diff options
| author | Dmitry Dementyev <dementyev@google.com> | 2017-10-27 23:09:53 -0700 |
|---|---|---|
| committer | Dmitry Dementyev <dementyev@google.com> | 2017-11-16 18:35:51 -0800 |
| commit | a447b3c9af62540abcc2d01a4d62124838ffe89d (patch) | |
| tree | 985c942242f35e3e105b744a063a276f98063056 /keystore/include | |
| parent | 1cb37a76815f2f1b1371d466f9c9b4b51163a777 (diff) | |
| download | security-a447b3c9af62540abcc2d01a4d62124838ffe89d.tar.gz | |
Get rid of manually created IKeystoreService.
Generated IKeystoreService has different signature, which required lots
of refactoring.
After update methods relevant data using last parameter.
Test: cts-tradefed run cts -m CtsKeystoreTestCases
Bug: 68389643
Change-Id: I0ca36a2e9e007143a3b403b306a8f979ee98b232
Diffstat (limited to 'keystore/include')
| -rw-r--r-- | keystore/include/keystore/ExportResult.h | 47 | ||||
| -rw-r--r-- | keystore/include/keystore/IKeystoreService.h | 254 | ||||
| -rw-r--r-- | keystore/include/keystore/KeyAttestationApplicationId.h | 5 | ||||
| -rw-r--r-- | keystore/include/keystore/KeyCharacteristics.h | 47 | ||||
| -rw-r--r-- | keystore/include/keystore/KeymasterArguments.h | 46 | ||||
| -rw-r--r-- | keystore/include/keystore/KeymasterBlob.h | 42 | ||||
| -rw-r--r-- | keystore/include/keystore/KeymasterCertificateChain.h | 44 | ||||
| -rw-r--r-- | keystore/include/keystore/KeystoreArg.h | 50 | ||||
| -rw-r--r-- | keystore/include/keystore/KeystoreArguments.h | 40 | ||||
| -rw-r--r-- | keystore/include/keystore/OperationResult.h | 46 | ||||
| -rw-r--r-- | keystore/include/keystore/keystore.h | 1 | ||||
| -rw-r--r-- | keystore/include/keystore/keystore_client.h | 51 | ||||
| -rw-r--r-- | keystore/include/keystore/keystore_client_impl.h | 51 | ||||
| -rw-r--r-- | keystore/include/keystore/keystore_client_mock.h | 2 | ||||
| -rw-r--r-- | keystore/include/keystore/keystore_get.h | 2 | ||||
| -rw-r--r-- | keystore/include/keystore/keystore_return_types.h | 9 |
16 files changed, 424 insertions, 313 deletions
diff --git a/keystore/include/keystore/ExportResult.h b/keystore/include/keystore/ExportResult.h new file mode 100644 index 00000000..c85f5ab2 --- /dev/null +++ b/keystore/include/keystore/ExportResult.h @@ -0,0 +1,47 @@ +// Copyright 2017 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef KEYSTORE_INCLUDE_KEYSTORE_EXPORTRESULT_H_ +#define KEYSTORE_INCLUDE_KEYSTORE_EXPORTRESULT_H_ + +#include <stdint.h> + +#include <memory> +#include <vector> + +#include <binder/Parcelable.h> +#include <hardware/keymaster_defs.h> + +#include "keystore_return_types.h" +#include "utils.h" + +namespace android { +namespace security { +namespace keymaster { + +struct ExportResult : public ::android::Parcelable { + ExportResult(); + ~ExportResult(); + status_t readFromParcel(const Parcel* in) override; + status_t writeToParcel(Parcel* out) const override; + + ::keystore::KeyStoreServiceReturnCode resultCode; + hardware::hidl_vec<uint8_t> exportData; +}; + +} // namespace keymaster +} // namespace security +} // namespace android + +#endif // KEYSTORE_INCLUDE_KEYSTORE_EXPORTRESULT_H_ diff --git a/keystore/include/keystore/IKeystoreService.h b/keystore/include/keystore/IKeystoreService.h deleted file mode 100644 index a0456796..00000000 --- a/keystore/include/keystore/IKeystoreService.h +++ /dev/null @@ -1,254 +0,0 @@ -/* - * Copyright (C) 2012 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#ifndef KEYSTORE_IKEYSTORESERVICE_H -#define KEYSTORE_IKEYSTORESERVICE_H - -#include "keystore.h" -#include "keystore_return_types.h" -#include <binder/IInterface.h> -#include <binder/Parcel.h> -#include <keystore/keymaster_tags.h> -#include <utils/RefBase.h> -#include <vector> - -namespace android { - -class KeystoreArg : public RefBase { - public: - KeystoreArg(const void* data, size_t len); - ~KeystoreArg(); - - const void* data() const; - size_t size() const; - - private: - const void* mData; - size_t mSize; -}; - -struct MallocDeleter { - void operator()(uint8_t* p) { free(p); } -}; - -// struct for serializing the results of begin/update/finish -struct OperationResult : public ::android::Parcelable { - OperationResult(); - ~OperationResult(); - status_t readFromParcel(const Parcel* in) override; - status_t writeToParcel(Parcel* out) const override; - - ::keystore::KeyStoreServiceReturnCode resultCode; - sp<IBinder> token; - uint64_t handle; - int inputConsumed; - ::keystore::hidl_vec<uint8_t> data; - ::keystore::hidl_vec<::keystore::KeyParameter> outParams; -}; - -// struct for serializing the results of export -struct ExportResult : public ::android::Parcelable { - ExportResult(); - ~ExportResult(); - status_t readFromParcel(const Parcel* in) override; - status_t writeToParcel(Parcel* out) const override; - - ::keystore::KeyStoreServiceReturnCode resultCode; - ::keystore::hidl_vec<uint8_t> exportData; -}; - -/* - * This must be kept manually in sync with frameworks/base's IKeystoreService.java - */ -class IKeystoreService : public IInterface { - public: - enum { - GET_STATE = IBinder::FIRST_CALL_TRANSACTION + 0, - GET = IBinder::FIRST_CALL_TRANSACTION + 1, - INSERT = IBinder::FIRST_CALL_TRANSACTION + 2, - DEL = IBinder::FIRST_CALL_TRANSACTION + 3, - EXIST = IBinder::FIRST_CALL_TRANSACTION + 4, - LIST = IBinder::FIRST_CALL_TRANSACTION + 5, - RESET = IBinder::FIRST_CALL_TRANSACTION + 6, - ON_USER_PASSWORD_CHANGED = IBinder::FIRST_CALL_TRANSACTION + 7, - LOCK = IBinder::FIRST_CALL_TRANSACTION + 8, - UNLOCK = IBinder::FIRST_CALL_TRANSACTION + 9, - IS_EMPTY = IBinder::FIRST_CALL_TRANSACTION + 10, - GENERATE = IBinder::FIRST_CALL_TRANSACTION + 11, - IMPORT = IBinder::FIRST_CALL_TRANSACTION + 12, - SIGN = IBinder::FIRST_CALL_TRANSACTION + 13, - VERIFY = IBinder::FIRST_CALL_TRANSACTION + 14, - GET_PUBKEY = IBinder::FIRST_CALL_TRANSACTION + 15, - GRANT = IBinder::FIRST_CALL_TRANSACTION + 16, - UNGRANT = IBinder::FIRST_CALL_TRANSACTION + 17, - GETMTIME = IBinder::FIRST_CALL_TRANSACTION + 18, - DUPLICATE = IBinder::FIRST_CALL_TRANSACTION + 19, - IS_HARDWARE_BACKED = IBinder::FIRST_CALL_TRANSACTION + 20, - CLEAR_UID = IBinder::FIRST_CALL_TRANSACTION + 21, - ADD_RNG_ENTROPY = IBinder::FIRST_CALL_TRANSACTION + 22, - GENERATE_KEY = IBinder::FIRST_CALL_TRANSACTION + 23, - GET_KEY_CHARACTERISTICS = IBinder::FIRST_CALL_TRANSACTION + 24, - IMPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 25, - EXPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 26, - BEGIN = IBinder::FIRST_CALL_TRANSACTION + 27, - UPDATE = IBinder::FIRST_CALL_TRANSACTION + 28, - FINISH = IBinder::FIRST_CALL_TRANSACTION + 29, - ABORT = IBinder::FIRST_CALL_TRANSACTION + 30, - IS_OPERATION_AUTHORIZED = IBinder::FIRST_CALL_TRANSACTION + 31, - ADD_AUTH_TOKEN = IBinder::FIRST_CALL_TRANSACTION + 32, - ON_USER_ADDED = IBinder::FIRST_CALL_TRANSACTION + 33, - ON_USER_REMOVED = IBinder::FIRST_CALL_TRANSACTION + 34, - ATTEST_KEY = IBinder::FIRST_CALL_TRANSACTION + 35, - ATTEST_DEVICE_IDS = IBinder::FIRST_CALL_TRANSACTION + 36, - ON_DEVICE_OFF_BODY = IBinder::FIRST_CALL_TRANSACTION + 37, - }; - - DECLARE_META_INTERFACE(KeystoreService); - - virtual ::keystore::KeyStoreServiceReturnCode getState(int32_t userId) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode get(const String16& name, int32_t uid, - ::keystore::hidl_vec<uint8_t>* item) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode insert(const String16& name, - const ::keystore::hidl_vec<uint8_t>& item, - int uid, int32_t flags) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode del(const String16& name, int uid) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode exist(const String16& name, int uid) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode list(const String16& prefix, int uid, - Vector<String16>* matches) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode reset() = 0; - - virtual ::keystore::KeyStoreServiceReturnCode - onUserPasswordChanged(int32_t userId, const String16& newPassword) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode lock(int32_t userId) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode unlock(int32_t userId, - const String16& password) = 0; - - virtual bool isEmpty(int32_t userId) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode generate(const String16& name, int32_t uid, - int32_t keyType, int32_t keySize, - int32_t flags, - Vector<sp<KeystoreArg>>* args) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode import(const String16& name, - const ::keystore::hidl_vec<uint8_t>& data, - int uid, int32_t flags) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode sign(const String16& name, - const ::keystore::hidl_vec<uint8_t>& data, - ::keystore::hidl_vec<uint8_t>* out) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode - verify(const String16& name, const ::keystore::hidl_vec<uint8_t>& data, - const ::keystore::hidl_vec<uint8_t>& signature) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode - get_pubkey(const String16& name, ::keystore::hidl_vec<uint8_t>* pubKey) = 0; - - virtual String16 grant(const String16& name, int32_t granteeUid) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode ungrant(const String16& name, - int32_t granteeUid) = 0; - - virtual int64_t getmtime(const String16& name, int32_t uid) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode - duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, int32_t destUid) = 0; - - virtual int32_t is_hardware_backed(const String16& keyType) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode clear_uid(int64_t uid) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode - addRngEntropy(const ::keystore::hidl_vec<uint8_t>& entropy) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode - generateKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params, - const ::keystore::hidl_vec<uint8_t>& entropy, int uid, int flags, - ::keystore::KeyCharacteristics* outCharacteristics) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode - getKeyCharacteristics(const String16& name, const ::keystore::hidl_vec<uint8_t>& clientId, - const ::keystore::hidl_vec<uint8_t>& appData, int32_t uid, - ::keystore::KeyCharacteristics* outCharacteristics) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode - importKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params, - ::keystore::KeyFormat format, const ::keystore::hidl_vec<uint8_t>& key, int uid, - int flags, ::keystore::KeyCharacteristics* outCharacteristics) = 0; - - virtual void exportKey(const String16& name, ::keystore::KeyFormat format, - const ::keystore::hidl_vec<uint8_t>& clientId, - const ::keystore::hidl_vec<uint8_t>& appData, int uid, - ExportResult* result) = 0; - - virtual void begin(const sp<IBinder>& apptoken, const String16& name, - ::keystore::KeyPurpose purpose, bool pruneable, - const ::keystore::hidl_vec<::keystore::KeyParameter>& params, - const ::keystore::hidl_vec<uint8_t>& entropy, int32_t uid, - OperationResult* opResult) = 0; - - virtual void update(const sp<IBinder>& token, - const ::keystore::hidl_vec<::keystore::KeyParameter>& params, - const ::keystore::hidl_vec<uint8_t>& data, OperationResult* opResult) = 0; - - virtual void finish(const sp<IBinder>& token, - const ::keystore::hidl_vec<::keystore::KeyParameter>& params, - const ::keystore::hidl_vec<uint8_t>& signature, - const ::keystore::hidl_vec<uint8_t>& entropy, - OperationResult* opResult) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode abort(const sp<IBinder>& handle) = 0; - - virtual bool isOperationAuthorized(const sp<IBinder>& handle) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode addAuthToken(const uint8_t* token, - size_t length) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode onUserAdded(int32_t userId, int32_t parentId) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode onUserRemoved(int32_t userId) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode - attestKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params, - ::keystore::hidl_vec<::keystore::hidl_vec<uint8_t>>* outChain) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode attestDeviceIds( - const ::keystore::hidl_vec<::keystore::KeyParameter>& params, - ::keystore::hidl_vec<::keystore::hidl_vec<uint8_t>>* outChain) = 0; - - virtual ::keystore::KeyStoreServiceReturnCode onDeviceOffBody() = 0; -}; - -// ---------------------------------------------------------------------------- - -class BnKeystoreService : public BnInterface<IKeystoreService> { - public: - virtual status_t onTransact(uint32_t code, const Parcel& data, Parcel* reply, - uint32_t flags = 0); -}; - -} // namespace android - -#endif diff --git a/keystore/include/keystore/KeyAttestationApplicationId.h b/keystore/include/keystore/KeyAttestationApplicationId.h index a7ce210c..5161d4b3 100644 --- a/keystore/include/keystore/KeyAttestationApplicationId.h +++ b/keystore/include/keystore/KeyAttestationApplicationId.h @@ -15,12 +15,13 @@ #ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONAPPLICATIONID_H_ #define KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONAPPLICATIONID_H_ -#include "KeyAttestationPackageInfo.h" #include "utils.h" #include <binder/Parcelable.h> #include <memory> #include <vector> +#include "KeyAttestationPackageInfo.h" + namespace android { namespace security { namespace keymaster { @@ -46,6 +47,6 @@ class KeyAttestationApplicationId : public Parcelable { } // namespace keymaster } // namespace security -} // namsepace android +} // namespace android #endif // KEYSTORE_INCLUDE_KEYSTORE_KEYATTESTATIONAPPLICATIONID_H_ diff --git a/keystore/include/keystore/KeyCharacteristics.h b/keystore/include/keystore/KeyCharacteristics.h new file mode 100644 index 00000000..c1bffb2f --- /dev/null +++ b/keystore/include/keystore/KeyCharacteristics.h @@ -0,0 +1,47 @@ +// Copyright 2017 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYCHARACTERISTICS_H_ +#define KEYSTORE_INCLUDE_KEYSTORE_KEYCHARACTERISTICS_H_ + +#include <binder/Parcelable.h> +#include <hardware/keymaster_defs.h> + +#include "KeymasterArguments.h" + +namespace android { +namespace security { +namespace keymaster { + +using hardware::keymaster::V3_0::KeyParameter; + +// Parcelable version of hardware::keymaster::V3_0::KeyCharacteristics +struct KeyCharacteristics : public ::android::Parcelable { + KeyCharacteristics(){}; + explicit KeyCharacteristics(const android::hardware::keymaster::V3_0::KeyCharacteristics& other) { + softwareEnforced = KeymasterArguments(other.softwareEnforced); + teeEnforced = KeymasterArguments(other.teeEnforced); + } + status_t readFromParcel(const Parcel* in) override; + status_t writeToParcel(Parcel* out) const override; + + KeymasterArguments softwareEnforced; + KeymasterArguments teeEnforced; +}; + +} // namespace keymaster +} // namespace security +} // namespace android + +#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYCHARACTERISTICS_H_ diff --git a/keystore/include/keystore/KeymasterArguments.h b/keystore/include/keystore/KeymasterArguments.h new file mode 100644 index 00000000..d14e270b --- /dev/null +++ b/keystore/include/keystore/KeymasterArguments.h @@ -0,0 +1,46 @@ +// Copyright 2017 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERARGUMENTS_H_ +#define KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERARGUMENTS_H_ + +#include "authorization_set.h" +#include <binder/Parcelable.h> +#include <hardware/keymaster_defs.h> + +namespace android { +namespace security { +namespace keymaster { + +using hardware::keymaster::V3_0::KeyParameter; + +// struct for serializing/deserializing a list of KeyParameter's +struct KeymasterArguments : public Parcelable { + KeymasterArguments(){}; + explicit KeymasterArguments(const hardware::hidl_vec<KeyParameter>& other); + + status_t readFromParcel(const Parcel* in) override; + status_t writeToParcel(Parcel* out) const override; + + const inline hardware::hidl_vec<KeyParameter>& getParameters() const { return data_; } + + private: + hardware::hidl_vec<KeyParameter> data_; +}; + +} // namespace keymaster +} // namespace security +} // namespace android + +#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERARGUMENTS_H_ diff --git a/keystore/include/keystore/KeymasterBlob.h b/keystore/include/keystore/KeymasterBlob.h new file mode 100644 index 00000000..47cb7ee5 --- /dev/null +++ b/keystore/include/keystore/KeymasterBlob.h @@ -0,0 +1,42 @@ +// Copyright 2017 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERBLOB_H_ +#define KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERBLOB_H_ + +#include "authorization_set.h" +#include <binder/Parcelable.h> +#include <hardware/keymaster_defs.h> + +namespace android { +namespace security { +namespace keymaster { + +// Parcelable which wraps hardware::hidl_vec<uint8_t> +struct KeymasterBlob : public ::android::Parcelable { + KeymasterBlob(){}; + explicit KeymasterBlob(hardware::hidl_vec<uint8_t> data) : data_(data) {} + status_t readFromParcel(const Parcel* in) override; + status_t writeToParcel(Parcel* out) const override; + const hardware::hidl_vec<uint8_t>& getData() const { return data_; } + + private: + hardware::hidl_vec<uint8_t> data_; +}; + +} // namespace keymaster +} // namespace security +} // namespace android + +#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERBLOB_H_ diff --git a/keystore/include/keystore/KeymasterCertificateChain.h b/keystore/include/keystore/KeymasterCertificateChain.h new file mode 100644 index 00000000..8c0a6fc9 --- /dev/null +++ b/keystore/include/keystore/KeymasterCertificateChain.h @@ -0,0 +1,44 @@ +// Copyright 2017 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERCERTIFICATECHAIN_H_ +#define KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERCERTIFICATECHAIN_H_ + +#include "authorization_set.h" +#include <binder/Parcelable.h> +#include <hardware/keymaster_defs.h> + +namespace android { +namespace security { +namespace keymaster { + +// struct for serializing keymaster_cert_chain_t's +struct KeymasterCertificateChain : public ::android::Parcelable { + KeymasterCertificateChain(){}; + explicit KeymasterCertificateChain(hardware::hidl_vec<hardware::hidl_vec<uint8_t>> other) + : chain(std::move(other)) {} + + status_t readFromParcel(const Parcel* in) override; + status_t writeToParcel(Parcel* out) const override; + + private: + // The structure is only used as output and doesn't have getter. + hardware::hidl_vec<hardware::hidl_vec<uint8_t>> chain; +}; + +} // namespace keymaster +} // namespace security +} // namespace android + +#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYMASTERCERTIFICATECHAIN_H_ diff --git a/keystore/include/keystore/KeystoreArg.h b/keystore/include/keystore/KeystoreArg.h new file mode 100644 index 00000000..31496f0d --- /dev/null +++ b/keystore/include/keystore/KeystoreArg.h @@ -0,0 +1,50 @@ +/* + * Copyright (C) 2012 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYSTOREARG_H +#define KEYSTORE_INCLUDE_KEYSTORE_KEYSTOREARG_H + +#include <vector> + +#include <binder/IInterface.h> +#include <binder/Parcel.h> +#include <keystore/keymaster_tags.h> +#include <utils/RefBase.h> + +#include "keystore.h" +#include "keystore_return_types.h" + +namespace android { +namespace security { + +// Simple pair of generic pointer and length of corresponding data structure. +class KeystoreArg : public RefBase { + public: + KeystoreArg(const void* data, size_t len) : mData(data), mSize(len) {} + ~KeystoreArg() {} + + const void* data() const { return mData; } + size_t size() const { return mSize; } + + private: + const void* mData; // provider of the data must handle memory clean-up. + size_t mSize; +}; + +} // namespace security +} // namespace android + +#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYSTOREARG_H diff --git a/keystore/include/keystore/KeystoreArguments.h b/keystore/include/keystore/KeystoreArguments.h new file mode 100644 index 00000000..44e14363 --- /dev/null +++ b/keystore/include/keystore/KeystoreArguments.h @@ -0,0 +1,40 @@ +// Copyright 2017 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef KEYSTORE_INCLUDE_KEYSTORE_KEYSTOREARGUMENTS_H_ +#define KEYSTORE_INCLUDE_KEYSTORE_KEYSTOREARGUMENTS_H_ + +#include "KeystoreArg.h" +#include <binder/Parcelable.h> +#include <hardware/keymaster_defs.h> +#include <utils/RefBase.h> + +namespace android { +namespace security { + +// Parcelable KeystoreArguments.java which simply holds byte[][]. +struct KeystoreArguments : public ::android::Parcelable, public RefBase { + status_t readFromParcel(const Parcel* in) override; + status_t writeToParcel(Parcel* out) const override; + + const Vector<sp<KeystoreArg>>& getArguments() const { return args; } + + private: + Vector<sp<KeystoreArg>> args; +}; + +} // namespace security +} // namespace android + +#endif // KEYSTORE_INCLUDE_KEYSTORE_KEYSTOREARGUMENTS_H_ diff --git a/keystore/include/keystore/OperationResult.h b/keystore/include/keystore/OperationResult.h new file mode 100644 index 00000000..e84d1e99 --- /dev/null +++ b/keystore/include/keystore/OperationResult.h @@ -0,0 +1,46 @@ +// Copyright 2017 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +#ifndef KEYSTORE_INCLUDE_KEYSTORE_OPERATIONRESULT_H_ +#define KEYSTORE_INCLUDE_KEYSTORE_OPERATIONRESULT_H_ + +#include "KeymasterArguments.h" +#include "keystore_return_types.h" +#include <binder/Parcelable.h> +#include <binder/Parcel.h> +#include <hardware/keymaster_defs.h> + +namespace android { +namespace security { +namespace keymaster { + +struct OperationResult : public ::android::Parcelable { + OperationResult(); + status_t readFromParcel(const Parcel* in) override; + status_t writeToParcel(Parcel* out) const override; + + // Native code may need to use KeyStoreNativeReturnCode + ::keystore::KeyStoreServiceReturnCode resultCode; + sp<IBinder> token; + uint64_t handle; + int inputConsumed; + ::keystore::hidl_vec<uint8_t> data; + ::keystore::hidl_vec<::keystore::KeyParameter> outParams; +}; + +} // namespace keymaster +} // namespace security +} // namespace android + +#endif // KEYSTORE_INCLUDE_KEYSTORE_OPERATIONRESULT_H_ diff --git a/keystore/include/keystore/keystore.h b/keystore/include/keystore/keystore.h index bfcf51c3..cb644987 100644 --- a/keystore/include/keystore/keystore.h +++ b/keystore/include/keystore/keystore.h @@ -26,6 +26,7 @@ enum State { STATE_UNINITIALIZED = 3, }; +// must be in sync with KeyStore.java, enum class ResponseCode: int32_t { NO_ERROR = STATE_NO_ERROR, // 1 LOCKED = STATE_LOCKED, // 2 diff --git a/keystore/include/keystore/keystore_client.h b/keystore/include/keystore/keystore_client.h index 2ba7fd49..928b2e6f 100644 --- a/keystore/include/keystore/keystore_client.h +++ b/keystore/include/keystore/keystore_client.h @@ -27,8 +27,6 @@ namespace keystore { - - // An abstract class providing a convenient interface to keystore services. This // interface is designed to: // - hide details of the IPC mechanism (e.g. binder) @@ -87,17 +85,18 @@ class KeystoreClient { // Adds |entropy| to the random number generator. Returns KM_ERROR_OK on // success and a Keystore ResponseCode or keymaster_error_t on failure. - virtual KeyStoreNativeReturnCode addRandomNumberGeneratorEntropy(const std::string& entropy) = 0; + virtual KeyStoreNativeReturnCode + addRandomNumberGeneratorEntropy(const std::string& entropy) = 0; // Generates a key according to the given |key_parameters| and stores it with // the given |key_name|. The [hardware|software]_enforced_characteristics of // the key are provided on success. Returns KM_ERROR_OK on success. Returns // KM_ERROR_OK on success and a Keystore ResponseCode or keymaster_error_t on // failure. - virtual KeyStoreNativeReturnCode generateKey(const std::string& key_name, - const keystore::AuthorizationSet& key_parameters, - keystore::AuthorizationSet* hardware_enforced_characteristics, - keystore::AuthorizationSet* software_enforced_characteristics) = 0; + virtual KeyStoreNativeReturnCode + generateKey(const std::string& key_name, const keystore::AuthorizationSet& key_parameters, + keystore::AuthorizationSet* hardware_enforced_characteristics, + keystore::AuthorizationSet* software_enforced_characteristics) = 0; // Provides the [hardware|software]_enforced_characteristics of a key // identified by |key_name|. Returns KM_ERROR_OK on success and a Keystore @@ -112,17 +111,17 @@ class KeystoreClient { // [hardware|software]_enforced_characteristics of the key are provided on // success. Returns KM_ERROR_OK on success and a Keystore ResponseCode or // keymaster_error_t on failure. - virtual KeyStoreNativeReturnCode importKey(const std::string& key_name, - const keystore::AuthorizationSet& key_parameters, - KeyFormat key_format, const std::string& key_data, - keystore::AuthorizationSet* hardware_enforced_characteristics, - keystore::AuthorizationSet* software_enforced_characteristics) = 0; + virtual KeyStoreNativeReturnCode + importKey(const std::string& key_name, const keystore::AuthorizationSet& key_parameters, + KeyFormat key_format, const std::string& key_data, + keystore::AuthorizationSet* hardware_enforced_characteristics, + keystore::AuthorizationSet* software_enforced_characteristics) = 0; // Exports the public key identified by |key_name| to |export_data| using // |export_format|. Returns KM_ERROR_OK on success and a Keystore ResponseCode // or keymaster_error_t on failure. virtual KeyStoreNativeReturnCode exportKey(KeyFormat export_format, const std::string& key_name, - std::string* export_data) = 0; + std::string* export_data) = 0; // Deletes the key identified by |key_name|. Returns KM_ERROR_OK on success // and a Keystore ResponseCode or keymaster_error_t on failure. @@ -137,32 +136,30 @@ class KeystoreClient { // |input_parameters|. On success, any |output_parameters| and an operation // |handle| are populated. Returns KM_ERROR_OK on success and a Keystore // ResponseCode or keymaster_error_t on failure. - virtual KeyStoreNativeReturnCode beginOperation(KeyPurpose purpose, const std::string& key_name, - const keystore::AuthorizationSet& input_parameters, - keystore::AuthorizationSet* output_parameters, - uint64_t* handle) = 0; + virtual KeyStoreNativeReturnCode + beginOperation(KeyPurpose purpose, const std::string& key_name, + const keystore::AuthorizationSet& input_parameters, + keystore::AuthorizationSet* output_parameters, uint64_t* handle) = 0; // Continues the operation associated with |handle| using the given // |input_parameters| and |input_data|. On success, the // |num_input_bytes_consumed| and any |output_parameters| are populated. Any // |output_data| will be appended. Returns KM_ERROR_OK on success and a // Keystore ResponseCode or keymaster_error_t on failure. - virtual KeyStoreNativeReturnCode updateOperation(uint64_t handle, - const keystore::AuthorizationSet& input_parameters, - const std::string& input_data, size_t* num_input_bytes_consumed, - keystore::AuthorizationSet* output_parameters, - std::string* output_data) = 0; + virtual KeyStoreNativeReturnCode + updateOperation(uint64_t handle, const keystore::AuthorizationSet& input_parameters, + const std::string& input_data, size_t* num_input_bytes_consumed, + keystore::AuthorizationSet* output_parameters, std::string* output_data) = 0; // Finishes the operation associated with |handle| using the given // |input_parameters| and, if necessary, a |signature_to_verify|. On success, // any |output_parameters| are populated and |output_data| is appended. // Returns KM_ERROR_OK on success and a Keystore ResponseCode or // keymaster_error_t on failure. - virtual KeyStoreNativeReturnCode finishOperation(uint64_t handle, - const keystore::AuthorizationSet& input_parameters, - const std::string& signature_to_verify, - keystore::AuthorizationSet* output_parameters, - std::string* output_data) = 0; + virtual KeyStoreNativeReturnCode + finishOperation(uint64_t handle, const keystore::AuthorizationSet& input_parameters, + const std::string& signature_to_verify, + keystore::AuthorizationSet* output_parameters, std::string* output_data) = 0; // Aborts the operation associated with |handle|. Returns KM_ERROR_OK on // success and a Keystore ResponseCode or keymaster_error_t on failure. diff --git a/keystore/include/keystore/keystore_client_impl.h b/keystore/include/keystore/keystore_client_impl.h index eb022755..a11e2fe8 100644 --- a/keystore/include/keystore/keystore_client_impl.h +++ b/keystore/include/keystore/keystore_client_impl.h @@ -17,13 +17,13 @@ #include "keystore_client.h" -#include <string> #include <map> +#include <string> #include <vector> +#include <android/security/IKeystoreService.h> #include <binder/IBinder.h> #include <binder/IServiceManager.h> -#include "IKeystoreService.h" #include <utils/StrongPointer.h> namespace keystore { @@ -44,37 +44,38 @@ class KeystoreClientImpl : public KeystoreClient { keystore::AuthorizationSet* output_parameters, std::string* output_data) override; KeyStoreNativeReturnCode addRandomNumberGeneratorEntropy(const std::string& entropy) override; - KeyStoreNativeReturnCode generateKey(const std::string& key_name, - const keystore::AuthorizationSet& key_parameters, - keystore::AuthorizationSet* hardware_enforced_characteristics, - keystore::AuthorizationSet* software_enforced_characteristics) override; + KeyStoreNativeReturnCode + generateKey(const std::string& key_name, const keystore::AuthorizationSet& key_parameters, + keystore::AuthorizationSet* hardware_enforced_characteristics, + keystore::AuthorizationSet* software_enforced_characteristics) override; KeyStoreNativeReturnCode getKeyCharacteristics(const std::string& key_name, keystore::AuthorizationSet* hardware_enforced_characteristics, keystore::AuthorizationSet* software_enforced_characteristics) override; - KeyStoreNativeReturnCode importKey(const std::string& key_name, - const keystore::AuthorizationSet& key_parameters, - KeyFormat key_format, const std::string& key_data, - keystore::AuthorizationSet* hardware_enforced_characteristics, - keystore::AuthorizationSet* software_enforced_characteristics) override; + KeyStoreNativeReturnCode + importKey(const std::string& key_name, const keystore::AuthorizationSet& key_parameters, + KeyFormat key_format, const std::string& key_data, + keystore::AuthorizationSet* hardware_enforced_characteristics, + keystore::AuthorizationSet* software_enforced_characteristics) override; KeyStoreNativeReturnCode exportKey(KeyFormat export_format, const std::string& key_name, - std::string* export_data) override; + std::string* export_data) override; KeyStoreNativeReturnCode deleteKey(const std::string& key_name) override; KeyStoreNativeReturnCode deleteAllKeys() override; KeyStoreNativeReturnCode beginOperation(KeyPurpose purpose, const std::string& key_name, - const keystore::AuthorizationSet& input_parameters, - keystore::AuthorizationSet* output_parameters, - uint64_t* handle) override; + const keystore::AuthorizationSet& input_parameters, + keystore::AuthorizationSet* output_parameters, + uint64_t* handle) override; KeyStoreNativeReturnCode updateOperation(uint64_t handle, - const keystore::AuthorizationSet& input_parameters, - const std::string& input_data, size_t* num_input_bytes_consumed, - keystore::AuthorizationSet* output_parameters, - std::string* output_data) override; + const keystore::AuthorizationSet& input_parameters, + const std::string& input_data, + size_t* num_input_bytes_consumed, + keystore::AuthorizationSet* output_parameters, + std::string* output_data) override; KeyStoreNativeReturnCode finishOperation(uint64_t handle, - const keystore::AuthorizationSet& input_parameters, - const std::string& signature_to_verify, - keystore::AuthorizationSet* output_parameters, - std::string* output_data) override; + const keystore::AuthorizationSet& input_parameters, + const std::string& signature_to_verify, + keystore::AuthorizationSet* output_parameters, + std::string* output_data) override; KeyStoreNativeReturnCode abortOperation(uint64_t handle) override; bool doesKeyExist(const std::string& key_name) override; bool listKeys(const std::string& prefix, std::vector<std::string>* key_name_list) override; @@ -85,7 +86,7 @@ class KeystoreClientImpl : public KeystoreClient { // Maps a keystore error code to a code where all success cases use // KM_ERROR_OK (not keystore's NO_ERROR). -// int32_t mapKeystoreError(int32_t keystore_error); + // int32_t mapKeystoreError(int32_t keystore_error); // Creates an encryption key suitable for EncryptWithAuthentication or // verifies attributes if the key already exists. Returns true on success. @@ -107,7 +108,7 @@ class KeystoreClientImpl : public KeystoreClient { android::sp<android::IServiceManager> service_manager_; android::sp<android::IBinder> keystore_binder_; - android::sp<android::IKeystoreService> keystore_; + android::sp<android::security::IKeystoreService> keystore_; uint64_t next_virtual_handle_ = 1; std::map<uint64_t, android::sp<android::IBinder>> active_operations_; diff --git a/keystore/include/keystore/keystore_client_mock.h b/keystore/include/keystore/keystore_client_mock.h index 2d1f4996..b16367fb 100644 --- a/keystore/include/keystore/keystore_client_mock.h +++ b/keystore/include/keystore/keystore_client_mock.h @@ -15,8 +15,8 @@ #ifndef KEYSTORE_KEYSTORE_CLIENT_MOCK_H_ #define KEYSTORE_KEYSTORE_CLIENT_MOCK_H_ -#include "gmock/gmock.h" #include "keystore/keystore_client.h" +#include "gmock/gmock.h" using testing::_; diff --git a/keystore/include/keystore/keystore_get.h b/keystore/include/keystore/keystore_get.h index 4bddd707..4c3d8384 100644 --- a/keystore/include/keystore/keystore_get.h +++ b/keystore/include/keystore/keystore_get.h @@ -30,7 +30,7 @@ extern "C" { * length. The third argument is a pointer to an array that will be malloc() * and the caller is responsible for calling free() on the buffer. */ -ssize_t keystore_get(const char *key, size_t length, uint8_t** value); +ssize_t keystore_get(const char* key, size_t length, uint8_t** value); #ifdef __cplusplus } diff --git a/keystore/include/keystore/keystore_return_types.h b/keystore/include/keystore/keystore_return_types.h index 70380c39..52d700a4 100644 --- a/keystore/include/keystore/keystore_return_types.h +++ b/keystore/include/keystore/keystore_return_types.h @@ -46,6 +46,7 @@ class KeyStoreServiceReturnCode { KeyStoreServiceReturnCode(const KeyStoreServiceReturnCode& errorCode) : errorCode_(errorCode.errorCode_) {} KeyStoreServiceReturnCode(const KeyStoreNativeReturnCode& errorCode); + explicit inline KeyStoreServiceReturnCode(const int32_t& errorCode) : errorCode_(errorCode) {} inline KeyStoreServiceReturnCode& operator=(const ErrorCode& errorCode) { errorCode_ = int32_t(errorCode); return *this; @@ -62,8 +63,9 @@ class KeyStoreServiceReturnCode { return errorCode_ == static_cast<int32_t>(ResponseCode::NO_ERROR) || errorCode_ == static_cast<int32_t>(ErrorCode::OK); } + inline operator int32_t() const { - if (!errorCode_) return static_cast<int32_t>(ResponseCode::NO_ERROR); + if (!errorCode_) return static_cast<int32_t>(ResponseCode::NO_ERROR /* 1 */); return errorCode_; } inline bool operator==(const ResponseCode& rhs) const { @@ -117,6 +119,7 @@ class KeyStoreNativeReturnCode { KeyStoreNativeReturnCode(const ResponseCode& errorCode) : errorCode_(int32_t(errorCode)) {} KeyStoreNativeReturnCode(const KeyStoreNativeReturnCode& errorCode) : errorCode_(errorCode.errorCode_) {} + explicit inline KeyStoreNativeReturnCode(const int32_t& errorCode) : errorCode_(errorCode) {} KeyStoreNativeReturnCode(const KeyStoreServiceReturnCode& errorcode); inline KeyStoreNativeReturnCode& operator=(const ErrorCode& errorCode) { errorCode_ = int32_t(errorCode); @@ -135,8 +138,8 @@ class KeyStoreNativeReturnCode { errorCode_ == static_cast<int32_t>(ErrorCode::OK); } inline operator int32_t() const { - if (errorCode_ == static_cast<int32_t>(ResponseCode::NO_ERROR)) { - return static_cast<int32_t>(ErrorCode::OK); + if (errorCode_ == static_cast<int32_t>(ResponseCode::NO_ERROR) /* 1 */) { + return static_cast<int32_t>(ErrorCode::OK) /* 0 */; } return errorCode_; } |