Revert "Move keymint to android.hardware.security."

Revert "Keystore 2.0 SPI: Move keymint spec to security namespace."

Revert "Keystore 2.0: Move keymint spec to security namespace."

Revert "Keystore 2.0: Move keymint spec to security namespace."

Revert "Move keymint to android.hardware.security."

Revert "Configure CF to start KeyMint service by default."

Revert "Move keymint to android.hardware.security."

Revert "Move keymint to android.hardware.security."

Revert submission 1522123-move_keymint

Reason for revert: Build breakage
Bug: 175345910
Bug: 171429297
Reverted Changes:
Ief0e9884a:Keystore 2.0: Move keymint spec to security namesp...
Idb54e8846:Keystore 2.0: Move keymint spec to security namesp...
I9f70db0e4:Remove references to keymint1
I2b4ce3349:Keystore 2.0 SPI: Move keymint spec to security na...
I2498073aa:Move keymint to android.hardware.security.
I098711e7d:Move keymint to android.hardware.security.
I3ec8d70fe:Configure CF to start KeyMint service by default.
Icbb373c50:Move keymint to android.hardware.security.
I86bccf40e:Move keymint to android.hardware.security.

Change-Id: I160cae568ed6b15698bd0af0b19c6c949528762d

compatibility_matrices/compatibility_matrix.current.xml

@@ -299,7 +299,7 @@
         </interface>
     </hal>
     <hal format="aidl" optional="true">
-        <name>android.hardware.security.keymint</name>
+        <name>android.hardware.keymint</name>
         <interface>
             <name>IKeyMintDevice</name>
             <instance>default</instance>

keymint/aidl/Android.bp

@@ -1,8 +1,8 @@
 aidl_interface {
-    name: "android.hardware.security.keymint",
+    name: "android.hardware.keymint",
     vendor_available: true,
     srcs: [
-        "android/hardware/security/keymint/*.aidl",
+        "android/hardware/keymint/*.aidl",
     ],
     stability: "vintf",
     backend: {

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Algorithm.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @Backing(type="int") @VintfStability
 enum Algorithm {
   RSA = 1,

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/BeginResult.aidl

@@ -15,10 +15,10 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @VintfStability
 parcelable BeginResult {
   long challenge;
-  android.hardware.security.keymint.KeyParameter[] params;
-  android.hardware.security.keymint.IKeyMintOperation operation;
+  android.hardware.keymint.KeyParameter[] params;
+  android.hardware.keymint.IKeyMintOperation operation;
 }

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/BlockMode.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @Backing(type="int") @VintfStability
 enum BlockMode {
   ECB = 1,

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/ByteArray.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @VintfStability
 parcelable ByteArray {
   byte[] data;

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Certificate.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @VintfStability
 parcelable Certificate {
   byte[] encodedCertificate;

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Digest.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @Backing(type="int") @VintfStability
 enum Digest {
   NONE = 0,

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/EcCurve.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @Backing(type="int") @VintfStability
 enum EcCurve {
   P_224 = 0,

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/ErrorCode.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @Backing(type="int") @VintfStability
 enum ErrorCode {
   OK = 0,

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/HardwareAuthToken.aidl

@@ -15,13 +15,13 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @VintfStability
 parcelable HardwareAuthToken {
   long challenge;
   long userId;
   long authenticatorId;
-  android.hardware.security.keymint.HardwareAuthenticatorType authenticatorType;
-  android.hardware.security.keymint.Timestamp timestamp;
+  android.hardware.keymint.HardwareAuthenticatorType authenticatorType;
+  android.hardware.keymint.Timestamp timestamp;
   byte[] mac;
 }

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/HardwareAuthenticatorType.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @Backing(type="int") @VintfStability
 enum HardwareAuthenticatorType {
   NONE = 0,

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintDevice.aidl

@@ -0,0 +1,33 @@
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
+// edit this file. It looks like you are doing that because you have modified
+// an AIDL interface in a backward-incompatible way, e.g., deleting a function
+// from an interface or a field from a parcelable and it broke the build. That
+// breakage is intended.
+//
+// You must not make a backward incompatible changes to the AIDL files built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.keymint;
+@VintfStability
+interface IKeyMintDevice {
+  android.hardware.keymint.KeyMintHardwareInfo getHardwareInfo();
+  android.hardware.keymint.VerificationToken verifyAuthorization(in long challenge, in android.hardware.keymint.HardwareAuthToken token);
+  void addRngEntropy(in byte[] data);
+  void generateKey(in android.hardware.keymint.KeyParameter[] keyParams, out android.hardware.keymint.ByteArray generatedKeyBlob, out android.hardware.keymint.KeyCharacteristics generatedKeyCharacteristics, out android.hardware.keymint.Certificate[] outCertChain);
+  void importKey(in android.hardware.keymint.KeyParameter[] inKeyParams, in android.hardware.keymint.KeyFormat inKeyFormat, in byte[] inKeyData, out android.hardware.keymint.ByteArray outImportedKeyBlob, out android.hardware.keymint.KeyCharacteristics outImportedKeyCharacteristics, out android.hardware.keymint.Certificate[] outCertChain);
+  void importWrappedKey(in byte[] inWrappedKeyData, in byte[] inWrappingKeyBlob, in byte[] inMaskingKey, in android.hardware.keymint.KeyParameter[] inUnwrappingParams, in long inPasswordSid, in long inBiometricSid, out android.hardware.keymint.ByteArray outImportedKeyBlob, out android.hardware.keymint.KeyCharacteristics outImportedKeyCharacteristics);
+  byte[] upgradeKey(in byte[] inKeyBlobToUpgrade, in android.hardware.keymint.KeyParameter[] inUpgradeParams);
+  void deleteKey(in byte[] inKeyBlob);
+  void deleteAllKeys();
+  void destroyAttestationIds();
+  android.hardware.keymint.BeginResult begin(in android.hardware.keymint.KeyPurpose inPurpose, in byte[] inKeyBlob, in android.hardware.keymint.KeyParameter[] inParams, in android.hardware.keymint.HardwareAuthToken inAuthToken);
+  const int AUTH_TOKEN_MAC_LENGTH = 32;
+}

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintOperation.aidl

@@ -0,0 +1,24 @@
+///////////////////////////////////////////////////////////////////////////////
+// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
+///////////////////////////////////////////////////////////////////////////////
+
+// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
+// edit this file. It looks like you are doing that because you have modified
+// an AIDL interface in a backward-incompatible way, e.g., deleting a function
+// from an interface or a field from a parcelable and it broke the build. That
+// breakage is intended.
+//
+// You must not make a backward incompatible changes to the AIDL files built
+// with the aidl_interface module type with versions property set. The module
+// type is used to build AIDL files in a way that they can be used across
+// independently updatable components of the system. If a device is shipped
+// with such a backward incompatible change, it has a high risk of breaking
+// later when a module using the interface is updated, e.g., Mainline modules.
+
+package android.hardware.keymint;
+@VintfStability
+interface IKeyMintOperation {
+  int update(in @nullable android.hardware.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.keymint.KeyParameterArray outParams, out @nullable android.hardware.keymint.ByteArray output);
+  byte[] finish(in @nullable android.hardware.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.keymint.HardwareAuthToken authToken, in @nullable android.hardware.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.keymint.KeyParameterArray outParams);
+  void abort();
+}

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyCharacteristics.aidl

@@ -15,9 +15,9 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @VintfStability
 parcelable KeyCharacteristics {
-  android.hardware.security.keymint.KeyParameter[] softwareEnforced;
-  android.hardware.security.keymint.KeyParameter[] hardwareEnforced;
+  android.hardware.keymint.KeyParameter[] softwareEnforced;
+  android.hardware.keymint.KeyParameter[] hardwareEnforced;
 }

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyDerivationFunction.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @Backing(type="int") @VintfStability
 enum KeyDerivationFunction {
   NONE = 0,

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyFormat.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @Backing(type="int") @VintfStability
 enum KeyFormat {
   X509 = 0,

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyMintHardwareInfo.aidl

@@ -15,11 +15,11 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @VintfStability
 parcelable KeyMintHardwareInfo {
   int versionNumber;
-  android.hardware.security.keymint.SecurityLevel securityLevel;
+  android.hardware.keymint.SecurityLevel securityLevel;
   @utf8InCpp String keyMintName;
   @utf8InCpp String keyMintAuthorName;
 }

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyOrigin.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @Backing(type="int") @VintfStability
 enum KeyOrigin {
   GENERATED = 0,

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyParameter.aidl

@@ -15,10 +15,10 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @VintfStability
 parcelable KeyParameter {
-  android.hardware.security.keymint.Tag tag;
+  android.hardware.keymint.Tag tag;
   boolean boolValue;
   int integer;
   long longInteger;

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyParameterArray.aidl

@@ -15,8 +15,8 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @VintfStability
 parcelable KeyParameterArray {
-  android.hardware.security.keymint.KeyParameter[] params;
+  android.hardware.keymint.KeyParameter[] params;
 }

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyPurpose.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @Backing(type="int") @VintfStability
 enum KeyPurpose {
   ENCRYPT = 0,

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/PaddingMode.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @Backing(type="int") @VintfStability
 enum PaddingMode {
   NONE = 1,

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/SecurityLevel.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @Backing(type="int") @VintfStability
 enum SecurityLevel {
   SOFTWARE = 0,

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Tag.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @Backing(type="int") @VintfStability
 enum Tag {
   INVALID = 0,

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/TagType.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @Backing(type="int") @VintfStability
 enum TagType {
   INVALID = 0,

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Timestamp.aidl

@@ -15,7 +15,7 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @VintfStability
 parcelable Timestamp {
   long milliSeconds;

keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/VerificationToken.aidl

@@ -15,11 +15,11 @@
 // with such a backward incompatible change, it has a high risk of breaking
 // later when a module using the interface is updated, e.g., Mainline modules.
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 @VintfStability
 parcelable VerificationToken {
   long challenge;
-  android.hardware.security.keymint.Timestamp timestamp;
-  android.hardware.security.keymint.SecurityLevel securityLevel;
+  android.hardware.keymint.Timestamp timestamp;
+  android.hardware.keymint.SecurityLevel securityLevel;
   byte[] mac;
 }

keymint/aidl/android/hardware/keymint/Algorithm.aidl

@@ -14,7 +14,8 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
+
 
 /**
  * Algorithms provided by IKeyMintDevice implementations.

keymint/aidl/android/hardware/keymint/BeginResult.aidl

@@ -14,10 +14,12 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
+
+
+import android.hardware.keymint.IKeyMintOperation;
+import android.hardware.keymint.KeyParameter;
 
-import android.hardware.security.keymint.IKeyMintOperation;
-import android.hardware.security.keymint.KeyParameter;
 
 /**
  * This is all the results returned by the IKeyMintDevice begin() function.

keymint/aidl/android/hardware/keymint/BlockMode.aidl

@@ -14,7 +14,8 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
+
 
 /**
  * Symmetric block cipher modes provided by IKeyMintDevice implementations.

keymint/aidl/android/hardware/keymint/ByteArray.aidl

@@ -14,7 +14,8 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
+
 
 /**
  * This is used to contain a byte[], to make out parameters of byte arrays

keymint/aidl/android/hardware/keymint/Certificate.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
 /**
  * This encodes the IKeyMintDevice attestation generated certificate.

keymint/aidl/android/hardware/keymint/Digest.aidl

@@ -14,7 +14,8 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
+
 
 /**
  * Digests provided by keyMint implementations.

keymint/aidl/android/hardware/keymint/EcCurve.aidl

@@ -14,7 +14,8 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
+
 
 /**
  * Supported EC curves, used in ECDSA

keymint/aidl/android/hardware/keymint/ErrorCode.aidl

@@ -14,7 +14,8 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
+
 
 /**
  * KeyMint error codes.  Aidl will return these error codes as service specific

keymint/aidl/android/hardware/keymint/HardwareAuthToken.aidl

@@ -14,10 +14,10 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
-import android.hardware.security.keymint.Timestamp;
-import android.hardware.security.keymint.HardwareAuthenticatorType;
+import android.hardware.keymint.Timestamp;
+import android.hardware.keymint.HardwareAuthenticatorType;
 
 /**
  * HardwareAuthToken is used to prove successful user authentication, to unlock the use of a key.
@@ -30,6 +30,7 @@ import android.hardware.security.keymint.HardwareAuthenticatorType;
  */
 @VintfStability
 parcelable HardwareAuthToken {
+
     /**
      * challenge is a value that's used to enable authentication tokens to authorize specific
      * events.  The primary use case for challenge is to authorize an IKeyMintDevice cryptographic

keymint/aidl/android/hardware/keymint/HardwareAuthenticatorType.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
 /**
  * Hardware authentication type, used by HardwareAuthTokens to specify the mechanism used to

keymint/aidl/android/hardware/keymint/IKeyMintDevice.aidl

@@ -14,20 +14,20 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
-import android.hardware.security.keymint.BeginResult;
-import android.hardware.security.keymint.ByteArray;
-import android.hardware.security.keymint.Certificate;
-import android.hardware.security.keymint.HardwareAuthToken;
-import android.hardware.security.keymint.IKeyMintOperation;
-import android.hardware.security.keymint.KeyCharacteristics;
-import android.hardware.security.keymint.KeyFormat;
-import android.hardware.security.keymint.KeyParameter;
-import android.hardware.security.keymint.KeyMintHardwareInfo;
-import android.hardware.security.keymint.KeyPurpose;
-import android.hardware.security.keymint.SecurityLevel;
-import android.hardware.security.keymint.VerificationToken;
+import android.hardware.keymint.BeginResult;
+import android.hardware.keymint.ByteArray;
+import android.hardware.keymint.Certificate;
+import android.hardware.keymint.HardwareAuthToken;
+import android.hardware.keymint.IKeyMintOperation;
+import android.hardware.keymint.KeyCharacteristics;
+import android.hardware.keymint.KeyFormat;
+import android.hardware.keymint.KeyParameter;
+import android.hardware.keymint.KeyMintHardwareInfo;
+import android.hardware.keymint.KeyPurpose;
+import android.hardware.keymint.SecurityLevel;
+import android.hardware.keymint.VerificationToken;
 
 /**
  * KeyMint device definition.

keymint/aidl/android/hardware/keymint/IKeyMintOperation.aidl

@@ -14,13 +14,13 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
-import android.hardware.security.keymint.ByteArray;
-import android.hardware.security.keymint.HardwareAuthToken;
-import android.hardware.security.keymint.KeyParameter;
-import android.hardware.security.keymint.KeyParameterArray;
-import android.hardware.security.keymint.VerificationToken;
+import android.hardware.keymint.ByteArray;
+import android.hardware.keymint.HardwareAuthToken;
+import android.hardware.keymint.KeyParameter;
+import android.hardware.keymint.KeyParameterArray;
+import android.hardware.keymint.VerificationToken;
 
 @VintfStability
 interface IKeyMintOperation {

keymint/aidl/android/hardware/keymint/KeyCharacteristics.aidl

@@ -14,9 +14,9 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
-import android.hardware.security.keymint.KeyParameter;
+import android.hardware.keymint.KeyParameter;
 
 /**
  * KeyCharacteristics defines the attributes of a key, including cryptographic parameters, and usage

keymint/aidl/android/hardware/keymint/KeyDerivationFunction.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
 /**
  * Key derivation functions, mostly used in ECIES.

keymint/aidl/android/hardware/keymint/KeyFormat.aidl

@@ -14,7 +14,8 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
+
 
 /**
  * Formats for key import and export.

keymint/aidl/android/hardware/keymint/KeyMintHardwareInfo.aidl

@@ -14,13 +14,15 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
+
+import android.hardware.keymint.SecurityLevel;
 
-import android.hardware.security.keymint.SecurityLevel;
 
 /**
  * KeyMintHardwareInfo is the hardware information returned by calling KeyMint getHardwareInfo()
  */
+
 @VintfStability
 parcelable KeyMintHardwareInfo {
     /**

keymint/aidl/android/hardware/keymint/KeyOrigin.aidl

@@ -14,7 +14,8 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
+
 
 /**
  * The origin of a key (or pair), i.e. where it was generated.  Note that ORIGIN can be found in

keymint/aidl/android/hardware/keymint/KeyParameter.aidl

@@ -14,19 +14,20 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
-import android.hardware.security.keymint.Algorithm;
-import android.hardware.security.keymint.BlockMode;
-import android.hardware.security.keymint.Digest;
-import android.hardware.security.keymint.EcCurve;
-import android.hardware.security.keymint.HardwareAuthenticatorType;
-import android.hardware.security.keymint.KeyDerivationFunction;
-import android.hardware.security.keymint.KeyOrigin;
-import android.hardware.security.keymint.KeyPurpose;
-import android.hardware.security.keymint.PaddingMode;
-import android.hardware.security.keymint.SecurityLevel;
-import android.hardware.security.keymint.Tag;
+
+import android.hardware.keymint.Algorithm;
+import android.hardware.keymint.BlockMode;
+import android.hardware.keymint.Digest;
+import android.hardware.keymint.EcCurve;
+import android.hardware.keymint.HardwareAuthenticatorType;
+import android.hardware.keymint.KeyDerivationFunction;
+import android.hardware.keymint.KeyOrigin;
+import android.hardware.keymint.KeyPurpose;
+import android.hardware.keymint.PaddingMode;
+import android.hardware.keymint.SecurityLevel;
+import android.hardware.keymint.Tag;
 
 
 /**

keymint/aidl/android/hardware/keymint/KeyParameterArray.aidl

@@ -14,9 +14,9 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
-import android.hardware.security.keymint.KeyParameter;
+import android.hardware.keymint.KeyParameter;
 
 /**
  * Identifies the key authorization parameters to be used with keyMint.  This is usually

keymint/aidl/android/hardware/keymint/KeyPurpose.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
 
 /**

keymint/aidl/android/hardware/keymint/PaddingMode.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
 /**
  * TODO(seleneh) update the description.

keymint/aidl/android/hardware/keymint/SecurityLevel.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
 /**
  * Device security levels.

keymint/aidl/android/hardware/keymint/Tag.aidl

@@ -14,9 +14,9 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
-import android.hardware.security.keymint.TagType;
+import android.hardware.keymint.TagType;
 
 // TODO(seleneh) : note aidl currently does not support double nested enum definitions such as
 // ROOT_OF_TRUST = TagType:BYTES | 704.  So we are forced to write definations as

keymint/aidl/android/hardware/keymint/TagType.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
 /**
  * TagType classifies Tags in Tag.aidl into various groups of data.

keymint/aidl/android/hardware/keymint/Timestamp.aidl

@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
 /**
  * Time in milliseconds since some arbitrary point in time.  Time must be monotonically increasing,

keymint/aidl/android/hardware/keymint/VerificationToken.aidl

@@ -14,10 +14,10 @@
  * limitations under the License.
  */
 
-package android.hardware.security.keymint;
+package android.hardware.keymint;
 
-import android.hardware.security.keymint.SecurityLevel;
-import android.hardware.security.keymint.Timestamp;
+import android.hardware.keymint.SecurityLevel;
+import android.hardware.keymint.Timestamp;
 
 /**
  * VerificationToken instances are used for secure environments to authenticate one another.
@@ -48,7 +48,7 @@ parcelable VerificationToken {
      * 32-byte HMAC-SHA256 of the above values, computed as:
      *
      *    HMAC(H,
-     *         "Auth Verification" || challenge || timestamp || securityLevel)
+     *         "Auth Verification" || challenge || timestamp || securityLevel || parametersVerified)
      *
      * where:
      *
@@ -58,6 +58,11 @@ parcelable VerificationToken {
      *
      * The representation of challenge and timestamp is as 64-bit unsigned integers in big-endian
      * order.  securityLevel is represented as a 32-bit unsigned integer in big-endian order.
+     *
+     * If parametersVerified is non-empty, the representation of parametersVerified is an ASN.1 DER
+     * encoded representation of the values.  The ASN.1 schema used is the AuthorizationList schema
+     * from the Keystore attestation documentation.  If parametersVerified is empty, it is simply
+     * omitted from the HMAC computation.
      */
     byte[] mac;
 }

keymint/aidl/default/Android.bp

@@ -1,22 +1,22 @@
 cc_binary {
-    name: "android.hardware.security.keymint-service",
+    name: "android.hardware.keymint@1.0-service",
     relative_install_path: "hw",
-    init_rc: ["android.hardware.security.keymint-service.rc"],
-    vintf_fragments: ["android.hardware.security.keymint-service.xml"],
+    init_rc: ["android.hardware.keymint@1.0-service.rc"],
+    vintf_fragments: ["android.hardware.keymint@1.0-service.xml"],
     vendor: true,
     cflags: [
         "-Wall",
         "-Wextra",
     ],
     shared_libs: [
-        "android.hardware.security.keymint-ndk_platform",
+        "android.hardware.keymint-ndk_platform",
         "libbase",
         "libbinder_ndk",
         "libcppbor",
         "libcrypto",
-        "libkeymaster_portable",
-        "libkeymint",
         "liblog",
+        "libkeymaster_portable",
+        "libkeymint1",
         "libpuresoftkeymasterdevice",
         "libutils",
     ],

keymint/aidl/default/android.hardware.keymint@1.0-service.rc

@@ -0,0 +1,3 @@
+service vendor.keymint-default /vendor/bin/hw/android.hardware.keymint@1.0-service
+    class early_hal
+    user nobody

keymint/aidl/default/android.hardware.keymint@1.0-service.xml

@@ -1,6 +1,6 @@
 <manifest version="1.0" type="device">
     <hal format="aidl">
-        <name>android.hardware.security.keymint</name>
+        <name>android.hardware.keymint</name>
         <fqname>IKeyMintDevice/default</fqname>
     </hal>
 </manifest>

keymint/aidl/default/service.cpp

@@ -14,30 +14,30 @@
  * limitations under the License.
  */
 
-#define LOG_TAG "android.hardware.security.keymint-service"
+#define LOG_TAG "android.hardware.keymint1-service"
 
 #include <android-base/logging.h>
 #include <android/binder_manager.h>
 #include <android/binder_process.h>
 
-#include <AndroidKeyMintDevice.h>
+#include <AndroidKeyMint1Device.h>
 #include <keymaster/soft_keymaster_logger.h>
 
-using aidl::android::hardware::security::keymint::AndroidKeyMintDevice;
-using aidl::android::hardware::security::keymint::SecurityLevel;
+using aidl::android::hardware::keymint::SecurityLevel;
+using aidl::android::hardware::keymint::V1_0::AndroidKeyMint1Device;
 
 int main() {
     // Zero threads seems like a useless pool, but below we'll join this thread to it, increasing
     // the pool size to 1.
     ABinderProcess_setThreadPoolMaxThreadCount(0);
-    std::shared_ptr<AndroidKeyMintDevice> keyMint =
-            ndk::SharedRefBase::make<AndroidKeyMintDevice>(SecurityLevel::SOFTWARE);
+    std::shared_ptr<AndroidKeyMint1Device> km5 =
+            ndk::SharedRefBase::make<AndroidKeyMint1Device>(SecurityLevel::SOFTWARE);
 
     keymaster::SoftKeymasterLogger logger;
-    const auto instanceName = std::string(AndroidKeyMintDevice::descriptor) + "/default";
+    const auto instanceName = std::string(AndroidKeyMint1Device::descriptor) + "/default";
     LOG(INFO) << "instance: " << instanceName;
     binder_status_t status =
-            AServiceManager_addService(keyMint->asBinder().get(), instanceName.c_str());
+            AServiceManager_addService(km5->asBinder().get(), instanceName.c_str());
     CHECK(status == STATUS_OK);
 
     ABinderProcess_joinThreadPool();

keymint/aidl/vts/functional/Android.bp

@@ -15,25 +15,25 @@
 //
 
 cc_test {
-    name: "VtsAidlKeyMintTargetTest",
+    name: "VtsAidlKeyMintV1_0TargetTest",
     defaults: [
         "VtsHalTargetTestDefaults",
         "use_libaidlvintf_gtest_helper_static",
     ],
     srcs: [
-        "KeyMintTest.cpp",
+        "keyMint1Test.cpp",
         "VerificationTokenTest.cpp",
     ],
     shared_libs: [
         "libbinder",
         "libcrypto",
-        "libkeymint",
-        "libkeymint_support",
+        "libkeymint1",
+        "libkeymintSupport",
     ],
     static_libs: [
-        "android.hardware.security.keymint-cpp",
-        "libcppbor_external",
-        "libkeymint_vts_test_utils",
+        "android.hardware.keymint-cpp",
+        "libcppbor",
+        "libkeyMint1VtsTestUtil",
     ],
     test_suites: [
         "general-tests",
@@ -42,7 +42,7 @@ cc_test {
 }
 
 cc_test_library {
-    name: "libkeymint_vts_test_utils",
+    name: "libkeyMint1VtsTestUtil",
     defaults: [
         "VtsHalTargetTestDefaults",
         "use_libaidlvintf_gtest_helper_static",
@@ -56,11 +56,11 @@ cc_test_library {
     shared_libs: [
         "libbinder",
         "libcrypto",
-        "libkeymint",
-        "libkeymint_support",
+        "libkeymint1",
+        "libkeymintSupport",
     ],
     static_libs: [
-        "android.hardware.security.keymint-cpp",
+        "android.hardware.keymint-cpp",
         "libcppbor",
     ],
 }

keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp

@@ -21,10 +21,12 @@
 
 #include <android-base/logging.h>
 
-#include <keymint_support/key_param_output.h>
-#include <keymint_support/keymint_utils.h>
+#include <keymintSupport/key_param_output.h>
+#include <keymintSupport/keymint_utils.h>
 
-namespace android::hardware::security::keymint {
+namespace android {
+namespace hardware {
+namespace keymint {
 
 using namespace std::literals::chrono_literals;
 using std::endl;
@@ -749,5 +751,6 @@ vector<Digest> KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) {
 }
 
 }  // namespace test
-
-}  // namespace android::hardware::security::keymint
+}  // namespace keymint
+}  // namespace hardware
+}  // namespace android

keymint/aidl/vts/functional/KeyMintAidlTestBase.h

@@ -21,15 +21,18 @@
 
 #include <aidl/Gtest.h>
 #include <aidl/Vintf.h>
-#include <android/hardware/security/keymint/ErrorCode.h>
-#include <android/hardware/security/keymint/IKeyMintDevice.h>
+#include <android/hardware/keymint/ErrorCode.h>
+#include <android/hardware/keymint/IKeyMintDevice.h>
 #include <binder/IServiceManager.h>
 #include <binder/ProcessState.h>
 #include <gtest/gtest.h>
 
-#include <keymint_support/authorization_set.h>
+#include <keymintSupport/authorization_set.h>
 
-namespace android::hardware::security::keymint::test {
+namespace android {
+namespace hardware {
+namespace keymint {
+namespace test {
 
 using ::android::sp;
 using binder::Status;
@@ -186,6 +189,9 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam<string> {
                              testing::ValuesIn(KeyMintAidlTestBase::build_params()), \
                              android::PrintInstanceNameToString)
 
-}  // namespace android::hardware::security::keymint::test
+}  // namespace test
+}  // namespace keymint
+}  // namespace hardware
+}  // namespace android
 
 #endif  // VTS_KEYMINT_AIDL_TEST_UTILS_H

keymint/aidl/vts/functional/VerificationTokenTest.cpp

@@ -16,7 +16,10 @@
 
 #include "KeyMintAidlTestBase.h"
 
-namespace android::hardware::security::keymint::test {
+namespace android {
+namespace hardware {
+namespace keymint {
+namespace test {
 
 class VerificationTokenTest : public KeyMintAidlTestBase {
   protected:
@@ -165,4 +168,7 @@ TEST_P(VerificationTokenTest, MacChangesOnChangingTimestamp) {
 
 INSTANTIATE_KEYMINT_AIDL_TEST(VerificationTokenTest);
 
-}  // namespace android::hardware::security::keymint::test
+}  // namespace test
+}  // namespace keymint
+}  // namespace hardware
+}  // namespace android

keymint/aidl/vts/functional/keyMint1Test.cpp

@@ -26,32 +26,36 @@
 
 #include <cutils/properties.h>
 
-#include <android/hardware/security/keymint/KeyFormat.h>
+#include <android/hardware/keymint/KeyFormat.h>
 
-#include <keymint_support/attestation_record.h>
-#include <keymint_support/key_param_output.h>
-#include <keymint_support/openssl_utils.h>
+#include <keymintSupport/attestation_record.h>
+#include <keymintSupport/key_param_output.h>
+#include <keymintSupport/openssl_utils.h>
 
 #include "KeyMintAidlTestBase.h"
 
 static bool arm_deleteAllKeys = false;
 static bool dump_Attestations = false;
 
-using android::hardware::security::keymint::AuthorizationSet;
-using android::hardware::security::keymint::KeyCharacteristics;
-using android::hardware::security::keymint::KeyFormat;
+using android::hardware::keymint::AuthorizationSet;
+using android::hardware::keymint::KeyCharacteristics;
+using android::hardware::keymint::KeyFormat;
 
-namespace android::hardware::security::keymint {
+namespace android {
+namespace hardware {
+
+namespace keymint {
 
 bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) {
     return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin());
 }
-
-}  // namespace android::hardware::security::keymint
+}  // namespace keymint
+}  // namespace hardware
+}  // namespace android
 
 namespace std {
 
-using namespace android::hardware::security::keymint;
+using namespace android::hardware::keymint;
 
 template <>
 struct std::equal_to<KeyCharacteristics> {
@@ -73,8 +77,10 @@ struct std::equal_to<KeyCharacteristics> {
 
 }  // namespace std
 
-namespace android::hardware::security::keymint::test {
-
+namespace android {
+namespace hardware {
+namespace keymint {
+namespace test {
 namespace {
 
 template <TagType tag_type, Tag tag, typename ValueT>
@@ -4040,7 +4046,10 @@ TEST_P(TransportLimitTest, LargeFinishInput) {
 
 INSTANTIATE_KEYMINT_AIDL_TEST(TransportLimitTest);
 
-}  // namespace android::hardware::security::keymint::test
+}  // namespace test
+}  // namespace keymint
+}  // namespace hardware
+}  // namespace android
 
 int main(int argc, char** argv) {
     ::testing::InitGoogleTest(&argc, argv);
@@ -4054,5 +4063,7 @@ int main(int argc, char** argv) {
             }
         }
     }
-    return RUN_ALL_TESTS();
+    int status = RUN_ALL_TESTS();
+    ALOGI("Test result = %d", status);
+    return status;
 }

keymint/support/Android.bp

@@ -15,7 +15,7 @@
 //
 
 cc_library {
-    name: "libkeymint_support",
+    name: "libkeymintSupport",
     cflags: [
         "-Wall",
         "-Wextra",
@@ -31,7 +31,7 @@ cc_library {
         "include",
     ],
     shared_libs: [
-        "android.hardware.security.keymint-cpp",
+        "android.hardware.keymint-cpp",
         "libbase",
         "libcrypto",
         "libutils",

keymint/support/attestation_record.cpp

@@ -14,26 +14,27 @@
  * limitations under the License.
  */
 
-#include <keymint_support/attestation_record.h>
+#include <keymintSupport/attestation_record.h>
 
-#include <assert.h>
+#include <android/hardware/keymint/Tag.h>
+#include <android/hardware/keymint/TagType.h>
 
 #include <android-base/logging.h>
+#include <assert.h>
 
 #include <openssl/asn1t.h>
 #include <openssl/bn.h>
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 
-#include <android/hardware/security/keymint/Tag.h>
-#include <android/hardware/security/keymint/TagType.h>
-
-#include <keymint_support/authorization_set.h>
-#include <keymint_support/openssl_utils.h>
+#include <keymintSupport/authorization_set.h>
+#include <keymintSupport/openssl_utils.h>
 
 #define AT __FILE__ ":" << __LINE__
 
-namespace android::hardware::security::keymint {
+namespace android {
+namespace hardware {
+namespace keymint {
 
 struct stack_st_ASN1_TYPE_Delete {
     void operator()(stack_st_ASN1_TYPE* p) { sk_ASN1_TYPE_free(p); }
@@ -381,4 +382,6 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc
     return ErrorCode::OK;  // KM_ERROR_OK;
 }
 
-}  // namespace android::hardware::security::keymint
+}  // namespace keymint
+}  // namespace hardware
+}  // namespace android

keymint/support/authorization_set.cpp

@@ -14,21 +14,23 @@
  * limitations under the License.
  */
 
-#include <keymint_support/authorization_set.h>
+#include <keymintSupport/authorization_set.h>
 
 #include <assert.h>
-#include <sstream>
 
 #include <android-base/logging.h>
+#include <sstream>
 
-#include <android/hardware/security/keymint/Algorithm.h>
-#include <android/hardware/security/keymint/BlockMode.h>
-#include <android/hardware/security/keymint/Digest.h>
-#include <android/hardware/security/keymint/KeyParameter.h>
-#include <android/hardware/security/keymint/KeyPurpose.h>
-#include <android/hardware/security/keymint/TagType.h>
+#include <android/hardware/keymint/Algorithm.h>
+#include <android/hardware/keymint/BlockMode.h>
+#include <android/hardware/keymint/Digest.h>
+#include <android/hardware/keymint/KeyParameter.h>
+#include <android/hardware/keymint/KeyPurpose.h>
+#include <android/hardware/keymint/TagType.h>
 
-namespace android::hardware::security::keymint {
+namespace android {
+namespace hardware {
+namespace keymint {
 
 void AuthorizationSet::Sort() {
     std::sort(data_.begin(), data_.end());
@@ -218,11 +220,10 @@ struct choose_serializer<> {
 };
 
 template <TagType tag_type, Tag tag, typename... Tail>
-struct choose_serializer<android::hardware::security::keymint::TypedTag<tag_type, tag>, Tail...> {
+struct choose_serializer<android::hardware::keymint::TypedTag<tag_type, tag>, Tail...> {
     static OutStreams& serialize(OutStreams& out, const KeyParameter& param) {
         if (param.tag == tag) {
-            return android::hardware::security::keymint::serialize(TypedTag<tag_type, tag>(), out,
-                                                                   param);
+            return android::hardware::keymint::serialize(TypedTag<tag_type, tag>(), out, param);
         } else {
             return choose_serializer<Tail...>::serialize(out, param);
         }
@@ -328,8 +329,7 @@ template <TagType tag_type, Tag tag, typename... Tail>
 struct choose_deserializer<TypedTag<tag_type, tag>, Tail...> {
     static InStreams& deserialize(InStreams& in, KeyParameter* param) {
         if (param->tag == tag) {
-            return android::hardware::security::keymint::deserialize(TypedTag<tag_type, tag>(), in,
-                                                                     param);
+            return android::hardware::keymint::deserialize(TypedTag<tag_type, tag>(), in, param);
         } else {
             return choose_deserializer<Tail...>::deserialize(in, param);
         }
@@ -501,14 +501,15 @@ AuthorizationSetBuilder& AuthorizationSetBuilder::GcmModeMacLen(uint32_t macLeng
 }
 
 AuthorizationSetBuilder& AuthorizationSetBuilder::BlockMode(
-        std::initializer_list<android::hardware::security::keymint::BlockMode> blockModes) {
+        std::initializer_list<android::hardware::keymint::BlockMode> blockModes) {
     for (auto mode : blockModes) {
         push_back(TAG_BLOCK_MODE, mode);
     }
     return *this;
 }
 
-AuthorizationSetBuilder& AuthorizationSetBuilder::Digest(std::vector<keymint::Digest> digests) {
+AuthorizationSetBuilder& AuthorizationSetBuilder::Digest(
+        std::vector<android::hardware::keymint::Digest> digests) {
     for (auto digest : digests) {
         push_back(TAG_DIGEST, digest);
     }
@@ -523,4 +524,6 @@ AuthorizationSetBuilder& AuthorizationSetBuilder::Padding(
     return *this;
 }
 
-}  // namespace android::hardware::security::keymint
+}  // namespace keymint
+}  // namespace hardware
+}  // namespace android

keymint/support/include/keymintSupport/attestation_record.h

@@ -16,14 +16,20 @@
 
 #pragma once
 
-#include <android/hardware/security/keymint/ErrorCode.h>
-#include <android/hardware/security/keymint/IKeyMintDevice.h>
+#include <android/hardware/keymint/ErrorCode.h>
+#include <android/hardware/keymint/IKeyMintDevice.h>
 
-#include <keymint_support/attestation_record.h>
-#include <keymint_support/authorization_set.h>
-#include <keymint_support/openssl_utils.h>
+#include <keymintSupport/attestation_record.h>
+#include <keymintSupport/authorization_set.h>
+#include <keymintSupport/openssl_utils.h>
 
-namespace android::hardware::security::keymint {
+namespace android {
+namespace hardware {
+namespace keymint {
+
+using android::hardware::keymint::KeyParameter;
+using android::hardware::keymint::Tag;
+using android::hardware::keymint::TAG_ALGORITHM;
 
 class AuthorizationSet;
 
@@ -84,4 +90,6 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc
                               keymint_verified_boot_t* verified_boot_state, bool* device_locked,
                               std::vector<uint8_t>* verified_boot_hash);
 
-}  // namespace android::hardware::security::keymint
+}  // namespace keymint
+}  // namespace hardware
+}  // namespace android

keymint/support/include/keymintSupport/authorization_set.h

@@ -19,14 +19,21 @@
 
 #include <vector>
 
-#include <android/hardware/security/keymint/BlockMode.h>
-#include <android/hardware/security/keymint/Digest.h>
-#include <android/hardware/security/keymint/EcCurve.h>
-#include <android/hardware/security/keymint/PaddingMode.h>
+#include <android/hardware/keymint/BlockMode.h>
+#include <android/hardware/keymint/Digest.h>
+#include <android/hardware/keymint/EcCurve.h>
+#include <android/hardware/keymint/PaddingMode.h>
 
-#include <keymint_support/keymint_tags.h>
+#include <keymintSupport/keymint_tags.h>
 
-namespace android::hardware::security::keymint {
+namespace android {
+namespace hardware {
+namespace keymint {
+
+using android::hardware::keymint::BlockMode;
+using android::hardware::keymint::Digest;
+using android::hardware::keymint::EcCurve;
+using android::hardware::keymint::PaddingMode;
 
 using std::vector;
 
@@ -315,6 +322,8 @@ class AuthorizationSetBuilder : public AuthorizationSet {
     }
 };
 
-}  // namespace android::hardware::security::keymint
+}  // namespace keymint
+}  // namespace hardware
+}  // namespace android
 
 #endif  // SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_

keymint/support/include/keymintSupport/key_param_output.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2020 The Android Open Source Project
+ * Copyright (C) 2017 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
@@ -20,24 +20,28 @@
 #include <iostream>
 #include <vector>
 
-#include <android/hardware/security/keymint/Algorithm.h>
-#include <android/hardware/security/keymint/BlockMode.h>
-#include <android/hardware/security/keymint/Digest.h>
-#include <android/hardware/security/keymint/EcCurve.h>
-#include <android/hardware/security/keymint/ErrorCode.h>
-#include <android/hardware/security/keymint/HardwareAuthenticatorType.h>
-#include <android/hardware/security/keymint/KeyCharacteristics.h>
-#include <android/hardware/security/keymint/KeyOrigin.h>
-#include <android/hardware/security/keymint/KeyParameter.h>
-#include <android/hardware/security/keymint/KeyPurpose.h>
-#include <android/hardware/security/keymint/PaddingMode.h>
-#include <android/hardware/security/keymint/SecurityLevel.h>
-#include <android/hardware/security/keymint/Tag.h>
-#include <android/hardware/security/keymint/TagType.h>
-
 #include "keymint_tags.h"
 
-namespace android::hardware::security::keymint {
+#include <android/hardware/keymint/Algorithm.h>
+#include <android/hardware/keymint/BlockMode.h>
+#include <android/hardware/keymint/Digest.h>
+#include <android/hardware/keymint/EcCurve.h>
+#include <android/hardware/keymint/ErrorCode.h>
+#include <android/hardware/keymint/HardwareAuthenticatorType.h>
+#include <android/hardware/keymint/KeyCharacteristics.h>
+#include <android/hardware/keymint/KeyOrigin.h>
+#include <android/hardware/keymint/KeyParameter.h>
+#include <android/hardware/keymint/KeyPurpose.h>
+#include <android/hardware/keymint/PaddingMode.h>
+#include <android/hardware/keymint/SecurityLevel.h>
+#include <android/hardware/keymint/Tag.h>
+#include <android/hardware/keymint/TagType.h>
+
+namespace android {
+namespace hardware {
+namespace keymint {
+
+using namespace ::android::hardware::keymint;
 
 inline ::std::ostream& operator<<(::std::ostream& os, Algorithm value) {
     return os << toString(value);
@@ -97,6 +101,8 @@ inline ::std::ostream& operator<<(::std::ostream& os, Tag tag) {
     return os << toString(tag);
 }
 
-}  // namespace android::hardware::security::keymint
+}  // namespace keymint
+}  // namespace hardware
+}  // namespace android
 
 #endif  // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_

keymint/support/include/keymintSupport/keymint_tags.h

@@ -17,20 +17,24 @@
 #ifndef HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_
 #define HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_
 
-#include <android/hardware/security/keymint/Algorithm.h>
-#include <android/hardware/security/keymint/BlockMode.h>
-#include <android/hardware/security/keymint/Digest.h>
-#include <android/hardware/security/keymint/EcCurve.h>
-#include <android/hardware/security/keymint/HardwareAuthenticatorType.h>
-#include <android/hardware/security/keymint/KeyOrigin.h>
-#include <android/hardware/security/keymint/KeyParameter.h>
-#include <android/hardware/security/keymint/KeyPurpose.h>
-#include <android/hardware/security/keymint/PaddingMode.h>
-#include <android/hardware/security/keymint/SecurityLevel.h>
-#include <android/hardware/security/keymint/Tag.h>
-#include <android/hardware/security/keymint/TagType.h>
+#include <android/hardware/keymint/Algorithm.h>
+#include <android/hardware/keymint/BlockMode.h>
+#include <android/hardware/keymint/Digest.h>
+#include <android/hardware/keymint/EcCurve.h>
+#include <android/hardware/keymint/HardwareAuthenticatorType.h>
+#include <android/hardware/keymint/KeyOrigin.h>
+#include <android/hardware/keymint/KeyParameter.h>
+#include <android/hardware/keymint/KeyPurpose.h>
+#include <android/hardware/keymint/PaddingMode.h>
+#include <android/hardware/keymint/SecurityLevel.h>
+#include <android/hardware/keymint/Tag.h>
+#include <android/hardware/keymint/TagType.h>
 
-namespace android::hardware::security::keymint {
+namespace android::hardware::keymint {
+
+using android::hardware::keymint::KeyParameter;
+using android::hardware::keymint::Tag;
+using android::hardware::keymint::TagType;
 
 // The following create the numeric values that KM_TAG_PADDING and KM_TAG_DIGEST used to have.  We
 // need these old values to be able to support old keys that use them.
@@ -333,6 +337,78 @@ inline NullOr<const typename TypedTag2ValueType<TypedTag<tag_type, tag>>::type&>
     return accessTagValue(ttag, param);
 }
 
-}  // namespace android::hardware::security::keymint
+}  // namespace android::hardware::keymint
+
+namespace std {
+
+using namespace android::hardware::keymint;
+
+// Aidl generates KeyParameter operator<, >, ==, != for cpp translation but not ndk
+// translations.  So we cannot straight forward overload these operators.
+// However we need our custom comparison for KeyParameters.  So we will
+// overload std::less, equal_to instead.
+template <>
+struct std::less<KeyParameter> {
+    bool operator()(const KeyParameter& a, const KeyParameter& b) const {
+        if (a.tag != b.tag) return a.tag < b.tag;
+        int retval;
+        switch (typeFromTag(a.tag)) {
+            case TagType::INVALID:
+            case TagType::BOOL:
+                return false;
+            case TagType::ENUM:
+            case TagType::ENUM_REP:
+            case TagType::UINT:
+            case TagType::UINT_REP:
+                return a.integer < b.integer;
+            case TagType::ULONG:
+            case TagType::ULONG_REP:
+            case TagType::DATE:
+                return a.longInteger < b.longInteger;
+            case TagType::BIGNUM:
+            case TagType::BYTES:
+                // Handle the empty cases.
+                if (a.blob.size() == 0) return b.blob.size() != 0;
+                if (b.blob.size() == 0) return false;
+                retval = memcmp(&a.blob[0], &b.blob[0], std::min(a.blob.size(), b.blob.size()));
+                // if one is the prefix of the other the longer wins
+                if (retval == 0) return a.blob.size() < b.blob.size();
+                // Otherwise a is less if a is less.
+                else
+                    return retval < 0;
+        }
+        return false;
+    }
+};
+
+template <>
+struct std::equal_to<KeyParameter> {
+    bool operator()(const KeyParameter& a, const KeyParameter& b) const {
+        if (a.tag != b.tag) {
+            return false;
+        }
+        switch (typeFromTag(a.tag)) {
+            case TagType::INVALID:
+            case TagType::BOOL:
+                return true;
+            case TagType::ENUM:
+            case TagType::ENUM_REP:
+            case TagType::UINT:
+            case TagType::UINT_REP:
+                return a.integer == b.integer;
+            case TagType::ULONG:
+            case TagType::ULONG_REP:
+            case TagType::DATE:
+                return a.longInteger == b.longInteger;
+            case TagType::BIGNUM:
+            case TagType::BYTES:
+                if (a.blob.size() != b.blob.size()) return false;
+                return a.blob.size() == 0 || memcmp(&a.blob[0], &b.blob[0], a.blob.size()) == 0;
+        }
+        return false;
+    }
+};
+
+}  // namespace std
 
 #endif  // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_

keymint/support/include/keymintSupport/keymint_utils.h

@@ -19,9 +19,11 @@
 #ifndef HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_
 #define HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_
 
-#include <android/hardware/security/keymint/HardwareAuthToken.h>
+#include <android/hardware/keymint/HardwareAuthToken.h>
 
-namespace android::hardware::security::keymint {
+namespace android {
+namespace hardware {
+namespace keymint {
 
 using std::vector;
 
@@ -42,6 +44,8 @@ vector<uint8_t> authToken2vector(const HardwareAuthToken& token);
 uint32_t getOsVersion();
 uint32_t getOsPatchlevel();
 
-}  // namespace android::hardware::security::keymint
+}  // namespace keymint
+}  // namespace hardware
+}  // namespace android
 
 #endif  // HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_

keymint/support/include/keymintSupport/openssl_utils.h

@@ -17,13 +17,11 @@
 #ifndef HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_
 #define HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_
 
-#include <android/hardware/security/keymint/Digest.h>
+#include <android/hardware/keymint/Digest.h>
 
 #include <openssl/evp.h>
 #include <openssl/x509.h>
 
-namespace android::hardware::security::keymint {
-
 template <typename T, void (*F)(T*)>
 struct UniquePtrDeleter {
     void operator()(T* p) const { F(p); }
@@ -42,26 +40,24 @@ MAKE_OPENSSL_PTR_TYPE(BN_CTX)
 
 typedef std::unique_ptr<BIGNUM, UniquePtrDeleter<BIGNUM, BN_free>> BIGNUM_Ptr;
 
-inline const EVP_MD* openssl_digest(Digest digest) {
+inline const EVP_MD* openssl_digest(android::hardware::keymint::Digest digest) {
     switch (digest) {
-        case Digest::NONE:
+        case android::hardware::keymint::Digest::NONE:
             return nullptr;
-        case Digest::MD5:
+        case android::hardware::keymint::Digest::MD5:
             return EVP_md5();
-        case Digest::SHA1:
+        case android::hardware::keymint::Digest::SHA1:
             return EVP_sha1();
-        case Digest::SHA_2_224:
+        case android::hardware::keymint::Digest::SHA_2_224:
             return EVP_sha224();
-        case Digest::SHA_2_256:
+        case android::hardware::keymint::Digest::SHA_2_256:
             return EVP_sha256();
-        case Digest::SHA_2_384:
+        case android::hardware::keymint::Digest::SHA_2_384:
             return EVP_sha384();
-        case Digest::SHA_2_512:
+        case android::hardware::keymint::Digest::SHA_2_512:
             return EVP_sha512();
     }
     return nullptr;
 }
 
-}  // namespace android::hardware::security::keymint
-
 #endif  // HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_

keymint/support/key_param_output.cpp

@@ -14,13 +14,15 @@
  * limitations under the License.
  */
 
-#include <keymint_support/key_param_output.h>
+#include <keymintSupport/key_param_output.h>
+
+#include <keymintSupport/keymint_tags.h>
 
 #include <iomanip>
 
-#include <keymint_support/keymint_tags.h>
-
-namespace android::hardware::security::keymint {
+namespace android {
+namespace hardware {
+namespace keymint {
 
 using ::std::endl;
 using ::std::ostream;
@@ -69,4 +71,6 @@ ostream& operator<<(ostream& os, const KeyParameter& param) {
     return os << "UNKNOWN TAG TYPE!";
 }
 
-}  // namespace android::hardware::security::keymint
+}  // namespace keymint
+}  // namespace hardware
+}  // namespace android

keymint/support/keymint_utils.cpp

@@ -18,11 +18,11 @@
 
 #include <android-base/properties.h>
 #include <hardware/hw_auth_token.h>
-#include <keymint_support/keymint_utils.h>
+#include <keymintSupport/keymint_utils.h>
 
 #include <arpa/inet.h>
 
-namespace android::hardware::security::keymint {
+namespace android::hardware::keymint {
 
 namespace {
 
@@ -111,4 +111,4 @@ uint32_t getOsPatchlevel() {
     return getOsPatchlevel(patchlevel.c_str());
 }
 
-}  // namespace android::hardware::security::keymint
+}  // namespace android::hardware::keymint

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl

@@ -1,33 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.keymint;
-@VintfStability
-interface IKeyMintDevice {
-  android.hardware.security.keymint.KeyMintHardwareInfo getHardwareInfo();
-  android.hardware.security.keymint.VerificationToken verifyAuthorization(in long challenge, in android.hardware.security.keymint.HardwareAuthToken token);
-  void addRngEntropy(in byte[] data);
-  void generateKey(in android.hardware.security.keymint.KeyParameter[] keyParams, out android.hardware.security.keymint.ByteArray generatedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics generatedKeyCharacteristics, out android.hardware.security.keymint.Certificate[] outCertChain);
-  void importKey(in android.hardware.security.keymint.KeyParameter[] inKeyParams, in android.hardware.security.keymint.KeyFormat inKeyFormat, in byte[] inKeyData, out android.hardware.security.keymint.ByteArray outImportedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics outImportedKeyCharacteristics, out android.hardware.security.keymint.Certificate[] outCertChain);
-  void importWrappedKey(in byte[] inWrappedKeyData, in byte[] inWrappingKeyBlob, in byte[] inMaskingKey, in android.hardware.security.keymint.KeyParameter[] inUnwrappingParams, in long inPasswordSid, in long inBiometricSid, out android.hardware.security.keymint.ByteArray outImportedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics outImportedKeyCharacteristics);
-  byte[] upgradeKey(in byte[] inKeyBlobToUpgrade, in android.hardware.security.keymint.KeyParameter[] inUpgradeParams);
-  void deleteKey(in byte[] inKeyBlob);
-  void deleteAllKeys();
-  void destroyAttestationIds();
-  android.hardware.security.keymint.BeginResult begin(in android.hardware.security.keymint.KeyPurpose inPurpose, in byte[] inKeyBlob, in android.hardware.security.keymint.KeyParameter[] inParams, in android.hardware.security.keymint.HardwareAuthToken inAuthToken);
-  const int AUTH_TOKEN_MAC_LENGTH = 32;
-}

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl

@@ -1,24 +0,0 @@
-///////////////////////////////////////////////////////////////////////////////
-// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE.                          //
-///////////////////////////////////////////////////////////////////////////////
-
-// This file is a snapshot of an AIDL interface (or parcelable). Do not try to
-// edit this file. It looks like you are doing that because you have modified
-// an AIDL interface in a backward-incompatible way, e.g., deleting a function
-// from an interface or a field from a parcelable and it broke the build. That
-// breakage is intended.
-//
-// You must not make a backward incompatible changes to the AIDL files built
-// with the aidl_interface module type with versions property set. The module
-// type is used to build AIDL files in a way that they can be used across
-// independently updatable components of the system. If a device is shipped
-// with such a backward incompatible change, it has a high risk of breaking
-// later when a module using the interface is updated, e.g., Mainline modules.
-
-package android.hardware.security.keymint;
-@VintfStability
-interface IKeyMintOperation {
-  int update(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.security.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams, out @nullable android.hardware.security.keymint.ByteArray output);
-  byte[] finish(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams);
-  void abort();
-}

security/keymint/aidl/default/android.hardware.security.keymint-service.rc

@@ -1,3 +0,0 @@
-service vendor.keymint-default /vendor/bin/hw/android.hardware.security.keymint-service
-    class early_hal
-    user nobody