Various cleanups

Mostly just removal of old-style #include guards in favor of #pragm
once, reorganization of header includes, correction of copyright
years, etc.

Test: VtsAidlKeyMintTargetTest
Change-Id: I070584ecec550a2f133b1c19f36f99e7b5544e7c

security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h

@@ -14,19 +14,17 @@
  * limitations under the License.
  */
 
-#ifndef VTS_KEYMINT_AIDL_TEST_UTILS_H
-#define VTS_KEYMINT_AIDL_TEST_UTILS_H
-
 #pragma once
 
 #include <aidl/Gtest.h>
 #include <aidl/Vintf.h>
-#include <android/hardware/security/keymint/ErrorCode.h>
-#include <android/hardware/security/keymint/IKeyMintDevice.h>
 #include <binder/IServiceManager.h>
 #include <binder/ProcessState.h>
 #include <gtest/gtest.h>
 
+#include <android/hardware/security/keymint/ErrorCode.h>
+#include <android/hardware/security/keymint/IKeyMintDevice.h>
+
 #include <keymint_support/authorization_set.h>
 
 namespace android::hardware::security::keymint::test {
@@ -187,5 +185,3 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
                              android::PrintInstanceNameToString)
 
 }  // namespace android::hardware::security::keymint::test
-
-#endif  // VTS_KEYMINT_AIDL_TEST_UTILS_H

security/keymint/support/attestation_record.cpp

@@ -18,6 +18,9 @@
 
 #include <assert.h>
 
+#include <android/hardware/security/keymint/Tag.h>
+#include <android/hardware/security/keymint/TagType.h>
+
 #include <android-base/logging.h>
 
 #include <openssl/asn1t.h>
@@ -25,9 +28,6 @@
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 
-#include <android/hardware/security/keymint/Tag.h>
-#include <android/hardware/security/keymint/TagType.h>
-
 #include <keymint_support/authorization_set.h>
 #include <keymint_support/openssl_utils.h>
 
@@ -326,9 +326,8 @@ ErrorCode parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key
 }
 
 ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
-                              vector<uint8_t>* verified_boot_key,
-                              keymint_verified_boot_t* verified_boot_state, bool* device_locked,
-                              vector<uint8_t>* verified_boot_hash) {
+                              vector<uint8_t>* verified_boot_key, VerifiedBoot* verified_boot_state,
+                              bool* device_locked, vector<uint8_t>* verified_boot_hash) {
     if (!verified_boot_key || !verified_boot_state || !device_locked || !verified_boot_hash) {
         LOG(ERROR) << AT << "null pointer input(s)";
         return ErrorCode::INVALID_ARGUMENT;
@@ -358,8 +357,8 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc
     verified_boot_key->resize(vb_key->length);
     memcpy(verified_boot_key->data(), vb_key->data, vb_key->length);
 
-    *verified_boot_state = static_cast<keymint_verified_boot_t>(
-            ASN1_ENUMERATED_get(root_of_trust->verified_boot_state));
+    *verified_boot_state =
+            static_cast<VerifiedBoot>(ASN1_ENUMERATED_get(root_of_trust->verified_boot_state));
     if (!verified_boot_state) {
         LOG(ERROR) << AT << " Failed verified boot state parsing";
         return ErrorCode::INVALID_ARGUMENT;

security/keymint/support/authorization_set.cpp

@@ -76,16 +76,6 @@ void AuthorizationSet::Subtract(const AuthorizationSet& other) {
     }
 }
 
-void AuthorizationSet::Filter(std::function<bool(const KeyParameter&)> doKeep) {
-    std::vector<KeyParameter> result;
-    for (auto& param : data_) {
-        if (doKeep(param)) {
-            result.push_back(std::move(param));
-        }
-    }
-    std::swap(data_, result);
-}
-
 KeyParameter& AuthorizationSet::operator[](int at) {
     return data_[at];
 }

security/keymint/support/include/keymint_support/attestation_record.h

@@ -43,18 +43,18 @@ class AuthorizationSet;
  */
 static const char kAttestionRecordOid[] = "1.3.6.1.4.1.11129.2.1.17";
 
-enum keymint_verified_boot_t {
-    KM_VERIFIED_BOOT_VERIFIED = 0,
-    KM_VERIFIED_BOOT_SELF_SIGNED = 1,
-    KM_VERIFIED_BOOT_UNVERIFIED = 2,
-    KM_VERIFIED_BOOT_FAILED = 3,
+enum class VerifiedBoot : uint8_t {
+    VERIFIED = 0,
+    SELF_SIGNED = 1,
+    UNVERIFIED = 2,
+    FAILED = 3,
 };
 
 struct RootOfTrust {
     SecurityLevel security_level;
     vector<uint8_t> verified_boot_key;
     vector<uint8_t> verified_boot_hash;
-    keymint_verified_boot_t verified_boot_state;
+    VerifiedBoot verified_boot_state;
     bool device_locked;
 };
 
@@ -81,7 +81,7 @@ ErrorCode parse_attestation_record(const uint8_t* asn1_key_desc, size_t asn1_key
 
 ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc_len,
                               std::vector<uint8_t>* verified_boot_key,
-                              keymint_verified_boot_t* verified_boot_state, bool* device_locked,
+                              VerifiedBoot* verified_boot_state, bool* device_locked,
                               std::vector<uint8_t>* verified_boot_hash);
 
 }  // namespace android::hardware::security::keymint

security/keymint/support/include/keymint_support/authorization_set.h

@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-#ifndef SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_
-#define SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_
+#pragma once
 
 #include <vector>
 
@@ -138,18 +137,15 @@ class AuthorizationSet {
     /**
      * Returns iterator (pointer) to beginning of elems array, to enable STL-style iteration
      */
-    std::vector<KeyParameter>::const_iterator begin() const { return data_.begin(); }
+    auto begin() { return data_.begin(); }
+    auto begin() const { return data_.begin(); }
 
     /**
      * Returns iterator (pointer) one past end of elems array, to enable STL-style iteration
      */
-    std::vector<KeyParameter>::const_iterator end() const { return data_.end(); }
+    auto end() { return data_.end(); }
+    auto end() const { return data_.end(); }
 
-    /**
-     * Modifies this Authorization set such that it only keeps the entries for which doKeep
-     * returns true.
-     */
-    void Filter(std::function<bool(const KeyParameter&)> doKeep);
     /**
      * Returns the nth element of the set.
      * Like for std::vector::operator[] there is no range check performed. Use of out of range
@@ -316,5 +312,3 @@ class AuthorizationSetBuilder : public AuthorizationSet {
 };
 
 }  // namespace android::hardware::security::keymint
-
-#endif  // SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_

security/keymint/support/include/keymint_support/key_param_output.h

@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-#ifndef HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_
-#define HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_
+#pragma once
 
 #include <iostream>
 #include <vector>
@@ -98,5 +97,3 @@ inline ::std::ostream& operator<<(::std::ostream& os, Tag tag) {
 }
 
 }  // namespace android::hardware::security::keymint
-
-#endif  // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_

security/keymint/support/include/keymint_support/keymint_tags.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2019 The Android Open Source Project
+ * Copyright (C) 2020 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-#ifndef HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_
-#define HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_
+#pragma once
 
 #include <android/hardware/security/keymint/Algorithm.h>
 #include <android/hardware/security/keymint/BlockMode.h>
@@ -32,22 +31,15 @@
 
 namespace android::hardware::security::keymint {
 
-// The following create the numeric values that KM_TAG_PADDING and KM_TAG_DIGEST used to have.  We
-// need these old values to be able to support old keys that use them.
-// TODO(seleneh) we should delete this code when we stop supporting keymaster1
-// and deletes it.
-static const int32_t KM_TAG_DIGEST_OLD = static_cast<int32_t>(TagType::ENUM) | 5;
-static const int32_t KM_TAG_PADDING_OLD = static_cast<int32_t>(TagType::ENUM) | 7;
-
 constexpr TagType typeFromTag(Tag tag) {
     return static_cast<TagType>(static_cast<uint32_t>(tag) & static_cast<uint32_t>(0xf0000000));
 }
 
 /**
- * TypedTag is a templatized version of Tag, which provides compile-time checking of
- * keymint tag types. Instances are convertible to Tag, so they can be used wherever
- * Tag is expected, and because they encode the tag type it's possible to create
- * function overloads that only operate on tags with a particular type.
+ * TypedTag is a templatized version of Tag, which provides compile-time checking of KeyMint tag
+ * types.  Instances are convertible to Tag, so they can be used wherever Tag is expected, and
+ * because they encode the tag type it's possible to create function overloads that only operate on
+ * tags with a particular type.
  */
 template <TagType tag_type, Tag tag>
 struct TypedTag {
@@ -334,5 +326,3 @@ inline NullOr<const typename TypedTag2ValueType<TypedTag<tag_type, tag>>::type&>
 }
 
 }  // namespace android::hardware::security::keymint
-
-#endif  // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_

security/keymint/support/include/keymint_support/keymint_utils.h

@@ -16,9 +16,6 @@
 
 #pragma once
 
-#ifndef HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_
-#define HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_
-
 #include <android/hardware/security/keymint/HardwareAuthToken.h>
 
 namespace android::hardware::security::keymint {
@@ -43,5 +40,3 @@ uint32_t getOsVersion();
 uint32_t getOsPatchlevel();
 
 }  // namespace android::hardware::security::keymint
-
-#endif  // HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_

security/keymint/support/include/keymint_support/openssl_utils.h

@@ -1,5 +1,5 @@
 /*
- * Copyright 2017 The Android Open Source Project
+ * Copyright 2020 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -14,8 +14,7 @@
  * limitations under the License.
  */
 
-#ifndef HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_
-#define HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_
+#pragma once
 
 #include <android/hardware/security/keymint/Digest.h>
 
@@ -63,5 +62,3 @@ inline const EVP_MD* openssl_digest(Digest digest) {
 }
 
 }  // namespace android::hardware::security::keymint
-
-#endif  // HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_

security/keymint/support/key_param_output.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017 The Android Open Source Project
+ * Copyright (C) 2020 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.

security/keymint/support/keymint_utils.cpp

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2018 The Android Open Source Project
+ * Copyright (C) 2020 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -16,11 +16,12 @@
 
 #include <regex.h>
 
+#include <arpa/inet.h>
+
 #include <android-base/properties.h>
 #include <hardware/hw_auth_token.h>
-#include <keymint_support/keymint_utils.h>
 
-#include <arpa/inet.h>
+#include <keymint_support/keymint_utils.h>
 
 namespace android::hardware::security::keymint {