• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  **
3  ** Copyright 2017, The Android Open Source Project
4  **
5  ** Licensed under the Apache License, Version 2.0 (the "License");
6  ** you may not use this file except in compliance with the License.
7  ** You may obtain a copy of the License at
8  **
9  **     http://www.apache.org/licenses/LICENSE-2.0
10  **
11  ** Unless required by applicable law or agreed to in writing, software
12  ** distributed under the License is distributed on an "AS IS" BASIS,
13  ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14  ** See the License for the specific language governing permissions and
15  ** limitations under the License.
16  */
17 
18 #ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_
19 #define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_
20 
21 #include <android/hardware/keymaster/4.0/IKeymasterDevice.h>
22 
23 namespace android {
24 namespace hardware {
25 namespace keymaster {
26 namespace V4_0 {
27 namespace support {
28 
29 /**
30  * Keymaster abstracts the underlying V4_0::IKeymasterDevice.  There is one implementation
31  * (Keymaster4) which is a trivial passthrough and one that wraps a V3_0::IKeymasterDevice.
32  *
33  * The reason for adding this additional layer, rather than simply using the latest HAL directly and
34  * subclassing it to wrap any older HAL, is because this provides a place to put additional methods
35  * which clients can use when they need to distinguish between different underlying HAL versions,
36  * while still having to use only the latest interface.
37  */
38 class Keymaster : public IKeymasterDevice {
39    public:
40     using KeymasterSet = std::vector<std::unique_ptr<Keymaster>>;
41 
Keymaster(const hidl_string & descriptor,const hidl_string & instanceName)42     Keymaster(const hidl_string& descriptor, const hidl_string& instanceName)
43         : descriptor_(descriptor), instanceName_(instanceName) {}
~Keymaster()44     virtual ~Keymaster() {}
45 
46     struct VersionResult {
47         hidl_string keymasterName;
48         hidl_string authorName;
49         uint8_t majorVersion;
50         SecurityLevel securityLevel;
51         bool supportsEc;
52 
53         bool operator>(const VersionResult& other) const {
54             auto lhs = std::tie(securityLevel, majorVersion, supportsEc);
55             auto rhs = std::tie(other.securityLevel, other.majorVersion, other.supportsEc);
56             return lhs > rhs;
57         }
58     };
59 
60     virtual const VersionResult& halVersion() const = 0;
descriptor()61     const hidl_string& descriptor() const { return descriptor_; }
instanceName()62     const hidl_string& instanceName() const { return instanceName_; }
63 
64     /**
65      * Returns all available Keymaster3 and Keymaster4 instances, in order of most secure to least
66      * secure (as defined by VersionResult::operator<).
67      */
68     static KeymasterSet enumerateAvailableDevices();
69 
70     /**
71      * Ask provided Keymaster instances to compute a shared HMAC key using
72      * getHmacSharingParameters() and computeSharedHmac().  This computation is idempotent as long
73      * as the same set of Keymaster instances is used each time (and if all of the instances work
74      * correctly).  It must be performed once per boot, but should do no harm to be repeated.
75      *
76      * If key agreement fails, this method will crash the process (with CHECK).
77      */
78     static void performHmacKeyAgreement(const KeymasterSet& keymasters);
79 
80    private:
81     hidl_string descriptor_;
82     hidl_string instanceName_;
83 };
84 
85 std::ostream& operator<<(std::ostream& os, const Keymaster& keymaster);
86 
87 }  // namespace support
88 }  // namespace V4_0
89 }  // namespace keymaster
90 }  // namespace hardware
91 }  // namespace android
92 
93 #endif  // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_
94