diff --git a/compatibility_matrices/compatibility_matrix.current.xml b/compatibility_matrices/compatibility_matrix.current.xml index e9df02f420..1957f8c794 100644 --- a/compatibility_matrices/compatibility_matrix.current.xml +++ b/compatibility_matrices/compatibility_matrix.current.xml @@ -299,7 +299,7 @@ - android.hardware.security.keymint + android.hardware.keymint IKeyMintDevice default diff --git a/security/keymint/aidl/Android.bp b/keymint/aidl/Android.bp similarity index 76% rename from security/keymint/aidl/Android.bp rename to keymint/aidl/Android.bp index b5adac9558..0dae527d40 100644 --- a/security/keymint/aidl/Android.bp +++ b/keymint/aidl/Android.bp @@ -1,8 +1,8 @@ aidl_interface { - name: "android.hardware.security.keymint", + name: "android.hardware.keymint", vendor_available: true, srcs: [ - "android/hardware/security/keymint/*.aidl", + "android/hardware/keymint/*.aidl", ], stability: "vintf", backend: { diff --git a/security/keymint/aidl/OWNERS b/keymint/aidl/OWNERS similarity index 100% rename from security/keymint/aidl/OWNERS rename to keymint/aidl/OWNERS diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Algorithm.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Algorithm.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Algorithm.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Algorithm.aidl index 46e0ae0f2f..f51a4128c8 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Algorithm.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Algorithm.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum Algorithm { RSA = 1, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BeginResult.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/BeginResult.aidl similarity index 86% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BeginResult.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/BeginResult.aidl index ed96485a0d..2f56be6721 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BeginResult.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/BeginResult.aidl @@ -15,10 +15,10 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable BeginResult { long challenge; - android.hardware.security.keymint.KeyParameter[] params; - android.hardware.security.keymint.IKeyMintOperation operation; + android.hardware.keymint.KeyParameter[] params; + android.hardware.keymint.IKeyMintOperation operation; } diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BlockMode.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/BlockMode.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BlockMode.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/BlockMode.aidl index dddc9d8d3c..94de930d6e 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BlockMode.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/BlockMode.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum BlockMode { ECB = 1, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ByteArray.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/ByteArray.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ByteArray.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/ByteArray.aidl index 3d18a26cf7..2dc22a970d 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ByteArray.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/ByteArray.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable ByteArray { byte[] data; diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Certificate.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Certificate.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Certificate.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Certificate.aidl index 9e0f8dcff9..ca55054d72 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Certificate.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Certificate.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable Certificate { byte[] encodedCertificate; diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Digest.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Digest.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Digest.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Digest.aidl index 8fc4d428db..cc4d2fdffa 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Digest.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Digest.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum Digest { NONE = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/EcCurve.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/EcCurve.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/EcCurve.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/EcCurve.aidl index 7c3f2f38eb..4e446ad275 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/EcCurve.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/EcCurve.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum EcCurve { P_224 = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/ErrorCode.aidl similarity index 98% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/ErrorCode.aidl index cdcb08d5c7..2679243f34 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/ErrorCode.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum ErrorCode { OK = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthToken.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/HardwareAuthToken.aidl similarity index 86% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthToken.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/HardwareAuthToken.aidl index 9ea24f5ebe..1f5f8e952e 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthToken.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/HardwareAuthToken.aidl @@ -15,13 +15,13 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable HardwareAuthToken { long challenge; long userId; long authenticatorId; - android.hardware.security.keymint.HardwareAuthenticatorType authenticatorType; - android.hardware.security.keymint.Timestamp timestamp; + android.hardware.keymint.HardwareAuthenticatorType authenticatorType; + android.hardware.keymint.Timestamp timestamp; byte[] mac; } diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthenticatorType.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/HardwareAuthenticatorType.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthenticatorType.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/HardwareAuthenticatorType.aidl index aef5ee049f..95ec5c5b45 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthenticatorType.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/HardwareAuthenticatorType.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum HardwareAuthenticatorType { NONE = 0, diff --git a/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintDevice.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintDevice.aidl new file mode 100644 index 0000000000..1616622927 --- /dev/null +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintDevice.aidl @@ -0,0 +1,33 @@ +/////////////////////////////////////////////////////////////////////////////// +// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // +/////////////////////////////////////////////////////////////////////////////// + +// This file is a snapshot of an AIDL interface (or parcelable). Do not try to +// edit this file. It looks like you are doing that because you have modified +// an AIDL interface in a backward-incompatible way, e.g., deleting a function +// from an interface or a field from a parcelable and it broke the build. That +// breakage is intended. +// +// You must not make a backward incompatible changes to the AIDL files built +// with the aidl_interface module type with versions property set. The module +// type is used to build AIDL files in a way that they can be used across +// independently updatable components of the system. If a device is shipped +// with such a backward incompatible change, it has a high risk of breaking +// later when a module using the interface is updated, e.g., Mainline modules. + +package android.hardware.keymint; +@VintfStability +interface IKeyMintDevice { + android.hardware.keymint.KeyMintHardwareInfo getHardwareInfo(); + android.hardware.keymint.VerificationToken verifyAuthorization(in long challenge, in android.hardware.keymint.HardwareAuthToken token); + void addRngEntropy(in byte[] data); + void generateKey(in android.hardware.keymint.KeyParameter[] keyParams, out android.hardware.keymint.ByteArray generatedKeyBlob, out android.hardware.keymint.KeyCharacteristics generatedKeyCharacteristics, out android.hardware.keymint.Certificate[] outCertChain); + void importKey(in android.hardware.keymint.KeyParameter[] inKeyParams, in android.hardware.keymint.KeyFormat inKeyFormat, in byte[] inKeyData, out android.hardware.keymint.ByteArray outImportedKeyBlob, out android.hardware.keymint.KeyCharacteristics outImportedKeyCharacteristics, out android.hardware.keymint.Certificate[] outCertChain); + void importWrappedKey(in byte[] inWrappedKeyData, in byte[] inWrappingKeyBlob, in byte[] inMaskingKey, in android.hardware.keymint.KeyParameter[] inUnwrappingParams, in long inPasswordSid, in long inBiometricSid, out android.hardware.keymint.ByteArray outImportedKeyBlob, out android.hardware.keymint.KeyCharacteristics outImportedKeyCharacteristics); + byte[] upgradeKey(in byte[] inKeyBlobToUpgrade, in android.hardware.keymint.KeyParameter[] inUpgradeParams); + void deleteKey(in byte[] inKeyBlob); + void deleteAllKeys(); + void destroyAttestationIds(); + android.hardware.keymint.BeginResult begin(in android.hardware.keymint.KeyPurpose inPurpose, in byte[] inKeyBlob, in android.hardware.keymint.KeyParameter[] inParams, in android.hardware.keymint.HardwareAuthToken inAuthToken); + const int AUTH_TOKEN_MAC_LENGTH = 32; +} diff --git a/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintOperation.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintOperation.aidl new file mode 100644 index 0000000000..5327345596 --- /dev/null +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintOperation.aidl @@ -0,0 +1,24 @@ +/////////////////////////////////////////////////////////////////////////////// +// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // +/////////////////////////////////////////////////////////////////////////////// + +// This file is a snapshot of an AIDL interface (or parcelable). Do not try to +// edit this file. It looks like you are doing that because you have modified +// an AIDL interface in a backward-incompatible way, e.g., deleting a function +// from an interface or a field from a parcelable and it broke the build. That +// breakage is intended. +// +// You must not make a backward incompatible changes to the AIDL files built +// with the aidl_interface module type with versions property set. The module +// type is used to build AIDL files in a way that they can be used across +// independently updatable components of the system. If a device is shipped +// with such a backward incompatible change, it has a high risk of breaking +// later when a module using the interface is updated, e.g., Mainline modules. + +package android.hardware.keymint; +@VintfStability +interface IKeyMintOperation { + int update(in @nullable android.hardware.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.keymint.KeyParameterArray outParams, out @nullable android.hardware.keymint.ByteArray output); + byte[] finish(in @nullable android.hardware.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.keymint.HardwareAuthToken authToken, in @nullable android.hardware.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.keymint.KeyParameterArray outParams); + void abort(); +} diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyCharacteristics.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyCharacteristics.aidl similarity index 85% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyCharacteristics.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyCharacteristics.aidl index fb4214cd43..4e73381ad7 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyCharacteristics.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyCharacteristics.aidl @@ -15,9 +15,9 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable KeyCharacteristics { - android.hardware.security.keymint.KeyParameter[] softwareEnforced; - android.hardware.security.keymint.KeyParameter[] hardwareEnforced; + android.hardware.keymint.KeyParameter[] softwareEnforced; + android.hardware.keymint.KeyParameter[] hardwareEnforced; } diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyDerivationFunction.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyDerivationFunction.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyDerivationFunction.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyDerivationFunction.aidl index 83b7e6e7ee..8e2c7747bb 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyDerivationFunction.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyDerivationFunction.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum KeyDerivationFunction { NONE = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyFormat.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyFormat.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyFormat.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyFormat.aidl index f701c808a2..cfa585d369 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyFormat.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyFormat.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum KeyFormat { X509 = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyMintHardwareInfo.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyMintHardwareInfo.aidl similarity index 91% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyMintHardwareInfo.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyMintHardwareInfo.aidl index 5e9f7ae635..8263e6018a 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyMintHardwareInfo.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyMintHardwareInfo.aidl @@ -15,11 +15,11 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable KeyMintHardwareInfo { int versionNumber; - android.hardware.security.keymint.SecurityLevel securityLevel; + android.hardware.keymint.SecurityLevel securityLevel; @utf8InCpp String keyMintName; @utf8InCpp String keyMintAuthorName; } diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyOrigin.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyOrigin.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyOrigin.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyOrigin.aidl index 9728bf92b7..8d03d2b683 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyOrigin.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyOrigin.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum KeyOrigin { GENERATED = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameter.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyParameter.aidl similarity index 92% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameter.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyParameter.aidl index 91f83e4071..923cc6808a 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameter.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyParameter.aidl @@ -15,10 +15,10 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable KeyParameter { - android.hardware.security.keymint.Tag tag; + android.hardware.keymint.Tag tag; boolean boolValue; int integer; long longInteger; diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameterArray.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyParameterArray.aidl similarity index 91% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameterArray.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyParameterArray.aidl index 2c3b768756..b9b978241b 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameterArray.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyParameterArray.aidl @@ -15,8 +15,8 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable KeyParameterArray { - android.hardware.security.keymint.KeyParameter[] params; + android.hardware.keymint.KeyParameter[] params; } diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyPurpose.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyPurpose.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyPurpose.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyPurpose.aidl index a6fd8c3737..1aee56a14b 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyPurpose.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyPurpose.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum KeyPurpose { ENCRYPT = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/PaddingMode.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/PaddingMode.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/PaddingMode.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/PaddingMode.aidl index 2ecfa1e8f6..97f93db3cb 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/PaddingMode.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/PaddingMode.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum PaddingMode { NONE = 1, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/SecurityLevel.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/SecurityLevel.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/SecurityLevel.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/SecurityLevel.aidl index 601693f127..1fb529ded4 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/SecurityLevel.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/SecurityLevel.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum SecurityLevel { SOFTWARE = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Tag.aidl similarity index 98% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Tag.aidl index 38eb6e693c..33a95fe38d 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Tag.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum Tag { INVALID = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/TagType.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/TagType.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/TagType.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/TagType.aidl index bb2766c6bf..82144539a7 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/TagType.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/TagType.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum TagType { INVALID = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Timestamp.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Timestamp.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Timestamp.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Timestamp.aidl index 4d5b6598b5..f95d8db828 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Timestamp.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Timestamp.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable Timestamp { long milliSeconds; diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/VerificationToken.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/VerificationToken.aidl similarity index 87% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/VerificationToken.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/VerificationToken.aidl index 5c76816a52..7b4989a408 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/VerificationToken.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/VerificationToken.aidl @@ -15,11 +15,11 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable VerificationToken { long challenge; - android.hardware.security.keymint.Timestamp timestamp; - android.hardware.security.keymint.SecurityLevel securityLevel; + android.hardware.keymint.Timestamp timestamp; + android.hardware.keymint.SecurityLevel securityLevel; byte[] mac; } diff --git a/security/keymint/aidl/android/hardware/security/keymint/Algorithm.aidl b/keymint/aidl/android/hardware/keymint/Algorithm.aidl similarity index 95% rename from security/keymint/aidl/android/hardware/security/keymint/Algorithm.aidl rename to keymint/aidl/android/hardware/keymint/Algorithm.aidl index 8300b0d75c..8c5d99cf35 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/Algorithm.aidl +++ b/keymint/aidl/android/hardware/keymint/Algorithm.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * Algorithms provided by IKeyMintDevice implementations. diff --git a/security/keymint/aidl/android/hardware/security/keymint/BeginResult.aidl b/keymint/aidl/android/hardware/keymint/BeginResult.aidl similarity index 87% rename from security/keymint/aidl/android/hardware/security/keymint/BeginResult.aidl rename to keymint/aidl/android/hardware/keymint/BeginResult.aidl index aaf9f3caa4..58eb024427 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/BeginResult.aidl +++ b/keymint/aidl/android/hardware/keymint/BeginResult.aidl @@ -14,10 +14,12 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + + +import android.hardware.keymint.IKeyMintOperation; +import android.hardware.keymint.KeyParameter; -import android.hardware.security.keymint.IKeyMintOperation; -import android.hardware.security.keymint.KeyParameter; /** * This is all the results returned by the IKeyMintDevice begin() function. diff --git a/security/keymint/aidl/android/hardware/security/keymint/BlockMode.aidl b/keymint/aidl/android/hardware/keymint/BlockMode.aidl similarity index 96% rename from security/keymint/aidl/android/hardware/security/keymint/BlockMode.aidl rename to keymint/aidl/android/hardware/keymint/BlockMode.aidl index 629c89f02e..b6b36ccf2a 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/BlockMode.aidl +++ b/keymint/aidl/android/hardware/keymint/BlockMode.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * Symmetric block cipher modes provided by IKeyMintDevice implementations. diff --git a/security/keymint/aidl/android/hardware/security/keymint/ByteArray.aidl b/keymint/aidl/android/hardware/keymint/ByteArray.aidl similarity index 94% rename from security/keymint/aidl/android/hardware/security/keymint/ByteArray.aidl rename to keymint/aidl/android/hardware/keymint/ByteArray.aidl index c3b402ea65..18d187e889 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/ByteArray.aidl +++ b/keymint/aidl/android/hardware/keymint/ByteArray.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * This is used to contain a byte[], to make out parameters of byte arrays diff --git a/security/keymint/aidl/android/hardware/security/keymint/Certificate.aidl b/keymint/aidl/android/hardware/keymint/Certificate.aidl similarity index 95% rename from security/keymint/aidl/android/hardware/security/keymint/Certificate.aidl rename to keymint/aidl/android/hardware/keymint/Certificate.aidl index a9538590eb..3a70970f30 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/Certificate.aidl +++ b/keymint/aidl/android/hardware/keymint/Certificate.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** * This encodes the IKeyMintDevice attestation generated certificate. diff --git a/security/keymint/aidl/android/hardware/security/keymint/Digest.aidl b/keymint/aidl/android/hardware/keymint/Digest.aidl similarity index 95% rename from security/keymint/aidl/android/hardware/security/keymint/Digest.aidl rename to keymint/aidl/android/hardware/keymint/Digest.aidl index b44da5a51c..a92ac23209 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/Digest.aidl +++ b/keymint/aidl/android/hardware/keymint/Digest.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * Digests provided by keyMint implementations. diff --git a/security/keymint/aidl/android/hardware/security/keymint/EcCurve.aidl b/keymint/aidl/android/hardware/keymint/EcCurve.aidl similarity index 94% rename from security/keymint/aidl/android/hardware/security/keymint/EcCurve.aidl rename to keymint/aidl/android/hardware/keymint/EcCurve.aidl index b9d16467b0..abd44b406d 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/EcCurve.aidl +++ b/keymint/aidl/android/hardware/keymint/EcCurve.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * Supported EC curves, used in ECDSA diff --git a/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl b/keymint/aidl/android/hardware/keymint/ErrorCode.aidl similarity index 98% rename from security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl rename to keymint/aidl/android/hardware/keymint/ErrorCode.aidl index fb24ad1baa..2a54954c74 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl +++ b/keymint/aidl/android/hardware/keymint/ErrorCode.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * KeyMint error codes. Aidl will return these error codes as service specific diff --git a/security/keymint/aidl/android/hardware/security/keymint/HardwareAuthToken.aidl b/keymint/aidl/android/hardware/keymint/HardwareAuthToken.aidl similarity index 95% rename from security/keymint/aidl/android/hardware/security/keymint/HardwareAuthToken.aidl rename to keymint/aidl/android/hardware/keymint/HardwareAuthToken.aidl index 12d615f86f..9b56a2e661 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/HardwareAuthToken.aidl +++ b/keymint/aidl/android/hardware/keymint/HardwareAuthToken.aidl @@ -14,10 +14,10 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.Timestamp; -import android.hardware.security.keymint.HardwareAuthenticatorType; +import android.hardware.keymint.Timestamp; +import android.hardware.keymint.HardwareAuthenticatorType; /** * HardwareAuthToken is used to prove successful user authentication, to unlock the use of a key. @@ -30,6 +30,7 @@ import android.hardware.security.keymint.HardwareAuthenticatorType; */ @VintfStability parcelable HardwareAuthToken { + /** * challenge is a value that's used to enable authentication tokens to authorize specific * events. The primary use case for challenge is to authorize an IKeyMintDevice cryptographic diff --git a/security/keymint/aidl/android/hardware/security/keymint/HardwareAuthenticatorType.aidl b/keymint/aidl/android/hardware/keymint/HardwareAuthenticatorType.aidl similarity index 96% rename from security/keymint/aidl/android/hardware/security/keymint/HardwareAuthenticatorType.aidl rename to keymint/aidl/android/hardware/keymint/HardwareAuthenticatorType.aidl index 33f71b8d3c..5c25e2f544 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/HardwareAuthenticatorType.aidl +++ b/keymint/aidl/android/hardware/keymint/HardwareAuthenticatorType.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** * Hardware authentication type, used by HardwareAuthTokens to specify the mechanism used to diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/keymint/aidl/android/hardware/keymint/IKeyMintDevice.aidl similarity index 98% rename from security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl rename to keymint/aidl/android/hardware/keymint/IKeyMintDevice.aidl index 4944acb1b1..8fbab79600 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl +++ b/keymint/aidl/android/hardware/keymint/IKeyMintDevice.aidl @@ -14,20 +14,20 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.BeginResult; -import android.hardware.security.keymint.ByteArray; -import android.hardware.security.keymint.Certificate; -import android.hardware.security.keymint.HardwareAuthToken; -import android.hardware.security.keymint.IKeyMintOperation; -import android.hardware.security.keymint.KeyCharacteristics; -import android.hardware.security.keymint.KeyFormat; -import android.hardware.security.keymint.KeyParameter; -import android.hardware.security.keymint.KeyMintHardwareInfo; -import android.hardware.security.keymint.KeyPurpose; -import android.hardware.security.keymint.SecurityLevel; -import android.hardware.security.keymint.VerificationToken; +import android.hardware.keymint.BeginResult; +import android.hardware.keymint.ByteArray; +import android.hardware.keymint.Certificate; +import android.hardware.keymint.HardwareAuthToken; +import android.hardware.keymint.IKeyMintOperation; +import android.hardware.keymint.KeyCharacteristics; +import android.hardware.keymint.KeyFormat; +import android.hardware.keymint.KeyParameter; +import android.hardware.keymint.KeyMintHardwareInfo; +import android.hardware.keymint.KeyPurpose; +import android.hardware.keymint.SecurityLevel; +import android.hardware.keymint.VerificationToken; /** * KeyMint device definition. diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl b/keymint/aidl/android/hardware/keymint/IKeyMintOperation.aidl similarity index 97% rename from security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl rename to keymint/aidl/android/hardware/keymint/IKeyMintOperation.aidl index 24960ccea0..1b792961f7 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl +++ b/keymint/aidl/android/hardware/keymint/IKeyMintOperation.aidl @@ -14,13 +14,13 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.ByteArray; -import android.hardware.security.keymint.HardwareAuthToken; -import android.hardware.security.keymint.KeyParameter; -import android.hardware.security.keymint.KeyParameterArray; -import android.hardware.security.keymint.VerificationToken; +import android.hardware.keymint.ByteArray; +import android.hardware.keymint.HardwareAuthToken; +import android.hardware.keymint.KeyParameter; +import android.hardware.keymint.KeyParameterArray; +import android.hardware.keymint.VerificationToken; @VintfStability interface IKeyMintOperation { diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCharacteristics.aidl b/keymint/aidl/android/hardware/keymint/KeyCharacteristics.aidl similarity index 94% rename from security/keymint/aidl/android/hardware/security/keymint/KeyCharacteristics.aidl rename to keymint/aidl/android/hardware/keymint/KeyCharacteristics.aidl index 0801868825..ac7c2b482f 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyCharacteristics.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyCharacteristics.aidl @@ -14,9 +14,9 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.KeyParameter; +import android.hardware.keymint.KeyParameter; /** * KeyCharacteristics defines the attributes of a key, including cryptographic parameters, and usage diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyDerivationFunction.aidl b/keymint/aidl/android/hardware/keymint/KeyDerivationFunction.aidl similarity index 96% rename from security/keymint/aidl/android/hardware/security/keymint/KeyDerivationFunction.aidl rename to keymint/aidl/android/hardware/keymint/KeyDerivationFunction.aidl index e166ab6ad9..1eba446770 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyDerivationFunction.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyDerivationFunction.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** * Key derivation functions, mostly used in ECIES. diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyFormat.aidl b/keymint/aidl/android/hardware/keymint/KeyFormat.aidl similarity index 95% rename from security/keymint/aidl/android/hardware/security/keymint/KeyFormat.aidl rename to keymint/aidl/android/hardware/keymint/KeyFormat.aidl index 6ad8e3d922..13044dc5b1 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyFormat.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyFormat.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * Formats for key import and export. diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl b/keymint/aidl/android/hardware/keymint/KeyMintHardwareInfo.aidl similarity index 94% rename from security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl rename to keymint/aidl/android/hardware/keymint/KeyMintHardwareInfo.aidl index d3d7368add..5815b10951 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyMintHardwareInfo.aidl @@ -14,13 +14,15 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + +import android.hardware.keymint.SecurityLevel; -import android.hardware.security.keymint.SecurityLevel; /** * KeyMintHardwareInfo is the hardware information returned by calling KeyMint getHardwareInfo() */ + @VintfStability parcelable KeyMintHardwareInfo { /** diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyOrigin.aidl b/keymint/aidl/android/hardware/keymint/KeyOrigin.aidl similarity index 97% rename from security/keymint/aidl/android/hardware/security/keymint/KeyOrigin.aidl rename to keymint/aidl/android/hardware/keymint/KeyOrigin.aidl index 0cd53c2fbb..70320d3998 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyOrigin.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyOrigin.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * The origin of a key (or pair), i.e. where it was generated. Note that ORIGIN can be found in diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyParameter.aidl b/keymint/aidl/android/hardware/keymint/KeyParameter.aidl similarity index 70% rename from security/keymint/aidl/android/hardware/security/keymint/KeyParameter.aidl rename to keymint/aidl/android/hardware/keymint/KeyParameter.aidl index 938064ca53..d58e4aa1aa 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyParameter.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyParameter.aidl @@ -14,19 +14,20 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.Algorithm; -import android.hardware.security.keymint.BlockMode; -import android.hardware.security.keymint.Digest; -import android.hardware.security.keymint.EcCurve; -import android.hardware.security.keymint.HardwareAuthenticatorType; -import android.hardware.security.keymint.KeyDerivationFunction; -import android.hardware.security.keymint.KeyOrigin; -import android.hardware.security.keymint.KeyPurpose; -import android.hardware.security.keymint.PaddingMode; -import android.hardware.security.keymint.SecurityLevel; -import android.hardware.security.keymint.Tag; + +import android.hardware.keymint.Algorithm; +import android.hardware.keymint.BlockMode; +import android.hardware.keymint.Digest; +import android.hardware.keymint.EcCurve; +import android.hardware.keymint.HardwareAuthenticatorType; +import android.hardware.keymint.KeyDerivationFunction; +import android.hardware.keymint.KeyOrigin; +import android.hardware.keymint.KeyPurpose; +import android.hardware.keymint.PaddingMode; +import android.hardware.keymint.SecurityLevel; +import android.hardware.keymint.Tag; /** diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyParameterArray.aidl b/keymint/aidl/android/hardware/keymint/KeyParameterArray.aidl similarity index 90% rename from security/keymint/aidl/android/hardware/security/keymint/KeyParameterArray.aidl rename to keymint/aidl/android/hardware/keymint/KeyParameterArray.aidl index acab43591c..cc9e37ad2a 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyParameterArray.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyParameterArray.aidl @@ -14,9 +14,9 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.KeyParameter; +import android.hardware.keymint.KeyParameter; /** * Identifies the key authorization parameters to be used with keyMint. This is usually diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl b/keymint/aidl/android/hardware/keymint/KeyPurpose.aidl similarity index 96% rename from security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl rename to keymint/aidl/android/hardware/keymint/KeyPurpose.aidl index cb4682ea56..bc029fdb39 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyPurpose.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** diff --git a/security/keymint/aidl/android/hardware/security/keymint/PaddingMode.aidl b/keymint/aidl/android/hardware/keymint/PaddingMode.aidl similarity index 96% rename from security/keymint/aidl/android/hardware/security/keymint/PaddingMode.aidl rename to keymint/aidl/android/hardware/keymint/PaddingMode.aidl index 80b73bd0dc..337ed912fc 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/PaddingMode.aidl +++ b/keymint/aidl/android/hardware/keymint/PaddingMode.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** * TODO(seleneh) update the description. diff --git a/security/keymint/aidl/android/hardware/security/keymint/SecurityLevel.aidl b/keymint/aidl/android/hardware/keymint/SecurityLevel.aidl similarity index 95% rename from security/keymint/aidl/android/hardware/security/keymint/SecurityLevel.aidl rename to keymint/aidl/android/hardware/keymint/SecurityLevel.aidl index 10363e9bb0..d8de024493 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/SecurityLevel.aidl +++ b/keymint/aidl/android/hardware/keymint/SecurityLevel.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** * Device security levels. diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/keymint/aidl/android/hardware/keymint/Tag.aidl similarity index 99% rename from security/keymint/aidl/android/hardware/security/keymint/Tag.aidl rename to keymint/aidl/android/hardware/keymint/Tag.aidl index 532bc5de9b..46da09658c 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl +++ b/keymint/aidl/android/hardware/keymint/Tag.aidl @@ -14,9 +14,9 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.TagType; +import android.hardware.keymint.TagType; // TODO(seleneh) : note aidl currently does not support double nested enum definitions such as // ROOT_OF_TRUST = TagType:BYTES | 704. So we are forced to write definations as diff --git a/security/keymint/aidl/android/hardware/security/keymint/TagType.aidl b/keymint/aidl/android/hardware/keymint/TagType.aidl similarity index 97% rename from security/keymint/aidl/android/hardware/security/keymint/TagType.aidl rename to keymint/aidl/android/hardware/keymint/TagType.aidl index a273af3f8c..fb50b10d4a 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/TagType.aidl +++ b/keymint/aidl/android/hardware/keymint/TagType.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** * TagType classifies Tags in Tag.aidl into various groups of data. diff --git a/security/keymint/aidl/android/hardware/security/keymint/Timestamp.aidl b/keymint/aidl/android/hardware/keymint/Timestamp.aidl similarity index 96% rename from security/keymint/aidl/android/hardware/security/keymint/Timestamp.aidl rename to keymint/aidl/android/hardware/keymint/Timestamp.aidl index ebb36848df..7c882c6811 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/Timestamp.aidl +++ b/keymint/aidl/android/hardware/keymint/Timestamp.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** * Time in milliseconds since some arbitrary point in time. Time must be monotonically increasing, diff --git a/security/keymint/aidl/android/hardware/security/keymint/VerificationToken.aidl b/keymint/aidl/android/hardware/keymint/VerificationToken.aidl similarity index 79% rename from security/keymint/aidl/android/hardware/security/keymint/VerificationToken.aidl rename to keymint/aidl/android/hardware/keymint/VerificationToken.aidl index f76e6a8526..736c0e2f3e 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/VerificationToken.aidl +++ b/keymint/aidl/android/hardware/keymint/VerificationToken.aidl @@ -14,10 +14,10 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.SecurityLevel; -import android.hardware.security.keymint.Timestamp; +import android.hardware.keymint.SecurityLevel; +import android.hardware.keymint.Timestamp; /** * VerificationToken instances are used for secure environments to authenticate one another. @@ -48,7 +48,7 @@ parcelable VerificationToken { * 32-byte HMAC-SHA256 of the above values, computed as: * * HMAC(H, - * "Auth Verification" || challenge || timestamp || securityLevel) + * "Auth Verification" || challenge || timestamp || securityLevel || parametersVerified) * * where: * @@ -58,6 +58,11 @@ parcelable VerificationToken { * * The representation of challenge and timestamp is as 64-bit unsigned integers in big-endian * order. securityLevel is represented as a 32-bit unsigned integer in big-endian order. + * + * If parametersVerified is non-empty, the representation of parametersVerified is an ASN.1 DER + * encoded representation of the values. The ASN.1 schema used is the AuthorizationList schema + * from the Keystore attestation documentation. If parametersVerified is empty, it is simply + * omitted from the HMAC computation. */ byte[] mac; } diff --git a/security/keymint/aidl/default/Android.bp b/keymint/aidl/default/Android.bp similarity index 58% rename from security/keymint/aidl/default/Android.bp rename to keymint/aidl/default/Android.bp index 491a2c1c95..539ca47511 100644 --- a/security/keymint/aidl/default/Android.bp +++ b/keymint/aidl/default/Android.bp @@ -1,22 +1,22 @@ cc_binary { - name: "android.hardware.security.keymint-service", + name: "android.hardware.keymint@1.0-service", relative_install_path: "hw", - init_rc: ["android.hardware.security.keymint-service.rc"], - vintf_fragments: ["android.hardware.security.keymint-service.xml"], + init_rc: ["android.hardware.keymint@1.0-service.rc"], + vintf_fragments: ["android.hardware.keymint@1.0-service.xml"], vendor: true, cflags: [ "-Wall", "-Wextra", ], shared_libs: [ - "android.hardware.security.keymint-ndk_platform", + "android.hardware.keymint-ndk_platform", "libbase", "libbinder_ndk", "libcppbor", "libcrypto", - "libkeymaster_portable", - "libkeymint", "liblog", + "libkeymaster_portable", + "libkeymint1", "libpuresoftkeymasterdevice", "libutils", ], diff --git a/keymint/aidl/default/android.hardware.keymint@1.0-service.rc b/keymint/aidl/default/android.hardware.keymint@1.0-service.rc new file mode 100644 index 0000000000..92dce88449 --- /dev/null +++ b/keymint/aidl/default/android.hardware.keymint@1.0-service.rc @@ -0,0 +1,3 @@ +service vendor.keymint-default /vendor/bin/hw/android.hardware.keymint@1.0-service + class early_hal + user nobody diff --git a/security/keymint/aidl/default/android.hardware.security.keymint-service.xml b/keymint/aidl/default/android.hardware.keymint@1.0-service.xml similarity index 70% rename from security/keymint/aidl/default/android.hardware.security.keymint-service.xml rename to keymint/aidl/default/android.hardware.keymint@1.0-service.xml index 73d15a8024..3935b5a0d4 100644 --- a/security/keymint/aidl/default/android.hardware.security.keymint-service.xml +++ b/keymint/aidl/default/android.hardware.keymint@1.0-service.xml @@ -1,6 +1,6 @@ - android.hardware.security.keymint + android.hardware.keymint IKeyMintDevice/default diff --git a/security/keymint/aidl/default/service.cpp b/keymint/aidl/default/service.cpp similarity index 68% rename from security/keymint/aidl/default/service.cpp rename to keymint/aidl/default/service.cpp index a710535fac..ca5555e633 100644 --- a/security/keymint/aidl/default/service.cpp +++ b/keymint/aidl/default/service.cpp @@ -14,30 +14,30 @@ * limitations under the License. */ -#define LOG_TAG "android.hardware.security.keymint-service" +#define LOG_TAG "android.hardware.keymint1-service" #include #include #include -#include +#include #include -using aidl::android::hardware::security::keymint::AndroidKeyMintDevice; -using aidl::android::hardware::security::keymint::SecurityLevel; +using aidl::android::hardware::keymint::SecurityLevel; +using aidl::android::hardware::keymint::V1_0::AndroidKeyMint1Device; int main() { // Zero threads seems like a useless pool, but below we'll join this thread to it, increasing // the pool size to 1. ABinderProcess_setThreadPoolMaxThreadCount(0); - std::shared_ptr keyMint = - ndk::SharedRefBase::make(SecurityLevel::SOFTWARE); + std::shared_ptr km5 = + ndk::SharedRefBase::make(SecurityLevel::SOFTWARE); keymaster::SoftKeymasterLogger logger; - const auto instanceName = std::string(AndroidKeyMintDevice::descriptor) + "/default"; + const auto instanceName = std::string(AndroidKeyMint1Device::descriptor) + "/default"; LOG(INFO) << "instance: " << instanceName; binder_status_t status = - AServiceManager_addService(keyMint->asBinder().get(), instanceName.c_str()); + AServiceManager_addService(km5->asBinder().get(), instanceName.c_str()); CHECK(status == STATUS_OK); ABinderProcess_joinThreadPool(); diff --git a/security/keymint/aidl/vts/functional/Android.bp b/keymint/aidl/vts/functional/Android.bp similarity index 77% rename from security/keymint/aidl/vts/functional/Android.bp rename to keymint/aidl/vts/functional/Android.bp index ef7adb10a6..9ee8239455 100644 --- a/security/keymint/aidl/vts/functional/Android.bp +++ b/keymint/aidl/vts/functional/Android.bp @@ -15,25 +15,25 @@ // cc_test { - name: "VtsAidlKeyMintTargetTest", + name: "VtsAidlKeyMintV1_0TargetTest", defaults: [ "VtsHalTargetTestDefaults", "use_libaidlvintf_gtest_helper_static", ], srcs: [ - "KeyMintTest.cpp", + "keyMint1Test.cpp", "VerificationTokenTest.cpp", ], shared_libs: [ "libbinder", "libcrypto", - "libkeymint", - "libkeymint_support", + "libkeymint1", + "libkeymintSupport", ], static_libs: [ - "android.hardware.security.keymint-cpp", - "libcppbor_external", - "libkeymint_vts_test_utils", + "android.hardware.keymint-cpp", + "libcppbor", + "libkeyMint1VtsTestUtil", ], test_suites: [ "general-tests", @@ -42,7 +42,7 @@ cc_test { } cc_test_library { - name: "libkeymint_vts_test_utils", + name: "libkeyMint1VtsTestUtil", defaults: [ "VtsHalTargetTestDefaults", "use_libaidlvintf_gtest_helper_static", @@ -56,11 +56,11 @@ cc_test_library { shared_libs: [ "libbinder", "libcrypto", - "libkeymint", - "libkeymint_support", + "libkeymint1", + "libkeymintSupport", ], static_libs: [ - "android.hardware.security.keymint-cpp", + "android.hardware.keymint-cpp", "libcppbor", ], } diff --git a/security/keymint/aidl/vts/functional/AndroidTest.xml b/keymint/aidl/vts/functional/AndroidTest.xml similarity index 100% rename from security/keymint/aidl/vts/functional/AndroidTest.xml rename to keymint/aidl/vts/functional/AndroidTest.xml diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp similarity index 99% rename from security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp rename to keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index ea3a329573..05461492be 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -21,10 +21,12 @@ #include -#include -#include +#include +#include -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { +namespace keymint { using namespace std::literals::chrono_literals; using std::endl; @@ -749,5 +751,6 @@ vector KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) { } } // namespace test - -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/keymint/aidl/vts/functional/KeyMintAidlTestBase.h similarity index 96% rename from security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h rename to keymint/aidl/vts/functional/KeyMintAidlTestBase.h index 76effcff31..2948c41eae 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +++ b/keymint/aidl/vts/functional/KeyMintAidlTestBase.h @@ -21,15 +21,18 @@ #include #include -#include -#include +#include +#include #include #include #include -#include +#include -namespace android::hardware::security::keymint::test { +namespace android { +namespace hardware { +namespace keymint { +namespace test { using ::android::sp; using binder::Status; @@ -186,6 +189,9 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam { testing::ValuesIn(KeyMintAidlTestBase::build_params()), \ android::PrintInstanceNameToString) -} // namespace android::hardware::security::keymint::test +} // namespace test +} // namespace keymint +} // namespace hardware +} // namespace android #endif // VTS_KEYMINT_AIDL_TEST_UTILS_H diff --git a/security/keymint/aidl/vts/functional/VerificationTokenTest.cpp b/keymint/aidl/vts/functional/VerificationTokenTest.cpp similarity index 97% rename from security/keymint/aidl/vts/functional/VerificationTokenTest.cpp rename to keymint/aidl/vts/functional/VerificationTokenTest.cpp index 6d3a34e7a6..bd0942ba10 100644 --- a/security/keymint/aidl/vts/functional/VerificationTokenTest.cpp +++ b/keymint/aidl/vts/functional/VerificationTokenTest.cpp @@ -16,7 +16,10 @@ #include "KeyMintAidlTestBase.h" -namespace android::hardware::security::keymint::test { +namespace android { +namespace hardware { +namespace keymint { +namespace test { class VerificationTokenTest : public KeyMintAidlTestBase { protected: @@ -165,4 +168,7 @@ TEST_P(VerificationTokenTest, MacChangesOnChangingTimestamp) { INSTANTIATE_KEYMINT_AIDL_TEST(VerificationTokenTest); -} // namespace android::hardware::security::keymint::test +} // namespace test +} // namespace keymint +} // namespace hardware +} // namespace android diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/keymint/aidl/vts/functional/keyMint1Test.cpp similarity index 99% rename from security/keymint/aidl/vts/functional/KeyMintTest.cpp rename to keymint/aidl/vts/functional/keyMint1Test.cpp index f9423a24a3..c2fa2f8588 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/keymint/aidl/vts/functional/keyMint1Test.cpp @@ -26,32 +26,36 @@ #include -#include +#include -#include -#include -#include +#include +#include +#include #include "KeyMintAidlTestBase.h" static bool arm_deleteAllKeys = false; static bool dump_Attestations = false; -using android::hardware::security::keymint::AuthorizationSet; -using android::hardware::security::keymint::KeyCharacteristics; -using android::hardware::security::keymint::KeyFormat; +using android::hardware::keymint::AuthorizationSet; +using android::hardware::keymint::KeyCharacteristics; +using android::hardware::keymint::KeyFormat; -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { + +namespace keymint { bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) { return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin()); } - -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android namespace std { -using namespace android::hardware::security::keymint; +using namespace android::hardware::keymint; template <> struct std::equal_to { @@ -73,8 +77,10 @@ struct std::equal_to { } // namespace std -namespace android::hardware::security::keymint::test { - +namespace android { +namespace hardware { +namespace keymint { +namespace test { namespace { template @@ -4040,7 +4046,10 @@ TEST_P(TransportLimitTest, LargeFinishInput) { INSTANTIATE_KEYMINT_AIDL_TEST(TransportLimitTest); -} // namespace android::hardware::security::keymint::test +} // namespace test +} // namespace keymint +} // namespace hardware +} // namespace android int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); @@ -4054,5 +4063,7 @@ int main(int argc, char** argv) { } } } - return RUN_ALL_TESTS(); + int status = RUN_ALL_TESTS(); + ALOGI("Test result = %d", status); + return status; } diff --git a/security/keymint/support/Android.bp b/keymint/support/Android.bp similarity index 92% rename from security/keymint/support/Android.bp rename to keymint/support/Android.bp index ddac92fc6b..432416e006 100644 --- a/security/keymint/support/Android.bp +++ b/keymint/support/Android.bp @@ -15,7 +15,7 @@ // cc_library { - name: "libkeymint_support", + name: "libkeymintSupport", cflags: [ "-Wall", "-Wextra", @@ -31,7 +31,7 @@ cc_library { "include", ], shared_libs: [ - "android.hardware.security.keymint-cpp", + "android.hardware.keymint-cpp", "libbase", "libcrypto", "libutils", diff --git a/security/keymint/support/OWNERS b/keymint/support/OWNERS similarity index 100% rename from security/keymint/support/OWNERS rename to keymint/support/OWNERS diff --git a/security/keymint/support/attestation_record.cpp b/keymint/support/attestation_record.cpp similarity index 97% rename from security/keymint/support/attestation_record.cpp rename to keymint/support/attestation_record.cpp index afdb208221..e5659746fe 100644 --- a/security/keymint/support/attestation_record.cpp +++ b/keymint/support/attestation_record.cpp @@ -14,26 +14,27 @@ * limitations under the License. */ -#include +#include -#include +#include +#include #include +#include #include #include #include #include -#include -#include - -#include -#include +#include +#include #define AT __FILE__ ":" << __LINE__ -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { +namespace keymint { struct stack_st_ASN1_TYPE_Delete { void operator()(stack_st_ASN1_TYPE* p) { sk_ASN1_TYPE_free(p); } @@ -381,4 +382,6 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc return ErrorCode::OK; // KM_ERROR_OK; } -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android diff --git a/security/keymint/support/authorization_set.cpp b/keymint/support/authorization_set.cpp similarity index 93% rename from security/keymint/support/authorization_set.cpp rename to keymint/support/authorization_set.cpp index aa9638f256..9fc4e13727 100644 --- a/security/keymint/support/authorization_set.cpp +++ b/keymint/support/authorization_set.cpp @@ -14,21 +14,23 @@ * limitations under the License. */ -#include +#include #include -#include #include +#include -#include -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include +#include -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { +namespace keymint { void AuthorizationSet::Sort() { std::sort(data_.begin(), data_.end()); @@ -218,11 +220,10 @@ struct choose_serializer<> { }; template -struct choose_serializer, Tail...> { +struct choose_serializer, Tail...> { static OutStreams& serialize(OutStreams& out, const KeyParameter& param) { if (param.tag == tag) { - return android::hardware::security::keymint::serialize(TypedTag(), out, - param); + return android::hardware::keymint::serialize(TypedTag(), out, param); } else { return choose_serializer::serialize(out, param); } @@ -328,8 +329,7 @@ template struct choose_deserializer, Tail...> { static InStreams& deserialize(InStreams& in, KeyParameter* param) { if (param->tag == tag) { - return android::hardware::security::keymint::deserialize(TypedTag(), in, - param); + return android::hardware::keymint::deserialize(TypedTag(), in, param); } else { return choose_deserializer::deserialize(in, param); } @@ -501,14 +501,15 @@ AuthorizationSetBuilder& AuthorizationSetBuilder::GcmModeMacLen(uint32_t macLeng } AuthorizationSetBuilder& AuthorizationSetBuilder::BlockMode( - std::initializer_list blockModes) { + std::initializer_list blockModes) { for (auto mode : blockModes) { push_back(TAG_BLOCK_MODE, mode); } return *this; } -AuthorizationSetBuilder& AuthorizationSetBuilder::Digest(std::vector digests) { +AuthorizationSetBuilder& AuthorizationSetBuilder::Digest( + std::vector digests) { for (auto digest : digests) { push_back(TAG_DIGEST, digest); } @@ -523,4 +524,6 @@ AuthorizationSetBuilder& AuthorizationSetBuilder::Padding( return *this; } -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android diff --git a/security/keymint/support/include/keymint_support/attestation_record.h b/keymint/support/include/keymintSupport/attestation_record.h similarity index 84% rename from security/keymint/support/include/keymint_support/attestation_record.h rename to keymint/support/include/keymintSupport/attestation_record.h index d71624c978..7a69789423 100644 --- a/security/keymint/support/include/keymint_support/attestation_record.h +++ b/keymint/support/include/keymintSupport/attestation_record.h @@ -16,14 +16,20 @@ #pragma once -#include -#include +#include +#include -#include -#include -#include +#include +#include +#include -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { +namespace keymint { + +using android::hardware::keymint::KeyParameter; +using android::hardware::keymint::Tag; +using android::hardware::keymint::TAG_ALGORITHM; class AuthorizationSet; @@ -84,4 +90,6 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc keymint_verified_boot_t* verified_boot_state, bool* device_locked, std::vector* verified_boot_hash); -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android diff --git a/security/keymint/support/include/keymint_support/authorization_set.h b/keymint/support/include/keymintSupport/authorization_set.h similarity index 95% rename from security/keymint/support/include/keymint_support/authorization_set.h rename to keymint/support/include/keymintSupport/authorization_set.h index 97e10224d3..141426a7a2 100644 --- a/security/keymint/support/include/keymint_support/authorization_set.h +++ b/keymint/support/include/keymintSupport/authorization_set.h @@ -19,14 +19,21 @@ #include -#include -#include -#include -#include +#include +#include +#include +#include -#include +#include -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { +namespace keymint { + +using android::hardware::keymint::BlockMode; +using android::hardware::keymint::Digest; +using android::hardware::keymint::EcCurve; +using android::hardware::keymint::PaddingMode; using std::vector; @@ -315,6 +322,8 @@ class AuthorizationSetBuilder : public AuthorizationSet { } }; -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android #endif // SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_ diff --git a/security/keymint/support/include/keymint_support/key_param_output.h b/keymint/support/include/keymintSupport/key_param_output.h similarity index 72% rename from security/keymint/support/include/keymint_support/key_param_output.h rename to keymint/support/include/keymintSupport/key_param_output.h index 82c9689329..a35a9816a9 100644 --- a/security/keymint/support/include/keymint_support/key_param_output.h +++ b/keymint/support/include/keymintSupport/key_param_output.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2020 The Android Open Source Project + * Copyright (C) 2017 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,24 +20,28 @@ #include #include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - #include "keymint_tags.h" -namespace android::hardware::security::keymint { +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +namespace android { +namespace hardware { +namespace keymint { + +using namespace ::android::hardware::keymint; inline ::std::ostream& operator<<(::std::ostream& os, Algorithm value) { return os << toString(value); @@ -97,6 +101,8 @@ inline ::std::ostream& operator<<(::std::ostream& os, Tag tag) { return os << toString(tag); } -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android #endif // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_ diff --git a/security/keymint/support/include/keymint_support/keymint_tags.h b/keymint/support/include/keymintSupport/keymint_tags.h similarity index 81% rename from security/keymint/support/include/keymint_support/keymint_tags.h rename to keymint/support/include/keymintSupport/keymint_tags.h index f23e4f2ce2..f1060a9e16 100644 --- a/security/keymint/support/include/keymint_support/keymint_tags.h +++ b/keymint/support/include/keymintSupport/keymint_tags.h @@ -17,20 +17,24 @@ #ifndef HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_ #define HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include -namespace android::hardware::security::keymint { +namespace android::hardware::keymint { + +using android::hardware::keymint::KeyParameter; +using android::hardware::keymint::Tag; +using android::hardware::keymint::TagType; // The following create the numeric values that KM_TAG_PADDING and KM_TAG_DIGEST used to have. We // need these old values to be able to support old keys that use them. @@ -333,6 +337,78 @@ inline NullOr>::type&> return accessTagValue(ttag, param); } -} // namespace android::hardware::security::keymint +} // namespace android::hardware::keymint + +namespace std { + +using namespace android::hardware::keymint; + +// Aidl generates KeyParameter operator<, >, ==, != for cpp translation but not ndk +// translations. So we cannot straight forward overload these operators. +// However we need our custom comparison for KeyParameters. So we will +// overload std::less, equal_to instead. +template <> +struct std::less { + bool operator()(const KeyParameter& a, const KeyParameter& b) const { + if (a.tag != b.tag) return a.tag < b.tag; + int retval; + switch (typeFromTag(a.tag)) { + case TagType::INVALID: + case TagType::BOOL: + return false; + case TagType::ENUM: + case TagType::ENUM_REP: + case TagType::UINT: + case TagType::UINT_REP: + return a.integer < b.integer; + case TagType::ULONG: + case TagType::ULONG_REP: + case TagType::DATE: + return a.longInteger < b.longInteger; + case TagType::BIGNUM: + case TagType::BYTES: + // Handle the empty cases. + if (a.blob.size() == 0) return b.blob.size() != 0; + if (b.blob.size() == 0) return false; + retval = memcmp(&a.blob[0], &b.blob[0], std::min(a.blob.size(), b.blob.size())); + // if one is the prefix of the other the longer wins + if (retval == 0) return a.blob.size() < b.blob.size(); + // Otherwise a is less if a is less. + else + return retval < 0; + } + return false; + } +}; + +template <> +struct std::equal_to { + bool operator()(const KeyParameter& a, const KeyParameter& b) const { + if (a.tag != b.tag) { + return false; + } + switch (typeFromTag(a.tag)) { + case TagType::INVALID: + case TagType::BOOL: + return true; + case TagType::ENUM: + case TagType::ENUM_REP: + case TagType::UINT: + case TagType::UINT_REP: + return a.integer == b.integer; + case TagType::ULONG: + case TagType::ULONG_REP: + case TagType::DATE: + return a.longInteger == b.longInteger; + case TagType::BIGNUM: + case TagType::BYTES: + if (a.blob.size() != b.blob.size()) return false; + return a.blob.size() == 0 || memcmp(&a.blob[0], &b.blob[0], a.blob.size()) == 0; + } + return false; + } +}; + +} // namespace std #endif // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_ diff --git a/security/keymint/support/include/keymint_support/keymint_utils.h b/keymint/support/include/keymintSupport/keymint_utils.h similarity index 88% rename from security/keymint/support/include/keymint_support/keymint_utils.h rename to keymint/support/include/keymintSupport/keymint_utils.h index fda1b6c9b2..aa1e93b3c5 100644 --- a/security/keymint/support/include/keymint_support/keymint_utils.h +++ b/keymint/support/include/keymintSupport/keymint_utils.h @@ -19,9 +19,11 @@ #ifndef HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_ #define HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_ -#include +#include -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { +namespace keymint { using std::vector; @@ -42,6 +44,8 @@ vector authToken2vector(const HardwareAuthToken& token); uint32_t getOsVersion(); uint32_t getOsPatchlevel(); -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android #endif // HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_ diff --git a/security/keymint/support/include/keymint_support/openssl_utils.h b/keymint/support/include/keymintSupport/openssl_utils.h similarity index 75% rename from security/keymint/support/include/keymint_support/openssl_utils.h rename to keymint/support/include/keymintSupport/openssl_utils.h index cb099680d4..39633edaaa 100644 --- a/security/keymint/support/include/keymint_support/openssl_utils.h +++ b/keymint/support/include/keymintSupport/openssl_utils.h @@ -17,13 +17,11 @@ #ifndef HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_ #define HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_ -#include +#include #include #include -namespace android::hardware::security::keymint { - template struct UniquePtrDeleter { void operator()(T* p) const { F(p); } @@ -42,26 +40,24 @@ MAKE_OPENSSL_PTR_TYPE(BN_CTX) typedef std::unique_ptr> BIGNUM_Ptr; -inline const EVP_MD* openssl_digest(Digest digest) { +inline const EVP_MD* openssl_digest(android::hardware::keymint::Digest digest) { switch (digest) { - case Digest::NONE: + case android::hardware::keymint::Digest::NONE: return nullptr; - case Digest::MD5: + case android::hardware::keymint::Digest::MD5: return EVP_md5(); - case Digest::SHA1: + case android::hardware::keymint::Digest::SHA1: return EVP_sha1(); - case Digest::SHA_2_224: + case android::hardware::keymint::Digest::SHA_2_224: return EVP_sha224(); - case Digest::SHA_2_256: + case android::hardware::keymint::Digest::SHA_2_256: return EVP_sha256(); - case Digest::SHA_2_384: + case android::hardware::keymint::Digest::SHA_2_384: return EVP_sha384(); - case Digest::SHA_2_512: + case android::hardware::keymint::Digest::SHA_2_512: return EVP_sha512(); } return nullptr; } -} // namespace android::hardware::security::keymint - #endif // HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_ diff --git a/security/keymint/support/key_param_output.cpp b/keymint/support/key_param_output.cpp similarity index 90% rename from security/keymint/support/key_param_output.cpp rename to keymint/support/key_param_output.cpp index b699b2289e..6e33558d58 100644 --- a/security/keymint/support/key_param_output.cpp +++ b/keymint/support/key_param_output.cpp @@ -14,13 +14,15 @@ * limitations under the License. */ -#include +#include + +#include #include -#include - -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { +namespace keymint { using ::std::endl; using ::std::ostream; @@ -69,4 +71,6 @@ ostream& operator<<(ostream& os, const KeyParameter& param) { return os << "UNKNOWN TAG TYPE!"; } -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android diff --git a/security/keymint/support/keymint_utils.cpp b/keymint/support/keymint_utils.cpp similarity index 96% rename from security/keymint/support/keymint_utils.cpp rename to keymint/support/keymint_utils.cpp index cd4cca222a..fd57cf5af9 100644 --- a/security/keymint/support/keymint_utils.cpp +++ b/keymint/support/keymint_utils.cpp @@ -18,11 +18,11 @@ #include #include -#include +#include #include -namespace android::hardware::security::keymint { +namespace android::hardware::keymint { namespace { @@ -111,4 +111,4 @@ uint32_t getOsPatchlevel() { return getOsPatchlevel(patchlevel.c_str()); } -} // namespace android::hardware::security::keymint +} // namespace android::hardware::keymint diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl deleted file mode 100644 index 3d08cfef08..0000000000 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl +++ /dev/null @@ -1,33 +0,0 @@ -/////////////////////////////////////////////////////////////////////////////// -// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // -/////////////////////////////////////////////////////////////////////////////// - -// This file is a snapshot of an AIDL interface (or parcelable). Do not try to -// edit this file. It looks like you are doing that because you have modified -// an AIDL interface in a backward-incompatible way, e.g., deleting a function -// from an interface or a field from a parcelable and it broke the build. That -// breakage is intended. -// -// You must not make a backward incompatible changes to the AIDL files built -// with the aidl_interface module type with versions property set. The module -// type is used to build AIDL files in a way that they can be used across -// independently updatable components of the system. If a device is shipped -// with such a backward incompatible change, it has a high risk of breaking -// later when a module using the interface is updated, e.g., Mainline modules. - -package android.hardware.security.keymint; -@VintfStability -interface IKeyMintDevice { - android.hardware.security.keymint.KeyMintHardwareInfo getHardwareInfo(); - android.hardware.security.keymint.VerificationToken verifyAuthorization(in long challenge, in android.hardware.security.keymint.HardwareAuthToken token); - void addRngEntropy(in byte[] data); - void generateKey(in android.hardware.security.keymint.KeyParameter[] keyParams, out android.hardware.security.keymint.ByteArray generatedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics generatedKeyCharacteristics, out android.hardware.security.keymint.Certificate[] outCertChain); - void importKey(in android.hardware.security.keymint.KeyParameter[] inKeyParams, in android.hardware.security.keymint.KeyFormat inKeyFormat, in byte[] inKeyData, out android.hardware.security.keymint.ByteArray outImportedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics outImportedKeyCharacteristics, out android.hardware.security.keymint.Certificate[] outCertChain); - void importWrappedKey(in byte[] inWrappedKeyData, in byte[] inWrappingKeyBlob, in byte[] inMaskingKey, in android.hardware.security.keymint.KeyParameter[] inUnwrappingParams, in long inPasswordSid, in long inBiometricSid, out android.hardware.security.keymint.ByteArray outImportedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics outImportedKeyCharacteristics); - byte[] upgradeKey(in byte[] inKeyBlobToUpgrade, in android.hardware.security.keymint.KeyParameter[] inUpgradeParams); - void deleteKey(in byte[] inKeyBlob); - void deleteAllKeys(); - void destroyAttestationIds(); - android.hardware.security.keymint.BeginResult begin(in android.hardware.security.keymint.KeyPurpose inPurpose, in byte[] inKeyBlob, in android.hardware.security.keymint.KeyParameter[] inParams, in android.hardware.security.keymint.HardwareAuthToken inAuthToken); - const int AUTH_TOKEN_MAC_LENGTH = 32; -} diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl deleted file mode 100644 index 8e3b0fcf9b..0000000000 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl +++ /dev/null @@ -1,24 +0,0 @@ -/////////////////////////////////////////////////////////////////////////////// -// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // -/////////////////////////////////////////////////////////////////////////////// - -// This file is a snapshot of an AIDL interface (or parcelable). Do not try to -// edit this file. It looks like you are doing that because you have modified -// an AIDL interface in a backward-incompatible way, e.g., deleting a function -// from an interface or a field from a parcelable and it broke the build. That -// breakage is intended. -// -// You must not make a backward incompatible changes to the AIDL files built -// with the aidl_interface module type with versions property set. The module -// type is used to build AIDL files in a way that they can be used across -// independently updatable components of the system. If a device is shipped -// with such a backward incompatible change, it has a high risk of breaking -// later when a module using the interface is updated, e.g., Mainline modules. - -package android.hardware.security.keymint; -@VintfStability -interface IKeyMintOperation { - int update(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.security.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams, out @nullable android.hardware.security.keymint.ByteArray output); - byte[] finish(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams); - void abort(); -} diff --git a/security/keymint/aidl/default/android.hardware.security.keymint-service.rc b/security/keymint/aidl/default/android.hardware.security.keymint-service.rc deleted file mode 100644 index 0c3a6e15a6..0000000000 --- a/security/keymint/aidl/default/android.hardware.security.keymint-service.rc +++ /dev/null @@ -1,3 +0,0 @@ -service vendor.keymint-default /vendor/bin/hw/android.hardware.security.keymint-service - class early_hal - user nobody