Port to binder based keymaster hal
Bug: 32020919
Change-Id: If45ece76fdaf4d2c80eddc537e429633e4d42f9d
diff --git a/Keymaster.h b/Keymaster.h
index e314ee1..893a6d1 100644
--- a/Keymaster.h
+++ b/Keymaster.h
@@ -21,22 +21,21 @@
#include <string>
#include <utility>
-#include <keymaster/authorization_set.h>
+#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
+#include <keystore/authorization_set.h>
namespace android {
namespace vold {
+using ::android::hardware::keymaster::V3_0::IKeymasterDevice;
+using ::keystore::ErrorCode;
+using ::keystore::KeyPurpose;
+using ::keystore::AuthorizationSet;
-using namespace keymaster;
-
-// C++ wrappers to the Keymaster C interface.
+// C++ wrappers to the Keymaster hidl interface.
// This is tailored to the needs of KeyStorage, but could be extended to be
// a more general interface.
-// Class that wraps a keymaster1_device_t or keymaster2_device_t and provides methods
-// they have in common. Also closes the device on destruction.
-class IKeymasterDevice;
-
-// Wrapper for a keymaster_operation_handle_t representing an
+// Wrapper for a Keymaster operation handle representing an
// ongoing Keymaster operation. Aborts the operation
// in the destructor if it is unfinished. Methods log failures
// to LOG(ERROR).
@@ -45,8 +44,8 @@
~KeymasterOperation();
// Is this instance valid? This is false if creation fails, and becomes
// false on finish or if an update fails.
- explicit operator bool() { return mError == KM_ERROR_OK; }
- keymaster_error_t error() { return mError; }
+ explicit operator bool() { return mError == ErrorCode::OK; }
+ ErrorCode error() { return mError; }
// Call "update" repeatedly until all of the input is consumed, and
// concatenate the output. Return true on success.
bool updateCompletely(const std::string& input, std::string* output);
@@ -59,17 +58,19 @@
mError = std::move(rhs.mError);
}
// Construct an object in an error state for error returns
- KeymasterOperation() : KeymasterOperation(KM_ERROR_UNKNOWN_ERROR) {}
+ KeymasterOperation()
+ : mDevice{nullptr}, mOpHandle{static_cast<uint64_t>(0)},
+ mError {ErrorCode::UNKNOWN_ERROR} {}
private:
- KeymasterOperation(std::shared_ptr<IKeymasterDevice> d, keymaster_operation_handle_t h)
- : mDevice{d}, mOpHandle{h}, mError {KM_ERROR_OK} {}
- KeymasterOperation(keymaster_error_t error)
- : mDevice{nullptr}, mOpHandle{static_cast<keymaster_operation_handle_t>(0)},
+ KeymasterOperation(const sp<IKeymasterDevice>& d, uint64_t h)
+ : mDevice{d}, mOpHandle{h}, mError {ErrorCode::OK} {}
+ KeymasterOperation(ErrorCode error)
+ : mDevice{nullptr}, mOpHandle{0},
mError {error} {}
- std::shared_ptr<IKeymasterDevice> mDevice;
- keymaster_operation_handle_t mOpHandle;
- keymaster_error_t mError;
+ sp<IKeymasterDevice> mDevice;
+ uint64_t mOpHandle;
+ ErrorCode mError;
DISALLOW_COPY_AND_ASSIGN(KeymasterOperation);
friend class Keymaster;
};
@@ -80,7 +81,7 @@
public:
Keymaster();
// false if we failed to open the keymaster device.
- explicit operator bool() { return mDevice != nullptr; }
+ explicit operator bool() { return mDevice.get() != nullptr; }
// Generate a key in the keymaster from the given params.
bool generateKey(const AuthorizationSet& inParams, std::string* key);
// If the keymaster supports it, permanently delete a key.
@@ -89,27 +90,14 @@
bool upgradeKey(const std::string& oldKey, const AuthorizationSet& inParams,
std::string* newKey);
// Begin a new cryptographic operation, collecting output parameters if pointer is non-null
- KeymasterOperation begin(keymaster_purpose_t purpose, const std::string& key,
+ KeymasterOperation begin(KeyPurpose purpose, const std::string& key,
const AuthorizationSet& inParams, AuthorizationSet* outParams);
private:
- std::shared_ptr<IKeymasterDevice> mDevice;
+ sp<hardware::keymaster::V3_0::IKeymasterDevice> mDevice;
DISALLOW_COPY_AND_ASSIGN(Keymaster);
};
-template <keymaster_tag_t Tag>
-inline AuthorizationSetBuilder& addStringParam(AuthorizationSetBuilder&& params,
- TypedTag<KM_BYTES, Tag> tag,
- const std::string& val) {
- return params.Authorization(tag, val.data(), val.size());
-}
-
-template <keymaster_tag_t Tag>
-inline void addStringParam(AuthorizationSetBuilder* params, TypedTag<KM_BYTES, Tag> tag,
- const std::string& val) {
- params->Authorization(tag, val.data(), val.size());
-}
-
} // namespace vold
} // namespace android