From 1ffcdebadd7229af65c575dc1271084b17fe42d7 Mon Sep 17 00:00:00 2001 From: Orion Hodson Date: Fri, 11 Dec 2020 10:45:43 +0000 Subject: [PATCH] Revert "Move keymint to android.hardware.security." Revert "Keystore 2.0 SPI: Move keymint spec to security namespace." Revert "Keystore 2.0: Move keymint spec to security namespace." Revert "Keystore 2.0: Move keymint spec to security namespace." Revert "Move keymint to android.hardware.security." Revert "Configure CF to start KeyMint service by default." Revert "Move keymint to android.hardware.security." Revert "Move keymint to android.hardware.security." Revert submission 1522123-move_keymint Reason for revert: Build breakage Bug: 175345910 Bug: 171429297 Reverted Changes: Ief0e9884a:Keystore 2.0: Move keymint spec to security namesp... Idb54e8846:Keystore 2.0: Move keymint spec to security namesp... I9f70db0e4:Remove references to keymint1 I2b4ce3349:Keystore 2.0 SPI: Move keymint spec to security na... I2498073aa:Move keymint to android.hardware.security. I098711e7d:Move keymint to android.hardware.security. I3ec8d70fe:Configure CF to start KeyMint service by default. Icbb373c50:Move keymint to android.hardware.security. I86bccf40e:Move keymint to android.hardware.security. Change-Id: I160cae568ed6b15698bd0af0b19c6c949528762d --- .../compatibility_matrix.current.xml | 2 +- {security/keymint => keymint}/aidl/Android.bp | 4 +- {security/keymint => keymint}/aidl/OWNERS | 0 .../android/hardware}/keymint/Algorithm.aidl | 2 +- .../hardware}/keymint/BeginResult.aidl | 6 +- .../android/hardware}/keymint/BlockMode.aidl | 2 +- .../android/hardware}/keymint/ByteArray.aidl | 2 +- .../hardware}/keymint/Certificate.aidl | 2 +- .../android/hardware}/keymint/Digest.aidl | 2 +- .../android/hardware}/keymint/EcCurve.aidl | 2 +- .../android/hardware}/keymint/ErrorCode.aidl | 2 +- .../hardware}/keymint/HardwareAuthToken.aidl | 6 +- .../keymint/HardwareAuthenticatorType.aidl | 2 +- .../hardware/keymint/IKeyMintDevice.aidl | 33 ++++++ .../hardware/keymint/IKeyMintOperation.aidl | 24 ++++ .../hardware}/keymint/KeyCharacteristics.aidl | 6 +- .../keymint/KeyDerivationFunction.aidl | 2 +- .../android/hardware}/keymint/KeyFormat.aidl | 2 +- .../keymint/KeyMintHardwareInfo.aidl | 4 +- .../android/hardware}/keymint/KeyOrigin.aidl | 2 +- .../hardware}/keymint/KeyParameter.aidl | 4 +- .../hardware}/keymint/KeyParameterArray.aidl | 4 +- .../android/hardware}/keymint/KeyPurpose.aidl | 2 +- .../hardware}/keymint/PaddingMode.aidl | 2 +- .../hardware}/keymint/SecurityLevel.aidl | 2 +- .../android/hardware}/keymint/Tag.aidl | 2 +- .../android/hardware}/keymint/TagType.aidl | 2 +- .../android/hardware}/keymint/Timestamp.aidl | 2 +- .../hardware}/keymint/VerificationToken.aidl | 6 +- .../android/hardware}/keymint/Algorithm.aidl | 3 +- .../hardware}/keymint/BeginResult.aidl | 8 +- .../android/hardware}/keymint/BlockMode.aidl | 3 +- .../android/hardware}/keymint/ByteArray.aidl | 3 +- .../hardware}/keymint/Certificate.aidl | 2 +- .../android/hardware}/keymint/Digest.aidl | 3 +- .../android/hardware}/keymint/EcCurve.aidl | 3 +- .../android/hardware}/keymint/ErrorCode.aidl | 3 +- .../hardware}/keymint/HardwareAuthToken.aidl | 7 +- .../keymint/HardwareAuthenticatorType.aidl | 2 +- .../hardware}/keymint/IKeyMintDevice.aidl | 26 ++--- .../hardware}/keymint/IKeyMintOperation.aidl | 12 +- .../hardware}/keymint/KeyCharacteristics.aidl | 4 +- .../keymint/KeyDerivationFunction.aidl | 2 +- .../android/hardware}/keymint/KeyFormat.aidl | 3 +- .../keymint/KeyMintHardwareInfo.aidl | 6 +- .../android/hardware}/keymint/KeyOrigin.aidl | 3 +- .../hardware}/keymint/KeyParameter.aidl | 25 +++-- .../hardware}/keymint/KeyParameterArray.aidl | 4 +- .../android/hardware}/keymint/KeyPurpose.aidl | 2 +- .../hardware}/keymint/PaddingMode.aidl | 2 +- .../hardware}/keymint/SecurityLevel.aidl | 2 +- .../aidl/android/hardware}/keymint/Tag.aidl | 4 +- .../android/hardware}/keymint/TagType.aidl | 2 +- .../android/hardware}/keymint/Timestamp.aidl | 2 +- .../hardware}/keymint/VerificationToken.aidl | 13 ++- .../aidl/default/Android.bp | 12 +- .../android.hardware.keymint@1.0-service.rc | 3 + .../android.hardware.keymint@1.0-service.xml | 2 +- .../aidl/default/service.cpp | 16 +-- .../aidl/vts/functional/Android.bp | 22 ++-- .../aidl/vts/functional/AndroidTest.xml | 0 .../vts/functional/KeyMintAidlTestBase.cpp | 13 ++- .../aidl/vts/functional/KeyMintAidlTestBase.h | 16 ++- .../vts/functional/VerificationTokenTest.cpp | 10 +- .../aidl/vts/functional/keyMint1Test.cpp | 41 ++++--- .../keymint => keymint}/support/Android.bp | 4 +- {security/keymint => keymint}/support/OWNERS | 0 .../support/attestation_record.cpp | 21 ++-- .../support/authorization_set.cpp | 37 ++++--- .../keymintSupport}/attestation_record.h | 22 ++-- .../keymintSupport}/authorization_set.h | 23 ++-- .../keymintSupport}/key_param_output.h | 42 ++++--- .../include/keymintSupport}/keymint_tags.h | 104 +++++++++++++++--- .../include/keymintSupport}/keymint_utils.h | 10 +- .../include/keymintSupport}/openssl_utils.h | 22 ++-- .../support/key_param_output.cpp | 14 ++- .../support/keymint_utils.cpp | 6 +- .../security/keymint/IKeyMintDevice.aidl | 33 ------ .../security/keymint/IKeyMintOperation.aidl | 24 ---- ...droid.hardware.security.keymint-service.rc | 3 - 80 files changed, 468 insertions(+), 314 deletions(-) rename {security/keymint => keymint}/aidl/Android.bp (76%) rename {security/keymint => keymint}/aidl/OWNERS (100%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/Algorithm.aidl (96%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/BeginResult.aidl (86%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/BlockMode.aidl (96%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/ByteArray.aidl (96%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/Certificate.aidl (96%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/Digest.aidl (96%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/EcCurve.aidl (96%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/ErrorCode.aidl (98%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/HardwareAuthToken.aidl (86%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/HardwareAuthenticatorType.aidl (96%) create mode 100644 keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintDevice.aidl create mode 100644 keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintOperation.aidl rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/KeyCharacteristics.aidl (85%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/KeyDerivationFunction.aidl (96%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/KeyFormat.aidl (96%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/KeyMintHardwareInfo.aidl (91%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/KeyOrigin.aidl (96%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/KeyParameter.aidl (92%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/KeyParameterArray.aidl (91%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/KeyPurpose.aidl (96%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/PaddingMode.aidl (96%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/SecurityLevel.aidl (96%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/Tag.aidl (98%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/TagType.aidl (96%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/Timestamp.aidl (96%) rename {security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security => keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware}/keymint/VerificationToken.aidl (87%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/Algorithm.aidl (95%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/BeginResult.aidl (87%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/BlockMode.aidl (96%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/ByteArray.aidl (94%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/Certificate.aidl (95%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/Digest.aidl (95%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/EcCurve.aidl (94%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/ErrorCode.aidl (98%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/HardwareAuthToken.aidl (95%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/HardwareAuthenticatorType.aidl (96%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/IKeyMintDevice.aidl (98%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/IKeyMintOperation.aidl (97%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/KeyCharacteristics.aidl (94%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/KeyDerivationFunction.aidl (96%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/KeyFormat.aidl (95%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/KeyMintHardwareInfo.aidl (94%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/KeyOrigin.aidl (97%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/KeyParameter.aidl (70%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/KeyParameterArray.aidl (90%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/KeyPurpose.aidl (96%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/PaddingMode.aidl (96%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/SecurityLevel.aidl (95%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/Tag.aidl (99%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/TagType.aidl (97%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/Timestamp.aidl (96%) rename {security/keymint/aidl/android/hardware/security => keymint/aidl/android/hardware}/keymint/VerificationToken.aidl (79%) rename {security/keymint => keymint}/aidl/default/Android.bp (58%) create mode 100644 keymint/aidl/default/android.hardware.keymint@1.0-service.rc rename security/keymint/aidl/default/android.hardware.security.keymint-service.xml => keymint/aidl/default/android.hardware.keymint@1.0-service.xml (70%) rename {security/keymint => keymint}/aidl/default/service.cpp (68%) rename {security/keymint => keymint}/aidl/vts/functional/Android.bp (77%) rename {security/keymint => keymint}/aidl/vts/functional/AndroidTest.xml (100%) rename {security/keymint => keymint}/aidl/vts/functional/KeyMintAidlTestBase.cpp (99%) rename {security/keymint => keymint}/aidl/vts/functional/KeyMintAidlTestBase.h (96%) rename {security/keymint => keymint}/aidl/vts/functional/VerificationTokenTest.cpp (97%) rename security/keymint/aidl/vts/functional/KeyMintTest.cpp => keymint/aidl/vts/functional/keyMint1Test.cpp (99%) rename {security/keymint => keymint}/support/Android.bp (92%) rename {security/keymint => keymint}/support/OWNERS (100%) rename {security/keymint => keymint}/support/attestation_record.cpp (97%) rename {security/keymint => keymint}/support/authorization_set.cpp (93%) rename {security/keymint/support/include/keymint_support => keymint/support/include/keymintSupport}/attestation_record.h (84%) rename {security/keymint/support/include/keymint_support => keymint/support/include/keymintSupport}/authorization_set.h (95%) rename {security/keymint/support/include/keymint_support => keymint/support/include/keymintSupport}/key_param_output.h (72%) rename {security/keymint/support/include/keymint_support => keymint/support/include/keymintSupport}/keymint_tags.h (81%) rename {security/keymint/support/include/keymint_support => keymint/support/include/keymintSupport}/keymint_utils.h (88%) rename {security/keymint/support/include/keymint_support => keymint/support/include/keymintSupport}/openssl_utils.h (75%) rename {security/keymint => keymint}/support/key_param_output.cpp (90%) rename {security/keymint => keymint}/support/keymint_utils.cpp (96%) delete mode 100644 security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl delete mode 100644 security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl delete mode 100644 security/keymint/aidl/default/android.hardware.security.keymint-service.rc diff --git a/compatibility_matrices/compatibility_matrix.current.xml b/compatibility_matrices/compatibility_matrix.current.xml index e9df02f420..1957f8c794 100644 --- a/compatibility_matrices/compatibility_matrix.current.xml +++ b/compatibility_matrices/compatibility_matrix.current.xml @@ -299,7 +299,7 @@ - android.hardware.security.keymint + android.hardware.keymint IKeyMintDevice default diff --git a/security/keymint/aidl/Android.bp b/keymint/aidl/Android.bp similarity index 76% rename from security/keymint/aidl/Android.bp rename to keymint/aidl/Android.bp index b5adac9558..0dae527d40 100644 --- a/security/keymint/aidl/Android.bp +++ b/keymint/aidl/Android.bp @@ -1,8 +1,8 @@ aidl_interface { - name: "android.hardware.security.keymint", + name: "android.hardware.keymint", vendor_available: true, srcs: [ - "android/hardware/security/keymint/*.aidl", + "android/hardware/keymint/*.aidl", ], stability: "vintf", backend: { diff --git a/security/keymint/aidl/OWNERS b/keymint/aidl/OWNERS similarity index 100% rename from security/keymint/aidl/OWNERS rename to keymint/aidl/OWNERS diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Algorithm.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Algorithm.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Algorithm.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Algorithm.aidl index 46e0ae0f2f..f51a4128c8 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Algorithm.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Algorithm.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum Algorithm { RSA = 1, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BeginResult.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/BeginResult.aidl similarity index 86% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BeginResult.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/BeginResult.aidl index ed96485a0d..2f56be6721 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BeginResult.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/BeginResult.aidl @@ -15,10 +15,10 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable BeginResult { long challenge; - android.hardware.security.keymint.KeyParameter[] params; - android.hardware.security.keymint.IKeyMintOperation operation; + android.hardware.keymint.KeyParameter[] params; + android.hardware.keymint.IKeyMintOperation operation; } diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BlockMode.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/BlockMode.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BlockMode.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/BlockMode.aidl index dddc9d8d3c..94de930d6e 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/BlockMode.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/BlockMode.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum BlockMode { ECB = 1, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ByteArray.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/ByteArray.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ByteArray.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/ByteArray.aidl index 3d18a26cf7..2dc22a970d 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ByteArray.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/ByteArray.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable ByteArray { byte[] data; diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Certificate.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Certificate.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Certificate.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Certificate.aidl index 9e0f8dcff9..ca55054d72 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Certificate.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Certificate.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable Certificate { byte[] encodedCertificate; diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Digest.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Digest.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Digest.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Digest.aidl index 8fc4d428db..cc4d2fdffa 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Digest.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Digest.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum Digest { NONE = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/EcCurve.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/EcCurve.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/EcCurve.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/EcCurve.aidl index 7c3f2f38eb..4e446ad275 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/EcCurve.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/EcCurve.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum EcCurve { P_224 = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/ErrorCode.aidl similarity index 98% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/ErrorCode.aidl index cdcb08d5c7..2679243f34 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/ErrorCode.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/ErrorCode.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum ErrorCode { OK = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthToken.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/HardwareAuthToken.aidl similarity index 86% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthToken.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/HardwareAuthToken.aidl index 9ea24f5ebe..1f5f8e952e 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthToken.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/HardwareAuthToken.aidl @@ -15,13 +15,13 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable HardwareAuthToken { long challenge; long userId; long authenticatorId; - android.hardware.security.keymint.HardwareAuthenticatorType authenticatorType; - android.hardware.security.keymint.Timestamp timestamp; + android.hardware.keymint.HardwareAuthenticatorType authenticatorType; + android.hardware.keymint.Timestamp timestamp; byte[] mac; } diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthenticatorType.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/HardwareAuthenticatorType.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthenticatorType.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/HardwareAuthenticatorType.aidl index aef5ee049f..95ec5c5b45 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/HardwareAuthenticatorType.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/HardwareAuthenticatorType.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum HardwareAuthenticatorType { NONE = 0, diff --git a/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintDevice.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintDevice.aidl new file mode 100644 index 0000000000..1616622927 --- /dev/null +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintDevice.aidl @@ -0,0 +1,33 @@ +/////////////////////////////////////////////////////////////////////////////// +// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // +/////////////////////////////////////////////////////////////////////////////// + +// This file is a snapshot of an AIDL interface (or parcelable). Do not try to +// edit this file. It looks like you are doing that because you have modified +// an AIDL interface in a backward-incompatible way, e.g., deleting a function +// from an interface or a field from a parcelable and it broke the build. That +// breakage is intended. +// +// You must not make a backward incompatible changes to the AIDL files built +// with the aidl_interface module type with versions property set. The module +// type is used to build AIDL files in a way that they can be used across +// independently updatable components of the system. If a device is shipped +// with such a backward incompatible change, it has a high risk of breaking +// later when a module using the interface is updated, e.g., Mainline modules. + +package android.hardware.keymint; +@VintfStability +interface IKeyMintDevice { + android.hardware.keymint.KeyMintHardwareInfo getHardwareInfo(); + android.hardware.keymint.VerificationToken verifyAuthorization(in long challenge, in android.hardware.keymint.HardwareAuthToken token); + void addRngEntropy(in byte[] data); + void generateKey(in android.hardware.keymint.KeyParameter[] keyParams, out android.hardware.keymint.ByteArray generatedKeyBlob, out android.hardware.keymint.KeyCharacteristics generatedKeyCharacteristics, out android.hardware.keymint.Certificate[] outCertChain); + void importKey(in android.hardware.keymint.KeyParameter[] inKeyParams, in android.hardware.keymint.KeyFormat inKeyFormat, in byte[] inKeyData, out android.hardware.keymint.ByteArray outImportedKeyBlob, out android.hardware.keymint.KeyCharacteristics outImportedKeyCharacteristics, out android.hardware.keymint.Certificate[] outCertChain); + void importWrappedKey(in byte[] inWrappedKeyData, in byte[] inWrappingKeyBlob, in byte[] inMaskingKey, in android.hardware.keymint.KeyParameter[] inUnwrappingParams, in long inPasswordSid, in long inBiometricSid, out android.hardware.keymint.ByteArray outImportedKeyBlob, out android.hardware.keymint.KeyCharacteristics outImportedKeyCharacteristics); + byte[] upgradeKey(in byte[] inKeyBlobToUpgrade, in android.hardware.keymint.KeyParameter[] inUpgradeParams); + void deleteKey(in byte[] inKeyBlob); + void deleteAllKeys(); + void destroyAttestationIds(); + android.hardware.keymint.BeginResult begin(in android.hardware.keymint.KeyPurpose inPurpose, in byte[] inKeyBlob, in android.hardware.keymint.KeyParameter[] inParams, in android.hardware.keymint.HardwareAuthToken inAuthToken); + const int AUTH_TOKEN_MAC_LENGTH = 32; +} diff --git a/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintOperation.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintOperation.aidl new file mode 100644 index 0000000000..5327345596 --- /dev/null +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/IKeyMintOperation.aidl @@ -0,0 +1,24 @@ +/////////////////////////////////////////////////////////////////////////////// +// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // +/////////////////////////////////////////////////////////////////////////////// + +// This file is a snapshot of an AIDL interface (or parcelable). Do not try to +// edit this file. It looks like you are doing that because you have modified +// an AIDL interface in a backward-incompatible way, e.g., deleting a function +// from an interface or a field from a parcelable and it broke the build. That +// breakage is intended. +// +// You must not make a backward incompatible changes to the AIDL files built +// with the aidl_interface module type with versions property set. The module +// type is used to build AIDL files in a way that they can be used across +// independently updatable components of the system. If a device is shipped +// with such a backward incompatible change, it has a high risk of breaking +// later when a module using the interface is updated, e.g., Mainline modules. + +package android.hardware.keymint; +@VintfStability +interface IKeyMintOperation { + int update(in @nullable android.hardware.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.keymint.KeyParameterArray outParams, out @nullable android.hardware.keymint.ByteArray output); + byte[] finish(in @nullable android.hardware.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.keymint.HardwareAuthToken authToken, in @nullable android.hardware.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.keymint.KeyParameterArray outParams); + void abort(); +} diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyCharacteristics.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyCharacteristics.aidl similarity index 85% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyCharacteristics.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyCharacteristics.aidl index fb4214cd43..4e73381ad7 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyCharacteristics.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyCharacteristics.aidl @@ -15,9 +15,9 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable KeyCharacteristics { - android.hardware.security.keymint.KeyParameter[] softwareEnforced; - android.hardware.security.keymint.KeyParameter[] hardwareEnforced; + android.hardware.keymint.KeyParameter[] softwareEnforced; + android.hardware.keymint.KeyParameter[] hardwareEnforced; } diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyDerivationFunction.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyDerivationFunction.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyDerivationFunction.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyDerivationFunction.aidl index 83b7e6e7ee..8e2c7747bb 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyDerivationFunction.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyDerivationFunction.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum KeyDerivationFunction { NONE = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyFormat.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyFormat.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyFormat.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyFormat.aidl index f701c808a2..cfa585d369 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyFormat.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyFormat.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum KeyFormat { X509 = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyMintHardwareInfo.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyMintHardwareInfo.aidl similarity index 91% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyMintHardwareInfo.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyMintHardwareInfo.aidl index 5e9f7ae635..8263e6018a 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyMintHardwareInfo.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyMintHardwareInfo.aidl @@ -15,11 +15,11 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable KeyMintHardwareInfo { int versionNumber; - android.hardware.security.keymint.SecurityLevel securityLevel; + android.hardware.keymint.SecurityLevel securityLevel; @utf8InCpp String keyMintName; @utf8InCpp String keyMintAuthorName; } diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyOrigin.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyOrigin.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyOrigin.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyOrigin.aidl index 9728bf92b7..8d03d2b683 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyOrigin.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyOrigin.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum KeyOrigin { GENERATED = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameter.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyParameter.aidl similarity index 92% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameter.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyParameter.aidl index 91f83e4071..923cc6808a 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameter.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyParameter.aidl @@ -15,10 +15,10 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable KeyParameter { - android.hardware.security.keymint.Tag tag; + android.hardware.keymint.Tag tag; boolean boolValue; int integer; long longInteger; diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameterArray.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyParameterArray.aidl similarity index 91% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameterArray.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyParameterArray.aidl index 2c3b768756..b9b978241b 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameterArray.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyParameterArray.aidl @@ -15,8 +15,8 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable KeyParameterArray { - android.hardware.security.keymint.KeyParameter[] params; + android.hardware.keymint.KeyParameter[] params; } diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyPurpose.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyPurpose.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyPurpose.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyPurpose.aidl index a6fd8c3737..1aee56a14b 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyPurpose.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/KeyPurpose.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum KeyPurpose { ENCRYPT = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/PaddingMode.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/PaddingMode.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/PaddingMode.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/PaddingMode.aidl index 2ecfa1e8f6..97f93db3cb 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/PaddingMode.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/PaddingMode.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum PaddingMode { NONE = 1, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/SecurityLevel.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/SecurityLevel.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/SecurityLevel.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/SecurityLevel.aidl index 601693f127..1fb529ded4 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/SecurityLevel.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/SecurityLevel.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum SecurityLevel { SOFTWARE = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Tag.aidl similarity index 98% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Tag.aidl index 38eb6e693c..33a95fe38d 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Tag.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Tag.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum Tag { INVALID = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/TagType.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/TagType.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/TagType.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/TagType.aidl index bb2766c6bf..82144539a7 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/TagType.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/TagType.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @Backing(type="int") @VintfStability enum TagType { INVALID = 0, diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Timestamp.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Timestamp.aidl similarity index 96% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Timestamp.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Timestamp.aidl index 4d5b6598b5..f95d8db828 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/Timestamp.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/Timestamp.aidl @@ -15,7 +15,7 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable Timestamp { long milliSeconds; diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/VerificationToken.aidl b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/VerificationToken.aidl similarity index 87% rename from security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/VerificationToken.aidl rename to keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/VerificationToken.aidl index 5c76816a52..7b4989a408 100644 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/VerificationToken.aidl +++ b/keymint/aidl/aidl_api/android.hardware.keymint/current/android/hardware/keymint/VerificationToken.aidl @@ -15,11 +15,11 @@ // with such a backward incompatible change, it has a high risk of breaking // later when a module using the interface is updated, e.g., Mainline modules. -package android.hardware.security.keymint; +package android.hardware.keymint; @VintfStability parcelable VerificationToken { long challenge; - android.hardware.security.keymint.Timestamp timestamp; - android.hardware.security.keymint.SecurityLevel securityLevel; + android.hardware.keymint.Timestamp timestamp; + android.hardware.keymint.SecurityLevel securityLevel; byte[] mac; } diff --git a/security/keymint/aidl/android/hardware/security/keymint/Algorithm.aidl b/keymint/aidl/android/hardware/keymint/Algorithm.aidl similarity index 95% rename from security/keymint/aidl/android/hardware/security/keymint/Algorithm.aidl rename to keymint/aidl/android/hardware/keymint/Algorithm.aidl index 8300b0d75c..8c5d99cf35 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/Algorithm.aidl +++ b/keymint/aidl/android/hardware/keymint/Algorithm.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * Algorithms provided by IKeyMintDevice implementations. diff --git a/security/keymint/aidl/android/hardware/security/keymint/BeginResult.aidl b/keymint/aidl/android/hardware/keymint/BeginResult.aidl similarity index 87% rename from security/keymint/aidl/android/hardware/security/keymint/BeginResult.aidl rename to keymint/aidl/android/hardware/keymint/BeginResult.aidl index aaf9f3caa4..58eb024427 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/BeginResult.aidl +++ b/keymint/aidl/android/hardware/keymint/BeginResult.aidl @@ -14,10 +14,12 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + + +import android.hardware.keymint.IKeyMintOperation; +import android.hardware.keymint.KeyParameter; -import android.hardware.security.keymint.IKeyMintOperation; -import android.hardware.security.keymint.KeyParameter; /** * This is all the results returned by the IKeyMintDevice begin() function. diff --git a/security/keymint/aidl/android/hardware/security/keymint/BlockMode.aidl b/keymint/aidl/android/hardware/keymint/BlockMode.aidl similarity index 96% rename from security/keymint/aidl/android/hardware/security/keymint/BlockMode.aidl rename to keymint/aidl/android/hardware/keymint/BlockMode.aidl index 629c89f02e..b6b36ccf2a 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/BlockMode.aidl +++ b/keymint/aidl/android/hardware/keymint/BlockMode.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * Symmetric block cipher modes provided by IKeyMintDevice implementations. diff --git a/security/keymint/aidl/android/hardware/security/keymint/ByteArray.aidl b/keymint/aidl/android/hardware/keymint/ByteArray.aidl similarity index 94% rename from security/keymint/aidl/android/hardware/security/keymint/ByteArray.aidl rename to keymint/aidl/android/hardware/keymint/ByteArray.aidl index c3b402ea65..18d187e889 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/ByteArray.aidl +++ b/keymint/aidl/android/hardware/keymint/ByteArray.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * This is used to contain a byte[], to make out parameters of byte arrays diff --git a/security/keymint/aidl/android/hardware/security/keymint/Certificate.aidl b/keymint/aidl/android/hardware/keymint/Certificate.aidl similarity index 95% rename from security/keymint/aidl/android/hardware/security/keymint/Certificate.aidl rename to keymint/aidl/android/hardware/keymint/Certificate.aidl index a9538590eb..3a70970f30 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/Certificate.aidl +++ b/keymint/aidl/android/hardware/keymint/Certificate.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** * This encodes the IKeyMintDevice attestation generated certificate. diff --git a/security/keymint/aidl/android/hardware/security/keymint/Digest.aidl b/keymint/aidl/android/hardware/keymint/Digest.aidl similarity index 95% rename from security/keymint/aidl/android/hardware/security/keymint/Digest.aidl rename to keymint/aidl/android/hardware/keymint/Digest.aidl index b44da5a51c..a92ac23209 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/Digest.aidl +++ b/keymint/aidl/android/hardware/keymint/Digest.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * Digests provided by keyMint implementations. diff --git a/security/keymint/aidl/android/hardware/security/keymint/EcCurve.aidl b/keymint/aidl/android/hardware/keymint/EcCurve.aidl similarity index 94% rename from security/keymint/aidl/android/hardware/security/keymint/EcCurve.aidl rename to keymint/aidl/android/hardware/keymint/EcCurve.aidl index b9d16467b0..abd44b406d 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/EcCurve.aidl +++ b/keymint/aidl/android/hardware/keymint/EcCurve.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * Supported EC curves, used in ECDSA diff --git a/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl b/keymint/aidl/android/hardware/keymint/ErrorCode.aidl similarity index 98% rename from security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl rename to keymint/aidl/android/hardware/keymint/ErrorCode.aidl index fb24ad1baa..2a54954c74 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/ErrorCode.aidl +++ b/keymint/aidl/android/hardware/keymint/ErrorCode.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * KeyMint error codes. Aidl will return these error codes as service specific diff --git a/security/keymint/aidl/android/hardware/security/keymint/HardwareAuthToken.aidl b/keymint/aidl/android/hardware/keymint/HardwareAuthToken.aidl similarity index 95% rename from security/keymint/aidl/android/hardware/security/keymint/HardwareAuthToken.aidl rename to keymint/aidl/android/hardware/keymint/HardwareAuthToken.aidl index 12d615f86f..9b56a2e661 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/HardwareAuthToken.aidl +++ b/keymint/aidl/android/hardware/keymint/HardwareAuthToken.aidl @@ -14,10 +14,10 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.Timestamp; -import android.hardware.security.keymint.HardwareAuthenticatorType; +import android.hardware.keymint.Timestamp; +import android.hardware.keymint.HardwareAuthenticatorType; /** * HardwareAuthToken is used to prove successful user authentication, to unlock the use of a key. @@ -30,6 +30,7 @@ import android.hardware.security.keymint.HardwareAuthenticatorType; */ @VintfStability parcelable HardwareAuthToken { + /** * challenge is a value that's used to enable authentication tokens to authorize specific * events. The primary use case for challenge is to authorize an IKeyMintDevice cryptographic diff --git a/security/keymint/aidl/android/hardware/security/keymint/HardwareAuthenticatorType.aidl b/keymint/aidl/android/hardware/keymint/HardwareAuthenticatorType.aidl similarity index 96% rename from security/keymint/aidl/android/hardware/security/keymint/HardwareAuthenticatorType.aidl rename to keymint/aidl/android/hardware/keymint/HardwareAuthenticatorType.aidl index 33f71b8d3c..5c25e2f544 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/HardwareAuthenticatorType.aidl +++ b/keymint/aidl/android/hardware/keymint/HardwareAuthenticatorType.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** * Hardware authentication type, used by HardwareAuthTokens to specify the mechanism used to diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl b/keymint/aidl/android/hardware/keymint/IKeyMintDevice.aidl similarity index 98% rename from security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl rename to keymint/aidl/android/hardware/keymint/IKeyMintDevice.aidl index 4944acb1b1..8fbab79600 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintDevice.aidl +++ b/keymint/aidl/android/hardware/keymint/IKeyMintDevice.aidl @@ -14,20 +14,20 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.BeginResult; -import android.hardware.security.keymint.ByteArray; -import android.hardware.security.keymint.Certificate; -import android.hardware.security.keymint.HardwareAuthToken; -import android.hardware.security.keymint.IKeyMintOperation; -import android.hardware.security.keymint.KeyCharacteristics; -import android.hardware.security.keymint.KeyFormat; -import android.hardware.security.keymint.KeyParameter; -import android.hardware.security.keymint.KeyMintHardwareInfo; -import android.hardware.security.keymint.KeyPurpose; -import android.hardware.security.keymint.SecurityLevel; -import android.hardware.security.keymint.VerificationToken; +import android.hardware.keymint.BeginResult; +import android.hardware.keymint.ByteArray; +import android.hardware.keymint.Certificate; +import android.hardware.keymint.HardwareAuthToken; +import android.hardware.keymint.IKeyMintOperation; +import android.hardware.keymint.KeyCharacteristics; +import android.hardware.keymint.KeyFormat; +import android.hardware.keymint.KeyParameter; +import android.hardware.keymint.KeyMintHardwareInfo; +import android.hardware.keymint.KeyPurpose; +import android.hardware.keymint.SecurityLevel; +import android.hardware.keymint.VerificationToken; /** * KeyMint device definition. diff --git a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl b/keymint/aidl/android/hardware/keymint/IKeyMintOperation.aidl similarity index 97% rename from security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl rename to keymint/aidl/android/hardware/keymint/IKeyMintOperation.aidl index 24960ccea0..1b792961f7 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/IKeyMintOperation.aidl +++ b/keymint/aidl/android/hardware/keymint/IKeyMintOperation.aidl @@ -14,13 +14,13 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.ByteArray; -import android.hardware.security.keymint.HardwareAuthToken; -import android.hardware.security.keymint.KeyParameter; -import android.hardware.security.keymint.KeyParameterArray; -import android.hardware.security.keymint.VerificationToken; +import android.hardware.keymint.ByteArray; +import android.hardware.keymint.HardwareAuthToken; +import android.hardware.keymint.KeyParameter; +import android.hardware.keymint.KeyParameterArray; +import android.hardware.keymint.VerificationToken; @VintfStability interface IKeyMintOperation { diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyCharacteristics.aidl b/keymint/aidl/android/hardware/keymint/KeyCharacteristics.aidl similarity index 94% rename from security/keymint/aidl/android/hardware/security/keymint/KeyCharacteristics.aidl rename to keymint/aidl/android/hardware/keymint/KeyCharacteristics.aidl index 0801868825..ac7c2b482f 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyCharacteristics.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyCharacteristics.aidl @@ -14,9 +14,9 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.KeyParameter; +import android.hardware.keymint.KeyParameter; /** * KeyCharacteristics defines the attributes of a key, including cryptographic parameters, and usage diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyDerivationFunction.aidl b/keymint/aidl/android/hardware/keymint/KeyDerivationFunction.aidl similarity index 96% rename from security/keymint/aidl/android/hardware/security/keymint/KeyDerivationFunction.aidl rename to keymint/aidl/android/hardware/keymint/KeyDerivationFunction.aidl index e166ab6ad9..1eba446770 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyDerivationFunction.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyDerivationFunction.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** * Key derivation functions, mostly used in ECIES. diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyFormat.aidl b/keymint/aidl/android/hardware/keymint/KeyFormat.aidl similarity index 95% rename from security/keymint/aidl/android/hardware/security/keymint/KeyFormat.aidl rename to keymint/aidl/android/hardware/keymint/KeyFormat.aidl index 6ad8e3d922..13044dc5b1 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyFormat.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyFormat.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * Formats for key import and export. diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl b/keymint/aidl/android/hardware/keymint/KeyMintHardwareInfo.aidl similarity index 94% rename from security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl rename to keymint/aidl/android/hardware/keymint/KeyMintHardwareInfo.aidl index d3d7368add..5815b10951 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyMintHardwareInfo.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyMintHardwareInfo.aidl @@ -14,13 +14,15 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + +import android.hardware.keymint.SecurityLevel; -import android.hardware.security.keymint.SecurityLevel; /** * KeyMintHardwareInfo is the hardware information returned by calling KeyMint getHardwareInfo() */ + @VintfStability parcelable KeyMintHardwareInfo { /** diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyOrigin.aidl b/keymint/aidl/android/hardware/keymint/KeyOrigin.aidl similarity index 97% rename from security/keymint/aidl/android/hardware/security/keymint/KeyOrigin.aidl rename to keymint/aidl/android/hardware/keymint/KeyOrigin.aidl index 0cd53c2fbb..70320d3998 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyOrigin.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyOrigin.aidl @@ -14,7 +14,8 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; + /** * The origin of a key (or pair), i.e. where it was generated. Note that ORIGIN can be found in diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyParameter.aidl b/keymint/aidl/android/hardware/keymint/KeyParameter.aidl similarity index 70% rename from security/keymint/aidl/android/hardware/security/keymint/KeyParameter.aidl rename to keymint/aidl/android/hardware/keymint/KeyParameter.aidl index 938064ca53..d58e4aa1aa 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyParameter.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyParameter.aidl @@ -14,19 +14,20 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.Algorithm; -import android.hardware.security.keymint.BlockMode; -import android.hardware.security.keymint.Digest; -import android.hardware.security.keymint.EcCurve; -import android.hardware.security.keymint.HardwareAuthenticatorType; -import android.hardware.security.keymint.KeyDerivationFunction; -import android.hardware.security.keymint.KeyOrigin; -import android.hardware.security.keymint.KeyPurpose; -import android.hardware.security.keymint.PaddingMode; -import android.hardware.security.keymint.SecurityLevel; -import android.hardware.security.keymint.Tag; + +import android.hardware.keymint.Algorithm; +import android.hardware.keymint.BlockMode; +import android.hardware.keymint.Digest; +import android.hardware.keymint.EcCurve; +import android.hardware.keymint.HardwareAuthenticatorType; +import android.hardware.keymint.KeyDerivationFunction; +import android.hardware.keymint.KeyOrigin; +import android.hardware.keymint.KeyPurpose; +import android.hardware.keymint.PaddingMode; +import android.hardware.keymint.SecurityLevel; +import android.hardware.keymint.Tag; /** diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyParameterArray.aidl b/keymint/aidl/android/hardware/keymint/KeyParameterArray.aidl similarity index 90% rename from security/keymint/aidl/android/hardware/security/keymint/KeyParameterArray.aidl rename to keymint/aidl/android/hardware/keymint/KeyParameterArray.aidl index acab43591c..cc9e37ad2a 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyParameterArray.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyParameterArray.aidl @@ -14,9 +14,9 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.KeyParameter; +import android.hardware.keymint.KeyParameter; /** * Identifies the key authorization parameters to be used with keyMint. This is usually diff --git a/security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl b/keymint/aidl/android/hardware/keymint/KeyPurpose.aidl similarity index 96% rename from security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl rename to keymint/aidl/android/hardware/keymint/KeyPurpose.aidl index cb4682ea56..bc029fdb39 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/KeyPurpose.aidl +++ b/keymint/aidl/android/hardware/keymint/KeyPurpose.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** diff --git a/security/keymint/aidl/android/hardware/security/keymint/PaddingMode.aidl b/keymint/aidl/android/hardware/keymint/PaddingMode.aidl similarity index 96% rename from security/keymint/aidl/android/hardware/security/keymint/PaddingMode.aidl rename to keymint/aidl/android/hardware/keymint/PaddingMode.aidl index 80b73bd0dc..337ed912fc 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/PaddingMode.aidl +++ b/keymint/aidl/android/hardware/keymint/PaddingMode.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** * TODO(seleneh) update the description. diff --git a/security/keymint/aidl/android/hardware/security/keymint/SecurityLevel.aidl b/keymint/aidl/android/hardware/keymint/SecurityLevel.aidl similarity index 95% rename from security/keymint/aidl/android/hardware/security/keymint/SecurityLevel.aidl rename to keymint/aidl/android/hardware/keymint/SecurityLevel.aidl index 10363e9bb0..d8de024493 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/SecurityLevel.aidl +++ b/keymint/aidl/android/hardware/keymint/SecurityLevel.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** * Device security levels. diff --git a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl b/keymint/aidl/android/hardware/keymint/Tag.aidl similarity index 99% rename from security/keymint/aidl/android/hardware/security/keymint/Tag.aidl rename to keymint/aidl/android/hardware/keymint/Tag.aidl index 532bc5de9b..46da09658c 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/Tag.aidl +++ b/keymint/aidl/android/hardware/keymint/Tag.aidl @@ -14,9 +14,9 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.TagType; +import android.hardware.keymint.TagType; // TODO(seleneh) : note aidl currently does not support double nested enum definitions such as // ROOT_OF_TRUST = TagType:BYTES | 704. So we are forced to write definations as diff --git a/security/keymint/aidl/android/hardware/security/keymint/TagType.aidl b/keymint/aidl/android/hardware/keymint/TagType.aidl similarity index 97% rename from security/keymint/aidl/android/hardware/security/keymint/TagType.aidl rename to keymint/aidl/android/hardware/keymint/TagType.aidl index a273af3f8c..fb50b10d4a 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/TagType.aidl +++ b/keymint/aidl/android/hardware/keymint/TagType.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** * TagType classifies Tags in Tag.aidl into various groups of data. diff --git a/security/keymint/aidl/android/hardware/security/keymint/Timestamp.aidl b/keymint/aidl/android/hardware/keymint/Timestamp.aidl similarity index 96% rename from security/keymint/aidl/android/hardware/security/keymint/Timestamp.aidl rename to keymint/aidl/android/hardware/keymint/Timestamp.aidl index ebb36848df..7c882c6811 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/Timestamp.aidl +++ b/keymint/aidl/android/hardware/keymint/Timestamp.aidl @@ -14,7 +14,7 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; /** * Time in milliseconds since some arbitrary point in time. Time must be monotonically increasing, diff --git a/security/keymint/aidl/android/hardware/security/keymint/VerificationToken.aidl b/keymint/aidl/android/hardware/keymint/VerificationToken.aidl similarity index 79% rename from security/keymint/aidl/android/hardware/security/keymint/VerificationToken.aidl rename to keymint/aidl/android/hardware/keymint/VerificationToken.aidl index f76e6a8526..736c0e2f3e 100644 --- a/security/keymint/aidl/android/hardware/security/keymint/VerificationToken.aidl +++ b/keymint/aidl/android/hardware/keymint/VerificationToken.aidl @@ -14,10 +14,10 @@ * limitations under the License. */ -package android.hardware.security.keymint; +package android.hardware.keymint; -import android.hardware.security.keymint.SecurityLevel; -import android.hardware.security.keymint.Timestamp; +import android.hardware.keymint.SecurityLevel; +import android.hardware.keymint.Timestamp; /** * VerificationToken instances are used for secure environments to authenticate one another. @@ -48,7 +48,7 @@ parcelable VerificationToken { * 32-byte HMAC-SHA256 of the above values, computed as: * * HMAC(H, - * "Auth Verification" || challenge || timestamp || securityLevel) + * "Auth Verification" || challenge || timestamp || securityLevel || parametersVerified) * * where: * @@ -58,6 +58,11 @@ parcelable VerificationToken { * * The representation of challenge and timestamp is as 64-bit unsigned integers in big-endian * order. securityLevel is represented as a 32-bit unsigned integer in big-endian order. + * + * If parametersVerified is non-empty, the representation of parametersVerified is an ASN.1 DER + * encoded representation of the values. The ASN.1 schema used is the AuthorizationList schema + * from the Keystore attestation documentation. If parametersVerified is empty, it is simply + * omitted from the HMAC computation. */ byte[] mac; } diff --git a/security/keymint/aidl/default/Android.bp b/keymint/aidl/default/Android.bp similarity index 58% rename from security/keymint/aidl/default/Android.bp rename to keymint/aidl/default/Android.bp index 491a2c1c95..539ca47511 100644 --- a/security/keymint/aidl/default/Android.bp +++ b/keymint/aidl/default/Android.bp @@ -1,22 +1,22 @@ cc_binary { - name: "android.hardware.security.keymint-service", + name: "android.hardware.keymint@1.0-service", relative_install_path: "hw", - init_rc: ["android.hardware.security.keymint-service.rc"], - vintf_fragments: ["android.hardware.security.keymint-service.xml"], + init_rc: ["android.hardware.keymint@1.0-service.rc"], + vintf_fragments: ["android.hardware.keymint@1.0-service.xml"], vendor: true, cflags: [ "-Wall", "-Wextra", ], shared_libs: [ - "android.hardware.security.keymint-ndk_platform", + "android.hardware.keymint-ndk_platform", "libbase", "libbinder_ndk", "libcppbor", "libcrypto", - "libkeymaster_portable", - "libkeymint", "liblog", + "libkeymaster_portable", + "libkeymint1", "libpuresoftkeymasterdevice", "libutils", ], diff --git a/keymint/aidl/default/android.hardware.keymint@1.0-service.rc b/keymint/aidl/default/android.hardware.keymint@1.0-service.rc new file mode 100644 index 0000000000..92dce88449 --- /dev/null +++ b/keymint/aidl/default/android.hardware.keymint@1.0-service.rc @@ -0,0 +1,3 @@ +service vendor.keymint-default /vendor/bin/hw/android.hardware.keymint@1.0-service + class early_hal + user nobody diff --git a/security/keymint/aidl/default/android.hardware.security.keymint-service.xml b/keymint/aidl/default/android.hardware.keymint@1.0-service.xml similarity index 70% rename from security/keymint/aidl/default/android.hardware.security.keymint-service.xml rename to keymint/aidl/default/android.hardware.keymint@1.0-service.xml index 73d15a8024..3935b5a0d4 100644 --- a/security/keymint/aidl/default/android.hardware.security.keymint-service.xml +++ b/keymint/aidl/default/android.hardware.keymint@1.0-service.xml @@ -1,6 +1,6 @@ - android.hardware.security.keymint + android.hardware.keymint IKeyMintDevice/default diff --git a/security/keymint/aidl/default/service.cpp b/keymint/aidl/default/service.cpp similarity index 68% rename from security/keymint/aidl/default/service.cpp rename to keymint/aidl/default/service.cpp index a710535fac..ca5555e633 100644 --- a/security/keymint/aidl/default/service.cpp +++ b/keymint/aidl/default/service.cpp @@ -14,30 +14,30 @@ * limitations under the License. */ -#define LOG_TAG "android.hardware.security.keymint-service" +#define LOG_TAG "android.hardware.keymint1-service" #include #include #include -#include +#include #include -using aidl::android::hardware::security::keymint::AndroidKeyMintDevice; -using aidl::android::hardware::security::keymint::SecurityLevel; +using aidl::android::hardware::keymint::SecurityLevel; +using aidl::android::hardware::keymint::V1_0::AndroidKeyMint1Device; int main() { // Zero threads seems like a useless pool, but below we'll join this thread to it, increasing // the pool size to 1. ABinderProcess_setThreadPoolMaxThreadCount(0); - std::shared_ptr keyMint = - ndk::SharedRefBase::make(SecurityLevel::SOFTWARE); + std::shared_ptr km5 = + ndk::SharedRefBase::make(SecurityLevel::SOFTWARE); keymaster::SoftKeymasterLogger logger; - const auto instanceName = std::string(AndroidKeyMintDevice::descriptor) + "/default"; + const auto instanceName = std::string(AndroidKeyMint1Device::descriptor) + "/default"; LOG(INFO) << "instance: " << instanceName; binder_status_t status = - AServiceManager_addService(keyMint->asBinder().get(), instanceName.c_str()); + AServiceManager_addService(km5->asBinder().get(), instanceName.c_str()); CHECK(status == STATUS_OK); ABinderProcess_joinThreadPool(); diff --git a/security/keymint/aidl/vts/functional/Android.bp b/keymint/aidl/vts/functional/Android.bp similarity index 77% rename from security/keymint/aidl/vts/functional/Android.bp rename to keymint/aidl/vts/functional/Android.bp index ef7adb10a6..9ee8239455 100644 --- a/security/keymint/aidl/vts/functional/Android.bp +++ b/keymint/aidl/vts/functional/Android.bp @@ -15,25 +15,25 @@ // cc_test { - name: "VtsAidlKeyMintTargetTest", + name: "VtsAidlKeyMintV1_0TargetTest", defaults: [ "VtsHalTargetTestDefaults", "use_libaidlvintf_gtest_helper_static", ], srcs: [ - "KeyMintTest.cpp", + "keyMint1Test.cpp", "VerificationTokenTest.cpp", ], shared_libs: [ "libbinder", "libcrypto", - "libkeymint", - "libkeymint_support", + "libkeymint1", + "libkeymintSupport", ], static_libs: [ - "android.hardware.security.keymint-cpp", - "libcppbor_external", - "libkeymint_vts_test_utils", + "android.hardware.keymint-cpp", + "libcppbor", + "libkeyMint1VtsTestUtil", ], test_suites: [ "general-tests", @@ -42,7 +42,7 @@ cc_test { } cc_test_library { - name: "libkeymint_vts_test_utils", + name: "libkeyMint1VtsTestUtil", defaults: [ "VtsHalTargetTestDefaults", "use_libaidlvintf_gtest_helper_static", @@ -56,11 +56,11 @@ cc_test_library { shared_libs: [ "libbinder", "libcrypto", - "libkeymint", - "libkeymint_support", + "libkeymint1", + "libkeymintSupport", ], static_libs: [ - "android.hardware.security.keymint-cpp", + "android.hardware.keymint-cpp", "libcppbor", ], } diff --git a/security/keymint/aidl/vts/functional/AndroidTest.xml b/keymint/aidl/vts/functional/AndroidTest.xml similarity index 100% rename from security/keymint/aidl/vts/functional/AndroidTest.xml rename to keymint/aidl/vts/functional/AndroidTest.xml diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp similarity index 99% rename from security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp rename to keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp index ea3a329573..05461492be 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +++ b/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp @@ -21,10 +21,12 @@ #include -#include -#include +#include +#include -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { +namespace keymint { using namespace std::literals::chrono_literals; using std::endl; @@ -749,5 +751,6 @@ vector KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) { } } // namespace test - -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/keymint/aidl/vts/functional/KeyMintAidlTestBase.h similarity index 96% rename from security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h rename to keymint/aidl/vts/functional/KeyMintAidlTestBase.h index 76effcff31..2948c41eae 100644 --- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +++ b/keymint/aidl/vts/functional/KeyMintAidlTestBase.h @@ -21,15 +21,18 @@ #include #include -#include -#include +#include +#include #include #include #include -#include +#include -namespace android::hardware::security::keymint::test { +namespace android { +namespace hardware { +namespace keymint { +namespace test { using ::android::sp; using binder::Status; @@ -186,6 +189,9 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam { testing::ValuesIn(KeyMintAidlTestBase::build_params()), \ android::PrintInstanceNameToString) -} // namespace android::hardware::security::keymint::test +} // namespace test +} // namespace keymint +} // namespace hardware +} // namespace android #endif // VTS_KEYMINT_AIDL_TEST_UTILS_H diff --git a/security/keymint/aidl/vts/functional/VerificationTokenTest.cpp b/keymint/aidl/vts/functional/VerificationTokenTest.cpp similarity index 97% rename from security/keymint/aidl/vts/functional/VerificationTokenTest.cpp rename to keymint/aidl/vts/functional/VerificationTokenTest.cpp index 6d3a34e7a6..bd0942ba10 100644 --- a/security/keymint/aidl/vts/functional/VerificationTokenTest.cpp +++ b/keymint/aidl/vts/functional/VerificationTokenTest.cpp @@ -16,7 +16,10 @@ #include "KeyMintAidlTestBase.h" -namespace android::hardware::security::keymint::test { +namespace android { +namespace hardware { +namespace keymint { +namespace test { class VerificationTokenTest : public KeyMintAidlTestBase { protected: @@ -165,4 +168,7 @@ TEST_P(VerificationTokenTest, MacChangesOnChangingTimestamp) { INSTANTIATE_KEYMINT_AIDL_TEST(VerificationTokenTest); -} // namespace android::hardware::security::keymint::test +} // namespace test +} // namespace keymint +} // namespace hardware +} // namespace android diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/keymint/aidl/vts/functional/keyMint1Test.cpp similarity index 99% rename from security/keymint/aidl/vts/functional/KeyMintTest.cpp rename to keymint/aidl/vts/functional/keyMint1Test.cpp index f9423a24a3..c2fa2f8588 100644 --- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp +++ b/keymint/aidl/vts/functional/keyMint1Test.cpp @@ -26,32 +26,36 @@ #include -#include +#include -#include -#include -#include +#include +#include +#include #include "KeyMintAidlTestBase.h" static bool arm_deleteAllKeys = false; static bool dump_Attestations = false; -using android::hardware::security::keymint::AuthorizationSet; -using android::hardware::security::keymint::KeyCharacteristics; -using android::hardware::security::keymint::KeyFormat; +using android::hardware::keymint::AuthorizationSet; +using android::hardware::keymint::KeyCharacteristics; +using android::hardware::keymint::KeyFormat; -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { + +namespace keymint { bool operator==(const keymint::AuthorizationSet& a, const keymint::AuthorizationSet& b) { return a.size() == b.size() && std::equal(a.begin(), a.end(), b.begin()); } - -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android namespace std { -using namespace android::hardware::security::keymint; +using namespace android::hardware::keymint; template <> struct std::equal_to { @@ -73,8 +77,10 @@ struct std::equal_to { } // namespace std -namespace android::hardware::security::keymint::test { - +namespace android { +namespace hardware { +namespace keymint { +namespace test { namespace { template @@ -4040,7 +4046,10 @@ TEST_P(TransportLimitTest, LargeFinishInput) { INSTANTIATE_KEYMINT_AIDL_TEST(TransportLimitTest); -} // namespace android::hardware::security::keymint::test +} // namespace test +} // namespace keymint +} // namespace hardware +} // namespace android int main(int argc, char** argv) { ::testing::InitGoogleTest(&argc, argv); @@ -4054,5 +4063,7 @@ int main(int argc, char** argv) { } } } - return RUN_ALL_TESTS(); + int status = RUN_ALL_TESTS(); + ALOGI("Test result = %d", status); + return status; } diff --git a/security/keymint/support/Android.bp b/keymint/support/Android.bp similarity index 92% rename from security/keymint/support/Android.bp rename to keymint/support/Android.bp index ddac92fc6b..432416e006 100644 --- a/security/keymint/support/Android.bp +++ b/keymint/support/Android.bp @@ -15,7 +15,7 @@ // cc_library { - name: "libkeymint_support", + name: "libkeymintSupport", cflags: [ "-Wall", "-Wextra", @@ -31,7 +31,7 @@ cc_library { "include", ], shared_libs: [ - "android.hardware.security.keymint-cpp", + "android.hardware.keymint-cpp", "libbase", "libcrypto", "libutils", diff --git a/security/keymint/support/OWNERS b/keymint/support/OWNERS similarity index 100% rename from security/keymint/support/OWNERS rename to keymint/support/OWNERS diff --git a/security/keymint/support/attestation_record.cpp b/keymint/support/attestation_record.cpp similarity index 97% rename from security/keymint/support/attestation_record.cpp rename to keymint/support/attestation_record.cpp index afdb208221..e5659746fe 100644 --- a/security/keymint/support/attestation_record.cpp +++ b/keymint/support/attestation_record.cpp @@ -14,26 +14,27 @@ * limitations under the License. */ -#include +#include -#include +#include +#include #include +#include #include #include #include #include -#include -#include - -#include -#include +#include +#include #define AT __FILE__ ":" << __LINE__ -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { +namespace keymint { struct stack_st_ASN1_TYPE_Delete { void operator()(stack_st_ASN1_TYPE* p) { sk_ASN1_TYPE_free(p); } @@ -381,4 +382,6 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc return ErrorCode::OK; // KM_ERROR_OK; } -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android diff --git a/security/keymint/support/authorization_set.cpp b/keymint/support/authorization_set.cpp similarity index 93% rename from security/keymint/support/authorization_set.cpp rename to keymint/support/authorization_set.cpp index aa9638f256..9fc4e13727 100644 --- a/security/keymint/support/authorization_set.cpp +++ b/keymint/support/authorization_set.cpp @@ -14,21 +14,23 @@ * limitations under the License. */ -#include +#include #include -#include #include +#include -#include -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include +#include -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { +namespace keymint { void AuthorizationSet::Sort() { std::sort(data_.begin(), data_.end()); @@ -218,11 +220,10 @@ struct choose_serializer<> { }; template -struct choose_serializer, Tail...> { +struct choose_serializer, Tail...> { static OutStreams& serialize(OutStreams& out, const KeyParameter& param) { if (param.tag == tag) { - return android::hardware::security::keymint::serialize(TypedTag(), out, - param); + return android::hardware::keymint::serialize(TypedTag(), out, param); } else { return choose_serializer::serialize(out, param); } @@ -328,8 +329,7 @@ template struct choose_deserializer, Tail...> { static InStreams& deserialize(InStreams& in, KeyParameter* param) { if (param->tag == tag) { - return android::hardware::security::keymint::deserialize(TypedTag(), in, - param); + return android::hardware::keymint::deserialize(TypedTag(), in, param); } else { return choose_deserializer::deserialize(in, param); } @@ -501,14 +501,15 @@ AuthorizationSetBuilder& AuthorizationSetBuilder::GcmModeMacLen(uint32_t macLeng } AuthorizationSetBuilder& AuthorizationSetBuilder::BlockMode( - std::initializer_list blockModes) { + std::initializer_list blockModes) { for (auto mode : blockModes) { push_back(TAG_BLOCK_MODE, mode); } return *this; } -AuthorizationSetBuilder& AuthorizationSetBuilder::Digest(std::vector digests) { +AuthorizationSetBuilder& AuthorizationSetBuilder::Digest( + std::vector digests) { for (auto digest : digests) { push_back(TAG_DIGEST, digest); } @@ -523,4 +524,6 @@ AuthorizationSetBuilder& AuthorizationSetBuilder::Padding( return *this; } -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android diff --git a/security/keymint/support/include/keymint_support/attestation_record.h b/keymint/support/include/keymintSupport/attestation_record.h similarity index 84% rename from security/keymint/support/include/keymint_support/attestation_record.h rename to keymint/support/include/keymintSupport/attestation_record.h index d71624c978..7a69789423 100644 --- a/security/keymint/support/include/keymint_support/attestation_record.h +++ b/keymint/support/include/keymintSupport/attestation_record.h @@ -16,14 +16,20 @@ #pragma once -#include -#include +#include +#include -#include -#include -#include +#include +#include +#include -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { +namespace keymint { + +using android::hardware::keymint::KeyParameter; +using android::hardware::keymint::Tag; +using android::hardware::keymint::TAG_ALGORITHM; class AuthorizationSet; @@ -84,4 +90,6 @@ ErrorCode parse_root_of_trust(const uint8_t* asn1_key_desc, size_t asn1_key_desc keymint_verified_boot_t* verified_boot_state, bool* device_locked, std::vector* verified_boot_hash); -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android diff --git a/security/keymint/support/include/keymint_support/authorization_set.h b/keymint/support/include/keymintSupport/authorization_set.h similarity index 95% rename from security/keymint/support/include/keymint_support/authorization_set.h rename to keymint/support/include/keymintSupport/authorization_set.h index 97e10224d3..141426a7a2 100644 --- a/security/keymint/support/include/keymint_support/authorization_set.h +++ b/keymint/support/include/keymintSupport/authorization_set.h @@ -19,14 +19,21 @@ #include -#include -#include -#include -#include +#include +#include +#include +#include -#include +#include -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { +namespace keymint { + +using android::hardware::keymint::BlockMode; +using android::hardware::keymint::Digest; +using android::hardware::keymint::EcCurve; +using android::hardware::keymint::PaddingMode; using std::vector; @@ -315,6 +322,8 @@ class AuthorizationSetBuilder : public AuthorizationSet { } }; -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android #endif // SYSTEM_SECURITY_KEYSTORE_KM4_AUTHORIZATION_SET_H_ diff --git a/security/keymint/support/include/keymint_support/key_param_output.h b/keymint/support/include/keymintSupport/key_param_output.h similarity index 72% rename from security/keymint/support/include/keymint_support/key_param_output.h rename to keymint/support/include/keymintSupport/key_param_output.h index 82c9689329..a35a9816a9 100644 --- a/security/keymint/support/include/keymint_support/key_param_output.h +++ b/keymint/support/include/keymintSupport/key_param_output.h @@ -1,5 +1,5 @@ /* - * Copyright (C) 2020 The Android Open Source Project + * Copyright (C) 2017 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -20,24 +20,28 @@ #include #include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - #include "keymint_tags.h" -namespace android::hardware::security::keymint { +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +namespace android { +namespace hardware { +namespace keymint { + +using namespace ::android::hardware::keymint; inline ::std::ostream& operator<<(::std::ostream& os, Algorithm value) { return os << toString(value); @@ -97,6 +101,8 @@ inline ::std::ostream& operator<<(::std::ostream& os, Tag tag) { return os << toString(tag); } -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android #endif // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEY_PARAM_OUTPUT_H_ diff --git a/security/keymint/support/include/keymint_support/keymint_tags.h b/keymint/support/include/keymintSupport/keymint_tags.h similarity index 81% rename from security/keymint/support/include/keymint_support/keymint_tags.h rename to keymint/support/include/keymintSupport/keymint_tags.h index f23e4f2ce2..f1060a9e16 100644 --- a/security/keymint/support/include/keymint_support/keymint_tags.h +++ b/keymint/support/include/keymintSupport/keymint_tags.h @@ -17,20 +17,24 @@ #ifndef HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_ #define HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_ -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include -namespace android::hardware::security::keymint { +namespace android::hardware::keymint { + +using android::hardware::keymint::KeyParameter; +using android::hardware::keymint::Tag; +using android::hardware::keymint::TagType; // The following create the numeric values that KM_TAG_PADDING and KM_TAG_DIGEST used to have. We // need these old values to be able to support old keys that use them. @@ -333,6 +337,78 @@ inline NullOr>::type&> return accessTagValue(ttag, param); } -} // namespace android::hardware::security::keymint +} // namespace android::hardware::keymint + +namespace std { + +using namespace android::hardware::keymint; + +// Aidl generates KeyParameter operator<, >, ==, != for cpp translation but not ndk +// translations. So we cannot straight forward overload these operators. +// However we need our custom comparison for KeyParameters. So we will +// overload std::less, equal_to instead. +template <> +struct std::less { + bool operator()(const KeyParameter& a, const KeyParameter& b) const { + if (a.tag != b.tag) return a.tag < b.tag; + int retval; + switch (typeFromTag(a.tag)) { + case TagType::INVALID: + case TagType::BOOL: + return false; + case TagType::ENUM: + case TagType::ENUM_REP: + case TagType::UINT: + case TagType::UINT_REP: + return a.integer < b.integer; + case TagType::ULONG: + case TagType::ULONG_REP: + case TagType::DATE: + return a.longInteger < b.longInteger; + case TagType::BIGNUM: + case TagType::BYTES: + // Handle the empty cases. + if (a.blob.size() == 0) return b.blob.size() != 0; + if (b.blob.size() == 0) return false; + retval = memcmp(&a.blob[0], &b.blob[0], std::min(a.blob.size(), b.blob.size())); + // if one is the prefix of the other the longer wins + if (retval == 0) return a.blob.size() < b.blob.size(); + // Otherwise a is less if a is less. + else + return retval < 0; + } + return false; + } +}; + +template <> +struct std::equal_to { + bool operator()(const KeyParameter& a, const KeyParameter& b) const { + if (a.tag != b.tag) { + return false; + } + switch (typeFromTag(a.tag)) { + case TagType::INVALID: + case TagType::BOOL: + return true; + case TagType::ENUM: + case TagType::ENUM_REP: + case TagType::UINT: + case TagType::UINT_REP: + return a.integer == b.integer; + case TagType::ULONG: + case TagType::ULONG_REP: + case TagType::DATE: + return a.longInteger == b.longInteger; + case TagType::BIGNUM: + case TagType::BYTES: + if (a.blob.size() != b.blob.size()) return false; + return a.blob.size() == 0 || memcmp(&a.blob[0], &b.blob[0], a.blob.size()) == 0; + } + return false; + } +}; + +} // namespace std #endif // HARDWARE_INTERFACES_KEYMINT_SUPPORT_INCLUDE_KEYMINT_TAGS_H_ diff --git a/security/keymint/support/include/keymint_support/keymint_utils.h b/keymint/support/include/keymintSupport/keymint_utils.h similarity index 88% rename from security/keymint/support/include/keymint_support/keymint_utils.h rename to keymint/support/include/keymintSupport/keymint_utils.h index fda1b6c9b2..aa1e93b3c5 100644 --- a/security/keymint/support/include/keymint_support/keymint_utils.h +++ b/keymint/support/include/keymintSupport/keymint_utils.h @@ -19,9 +19,11 @@ #ifndef HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_ #define HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_ -#include +#include -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { +namespace keymint { using std::vector; @@ -42,6 +44,8 @@ vector authToken2vector(const HardwareAuthToken& token); uint32_t getOsVersion(); uint32_t getOsPatchlevel(); -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android #endif // HARDWARE_INTERFACES_KEYMINT_10_SUPPORT_KEYMINT_UTILS_H_ diff --git a/security/keymint/support/include/keymint_support/openssl_utils.h b/keymint/support/include/keymintSupport/openssl_utils.h similarity index 75% rename from security/keymint/support/include/keymint_support/openssl_utils.h rename to keymint/support/include/keymintSupport/openssl_utils.h index cb099680d4..39633edaaa 100644 --- a/security/keymint/support/include/keymint_support/openssl_utils.h +++ b/keymint/support/include/keymintSupport/openssl_utils.h @@ -17,13 +17,11 @@ #ifndef HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_ #define HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_ -#include +#include #include #include -namespace android::hardware::security::keymint { - template struct UniquePtrDeleter { void operator()(T* p) const { F(p); } @@ -42,26 +40,24 @@ MAKE_OPENSSL_PTR_TYPE(BN_CTX) typedef std::unique_ptr> BIGNUM_Ptr; -inline const EVP_MD* openssl_digest(Digest digest) { +inline const EVP_MD* openssl_digest(android::hardware::keymint::Digest digest) { switch (digest) { - case Digest::NONE: + case android::hardware::keymint::Digest::NONE: return nullptr; - case Digest::MD5: + case android::hardware::keymint::Digest::MD5: return EVP_md5(); - case Digest::SHA1: + case android::hardware::keymint::Digest::SHA1: return EVP_sha1(); - case Digest::SHA_2_224: + case android::hardware::keymint::Digest::SHA_2_224: return EVP_sha224(); - case Digest::SHA_2_256: + case android::hardware::keymint::Digest::SHA_2_256: return EVP_sha256(); - case Digest::SHA_2_384: + case android::hardware::keymint::Digest::SHA_2_384: return EVP_sha384(); - case Digest::SHA_2_512: + case android::hardware::keymint::Digest::SHA_2_512: return EVP_sha512(); } return nullptr; } -} // namespace android::hardware::security::keymint - #endif // HARDWARE_INTERFACES_KEYMINT_1_0_SUPPORT_OPENSSL_UTILS_H_ diff --git a/security/keymint/support/key_param_output.cpp b/keymint/support/key_param_output.cpp similarity index 90% rename from security/keymint/support/key_param_output.cpp rename to keymint/support/key_param_output.cpp index b699b2289e..6e33558d58 100644 --- a/security/keymint/support/key_param_output.cpp +++ b/keymint/support/key_param_output.cpp @@ -14,13 +14,15 @@ * limitations under the License. */ -#include +#include + +#include #include -#include - -namespace android::hardware::security::keymint { +namespace android { +namespace hardware { +namespace keymint { using ::std::endl; using ::std::ostream; @@ -69,4 +71,6 @@ ostream& operator<<(ostream& os, const KeyParameter& param) { return os << "UNKNOWN TAG TYPE!"; } -} // namespace android::hardware::security::keymint +} // namespace keymint +} // namespace hardware +} // namespace android diff --git a/security/keymint/support/keymint_utils.cpp b/keymint/support/keymint_utils.cpp similarity index 96% rename from security/keymint/support/keymint_utils.cpp rename to keymint/support/keymint_utils.cpp index cd4cca222a..fd57cf5af9 100644 --- a/security/keymint/support/keymint_utils.cpp +++ b/keymint/support/keymint_utils.cpp @@ -18,11 +18,11 @@ #include #include -#include +#include #include -namespace android::hardware::security::keymint { +namespace android::hardware::keymint { namespace { @@ -111,4 +111,4 @@ uint32_t getOsPatchlevel() { return getOsPatchlevel(patchlevel.c_str()); } -} // namespace android::hardware::security::keymint +} // namespace android::hardware::keymint diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl deleted file mode 100644 index 3d08cfef08..0000000000 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintDevice.aidl +++ /dev/null @@ -1,33 +0,0 @@ -/////////////////////////////////////////////////////////////////////////////// -// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // -/////////////////////////////////////////////////////////////////////////////// - -// This file is a snapshot of an AIDL interface (or parcelable). Do not try to -// edit this file. It looks like you are doing that because you have modified -// an AIDL interface in a backward-incompatible way, e.g., deleting a function -// from an interface or a field from a parcelable and it broke the build. That -// breakage is intended. -// -// You must not make a backward incompatible changes to the AIDL files built -// with the aidl_interface module type with versions property set. The module -// type is used to build AIDL files in a way that they can be used across -// independently updatable components of the system. If a device is shipped -// with such a backward incompatible change, it has a high risk of breaking -// later when a module using the interface is updated, e.g., Mainline modules. - -package android.hardware.security.keymint; -@VintfStability -interface IKeyMintDevice { - android.hardware.security.keymint.KeyMintHardwareInfo getHardwareInfo(); - android.hardware.security.keymint.VerificationToken verifyAuthorization(in long challenge, in android.hardware.security.keymint.HardwareAuthToken token); - void addRngEntropy(in byte[] data); - void generateKey(in android.hardware.security.keymint.KeyParameter[] keyParams, out android.hardware.security.keymint.ByteArray generatedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics generatedKeyCharacteristics, out android.hardware.security.keymint.Certificate[] outCertChain); - void importKey(in android.hardware.security.keymint.KeyParameter[] inKeyParams, in android.hardware.security.keymint.KeyFormat inKeyFormat, in byte[] inKeyData, out android.hardware.security.keymint.ByteArray outImportedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics outImportedKeyCharacteristics, out android.hardware.security.keymint.Certificate[] outCertChain); - void importWrappedKey(in byte[] inWrappedKeyData, in byte[] inWrappingKeyBlob, in byte[] inMaskingKey, in android.hardware.security.keymint.KeyParameter[] inUnwrappingParams, in long inPasswordSid, in long inBiometricSid, out android.hardware.security.keymint.ByteArray outImportedKeyBlob, out android.hardware.security.keymint.KeyCharacteristics outImportedKeyCharacteristics); - byte[] upgradeKey(in byte[] inKeyBlobToUpgrade, in android.hardware.security.keymint.KeyParameter[] inUpgradeParams); - void deleteKey(in byte[] inKeyBlob); - void deleteAllKeys(); - void destroyAttestationIds(); - android.hardware.security.keymint.BeginResult begin(in android.hardware.security.keymint.KeyPurpose inPurpose, in byte[] inKeyBlob, in android.hardware.security.keymint.KeyParameter[] inParams, in android.hardware.security.keymint.HardwareAuthToken inAuthToken); - const int AUTH_TOKEN_MAC_LENGTH = 32; -} diff --git a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl b/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl deleted file mode 100644 index 8e3b0fcf9b..0000000000 --- a/security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/IKeyMintOperation.aidl +++ /dev/null @@ -1,24 +0,0 @@ -/////////////////////////////////////////////////////////////////////////////// -// THIS FILE IS IMMUTABLE. DO NOT EDIT IN ANY CASE. // -/////////////////////////////////////////////////////////////////////////////// - -// This file is a snapshot of an AIDL interface (or parcelable). Do not try to -// edit this file. It looks like you are doing that because you have modified -// an AIDL interface in a backward-incompatible way, e.g., deleting a function -// from an interface or a field from a parcelable and it broke the build. That -// breakage is intended. -// -// You must not make a backward incompatible changes to the AIDL files built -// with the aidl_interface module type with versions property set. The module -// type is used to build AIDL files in a way that they can be used across -// independently updatable components of the system. If a device is shipped -// with such a backward incompatible change, it has a high risk of breaking -// later when a module using the interface is updated, e.g., Mainline modules. - -package android.hardware.security.keymint; -@VintfStability -interface IKeyMintOperation { - int update(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable android.hardware.security.keymint.HardwareAuthToken inAuthToken, in @nullable android.hardware.security.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams, out @nullable android.hardware.security.keymint.ByteArray output); - byte[] finish(in @nullable android.hardware.security.keymint.KeyParameterArray inParams, in @nullable byte[] input, in @nullable byte[] inSignature, in @nullable android.hardware.security.keymint.HardwareAuthToken authToken, in @nullable android.hardware.security.keymint.VerificationToken inVerificationToken, out @nullable android.hardware.security.keymint.KeyParameterArray outParams); - void abort(); -} diff --git a/security/keymint/aidl/default/android.hardware.security.keymint-service.rc b/security/keymint/aidl/default/android.hardware.security.keymint-service.rc deleted file mode 100644 index 0c3a6e15a6..0000000000 --- a/security/keymint/aidl/default/android.hardware.security.keymint-service.rc +++ /dev/null @@ -1,3 +0,0 @@ -service vendor.keymint-default /vendor/bin/hw/android.hardware.security.keymint-service - class early_hal - user nobody