1,52 +0,0 @@ -/* - ** - ** Copyright 2017, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ - -#ifndef SYSTEM_SECURITY_KEYSTORE_KEYMASTER__H_ -#define SYSTEM_SECURITY_KEYSTORE_KEYMASTER__H_ - -#include <keystore/keymaster_types.h> - -namespace keystore { - -/** - * Keymaster abstracts the underlying Keymaster device. It will always inherit from the latest - * keymaster HAL interface, and there will be one subclass which is a trivial passthrough, for - * devices that actually support the latest version. One or more additional subclasses will handle - * wrapping older HAL versions, if needed. - * - * The reason for adding this additional layer, rather than simply using the latest HAL directly and - * subclassing it to wrap any older HAL, is because this provides a place to put additional - * methods which keystore can use when it needs to distinguish between different underlying HAL - * versions, while still having to use only the latest interface. - */ -class Keymaster : public keymaster::IKeymasterDevice { - public: - virtual ~Keymaster() {} - - struct VersionResult { - ErrorCode error; - uint8_t majorVersion; - SecurityLevel securityLevel; - bool supportsEc; - }; - - virtual VersionResult halVersion() = 0; -}; - -} // namespace keystore - -#endif // SYSTEM_SECURITY_KEYSTORE_KEYMASTER_DEVICE_H_ diff --git a/keystore/Keymaster3.cpp b/keystore/Keymaster3.cpp deleted file mode 100644 index 9ca6a085..00000000 --- a/keystore/Keymaster3.cpp +++ /dev/null @@ -1,287 +0,0 @@ -/* - ** - ** Copyright 2017, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ - -#include "Keymaster3.h" - -#include <android-base/logging.h> - -#include <keystore/keystore_hidl_support.h> - -namespace keystore { - -namespace oldkeymaster = ::android::hardware::keymaster::V3_0; -using android::hardware::details::StatusOf; - -namespace { - -ErrorCode convert(oldkeymaster::ErrorCode error) { - return static_cast<ErrorCode>(error); -} - -oldkeymaster::KeyPurpose convert(KeyPurpose purpose) { - return static_cast<oldkeymaster::KeyPurpose>(purpose); -} - -oldkeymaster::KeyFormat convert(KeyFormat purpose) { - return static_cast<oldkeymaster::KeyFormat>(purpose); -} - -oldkeymaster::KeyParameter convert(const KeyParameter& param) { - oldkeymaster::KeyParameter converted; - converted.tag = static_cast<oldkeymaster::Tag>(param.tag); - static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match"); - memcpy(&converted.f, ¶m.f, sizeof(param.f)); - converted.blob = param.blob; - return converted; -} - -KeyParameter convert(const oldkeymaster::KeyParameter& param) { - KeyParameter converted; - converted.tag = static_cast<Tag>(param.tag); - static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match"); - memcpy(&converted.f, ¶m.f, sizeof(param.f)); - converted.blob = param.blob; - return converted; -} - -hidl_vec<oldkeymaster::KeyParameter> convert(const hidl_vec<KeyParameter>& params) { - hidl_vec<oldkeymaster::KeyParameter> converted(params.size()); - for (size_t i = 0; i < params.size(); ++i) { - converted[i] = convert(params[i]); - } - return converted; -} - -hidl_vec<KeyParameter> convert(const hidl_vec<oldkeymaster::KeyParameter>& params) { - hidl_vec<KeyParameter> converted(params.size()); - for (size_t i = 0; i < params.size(); ++i) { - converted[i] = convert(params[i]); - } - return converted; -} - -hidl_vec<oldkeymaster::KeyParameter> convertAndAddAuthToken(const hidl_vec<KeyParameter>& params, - const HardwareAuthToken& authToken) { - hidl_vec<oldkeymaster::KeyParameter> converted(params.size() + 1); - for (size_t i = 0; i < params.size(); ++i) { - converted[i] = convert(params[i]); - } - converted[params.size()].tag = oldkeymaster::Tag::AUTH_TOKEN; - converted[params.size()].blob = authToken2HidlVec(authToken); - - return converted; -} - -KeyCharacteristics convert(const oldkeymaster::KeyCharacteristics& chars) { - KeyCharacteristics converted; - converted.hardwareEnforced = convert(chars.teeEnforced); - converted.softwareEnforced = convert(chars.softwareEnforced); - return converted; -} - -} // namespace - -void Keymaster3::getVersionIfNeeded() { - if (haveVersion_) return; - - auto rc = km3_dev_->getHardwareFeatures( - [&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography, - bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName, - const hidl_string& keymasterAuthorName) { - securityLevel_ = - isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE; - supportsEllipticCurve_ = supportsEllipticCurve; - supportsSymmetricCryptography_ = supportsSymmetricCryptography; - supportsAttestation_ = supportsAttestation; - supportsAllDigests_ = supportsAllDigests; - keymasterName_ = keymasterName; - authorName_ = keymasterAuthorName; - }); - - CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features"; - - if (securityLevel_ == SecurityLevel::SOFTWARE) { - majorVersion_ = 3; - } else if (supportsAttestation_) { - majorVersion_ = 3; // Could be 2, doesn't matter. - } else if (supportsSymmetricCryptography_) { - majorVersion_ = 1; - } else { - majorVersion_ = 0; - } -} - -Keymaster::VersionResult Keymaster3::halVersion() { - getVersionIfNeeded(); - return {ErrorCode::OK, majorVersion_, securityLevel_, supportsEllipticCurve_}; -} - -Return<void> Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb) { - getVersionIfNeeded(); - _hidl_cb(securityLevel_, keymasterName_ + " (wrapped by keystore::Keymaster3)", authorName_); - return Void(); -} - -Return<ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) { - auto rc = km3_dev_->addRngEntropy(data); - if (!rc.isOk()) { - return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc); - } - return convert(rc); -} - -Return<void> Keymaster3::generateKey(const hidl_vec<KeyParameter>& keyParams, - generateKey_cb _hidl_cb) { - auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyBlob, - const oldkeymaster::KeyCharacteristics& characteristics) { - _hidl_cb(convert(error), keyBlob, convert(characteristics)); - }; - auto rc = km3_dev_->generateKey(convert(keyParams), cb); - rc.isOk(); // move ctor prereq - return rc; -} - -Return<void> Keymaster3::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob, - const hidl_vec<uint8_t>& clientId, - const hidl_vec<uint8_t>& appData, - getKeyCharacteristics_cb _hidl_cb) { - auto cb = [&](oldkeymaster::ErrorCode error, const oldkeymaster::KeyCharacteristics& chars) { - _hidl_cb(convert(error), convert(chars)); - }; - - auto rc = km3_dev_->getKeyCharacteristics(keyBlob, clientId, appData, cb); - rc.isOk(); // move ctor prereq - return rc; -} - -Return<void> Keymaster3::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat, - const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) { - auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyBlob, - const oldkeymaster::KeyCharacteristics& chars) { - _hidl_cb(convert(error), keyBlob, convert(chars)); - }; - auto rc = km3_dev_->importKey(convert(params), convert(keyFormat), keyData, cb); - rc.isOk(); // move ctor prereq - return rc; -} - -Return<void> Keymaster3::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob, - const hidl_vec<uint8_t>& clientId, - const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) { - auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyMaterial) { - _hidl_cb(convert(error), keyMaterial); - }; - auto rc = km3_dev_->exportKey(convert(exportFormat), keyBlob, clientId, appData, cb); - rc.isOk(); // move ctor prereq - return rc; -} - -Return<void> Keymaster3::attestKey(const hidl_vec<uint8_t>& keyToAttest, - const hidl_vec<KeyParameter>& attestParams, - attestKey_cb _hidl_cb) { - auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<hidl_vec<uint8_t>>& certChain) { - _hidl_cb(convert(error), certChain); - }; - auto rc = km3_dev_->attestKey(keyToAttest, convert(attestParams), cb); - rc.isOk(); // move ctor prereq - return rc; -} - -Return<void> Keymaster3::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade, - const hidl_vec<KeyParameter>& upgradeParams, - upgradeKey_cb _hidl_cb) { - auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& upgradedKeyBlob) { - _hidl_cb(convert(error), upgradedKeyBlob); - }; - auto rc = km3_dev_->upgradeKey(keyBlobToUpgrade, convert(upgradeParams), cb); - rc.isOk(); // move ctor prereq - return rc; -} - -Return<ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) { - auto rc = km3_dev_->deleteKey(keyBlob); - if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc); - return convert(rc); -} - -Return<ErrorCode> Keymaster3::deleteAllKeys() { - auto rc = km3_dev_->deleteAllKeys(); - if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc); - return convert(rc); -} - -Return<ErrorCode> Keymaster3::destroyAttestationIds() { - auto rc = km3_dev_->destroyAttestationIds(); - if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc); - return convert(rc); -} - -Return<void> Keymaster3::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key, - const hidl_vec<KeyParameter>& inParams, - const HardwareAuthToken& authToken, begin_cb _hidl_cb) { - auto cb = [&](oldkeymaster::ErrorCode error, - const hidl_vec<oldkeymaster::KeyParameter>& outParams, - OperationHandle operationHandle) { - _hidl_cb(convert(error), convert(outParams), operationHandle); - }; - - auto rc = - km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb); - rc.isOk(); // move ctor prereq - return rc; -} - -Return<void> Keymaster3::update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams, - const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken, - const VerificationToken& /* verificationToken */, - update_cb _hidl_cb) { - auto cb = [&](oldkeymaster::ErrorCode error, uint32_t inputConsumed, - const hidl_vec<oldkeymaster::KeyParameter>& outParams, - const hidl_vec<uint8_t>& output) { - _hidl_cb(convert(error), inputConsumed, convert(outParams), output); - }; - - auto rc = - km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input, cb); - rc.isOk(); // move ctor prereq - return rc; -} - -Return<void> Keymaster3::finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams, - const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature, - const HardwareAuthToken& authToken, - const VerificationToken& /* verificationToken */, - finish_cb _hidl_cb) { - auto cb = [&](oldkeymaster::ErrorCode error, - const hidl_vec<oldkeymaster::KeyParameter>& outParams, - const hidl_vec<uint8_t>& output) { - _hidl_cb(convert(error), convert(outParams), output); - }; - - auto rc = km3_dev_->finish(operationHandle, convertAndAddAuthToken(inParams, authToken), input, - signature, cb); - rc.isOk(); // move ctor prereq - return rc; -} - -Return<ErrorCode> Keymaster3::abort(uint64_t operationHandle) { - auto rc = km3_dev_->abort(operationHandle); - if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc); - return convert(rc); -} - -} // namespace keystore diff --git a/keystore/Keymaster3.h b/keystore/Keymaster3.h deleted file mode 100644 index 6d74a126..00000000 --- a/keystore/Keymaster3.h +++ /dev/null @@ -1,124 +0,0 @@ -/* - ** - ** Copyright 2017, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ - -#ifndef KEYMASTER_3_DEVICE_WRAPPER_H_ -#define KEYMASTER_3_DEVICE_WRAPPER_H_ - -#include <android/hardware/keymaster/3.0/IKeymasterDevice.h> -#include <keystore/keymaster_types.h> - -#include "Keymaster.h" - -namespace keystore { - -using IKeymaster3Device = ::android::hardware::keymaster::V3_0::IKeymasterDevice; - -using ::android::sp; -using ::android::hardware::hidl_string; -using ::android::hardware::hidl_vec; -using ::android::hardware::Return; -using ::android::hardware::Void; -using ::android::hardware::details::return_status; - -class Keymaster3 : public Keymaster { - public: - using WrappedIKeymasterDevice = IKeymaster3Device; - Keymaster3(sp<IKeymaster3Device> km3_dev) : km3_dev_(km3_dev), haveVersion_(false) {} - - VersionResult halVersion() override; - - Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb); - - Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override { - _hidl_cb(ErrorCode::UNIMPLEMENTED, {}); - return Void(); - } - - Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>&, - computeSharedHmac_cb _hidl_cb) override { - _hidl_cb(ErrorCode::UNIMPLEMENTED, {}); - return Void(); - } - - Return<void> verifyAuthorization(uint64_t, const hidl_vec<KeyParameter>&, - const HardwareAuthToken&, - verifyAuthorization_cb _hidl_cb) override { - _hidl_cb(ErrorCode::UNIMPLEMENTED, {}); - return Void(); - } - - Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override; - Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams, - generateKey_cb _hidl_cb) override; - Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob, - const hidl_vec<uint8_t>& clientId, - const hidl_vec<uint8_t>& appData, - getKeyCharacteristics_cb _hidl_cb) override; - Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat, - const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override; - - Return<void> importWrappedKey(const hidl_vec<uint8_t>&, const hidl_vec<uint8_t>&, - const hidl_vec<uint8_t>&, importWrappedKey_cb _hidl_cb) { - _hidl_cb(ErrorCode::UNIMPLEMENTED, {}, {}); - return Void(); - } - - Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob, - const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData, - exportKey_cb _hidl_cb) override; - Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest, - const hidl_vec<KeyParameter>& attestParams, - attestKey_cb _hidl_cb) override; - Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade, - const hidl_vec<KeyParameter>& upgradeParams, - upgradeKey_cb _hidl_cb) override; - Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override; - Return<ErrorCode> deleteAllKeys() override; - Return<ErrorCode> destroyAttestationIds() override; - Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key, - const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken, - begin_cb _hidl_cb) override; - Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams, - const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken, - const VerificationToken& verificationToken, update_cb _hidl_cb) override; - Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams, - const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature, - const HardwareAuthToken& authToken, - const VerificationToken& verificationToken, finish_cb _hidl_cb) override; - Return<ErrorCode> abort(uint64_t operationHandle) override; - - private: - void getVersionIfNeeded(); - - sp<IKeymaster3Device> km3_dev_; - - bool haveVersion_; - uint8_t majorVersion_; - SecurityLevel securityLevel_; - bool supportsEllipticCurve_; - bool supportsSymmetricCryptography_; - bool supportsAttestation_; - bool supportsAllDigests_; - std::string keymasterName_; - std::string authorName_; -}; - -sp<IKeymaster3Device> makeSoftwareKeymasterDevice(); - -} // namespace keystore - -#endif // KEYMASTER_3_DEVICE_WRAPPER_H_ diff --git a/keystore/Keymaster4.cpp b/keystore/Keymaster4.cpp deleted file mode 100644 index 3edfb533..00000000 --- a/keystore/Keymaster4.cpp +++ /dev/null @@ -1,39 +0,0 @@ -/* -** -** Copyright 2017, The Android Open Source Project -** -** Licensed under the Apache License, Version 2.0 (the "License"); -** you may not use this file except in compliance with the License. -** You may obtain a copy of the License at -** -** http://www.apache.org/licenses/LICENSE-2.0 -** -** Unless required by applicable law or agreed to in writing, software -** distributed under the License is distributed on an "AS IS" BASIS, -** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -** See the License for the specific language governing permissions and -** limitations under the License. -*/ -#include "Keymaster4.h" - -#include <android-base/logging.h> - -namespace keystore { - -void Keymaster4::getVersionIfNeeded() { - if (haveVersion_) return; - - auto rc = dev_->getHardwareInfo([&](SecurityLevel securityLevel, auto...) { - securityLevel_ = securityLevel; - haveVersion_ = true; - }); - - CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware info"; -} - -Keymaster::VersionResult Keymaster4::halVersion() { - getVersionIfNeeded(); - return {ErrorCode::OK, halMajorVersion(), securityLevel_, true}; -} - -} // namespace keystore diff --git a/keystore/Keymaster4.h b/keystore/Keymaster4.h deleted file mode 100644 index 53ca08ad..00000000 --- a/keystore/Keymaster4.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - ** - ** Copyright 2017, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ - -#ifndef KEYSTORE_KEYMASTER_4_H_ -#define KEYSTORE_KEYMASTER_4_H_ - -#include <keystore/keymaster_types.h> -#include <utils/StrongPointer.h> - -#include "Keymaster.h" - -namespace keystore { - -using android::sp; -using IKeymaster4Device = ::android::hardware::keymaster::V4_0::IKeymasterDevice; - -class Keymaster4 : public Keymaster { - public: - using WrappedIKeymasterDevice = IKeymaster4Device; - Keymaster4(sp<IKeymasterDevice> km4_dev) : haveVersion_(false), dev_(km4_dev) {} - - uint8_t halMajorVersion() { return 4; } - - VersionResult halVersion() override; - - Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb) override { - return dev_->getHardwareInfo(_hidl_cb); - } - - Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override { - return dev_->getHmacSharingParameters(_hidl_cb); - } - - Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>& params, - computeSharedHmac_cb _hidl_cb) override { - return dev_->computeSharedHmac(params, _hidl_cb); - } - - Return<void> verifyAuthorization(uint64_t operationHandle, const hidl_vec<KeyParameter>& params, - const HardwareAuthToken& authToken, - verifyAuthorization_cb _hidl_cb) override { - return dev_->verifyAuthorization(operationHandle, params, authToken, _hidl_cb); - } - - Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override { - return dev_->addRngEntropy(data); - } - - Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams, - generateKey_cb _hidl_cb) override { - return dev_->generateKey(keyParams, _hidl_cb); - } - - Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob, - const hidl_vec<uint8_t>& clientId, - const hidl_vec<uint8_t>& appData, - getKeyCharacteristics_cb _hidl_cb) override { - return dev_->getKeyCharacteristics(keyBlob, clientId, appData, _hidl_cb); - } - - Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat, - const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override { - return dev_->importKey(params, keyFormat, keyData, _hidl_cb); - } - - Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData, - const hidl_vec<uint8_t>& wrappingKeyBlob, - const hidl_vec<uint8_t>& maskingKey, - importWrappedKey_cb _hidl_cb) { - return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, _hidl_cb); - } - - Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob, - const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData, - exportKey_cb _hidl_cb) override { - return dev_->exportKey(exportFormat, keyBlob, clientId, appData, _hidl_cb); - } - - Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest, - const hidl_vec<KeyParameter>& attestParams, - attestKey_cb _hidl_cb) override { - return dev_->attestKey(keyToAttest, attestParams, _hidl_cb); - } - - Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade, - const hidl_vec<KeyParameter>& upgradeParams, - upgradeKey_cb _hidl_cb) override { - return dev_->upgradeKey(keyBlobToUpgrade, upgradeParams, _hidl_cb); - } - - Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override { - return dev_->deleteKey(keyBlob); - } - - Return<ErrorCode> deleteAllKeys() override { return dev_->deleteAllKeys(); } - - Return<ErrorCode> destroyAttestationIds() override { return dev_->destroyAttestationIds(); } - - Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key, - const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken, - begin_cb _hidl_cb) override { - return dev_->begin(purpose, key, inParams, authToken, _hidl_cb); - } - - Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams, - const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken, - const VerificationToken& verificationToken, update_cb _hidl_cb) override { - return dev_->update(operationHandle, inParams, input, authToken, verificationToken, - _hidl_cb); - } - - Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams, - const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature, - const HardwareAuthToken& authToken, - const VerificationToken& verificationToken, finish_cb _hidl_cb) override { - return dev_->finish(operationHandle, inParams, input, signature, authToken, - verificationToken, _hidl_cb); - } - - Return<ErrorCode> abort(uint64_t operationHandle) override { - return dev_->abort(operationHandle); - } - - private: - void getVersionIfNeeded(); - - bool haveVersion_; - SecurityLevel securityLevel_; - sp<IKeymaster4Device> dev_; -}; - -} // namespace keystore - -#endif // KEYSTORE_KEYMASTER_3_H_ diff --git a/keystore/keystore_main.cpp b/keystore/keystore_main.cpp index d5e20bab..e1fdd3f8 100644 --- a/keystore/keystore_main.cpp +++ b/keystore/keystore_main.cpp @@ -23,6 +23,8 @@ #include <binder/IPCThreadState.h> #include <binder/IServiceManager.h> #include <hidl/HidlTransportSupport.h> +#include <keymasterV4_0/Keymaster3.h> +#include <keymasterV4_0/Keymaster4.h> #include <utils/StrongPointer.h> #include <wifikeystorehal/keystore.h> @@ -30,8 +32,6 @@ #include <keystore/keystore_return_types.h> #include "KeyStore.h" -#include "Keymaster3.h" -#include "Keymaster4.h" #include "entropy.h" #include "key_store_service.h" #include "legacy_keymaster_device_wrapper.h" @@ -54,9 +54,9 @@ using ::android::hardware::keymaster::V4_0::SecurityLevel; using ::android::hardware::keymaster::V4_0::HmacSharingParameters; using ::android::hardware::keymaster::V4_0::ErrorCode; -using keystore::Keymaster; -using keystore::Keymaster3; -using keystore::Keymaster4; +using ::keystore::keymaster::support::Keymaster; +using ::keystore::keymaster::support::Keymaster3; +using ::keystore::keymaster::support::Keymaster4; using keystore::KeymasterDevices; @@ -175,7 +175,7 @@ KeymasterDevices initializeKeymasters() { if (!result[SecurityLevel::SOFTWARE]) { auto fbdev = android::keystore::makeSoftwareKeymasterDevice(); CHECK(fbdev.get()) << "Unable to create Software Keymaster Device"; - result[SecurityLevel::SOFTWARE] = new keystore::Keymaster3(fbdev); + result[SecurityLevel::SOFTWARE] = new Keymaster3(fbdev); } return result; } diff --git a/keystore/operation.h b/keystore/operation.h index 6f640da6..0acb70c5 100644 --- a/keystore/operation.h +++ b/keystore/operation.h @@ -22,16 +22,16 @@ #include <binder/Binder.h> #include <binder/IBinder.h> +#include <keymasterV4_0/Keymaster.h> #include <utils/StrongPointer.h> #include <keystore/keymaster_types.h> -#include "Keymaster.h" - namespace keystore { using ::android::IBinder; using ::android::sp; +using keymaster::support::Keymaster; /** * OperationMap handles the translation of uint64_t's and keymaster2_device_t's to opaque binder |