Various fixes for async keystore. am: 2ecd6597f3

am: 2116843b17 Change-Id: Ibe2d442ac198a084199b980fe3a0425778e0d341
2026-02-01 21:37:44 +00:00 · 2018-11-08 15:38:56 -08:00
parent c6ef74f43a 2116843b17
commit 5acd9002ab
4 changed files with 38 additions and 10 deletions
--- a/keymaster/4.0/support/authorization_set.cpp
+++ b/keymaster/4.0/support/authorization_set.cpp
@@ -18,6 +18,8 @@

 #include <assert.h>

+#include <android-base/logging.h>
+
 namespace android {
 namespace hardware {
 namespace keymaster {
@@ -97,10 +99,10 @@ void AuthorizationSet::Deduplicate() {
        if (prev->tag == Tag::INVALID) continue;

        if (!keyParamEqual(*prev, *curr)) {
-            result.emplace_back(std::move(*prev));
+            result.push_back(std::move(*prev));
        }
    }
-    result.emplace_back(std::move(*prev));
+    result.push_back(std::move(*prev));

    std::swap(data_, result);
 }
@@ -127,6 +129,16 @@ void AuthorizationSet::Subtract(const AuthorizationSet& other) {
    }
 }

+void AuthorizationSet::Filter(std::function<bool(const KeyParameter&)> doKeep) {
+    std::vector<KeyParameter> result;
+    for (auto& param : data_) {
+        if (doKeep(param)) {
+            result.push_back(std::move(param));
+        }
+    }
+    std::swap(data_, result);
+}
+
 KeyParameter& AuthorizationSet::operator[](int at) {
    return data_[at];
 }
@@ -248,7 +260,12 @@ struct choose_serializer<MetaList<Tags...>> {

 template <>
 struct choose_serializer<> {
-    static OutStreams& serialize(OutStreams& out, const KeyParameter&) { return out; }
+    static OutStreams& serialize(OutStreams& out, const KeyParameter& param) {
+        LOG(FATAL) << "Trying to serialize unknown tag " << unsigned(param.tag)
+                   << ". Did you forget to add it to all_tags_t?";
+        abort();
+        return out;
+    }
 };

 template <TagType tag_type, Tag tag, typename... Tail>
--- a/keymaster/4.0/support/include/keymasterV4_0/Keymaster.h
+++ b/keymaster/4.0/support/include/keymasterV4_0/Keymaster.h
@@ -20,6 +20,9 @@

 #include <android/hardware/keymaster/4.0/IKeymasterDevice.h>

+#include <memory>
+#include <vector>
+
 namespace android {
 namespace hardware {
 namespace keymaster {
--- a/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h
+++ b/keymaster/4.0/support/include/keymasterV4_0/authorization_set.h
@@ -141,6 +141,11 @@ class AuthorizationSet {
     */
    std::vector<KeyParameter>::const_iterator end() const { return data_.end(); }

+    /**
+     * Modifies this Authorization set such that it only keeps the entries for which doKeep
+     * returns true.
+     */
+    void Filter(std::function<bool(const KeyParameter&)> doKeep);
    /**
     * Returns the nth element of the set.
     * Like for std::vector::operator[] there is no range check performed. Use of out of range
@@ -209,7 +214,7 @@ class AuthorizationSet {
        }
    }

-    hidl_vec<KeyParameter> hidl_data() const {
+    const hidl_vec<KeyParameter> hidl_data() const {
        hidl_vec<KeyParameter> result;
        result.setToExternal(const_cast<KeyParameter*>(data()), size());
        return result;
--- a/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h
+++ b/keymaster/4.0/support/include/keymasterV4_0/keymaster_tags.h
@@ -122,6 +122,7 @@ DECLARE_TYPED_TAG(CONFIRMATION_TOKEN);
 DECLARE_TYPED_TAG(CREATION_DATETIME);
 DECLARE_TYPED_TAG(DIGEST);
 DECLARE_TYPED_TAG(EC_CURVE);
+DECLARE_TYPED_TAG(HARDWARE_TYPE);
 DECLARE_TYPED_TAG(INCLUDE_UNIQUE_ID);
 DECLARE_TYPED_TAG(INVALID);
 DECLARE_TYPED_TAG(KEY_SIZE);
@@ -162,12 +163,13 @@ using all_tags_t =
             TAG_USER_SECURE_ID_t, TAG_NO_AUTH_REQUIRED_t, TAG_AUTH_TIMEOUT_t,
             TAG_ALLOW_WHILE_ON_BODY_t, TAG_UNLOCKED_DEVICE_REQUIRED_t, TAG_APPLICATION_ID_t,
             TAG_APPLICATION_DATA_t, TAG_CREATION_DATETIME_t, TAG_ROLLBACK_RESISTANCE_t,
-             TAG_ROOT_OF_TRUST_t, TAG_ASSOCIATED_DATA_t, TAG_NONCE_t, TAG_BOOTLOADER_ONLY_t,
-             TAG_OS_VERSION_t, TAG_OS_PATCHLEVEL_t, TAG_UNIQUE_ID_t, TAG_ATTESTATION_CHALLENGE_t,
-             TAG_ATTESTATION_APPLICATION_ID_t, TAG_RESET_SINCE_ID_ROTATION_t, TAG_PURPOSE_t,
-             TAG_ALGORITHM_t, TAG_BLOCK_MODE_t, TAG_DIGEST_t, TAG_PADDING_t,
-             TAG_BLOB_USAGE_REQUIREMENTS_t, TAG_ORIGIN_t, TAG_USER_AUTH_TYPE_t, TAG_EC_CURVE_t,
-             TAG_BOOT_PATCHLEVEL_t, TAG_VENDOR_PATCHLEVEL_t, TAG_TRUSTED_USER_PRESENCE_REQUIRED_t>;
+             TAG_HARDWARE_TYPE_t, TAG_ROOT_OF_TRUST_t, TAG_ASSOCIATED_DATA_t, TAG_NONCE_t,
+             TAG_BOOTLOADER_ONLY_t, TAG_OS_VERSION_t, TAG_OS_PATCHLEVEL_t, TAG_UNIQUE_ID_t,
+             TAG_ATTESTATION_CHALLENGE_t, TAG_ATTESTATION_APPLICATION_ID_t,
+             TAG_RESET_SINCE_ID_ROTATION_t, TAG_PURPOSE_t, TAG_ALGORITHM_t, TAG_BLOCK_MODE_t,
+             TAG_DIGEST_t, TAG_PADDING_t, TAG_BLOB_USAGE_REQUIREMENTS_t, TAG_ORIGIN_t,
+             TAG_USER_AUTH_TYPE_t, TAG_EC_CURVE_t, TAG_BOOT_PATCHLEVEL_t, TAG_VENDOR_PATCHLEVEL_t,
+             TAG_TRUSTED_CONFIRMATION_REQUIRED_t, TAG_TRUSTED_USER_PRESENCE_REQUIRED_t>;

 template <typename TypedTagType>
 struct TypedTag2ValueType;
@@ -220,6 +222,7 @@ MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_ORIGIN, f.origin)
 MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_PADDING, f.paddingMode)
 MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_PURPOSE, f.purpose)
 MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_USER_AUTH_TYPE, f.hardwareAuthenticatorType)
+MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_HARDWARE_TYPE, f.hardwareType)

 template <TagType tag_type, Tag tag, typename ValueT>
 inline KeyParameter makeKeyParameter(TypedTag<tag_type, tag> ttag, ValueT&& value) {