blob: 43a34b055bcec764ce99078512d7860a03f921a6 [file] [log] [blame]
/*
**
** Copyright 2017, The Android Open Source Project
**
** Licensed under the Apache License, Version 2.0 (the "License");
** you may not use this file except in compliance with the License.
** You may obtain a copy of the License at
**
** http://www.apache.org/licenses/LICENSE-2.0
**
** Unless required by applicable law or agreed to in writing, software
** distributed under the License is distributed on an "AS IS" BASIS,
** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
** See the License for the specific language governing permissions and
** limitations under the License.
*/
#ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_
#define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_
#include <android/hardware/keymaster/4.0/IKeymasterDevice.h>
#include <memory>
#include <vector>
namespace android {
namespace hardware {
namespace keymaster {
namespace V4_0 {
namespace support {
/**
* Keymaster abstracts the underlying V4_0::IKeymasterDevice. There is one implementation
* (Keymaster4) which is a trivial passthrough and one that wraps a V3_0::IKeymasterDevice.
*
* The reason for adding this additional layer, rather than simply using the latest HAL directly and
* subclassing it to wrap any older HAL, is because this provides a place to put additional methods
* which clients can use when they need to distinguish between different underlying HAL versions,
* while still having to use only the latest interface.
*/
class Keymaster : public IKeymasterDevice {
public:
using KeymasterSet = std::vector<std::unique_ptr<Keymaster>>;
Keymaster(const hidl_string& descriptor, const hidl_string& instanceName)
: descriptor_(descriptor), instanceName_(instanceName) {}
virtual ~Keymaster() {}
struct VersionResult {
hidl_string keymasterName;
hidl_string authorName;
uint8_t majorVersion;
SecurityLevel securityLevel;
bool supportsEc;
bool operator>(const VersionResult& other) const {
auto lhs = std::tie(securityLevel, majorVersion, supportsEc);
auto rhs = std::tie(other.securityLevel, other.majorVersion, other.supportsEc);
return lhs > rhs;
}
};
virtual const VersionResult& halVersion() const = 0;
const hidl_string& descriptor() const { return descriptor_; }
const hidl_string& instanceName() const { return instanceName_; }
/**
* If ec is in the vendor error code range (<-10000), logs the fact to logcat.
* There are no side effects otherwise.
*/
void logIfKeymasterVendorError(ErrorCode ec) const;
/**
* Returns all available Keymaster3 and Keymaster4 instances, in order of most secure to least
* secure (as defined by VersionResult::operator<).
*/
static KeymasterSet enumerateAvailableDevices();
/**
* Ask provided Keymaster instances to compute a shared HMAC key using
* getHmacSharingParameters() and computeSharedHmac(). This computation is idempotent as long
* as the same set of Keymaster instances is used each time (and if all of the instances work
* correctly). It must be performed once per boot, but should do no harm to be repeated.
*
* If key agreement fails, this method will crash the process (with CHECK).
*/
static void performHmacKeyAgreement(const KeymasterSet& keymasters);
private:
hidl_string descriptor_;
hidl_string instanceName_;
};
std::ostream& operator<<(std::ostream& os, const Keymaster& keymaster);
} // namespace support
} // namespace V4_0
} // namespace keymaster
} // namespace hardware
} // namespace android
#endif // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_