Move Keymaster wrappers to the KM4 support lib

Test: CTS Change-Id: Id84de1d4bcc9643ffa24a678ad5d0d2385baec5e
author: Shawn Willden <swillden@google.com> 2018-01-18 15:35:46 -0700
committer: Shawn Willden <swillden@google.com> 2018-01-18 15:38:55 -0700
commit: eedcfe96d1b4517eb5201a8557aedc00d806c88a (patch)
tree: 0602f3045e6a978fe8ef46d917f9fff570a82048
parent: 64b967b99b49efacd5f849354a42771ef1cb5a29 (diff)
download: security-eedcfe96d1b4517eb5201a8557aedc00d806c88a.tar.gz
9 files changed, 10 insertions, 662 deletions
diff --git a/keystore/Android.bp b/keystore/Android.bp
index de11ec63..c97862a6 100644
--- a/keystore/Android.bp
+++ b/keystore/Android.bp
@@ -22,8 +22,6 @@ cc_binary {
     srcs: [
         ":IKeyAttestationApplicationIdProvider.aidl",
         "KeyStore.cpp",
-        "Keymaster3.cpp",
-        "Keymaster4.cpp",
         "auth_token_table.cpp",
         "blob.cpp",
         "entropy.cpp",
diff --git a/keystore/KeyStore.h b/keystore/KeyStore.h
index cfc5c31a..23476d21 100644
--- a/keystore/KeyStore.h
+++ b/keystore/KeyStore.h
@@ -18,12 +18,11 @@
 #define KEYSTORE_KEYSTORE_H_
 
 #include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
-
+#include <keymasterV4_0/Keymaster.h>
 #include <utils/Vector.h>
 
 #include <keystore/keymaster_types.h>
 
-#include "Keymaster.h"
 #include "blob.h"
 #include "grant_store.h"
 #include "user_state.h"
@@ -31,6 +30,7 @@
 namespace keystore {
 
 using ::android::sp;
+using keymaster::support::Keymaster;
 
 class KeymasterDevices : public std::array<sp<Keymaster>, 3> {
   public:
diff --git a/keystore/Keymaster.h b/keystore/Keymaster.h
deleted file mode 100644
index 4712eec1..00000000
--- a/keystore/Keymaster.h
+++ /dev/null
@@ -1,52 +0,0 @@
-/*
- **
- ** Copyright 2017, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- **     http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#ifndef SYSTEM_SECURITY_KEYSTORE_KEYMASTER__H_
-#define SYSTEM_SECURITY_KEYSTORE_KEYMASTER__H_
-
-#include <keystore/keymaster_types.h>
-
-namespace keystore {
-
-/**
- * Keymaster abstracts the underlying Keymaster device.  It will always inherit from the latest
- * keymaster HAL interface, and there will be one subclass which is a trivial passthrough, for
- * devices that actually support the latest version.  One or more additional subclasses will handle
- * wrapping older HAL versions, if needed.
- *
- * The reason for adding this additional layer, rather than simply using the latest HAL directly and
- * subclassing it to wrap any older HAL, is because this provides a place to put additional
- * methods which keystore can use when it needs to distinguish between different underlying HAL
- * versions, while still having to use only the latest interface.
- */
-class Keymaster : public keymaster::IKeymasterDevice {
-  public:
-    virtual ~Keymaster() {}
-
-    struct VersionResult {
-        ErrorCode error;
-        uint8_t majorVersion;
-        SecurityLevel securityLevel;
-        bool supportsEc;
-    };
-
-    virtual VersionResult halVersion() = 0;
-};
-
-}  // namespace keystore
-
-#endif  // SYSTEM_SECURITY_KEYSTORE_KEYMASTER_DEVICE_H_
diff --git a/keystore/Keymaster3.cpp b/keystore/Keymaster3.cpp
deleted file mode 100644
index 9ca6a085..00000000
--- a/keystore/Keymaster3.cpp
+++ /dev/null
@@ -1,287 +0,0 @@
-/*
- **
- ** Copyright 2017, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- **     http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#include "Keymaster3.h"
-
-#include <android-base/logging.h>
-
-#include <keystore/keystore_hidl_support.h>
-
-namespace keystore {
-
-namespace oldkeymaster = ::android::hardware::keymaster::V3_0;
-using android::hardware::details::StatusOf;
-
-namespace {
-
-ErrorCode convert(oldkeymaster::ErrorCode error) {
-    return static_cast<ErrorCode>(error);
-}
-
-oldkeymaster::KeyPurpose convert(KeyPurpose purpose) {
-    return static_cast<oldkeymaster::KeyPurpose>(purpose);
-}
-
-oldkeymaster::KeyFormat convert(KeyFormat purpose) {
-    return static_cast<oldkeymaster::KeyFormat>(purpose);
-}
-
-oldkeymaster::KeyParameter convert(const KeyParameter& param) {
-    oldkeymaster::KeyParameter converted;
-    converted.tag = static_cast<oldkeymaster::Tag>(param.tag);
-    static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
-    memcpy(&converted.f, &param.f, sizeof(param.f));
-    converted.blob = param.blob;
-    return converted;
-}
-
-KeyParameter convert(const oldkeymaster::KeyParameter& param) {
-    KeyParameter converted;
-    converted.tag = static_cast<Tag>(param.tag);
-    static_assert(sizeof(converted.f) == sizeof(param.f), "This function assumes sizes match");
-    memcpy(&converted.f, &param.f, sizeof(param.f));
-    converted.blob = param.blob;
-    return converted;
-}
-
-hidl_vec<oldkeymaster::KeyParameter> convert(const hidl_vec<KeyParameter>& params) {
-    hidl_vec<oldkeymaster::KeyParameter> converted(params.size());
-    for (size_t i = 0; i < params.size(); ++i) {
-        converted[i] = convert(params[i]);
-    }
-    return converted;
-}
-
-hidl_vec<KeyParameter> convert(const hidl_vec<oldkeymaster::KeyParameter>& params) {
-    hidl_vec<KeyParameter> converted(params.size());
-    for (size_t i = 0; i < params.size(); ++i) {
-        converted[i] = convert(params[i]);
-    }
-    return converted;
-}
-
-hidl_vec<oldkeymaster::KeyParameter> convertAndAddAuthToken(const hidl_vec<KeyParameter>& params,
-                                                            const HardwareAuthToken& authToken) {
-    hidl_vec<oldkeymaster::KeyParameter> converted(params.size() + 1);
-    for (size_t i = 0; i < params.size(); ++i) {
-        converted[i] = convert(params[i]);
-    }
-    converted[params.size()].tag = oldkeymaster::Tag::AUTH_TOKEN;
-    converted[params.size()].blob = authToken2HidlVec(authToken);
-
-    return converted;
-}
-
-KeyCharacteristics convert(const oldkeymaster::KeyCharacteristics& chars) {
-    KeyCharacteristics converted;
-    converted.hardwareEnforced = convert(chars.teeEnforced);
-    converted.softwareEnforced = convert(chars.softwareEnforced);
-    return converted;
-}
-
-}  // namespace
-
-void Keymaster3::getVersionIfNeeded() {
-    if (haveVersion_) return;
-
-    auto rc = km3_dev_->getHardwareFeatures(
-        [&](bool isSecure, bool supportsEllipticCurve, bool supportsSymmetricCryptography,
-            bool supportsAttestation, bool supportsAllDigests, const hidl_string& keymasterName,
-            const hidl_string& keymasterAuthorName) {
-            securityLevel_ =
-                isSecure ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE;
-            supportsEllipticCurve_ = supportsEllipticCurve;
-            supportsSymmetricCryptography_ = supportsSymmetricCryptography;
-            supportsAttestation_ = supportsAttestation;
-            supportsAllDigests_ = supportsAllDigests;
-            keymasterName_ = keymasterName;
-            authorName_ = keymasterAuthorName;
-        });
-
-    CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware features";
-
-    if (securityLevel_ == SecurityLevel::SOFTWARE) {
-        majorVersion_ = 3;
-    } else if (supportsAttestation_) {
-        majorVersion_ = 3;  // Could be 2, doesn't matter.
-    } else if (supportsSymmetricCryptography_) {
-        majorVersion_ = 1;
-    } else {
-        majorVersion_ = 0;
-    }
-}
-
-Keymaster::VersionResult Keymaster3::halVersion() {
-    getVersionIfNeeded();
-    return {ErrorCode::OK, majorVersion_, securityLevel_, supportsEllipticCurve_};
-}
-
-Return<void> Keymaster3::getHardwareInfo(Keymaster3::getHardwareInfo_cb _hidl_cb) {
-    getVersionIfNeeded();
-    _hidl_cb(securityLevel_, keymasterName_ + " (wrapped by keystore::Keymaster3)", authorName_);
-    return Void();
-}
-
-Return<ErrorCode> Keymaster3::addRngEntropy(const hidl_vec<uint8_t>& data) {
-    auto rc = km3_dev_->addRngEntropy(data);
-    if (!rc.isOk()) {
-        return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
-    }
-    return convert(rc);
-}
-
-Return<void> Keymaster3::generateKey(const hidl_vec<KeyParameter>& keyParams,
-                                     generateKey_cb _hidl_cb) {
-    auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
-                  const oldkeymaster::KeyCharacteristics& characteristics) {
-        _hidl_cb(convert(error), keyBlob, convert(characteristics));
-    };
-    auto rc = km3_dev_->generateKey(convert(keyParams), cb);
-    rc.isOk();  // move ctor prereq
-    return rc;
-}
-
-Return<void> Keymaster3::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
-                                               const hidl_vec<uint8_t>& clientId,
-                                               const hidl_vec<uint8_t>& appData,
-                                               getKeyCharacteristics_cb _hidl_cb) {
-    auto cb = [&](oldkeymaster::ErrorCode error, const oldkeymaster::KeyCharacteristics& chars) {
-        _hidl_cb(convert(error), convert(chars));
-    };
-
-    auto rc = km3_dev_->getKeyCharacteristics(keyBlob, clientId, appData, cb);
-    rc.isOk();  // move ctor prereq
-    return rc;
-}
-
-Return<void> Keymaster3::importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
-                                   const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) {
-    auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyBlob,
-                  const oldkeymaster::KeyCharacteristics& chars) {
-        _hidl_cb(convert(error), keyBlob, convert(chars));
-    };
-    auto rc = km3_dev_->importKey(convert(params), convert(keyFormat), keyData, cb);
-    rc.isOk();  // move ctor prereq
-    return rc;
-}
-
-Return<void> Keymaster3::exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
-                                   const hidl_vec<uint8_t>& clientId,
-                                   const hidl_vec<uint8_t>& appData, exportKey_cb _hidl_cb) {
-    auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& keyMaterial) {
-        _hidl_cb(convert(error), keyMaterial);
-    };
-    auto rc = km3_dev_->exportKey(convert(exportFormat), keyBlob, clientId, appData, cb);
-    rc.isOk();  // move ctor prereq
-    return rc;
-}
-
-Return<void> Keymaster3::attestKey(const hidl_vec<uint8_t>& keyToAttest,
-                                   const hidl_vec<KeyParameter>& attestParams,
-                                   attestKey_cb _hidl_cb) {
-    auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<hidl_vec<uint8_t>>& certChain) {
-        _hidl_cb(convert(error), certChain);
-    };
-    auto rc = km3_dev_->attestKey(keyToAttest, convert(attestParams), cb);
-    rc.isOk();  // move ctor prereq
-    return rc;
-}
-
-Return<void> Keymaster3::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
-                                    const hidl_vec<KeyParameter>& upgradeParams,
-                                    upgradeKey_cb _hidl_cb) {
-    auto cb = [&](oldkeymaster::ErrorCode error, const hidl_vec<uint8_t>& upgradedKeyBlob) {
-        _hidl_cb(convert(error), upgradedKeyBlob);
-    };
-    auto rc = km3_dev_->upgradeKey(keyBlobToUpgrade, convert(upgradeParams), cb);
-    rc.isOk();  // move ctor prereq
-    return rc;
-}
-
-Return<ErrorCode> Keymaster3::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
-    auto rc = km3_dev_->deleteKey(keyBlob);
-    if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
-    return convert(rc);
-}
-
-Return<ErrorCode> Keymaster3::deleteAllKeys() {
-    auto rc = km3_dev_->deleteAllKeys();
-    if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
-    return convert(rc);
-}
-
-Return<ErrorCode> Keymaster3::destroyAttestationIds() {
-    auto rc = km3_dev_->destroyAttestationIds();
-    if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
-    return convert(rc);
-}
-
-Return<void> Keymaster3::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
-                               const hidl_vec<KeyParameter>& inParams,
-                               const HardwareAuthToken& authToken, begin_cb _hidl_cb) {
-    auto cb = [&](oldkeymaster::ErrorCode error,
-                  const hidl_vec<oldkeymaster::KeyParameter>& outParams,
-                  OperationHandle operationHandle) {
-        _hidl_cb(convert(error), convert(outParams), operationHandle);
-    };
-
-    auto rc =
-        km3_dev_->begin(convert(purpose), key, convertAndAddAuthToken(inParams, authToken), cb);
-    rc.isOk();  // move ctor prereq
-    return rc;
-}
-
-Return<void> Keymaster3::update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
-                                const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
-                                const VerificationToken& /* verificationToken */,
-                                update_cb _hidl_cb) {
-    auto cb = [&](oldkeymaster::ErrorCode error, uint32_t inputConsumed,
-                  const hidl_vec<oldkeymaster::KeyParameter>& outParams,
-                  const hidl_vec<uint8_t>& output) {
-        _hidl_cb(convert(error), inputConsumed, convert(outParams), output);
-    };
-
-    auto rc =
-        km3_dev_->update(operationHandle, convertAndAddAuthToken(inParams, authToken), input, cb);
-    rc.isOk();  // move ctor prereq
-    return rc;
-}
-
-Return<void> Keymaster3::finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
-                                const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
-                                const HardwareAuthToken& authToken,
-                                const VerificationToken& /* verificationToken */,
-                                finish_cb _hidl_cb) {
-    auto cb = [&](oldkeymaster::ErrorCode error,
-                  const hidl_vec<oldkeymaster::KeyParameter>& outParams,
-                  const hidl_vec<uint8_t>& output) {
-        _hidl_cb(convert(error), convert(outParams), output);
-    };
-
-    auto rc = km3_dev_->finish(operationHandle, convertAndAddAuthToken(inParams, authToken), input,
-                               signature, cb);
-    rc.isOk();  // move ctor prereq
-    return rc;
-}
-
-Return<ErrorCode> Keymaster3::abort(uint64_t operationHandle) {
-    auto rc = km3_dev_->abort(operationHandle);
-    if (!rc.isOk()) return StatusOf<oldkeymaster::ErrorCode, ErrorCode>(rc);
-    return convert(rc);
-}
-
-}  // namespace keystore
diff --git a/keystore/Keymaster3.h b/keystore/Keymaster3.h
deleted file mode 100644
index 6d74a126..00000000
--- a/keystore/Keymaster3.h
+++ /dev/null
@@ -1,124 +0,0 @@
-/*
- **
- ** Copyright 2017, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- **     http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#ifndef KEYMASTER_3_DEVICE_WRAPPER_H_
-#define KEYMASTER_3_DEVICE_WRAPPER_H_
-
-#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
-#include <keystore/keymaster_types.h>
-
-#include "Keymaster.h"
-
-namespace keystore {
-
-using IKeymaster3Device = ::android::hardware::keymaster::V3_0::IKeymasterDevice;
-
-using ::android::sp;
-using ::android::hardware::hidl_string;
-using ::android::hardware::hidl_vec;
-using ::android::hardware::Return;
-using ::android::hardware::Void;
-using ::android::hardware::details::return_status;
-
-class Keymaster3 : public Keymaster {
-  public:
-    using WrappedIKeymasterDevice = IKeymaster3Device;
-    Keymaster3(sp<IKeymaster3Device> km3_dev) : km3_dev_(km3_dev), haveVersion_(false) {}
-
-    VersionResult halVersion() override;
-
-    Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb);
-
-    Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override {
-        _hidl_cb(ErrorCode::UNIMPLEMENTED, {});
-        return Void();
-    }
-
-    Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>&,
-                                   computeSharedHmac_cb _hidl_cb) override {
-        _hidl_cb(ErrorCode::UNIMPLEMENTED, {});
-        return Void();
-    }
-
-    Return<void> verifyAuthorization(uint64_t, const hidl_vec<KeyParameter>&,
-                                     const HardwareAuthToken&,
-                                     verifyAuthorization_cb _hidl_cb) override {
-        _hidl_cb(ErrorCode::UNIMPLEMENTED, {});
-        return Void();
-    }
-
-    Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override;
-    Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
-                             generateKey_cb _hidl_cb) override;
-    Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
-                                       const hidl_vec<uint8_t>& clientId,
-                                       const hidl_vec<uint8_t>& appData,
-                                       getKeyCharacteristics_cb _hidl_cb) override;
-    Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
-                           const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override;
-
-    Return<void> importWrappedKey(const hidl_vec<uint8_t>&, const hidl_vec<uint8_t>&,
-                                  const hidl_vec<uint8_t>&, importWrappedKey_cb _hidl_cb) {
-        _hidl_cb(ErrorCode::UNIMPLEMENTED, {}, {});
-        return Void();
-    }
-
-    Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
-                           const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
-                           exportKey_cb _hidl_cb) override;
-    Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
-                           const hidl_vec<KeyParameter>& attestParams,
-                           attestKey_cb _hidl_cb) override;
-    Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
-                            const hidl_vec<KeyParameter>& upgradeParams,
-                            upgradeKey_cb _hidl_cb) override;
-    Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override;
-    Return<ErrorCode> deleteAllKeys() override;
-    Return<ErrorCode> destroyAttestationIds() override;
-    Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
-                       const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
-                       begin_cb _hidl_cb) override;
-    Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
-                        const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
-                        const VerificationToken& verificationToken, update_cb _hidl_cb) override;
-    Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
-                        const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
-                        const HardwareAuthToken& authToken,
-                        const VerificationToken& verificationToken, finish_cb _hidl_cb) override;
-    Return<ErrorCode> abort(uint64_t operationHandle) override;
-
-  private:
-    void getVersionIfNeeded();
-
-    sp<IKeymaster3Device> km3_dev_;
-
-    bool haveVersion_;
-    uint8_t majorVersion_;
-    SecurityLevel securityLevel_;
-    bool supportsEllipticCurve_;
-    bool supportsSymmetricCryptography_;
-    bool supportsAttestation_;
-    bool supportsAllDigests_;
-    std::string keymasterName_;
-    std::string authorName_;
-};
-
-sp<IKeymaster3Device> makeSoftwareKeymasterDevice();
-
-}  // namespace keystore
-
-#endif  // KEYMASTER_3_DEVICE_WRAPPER_H_
diff --git a/keystore/Keymaster4.cpp b/keystore/Keymaster4.cpp
deleted file mode 100644
index 3edfb533..00000000
--- a/keystore/Keymaster4.cpp
+++ /dev/null
@@ -1,39 +0,0 @@
-/*
-**
-** Copyright 2017, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-**     http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
-#include "Keymaster4.h"
-
-#include <android-base/logging.h>
-
-namespace keystore {
-
-void Keymaster4::getVersionIfNeeded() {
-    if (haveVersion_) return;
-
-    auto rc = dev_->getHardwareInfo([&](SecurityLevel securityLevel, auto...) {
-        securityLevel_ = securityLevel;
-        haveVersion_ = true;
-    });
-
-    CHECK(rc.isOk()) << "Got error " << rc.description() << " trying to get hardware info";
-}
-
-Keymaster::VersionResult Keymaster4::halVersion() {
-    getVersionIfNeeded();
-    return {ErrorCode::OK, halMajorVersion(), securityLevel_, true};
-}
-
-}  // namespace keystore
diff --git a/keystore/Keymaster4.h b/keystore/Keymaster4.h
deleted file mode 100644
index 53ca08ad..00000000
--- a/keystore/Keymaster4.h
+++ /dev/null
@@ -1,148 +0,0 @@
-/*
- **
- ** Copyright 2017, The Android Open Source Project
- **
- ** Licensed under the Apache License, Version 2.0 (the "License");
- ** you may not use this file except in compliance with the License.
- ** You may obtain a copy of the License at
- **
- **     http://www.apache.org/licenses/LICENSE-2.0
- **
- ** Unless required by applicable law or agreed to in writing, software
- ** distributed under the License is distributed on an "AS IS" BASIS,
- ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- ** See the License for the specific language governing permissions and
- ** limitations under the License.
- */
-
-#ifndef KEYSTORE_KEYMASTER_4_H_
-#define KEYSTORE_KEYMASTER_4_H_
-
-#include <keystore/keymaster_types.h>
-#include <utils/StrongPointer.h>
-
-#include "Keymaster.h"
-
-namespace keystore {
-
-using android::sp;
-using IKeymaster4Device = ::android::hardware::keymaster::V4_0::IKeymasterDevice;
-
-class Keymaster4 : public Keymaster {
-  public:
-    using WrappedIKeymasterDevice = IKeymaster4Device;
-    Keymaster4(sp<IKeymasterDevice> km4_dev) : haveVersion_(false), dev_(km4_dev) {}
-
-    uint8_t halMajorVersion() { return 4; }
-
-    VersionResult halVersion() override;
-
-    Return<void> getHardwareInfo(getHardwareInfo_cb _hidl_cb) override {
-        return dev_->getHardwareInfo(_hidl_cb);
-    }
-
-    Return<void> getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override {
-        return dev_->getHmacSharingParameters(_hidl_cb);
-    }
-
-    Return<void> computeSharedHmac(const hidl_vec<HmacSharingParameters>& params,
-                                   computeSharedHmac_cb _hidl_cb) override {
-        return dev_->computeSharedHmac(params, _hidl_cb);
-    }
-
-    Return<void> verifyAuthorization(uint64_t operationHandle, const hidl_vec<KeyParameter>& params,
-                                     const HardwareAuthToken& authToken,
-                                     verifyAuthorization_cb _hidl_cb) override {
-        return dev_->verifyAuthorization(operationHandle, params, authToken, _hidl_cb);
-    }
-
-    Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override {
-        return dev_->addRngEntropy(data);
-    }
-
-    Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
-                             generateKey_cb _hidl_cb) override {
-        return dev_->generateKey(keyParams, _hidl_cb);
-    }
-
-    Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
-                                       const hidl_vec<uint8_t>& clientId,
-                                       const hidl_vec<uint8_t>& appData,
-                                       getKeyCharacteristics_cb _hidl_cb) override {
-        return dev_->getKeyCharacteristics(keyBlob, clientId, appData, _hidl_cb);
-    }
-
-    Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
-                           const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override {
-        return dev_->importKey(params, keyFormat, keyData, _hidl_cb);
-    }
-
-    Return<void> importWrappedKey(const hidl_vec<uint8_t>& wrappedKeyData,
-                                  const hidl_vec<uint8_t>& wrappingKeyBlob,
-                                  const hidl_vec<uint8_t>& maskingKey,
-                                  importWrappedKey_cb _hidl_cb) {
-        return dev_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, _hidl_cb);
-    }
-
-    Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
-                           const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
-                           exportKey_cb _hidl_cb) override {
-        return dev_->exportKey(exportFormat, keyBlob, clientId, appData, _hidl_cb);
-    }
-
-    Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
-                           const hidl_vec<KeyParameter>& attestParams,
-                           attestKey_cb _hidl_cb) override {
-        return dev_->attestKey(keyToAttest, attestParams, _hidl_cb);
-    }
-
-    Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
-                            const hidl_vec<KeyParameter>& upgradeParams,
-                            upgradeKey_cb _hidl_cb) override {
-        return dev_->upgradeKey(keyBlobToUpgrade, upgradeParams, _hidl_cb);
-    }
-
-    Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override {
-        return dev_->deleteKey(keyBlob);
-    }
-
-    Return<ErrorCode> deleteAllKeys() override { return dev_->deleteAllKeys(); }
-
-    Return<ErrorCode> destroyAttestationIds() override { return dev_->destroyAttestationIds(); }
-
-    Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
-                       const hidl_vec<KeyParameter>& inParams, const HardwareAuthToken& authToken,
-                       begin_cb _hidl_cb) override {
-        return dev_->begin(purpose, key, inParams, authToken, _hidl_cb);
-    }
-
-    Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
-                        const hidl_vec<uint8_t>& input, const HardwareAuthToken& authToken,
-                        const VerificationToken& verificationToken, update_cb _hidl_cb) override {
-        return dev_->update(operationHandle, inParams, input, authToken, verificationToken,
-                            _hidl_cb);
-    }
-
-    Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
-                        const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
-                        const HardwareAuthToken& authToken,
-                        const VerificationToken& verificationToken, finish_cb _hidl_cb) override {
-        return dev_->finish(operationHandle, inParams, input, signature, authToken,
-                            verificationToken, _hidl_cb);
-    }
-
-    Return<ErrorCode> abort(uint64_t operationHandle) override {
-        return dev_->abort(operationHandle);
-    }
-
-  private:
-    void getVersionIfNeeded();
-
-    bool haveVersion_;
-    SecurityLevel securityLevel_;
-    sp<IKeymaster4Device> dev_;
-};
-
-}  // namespace keystore
-
-#endif  // KEYSTORE_KEYMASTER_3_H_
diff --git a/keystore/keystore_main.cpp b/keystore/keystore_main.cpp
index d5e20bab..e1fdd3f8 100644
--- a/keystore/keystore_main.cpp
+++ b/keystore/keystore_main.cpp
@@ -23,6 +23,8 @@
 #include <binder/IPCThreadState.h>
 #include <binder/IServiceManager.h>
 #include <hidl/HidlTransportSupport.h>
+#include <keymasterV4_0/Keymaster3.h>
+#include <keymasterV4_0/Keymaster4.h>
 #include <utils/StrongPointer.h>
 #include <wifikeystorehal/keystore.h>
 
@@ -30,8 +32,6 @@
 #include <keystore/keystore_return_types.h>
 
 #include "KeyStore.h"
-#include "Keymaster3.h"
-#include "Keymaster4.h"
 #include "entropy.h"
 #include "key_store_service.h"
 #include "legacy_keymaster_device_wrapper.h"
@@ -54,9 +54,9 @@ using ::android::hardware::keymaster::V4_0::SecurityLevel;
 using ::android::hardware::keymaster::V4_0::HmacSharingParameters;
 using ::android::hardware::keymaster::V4_0::ErrorCode;
 
-using keystore::Keymaster;
-using keystore::Keymaster3;
-using keystore::Keymaster4;
+using ::keystore::keymaster::support::Keymaster;
+using ::keystore::keymaster::support::Keymaster3;
+using ::keystore::keymaster::support::Keymaster4;
 
 using keystore::KeymasterDevices;
 
@@ -175,7 +175,7 @@ KeymasterDevices initializeKeymasters() {
     if (!result[SecurityLevel::SOFTWARE]) {
         auto fbdev = android::keystore::makeSoftwareKeymasterDevice();
         CHECK(fbdev.get()) << "Unable to create Software Keymaster Device";
-        result[SecurityLevel::SOFTWARE] = new keystore::Keymaster3(fbdev);
+        result[SecurityLevel::SOFTWARE] = new Keymaster3(fbdev);
     }
     return result;
 }
diff --git a/keystore/operation.h b/keystore/operation.h
index 6f640da6..0acb70c5 100644
--- a/keystore/operation.h
+++ b/keystore/operation.h
@@ -22,16 +22,16 @@
 
 #include <binder/Binder.h>
 #include <binder/IBinder.h>
+#include <keymasterV4_0/Keymaster.h>
 #include <utils/StrongPointer.h>
 
 #include <keystore/keymaster_types.h>
 
-#include "Keymaster.h"
-
 namespace keystore {
 
 using ::android::IBinder;
 using ::android::sp;
+using keymaster::support::Keymaster;
 
 /**
  * OperationMap handles the translation of uint64_t's and keymaster2_device_t's to opaque binder
author	Shawn Willden <swillden@google.com>	2018-01-18 15:35:46 -0700
committer	Shawn Willden <swillden@google.com>	2018-01-18 15:38:55 -0700
commit	eedcfe96d1b4517eb5201a8557aedc00d806c88a (patch)
tree	0602f3045e6a978fe8ef46d917f9fff570a82048
parent	64b967b99b49efacd5f849354a42771ef1cb5a29 (diff)
download	security-eedcfe96d1b4517eb5201a8557aedc00d806c88a.tar.gz