Merge "Include some warnings about vendor_available for fsmgr."
diff --git a/adb/daemon/services.cpp b/adb/daemon/services.cpp
index dfcc52d..8417690 100644
--- a/adb/daemon/services.cpp
+++ b/adb/daemon/services.cpp
@@ -26,6 +26,8 @@
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/un.h>
#include <unistd.h>
#include <thread>
@@ -96,41 +98,44 @@
void reboot_service(unique_fd fd, const std::string& arg) {
std::string reboot_arg = arg;
- bool auto_reboot = false;
-
- if (reboot_arg == "sideload-auto-reboot") {
- auto_reboot = true;
- reboot_arg = "sideload";
- }
-
- // It reboots into sideload mode by setting "--sideload" or "--sideload_auto_reboot"
- // in the command file.
- if (reboot_arg == "sideload") {
- if (getuid() != 0) {
- WriteFdExactly(fd.get(), "'adb root' is required for 'adb reboot sideload'.\n");
- return;
- }
-
- const std::vector<std::string> options = {auto_reboot ? "--sideload_auto_reboot"
- : "--sideload"};
- std::string err;
- if (!write_bootloader_message(options, &err)) {
- D("Failed to set bootloader message: %s", err.c_str());
- return;
- }
-
- reboot_arg = "recovery";
- }
-
sync();
if (reboot_arg.empty()) reboot_arg = "adb";
std::string reboot_string = android::base::StringPrintf("reboot,%s", reboot_arg.c_str());
- if (!android::base::SetProperty(ANDROID_RB_PROPERTY, reboot_string)) {
- WriteFdFmt(fd.get(), "reboot (%s) failed\n", reboot_string.c_str());
- return;
- }
+ if (reboot_arg == "fastboot" && access("/dev/socket/recovery", F_OK) == 0) {
+ LOG(INFO) << "Recovery specific reboot fastboot";
+ /*
+ * The socket is created to allow switching between recovery and
+ * fastboot.
+ */
+ android::base::unique_fd sock(socket(AF_UNIX, SOCK_STREAM, 0));
+ if (sock < 0) {
+ WriteFdFmt(fd, "reboot (%s) create\n", strerror(errno));
+ PLOG(ERROR) << "Creating recovery socket failed";
+ return;
+ }
+
+ sockaddr_un addr = {.sun_family = AF_UNIX};
+ strncpy(addr.sun_path, "/dev/socket/recovery", sizeof(addr.sun_path) - 1);
+ if (connect(sock, reinterpret_cast<sockaddr*>(&addr), sizeof(addr)) == -1) {
+ WriteFdFmt(fd, "reboot (%s) connect\n", strerror(errno));
+ PLOG(ERROR) << "Couldn't connect to recovery socket";
+ return;
+ }
+ const char msg_switch_to_fastboot = 'f';
+ auto ret = adb_write(sock, &msg_switch_to_fastboot, sizeof(msg_switch_to_fastboot));
+ if (ret != sizeof(msg_switch_to_fastboot)) {
+ WriteFdFmt(fd, "reboot (%s) write\n", strerror(errno));
+ PLOG(ERROR) << "Couldn't write message to recovery socket to switch to fastboot";
+ return;
+ }
+ } else {
+ if (!android::base::SetProperty(ANDROID_RB_PROPERTY, reboot_string)) {
+ WriteFdFmt(fd.get(), "reboot (%s) failed\n", reboot_string.c_str());
+ return;
+ }
+ }
// Don't return early. Give the reboot command time to take effect
// to avoid messing up scripts which do "adb reboot && adb wait-for-device"
while (true) {
diff --git a/adb/test_adb.py b/adb/test_adb.py
index d4c98e4..86c13d0 100755
--- a/adb/test_adb.py
+++ b/adb/test_adb.py
@@ -28,6 +28,7 @@
import struct
import subprocess
import threading
+import time
import unittest
@@ -90,7 +91,7 @@
server_thread.start()
try:
- yield port
+ yield port, writesock
finally:
writesock.close()
server_thread.join()
@@ -120,7 +121,7 @@
def adb_server():
"""Context manager for an ADB server.
- This creates an ADB server and returns the port it"s listening on.
+ This creates an ADB server and returns the port it's listening on.
"""
port = 5038
@@ -342,7 +343,7 @@
Bug: http://b/78991667
"""
with adb_server() as server_port:
- with fake_adbd() as port:
+ with fake_adbd() as (port, _):
serial = "emulator-{}".format(port - 1)
# Ensure that the emulator is not there.
try:
@@ -380,7 +381,7 @@
"""
for protocol in (socket.AF_INET, socket.AF_INET6):
try:
- with fake_adbd(protocol=protocol) as port:
+ with fake_adbd(protocol=protocol) as (port, _):
serial = "localhost:{}".format(port)
with adb_connect(self, serial):
pass
@@ -391,7 +392,7 @@
def test_already_connected(self):
"""Ensure that an already-connected device stays connected."""
- with fake_adbd() as port:
+ with fake_adbd() as (port, _):
serial = "localhost:{}".format(port)
with adb_connect(self, serial):
# b/31250450: this always returns 0 but probably shouldn't.
@@ -403,7 +404,7 @@
def test_reconnect(self):
"""Ensure that a disconnected device reconnects."""
- with fake_adbd() as port:
+ with fake_adbd() as (port, _):
serial = "localhost:{}".format(port)
with adb_connect(self, serial):
output = subprocess.check_output(["adb", "-s", serial,
@@ -439,6 +440,46 @@
"error: device '{}' not found".format(serial).encode("utf8"))
+class DisconnectionTest(unittest.TestCase):
+ """Tests for adb disconnect."""
+
+ def test_disconnect(self):
+ """Ensure that `adb disconnect` takes effect immediately."""
+
+ def _devices(port):
+ output = subprocess.check_output(["adb", "-P", str(port), "devices"])
+ return [x.split("\t") for x in output.decode("utf8").strip().splitlines()[1:]]
+
+ with adb_server() as server_port:
+ with fake_adbd() as (port, sock):
+ device_name = "localhost:{}".format(port)
+ output = subprocess.check_output(["adb", "-P", str(server_port),
+ "connect", device_name])
+ self.assertEqual(output.strip(),
+ "connected to {}".format(device_name).encode("utf8"))
+
+
+ self.assertEqual(_devices(server_port), [[device_name, "device"]])
+
+ # Send a deliberately malformed packet to make the device go offline.
+ packet = struct.pack("IIIIII", 0, 0, 0, 0, 0, 0)
+ sock.sendall(packet)
+
+ # Wait a bit.
+ time.sleep(0.1)
+
+ self.assertEqual(_devices(server_port), [[device_name, "offline"]])
+
+ # Disconnect the device.
+ output = subprocess.check_output(["adb", "-P", str(server_port),
+ "disconnect", device_name])
+
+ # Wait a bit.
+ time.sleep(0.1)
+
+ self.assertEqual(_devices(server_port), [])
+
+
def main():
"""Main entrypoint."""
random.seed(0)
diff --git a/adb/transport.cpp b/adb/transport.cpp
index 4cd19f9..332e0f8 100644
--- a/adb/transport.cpp
+++ b/adb/transport.cpp
@@ -97,6 +97,9 @@
// Adds the atransport* to the queue of reconnect attempts.
void TrackTransport(atransport* transport);
+ // Wake up the ReconnectHandler thread to have it check for kicked transports.
+ void CheckForKicked();
+
private:
// The main thread loop.
void Run();
@@ -166,6 +169,10 @@
reconnect_cv_.notify_one();
}
+void ReconnectHandler::CheckForKicked() {
+ reconnect_cv_.notify_one();
+}
+
void ReconnectHandler::Run() {
while (true) {
ReconnectAttempt attempt;
@@ -184,10 +191,25 @@
}
if (!running_) return;
+
+ // Scan the whole list for kicked transports, so that we immediately handle an explicit
+ // disconnect request.
+ bool kicked = false;
+ for (auto it = reconnect_queue_.begin(); it != reconnect_queue_.end();) {
+ if (it->transport->kicked()) {
+ D("transport %s was kicked. giving up on it.", it->transport->serial.c_str());
+ remove_transport(it->transport);
+ it = reconnect_queue_.erase(it);
+ } else {
+ ++it;
+ }
+ kicked = true;
+ }
+
if (reconnect_queue_.empty()) continue;
- // Go back to sleep in case |reconnect_cv_| woke up spuriously and we still
- // have more time to wait for the current attempt.
+ // Go back to sleep if we either woke up spuriously, or we were woken up to remove
+ // a kicked transport, and the first transport isn't ready for reconnection yet.
auto now = std::chrono::steady_clock::now();
if (reconnect_queue_.begin()->reconnect_time > now) {
continue;
@@ -195,11 +217,6 @@
attempt = *reconnect_queue_.begin();
reconnect_queue_.erase(reconnect_queue_.begin());
- if (attempt.transport->kicked()) {
- D("transport %s was kicked. giving up on it.", attempt.transport->serial.c_str());
- remove_transport(attempt.transport);
- continue;
- }
}
D("attempting to reconnect %s", attempt.transport->serial.c_str());
@@ -448,6 +465,10 @@
if (std::find(transport_list.begin(), transport_list.end(), t) != transport_list.end()) {
t->Kick();
}
+
+#if ADB_HOST
+ reconnect_handler.CheckForKicked();
+#endif
}
static int transport_registration_send = -1;
@@ -1276,6 +1297,9 @@
t->Kick();
}
}
+#if ADB_HOST
+ reconnect_handler.CheckForKicked();
+#endif
}
#endif
diff --git a/init/reboot.cpp b/init/reboot.cpp
index 7401857..2f88121 100644
--- a/init/reboot.cpp
+++ b/init/reboot.cpp
@@ -473,7 +473,21 @@
"bootloader_message: "
<< err;
}
+ } else if (reboot_target == "sideload" || reboot_target == "sideload-auto-reboot" ||
+ reboot_target == "fastboot") {
+ std::string arg = reboot_target == "sideload-auto-reboot" ? "sideload_auto_reboot"
+ : reboot_target;
+ const std::vector<std::string> options = {
+ "--" + arg,
+ };
+ std::string err;
+ if (!write_bootloader_message(options, &err)) {
+ LOG(ERROR) << "Failed to set bootloader message: " << err;
+ return false;
+ }
+ reboot_target = "recovery";
}
+
// If there is an additional parameter, pass it along
if ((cmd_params.size() == 3) && cmd_params[2].size()) {
reboot_target += "," + cmd_params[2];
diff --git a/trusty/keymaster/3.0/TrustyKeymaster3Device.cpp b/trusty/keymaster/3.0/TrustyKeymaster3Device.cpp
new file mode 100644
index 0000000..8e3b3b1
--- /dev/null
+++ b/trusty/keymaster/3.0/TrustyKeymaster3Device.cpp
@@ -0,0 +1,448 @@
+/*
+ **
+ ** Copyright 2018, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ ** http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+#define LOG_TAG "android.hardware.keymaster@3.0-impl.trusty"
+
+#include <authorization_set.h>
+#include <cutils/log.h>
+#include <keymaster/android_keymaster_messages.h>
+#include <trusty_keymaster/TrustyKeymaster3Device.h>
+
+using ::keymaster::AbortOperationRequest;
+using ::keymaster::AbortOperationResponse;
+using ::keymaster::AddEntropyRequest;
+using ::keymaster::AddEntropyResponse;
+using ::keymaster::AttestKeyRequest;
+using ::keymaster::AttestKeyResponse;
+using ::keymaster::AuthorizationSet;
+using ::keymaster::BeginOperationRequest;
+using ::keymaster::BeginOperationResponse;
+using ::keymaster::ExportKeyRequest;
+using ::keymaster::ExportKeyResponse;
+using ::keymaster::FinishOperationRequest;
+using ::keymaster::FinishOperationResponse;
+using ::keymaster::GenerateKeyRequest;
+using ::keymaster::GenerateKeyResponse;
+using ::keymaster::GetKeyCharacteristicsRequest;
+using ::keymaster::GetKeyCharacteristicsResponse;
+using ::keymaster::ImportKeyRequest;
+using ::keymaster::ImportKeyResponse;
+using ::keymaster::UpdateOperationRequest;
+using ::keymaster::UpdateOperationResponse;
+using ::keymaster::ng::Tag;
+
+namespace keymaster {
+
+namespace {
+
+inline keymaster_tag_t legacy_enum_conversion(const Tag value) {
+ return keymaster_tag_t(value);
+}
+inline Tag legacy_enum_conversion(const keymaster_tag_t value) {
+ return Tag(value);
+}
+inline keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) {
+ return keymaster_purpose_t(value);
+}
+inline keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) {
+ return keymaster_key_format_t(value);
+}
+inline ErrorCode legacy_enum_conversion(const keymaster_error_t value) {
+ return ErrorCode(value);
+}
+
+inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
+ return keymaster_tag_get_type(tag);
+}
+
+class KmParamSet : public keymaster_key_param_set_t {
+ public:
+ KmParamSet(const hidl_vec<KeyParameter>& keyParams) {
+ params = new keymaster_key_param_t[keyParams.size()];
+ length = keyParams.size();
+ for (size_t i = 0; i < keyParams.size(); ++i) {
+ auto tag = legacy_enum_conversion(keyParams[i].tag);
+ switch (typeFromTag(tag)) {
+ case KM_ENUM:
+ case KM_ENUM_REP:
+ params[i] = keymaster_param_enum(tag, keyParams[i].f.integer);
+ break;
+ case KM_UINT:
+ case KM_UINT_REP:
+ params[i] = keymaster_param_int(tag, keyParams[i].f.integer);
+ break;
+ case KM_ULONG:
+ case KM_ULONG_REP:
+ params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger);
+ break;
+ case KM_DATE:
+ params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime);
+ break;
+ case KM_BOOL:
+ if (keyParams[i].f.boolValue)
+ params[i] = keymaster_param_bool(tag);
+ else
+ params[i].tag = KM_TAG_INVALID;
+ break;
+ case KM_BIGNUM:
+ case KM_BYTES:
+ params[i] = keymaster_param_blob(tag, &keyParams[i].blob[0],
+ keyParams[i].blob.size());
+ break;
+ case KM_INVALID:
+ default:
+ params[i].tag = KM_TAG_INVALID;
+ /* just skip */
+ break;
+ }
+ }
+ }
+ KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} {
+ other.length = 0;
+ other.params = nullptr;
+ }
+ KmParamSet(const KmParamSet&) = delete;
+ ~KmParamSet() { delete[] params; }
+};
+
+inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_key_blob_t& blob) {
+ hidl_vec<uint8_t> result;
+ result.setToExternal(const_cast<unsigned char*>(blob.key_material), blob.key_material_size);
+ return result;
+}
+
+inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_blob_t& blob) {
+ hidl_vec<uint8_t> result;
+ result.setToExternal(const_cast<unsigned char*>(blob.data), blob.data_length);
+ return result;
+}
+
+inline hidl_vec<uint8_t> kmBuffer2hidlVec(const ::keymaster::Buffer& buf) {
+ hidl_vec<uint8_t> result;
+ result.setToExternal(const_cast<unsigned char*>(buf.peek_read()), buf.available_read());
+ return result;
+}
+
+inline static hidl_vec<hidl_vec<uint8_t>> kmCertChain2Hidl(
+ const keymaster_cert_chain_t& cert_chain) {
+ hidl_vec<hidl_vec<uint8_t>> result;
+ if (!cert_chain.entry_count || !cert_chain.entries) return result;
+
+ result.resize(cert_chain.entry_count);
+ for (size_t i = 0; i < cert_chain.entry_count; ++i) {
+ result[i] = kmBlob2hidlVec(cert_chain.entries[i]);
+ }
+
+ return result;
+}
+
+static inline hidl_vec<KeyParameter> kmParamSet2Hidl(const keymaster_key_param_set_t& set) {
+ hidl_vec<KeyParameter> result;
+ if (set.length == 0 || set.params == nullptr) return result;
+
+ result.resize(set.length);
+ keymaster_key_param_t* params = set.params;
+ for (size_t i = 0; i < set.length; ++i) {
+ auto tag = params[i].tag;
+ result[i].tag = legacy_enum_conversion(tag);
+ switch (typeFromTag(tag)) {
+ case KM_ENUM:
+ case KM_ENUM_REP:
+ result[i].f.integer = params[i].enumerated;
+ break;
+ case KM_UINT:
+ case KM_UINT_REP:
+ result[i].f.integer = params[i].integer;
+ break;
+ case KM_ULONG:
+ case KM_ULONG_REP:
+ result[i].f.longInteger = params[i].long_integer;
+ break;
+ case KM_DATE:
+ result[i].f.dateTime = params[i].date_time;
+ break;
+ case KM_BOOL:
+ result[i].f.boolValue = params[i].boolean;
+ break;
+ case KM_BIGNUM:
+ case KM_BYTES:
+ result[i].blob.setToExternal(const_cast<unsigned char*>(params[i].blob.data),
+ params[i].blob.data_length);
+ break;
+ case KM_INVALID:
+ default:
+ params[i].tag = KM_TAG_INVALID;
+ /* just skip */
+ break;
+ }
+ }
+ return result;
+}
+
+void addClientAndAppData(const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
+ ::keymaster::AuthorizationSet* params) {
+ params->Clear();
+ if (clientId.size()) {
+ params->push_back(::keymaster::TAG_APPLICATION_ID, clientId.data(), clientId.size());
+ }
+ if (appData.size()) {
+ params->push_back(::keymaster::TAG_APPLICATION_DATA, appData.data(), appData.size());
+ }
+}
+
+} // anonymous namespace
+
+TrustyKeymaster3Device::TrustyKeymaster3Device(TrustyKeymaster* impl) : impl_(impl) {}
+
+TrustyKeymaster3Device::~TrustyKeymaster3Device() {}
+
+Return<void> TrustyKeymaster3Device::getHardwareFeatures(getHardwareFeatures_cb _hidl_cb) {
+ _hidl_cb(true /* is_secure */, true /* supports_ec */,
+ true /* supports_symmetric_cryptography */, true /* supports_attestation */,
+ true /* supportsAllDigests */, "TrustyKeymaster", "Google");
+ return Void();
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::addRngEntropy(const hidl_vec<uint8_t>& data) {
+ if (data.size() == 0) return ErrorCode::OK;
+ AddEntropyRequest request;
+ request.random_data.Reinitialize(data.data(), data.size());
+
+ AddEntropyResponse response;
+ impl_->AddRngEntropy(request, &response);
+
+ return legacy_enum_conversion(response.error);
+}
+
+Return<void> TrustyKeymaster3Device::generateKey(const hidl_vec<KeyParameter>& keyParams,
+ generateKey_cb _hidl_cb) {
+ GenerateKeyRequest request;
+ request.key_description.Reinitialize(KmParamSet(keyParams));
+
+ GenerateKeyResponse response;
+ impl_->GenerateKey(request, &response);
+
+ KeyCharacteristics resultCharacteristics;
+ hidl_vec<uint8_t> resultKeyBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultKeyBlob = kmBlob2hidlVec(response.key_blob);
+ resultCharacteristics.teeEnforced = kmParamSet2Hidl(response.enforced);
+ resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId,
+ const hidl_vec<uint8_t>& appData,
+ getKeyCharacteristics_cb _hidl_cb) {
+ GetKeyCharacteristicsRequest request;
+ request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
+ addClientAndAppData(clientId, appData, &request.additional_params);
+
+ GetKeyCharacteristicsResponse response;
+ impl_->GetKeyCharacteristics(request, &response);
+
+ KeyCharacteristics resultCharacteristics;
+ if (response.error == KM_ERROR_OK) {
+ resultCharacteristics.teeEnforced = kmParamSet2Hidl(response.enforced);
+ resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultCharacteristics);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::importKey(const hidl_vec<KeyParameter>& params,
+ KeyFormat keyFormat,
+ const hidl_vec<uint8_t>& keyData,
+ importKey_cb _hidl_cb) {
+ ImportKeyRequest request;
+ request.key_description.Reinitialize(KmParamSet(params));
+ request.key_format = legacy_enum_conversion(keyFormat);
+ request.SetKeyMaterial(keyData.data(), keyData.size());
+
+ ImportKeyResponse response;
+ impl_->ImportKey(request, &response);
+
+ KeyCharacteristics resultCharacteristics;
+ hidl_vec<uint8_t> resultKeyBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultKeyBlob = kmBlob2hidlVec(response.key_blob);
+ resultCharacteristics.teeEnforced = kmParamSet2Hidl(response.enforced);
+ resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::exportKey(KeyFormat exportFormat,
+ const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId,
+ const hidl_vec<uint8_t>& appData,
+ exportKey_cb _hidl_cb) {
+ ExportKeyRequest request;
+ request.key_format = legacy_enum_conversion(exportFormat);
+ request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
+ addClientAndAppData(clientId, appData, &request.additional_params);
+
+ ExportKeyResponse response;
+ impl_->ExportKey(request, &response);
+
+ hidl_vec<uint8_t> resultKeyBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultKeyBlob.setToExternal(response.key_data, response.key_data_length);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::attestKey(const hidl_vec<uint8_t>& keyToAttest,
+ const hidl_vec<KeyParameter>& attestParams,
+ attestKey_cb _hidl_cb) {
+ AttestKeyRequest request;
+ request.SetKeyMaterial(keyToAttest.data(), keyToAttest.size());
+ request.attest_params.Reinitialize(KmParamSet(attestParams));
+
+ AttestKeyResponse response;
+ impl_->AttestKey(request, &response);
+
+ hidl_vec<hidl_vec<uint8_t>> resultCertChain;
+ if (response.error == KM_ERROR_OK) {
+ resultCertChain = kmCertChain2Hidl(response.certificate_chain);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultCertChain);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
+ const hidl_vec<KeyParameter>& upgradeParams,
+ upgradeKey_cb _hidl_cb) {
+ UpgradeKeyRequest request;
+ request.SetKeyMaterial(keyBlobToUpgrade.data(), keyBlobToUpgrade.size());
+ request.upgrade_params.Reinitialize(KmParamSet(upgradeParams));
+
+ UpgradeKeyResponse response;
+ impl_->UpgradeKey(request, &response);
+
+ if (response.error == KM_ERROR_OK) {
+ _hidl_cb(ErrorCode::OK, kmBlob2hidlVec(response.upgraded_key));
+ } else {
+ _hidl_cb(legacy_enum_conversion(response.error), hidl_vec<uint8_t>());
+ }
+ return Void();
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
+ DeleteKeyRequest request;
+ request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
+
+ DeleteKeyResponse response;
+ impl_->DeleteKey(request, &response);
+
+ return legacy_enum_conversion(response.error);
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::deleteAllKeys() {
+ DeleteAllKeysRequest request;
+ DeleteAllKeysResponse response;
+ impl_->DeleteAllKeys(request, &response);
+
+ return legacy_enum_conversion(response.error);
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::destroyAttestationIds() {
+ return ErrorCode::UNIMPLEMENTED;
+}
+
+Return<void> TrustyKeymaster3Device::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
+ const hidl_vec<KeyParameter>& inParams,
+ begin_cb _hidl_cb) {
+ BeginOperationRequest request;
+ request.purpose = legacy_enum_conversion(purpose);
+ request.SetKeyMaterial(key.data(), key.size());
+ request.additional_params.Reinitialize(KmParamSet(inParams));
+
+ BeginOperationResponse response;
+ impl_->BeginOperation(request, &response);
+
+ hidl_vec<KeyParameter> resultParams;
+ if (response.error == KM_ERROR_OK) {
+ resultParams = kmParamSet2Hidl(response.output_params);
+ }
+
+ _hidl_cb(legacy_enum_conversion(response.error), resultParams, response.op_handle);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::update(uint64_t operationHandle,
+ const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, update_cb _hidl_cb) {
+ UpdateOperationRequest request;
+ request.op_handle = operationHandle;
+ request.input.Reinitialize(input.data(), input.size());
+ request.additional_params.Reinitialize(KmParamSet(inParams));
+
+ UpdateOperationResponse response;
+ impl_->UpdateOperation(request, &response);
+
+ uint32_t resultConsumed = 0;
+ hidl_vec<KeyParameter> resultParams;
+ hidl_vec<uint8_t> resultBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultConsumed = response.input_consumed;
+ resultParams = kmParamSet2Hidl(response.output_params);
+ resultBlob = kmBuffer2hidlVec(response.output);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultConsumed, resultParams, resultBlob);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::finish(uint64_t operationHandle,
+ const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input,
+ const hidl_vec<uint8_t>& signature,
+ finish_cb _hidl_cb) {
+ FinishOperationRequest request;
+ request.op_handle = operationHandle;
+ request.input.Reinitialize(input.data(), input.size());
+ request.signature.Reinitialize(signature.data(), signature.size());
+ request.additional_params.Reinitialize(KmParamSet(inParams));
+
+ FinishOperationResponse response;
+ impl_->FinishOperation(request, &response);
+
+ hidl_vec<KeyParameter> resultParams;
+ hidl_vec<uint8_t> resultBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultParams = kmParamSet2Hidl(response.output_params);
+ resultBlob = kmBuffer2hidlVec(response.output);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultParams, resultBlob);
+ return Void();
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::abort(uint64_t operationHandle) {
+ AbortOperationRequest request;
+ request.op_handle = operationHandle;
+
+ AbortOperationResponse response;
+ impl_->AbortOperation(request, &response);
+
+ return legacy_enum_conversion(response.error);
+}
+} // namespace keymaster
diff --git a/trusty/keymaster/3.0/android.hardware.keymaster@3.0-service.trusty.rc b/trusty/keymaster/3.0/android.hardware.keymaster@3.0-service.trusty.rc
new file mode 100644
index 0000000..e9d3054
--- /dev/null
+++ b/trusty/keymaster/3.0/android.hardware.keymaster@3.0-service.trusty.rc
@@ -0,0 +1,4 @@
+service vendor.keymaster-3-0 /vendor/bin/hw/android.hardware.keymaster@3.0-service.trusty
+ class early_hal
+ user nobody
+ group system drmrpc
diff --git a/trusty/keymaster/3.0/service.cpp b/trusty/keymaster/3.0/service.cpp
new file mode 100644
index 0000000..0d8436e
--- /dev/null
+++ b/trusty/keymaster/3.0/service.cpp
@@ -0,0 +1,43 @@
+/*
+**
+** Copyright 2018, The Android Open Source Project
+**
+** Licensed under the Apache License, Version 2.0 (the "License");
+** you may not use this file except in compliance with the License.
+** You may obtain a copy of the License at
+**
+** http://www.apache.org/licenses/LICENSE-2.0
+**
+** Unless required by applicable law or agreed to in writing, software
+** distributed under the License is distributed on an "AS IS" BASIS,
+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+** See the License for the specific language governing permissions and
+** limitations under the License.
+*/
+
+#include <android-base/logging.h>
+#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
+#include <hidl/HidlTransportSupport.h>
+#include <trusty_keymaster/TrustyKeymaster.h>
+#include <trusty_keymaster/TrustyKeymaster3Device.h>
+
+int main() {
+ ::android::hardware::configureRpcThreadpool(1, true);
+ auto trustyKeymaster = new keymaster::TrustyKeymaster();
+ int err = trustyKeymaster->Initialize();
+ if (err != 0) {
+ LOG(FATAL) << "Could not initialize TrustyKeymaster (" << err << ")";
+ return -1;
+ }
+
+ auto keymaster = new ::keymaster::TrustyKeymaster3Device(trustyKeymaster);
+
+ auto status = keymaster->registerAsService();
+ if (status != android::OK) {
+ LOG(FATAL) << "Could not register service for Keymaster 3.0 (" << status << ")";
+ return -1;
+ }
+
+ android::hardware::joinRpcThreadpool();
+ return -1; // Should never get here.
+}
diff --git a/trusty/keymaster/Android.bp b/trusty/keymaster/Android.bp
index 52a879e..819851f 100644
--- a/trusty/keymaster/Android.bp
+++ b/trusty/keymaster/Android.bp
@@ -77,3 +77,34 @@
],
header_libs: ["libhardware_headers"],
}
+
+cc_binary {
+ name: "android.hardware.keymaster@3.0-service.trusty",
+ defaults: ["hidl_defaults"],
+ relative_install_path: "hw",
+ vendor: true,
+ init_rc: ["3.0/android.hardware.keymaster@3.0-service.trusty.rc"],
+ srcs: [
+ "3.0/service.cpp",
+ "3.0/TrustyKeymaster3Device.cpp",
+ "ipc/trusty_keymaster_ipc.cpp",
+ "TrustyKeymaster.cpp",
+ ],
+
+ local_include_dirs: ["include"],
+
+ shared_libs: [
+ "liblog",
+ "libcutils",
+ "libdl",
+ "libbase",
+ "libutils",
+ "libhardware",
+ "libhidlbase",
+ "libhidltransport",
+ "libtrusty",
+ "libkeymaster_messages",
+ "libkeymaster3device",
+ "android.hardware.keymaster@3.0"
+ ],
+}
diff --git a/trusty/keymaster/TrustyKeymaster.cpp b/trusty/keymaster/TrustyKeymaster.cpp
new file mode 100644
index 0000000..7f5e87f
--- /dev/null
+++ b/trusty/keymaster/TrustyKeymaster.cpp
@@ -0,0 +1,196 @@
+/*
+ * Copyright 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cutils/log.h>
+#include <keymaster/android_keymaster_messages.h>
+#include <keymaster/keymaster_configuration.h>
+#include <trusty_keymaster/TrustyKeymaster.h>
+#include <trusty_keymaster/ipc/trusty_keymaster_ipc.h>
+
+namespace keymaster {
+
+int TrustyKeymaster::Initialize() {
+ int err;
+
+ err = trusty_keymaster_connect();
+ if (err) {
+ ALOGE("Failed to connect to trusty keymaster %d", err);
+ return err;
+ }
+
+ ConfigureRequest req;
+ req.os_version = GetOsVersion();
+ req.os_patchlevel = GetOsPatchlevel();
+
+ ConfigureResponse rsp;
+ Configure(req, &rsp);
+
+ if (rsp.error != KM_ERROR_OK) {
+ ALOGE("Failed to configure keymaster %d", rsp.error);
+ return -1;
+ }
+
+ return 0;
+}
+
+TrustyKeymaster::TrustyKeymaster() {}
+
+TrustyKeymaster::~TrustyKeymaster() {
+ trusty_keymaster_disconnect();
+}
+
+static void ForwardCommand(enum keymaster_command command, const Serializable& req,
+ KeymasterResponse* rsp) {
+ keymaster_error_t err;
+ err = trusty_keymaster_send(command, req, rsp);
+ if (err != KM_ERROR_OK) {
+ ALOGE("Failed to send cmd %d err: %d", command, err);
+ rsp->error = err;
+ }
+}
+
+void TrustyKeymaster::GetVersion(const GetVersionRequest& request, GetVersionResponse* response) {
+ ForwardCommand(KM_GET_VERSION, request, response);
+}
+
+void TrustyKeymaster::SupportedAlgorithms(const SupportedAlgorithmsRequest& request,
+ SupportedAlgorithmsResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_ALGORITHMS, request, response);
+}
+
+void TrustyKeymaster::SupportedBlockModes(const SupportedBlockModesRequest& request,
+ SupportedBlockModesResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_BLOCK_MODES, request, response);
+}
+
+void TrustyKeymaster::SupportedPaddingModes(const SupportedPaddingModesRequest& request,
+ SupportedPaddingModesResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_PADDING_MODES, request, response);
+}
+
+void TrustyKeymaster::SupportedDigests(const SupportedDigestsRequest& request,
+ SupportedDigestsResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_DIGESTS, request, response);
+}
+
+void TrustyKeymaster::SupportedImportFormats(const SupportedImportFormatsRequest& request,
+ SupportedImportFormatsResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_IMPORT_FORMATS, request, response);
+}
+
+void TrustyKeymaster::SupportedExportFormats(const SupportedExportFormatsRequest& request,
+ SupportedExportFormatsResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_EXPORT_FORMATS, request, response);
+}
+
+void TrustyKeymaster::AddRngEntropy(const AddEntropyRequest& request,
+ AddEntropyResponse* response) {
+ ForwardCommand(KM_ADD_RNG_ENTROPY, request, response);
+}
+
+void TrustyKeymaster::Configure(const ConfigureRequest& request, ConfigureResponse* response) {
+ ForwardCommand(KM_CONFIGURE, request, response);
+}
+
+void TrustyKeymaster::GenerateKey(const GenerateKeyRequest& request,
+ GenerateKeyResponse* response) {
+ GenerateKeyRequest datedRequest(request.message_version);
+ datedRequest.key_description = request.key_description;
+
+ if (!request.key_description.Contains(TAG_CREATION_DATETIME)) {
+ datedRequest.key_description.push_back(TAG_CREATION_DATETIME, java_time(time(NULL)));
+ }
+
+ ForwardCommand(KM_GENERATE_KEY, datedRequest, response);
+}
+
+void TrustyKeymaster::GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
+ GetKeyCharacteristicsResponse* response) {
+ ForwardCommand(KM_GET_KEY_CHARACTERISTICS, request, response);
+}
+
+void TrustyKeymaster::ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response) {
+ ForwardCommand(KM_IMPORT_KEY, request, response);
+}
+
+void TrustyKeymaster::ImportWrappedKey(const ImportWrappedKeyRequest& request,
+ ImportWrappedKeyResponse* response) {
+ ForwardCommand(KM_IMPORT_WRAPPED_KEY, request, response);
+}
+
+void TrustyKeymaster::ExportKey(const ExportKeyRequest& request, ExportKeyResponse* response) {
+ ForwardCommand(KM_EXPORT_KEY, request, response);
+}
+
+void TrustyKeymaster::AttestKey(const AttestKeyRequest& request, AttestKeyResponse* response) {
+ ForwardCommand(KM_ATTEST_KEY, request, response);
+}
+
+void TrustyKeymaster::UpgradeKey(const UpgradeKeyRequest& request, UpgradeKeyResponse* response) {
+ ForwardCommand(KM_UPGRADE_KEY, request, response);
+}
+
+void TrustyKeymaster::DeleteKey(const DeleteKeyRequest& request, DeleteKeyResponse* response) {
+ ForwardCommand(KM_DELETE_KEY, request, response);
+}
+
+void TrustyKeymaster::DeleteAllKeys(const DeleteAllKeysRequest& request,
+ DeleteAllKeysResponse* response) {
+ ForwardCommand(KM_DELETE_ALL_KEYS, request, response);
+}
+
+void TrustyKeymaster::BeginOperation(const BeginOperationRequest& request,
+ BeginOperationResponse* response) {
+ ForwardCommand(KM_BEGIN_OPERATION, request, response);
+}
+
+void TrustyKeymaster::UpdateOperation(const UpdateOperationRequest& request,
+ UpdateOperationResponse* response) {
+ ForwardCommand(KM_UPDATE_OPERATION, request, response);
+}
+
+void TrustyKeymaster::FinishOperation(const FinishOperationRequest& request,
+ FinishOperationResponse* response) {
+ ForwardCommand(KM_FINISH_OPERATION, request, response);
+}
+
+void TrustyKeymaster::AbortOperation(const AbortOperationRequest& request,
+ AbortOperationResponse* response) {
+ ForwardCommand(KM_ABORT_OPERATION, request, response);
+}
+
+/* Methods for Keymaster 4.0 functionality -- not yet implemented */
+GetHmacSharingParametersResponse TrustyKeymaster::GetHmacSharingParameters() {
+ GetHmacSharingParametersResponse response;
+ response.error = KM_ERROR_UNIMPLEMENTED;
+ return response;
+}
+
+ComputeSharedHmacResponse TrustyKeymaster::ComputeSharedHmac(
+ const ComputeSharedHmacRequest& /* request */) {
+ ComputeSharedHmacResponse response;
+ response.error = KM_ERROR_UNIMPLEMENTED;
+ return response;
+}
+
+VerifyAuthorizationResponse TrustyKeymaster::VerifyAuthorization(
+ const VerifyAuthorizationRequest& /* request */) {
+ VerifyAuthorizationResponse response;
+ response.error = KM_ERROR_UNIMPLEMENTED;
+ return response;
+}
+
+} // namespace keymaster
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
new file mode 100644
index 0000000..030b645
--- /dev/null
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TRUSTY_KEYMASTER_H_
+#define TRUSTY_KEYMASTER_H_
+
+#include <keymaster/android_keymaster_messages.h>
+
+namespace keymaster {
+
+class TrustyKeymaster {
+ public:
+ TrustyKeymaster();
+ ~TrustyKeymaster();
+ int Initialize();
+ void GetVersion(const GetVersionRequest& request, GetVersionResponse* response);
+ void SupportedAlgorithms(const SupportedAlgorithmsRequest& request,
+ SupportedAlgorithmsResponse* response);
+ void SupportedBlockModes(const SupportedBlockModesRequest& request,
+ SupportedBlockModesResponse* response);
+ void SupportedPaddingModes(const SupportedPaddingModesRequest& request,
+ SupportedPaddingModesResponse* response);
+ void SupportedDigests(const SupportedDigestsRequest& request,
+ SupportedDigestsResponse* response);
+ void SupportedImportFormats(const SupportedImportFormatsRequest& request,
+ SupportedImportFormatsResponse* response);
+ void SupportedExportFormats(const SupportedExportFormatsRequest& request,
+ SupportedExportFormatsResponse* response);
+ void AddRngEntropy(const AddEntropyRequest& request, AddEntropyResponse* response);
+ void Configure(const ConfigureRequest& request, ConfigureResponse* response);
+ void GenerateKey(const GenerateKeyRequest& request, GenerateKeyResponse* response);
+ void GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
+ GetKeyCharacteristicsResponse* response);
+ void ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response);
+ void ImportWrappedKey(const ImportWrappedKeyRequest& request,
+ ImportWrappedKeyResponse* response);
+ void ExportKey(const ExportKeyRequest& request, ExportKeyResponse* response);
+ void AttestKey(const AttestKeyRequest& request, AttestKeyResponse* response);
+ void UpgradeKey(const UpgradeKeyRequest& request, UpgradeKeyResponse* response);
+ void DeleteKey(const DeleteKeyRequest& request, DeleteKeyResponse* response);
+ void DeleteAllKeys(const DeleteAllKeysRequest& request, DeleteAllKeysResponse* response);
+ void BeginOperation(const BeginOperationRequest& request, BeginOperationResponse* response);
+ void UpdateOperation(const UpdateOperationRequest& request, UpdateOperationResponse* response);
+ void FinishOperation(const FinishOperationRequest& request, FinishOperationResponse* response);
+ void AbortOperation(const AbortOperationRequest& request, AbortOperationResponse* response);
+ GetHmacSharingParametersResponse GetHmacSharingParameters();
+ ComputeSharedHmacResponse ComputeSharedHmac(const ComputeSharedHmacRequest& request);
+ VerifyAuthorizationResponse VerifyAuthorization(const VerifyAuthorizationRequest& request);
+};
+
+} // namespace keymaster
+
+#endif // TRUSTY_KEYMASTER_H_
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster3Device.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster3Device.h
new file mode 100644
index 0000000..6fc79ce
--- /dev/null
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster3Device.h
@@ -0,0 +1,84 @@
+/*
+ **
+ ** Copyright 2018, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ ** http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+#ifndef HIDL_android_hardware_keymaster_V3_0_TrustyKeymaster3Device_H_
+#define HIDL_android_hardware_keymaster_V3_0_TrustyKeymaster3Device_H_
+
+#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
+
+#include <hidl/MQDescriptor.h>
+#include <hidl/Status.h>
+
+#include <trusty_keymaster/TrustyKeymaster.h>
+
+namespace keymaster {
+
+using ::android::sp;
+using ::android::hardware::hidl_string;
+using ::android::hardware::hidl_vec;
+using ::android::hardware::Return;
+using ::android::hardware::Void;
+using ::android::hardware::keymaster::V3_0::ErrorCode;
+using ::android::hardware::keymaster::V3_0::IKeymasterDevice;
+using ::android::hardware::keymaster::V3_0::KeyCharacteristics;
+using ::android::hardware::keymaster::V3_0::KeyFormat;
+using ::android::hardware::keymaster::V3_0::KeyParameter;
+using ::android::hardware::keymaster::V3_0::KeyPurpose;
+
+class TrustyKeymaster3Device : public IKeymasterDevice {
+ public:
+ TrustyKeymaster3Device(TrustyKeymaster* impl);
+ virtual ~TrustyKeymaster3Device();
+
+ Return<void> getHardwareFeatures(getHardwareFeatures_cb _hidl_cb);
+ Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override;
+ Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
+ generateKey_cb _hidl_cb) override;
+ Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId,
+ const hidl_vec<uint8_t>& appData,
+ getKeyCharacteristics_cb _hidl_cb) override;
+ Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
+ const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override;
+ Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
+ exportKey_cb _hidl_cb) override;
+ Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
+ const hidl_vec<KeyParameter>& attestParams,
+ attestKey_cb _hidl_cb) override;
+ Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
+ const hidl_vec<KeyParameter>& upgradeParams,
+ upgradeKey_cb _hidl_cb) override;
+ Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override;
+ Return<ErrorCode> deleteAllKeys() override;
+ Return<ErrorCode> destroyAttestationIds() override;
+ Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
+ const hidl_vec<KeyParameter>& inParams, begin_cb _hidl_cb) override;
+ Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, update_cb _hidl_cb) override;
+ Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
+ finish_cb _hidl_cb) override;
+ Return<ErrorCode> abort(uint64_t operationHandle) override;
+
+ private:
+ std::unique_ptr<TrustyKeymaster> impl_;
+};
+
+} // namespace keymaster
+
+#endif // HIDL_android_hardware_keymaster_V3_0_TrustyKeymaster3Device_H_
diff --git a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
index d63757b..13e6725 100644
--- a/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
+++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
@@ -46,6 +46,13 @@
KM_ATTEST_KEY = (16 << KEYMASTER_REQ_SHIFT),
KM_UPGRADE_KEY = (17 << KEYMASTER_REQ_SHIFT),
KM_CONFIGURE = (18 << KEYMASTER_REQ_SHIFT),
+ KM_GET_HMAC_SHARING_PARAMETERS = (19 << KEYMASTER_REQ_SHIFT),
+ KM_COMPUTE_SHARED_HMAC = (20 << KEYMASTER_REQ_SHIFT),
+ KM_VERIFY_AUTHORIZATION = (21 << KEYMASTER_REQ_SHIFT),
+ KM_DELETE_KEY = (22 << KEYMASTER_REQ_SHIFT),
+ KM_DELETE_ALL_KEYS = (23 << KEYMASTER_REQ_SHIFT),
+ KM_DESTROY_ATTESTATION_IDS = (24 << KEYMASTER_REQ_SHIFT),
+ KM_IMPORT_WRAPPED_KEY = (25 << KEYMASTER_REQ_SHIFT),
};
#ifdef __ANDROID__
diff --git a/trusty/trusty-base.mk b/trusty/trusty-base.mk
index 9c3a7df..0a0ecec 100644
--- a/trusty/trusty-base.mk
+++ b/trusty/trusty-base.mk
@@ -20,7 +20,7 @@
#
PRODUCT_PACKAGES += \
- keystore.trusty \
+ android.hardware.keymaster@3.0-service.trusty \
gatekeeper.trusty
PRODUCT_PROPERTY_OVERRIDES += \