From 8e537b80028d11ac1f3810e959636028e77b2025 Mon Sep 17 00:00:00 2001 From: Janis Danisevskis Date: Wed, 26 Oct 2016 14:27:10 +0100 Subject: [PATCH] Port to binder based keymaster hal Bug: 32020919 Change-Id: If45ece76fdaf4d2c80eddc537e429633e4d42f9d --- Android.mk | 7 +- KeyStorage.cpp | 77 ++++++------- Keymaster.cpp | 298 ++++++++++++++++++------------------------------- Keymaster.h | 58 ++++------ 4 files changed, 174 insertions(+), 266 deletions(-) diff --git a/Android.mk b/Android.mk index e5eb89d..5ddeda1 100644 --- a/Android.mk +++ b/Android.mk @@ -53,10 +53,11 @@ common_shared_libraries := \ libselinux \ libutils \ libhardware \ - libsoftkeymaster \ libbase \ - libsoftkeymasterdevice \ - libkeymaster_messages \ + libhwbinder \ + libhidlbase \ + android.hardware.keymaster@3.0 \ + libkeystore_binder common_static_libraries := \ libbootloader_message \ diff --git a/KeyStorage.cpp b/KeyStorage.cpp index e6c91f5..9cb8ca0 100644 --- a/KeyStorage.cpp +++ b/KeyStorage.cpp @@ -38,7 +38,8 @@ #include -#include +#include +#include extern "C" { @@ -47,6 +48,7 @@ extern "C" { namespace android { namespace vold { +using namespace keystore; const KeyAuthentication kEmptyAuthentication{"", ""}; @@ -100,15 +102,15 @@ static std::string hashSecdiscardable(const std::string& secdiscardable) { static bool generateKeymasterKey(Keymaster& keymaster, const KeyAuthentication& auth, const std::string& appId, std::string* key) { - auto paramBuilder = keymaster::AuthorizationSetBuilder() + auto paramBuilder = AuthorizationSetBuilder() .AesEncryptionKey(AES_KEY_BYTES * 8) - .Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_GCM) - .Authorization(keymaster::TAG_MIN_MAC_LENGTH, GCM_MAC_BYTES * 8) - .Authorization(keymaster::TAG_PADDING, KM_PAD_NONE); - addStringParam(¶mBuilder, keymaster::TAG_APPLICATION_ID, appId); + .Authorization(TAG_BLOCK_MODE, BlockMode::GCM) + .Authorization(TAG_MIN_MAC_LENGTH, GCM_MAC_BYTES * 8) + .Authorization(TAG_PADDING, PaddingMode::NONE) + .Authorization(TAG_APPLICATION_ID, blob2hidlVec(appId)); if (auth.token.empty()) { LOG(DEBUG) << "Creating key that doesn't need auth token"; - paramBuilder.Authorization(keymaster::TAG_NO_AUTH_REQUIRED); + paramBuilder.Authorization(TAG_NO_AUTH_REQUIRED); } else { LOG(DEBUG) << "Auth token required for key"; if (auth.token.size() != sizeof(hw_auth_token_t)) { @@ -117,25 +119,25 @@ static bool generateKeymasterKey(Keymaster& keymaster, const KeyAuthentication& return false; } const hw_auth_token_t* at = reinterpret_cast(auth.token.data()); - paramBuilder.Authorization(keymaster::TAG_USER_SECURE_ID, at->user_id); - paramBuilder.Authorization(keymaster::TAG_USER_AUTH_TYPE, HW_AUTH_PASSWORD); - paramBuilder.Authorization(keymaster::TAG_AUTH_TIMEOUT, AUTH_TIMEOUT); + paramBuilder.Authorization(TAG_USER_SECURE_ID, at->user_id); + paramBuilder.Authorization(TAG_USER_AUTH_TYPE, HardwareAuthenticatorType::PASSWORD); + paramBuilder.Authorization(TAG_AUTH_TIMEOUT, AUTH_TIMEOUT); } - return keymaster.generateKey(paramBuilder.build(), key); + return keymaster.generateKey(paramBuilder, key); } -static keymaster::AuthorizationSet beginParams(const KeyAuthentication& auth, +static AuthorizationSet beginParams(const KeyAuthentication& auth, const std::string& appId) { - auto paramBuilder = keymaster::AuthorizationSetBuilder() - .Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_GCM) - .Authorization(keymaster::TAG_MAC_LENGTH, GCM_MAC_BYTES * 8) - .Authorization(keymaster::TAG_PADDING, KM_PAD_NONE); - addStringParam(¶mBuilder, keymaster::TAG_APPLICATION_ID, appId); + auto paramBuilder = AuthorizationSetBuilder() + .Authorization(TAG_BLOCK_MODE, BlockMode::GCM) + .Authorization(TAG_MAC_LENGTH, GCM_MAC_BYTES * 8) + .Authorization(TAG_PADDING, PaddingMode::NONE) + .Authorization(TAG_APPLICATION_ID, blob2hidlVec(appId)); if (!auth.token.empty()) { LOG(DEBUG) << "Supplying auth token to Keymaster"; - addStringParam(¶mBuilder, keymaster::TAG_AUTH_TOKEN, auth.token); + paramBuilder.Authorization(TAG_AUTH_TOKEN, blob2hidlVec(auth.token)); } - return paramBuilder.build(); + return paramBuilder; } static bool readFileToString(const std::string& filename, std::string* result) { @@ -155,22 +157,21 @@ static bool writeStringToFile(const std::string& payload, const std::string& fil } static KeymasterOperation begin(Keymaster& keymaster, const std::string& dir, - keymaster_purpose_t purpose, - const keymaster::AuthorizationSet &keyParams, - const keymaster::AuthorizationSet &opParams, - keymaster::AuthorizationSet* outParams) { + KeyPurpose purpose, + const AuthorizationSet &keyParams, + const AuthorizationSet &opParams, + AuthorizationSet* outParams) { auto kmKeyPath = dir + "/" + kFn_keymaster_key_blob; std::string kmKey; if (!readFileToString(kmKeyPath, &kmKey)) return KeymasterOperation(); - keymaster::AuthorizationSet inParams; - inParams.push_back(keyParams); - inParams.push_back(opParams); + AuthorizationSet inParams(keyParams); + inParams.append(opParams.begin(), opParams.end()); for (;;) { auto opHandle = keymaster.begin(purpose, kmKey, inParams, outParams); if (opHandle) { return opHandle; } - if (opHandle.error() != KM_ERROR_KEY_REQUIRES_UPGRADE) return opHandle; + if (opHandle.error() != ErrorCode::KEY_REQUIRES_UPGRADE) return opHandle; LOG(DEBUG) << "Upgrading key: " << dir; std::string newKey; if (!keymaster.upgradeKey(kmKey, keyParams, &newKey)) return KeymasterOperation(); @@ -189,19 +190,19 @@ static KeymasterOperation begin(Keymaster& keymaster, const std::string& dir, } static bool encryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir, - const keymaster::AuthorizationSet &keyParams, + const AuthorizationSet &keyParams, const std::string& message, std::string* ciphertext) { - keymaster::AuthorizationSet opParams; - keymaster::AuthorizationSet outParams; - auto opHandle = begin(keymaster, dir, KM_PURPOSE_ENCRYPT, keyParams, opParams, &outParams); + AuthorizationSet opParams; + AuthorizationSet outParams; + auto opHandle = begin(keymaster, dir, KeyPurpose::ENCRYPT, keyParams, opParams, &outParams); if (!opHandle) return false; - keymaster_blob_t nonceBlob; - if (!outParams.GetTagValue(keymaster::TAG_NONCE, &nonceBlob)) { + auto nonceBlob = outParams.GetTagValue(TAG_NONCE); + if (!nonceBlob.isOk()) { LOG(ERROR) << "GCM encryption but no nonce generated"; return false; } // nonceBlob here is just a pointer into existing data, must not be freed - std::string nonce(reinterpret_cast(nonceBlob.data), nonceBlob.data_length); + std::string nonce(reinterpret_cast(&nonceBlob.value()[0]), nonceBlob.value().size()); if (!checkSize("nonce", nonce.size(), GCM_NONCE_BYTES)) return false; std::string body; if (!opHandle.updateCompletely(message, &body)) return false; @@ -214,13 +215,13 @@ static bool encryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir } static bool decryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir, - const keymaster::AuthorizationSet &keyParams, + const AuthorizationSet &keyParams, const std::string& ciphertext, std::string* message) { auto nonce = ciphertext.substr(0, GCM_NONCE_BYTES); auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES); - auto opParams = addStringParam(keymaster::AuthorizationSetBuilder(), - keymaster::TAG_NONCE, nonce).build(); - auto opHandle = begin(keymaster, dir, KM_PURPOSE_DECRYPT, keyParams, opParams, nullptr); + auto opParams = AuthorizationSetBuilder() + .Authorization(TAG_NONCE, blob2hidlVec(nonce)); + auto opHandle = begin(keymaster, dir, KeyPurpose::DECRYPT, keyParams, opParams, nullptr); if (!opHandle) return false; if (!opHandle.updateCompletely(bodyAndMac, message)) return false; if (!opHandle.finish(nullptr)) return false; diff --git a/Keymaster.cpp b/Keymaster.cpp index 722d9f2..bb99cde 100644 --- a/Keymaster.cpp +++ b/Keymaster.cpp @@ -17,135 +17,48 @@ #include "Keymaster.h" #include -#include -#include -#include -#include +#include +#include +#include + +using namespace ::keystore; namespace android { namespace vold { -class IKeymasterDevice { - public: - IKeymasterDevice() {} - virtual ~IKeymasterDevice() {} - virtual keymaster_error_t generate_key(const keymaster_key_param_set_t* params, - keymaster_key_blob_t* key_blob) const = 0; - virtual keymaster_error_t delete_key(const keymaster_key_blob_t* key) const = 0; - virtual keymaster_error_t upgrade_key(const keymaster_key_blob_t* key_to_upgrade, - const keymaster_key_param_set_t* upgrade_params, - keymaster_key_blob_t* upgraded_key) const = 0; - virtual keymaster_error_t begin(keymaster_purpose_t purpose, const keymaster_key_blob_t* key, - const keymaster_key_param_set_t* in_params, - keymaster_key_param_set_t* out_params, - keymaster_operation_handle_t* operation_handle) const = 0; - virtual keymaster_error_t update(keymaster_operation_handle_t operation_handle, - const keymaster_key_param_set_t* in_params, - const keymaster_blob_t* input, size_t* input_consumed, - keymaster_key_param_set_t* out_params, - keymaster_blob_t* output) const = 0; - virtual keymaster_error_t finish(keymaster_operation_handle_t operation_handle, - const keymaster_key_param_set_t* in_params, - const keymaster_blob_t* signature, - keymaster_key_param_set_t* out_params, - keymaster_blob_t* output) const = 0; - virtual keymaster_error_t abort(keymaster_operation_handle_t operation_handle) const = 0; - - protected: - DISALLOW_COPY_AND_ASSIGN(IKeymasterDevice); -}; - -template class KeymasterDevice : public IKeymasterDevice { - public: - explicit KeymasterDevice(T* d) : mDevice{d} {} - keymaster_error_t generate_key(const keymaster_key_param_set_t* params, - keymaster_key_blob_t* key_blob) const override final { - return mDevice->generate_key(mDevice, params, key_blob, nullptr); - } - keymaster_error_t delete_key(const keymaster_key_blob_t* key) const override final { - if (mDevice->delete_key == nullptr) return KM_ERROR_OK; - return mDevice->delete_key(mDevice, key); - } - keymaster_error_t begin(keymaster_purpose_t purpose, const keymaster_key_blob_t* key, - const keymaster_key_param_set_t* in_params, - keymaster_key_param_set_t* out_params, - keymaster_operation_handle_t* operation_handle) const override final { - return mDevice->begin(mDevice, purpose, key, in_params, out_params, operation_handle); - } - keymaster_error_t update(keymaster_operation_handle_t operation_handle, - const keymaster_key_param_set_t* in_params, - const keymaster_blob_t* input, size_t* input_consumed, - keymaster_key_param_set_t* out_params, - keymaster_blob_t* output) const override final { - return mDevice->update(mDevice, operation_handle, in_params, input, input_consumed, - out_params, output); - } - keymaster_error_t abort(keymaster_operation_handle_t operation_handle) const override final { - return mDevice->abort(mDevice, operation_handle); - } - - protected: - T* const mDevice; -}; - -class Keymaster1Device : public KeymasterDevice { - public: - explicit Keymaster1Device(keymaster1_device_t* d) : KeymasterDevice{d} {} - ~Keymaster1Device() override final { keymaster1_close(mDevice); } - keymaster_error_t upgrade_key(const keymaster_key_blob_t* key_to_upgrade, - const keymaster_key_param_set_t* upgrade_params, - keymaster_key_blob_t* upgraded_key) const override final { - return KM_ERROR_UNIMPLEMENTED; - } - keymaster_error_t finish(keymaster_operation_handle_t operation_handle, - const keymaster_key_param_set_t* in_params, - const keymaster_blob_t* signature, - keymaster_key_param_set_t* out_params, - keymaster_blob_t* output) const override final { - return mDevice->finish(mDevice, operation_handle, in_params, signature, out_params, output); - } -}; - -class Keymaster2Device : public KeymasterDevice { - public: - explicit Keymaster2Device(keymaster2_device_t* d) : KeymasterDevice{d} {} - ~Keymaster2Device() override final { keymaster2_close(mDevice); } - keymaster_error_t upgrade_key(const keymaster_key_blob_t* key_to_upgrade, - const keymaster_key_param_set_t* upgrade_params, - keymaster_key_blob_t* upgraded_key) const override final { - return mDevice->upgrade_key(mDevice, key_to_upgrade, upgrade_params, upgraded_key); - } - keymaster_error_t finish(keymaster_operation_handle_t operation_handle, - const keymaster_key_param_set_t* in_params, - const keymaster_blob_t* signature, - keymaster_key_param_set_t* out_params, - keymaster_blob_t* output) const override final { - return mDevice->finish(mDevice, operation_handle, in_params, nullptr, signature, out_params, - output); - } -}; - KeymasterOperation::~KeymasterOperation() { - if (mDevice) mDevice->abort(mOpHandle); + if (mDevice.get()) mDevice->abort(mOpHandle); } bool KeymasterOperation::updateCompletely(const std::string& input, std::string* output) { output->clear(); auto it = input.begin(); + uint32_t inputConsumed; + + ErrorCode km_error; + auto hidlCB = [&] (ErrorCode ret, uint32_t _inputConsumed, + const hidl_vec& /*ignored*/, const hidl_vec& _output) { + km_error = ret; + if (km_error != ErrorCode::OK) return; + inputConsumed = _inputConsumed; + if (output) + output->append(reinterpret_cast(&_output[0]), _output.size()); + }; + while (it != input.end()) { size_t toRead = static_cast(input.end() - it); - keymaster_blob_t inputBlob{reinterpret_cast(&*it), toRead}; - keymaster_blob_t outputBlob; - size_t inputConsumed; - auto error = - mDevice->update(mOpHandle, nullptr, &inputBlob, &inputConsumed, nullptr, &outputBlob); - if (error != KM_ERROR_OK) { - LOG(ERROR) << "update failed, code " << error; + auto inputBlob = blob2hidlVec(reinterpret_cast(&*it), toRead); + auto error = mDevice->update(mOpHandle, hidl_vec(), inputBlob, hidlCB); + if (!error.isOk()) { + LOG(ERROR) << "update failed: " << error.description(); + mDevice = nullptr; + return false; + } + if (km_error != ErrorCode::OK) { + LOG(ERROR) << "update failed, code " << uint32_t(km_error); mDevice = nullptr; return false; } - output->append(reinterpret_cast(outputBlob.data), outputBlob.data_length); - free(const_cast(outputBlob.data)); if (inputConsumed > toRead) { LOG(ERROR) << "update reported too much input consumed"; mDevice = nullptr; @@ -157,74 +70,63 @@ bool KeymasterOperation::updateCompletely(const std::string& input, std::string* } bool KeymasterOperation::finish(std::string* output) { - keymaster_blob_t outputBlob; - auto error = mDevice->finish(mOpHandle, nullptr, nullptr, nullptr, - output ? &outputBlob : nullptr); + ErrorCode km_error; + auto hidlCb = [&] (ErrorCode ret, const hidl_vec& /*ignored*/, + const hidl_vec& _output) { + km_error = ret; + if (km_error != ErrorCode::OK) return; + if (output) + output->assign(reinterpret_cast(&_output[0]), _output.size()); + }; + auto error = mDevice->finish(mOpHandle, hidl_vec(), hidl_vec(), + hidl_vec(), hidlCb); mDevice = nullptr; - if (error != KM_ERROR_OK) { - LOG(ERROR) << "finish failed, code " << error; + if (!error.isOk()) { + LOG(ERROR) << "finish failed: " << error.description(); return false; } - if (output) { - output->assign(reinterpret_cast(outputBlob.data), outputBlob.data_length); - free(const_cast(outputBlob.data)); + if (km_error != ErrorCode::OK) { + LOG(ERROR) << "finish failed, code " << uint32_t(km_error); + return false; } return true; } Keymaster::Keymaster() { - mDevice = nullptr; - const hw_module_t* module; - int ret = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &module); - if (ret != 0) { - LOG(ERROR) << "hw_get_module_by_class returned " << ret; - return; - } - LOG(DEBUG) << "module_api_version is " << module->module_api_version; - if (module->module_api_version == KEYMASTER_MODULE_API_VERSION_1_0) { - keymaster1_device_t* device; - ret = keymaster1_open(module, &device); - if (ret != 0) { - LOG(ERROR) << "keymaster1_open returned " << ret; - return; - } - mDevice = std::make_shared(device); - } else if (module->module_api_version == KEYMASTER_MODULE_API_VERSION_2_0) { - keymaster2_device_t* device; - ret = keymaster2_open(module, &device); - if (ret != 0) { - LOG(ERROR) << "keymaster2_open returned " << ret; - return; - } - auto error = ConfigureDevice(device); - if (error != KM_ERROR_OK) { - LOG(ERROR) << "ConfigureDevice returned " << error; - return; - } - mDevice = std::make_shared(device); - } else { - LOG(ERROR) << "module_api_version is " << module->module_api_version; - return; - } + mDevice = ::android::hardware::keymaster::V3_0::IKeymasterDevice::getService("keymaster"); } -bool Keymaster::generateKey(const keymaster::AuthorizationSet& inParams, std::string* key) { - keymaster_key_blob_t keyBlob; - auto error = mDevice->generate_key(&inParams, &keyBlob); - if (error != KM_ERROR_OK) { - LOG(ERROR) << "generate_key failed, code " << error; +bool Keymaster::generateKey(const AuthorizationSet& inParams, std::string* key) { + ErrorCode km_error; + auto hidlCb = [&] (ErrorCode ret, const hidl_vec& keyBlob, + const KeyCharacteristics& /*ignored*/) { + km_error = ret; + if (km_error != ErrorCode::OK) return; + if (key) + key->assign(reinterpret_cast(&keyBlob[0]), keyBlob.size()); + }; + + auto error = mDevice->generateKey(inParams.hidl_data(), hidlCb); + if (!error.isOk()) { + LOG(ERROR) << "generate_key failed: " << error.description(); + return false; + } + if (km_error != ErrorCode::OK) { + LOG(ERROR) << "generate_key failed, code " << int32_t(km_error); return false; } - key->assign(reinterpret_cast(keyBlob.key_material), keyBlob.key_material_size); - free(const_cast(keyBlob.key_material)); return true; } bool Keymaster::deleteKey(const std::string& key) { - keymaster_key_blob_t keyBlob{reinterpret_cast(key.data()), key.size()}; - auto error = mDevice->delete_key(&keyBlob); - if (error != KM_ERROR_OK) { - LOG(ERROR) << "delete_key failed, code " << error; + auto keyBlob = blob2hidlVec(key); + auto error = mDevice->deleteKey(keyBlob); + if (!error.isOk()) { + LOG(ERROR) << "delete_key failed: " << error.description(); + return false; + } + if (ErrorCode(error) != ErrorCode::OK) { + LOG(ERROR) << "delete_key failed, code " << uint32_t(ErrorCode(error)); return false; } return true; @@ -232,35 +134,51 @@ bool Keymaster::deleteKey(const std::string& key) { bool Keymaster::upgradeKey(const std::string& oldKey, const AuthorizationSet& inParams, std::string* newKey) { - keymaster_key_blob_t oldKeyBlob{reinterpret_cast(oldKey.data()), oldKey.size()}; - keymaster_key_blob_t newKeyBlob; - auto error = mDevice->upgrade_key(&oldKeyBlob, &inParams, &newKeyBlob); - if (error != KM_ERROR_OK) { - LOG(ERROR) << "upgrade_key failed, code " << error; + auto oldKeyBlob = blob2hidlVec(oldKey); + ErrorCode km_error; + auto hidlCb = [&] (ErrorCode ret, const hidl_vec& upgradedKeyBlob) { + km_error = ret; + if (km_error != ErrorCode::OK) return; + if (newKey) + newKey->assign(reinterpret_cast(&upgradedKeyBlob[0]), + upgradedKeyBlob.size()); + }; + auto error = mDevice->upgradeKey(oldKeyBlob, inParams.hidl_data(), hidlCb); + if (!error.isOk()) { + LOG(ERROR) << "upgrade_key failed: " << error.description(); + return false; + } + if (km_error != ErrorCode::OK) { + LOG(ERROR) << "upgrade_key failed, code " << int32_t(km_error); return false; } - newKey->assign(reinterpret_cast(newKeyBlob.key_material), - newKeyBlob.key_material_size); - free(const_cast(newKeyBlob.key_material)); return true; } -KeymasterOperation Keymaster::begin(keymaster_purpose_t purpose, const std::string& key, - const keymaster::AuthorizationSet& inParams, - keymaster::AuthorizationSet* outParams) { - keymaster_key_blob_t keyBlob{reinterpret_cast(key.data()), key.size()}; - keymaster_operation_handle_t mOpHandle; - keymaster_key_param_set_t outParams_set; - auto error = mDevice->begin(purpose, &keyBlob, &inParams, - outParams ? &outParams_set : nullptr, &mOpHandle); - if (error != KM_ERROR_OK) { - LOG(ERROR) << "begin failed, code " << error; - return KeymasterOperation(error); - } - if (outParams) { - outParams->Clear(); - outParams->push_back(outParams_set); - keymaster_free_param_set(&outParams_set); +KeymasterOperation Keymaster::begin(KeyPurpose purpose, const std::string& key, + const AuthorizationSet& inParams, + AuthorizationSet* outParams) { + auto keyBlob = blob2hidlVec(key); + uint64_t mOpHandle; + ErrorCode km_error; + + auto hidlCb = [&] (ErrorCode ret, const hidl_vec& _outParams, + uint64_t operationHandle) { + km_error = ret; + if (km_error != ErrorCode::OK) return; + if (outParams) + *outParams = _outParams; + mOpHandle = operationHandle; + }; + + auto error = mDevice->begin(purpose, keyBlob, inParams.hidl_data(), hidlCb); + if (!error.isOk()) { + LOG(ERROR) << "begin failed: " << error.description(); + return KeymasterOperation(ErrorCode::UNKNOWN_ERROR); + } + if (km_error != ErrorCode::OK) { + LOG(ERROR) << "begin failed, code " << uint32_t(km_error); + return KeymasterOperation(km_error); } return KeymasterOperation(mDevice, mOpHandle); } diff --git a/Keymaster.h b/Keymaster.h index e314ee1..893a6d1 100644 --- a/Keymaster.h +++ b/Keymaster.h @@ -21,22 +21,21 @@ #include #include -#include +#include +#include namespace android { namespace vold { +using ::android::hardware::keymaster::V3_0::IKeymasterDevice; +using ::keystore::ErrorCode; +using ::keystore::KeyPurpose; +using ::keystore::AuthorizationSet; -using namespace keymaster; - -// C++ wrappers to the Keymaster C interface. +// C++ wrappers to the Keymaster hidl interface. // This is tailored to the needs of KeyStorage, but could be extended to be // a more general interface. -// Class that wraps a keymaster1_device_t or keymaster2_device_t and provides methods -// they have in common. Also closes the device on destruction. -class IKeymasterDevice; - -// Wrapper for a keymaster_operation_handle_t representing an +// Wrapper for a Keymaster operation handle representing an // ongoing Keymaster operation. Aborts the operation // in the destructor if it is unfinished. Methods log failures // to LOG(ERROR). @@ -45,8 +44,8 @@ class KeymasterOperation { ~KeymasterOperation(); // Is this instance valid? This is false if creation fails, and becomes // false on finish or if an update fails. - explicit operator bool() { return mError == KM_ERROR_OK; } - keymaster_error_t error() { return mError; } + explicit operator bool() { return mError == ErrorCode::OK; } + ErrorCode error() { return mError; } // Call "update" repeatedly until all of the input is consumed, and // concatenate the output. Return true on success. bool updateCompletely(const std::string& input, std::string* output); @@ -59,17 +58,19 @@ class KeymasterOperation { mError = std::move(rhs.mError); } // Construct an object in an error state for error returns - KeymasterOperation() : KeymasterOperation(KM_ERROR_UNKNOWN_ERROR) {} + KeymasterOperation() + : mDevice{nullptr}, mOpHandle{static_cast(0)}, + mError {ErrorCode::UNKNOWN_ERROR} {} private: - KeymasterOperation(std::shared_ptr d, keymaster_operation_handle_t h) - : mDevice{d}, mOpHandle{h}, mError {KM_ERROR_OK} {} - KeymasterOperation(keymaster_error_t error) - : mDevice{nullptr}, mOpHandle{static_cast(0)}, + KeymasterOperation(const sp& d, uint64_t h) + : mDevice{d}, mOpHandle{h}, mError {ErrorCode::OK} {} + KeymasterOperation(ErrorCode error) + : mDevice{nullptr}, mOpHandle{0}, mError {error} {} - std::shared_ptr mDevice; - keymaster_operation_handle_t mOpHandle; - keymaster_error_t mError; + sp mDevice; + uint64_t mOpHandle; + ErrorCode mError; DISALLOW_COPY_AND_ASSIGN(KeymasterOperation); friend class Keymaster; }; @@ -80,7 +81,7 @@ class Keymaster { public: Keymaster(); // false if we failed to open the keymaster device. - explicit operator bool() { return mDevice != nullptr; } + explicit operator bool() { return mDevice.get() != nullptr; } // Generate a key in the keymaster from the given params. bool generateKey(const AuthorizationSet& inParams, std::string* key); // If the keymaster supports it, permanently delete a key. @@ -89,27 +90,14 @@ class Keymaster { bool upgradeKey(const std::string& oldKey, const AuthorizationSet& inParams, std::string* newKey); // Begin a new cryptographic operation, collecting output parameters if pointer is non-null - KeymasterOperation begin(keymaster_purpose_t purpose, const std::string& key, + KeymasterOperation begin(KeyPurpose purpose, const std::string& key, const AuthorizationSet& inParams, AuthorizationSet* outParams); private: - std::shared_ptr mDevice; + sp mDevice; DISALLOW_COPY_AND_ASSIGN(Keymaster); }; -template -inline AuthorizationSetBuilder& addStringParam(AuthorizationSetBuilder&& params, - TypedTag tag, - const std::string& val) { - return params.Authorization(tag, val.data(), val.size()); -} - -template -inline void addStringParam(AuthorizationSetBuilder* params, TypedTag tag, - const std::string& val) { - params->Authorization(tag, val.data(), val.size()); -} - } // namespace vold } // namespace android