1 /* 2 ** 3 ** Copyright 2017, The Android Open Source Project 4 ** 5 ** Licensed under the Apache License, Version 2.0 (the "License"); 6 ** you may not use this file except in compliance with the License. 7 ** You may obtain a copy of the License at 8 ** 9 ** http://www.apache.org/licenses/LICENSE-2.0 10 ** 11 ** Unless required by applicable law or agreed to in writing, software 12 ** distributed under the License is distributed on an "AS IS" BASIS, 13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 ** See the License for the specific language governing permissions and 15 ** limitations under the License. 16 */ 17 18 #ifndef HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_ 19 #define HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_ 20 21 #include <android/hardware/keymaster/4.0/IKeymasterDevice.h> 22 23 namespace android { 24 namespace hardware { 25 namespace keymaster { 26 namespace V4_0 { 27 namespace support { 28 29 /** 30 * Keymaster abstracts the underlying V4_0::IKeymasterDevice. There is one implementation 31 * (Keymaster4) which is a trivial passthrough and one that wraps a V3_0::IKeymasterDevice. 32 * 33 * The reason for adding this additional layer, rather than simply using the latest HAL directly and 34 * subclassing it to wrap any older HAL, is because this provides a place to put additional methods 35 * which clients can use when they need to distinguish between different underlying HAL versions, 36 * while still having to use only the latest interface. 37 */ 38 class Keymaster : public IKeymasterDevice { 39 public: 40 using KeymasterSet = std::vector<std::unique_ptr<Keymaster>>; 41 42 Keymaster(const hidl_string& descriptor, const hidl_string& instanceName) 43 : descriptor_(descriptor), instanceName_(instanceName) {} 44 virtual ~Keymaster() {} 45 46 struct VersionResult { 47 hidl_string keymasterName; 48 hidl_string authorName; 49 uint8_t majorVersion; 50 SecurityLevel securityLevel; 51 bool supportsEc; 52 53 bool operator>(const VersionResult& other) const { 54 auto lhs = std::tie(securityLevel, majorVersion, supportsEc); 55 auto rhs = std::tie(other.securityLevel, other.majorVersion, other.supportsEc); 56 return lhs > rhs; 57 } 58 }; 59 60 virtual const VersionResult& halVersion() const = 0; 61 const hidl_string& descriptor() const { return descriptor_; } 62 const hidl_string& instanceName() const { return instanceName_; } 63 64 /** 65 * Returns all available Keymaster3 and Keymaster4 instances, in order of most secure to least 66 * secure (as defined by VersionResult::operator<). 67 */ 68 static KeymasterSet enumerateAvailableDevices(); 69 70 /** 71 * Ask provided Keymaster instances to compute a shared HMAC key using 72 * getHmacSharingParameters() and computeSharedHmac(). This computation is idempotent as long 73 * as the same set of Keymaster instances is used each time (and if all of the instances work 74 * correctly). It must be performed once per boot, but should do no harm to be repeated. 75 * 76 * If key agreement fails, this method will crash the process (with CHECK). 77 */ 78 static void performHmacKeyAgreement(const KeymasterSet& keymasters); 79 80 private: 81 hidl_string descriptor_; 82 hidl_string instanceName_; 83 }; 84 85 std::ostream& operator<<(std::ostream& os, const Keymaster& keymaster); 86 87 } // namespace support 88 } // namespace V4_0 89 } // namespace keymaster 90 } // namespace hardware 91 } // namespace android 92 93 #endif // HARDWARE_INTERFACES_KEYMASTER_40_SUPPORT_KEYMASTER_H_ 94