Support Keymaster4
This CL changes vold from using a KM3 device directly to using the KM4
support wrapper from the KM4 support library, which supports both KM3
and KM4 devices (KM0, 1 and 2 devices are still supported as well,
because the default KM3 device is a wrapper that uses them).
In addition, I found myself getting confused about which "Keymaster"
types were locally-defined vold keymaster types and which were from
the KM4 HAL and support library, so I changd the approach to
referencing the latter, so all of them are qualified with the "km::"
namespace reference.
Test: Build & boot
Change-Id: I08ed5425641e7496f8597d5716cb3cd0cbd33a7f
diff --git a/Keymaster.h b/Keymaster.h
index aef1602..0bda8cd 100644
--- a/Keymaster.h
+++ b/Keymaster.h
@@ -24,16 +24,14 @@
#include <utility>
#include <android-base/macros.h>
-#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
-
-#include "authorization_set.h"
+#include <keymasterV4_0/Keymaster.h>
+#include <keymasterV4_0/authorization_set.h>
namespace android {
namespace vold {
-using ::android::hardware::keymaster::V3_0::IKeymasterDevice;
-using ::keystore::ErrorCode;
-using ::keystore::KeyPurpose;
-using ::keystore::AuthorizationSet;
+
+namespace km = ::android::hardware::keymaster::V4_0;
+using KmDevice = km::support::Keymaster;
// C++ wrappers to the Keymaster hidl interface.
// This is tailored to the needs of KeyStorage, but could be extended to be
@@ -48,8 +46,8 @@
~KeymasterOperation();
// Is this instance valid? This is false if creation fails, and becomes
// false on finish or if an update fails.
- explicit operator bool() { return mError == ErrorCode::OK; }
- ErrorCode errorCode() { return mError; }
+ explicit operator bool() { return mError == km::ErrorCode::OK; }
+ km::ErrorCode errorCode() { return mError; }
// Call "update" repeatedly until all of the input is consumed, and
// concatenate the output. Return true on success.
template <class TI, class TO>
@@ -63,34 +61,30 @@
// Finish and write the output to this string, unless pointer is null.
bool finish(std::string* output);
// Move constructor
- KeymasterOperation(KeymasterOperation&& rhs) {
- mDevice = std::move(rhs.mDevice);
- mOpHandle = std::move(rhs.mOpHandle);
- mError = std::move(rhs.mError);
- }
+ KeymasterOperation(KeymasterOperation&& rhs) { *this = std::move(rhs); }
// Construct an object in an error state for error returns
- KeymasterOperation() : mDevice{nullptr}, mOpHandle{0}, mError{ErrorCode::UNKNOWN_ERROR} {}
+ KeymasterOperation() : mDevice{nullptr}, mOpHandle{0}, mError{km::ErrorCode::UNKNOWN_ERROR} {}
// Move Assignment
KeymasterOperation& operator=(KeymasterOperation&& rhs) {
mDevice = std::move(rhs.mDevice);
mOpHandle = std::move(rhs.mOpHandle);
mError = std::move(rhs.mError);
- rhs.mError = ErrorCode::UNKNOWN_ERROR;
+ rhs.mError = km::ErrorCode::UNKNOWN_ERROR;
rhs.mOpHandle = 0;
return *this;
}
private:
- KeymasterOperation(const sp<IKeymasterDevice>& d, uint64_t h)
- : mDevice{d}, mOpHandle{h}, mError{ErrorCode::OK} {}
- KeymasterOperation(ErrorCode error) : mDevice{nullptr}, mOpHandle{0}, mError{error} {}
+ KeymasterOperation(KmDevice* d, uint64_t h)
+ : mDevice{d}, mOpHandle{h}, mError{km::ErrorCode::OK} {}
+ KeymasterOperation(km::ErrorCode error) : mDevice{nullptr}, mOpHandle{0}, mError{error} {}
bool updateCompletely(const char* input, size_t inputLen,
const std::function<void(const char*, size_t)> consumer);
- sp<IKeymasterDevice> mDevice;
+ KmDevice* mDevice;
uint64_t mOpHandle;
- ErrorCode mError;
+ km::ErrorCode mError;
DISALLOW_COPY_AND_ASSIGN(KeymasterOperation);
friend class Keymaster;
};
@@ -103,19 +97,21 @@
// false if we failed to open the keymaster device.
explicit operator bool() { return mDevice.get() != nullptr; }
// Generate a key in the keymaster from the given params.
- bool generateKey(const AuthorizationSet& inParams, std::string* key);
+ bool generateKey(const km::AuthorizationSet& inParams, std::string* key);
// If the keymaster supports it, permanently delete a key.
bool deleteKey(const std::string& key);
// Replace stored key blob in response to KM_ERROR_KEY_REQUIRES_UPGRADE.
- bool upgradeKey(const std::string& oldKey, const AuthorizationSet& inParams,
+ bool upgradeKey(const std::string& oldKey, const km::AuthorizationSet& inParams,
std::string* newKey);
// Begin a new cryptographic operation, collecting output parameters if pointer is non-null
- KeymasterOperation begin(KeyPurpose purpose, const std::string& key,
- const AuthorizationSet& inParams, AuthorizationSet* outParams);
+ KeymasterOperation begin(km::KeyPurpose purpose, const std::string& key,
+ const km::AuthorizationSet& inParams,
+ const km::HardwareAuthToken& authToken,
+ km::AuthorizationSet* outParams);
bool isSecure();
private:
- sp<hardware::keymaster::V3_0::IKeymasterDevice> mDevice;
+ std::unique_ptr<KmDevice> mDevice;
DISALLOW_COPY_AND_ASSIGN(Keymaster);
};