diff options
11 files changed, 36 insertions, 77 deletions
diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h index 76effcff31..052736b672 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h @@ -14,19 +14,17 @@ * limitations under the License. */ -#ifndef VTS_KEYMINT_AIDL_TEST_UTILS_H -#define VTS_KEYMINT_AIDL_TEST_UTILS_H - #pragma once #include <aidl/Gtest.h> #include <aidl/Vintf.h> -#include <android/hardware/security/keymint/ErrorCode.h> -#include <android/hardware/security/keymint/IKeyMintDevice.h> #include <binder/IServiceManager.h> #include <binder/ProcessState.h> #include <gtest/gtest.h> +#include <android/hardware/security/keymint/ErrorCode.h> +#include <android/hardware/security/keymint/IKeyMintDevice.h> + #include <keymint_support/authorization_set.h> namespace android::hardware::security::keymint::test { @@ -187,5 +185,3 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> { android::PrintInstanceNameToString) } // namespace android::hardware::security::keymint::test - -#endif // VTS_KEYMINT_AIDL_TEST_UTILS_H diff --git a/security/keymint/support/attestation_record.cpp b/security/keymint/support/attestation_record.cpp index afdb208221..1b074958c0 100644 --- a/security/keymint/support/attestation_record.cpp +++ b/security/keymint/support/attestation_record.cpp @@ -18,6 +18,9 @@ #include <assert.h> +#include <android/hardware/security/keymint/Tag.h> +#include <android/hardware/security/keymint/TagType.h> + #include <android-base/logging.h> #include <openssl/asn1t.h> @@ -25,9 +28,6 @@ #include <openssl/evp.h> #include <openssl/x509.h> -#include <android/hardware/security/keymint/Tag.h> -#include <android/hardware/security/keymint/TagType.h> - #include <keymint_support/authorization_set.h> #include <keymint_support/openssl_utils.h> @@ -326,9 +326,8 @@ ErrorCode parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key } ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len, - vector<uint8_t>* verified_boot_key, - keymint_verified_boot_t* verified_boot_state, bool* device_locked, - vector<uint8_t>* verified_boot_hash) { + vector<uint8_t>* verified_boot_key, VerifiedBoot* verified_boot_state, + bool* device_locked, vector<uint8_t>* verified_boot_hash) { if (!verified_boot_key || !verified_boot_state || !device_locked || !verified_boot_hash) { LOG(ERROR) << AT << "null pointer input(s)"; return ErrorCode::INVALID_ARGUMENT; @@ -358,8 +357,8 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc verified_boot_key->resize(vb_key->length); memcpy(verified_boot_key->data(), vb_key->data, vb_key->length); - *verified_boot_state = static_cast<keymint_verified_boot_t>( - ASN1_ENUMERATED_get(root_of_trust->verified_boot_state)); + *verified_boot_state = + static_cast<VerifiedBoot>(ASN1_ENUMERATED_get(root_of_trust->verified_boot_state)); if (!verified_boot_state) { LOG(ERROR) << AT << " Failed verified boot state parsing"; return ErrorCode::INVALID_ARGUMENT; diff --git a/security/keymint/support/authorization_set.cpp b/security/keymint/support/authorization_set.cpp index aa9638f256..eaacd1f536 100644 --- a/security/keymint/support/authorization_set.cpp +++ b/security/keymint/support/authorization_set.cpp @@ -76,16 +76,6 @@ void AuthorizationSet::Subtract(const AuthorizationSet& other) { } } -void AuthorizationSet::Filter(std::function<bool(const KeyParameter&)> doKeep) { - std::vector<KeyParameter> result; - for (auto& param : data_) { - if (doKeep(param)) { - result.push_back(std::move(param)); - } - } - std::swap(data_, result); -} - KeyParameter& AuthorizationSet::operator[](int at) { return data_[at]; } diff --git a/security/keymint/support/include/keymint_support/attestation_record.h b/security/keymint/support/include/keymint_support/attestation_record.h index d71624c978..0739569473 100644 --- a/security/keymint/support/include/keymint_support/attestation_record.h +++ b/security/keymint/support/include/keymint_support/attestation_record.h @@ -43,18 +43,18 @@ class AuthorizationSet; */ static const char kAttestionRecordOid[] = "1.3.6.1.4.1.11129.2.1.17"; -enum keymint_verified_boot_t { - KM_VERIFIED_BOOT_VERIFIED = 0, - KM_VERIFIED_BOOT_SELF_SIGNED = 1, - KM_VERIFIED_BOOT_UNVERIFIED = 2, - KM_VERIFIED_BOOT_FAILED = 3, +enum class VerifiedBoot : uint8_t { + VERIFIED = 0, + SELF_SIGNED = 1, + UNVERIFIED = 2, + FAILED = 3, }; struct RootOfTrust { SecurityLevel security_level; vector<uint8_t> verified_boot_key; vector<uint8_t> verified_boot_hash; - keymint_verified_boot_t verified_boot_state; + VerifiedBoot verified_boot_state; bool device_locked; }; @@ -81,7 +81,7 @@ ErrorCode parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len, std::vector<uint8_t>* verified_boot_key, - keymint_verified_boot_t* verified_boot_state, bool* device_locked, + VerifiedBoot* verified_boot_state, bool* device_locked, std::vector<uint8_t>* verified_boot_hash); } // namespace android::hardware::security::keymint diff --git a/security/keymint/support/include/keymint_support/authorization_set.h b/security/keymint/support/include/keymint_support/authorization_set.h index 97e10224d3..01c4080a32 100644 --- a/security/keymint/support/include/keymint_support/authorization_set.h +++ b/security/keymint/support/include/keymint_support/authorization_set.h @@ -14,8 +14,7 @@ * limitations under the License. */ -#ifndef SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_ -#define SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_ +#pragma once #include <vector> @@ -138,19 +137,16 @@ class AuthorizationSet { /** * Returns iterator (pointer) to beginning of elems array, to enable STL-style iteration */ - std::vector<KeyParameter>::const_iterator begin() const { return data_.begin(); } + auto begin() { return data_.begin(); } + auto begin() const { return data_.begin(); } /** * Returns iterator (pointer) one past end of elems array, to enable STL-style iteration */ - std::vector<KeyParameter>::const_iterator end() const { return data_.end(); } + auto end() { return data_.end(); } + auto end() const { return data_.end(); } /** - * Modifies this Authorization set such that it only keeps the entries for which doKeep - * returns true. - */ - void Filter(std::function<bool(const KeyParameter&)> doKeep); - /** * Returns the nth element of the set. * Like for std::vector::operator[] there is no range check performed. Use of out of range * indices is undefined. @@ -316,5 +312,3 @@ class AuthorizationSetBuilder : public AuthorizationSet { }; } // namespace android::hardware::security::keymint - -#endif // SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_ diff --git a/security/keymint/support/include/keymint_support/key_param_output.h b/security/keymint/support/include/keymint_support/key_param_output.h index 82c9689329..b109105bd7 100644 --- a/security/keymint/support/include/keymint_support/key_param_output.h +++ b/security/keymint/support/include/keymint_support/key_param_output.h @@ -14,8 +14,7 @@ * limitations under the License. */ -#ifndef HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_ -#define HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_ +#pragma once #include <iostream> #include <vector> @@ -98,5 +97,3 @@ inline ::std::ostream& operator<<(::std::ostream& os, Tag tag) { } } // namespace android::hardware::security::keymint - -#endif // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_ diff --git a/security/keymint/support/include/keymint_support/keymint_tags.h b/security/keymint/support/include/keymint_support/keymint_tags.h index f23e4f2ce2..d418fec0ab 100644 --- a/security/keymint/support/include/keymint_support/keymint_tags.h +++ b/security/keymint/support/include/keymint_support/keymint_tags.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2019 The Android Open Source Project + * Copyright (C) 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,8 +14,7 @@ * limitations under the License. */ -#ifndef HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_ -#define HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_ +#pragma once #include <android/hardware/security/keymint/Algorithm.h> #include <android/hardware/security/keymint/BlockMode.h> @@ -32,22 +31,15 @@ namespace android::hardware::security::keymint { -// The following create the numeric values that KM_TAG_PADDING and KM_TAG_DIGEST used to have. We -// need these old values to be able to support old keys that use them. -// TODO(seleneh) we should delete this code when we stop supporting keymaster1 -// and deletes it. -static const int32_t KM_TAG_DIGEST_OLD = static_cast<int32_t>(TagType::ENUM) | 5; -static const int32_t KM_TAG_PADDING_OLD = static_cast<int32_t>(TagType::ENUM) | 7; - constexpr TagType typeFromTag(Tag tag) { return static_cast<TagType>(static_cast<uint32_t>(tag) & static_cast<uint32_t>(0xf0000000)); } /** - * TypedTag is a templatized version of Tag, which provides compile-time checking of - * keymint tag types. Instances are convertible to Tag, so they can be used wherever - * Tag is expected, and because they encode the tag type it's possible to create - * function overloads that only operate on tags with a particular type. + * TypedTag is a templatized version of Tag, which provides compile-time checking of KeyMint tag + * types. Instances are convertible to Tag, so they can be used wherever Tag is expected, and + * because they encode the tag type it's possible to create function overloads that only operate on + * tags with a particular type. */ template <TagType tag_type, Tag tag> struct TypedTag { @@ -334,5 +326,3 @@ inline NullOr<const typename TypedTag2ValueType<TypedTag<tag_type, tag>>::type&> } } // namespace android::hardware::security::keymint - -#endif // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_ diff --git a/security/keymint/support/include/keymint_support/keymint_utils.h b/security/keymint/support/include/keymint_support/keymint_utils.h index fda1b6c9b2..878b7df3f7 100644 --- a/security/keymint/support/include/keymint_support/keymint_utils.h +++ b/security/keymint/support/include/keymint_support/keymint_utils.h @@ -16,9 +16,6 @@ #pragma once -#ifndef HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_ -#define HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_ - #include <android/hardware/security/keymint/HardwareAuthToken.h> namespace android::hardware::security::keymint { @@ -43,5 +40,3 @@ uint32_t getOsVersion(); uint32_t getOsPatchlevel(); } // namespace android::hardware::security::keymint - -#endif // HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_ diff --git a/security/keymint/support/include/keymint_support/openssl_utils.h b/security/keymint/support/include/keymint_support/openssl_utils.h index cb099680d4..08788106db 100644 --- a/security/keymint/support/include/keymint_support/openssl_utils.h +++ b/security/keymint/support/include/keymint_support/openssl_utils.h @@ -1,5 +1,5 @@ /* - * Copyright 2017 The Android Open Source Project + * Copyright 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,8 +14,7 @@ * limitations under the License. */ -#ifndef HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_ -#define HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_ +#pragma once #include <android/hardware/security/keymint/Digest.h> @@ -63,5 +62,3 @@ inline const EVP_MD* openssl_digest(Digest digest) { } } // namespace android::hardware::security::keymint - -#endif // HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_ diff --git a/security/keymint/support/key_param_output.cpp b/security/keymint/support/key_param_output.cpp index b699b2289e..d8e2fff13d 100644 --- a/security/keymint/support/key_param_output.cpp +++ b/security/keymint/support/key_param_output.cpp @@ -1,5 +1,5 @@ /* - * Copyright (C) 2017 The Android Open Source Project + * Copyright (C) 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. diff --git a/security/keymint/support/keymint_utils.cpp b/security/keymint/support/keymint_utils.cpp index cd4cca222a..63606f4096 100644 --- a/security/keymint/support/keymint_utils.cpp +++ b/security/keymint/support/keymint_utils.cpp @@ -1,5 +1,5 @@ /* - * Copyright (C) 2018 The Android Open Source Project + * Copyright (C) 2020 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,11 +16,12 @@ #include <regex.h> +#include <arpa/inet.h> + #include <android-base/properties.h> #include <hardware/hw_auth_token.h> -#include <keymint_support/keymint_utils.h> -#include <arpa/inet.h> +#include <keymint_support/keymint_utils.h> namespace android::hardware::security::keymint { |