Merge "libutils: remove unused strzcmp16_h_n."
diff --git a/adb/Android.bp b/adb/Android.bp
index a18dc1a..41e752f 100644
--- a/adb/Android.bp
+++ b/adb/Android.bp
@@ -353,7 +353,6 @@
"libcutils",
"libext4_utils",
"libfec",
- "libfec_rs",
"libfs_mgr",
"liblog",
"libmdnssd",
diff --git a/adb/client/commandline.cpp b/adb/client/commandline.cpp
index da273fd..41ac663 100644
--- a/adb/client/commandline.cpp
+++ b/adb/client/commandline.cpp
@@ -1326,9 +1326,9 @@
}
int adb_commandline(int argc, const char** argv) {
- int no_daemon = 0;
- int is_daemon = 0;
- int is_server = 0;
+ bool no_daemon = false;
+ bool is_daemon = false;
+ bool is_server = false;
int r;
TransportType transport_type = kTransportAny;
int ack_reply_fd = -1;
@@ -1348,12 +1348,12 @@
while (argc > 0) {
if (!strcmp(argv[0],"server")) {
- is_server = 1;
+ is_server = true;
} else if (!strcmp(argv[0],"nodaemon")) {
- no_daemon = 1;
+ no_daemon = true;
} else if (!strcmp(argv[0], "fork-server")) {
/* this is a special flag used only when the ADB client launches the ADB Server */
- is_daemon = 1;
+ is_daemon = true;
} else if (!strcmp(argv[0], "--reply-fd")) {
if (argc < 2) return syntax_error("--reply-fd requires an argument");
const char* reply_fd_str = argv[1];
diff --git a/adb/client/main.cpp b/adb/client/main.cpp
index de6c723..095ad98 100644
--- a/adb/client/main.cpp
+++ b/adb/client/main.cpp
@@ -118,10 +118,20 @@
init_transport_registration();
init_reconnect_handler();
- init_mdns_transport_discovery();
- usb_init();
- local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT);
+ if (!getenv("ADB_MDNS") || strcmp(getenv("ADB_MDNS"), "0") != 0) {
+ init_mdns_transport_discovery();
+ }
+
+ if (!getenv("ADB_USB") || strcmp(getenv("ADB_USB"), "0") != 0) {
+ usb_init();
+ } else {
+ adb_notify_device_scan_complete();
+ }
+
+ if (!getenv("ADB_EMU") || strcmp(getenv("ADB_EMU"), "0") != 0) {
+ local_init(DEFAULT_ADB_LOCAL_TRANSPORT_PORT);
+ }
std::string error;
diff --git a/adb/daemon/services.cpp b/adb/daemon/services.cpp
index dfcc52d..8417690 100644
--- a/adb/daemon/services.cpp
+++ b/adb/daemon/services.cpp
@@ -26,6 +26,8 @@
#include <stdlib.h>
#include <string.h>
#include <sys/ioctl.h>
+#include <sys/socket.h>
+#include <sys/un.h>
#include <unistd.h>
#include <thread>
@@ -96,41 +98,44 @@
void reboot_service(unique_fd fd, const std::string& arg) {
std::string reboot_arg = arg;
- bool auto_reboot = false;
-
- if (reboot_arg == "sideload-auto-reboot") {
- auto_reboot = true;
- reboot_arg = "sideload";
- }
-
- // It reboots into sideload mode by setting "--sideload" or "--sideload_auto_reboot"
- // in the command file.
- if (reboot_arg == "sideload") {
- if (getuid() != 0) {
- WriteFdExactly(fd.get(), "'adb root' is required for 'adb reboot sideload'.\n");
- return;
- }
-
- const std::vector<std::string> options = {auto_reboot ? "--sideload_auto_reboot"
- : "--sideload"};
- std::string err;
- if (!write_bootloader_message(options, &err)) {
- D("Failed to set bootloader message: %s", err.c_str());
- return;
- }
-
- reboot_arg = "recovery";
- }
-
sync();
if (reboot_arg.empty()) reboot_arg = "adb";
std::string reboot_string = android::base::StringPrintf("reboot,%s", reboot_arg.c_str());
- if (!android::base::SetProperty(ANDROID_RB_PROPERTY, reboot_string)) {
- WriteFdFmt(fd.get(), "reboot (%s) failed\n", reboot_string.c_str());
- return;
- }
+ if (reboot_arg == "fastboot" && access("/dev/socket/recovery", F_OK) == 0) {
+ LOG(INFO) << "Recovery specific reboot fastboot";
+ /*
+ * The socket is created to allow switching between recovery and
+ * fastboot.
+ */
+ android::base::unique_fd sock(socket(AF_UNIX, SOCK_STREAM, 0));
+ if (sock < 0) {
+ WriteFdFmt(fd, "reboot (%s) create\n", strerror(errno));
+ PLOG(ERROR) << "Creating recovery socket failed";
+ return;
+ }
+
+ sockaddr_un addr = {.sun_family = AF_UNIX};
+ strncpy(addr.sun_path, "/dev/socket/recovery", sizeof(addr.sun_path) - 1);
+ if (connect(sock, reinterpret_cast<sockaddr*>(&addr), sizeof(addr)) == -1) {
+ WriteFdFmt(fd, "reboot (%s) connect\n", strerror(errno));
+ PLOG(ERROR) << "Couldn't connect to recovery socket";
+ return;
+ }
+ const char msg_switch_to_fastboot = 'f';
+ auto ret = adb_write(sock, &msg_switch_to_fastboot, sizeof(msg_switch_to_fastboot));
+ if (ret != sizeof(msg_switch_to_fastboot)) {
+ WriteFdFmt(fd, "reboot (%s) write\n", strerror(errno));
+ PLOG(ERROR) << "Couldn't write message to recovery socket to switch to fastboot";
+ return;
+ }
+ } else {
+ if (!android::base::SetProperty(ANDROID_RB_PROPERTY, reboot_string)) {
+ WriteFdFmt(fd.get(), "reboot (%s) failed\n", reboot_string.c_str());
+ return;
+ }
+ }
// Don't return early. Give the reboot command time to take effect
// to avoid messing up scripts which do "adb reboot && adb wait-for-device"
while (true) {
diff --git a/adb/test_adb.py b/adb/test_adb.py
index d4c98e4..86c13d0 100755
--- a/adb/test_adb.py
+++ b/adb/test_adb.py
@@ -28,6 +28,7 @@
import struct
import subprocess
import threading
+import time
import unittest
@@ -90,7 +91,7 @@
server_thread.start()
try:
- yield port
+ yield port, writesock
finally:
writesock.close()
server_thread.join()
@@ -120,7 +121,7 @@
def adb_server():
"""Context manager for an ADB server.
- This creates an ADB server and returns the port it"s listening on.
+ This creates an ADB server and returns the port it's listening on.
"""
port = 5038
@@ -342,7 +343,7 @@
Bug: http://b/78991667
"""
with adb_server() as server_port:
- with fake_adbd() as port:
+ with fake_adbd() as (port, _):
serial = "emulator-{}".format(port - 1)
# Ensure that the emulator is not there.
try:
@@ -380,7 +381,7 @@
"""
for protocol in (socket.AF_INET, socket.AF_INET6):
try:
- with fake_adbd(protocol=protocol) as port:
+ with fake_adbd(protocol=protocol) as (port, _):
serial = "localhost:{}".format(port)
with adb_connect(self, serial):
pass
@@ -391,7 +392,7 @@
def test_already_connected(self):
"""Ensure that an already-connected device stays connected."""
- with fake_adbd() as port:
+ with fake_adbd() as (port, _):
serial = "localhost:{}".format(port)
with adb_connect(self, serial):
# b/31250450: this always returns 0 but probably shouldn't.
@@ -403,7 +404,7 @@
def test_reconnect(self):
"""Ensure that a disconnected device reconnects."""
- with fake_adbd() as port:
+ with fake_adbd() as (port, _):
serial = "localhost:{}".format(port)
with adb_connect(self, serial):
output = subprocess.check_output(["adb", "-s", serial,
@@ -439,6 +440,46 @@
"error: device '{}' not found".format(serial).encode("utf8"))
+class DisconnectionTest(unittest.TestCase):
+ """Tests for adb disconnect."""
+
+ def test_disconnect(self):
+ """Ensure that `adb disconnect` takes effect immediately."""
+
+ def _devices(port):
+ output = subprocess.check_output(["adb", "-P", str(port), "devices"])
+ return [x.split("\t") for x in output.decode("utf8").strip().splitlines()[1:]]
+
+ with adb_server() as server_port:
+ with fake_adbd() as (port, sock):
+ device_name = "localhost:{}".format(port)
+ output = subprocess.check_output(["adb", "-P", str(server_port),
+ "connect", device_name])
+ self.assertEqual(output.strip(),
+ "connected to {}".format(device_name).encode("utf8"))
+
+
+ self.assertEqual(_devices(server_port), [[device_name, "device"]])
+
+ # Send a deliberately malformed packet to make the device go offline.
+ packet = struct.pack("IIIIII", 0, 0, 0, 0, 0, 0)
+ sock.sendall(packet)
+
+ # Wait a bit.
+ time.sleep(0.1)
+
+ self.assertEqual(_devices(server_port), [[device_name, "offline"]])
+
+ # Disconnect the device.
+ output = subprocess.check_output(["adb", "-P", str(server_port),
+ "disconnect", device_name])
+
+ # Wait a bit.
+ time.sleep(0.1)
+
+ self.assertEqual(_devices(server_port), [])
+
+
def main():
"""Main entrypoint."""
random.seed(0)
diff --git a/adb/transport.cpp b/adb/transport.cpp
index 0e8db04..332e0f8 100644
--- a/adb/transport.cpp
+++ b/adb/transport.cpp
@@ -33,7 +33,7 @@
#include <deque>
#include <list>
#include <mutex>
-#include <queue>
+#include <set>
#include <thread>
#include <android-base/logging.h>
@@ -97,6 +97,9 @@
// Adds the atransport* to the queue of reconnect attempts.
void TrackTransport(atransport* transport);
+ // Wake up the ReconnectHandler thread to have it check for kicked transports.
+ void CheckForKicked();
+
private:
// The main thread loop.
void Run();
@@ -108,9 +111,11 @@
size_t attempts_left;
bool operator<(const ReconnectAttempt& rhs) const {
- // std::priority_queue returns the largest element first, so we want attempts that have
- // less time remaining (i.e. smaller time_points) to compare greater.
- return reconnect_time > rhs.reconnect_time;
+ if (reconnect_time == rhs.reconnect_time) {
+ return reinterpret_cast<uintptr_t>(transport) <
+ reinterpret_cast<uintptr_t>(rhs.transport);
+ }
+ return reconnect_time < rhs.reconnect_time;
}
};
@@ -123,7 +128,7 @@
bool running_ GUARDED_BY(reconnect_mutex_) = true;
std::thread handler_thread_;
std::condition_variable reconnect_cv_;
- std::priority_queue<ReconnectAttempt> reconnect_queue_ GUARDED_BY(reconnect_mutex_);
+ std::set<ReconnectAttempt> reconnect_queue_ GUARDED_BY(reconnect_mutex_);
DISALLOW_COPY_AND_ASSIGN(ReconnectHandler);
};
@@ -145,8 +150,8 @@
// Drain the queue to free all resources.
std::lock_guard<std::mutex> lock(reconnect_mutex_);
while (!reconnect_queue_.empty()) {
- ReconnectAttempt attempt = reconnect_queue_.top();
- reconnect_queue_.pop();
+ ReconnectAttempt attempt = *reconnect_queue_.begin();
+ reconnect_queue_.erase(reconnect_queue_.begin());
remove_transport(attempt.transport);
}
}
@@ -164,6 +169,10 @@
reconnect_cv_.notify_one();
}
+void ReconnectHandler::CheckForKicked() {
+ reconnect_cv_.notify_one();
+}
+
void ReconnectHandler::Run() {
while (true) {
ReconnectAttempt attempt;
@@ -176,28 +185,38 @@
// system_clock as its clock, so we're probably hosed if the clock changes,
// even if we use steady_clock throughout. This problem goes away once we
// switch to libc++.
- reconnect_cv_.wait_until(lock, reconnect_queue_.top().reconnect_time);
+ reconnect_cv_.wait_until(lock, reconnect_queue_.begin()->reconnect_time);
} else {
reconnect_cv_.wait(lock);
}
if (!running_) return;
+
+ // Scan the whole list for kicked transports, so that we immediately handle an explicit
+ // disconnect request.
+ bool kicked = false;
+ for (auto it = reconnect_queue_.begin(); it != reconnect_queue_.end();) {
+ if (it->transport->kicked()) {
+ D("transport %s was kicked. giving up on it.", it->transport->serial.c_str());
+ remove_transport(it->transport);
+ it = reconnect_queue_.erase(it);
+ } else {
+ ++it;
+ }
+ kicked = true;
+ }
+
if (reconnect_queue_.empty()) continue;
- // Go back to sleep in case |reconnect_cv_| woke up spuriously and we still
- // have more time to wait for the current attempt.
+ // Go back to sleep if we either woke up spuriously, or we were woken up to remove
+ // a kicked transport, and the first transport isn't ready for reconnection yet.
auto now = std::chrono::steady_clock::now();
- if (reconnect_queue_.top().reconnect_time > now) {
+ if (reconnect_queue_.begin()->reconnect_time > now) {
continue;
}
- attempt = reconnect_queue_.top();
- reconnect_queue_.pop();
- if (attempt.transport->kicked()) {
- D("transport %s was kicked. giving up on it.", attempt.transport->serial.c_str());
- remove_transport(attempt.transport);
- continue;
- }
+ attempt = *reconnect_queue_.begin();
+ reconnect_queue_.erase(reconnect_queue_.begin());
}
D("attempting to reconnect %s", attempt.transport->serial.c_str());
@@ -446,6 +465,10 @@
if (std::find(transport_list.begin(), transport_list.end(), t) != transport_list.end()) {
t->Kick();
}
+
+#if ADB_HOST
+ reconnect_handler.CheckForKicked();
+#endif
}
static int transport_registration_send = -1;
@@ -1274,6 +1297,9 @@
t->Kick();
}
}
+#if ADB_HOST
+ reconnect_handler.CheckForKicked();
+#endif
}
#endif
diff --git a/base/include/android-base/utf8.h b/base/include/android-base/utf8.h
old mode 100755
new mode 100644
diff --git a/fastboot/Android.mk b/fastboot/Android.mk
index 60c338c..a679143 100644
--- a/fastboot/Android.mk
+++ b/fastboot/Android.mk
@@ -82,6 +82,7 @@
LOCAL_CFLAGS := $(fastboot_cflags)
LOCAL_CFLAGS_darwin := $(fastboot_cflags_darwin)
+LOCAL_CPP_STD := c++17
LOCAL_CXX_STL := $(fastboot_stl)
LOCAL_HEADER_LIBRARIES := bootimg_headers
LOCAL_LDLIBS_darwin := $(fastboot_ldlibs_darwin)
diff --git a/fastboot/device/variables.cpp b/fastboot/device/variables.cpp
index a5dead2..65cfea3 100644
--- a/fastboot/device/variables.cpp
+++ b/fastboot/device/variables.cpp
@@ -123,10 +123,14 @@
}
std::string slot_suffix = device->GetCurrentSlot();
if (slot_suffix.empty()) {
- return device->WriteFail("Invalid slot");
+ return device->WriteOkay("no");
}
- std::string result = (args[0] == "userdata" ? "no" : "yes");
- return device->WriteOkay(result);
+ std::string partition_name = args[0] + slot_suffix;
+ if (FindPhysicalPartition(partition_name) ||
+ LogicalPartitionExists(partition_name, slot_suffix)) {
+ return device->WriteOkay("yes");
+ }
+ return device->WriteOkay("no");
}
bool GetPartitionSize(FastbootDevice* device, const std::vector<std::string>& args) {
diff --git a/fastboot/fastboot_driver.h b/fastboot/fastboot_driver.h
index e8711cb..dd199c0 100644
--- a/fastboot/fastboot_driver.h
+++ b/fastboot/fastboot_driver.h
@@ -57,7 +57,7 @@
class FastBootDriver {
public:
- static constexpr int RESP_TIMEOUT = 10; // 10 seconds
+ static constexpr int RESP_TIMEOUT = 30; // 30 seconds
static constexpr uint32_t MAX_DOWNLOAD_SIZE = std::numeric_limits<uint32_t>::max();
static constexpr size_t TRANSPORT_CHUNK_SIZE = 1024;
diff --git a/fs_mgr/Android.bp b/fs_mgr/Android.bp
index 6329d54..3cce0e8 100644
--- a/fs_mgr/Android.bp
+++ b/fs_mgr/Android.bp
@@ -31,6 +31,8 @@
}
cc_library {
+ // Do not ever allow this library to be vendor_available as a shared library.
+ // It does not have a stable interface.
name: "libfs_mgr",
defaults: ["fs_mgr_defaults"],
recovery_available: true,
@@ -46,18 +48,15 @@
"fs_mgr_overlayfs.cpp",
],
shared_libs: [
- "libfec",
- "libfec_rs",
"libbase",
- "libcrypto_utils",
"libcrypto",
+ "libcrypto_utils",
"libcutils",
"libext4_utils",
- "libkeyutils",
+ "libfec",
"liblog",
- "libsquashfs_utils",
- "libselinux",
"liblp",
+ "libselinux",
],
static_libs: [
"libavb",
@@ -90,6 +89,8 @@
}
cc_library_static {
+ // Do not ever make this a shared library as long as it is vendor_available.
+ // It does not have a stable interface.
name: "libfstab",
vendor_available: true,
recovery_available: true,
diff --git a/fs_mgr/fs_mgr_overlayfs.cpp b/fs_mgr/fs_mgr_overlayfs.cpp
index 74dfc00..78151d5 100644
--- a/fs_mgr/fs_mgr_overlayfs.cpp
+++ b/fs_mgr/fs_mgr_overlayfs.cpp
@@ -65,11 +65,10 @@
// acceptable overlayfs backing storage
const auto kOverlayMountPoint = "/cache"s;
-// return true if everything is mounted, but before adb is started. At
-// 'trigger firmware_mounts_complete' after 'trigger load_persist_props_action'.
+// Return true if everything is mounted, but before adb is started. Right
+// after 'trigger load_persist_props_action' is done.
bool fs_mgr_boot_completed() {
- return !android::base::GetProperty("ro.boottime.init", "").empty() &&
- !!access("/dev/.booting", F_OK);
+ return android::base::GetBoolProperty("ro.persistent_properties.ready", false);
}
bool fs_mgr_is_dir(const std::string& path) {
@@ -164,7 +163,9 @@
// Overlayfs available in the kernel, and patched for override_creds?
static signed char overlayfs_in_kernel = -1; // cache for constant condition
if (overlayfs_in_kernel == -1) {
+ auto save_errno = errno;
overlayfs_in_kernel = !access("/sys/module/overlay/parameters/override_creds", F_OK);
+ errno = save_errno;
}
return overlayfs_in_kernel;
}
@@ -430,7 +431,7 @@
const auto newpath = oldpath + ".teardown";
ret &= fs_mgr_rm_all(newpath);
auto save_errno = errno;
- if (rename(oldpath.c_str(), newpath.c_str())) {
+ if (!rename(oldpath.c_str(), newpath.c_str())) {
if (change) *change = true;
} else if (errno != ENOENT) {
ret = false;
diff --git a/healthd/healthd_draw.cpp b/healthd/healthd_draw.cpp
index 30f2cf3..706dc80 100644
--- a/healthd/healthd_draw.cpp
+++ b/healthd/healthd_draw.cpp
@@ -173,7 +173,7 @@
cur_level = 100;
}
- if (cur_level <= 0) return;
+ if (cur_level < 0) return;
const animation::text_field& field = anim->text_percent;
if (field.font == nullptr || field.font->char_width == 0 || field.font->char_height == 0) {
diff --git a/healthd/healthd_mode_charger.cpp b/healthd/healthd_mode_charger.cpp
index 56a9f86..2eb5497 100644
--- a/healthd/healthd_mode_charger.cpp
+++ b/healthd/healthd_mode_charger.cpp
@@ -72,6 +72,7 @@
#define BATTERY_UNKNOWN_TIME (2 * MSEC_PER_SEC)
#define POWER_ON_KEY_TIME (2 * MSEC_PER_SEC)
#define UNPLUGGED_SHUTDOWN_TIME (10 * MSEC_PER_SEC)
+#define UNPLUGGED_DISPLAY_TIME (3 * MSEC_PER_SEC)
#define LAST_KMSG_MAX_SZ (32 * 1024)
@@ -91,6 +92,7 @@
struct charger {
bool have_battery_state;
bool charger_connected;
+ bool screen_blanked;
int64_t next_screen_transition;
int64_t next_key_check;
int64_t next_pwr_check;
@@ -293,6 +295,7 @@
#ifndef CHARGER_DISABLE_INIT_BLANK
healthd_draw->blank_screen(true);
+ charger->screen_blanked = true;
#endif
}
@@ -301,6 +304,7 @@
reset_animation(batt_anim);
charger->next_screen_transition = -1;
healthd_draw->blank_screen(true);
+ charger->screen_blanked = true;
LOGV("[%" PRId64 "] animation done\n", now);
if (charger->charger_connected) request_suspend(true);
return;
@@ -308,8 +312,10 @@
disp_time = batt_anim->frames[batt_anim->cur_frame].disp_time;
- /* unblank the screen on first cycle and first frame */
- if (batt_anim->cur_cycle == 0 && batt_anim->cur_frame == 0) healthd_draw->blank_screen(false);
+ if (charger->screen_blanked) {
+ healthd_draw->blank_screen(false);
+ charger->screen_blanked = false;
+ }
/* animation starting, set up the animation */
if (batt_anim->cur_frame == 0) {
@@ -327,9 +333,15 @@
}
}
- // repeat the first frame first_frame_repeats times
- disp_time = batt_anim->frames[batt_anim->cur_frame].disp_time *
- batt_anim->first_frame_repeats;
+ if (charger->charger_connected) {
+ // repeat the first frame first_frame_repeats times
+ disp_time = batt_anim->frames[batt_anim->cur_frame].disp_time *
+ batt_anim->first_frame_repeats;
+ } else {
+ disp_time = UNPLUGGED_DISPLAY_TIME / batt_anim->num_cycles;
+ }
+
+ LOGV("cur_frame=%d disp_time=%d\n", batt_anim->cur_frame, disp_time);
}
}
}
@@ -348,7 +360,7 @@
}
/* schedule next screen transition */
- charger->next_screen_transition = now + disp_time;
+ charger->next_screen_transition = curr_time_ms() + disp_time;
/* advance frame cntr to the next valid frame only if we are charging
* if necessary, advance cycle cntr, and reset frame cntr
@@ -458,6 +470,7 @@
/* if the power key got released, force screen state cycle */
if (key->pending) {
kick_animation(charger->batt_anim);
+ request_suspend(false);
}
}
}
@@ -476,12 +489,18 @@
if (!charger->have_battery_state) return;
if (!charger->charger_connected) {
- /* Last cycle would have stopped at the extreme top of battery-icon
- * Need to show the correct level corresponding to capacity.
- */
- kick_animation(charger->batt_anim);
request_suspend(false);
if (charger->next_pwr_check == -1) {
+ /* Last cycle would have stopped at the extreme top of battery-icon
+ * Need to show the correct level corresponding to capacity.
+ *
+ * Reset next_screen_transition to update screen immediately.
+ * Reset & kick animation to show complete animation cycles
+ * when charger disconnected.
+ */
+ charger->next_screen_transition = now - 1;
+ reset_animation(charger->batt_anim);
+ kick_animation(charger->batt_anim);
charger->next_pwr_check = now + UNPLUGGED_SHUTDOWN_TIME;
LOGW("[%" PRId64 "] device unplugged: shutting down in %" PRId64 " (@ %" PRId64 ")\n",
now, (int64_t)UNPLUGGED_SHUTDOWN_TIME, charger->next_pwr_check);
@@ -494,8 +513,15 @@
} else {
/* online supply present, reset shutdown timer if set */
if (charger->next_pwr_check != -1) {
- LOGW("[%" PRId64 "] device plugged in: shutdown cancelled\n", now);
+ /* Reset next_screen_transition to update screen immediately.
+ * Reset & kick animation to show complete animation cycles
+ * when charger connected again.
+ */
+ request_suspend(false);
+ charger->next_screen_transition = now - 1;
+ reset_animation(charger->batt_anim);
kick_animation(charger->batt_anim);
+ LOGW("[%" PRId64 "] device plugged in: shutdown cancelled\n", now);
}
charger->next_pwr_check = -1;
}
@@ -523,6 +549,7 @@
if (!charger->have_battery_state) {
charger->have_battery_state = true;
charger->next_screen_transition = curr_time_ms() - 1;
+ request_suspend(false);
reset_animation(charger->batt_anim);
kick_animation(charger->batt_anim);
}
diff --git a/init/Android.mk b/init/Android.mk
index d20509b..ada87b8 100644
--- a/init/Android.mk
+++ b/init/Android.mk
@@ -81,7 +81,6 @@
LOCAL_REQUIRED_MODULES := \
init_second_stage \
- init_second_stage.recovery \
LOCAL_SANITIZE := signed-integer-overflow
include $(BUILD_EXECUTABLE)
diff --git a/init/reboot.cpp b/init/reboot.cpp
index 7401857..2f88121 100644
--- a/init/reboot.cpp
+++ b/init/reboot.cpp
@@ -473,7 +473,21 @@
"bootloader_message: "
<< err;
}
+ } else if (reboot_target == "sideload" || reboot_target == "sideload-auto-reboot" ||
+ reboot_target == "fastboot") {
+ std::string arg = reboot_target == "sideload-auto-reboot" ? "sideload_auto_reboot"
+ : reboot_target;
+ const std::vector<std::string> options = {
+ "--" + arg,
+ };
+ std::string err;
+ if (!write_bootloader_message(options, &err)) {
+ LOG(ERROR) << "Failed to set bootloader message: " << err;
+ return false;
+ }
+ reboot_target = "recovery";
}
+
// If there is an additional parameter, pass it along
if ((cmd_params.size() == 3) && cmd_params[2].size()) {
reboot_target += "," + cmd_params[2];
diff --git a/libsuspend/Android.bp b/libsuspend/Android.bp
index b3e36c2..c5f1f5e 100644
--- a/libsuspend/Android.bp
+++ b/libsuspend/Android.bp
@@ -2,11 +2,6 @@
cc_library {
name: "libsuspend",
- vendor_available: true,
- vndk: {
- enabled: true,
- },
-
srcs: [
"autosuspend.c",
"autosuspend_wakeup_count.cpp",
diff --git a/llkd/README.md b/llkd/README.md
index b2ba2a2..2314583 100644
--- a/llkd/README.md
+++ b/llkd/README.md
@@ -60,7 +60,7 @@
Android Properties
------------------
-Android Properties llkd respond to (<prop>_ms parms are in milliseconds):
+Android Properties llkd respond to (*prop*_ms parms are in milliseconds):
#### ro.config.low_ram
default false, if true do not sysrq t (dump all threads).
@@ -99,19 +99,33 @@
#### ro.llk.blacklist.process
default 0,1,2 (kernel, init and [kthreadd]) plus process names
init,[kthreadd],[khungtaskd],lmkd,lmkd.llkd,llkd,watchdogd,
-[watchdogd],[watchdogd/0],...,[watchdogd/<get_nprocs-1>].
+[watchdogd],[watchdogd/0],...,[watchdogd/***get_nprocs**-1*].
+The string false is the equivalent to an empty list.
+Do not watch these processes. A process can be comm, cmdline or pid reference.
+NB: automated default here can be larger than the current maximum property
+size of 92.
+NB: false is a very very very unlikely process to want to blacklist.
#### ro.llk.blacklist.parent
default 0,2 (kernel and [kthreadd]).
+The string false is the equivalent to an empty list.
+Do not watch processes that have this parent.
+A parent process can be comm, cmdline or pid reference.
#### ro.llk.blacklist.uid
-default <empty>, comma separated list of uid numbers or names.
+default *empty* or false, comma separated list of uid numbers or names.
+The string false is the equivalent to an empty list.
+Do not watch processes that match this uid.
Architectural Concerns
----------------------
+- built-in [khungtask] daemon is too generic and trips on driver code that
+ sits around in D state too much. To switch to S instead makes the task(s)
+ killable, so the drivers should be able to resurrect them if needed.
+- Properties are limited to 92 characters.
- Create kernel module and associated gTest to actually test panic.
-- Create gTest to test out blacklist (ro.llk.blacklist.<properties> generally
+- Create gTest to test out blacklist (ro.llk.blacklist.*properties* generally
not be inputs). Could require more test-only interfaces to libllkd.
-- Speed up gTest using something else than ro.llk.<properties>, which should
- not be inputs.
+- Speed up gTest using something else than ro.llk.*properties*, which should
+ not be inputs as they should be baked into the product.
diff --git a/llkd/libllkd.cpp b/llkd/libllkd.cpp
index 3b28775..48551f2 100644
--- a/llkd/libllkd.cpp
+++ b/llkd/libllkd.cpp
@@ -285,7 +285,7 @@
schedUpdate(0),
nrSwitches(0),
update(llkUpdate),
- count(0),
+ count(0ms),
pid(pid),
ppid(ppid),
uid(-1),
@@ -574,15 +574,19 @@
// We only officially support comma separators, but wetware being what they
// are will take some liberty and I do not believe they should be punished.
-std::unordered_set<std::string> llkSplit(const std::string& s,
- const std::string& delimiters = ", \t:") {
+std::unordered_set<std::string> llkSplit(const std::string& s) {
std::unordered_set<std::string> result;
+ // Special case, allow boolean false to empty the list, otherwise expected
+ // source of input from android::base::GetProperty will supply the default
+ // value on empty content in the property.
+ if (s == "false") return result;
+
size_t base = 0;
- size_t found;
- while (true) {
- found = s.find_first_of(delimiters, base);
- result.emplace(s.substr(base, found - base));
+ while (s.size() > base) {
+ auto found = s.find_first_of(", \t:", base);
+ // Only emplace content, empty entries are not an option
+ if (found != base) result.emplace(s.substr(base, found - base));
if (found == s.npos) break;
base = found + 1;
}
diff --git a/lmkd/Android.bp b/lmkd/Android.bp
index 1369b8b..903d0e2 100644
--- a/lmkd/Android.bp
+++ b/lmkd/Android.bp
@@ -20,6 +20,7 @@
],
},
},
+ logtags: ["event.logtags"],
}
cc_library_static {
diff --git a/lmkd/event.logtags b/lmkd/event.logtags
new file mode 100644
index 0000000..7c2cd18
--- /dev/null
+++ b/lmkd/event.logtags
@@ -0,0 +1,38 @@
+# The entries in this file map a sparse set of log tag numbers to tag names.
+# This is installed on the device, in /system/etc, and parsed by logcat.
+#
+# Tag numbers are decimal integers, from 0 to 2^31. (Let's leave the
+# negative values alone for now.)
+#
+# Tag names are one or more ASCII letters and numbers or underscores, i.e.
+# "[A-Z][a-z][0-9]_". Do not include spaces or punctuation (the former
+# impacts log readability, the latter makes regex searches more annoying).
+#
+# Tag numbers and names are separated by whitespace. Blank lines and lines
+# starting with '#' are ignored.
+#
+# Optionally, after the tag names can be put a description for the value(s)
+# of the tag. Description are in the format
+# (<name>|data type[|data unit])
+# Multiple values are separated by commas.
+#
+# The data type is a number from the following values:
+# 1: int
+# 2: long
+# 3: string
+# 4: list
+#
+# The data unit is a number taken from the following list:
+# 1: Number of objects
+# 2: Number of bytes
+# 3: Number of milliseconds
+# 4: Number of allocations
+# 5: Id
+# 6: Percent
+# s: Number of seconds (monotonic time)
+# Default value for data of type int/long is 2 (bytes).
+#
+# TODO: generate ".java" and ".h" files with integer constants from this file.
+
+# for meminfo logs
+10195355 meminfo (MemFree|1),(Cached|1),(SwapCached|1),(Buffers|1),(Shmem|1),(Unevictable|1),(SwapFree|1),(ActiveAnon|1),(InactiveAnon|1),(ActiveFile|1),(InactiveFile|1),(SReclaimable|1),(SUnreclaim|1),(KernelStack|1),(PageTables|1),(ION_heap|1),(ION_heap_pool|1),(CmaFree|1)
diff --git a/lmkd/lmkd.c b/lmkd/lmkd.c
index 3b45db7..02534f2 100644
--- a/lmkd/lmkd.c
+++ b/lmkd/lmkd.c
@@ -37,6 +37,7 @@
#include <cutils/sockets.h>
#include <lmkd.h>
#include <log/log.h>
+#include <log/log_event_list.h>
#ifdef LMKD_LOG_STATS
#include "statslog.h"
@@ -72,6 +73,9 @@
#define MEMINFO_PATH "/proc/meminfo"
#define LINE_MAX 128
+/* Android Logger event logtags (see event.logtags) */
+#define MEMINFO_LOG_TAG 10195355
+
/* gid containing AID_SYSTEM required */
#define INKERNEL_MINFREE_PATH "/sys/module/lowmemorykiller/parameters/minfree"
#define INKERNEL_ADJ_PATH "/sys/module/lowmemorykiller/parameters/adj"
@@ -85,6 +89,8 @@
#define STRINGIFY(x) STRINGIFY_INTERNAL(x)
#define STRINGIFY_INTERNAL(x) #x
+#define min(a, b) (((a) < (b)) ? (a) : (b))
+
/* default to old in-kernel interface if no memory pressure events */
static bool use_inkernel_interface = true;
static bool has_inkernel_module;
@@ -119,6 +125,9 @@
static unsigned long kill_timeout_ms;
static bool use_minfree_levels;
static bool per_app_memcg;
+static int swap_free_low_percentage;
+
+static android_log_context ctx;
/* data required to handle events */
struct event_handler_info {
@@ -197,8 +206,19 @@
MI_BUFFERS,
MI_SHMEM,
MI_UNEVICTABLE,
+ MI_TOTAL_SWAP,
MI_FREE_SWAP,
- MI_DIRTY,
+ MI_ACTIVE_ANON,
+ MI_INACTIVE_ANON,
+ MI_ACTIVE_FILE,
+ MI_INACTIVE_FILE,
+ MI_SRECLAIMABLE,
+ MI_SUNRECLAIM,
+ MI_KERNEL_STACK,
+ MI_PAGE_TABLES,
+ MI_ION_HELP,
+ MI_ION_HELP_POOL,
+ MI_CMA_FREE,
MI_FIELD_COUNT
};
@@ -209,8 +229,19 @@
"Buffers:",
"Shmem:",
"Unevictable:",
+ "SwapTotal:",
"SwapFree:",
- "Dirty:",
+ "Active(anon):",
+ "Inactive(anon):",
+ "Active(file):",
+ "Inactive(file):",
+ "SReclaimable:",
+ "SUnreclaim:",
+ "KernelStack:",
+ "PageTables:",
+ "ION_heap:",
+ "ION_heap_pool:",
+ "CmaFree:",
};
union meminfo {
@@ -221,8 +252,19 @@
int64_t buffers;
int64_t shmem;
int64_t unevictable;
+ int64_t total_swap;
int64_t free_swap;
- int64_t dirty;
+ int64_t active_anon;
+ int64_t inactive_anon;
+ int64_t active_file;
+ int64_t inactive_file;
+ int64_t sreclaimable;
+ int64_t sunreclaimable;
+ int64_t kernel_stack;
+ int64_t page_tables;
+ int64_t ion_heap;
+ int64_t ion_heap_pool;
+ int64_t cma_free;
/* fields below are calculated rather than read from the file */
int64_t nr_file_pages;
} field;
@@ -922,6 +964,15 @@
return 0;
}
+static void meminfo_log(union meminfo *mi) {
+ for (int field_idx = 0; field_idx < MI_FIELD_COUNT; field_idx++) {
+ android_log_write_int32(ctx, (int32_t)min(mi->arr[field_idx] * page_k, INT32_MAX));
+ }
+
+ android_log_write_list(ctx, LOG_ID_EVENTS);
+ android_log_reset(ctx);
+}
+
static int proc_get_size(int pid) {
char path[PATH_MAX];
char line[LINE_MAX];
@@ -1306,20 +1357,24 @@
}
}
- // If the pressure is larger than downgrade_pressure lmk will not
- // kill any process, since enough memory is available.
- if (mem_pressure > downgrade_pressure) {
- if (debug_process_killing) {
- ALOGI("Ignore %s memory pressure", level_name[level]);
+ // If we still have enough swap space available, check if we want to
+ // ignore/downgrade pressure events.
+ if (mi.field.free_swap >=
+ mi.field.total_swap * swap_free_low_percentage / 100) {
+ // If the pressure is larger than downgrade_pressure lmk will not
+ // kill any process, since enough memory is available.
+ if (mem_pressure > downgrade_pressure) {
+ if (debug_process_killing) {
+ ALOGI("Ignore %s memory pressure", level_name[level]);
+ }
+ return;
+ } else if (level == VMPRESS_LEVEL_CRITICAL && mem_pressure > upgrade_pressure) {
+ if (debug_process_killing) {
+ ALOGI("Downgrade critical memory pressure");
+ }
+ // Downgrade event, since enough memory available.
+ level = downgrade_level(level);
}
- return;
- } else if (level == VMPRESS_LEVEL_CRITICAL &&
- mem_pressure > upgrade_pressure) {
- if (debug_process_killing) {
- ALOGI("Downgrade critical memory pressure");
- }
- // Downgrade event, since enough memory available.
- level = downgrade_level(level);
}
do_kill:
@@ -1329,6 +1384,8 @@
if (debug_process_killing) {
ALOGI("Nothing to kill");
}
+ } else {
+ meminfo_log(&mi);
}
} else {
int pages_freed;
@@ -1377,6 +1434,9 @@
pages_to_free, pages_freed);
gettimeofday(&last_report_tm, NULL);
}
+ if (pages_freed > 0) {
+ meminfo_log(&mi);
+ }
}
}
@@ -1590,6 +1650,10 @@
property_get_bool("ro.lmk.use_minfree_levels", false);
per_app_memcg =
property_get_bool("ro.config.per_app_memcg", low_ram_device);
+ swap_free_low_percentage =
+ property_get_int32("ro.lmk.swap_free_low_percentage", 10);
+
+ ctx = create_android_logger(MEMINFO_LOG_TAG);
#ifdef LMKD_LOG_STATS
statslog_init(&log_ctx, &enable_stats_log);
@@ -1626,6 +1690,8 @@
statslog_destroy(&log_ctx);
#endif
+ android_log_destroy(&ctx);
+
ALOGI("exiting");
return 0;
}
diff --git a/logd/LogAudit.cpp b/logd/LogAudit.cpp
index 4ea7877..fc8c960 100644
--- a/logd/LogAudit.cpp
+++ b/logd/LogAudit.cpp
@@ -19,6 +19,7 @@
#include <errno.h>
#include <limits.h>
#include <stdarg.h>
+#include <stdint.h>
#include <stdlib.h>
#include <string.h>
#include <sys/prctl.h>
@@ -344,8 +345,7 @@
rc = logbuf->log(
LOG_ID_EVENTS, now, uid, pid, tid, reinterpret_cast<char*>(event),
- (message_len <= USHRT_MAX) ? (unsigned short)message_len
- : USHRT_MAX);
+ (message_len <= UINT16_MAX) ? (uint16_t)message_len : UINT16_MAX);
if (rc >= 0) {
notify |= 1 << LOG_ID_EVENTS;
}
@@ -399,9 +399,9 @@
strncpy(newstr + 1 + str_len + prefix_len + suffix_len,
denial_metadata.c_str(), denial_metadata.length());
- rc = logbuf->log(LOG_ID_MAIN, now, uid, pid, tid, newstr,
- (message_len <= USHRT_MAX) ? (unsigned short)message_len
- : USHRT_MAX);
+ rc = logbuf->log(
+ LOG_ID_MAIN, now, uid, pid, tid, newstr,
+ (message_len <= UINT16_MAX) ? (uint16_t)message_len : UINT16_MAX);
if (rc >= 0) {
notify |= 1 << LOG_ID_MAIN;
diff --git a/logd/LogBuffer.cpp b/logd/LogBuffer.cpp
index 9b04363..fd1b8b2 100644
--- a/logd/LogBuffer.cpp
+++ b/logd/LogBuffer.cpp
@@ -199,7 +199,7 @@
}
int LogBuffer::log(log_id_t log_id, log_time realtime, uid_t uid, pid_t pid,
- pid_t tid, const char* msg, unsigned short len) {
+ pid_t tid, const char* msg, uint16_t len) {
if (log_id >= LOG_ID_MAX) {
return -EINVAL;
}
@@ -240,7 +240,7 @@
LogBufferElement* currentLast = lastLoggedElements[log_id];
if (currentLast) {
LogBufferElement* dropped = droppedElements[log_id];
- unsigned short count = dropped ? dropped->getDropped() : 0;
+ uint16_t count = dropped ? dropped->getDropped() : 0;
//
// State Init
// incoming:
@@ -584,13 +584,13 @@
LogBufferElementMap map;
public:
- bool coalesce(LogBufferElement* element, unsigned short dropped) {
+ bool coalesce(LogBufferElement* element, uint16_t dropped) {
LogBufferElementKey key(element->getUid(), element->getPid(),
element->getTid());
LogBufferElementMap::iterator it = map.find(key.getKey());
if (it != map.end()) {
LogBufferElement* found = it->second;
- unsigned short moreDropped = found->getDropped();
+ uint16_t moreDropped = found->getDropped();
if ((dropped + moreDropped) > USHRT_MAX) {
map.erase(it);
} else {
@@ -847,7 +847,7 @@
mLastSet[id] = true;
}
- unsigned short dropped = element->getDropped();
+ uint16_t dropped = element->getDropped();
// remove any leading drops
if (leading && dropped) {
@@ -927,7 +927,7 @@
kick = true;
- unsigned short len = element->getMsgLen();
+ uint16_t len = element->getMsgLen();
// do not create any leading drops
if (leading) {
diff --git a/logd/LogBuffer.h b/logd/LogBuffer.h
index 0942987..774d4ab 100644
--- a/logd/LogBuffer.h
+++ b/logd/LogBuffer.h
@@ -115,7 +115,7 @@
}
int log(log_id_t log_id, log_time realtime, uid_t uid, pid_t pid, pid_t tid,
- const char* msg, unsigned short len) override;
+ const char* msg, uint16_t len) override;
// lastTid is an optional context to help detect if the last previous
// valid message was from the same source so we can differentiate chatty
// filter types (identical or expired)
diff --git a/logd/LogBufferElement.cpp b/logd/LogBufferElement.cpp
index 2d627b9..19e6d68 100644
--- a/logd/LogBufferElement.cpp
+++ b/logd/LogBufferElement.cpp
@@ -35,7 +35,7 @@
LogBufferElement::LogBufferElement(log_id_t log_id, log_time realtime,
uid_t uid, pid_t pid, pid_t tid,
- const char* msg, unsigned short len)
+ const char* msg, uint16_t len)
: mUid(uid),
mPid(pid),
mTid(tid),
@@ -71,7 +71,7 @@
: 0;
}
-unsigned short LogBufferElement::setDropped(unsigned short value) {
+uint16_t LogBufferElement::setDropped(uint16_t value) {
// The tag information is saved in mMsg data, if the tag is non-zero
// save only the information needed to get the tag.
if (getTag() != 0) {
diff --git a/logd/LogBufferElement.h b/logd/LogBufferElement.h
index b168645..57b0a95 100644
--- a/logd/LogBufferElement.h
+++ b/logd/LogBufferElement.h
@@ -18,6 +18,7 @@
#define _LOGD_LOG_BUFFER_ELEMENT_H__
#include <stdatomic.h>
+#include <stdint.h>
#include <stdlib.h>
#include <sys/types.h>
@@ -56,7 +57,7 @@
public:
LogBufferElement(log_id_t log_id, log_time realtime, uid_t uid, pid_t pid,
- pid_t tid, const char* msg, unsigned short len);
+ pid_t tid, const char* msg, uint16_t len);
LogBufferElement(const LogBufferElement& elem);
~LogBufferElement();
@@ -77,11 +78,11 @@
return mTid;
}
uint32_t getTag() const;
- unsigned short getDropped(void) const {
+ uint16_t getDropped(void) const {
return mDropped ? mDroppedCount : 0;
}
- unsigned short setDropped(unsigned short value);
- unsigned short getMsgLen() const {
+ uint16_t setDropped(uint16_t value);
+ uint16_t getMsgLen() const {
return mDropped ? 0 : mMsgLen;
}
const char* getMsg() const {
diff --git a/logd/LogBufferInterface.h b/logd/LogBufferInterface.h
index ff73a22..f31e244 100644
--- a/logd/LogBufferInterface.h
+++ b/logd/LogBufferInterface.h
@@ -31,7 +31,7 @@
// Handles a log entry when available in LogListener.
// Returns the size of the handled log message.
virtual int log(log_id_t log_id, log_time realtime, uid_t uid, pid_t pid,
- pid_t tid, const char* msg, unsigned short len) = 0;
+ pid_t tid, const char* msg, uint16_t len) = 0;
virtual uid_t pidToUid(pid_t pid);
virtual pid_t tidToPid(pid_t tid);
diff --git a/logd/LogKlog.cpp b/logd/LogKlog.cpp
index ab980ac..e4393a3 100644
--- a/logd/LogKlog.cpp
+++ b/logd/LogKlog.cpp
@@ -821,8 +821,7 @@
}
// Log message
- int rc = logbuf->log(LOG_ID_KERNEL, now, uid, pid, tid, newstr,
- (unsigned short)n);
+ int rc = logbuf->log(LOG_ID_KERNEL, now, uid, pid, tid, newstr, (uint16_t)n);
// notify readers
if (rc > 0) {
diff --git a/logd/LogListener.cpp b/logd/LogListener.cpp
index e568ddc..2f22778 100644
--- a/logd/LogListener.cpp
+++ b/logd/LogListener.cpp
@@ -136,7 +136,7 @@
if (logbuf != nullptr) {
int res = logbuf->log(
logId, header->realtime, cred->uid, cred->pid, header->tid, msg,
- ((size_t)n <= USHRT_MAX) ? (unsigned short)n : USHRT_MAX);
+ ((size_t)n <= UINT16_MAX) ? (uint16_t)n : UINT16_MAX);
if (res > 0 && reader != nullptr) {
reader->notifyNewLog(static_cast<log_mask_t>(1 << logId));
}
diff --git a/logd/LogStatistics.cpp b/logd/LogStatistics.cpp
index cefacf7..116e08e 100644
--- a/logd/LogStatistics.cpp
+++ b/logd/LogStatistics.cpp
@@ -83,7 +83,7 @@
if (element->getDropped()) return;
log_id_t log_id = element->getLogId();
- unsigned short size = element->getMsgLen();
+ uint16_t size = element->getMsgLen();
mSizesTotal[log_id] += size;
SizesTotal += size;
++mElementsTotal[log_id];
@@ -91,7 +91,7 @@
void LogStatistics::add(LogBufferElement* element) {
log_id_t log_id = element->getLogId();
- unsigned short size = element->getMsgLen();
+ uint16_t size = element->getMsgLen();
mSizes[log_id] += size;
++mElements[log_id];
@@ -161,7 +161,7 @@
void LogStatistics::subtract(LogBufferElement* element) {
log_id_t log_id = element->getLogId();
- unsigned short size = element->getMsgLen();
+ uint16_t size = element->getMsgLen();
mSizes[log_id] -= size;
--mElements[log_id];
if (element->getDropped()) {
@@ -206,7 +206,7 @@
// entry->setDropped(1) must follow this call, caller should do this explicitly.
void LogStatistics::drop(LogBufferElement* element) {
log_id_t log_id = element->getLogId();
- unsigned short size = element->getMsgLen();
+ uint16_t size = element->getMsgLen();
mSizes[log_id] -= size;
++mDroppedElements[log_id];
@@ -613,13 +613,13 @@
std::string LogStatistics::format(uid_t uid, pid_t pid,
unsigned int logMask) const {
- static const unsigned short spaces_total = 19;
+ static const uint16_t spaces_total = 19;
// Report on total logging, current and for all time
std::string output = "size/num";
size_t oldLength;
- short spaces = 1;
+ int16_t spaces = 1;
log_id_for_each(id) {
if (!(logMask & (1 << id))) continue;
diff --git a/logd/LogStatistics.h b/logd/LogStatistics.h
index ac3cf9a..d6b8ab3 100644
--- a/logd/LogStatistics.h
+++ b/logd/LogStatistics.h
@@ -520,7 +520,7 @@
return;
}
++msg;
- unsigned short len = element->getMsgLen();
+ uint16_t len = element->getMsgLen();
len = (len <= 1) ? 0 : strnlen(msg, len - 1);
if (!len) {
name = std::string_view("<NULL>", strlen("<NULL>"));
diff --git a/rootdir/Android.mk b/rootdir/Android.mk
index 3a6a5e8..2429b49 100644
--- a/rootdir/Android.mk
+++ b/rootdir/Android.mk
@@ -162,66 +162,6 @@
)
endef
-# Update namespace configuration file with library lists and VNDK version
-#
-# $(1): Input source file (ld.config.txt)
-# $(2): Output built module
-# $(3): VNDK version suffix
-# $(4): true if libz must be included in llndk not in vndk-sp
-define update_and_install_ld_config
-# If $(4) is true, move libz to llndk from vndk-sp.
-$(if $(filter true,$(4)),\
- $(eval llndk_libraries_list := $(LLNDK_LIBRARIES) libz) \
- $(eval vndksp_libraries_list := $(filter-out libz,$(VNDK_SAMEPROCESS_LIBRARIES))),\
- $(eval llndk_libraries_list := $(LLNDK_LIBRARIES)) \
- $(eval vndksp_libraries_list := $(VNDK_SAMEPROCESS_LIBRARIES)))
-
-llndk_libraries := $(call normalize-path-list,$(addsuffix .so,\
- $(filter-out $(VNDK_PRIVATE_LIBRARIES),$(llndk_libraries_list))))
-private_llndk_libraries := $(call normalize-path-list,$(addsuffix .so,\
- $(filter $(VNDK_PRIVATE_LIBRARIES),$(llndk_libraries_list))))
-vndk_sameprocess_libraries := $(call normalize-path-list,$(addsuffix .so,\
- $(filter-out $(VNDK_PRIVATE_LIBRARIES),$(vndksp_libraries_list))))
-vndk_core_libraries := $(call normalize-path-list,$(addsuffix .so,\
- $(filter-out $(VNDK_PRIVATE_LIBRARIES),$(VNDK_CORE_LIBRARIES))))
-sanitizer_runtime_libraries := $(call normalize-path-list,$(addsuffix .so,\
- $(ADDRESS_SANITIZER_RUNTIME_LIBRARY) \
- $(UBSAN_RUNTIME_LIBRARY) \
- $(TSAN_RUNTIME_LIBRARY) \
- $(2ND_ADDRESS_SANITIZER_RUNTIME_LIBRARY) \
- $(2ND_UBSAN_RUNTIME_LIBRARY) \
- $(2ND_TSAN_RUNTIME_LIBRARY)))
-# If BOARD_VNDK_VERSION is not defined, VNDK version suffix will not be used.
-vndk_version_suffix := $(if $(strip $(3)),-$(strip $(3)))
-
-$(2): PRIVATE_LLNDK_LIBRARIES := $$(llndk_libraries)
-$(2): PRIVATE_PRIVATE_LLNDK_LIBRARIES := $$(private_llndk_libraries)
-$(2): PRIVATE_VNDK_SAMEPROCESS_LIBRARIES := $$(vndk_sameprocess_libraries)
-$(2): PRIVATE_VNDK_CORE_LIBRARIES := $$(vndk_core_libraries)
-$(2): PRIVATE_SANITIZER_RUNTIME_LIBRARIES := $$(sanitizer_runtime_libraries)
-$(2): PRIVATE_VNDK_VERSION := $$(vndk_version_suffix)
-$(2): $(1)
- @echo "Generate: $$< -> $$@"
- @mkdir -p $$(dir $$@)
- $$(hide) sed -e 's?%LLNDK_LIBRARIES%?$$(PRIVATE_LLNDK_LIBRARIES)?g' $$< >$$@
- $$(hide) sed -i -e 's?%PRIVATE_LLNDK_LIBRARIES%?$$(PRIVATE_PRIVATE_LLNDK_LIBRARIES)?g' $$@
- $$(hide) sed -i -e 's?%VNDK_SAMEPROCESS_LIBRARIES%?$$(PRIVATE_VNDK_SAMEPROCESS_LIBRARIES)?g' $$@
- $$(hide) sed -i -e 's?%VNDK_CORE_LIBRARIES%?$$(PRIVATE_VNDK_CORE_LIBRARIES)?g' $$@
- $$(hide) sed -i -e 's?%SANITIZER_RUNTIME_LIBRARIES%?$$(PRIVATE_SANITIZER_RUNTIME_LIBRARIES)?g' $$@
- $$(hide) sed -i -e 's?%VNDK_VER%?$$(PRIVATE_VNDK_VERSION)?g' $$@
- $$(hide) sed -i -e 's?%PRODUCT%?$$(TARGET_COPY_OUT_PRODUCT)?g' $$@
- $$(hide) sed -i -e 's?%PRODUCTSERVICES%?$$(TARGET_COPY_OUT_PRODUCTSERVICES)?g' $$@
-
-llndk_libraries_list :=
-vndksp_libraries_list :=
-llndk_libraries :=
-private_llndk_libraries :=
-vndk_sameprocess_libraries :=
-vndk_core_libraries :=
-sanitizer_runtime_libraries :=
-vndk_version_suffix :=
-endef # update_and_install_ld_config
-
#######################################
# ld.config.txt selection variables
@@ -265,21 +205,19 @@
# for VNDK enforced devices
LOCAL_MODULE_STEM := $(call append_vndk_version,$(LOCAL_MODULE))
include $(BUILD_SYSTEM)/base_rules.mk
-$(eval $(call update_and_install_ld_config,\
- $(LOCAL_PATH)/etc/ld.config.txt,\
- $(LOCAL_BUILT_MODULE),\
- $(PLATFORM_VNDK_VERSION)))
+ld_config_template := $(LOCAL_PATH)/etc/ld.config.txt
+vndk_version := $(PLATFORM_VNDK_VERSION)
+include $(LOCAL_PATH)/update_and_install_ld_config.mk
else ifeq ($(_enforce_vndk_lite_at_runtime),true)
# for treblized but VNDK lightly enforced devices
LOCAL_MODULE_STEM := ld.config.vndk_lite.txt
include $(BUILD_SYSTEM)/base_rules.mk
-$(eval $(call update_and_install_ld_config,\
- $(LOCAL_PATH)/etc/ld.config.vndk_lite.txt,\
- $(LOCAL_BUILT_MODULE),\
- $(PLATFORM_VNDK_VERSION),\
- true))
+ld_config_template := $(LOCAL_PATH)/etc/ld.config.vndk_lite.txt
+vndk_version := $(PLATFORM_VNDK_VERSION)
+libz_is_llndk := true
+include $(LOCAL_PATH)/update_and_install_ld_config.mk
else
@@ -290,6 +228,37 @@
endif # ifeq ($(_enforce_vndk_at_runtime),true)
+# ld.config.txt for VNDK versions older than PLATFORM_VNDK_VERSION
+# are built with the VNDK libraries lists under /prebuilts/vndk.
+#
+# ld.config.$(VER).txt is built and installed for all VNDK versions
+# listed in PRODUCT_EXTRA_VNDK_VERSIONS.
+#
+# $(1): VNDK version
+define build_versioned_ld_config
+include $(CLEAR_VARS)
+LOCAL_MODULE := ld.config.$(1).txt
+LOCAL_MODULE_CLASS := ETC
+LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)
+LOCAL_MODULE_STEM := $$(LOCAL_MODULE)
+include $(BUILD_SYSTEM)/base_rules.mk
+ld_config_template := $(LOCAL_PATH)/etc/ld.config.txt
+vndk_version := $(1)
+lib_list_from_prebuilts := true
+include $(LOCAL_PATH)/update_and_install_ld_config.mk
+endef
+
+# For VNDK snapshot versions prior to 28, ld.config.txt is installed from the
+# prebuilt under /prebuilts/vndk
+vndk_snapshots := $(wildcard prebuilts/vndk/*)
+supported_vndk_snapshot_versions := \
+ $(strip $(foreach ver,$(patsubst prebuilts/vndk/v%,%,$(vndk_snapshots)),\
+ $(if $(call math_gt_or_eq,$(ver),28),$(ver),)))
+$(eval $(foreach ver,$(supported_vndk_snapshot_versions),\
+ $(call build_versioned_ld_config,$(ver))))
+
+vndk_snapshots :=
+supported_vndk_snapshot_versions :=
#######################################
# ld.config.vndk_lite.txt
@@ -304,11 +273,10 @@
LOCAL_MODULE_PATH := $(TARGET_OUT_ETC)
LOCAL_MODULE_STEM := $(LOCAL_MODULE)
include $(BUILD_SYSTEM)/base_rules.mk
-$(eval $(call update_and_install_ld_config,\
- $(LOCAL_PATH)/etc/ld.config.vndk_lite.txt,\
- $(LOCAL_BUILT_MODULE),\
- $(PLATFORM_VNDK_VERSION),\
- true))
+ld_config_template := $(LOCAL_PATH)/etc/ld.config.vndk_lite.txt
+vndk_version := $(PLATFORM_VNDK_VERSION)
+libz_is_llndk := true
+include $(LOCAL_PATH)/update_and_install_ld_config.mk
endif # ifeq ($(_enforce_vndk_lite_at_runtime),false)
diff --git a/rootdir/etc/OWNERS b/rootdir/etc/OWNERS
new file mode 100644
index 0000000..8a65b23
--- /dev/null
+++ b/rootdir/etc/OWNERS
@@ -0,0 +1,4 @@
+danalbert@google.com
+enh@google.com
+jiyong@google.com
+rprichard@google.com
diff --git a/rootdir/etc/ld.config.txt b/rootdir/etc/ld.config.txt
index 7d22a3a..620f0fd 100644
--- a/rootdir/etc/ld.config.txt
+++ b/rootdir/etc/ld.config.txt
@@ -8,7 +8,7 @@
dir.system = /system/bin/
dir.system = /system/xbin/
dir.system = /%PRODUCT%/bin/
-dir.system = /%PRODUCTSERVICES%/bin/
+dir.system = /%PRODUCT_SERVICES%/bin/
dir.vendor = /odm/bin/
dir.vendor = /vendor/bin/
@@ -41,7 +41,7 @@
namespace.default.search.paths = /system/${LIB}
namespace.default.search.paths += /%PRODUCT%/${LIB}
-namespace.default.search.paths += /%PRODUCTSERVICES%/${LIB}
+namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB}
# We can't have entire /system/${LIB} as permitted paths because doing so
# makes it possible to load libs in /system/${LIB}/vndk* directories by
@@ -54,7 +54,7 @@
namespace.default.permitted.paths += /system/${LIB}/extractors
namespace.default.permitted.paths += /system/${LIB}/hw
namespace.default.permitted.paths += /%PRODUCT%/${LIB}
-namespace.default.permitted.paths += /%PRODUCTSERVICES%/${LIB}
+namespace.default.permitted.paths += /%PRODUCT_SERVICES%/${LIB}
# These are where odex files are located. libart has to be able to dlopen the files
namespace.default.permitted.paths += /system/framework
namespace.default.permitted.paths += /system/app
@@ -69,9 +69,9 @@
namespace.default.permitted.paths += /%PRODUCT%/framework
namespace.default.permitted.paths += /%PRODUCT%/app
namespace.default.permitted.paths += /%PRODUCT%/priv-app
-namespace.default.permitted.paths += /%PRODUCTSERVICES%/framework
-namespace.default.permitted.paths += /%PRODUCTSERVICES%/app
-namespace.default.permitted.paths += /%PRODUCTSERVICES%/priv-app
+namespace.default.permitted.paths += /%PRODUCT_SERVICES%/framework
+namespace.default.permitted.paths += /%PRODUCT_SERVICES%/app
+namespace.default.permitted.paths += /%PRODUCT_SERVICES%/priv-app
namespace.default.permitted.paths += /data
namespace.default.permitted.paths += /mnt/expand
@@ -100,10 +100,10 @@
namespace.default.asan.permitted.paths += /%PRODUCT%/framework
namespace.default.asan.permitted.paths += /%PRODUCT%/app
namespace.default.asan.permitted.paths += /%PRODUCT%/priv-app
-namespace.default.asan.permitted.paths += /%PRODUCTSERVICES%/${LIB}
-namespace.default.asan.permitted.paths += /%PRODUCTSERVICES%/framework
-namespace.default.asan.permitted.paths += /%PRODUCTSERVICES%/app
-namespace.default.asan.permitted.paths += /%PRODUCTSERVICES%/priv-app
+namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/${LIB}
+namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/framework
+namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/app
+namespace.default.asan.permitted.paths += /%PRODUCT_SERVICES%/priv-app
namespace.default.asan.permitted.paths += /mnt/expand
###############################################################################
@@ -340,7 +340,7 @@
namespace.system.search.paths = /system/${LIB}
namespace.system.search.paths += /%PRODUCT%/${LIB}
-namespace.system.search.paths += /%PRODUCTSERVICES%/${LIB}
+namespace.system.search.paths += /%PRODUCT_SERVICES%/${LIB}
namespace.system.asan.search.paths = /data/asan/system/${LIB}
namespace.system.asan.search.paths += /system/${LIB}
@@ -359,4 +359,4 @@
namespace.default.isolated = false
namespace.default.search.paths = /system/${LIB}
namespace.default.search.paths += /%PRODUCT%/${LIB}
-namespace.default.search.paths += /%PRODUCTSERVICES%/${LIB}
+namespace.default.search.paths += /%PRODUCT_SERVICES%/${LIB}
diff --git a/rootdir/update_and_install_ld_config.mk b/rootdir/update_and_install_ld_config.mk
new file mode 100644
index 0000000..4d6df77
--- /dev/null
+++ b/rootdir/update_and_install_ld_config.mk
@@ -0,0 +1,125 @@
+#####################################################################
+# Builds linker config file, ld.config.txt, from the specified template
+# under $(LOCAL_PATH)/etc/*.
+#
+# Inputs:
+# (expected to follow an include of $(BUILD_SYSTEM)/base_rules.mk)
+# ld_config_template: template linker config file to use,
+# e.g. $(LOCAL_PATH)/etc/ld.config.txt
+# vndk_version: version of the VNDK library lists used to update the
+# template linker config file, e.g. 28
+# lib_list_from_prebuilts: should be set to 'true' if the VNDK library
+# lists should be read from /prebuilts/vndk/*
+# libz_is_llndk: should be set to 'true' if libz must be included in
+# llndk and not in vndk-sp
+# Outputs:
+# Builds and installs ld.config.$VER.txt or ld.config.vndk_lite.txt
+#####################################################################
+
+# Read inputs
+ld_config_template := $(strip $(ld_config_template))
+vndk_version := $(strip $(vndk_version))
+lib_list_from_prebuilts := $(strip $(lib_list_from_prebuilts))
+libz_is_llndk := $(strip $(libz_is_llndk))
+
+intermediates_dir := $(call intermediates-dir-for,ETC,$(LOCAL_MODULE))
+library_lists_dir := $(intermediates_dir)
+ifeq ($(lib_list_from_prebuilts),true)
+ library_lists_dir := prebuilts/vndk/v$(vndk_version)/$(TARGET_ARCH)/configs
+endif
+
+llndk_libraries_file := $(library_lists_dir)/llndk.libraries.$(vndk_version).txt
+vndksp_libraries_file := $(library_lists_dir)/vndksp.libraries.$(vndk_version).txt
+vndkcore_libraries_file := $(library_lists_dir)/vndkcore.libraries.txt
+vndkprivate_libraries_file := $(library_lists_dir)/vndkprivate.libraries.txt
+
+sanitizer_runtime_libraries := $(call normalize-path-list,$(addsuffix .so,\
+ $(ADDRESS_SANITIZER_RUNTIME_LIBRARY) \
+ $(UBSAN_RUNTIME_LIBRARY) \
+ $(TSAN_RUNTIME_LIBRARY) \
+ $(2ND_ADDRESS_SANITIZER_RUNTIME_LIBRARY) \
+ $(2ND_UBSAN_RUNTIME_LIBRARY) \
+ $(2ND_TSAN_RUNTIME_LIBRARY)))
+# If BOARD_VNDK_VERSION is not defined, VNDK version suffix will not be used.
+vndk_version_suffix := $(if $(vndk_version),-$(vndk_version))
+
+ifneq ($(lib_list_from_prebuilts),true)
+ifeq ($(libz_is_llndk),true)
+ llndk_libraries_list := $(LLNDK_LIBRARIES) libz
+ vndksp_libraries_list := $(filter-out libz,$(VNDK_SAMEPROCESS_LIBRARIES))
+else
+ llndk_libraries_list := $(LLNDK_LIBRARIES)
+ vndksp_libraries_list := $(VNDK_SAMEPROCESS_LIBRARIES)
+endif
+
+# $(1): list of libraries
+# $(2): output file to write the list of libraries to
+define write-libs-to-file
+$(2): PRIVATE_LIBRARIES := $(1)
+$(2):
+ echo -n > $$@ && $$(foreach lib,$$(PRIVATE_LIBRARIES),echo $$(lib).so >> $$@;)
+endef
+$(eval $(call write-libs-to-file,$(llndk_libraries_list),$(llndk_libraries_file)))
+$(eval $(call write-libs-to-file,$(vndksp_libraries_list),$(vndksp_libraries_file)))
+$(eval $(call write-libs-to-file,$(VNDK_CORE_LIBRARIES),$(vndkcore_libraries_file)))
+$(eval $(call write-libs-to-file,$(VNDK_PRIVATE_LIBRARIES),$(vndkprivate_libraries_file)))
+endif # ifneq ($(lib_list_from_prebuilts),true)
+
+# Given a file with a list of libs, filter-out the VNDK private libraries
+# and write resulting list to a new file in "a:b:c" format
+#
+# $(1): libs file from which to filter-out VNDK private libraries
+# $(2): output file with the filtered list of lib names
+$(LOCAL_BUILT_MODULE): private-filter-out-private-libs = \
+ paste -sd ":" $(1) > $(2) && \
+ cat $(PRIVATE_VNDK_PRIVATE_LIBRARIES_FILE) | xargs -n 1 -I privatelib bash -c "sed -i.bak 's/privatelib//' $(2)" && \
+ sed -i.bak -e 's/::\+/:/g ; s/^:\+// ; s/:\+$$//' $(2) && \
+ rm -f $(2).bak
+$(LOCAL_BUILT_MODULE): PRIVATE_LLNDK_LIBRARIES_FILE := $(llndk_libraries_file)
+$(LOCAL_BUILT_MODULE): PRIVATE_VNDK_SP_LIBRARIES_FILE := $(vndksp_libraries_file)
+$(LOCAL_BUILT_MODULE): PRIVATE_VNDK_CORE_LIBRARIES_FILE := $(vndkcore_libraries_file)
+$(LOCAL_BUILT_MODULE): PRIVATE_VNDK_PRIVATE_LIBRARIES_FILE := $(vndkprivate_libraries_file)
+$(LOCAL_BUILT_MODULE): PRIVATE_SANITIZER_RUNTIME_LIBRARIES := $(sanitizer_runtime_libraries)
+$(LOCAL_BUILT_MODULE): PRIVATE_VNDK_VERSION_SUFFIX := $(vndk_version_suffix)
+$(LOCAL_BUILT_MODULE): PRIVATE_INTERMEDIATES_DIR := $(intermediates_dir)
+deps := $(llndk_libraries_file) $(vndksp_libraries_file) $(vndkcore_libraries_file) \
+ $(vndkprivate_libraries_file)
+
+$(LOCAL_BUILT_MODULE): $(ld_config_template) $(deps)
+ @echo "Generate: $< -> $@"
+ @mkdir -p $(dir $@)
+ $(call private-filter-out-private-libs,$(PRIVATE_LLNDK_LIBRARIES_FILE),$(PRIVATE_INTERMEDIATES_DIR)/llndk_filtered)
+ $(hide) sed -e "s?%LLNDK_LIBRARIES%?$$(cat $(PRIVATE_INTERMEDIATES_DIR)/llndk_filtered)?g" $< >$@
+ $(call private-filter-out-private-libs,$(PRIVATE_VNDK_SP_LIBRARIES_FILE),$(PRIVATE_INTERMEDIATES_DIR)/vndksp_filtered)
+ $(hide) sed -i.bak -e "s?%VNDK_SAMEPROCESS_LIBRARIES%?$$(cat $(PRIVATE_INTERMEDIATES_DIR)/vndksp_filtered)?g" $@
+ $(call private-filter-out-private-libs,$(PRIVATE_VNDK_CORE_LIBRARIES_FILE),$(PRIVATE_INTERMEDIATES_DIR)/vndkcore_filtered)
+ $(hide) sed -i.bak -e "s?%VNDK_CORE_LIBRARIES%?$$(cat $(PRIVATE_INTERMEDIATES_DIR)/vndkcore_filtered)?g" $@
+
+ $(hide) echo -n > $(PRIVATE_INTERMEDIATES_DIR)/private_llndk && \
+ cat $(PRIVATE_VNDK_PRIVATE_LIBRARIES_FILE) | \
+ xargs -n 1 -I privatelib bash -c "(grep privatelib $(PRIVATE_LLNDK_LIBRARIES_FILE) || true) >> $(PRIVATE_INTERMEDIATES_DIR)/private_llndk" && \
+ paste -sd ":" $(PRIVATE_INTERMEDIATES_DIR)/private_llndk | \
+ sed -i.bak -e "s?%PRIVATE_LLNDK_LIBRARIES%?$$(cat -)?g" $@
+
+ $(hide) sed -i.bak -e 's?%SANITIZER_RUNTIME_LIBRARIES%?$(PRIVATE_SANITIZER_RUNTIME_LIBRARIES)?g' $@
+ $(hide) sed -i.bak -e 's?%VNDK_VER%?$(PRIVATE_VNDK_VERSION_SUFFIX)?g' $@
+ $(hide) sed -i.bak -e 's?%PRODUCT%?$(TARGET_COPY_OUT_PRODUCT)?g' $@
+ $(hide) sed -i.bak -e 's?%PRODUCT_SERVICES%?$(TARGET_COPY_OUT_PRODUCT_SERVICES)?g' $@
+ $(hide) rm -f $@.bak
+
+ld_config_template :=
+vndk_version :=
+lib_list_from_prebuilts :=
+libz_is_llndk :=
+intermediates_dir :=
+library_lists_dir :=
+llndk_libraries_file :=
+vndksp_libraries_file :=
+vndkcore_libraries_file :=
+vndkprivate_libraries_file :=
+deps :=
+sanitizer_runtime_libraries :=
+vndk_version_suffix :=
+llndk_libraries_list :=
+vndksp_libraries_list :=
+write-libs-to-file :=
diff --git a/trusty/keymaster/3.0/TrustyKeymaster3Device.cpp b/trusty/keymaster/3.0/TrustyKeymaster3Device.cpp
new file mode 100644
index 0000000..8e3b3b1
--- /dev/null
+++ b/trusty/keymaster/3.0/TrustyKeymaster3Device.cpp
@@ -0,0 +1,448 @@
+/*
+ **
+ ** Copyright 2018, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ ** http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+#define LOG_TAG "android.hardware.keymaster@3.0-impl.trusty"
+
+#include <authorization_set.h>
+#include <cutils/log.h>
+#include <keymaster/android_keymaster_messages.h>
+#include <trusty_keymaster/TrustyKeymaster3Device.h>
+
+using ::keymaster::AbortOperationRequest;
+using ::keymaster::AbortOperationResponse;
+using ::keymaster::AddEntropyRequest;
+using ::keymaster::AddEntropyResponse;
+using ::keymaster::AttestKeyRequest;
+using ::keymaster::AttestKeyResponse;
+using ::keymaster::AuthorizationSet;
+using ::keymaster::BeginOperationRequest;
+using ::keymaster::BeginOperationResponse;
+using ::keymaster::ExportKeyRequest;
+using ::keymaster::ExportKeyResponse;
+using ::keymaster::FinishOperationRequest;
+using ::keymaster::FinishOperationResponse;
+using ::keymaster::GenerateKeyRequest;
+using ::keymaster::GenerateKeyResponse;
+using ::keymaster::GetKeyCharacteristicsRequest;
+using ::keymaster::GetKeyCharacteristicsResponse;
+using ::keymaster::ImportKeyRequest;
+using ::keymaster::ImportKeyResponse;
+using ::keymaster::UpdateOperationRequest;
+using ::keymaster::UpdateOperationResponse;
+using ::keymaster::ng::Tag;
+
+namespace keymaster {
+
+namespace {
+
+inline keymaster_tag_t legacy_enum_conversion(const Tag value) {
+ return keymaster_tag_t(value);
+}
+inline Tag legacy_enum_conversion(const keymaster_tag_t value) {
+ return Tag(value);
+}
+inline keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) {
+ return keymaster_purpose_t(value);
+}
+inline keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) {
+ return keymaster_key_format_t(value);
+}
+inline ErrorCode legacy_enum_conversion(const keymaster_error_t value) {
+ return ErrorCode(value);
+}
+
+inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) {
+ return keymaster_tag_get_type(tag);
+}
+
+class KmParamSet : public keymaster_key_param_set_t {
+ public:
+ KmParamSet(const hidl_vec<KeyParameter>& keyParams) {
+ params = new keymaster_key_param_t[keyParams.size()];
+ length = keyParams.size();
+ for (size_t i = 0; i < keyParams.size(); ++i) {
+ auto tag = legacy_enum_conversion(keyParams[i].tag);
+ switch (typeFromTag(tag)) {
+ case KM_ENUM:
+ case KM_ENUM_REP:
+ params[i] = keymaster_param_enum(tag, keyParams[i].f.integer);
+ break;
+ case KM_UINT:
+ case KM_UINT_REP:
+ params[i] = keymaster_param_int(tag, keyParams[i].f.integer);
+ break;
+ case KM_ULONG:
+ case KM_ULONG_REP:
+ params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger);
+ break;
+ case KM_DATE:
+ params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime);
+ break;
+ case KM_BOOL:
+ if (keyParams[i].f.boolValue)
+ params[i] = keymaster_param_bool(tag);
+ else
+ params[i].tag = KM_TAG_INVALID;
+ break;
+ case KM_BIGNUM:
+ case KM_BYTES:
+ params[i] = keymaster_param_blob(tag, &keyParams[i].blob[0],
+ keyParams[i].blob.size());
+ break;
+ case KM_INVALID:
+ default:
+ params[i].tag = KM_TAG_INVALID;
+ /* just skip */
+ break;
+ }
+ }
+ }
+ KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} {
+ other.length = 0;
+ other.params = nullptr;
+ }
+ KmParamSet(const KmParamSet&) = delete;
+ ~KmParamSet() { delete[] params; }
+};
+
+inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_key_blob_t& blob) {
+ hidl_vec<uint8_t> result;
+ result.setToExternal(const_cast<unsigned char*>(blob.key_material), blob.key_material_size);
+ return result;
+}
+
+inline hidl_vec<uint8_t> kmBlob2hidlVec(const keymaster_blob_t& blob) {
+ hidl_vec<uint8_t> result;
+ result.setToExternal(const_cast<unsigned char*>(blob.data), blob.data_length);
+ return result;
+}
+
+inline hidl_vec<uint8_t> kmBuffer2hidlVec(const ::keymaster::Buffer& buf) {
+ hidl_vec<uint8_t> result;
+ result.setToExternal(const_cast<unsigned char*>(buf.peek_read()), buf.available_read());
+ return result;
+}
+
+inline static hidl_vec<hidl_vec<uint8_t>> kmCertChain2Hidl(
+ const keymaster_cert_chain_t& cert_chain) {
+ hidl_vec<hidl_vec<uint8_t>> result;
+ if (!cert_chain.entry_count || !cert_chain.entries) return result;
+
+ result.resize(cert_chain.entry_count);
+ for (size_t i = 0; i < cert_chain.entry_count; ++i) {
+ result[i] = kmBlob2hidlVec(cert_chain.entries[i]);
+ }
+
+ return result;
+}
+
+static inline hidl_vec<KeyParameter> kmParamSet2Hidl(const keymaster_key_param_set_t& set) {
+ hidl_vec<KeyParameter> result;
+ if (set.length == 0 || set.params == nullptr) return result;
+
+ result.resize(set.length);
+ keymaster_key_param_t* params = set.params;
+ for (size_t i = 0; i < set.length; ++i) {
+ auto tag = params[i].tag;
+ result[i].tag = legacy_enum_conversion(tag);
+ switch (typeFromTag(tag)) {
+ case KM_ENUM:
+ case KM_ENUM_REP:
+ result[i].f.integer = params[i].enumerated;
+ break;
+ case KM_UINT:
+ case KM_UINT_REP:
+ result[i].f.integer = params[i].integer;
+ break;
+ case KM_ULONG:
+ case KM_ULONG_REP:
+ result[i].f.longInteger = params[i].long_integer;
+ break;
+ case KM_DATE:
+ result[i].f.dateTime = params[i].date_time;
+ break;
+ case KM_BOOL:
+ result[i].f.boolValue = params[i].boolean;
+ break;
+ case KM_BIGNUM:
+ case KM_BYTES:
+ result[i].blob.setToExternal(const_cast<unsigned char*>(params[i].blob.data),
+ params[i].blob.data_length);
+ break;
+ case KM_INVALID:
+ default:
+ params[i].tag = KM_TAG_INVALID;
+ /* just skip */
+ break;
+ }
+ }
+ return result;
+}
+
+void addClientAndAppData(const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
+ ::keymaster::AuthorizationSet* params) {
+ params->Clear();
+ if (clientId.size()) {
+ params->push_back(::keymaster::TAG_APPLICATION_ID, clientId.data(), clientId.size());
+ }
+ if (appData.size()) {
+ params->push_back(::keymaster::TAG_APPLICATION_DATA, appData.data(), appData.size());
+ }
+}
+
+} // anonymous namespace
+
+TrustyKeymaster3Device::TrustyKeymaster3Device(TrustyKeymaster* impl) : impl_(impl) {}
+
+TrustyKeymaster3Device::~TrustyKeymaster3Device() {}
+
+Return<void> TrustyKeymaster3Device::getHardwareFeatures(getHardwareFeatures_cb _hidl_cb) {
+ _hidl_cb(true /* is_secure */, true /* supports_ec */,
+ true /* supports_symmetric_cryptography */, true /* supports_attestation */,
+ true /* supportsAllDigests */, "TrustyKeymaster", "Google");
+ return Void();
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::addRngEntropy(const hidl_vec<uint8_t>& data) {
+ if (data.size() == 0) return ErrorCode::OK;
+ AddEntropyRequest request;
+ request.random_data.Reinitialize(data.data(), data.size());
+
+ AddEntropyResponse response;
+ impl_->AddRngEntropy(request, &response);
+
+ return legacy_enum_conversion(response.error);
+}
+
+Return<void> TrustyKeymaster3Device::generateKey(const hidl_vec<KeyParameter>& keyParams,
+ generateKey_cb _hidl_cb) {
+ GenerateKeyRequest request;
+ request.key_description.Reinitialize(KmParamSet(keyParams));
+
+ GenerateKeyResponse response;
+ impl_->GenerateKey(request, &response);
+
+ KeyCharacteristics resultCharacteristics;
+ hidl_vec<uint8_t> resultKeyBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultKeyBlob = kmBlob2hidlVec(response.key_blob);
+ resultCharacteristics.teeEnforced = kmParamSet2Hidl(response.enforced);
+ resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId,
+ const hidl_vec<uint8_t>& appData,
+ getKeyCharacteristics_cb _hidl_cb) {
+ GetKeyCharacteristicsRequest request;
+ request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
+ addClientAndAppData(clientId, appData, &request.additional_params);
+
+ GetKeyCharacteristicsResponse response;
+ impl_->GetKeyCharacteristics(request, &response);
+
+ KeyCharacteristics resultCharacteristics;
+ if (response.error == KM_ERROR_OK) {
+ resultCharacteristics.teeEnforced = kmParamSet2Hidl(response.enforced);
+ resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultCharacteristics);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::importKey(const hidl_vec<KeyParameter>& params,
+ KeyFormat keyFormat,
+ const hidl_vec<uint8_t>& keyData,
+ importKey_cb _hidl_cb) {
+ ImportKeyRequest request;
+ request.key_description.Reinitialize(KmParamSet(params));
+ request.key_format = legacy_enum_conversion(keyFormat);
+ request.SetKeyMaterial(keyData.data(), keyData.size());
+
+ ImportKeyResponse response;
+ impl_->ImportKey(request, &response);
+
+ KeyCharacteristics resultCharacteristics;
+ hidl_vec<uint8_t> resultKeyBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultKeyBlob = kmBlob2hidlVec(response.key_blob);
+ resultCharacteristics.teeEnforced = kmParamSet2Hidl(response.enforced);
+ resultCharacteristics.softwareEnforced = kmParamSet2Hidl(response.unenforced);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob, resultCharacteristics);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::exportKey(KeyFormat exportFormat,
+ const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId,
+ const hidl_vec<uint8_t>& appData,
+ exportKey_cb _hidl_cb) {
+ ExportKeyRequest request;
+ request.key_format = legacy_enum_conversion(exportFormat);
+ request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
+ addClientAndAppData(clientId, appData, &request.additional_params);
+
+ ExportKeyResponse response;
+ impl_->ExportKey(request, &response);
+
+ hidl_vec<uint8_t> resultKeyBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultKeyBlob.setToExternal(response.key_data, response.key_data_length);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultKeyBlob);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::attestKey(const hidl_vec<uint8_t>& keyToAttest,
+ const hidl_vec<KeyParameter>& attestParams,
+ attestKey_cb _hidl_cb) {
+ AttestKeyRequest request;
+ request.SetKeyMaterial(keyToAttest.data(), keyToAttest.size());
+ request.attest_params.Reinitialize(KmParamSet(attestParams));
+
+ AttestKeyResponse response;
+ impl_->AttestKey(request, &response);
+
+ hidl_vec<hidl_vec<uint8_t>> resultCertChain;
+ if (response.error == KM_ERROR_OK) {
+ resultCertChain = kmCertChain2Hidl(response.certificate_chain);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultCertChain);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
+ const hidl_vec<KeyParameter>& upgradeParams,
+ upgradeKey_cb _hidl_cb) {
+ UpgradeKeyRequest request;
+ request.SetKeyMaterial(keyBlobToUpgrade.data(), keyBlobToUpgrade.size());
+ request.upgrade_params.Reinitialize(KmParamSet(upgradeParams));
+
+ UpgradeKeyResponse response;
+ impl_->UpgradeKey(request, &response);
+
+ if (response.error == KM_ERROR_OK) {
+ _hidl_cb(ErrorCode::OK, kmBlob2hidlVec(response.upgraded_key));
+ } else {
+ _hidl_cb(legacy_enum_conversion(response.error), hidl_vec<uint8_t>());
+ }
+ return Void();
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::deleteKey(const hidl_vec<uint8_t>& keyBlob) {
+ DeleteKeyRequest request;
+ request.SetKeyMaterial(keyBlob.data(), keyBlob.size());
+
+ DeleteKeyResponse response;
+ impl_->DeleteKey(request, &response);
+
+ return legacy_enum_conversion(response.error);
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::deleteAllKeys() {
+ DeleteAllKeysRequest request;
+ DeleteAllKeysResponse response;
+ impl_->DeleteAllKeys(request, &response);
+
+ return legacy_enum_conversion(response.error);
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::destroyAttestationIds() {
+ return ErrorCode::UNIMPLEMENTED;
+}
+
+Return<void> TrustyKeymaster3Device::begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
+ const hidl_vec<KeyParameter>& inParams,
+ begin_cb _hidl_cb) {
+ BeginOperationRequest request;
+ request.purpose = legacy_enum_conversion(purpose);
+ request.SetKeyMaterial(key.data(), key.size());
+ request.additional_params.Reinitialize(KmParamSet(inParams));
+
+ BeginOperationResponse response;
+ impl_->BeginOperation(request, &response);
+
+ hidl_vec<KeyParameter> resultParams;
+ if (response.error == KM_ERROR_OK) {
+ resultParams = kmParamSet2Hidl(response.output_params);
+ }
+
+ _hidl_cb(legacy_enum_conversion(response.error), resultParams, response.op_handle);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::update(uint64_t operationHandle,
+ const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, update_cb _hidl_cb) {
+ UpdateOperationRequest request;
+ request.op_handle = operationHandle;
+ request.input.Reinitialize(input.data(), input.size());
+ request.additional_params.Reinitialize(KmParamSet(inParams));
+
+ UpdateOperationResponse response;
+ impl_->UpdateOperation(request, &response);
+
+ uint32_t resultConsumed = 0;
+ hidl_vec<KeyParameter> resultParams;
+ hidl_vec<uint8_t> resultBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultConsumed = response.input_consumed;
+ resultParams = kmParamSet2Hidl(response.output_params);
+ resultBlob = kmBuffer2hidlVec(response.output);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultConsumed, resultParams, resultBlob);
+ return Void();
+}
+
+Return<void> TrustyKeymaster3Device::finish(uint64_t operationHandle,
+ const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input,
+ const hidl_vec<uint8_t>& signature,
+ finish_cb _hidl_cb) {
+ FinishOperationRequest request;
+ request.op_handle = operationHandle;
+ request.input.Reinitialize(input.data(), input.size());
+ request.signature.Reinitialize(signature.data(), signature.size());
+ request.additional_params.Reinitialize(KmParamSet(inParams));
+
+ FinishOperationResponse response;
+ impl_->FinishOperation(request, &response);
+
+ hidl_vec<KeyParameter> resultParams;
+ hidl_vec<uint8_t> resultBlob;
+ if (response.error == KM_ERROR_OK) {
+ resultParams = kmParamSet2Hidl(response.output_params);
+ resultBlob = kmBuffer2hidlVec(response.output);
+ }
+ _hidl_cb(legacy_enum_conversion(response.error), resultParams, resultBlob);
+ return Void();
+}
+
+Return<ErrorCode> TrustyKeymaster3Device::abort(uint64_t operationHandle) {
+ AbortOperationRequest request;
+ request.op_handle = operationHandle;
+
+ AbortOperationResponse response;
+ impl_->AbortOperation(request, &response);
+
+ return legacy_enum_conversion(response.error);
+}
+} // namespace keymaster
diff --git a/trusty/keymaster/3.0/android.hardware.keymaster@3.0-service.trusty.rc b/trusty/keymaster/3.0/android.hardware.keymaster@3.0-service.trusty.rc
new file mode 100644
index 0000000..e9d3054
--- /dev/null
+++ b/trusty/keymaster/3.0/android.hardware.keymaster@3.0-service.trusty.rc
@@ -0,0 +1,4 @@
+service vendor.keymaster-3-0 /vendor/bin/hw/android.hardware.keymaster@3.0-service.trusty
+ class early_hal
+ user nobody
+ group system drmrpc
diff --git a/trusty/keymaster/3.0/service.cpp b/trusty/keymaster/3.0/service.cpp
new file mode 100644
index 0000000..0d8436e
--- /dev/null
+++ b/trusty/keymaster/3.0/service.cpp
@@ -0,0 +1,43 @@
+/*
+**
+** Copyright 2018, The Android Open Source Project
+**
+** Licensed under the Apache License, Version 2.0 (the "License");
+** you may not use this file except in compliance with the License.
+** You may obtain a copy of the License at
+**
+** http://www.apache.org/licenses/LICENSE-2.0
+**
+** Unless required by applicable law or agreed to in writing, software
+** distributed under the License is distributed on an "AS IS" BASIS,
+** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+** See the License for the specific language governing permissions and
+** limitations under the License.
+*/
+
+#include <android-base/logging.h>
+#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
+#include <hidl/HidlTransportSupport.h>
+#include <trusty_keymaster/TrustyKeymaster.h>
+#include <trusty_keymaster/TrustyKeymaster3Device.h>
+
+int main() {
+ ::android::hardware::configureRpcThreadpool(1, true);
+ auto trustyKeymaster = new keymaster::TrustyKeymaster();
+ int err = trustyKeymaster->Initialize();
+ if (err != 0) {
+ LOG(FATAL) << "Could not initialize TrustyKeymaster (" << err << ")";
+ return -1;
+ }
+
+ auto keymaster = new ::keymaster::TrustyKeymaster3Device(trustyKeymaster);
+
+ auto status = keymaster->registerAsService();
+ if (status != android::OK) {
+ LOG(FATAL) << "Could not register service for Keymaster 3.0 (" << status << ")";
+ return -1;
+ }
+
+ android::hardware::joinRpcThreadpool();
+ return -1; // Should never get here.
+}
diff --git a/trusty/keymaster/Android.bp b/trusty/keymaster/Android.bp
index 899f8a3..819851f 100644
--- a/trusty/keymaster/Android.bp
+++ b/trusty/keymaster/Android.bp
@@ -27,14 +27,17 @@
name: "trusty_keymaster_tipc",
vendor: true,
srcs: [
- "trusty_keymaster_device.cpp",
- "trusty_keymaster_ipc.cpp",
- "trusty_keymaster_main.cpp",
+ "ipc/trusty_keymaster_ipc.cpp",
+ "legacy/trusty_keymaster_device.cpp",
+ "legacy/trusty_keymaster_main.cpp",
],
cflags: [
"-Wall",
"-Werror",
],
+
+ local_include_dirs: ["include"],
+
shared_libs: [
"libcrypto",
"libcutils",
@@ -52,9 +55,9 @@
vendor: true,
relative_install_path: "hw",
srcs: [
- "module.cpp",
- "trusty_keymaster_ipc.cpp",
- "trusty_keymaster_device.cpp",
+ "ipc/trusty_keymaster_ipc.cpp",
+ "legacy/module.cpp",
+ "legacy/trusty_keymaster_device.cpp",
],
cflags: [
@@ -63,6 +66,8 @@
"-Werror",
],
+ local_include_dirs: ["include"],
+
shared_libs: [
"libcrypto",
"libkeymaster_messages",
@@ -72,3 +77,34 @@
],
header_libs: ["libhardware_headers"],
}
+
+cc_binary {
+ name: "android.hardware.keymaster@3.0-service.trusty",
+ defaults: ["hidl_defaults"],
+ relative_install_path: "hw",
+ vendor: true,
+ init_rc: ["3.0/android.hardware.keymaster@3.0-service.trusty.rc"],
+ srcs: [
+ "3.0/service.cpp",
+ "3.0/TrustyKeymaster3Device.cpp",
+ "ipc/trusty_keymaster_ipc.cpp",
+ "TrustyKeymaster.cpp",
+ ],
+
+ local_include_dirs: ["include"],
+
+ shared_libs: [
+ "liblog",
+ "libcutils",
+ "libdl",
+ "libbase",
+ "libutils",
+ "libhardware",
+ "libhidlbase",
+ "libhidltransport",
+ "libtrusty",
+ "libkeymaster_messages",
+ "libkeymaster3device",
+ "android.hardware.keymaster@3.0"
+ ],
+}
diff --git a/trusty/keymaster/TrustyKeymaster.cpp b/trusty/keymaster/TrustyKeymaster.cpp
new file mode 100644
index 0000000..7f5e87f
--- /dev/null
+++ b/trusty/keymaster/TrustyKeymaster.cpp
@@ -0,0 +1,196 @@
+/*
+ * Copyright 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <cutils/log.h>
+#include <keymaster/android_keymaster_messages.h>
+#include <keymaster/keymaster_configuration.h>
+#include <trusty_keymaster/TrustyKeymaster.h>
+#include <trusty_keymaster/ipc/trusty_keymaster_ipc.h>
+
+namespace keymaster {
+
+int TrustyKeymaster::Initialize() {
+ int err;
+
+ err = trusty_keymaster_connect();
+ if (err) {
+ ALOGE("Failed to connect to trusty keymaster %d", err);
+ return err;
+ }
+
+ ConfigureRequest req;
+ req.os_version = GetOsVersion();
+ req.os_patchlevel = GetOsPatchlevel();
+
+ ConfigureResponse rsp;
+ Configure(req, &rsp);
+
+ if (rsp.error != KM_ERROR_OK) {
+ ALOGE("Failed to configure keymaster %d", rsp.error);
+ return -1;
+ }
+
+ return 0;
+}
+
+TrustyKeymaster::TrustyKeymaster() {}
+
+TrustyKeymaster::~TrustyKeymaster() {
+ trusty_keymaster_disconnect();
+}
+
+static void ForwardCommand(enum keymaster_command command, const Serializable& req,
+ KeymasterResponse* rsp) {
+ keymaster_error_t err;
+ err = trusty_keymaster_send(command, req, rsp);
+ if (err != KM_ERROR_OK) {
+ ALOGE("Failed to send cmd %d err: %d", command, err);
+ rsp->error = err;
+ }
+}
+
+void TrustyKeymaster::GetVersion(const GetVersionRequest& request, GetVersionResponse* response) {
+ ForwardCommand(KM_GET_VERSION, request, response);
+}
+
+void TrustyKeymaster::SupportedAlgorithms(const SupportedAlgorithmsRequest& request,
+ SupportedAlgorithmsResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_ALGORITHMS, request, response);
+}
+
+void TrustyKeymaster::SupportedBlockModes(const SupportedBlockModesRequest& request,
+ SupportedBlockModesResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_BLOCK_MODES, request, response);
+}
+
+void TrustyKeymaster::SupportedPaddingModes(const SupportedPaddingModesRequest& request,
+ SupportedPaddingModesResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_PADDING_MODES, request, response);
+}
+
+void TrustyKeymaster::SupportedDigests(const SupportedDigestsRequest& request,
+ SupportedDigestsResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_DIGESTS, request, response);
+}
+
+void TrustyKeymaster::SupportedImportFormats(const SupportedImportFormatsRequest& request,
+ SupportedImportFormatsResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_IMPORT_FORMATS, request, response);
+}
+
+void TrustyKeymaster::SupportedExportFormats(const SupportedExportFormatsRequest& request,
+ SupportedExportFormatsResponse* response) {
+ ForwardCommand(KM_GET_SUPPORTED_EXPORT_FORMATS, request, response);
+}
+
+void TrustyKeymaster::AddRngEntropy(const AddEntropyRequest& request,
+ AddEntropyResponse* response) {
+ ForwardCommand(KM_ADD_RNG_ENTROPY, request, response);
+}
+
+void TrustyKeymaster::Configure(const ConfigureRequest& request, ConfigureResponse* response) {
+ ForwardCommand(KM_CONFIGURE, request, response);
+}
+
+void TrustyKeymaster::GenerateKey(const GenerateKeyRequest& request,
+ GenerateKeyResponse* response) {
+ GenerateKeyRequest datedRequest(request.message_version);
+ datedRequest.key_description = request.key_description;
+
+ if (!request.key_description.Contains(TAG_CREATION_DATETIME)) {
+ datedRequest.key_description.push_back(TAG_CREATION_DATETIME, java_time(time(NULL)));
+ }
+
+ ForwardCommand(KM_GENERATE_KEY, datedRequest, response);
+}
+
+void TrustyKeymaster::GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
+ GetKeyCharacteristicsResponse* response) {
+ ForwardCommand(KM_GET_KEY_CHARACTERISTICS, request, response);
+}
+
+void TrustyKeymaster::ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response) {
+ ForwardCommand(KM_IMPORT_KEY, request, response);
+}
+
+void TrustyKeymaster::ImportWrappedKey(const ImportWrappedKeyRequest& request,
+ ImportWrappedKeyResponse* response) {
+ ForwardCommand(KM_IMPORT_WRAPPED_KEY, request, response);
+}
+
+void TrustyKeymaster::ExportKey(const ExportKeyRequest& request, ExportKeyResponse* response) {
+ ForwardCommand(KM_EXPORT_KEY, request, response);
+}
+
+void TrustyKeymaster::AttestKey(const AttestKeyRequest& request, AttestKeyResponse* response) {
+ ForwardCommand(KM_ATTEST_KEY, request, response);
+}
+
+void TrustyKeymaster::UpgradeKey(const UpgradeKeyRequest& request, UpgradeKeyResponse* response) {
+ ForwardCommand(KM_UPGRADE_KEY, request, response);
+}
+
+void TrustyKeymaster::DeleteKey(const DeleteKeyRequest& request, DeleteKeyResponse* response) {
+ ForwardCommand(KM_DELETE_KEY, request, response);
+}
+
+void TrustyKeymaster::DeleteAllKeys(const DeleteAllKeysRequest& request,
+ DeleteAllKeysResponse* response) {
+ ForwardCommand(KM_DELETE_ALL_KEYS, request, response);
+}
+
+void TrustyKeymaster::BeginOperation(const BeginOperationRequest& request,
+ BeginOperationResponse* response) {
+ ForwardCommand(KM_BEGIN_OPERATION, request, response);
+}
+
+void TrustyKeymaster::UpdateOperation(const UpdateOperationRequest& request,
+ UpdateOperationResponse* response) {
+ ForwardCommand(KM_UPDATE_OPERATION, request, response);
+}
+
+void TrustyKeymaster::FinishOperation(const FinishOperationRequest& request,
+ FinishOperationResponse* response) {
+ ForwardCommand(KM_FINISH_OPERATION, request, response);
+}
+
+void TrustyKeymaster::AbortOperation(const AbortOperationRequest& request,
+ AbortOperationResponse* response) {
+ ForwardCommand(KM_ABORT_OPERATION, request, response);
+}
+
+/* Methods for Keymaster 4.0 functionality -- not yet implemented */
+GetHmacSharingParametersResponse TrustyKeymaster::GetHmacSharingParameters() {
+ GetHmacSharingParametersResponse response;
+ response.error = KM_ERROR_UNIMPLEMENTED;
+ return response;
+}
+
+ComputeSharedHmacResponse TrustyKeymaster::ComputeSharedHmac(
+ const ComputeSharedHmacRequest& /* request */) {
+ ComputeSharedHmacResponse response;
+ response.error = KM_ERROR_UNIMPLEMENTED;
+ return response;
+}
+
+VerifyAuthorizationResponse TrustyKeymaster::VerifyAuthorization(
+ const VerifyAuthorizationRequest& /* request */) {
+ VerifyAuthorizationResponse response;
+ response.error = KM_ERROR_UNIMPLEMENTED;
+ return response;
+}
+
+} // namespace keymaster
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
new file mode 100644
index 0000000..030b645
--- /dev/null
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
@@ -0,0 +1,66 @@
+/*
+ * Copyright 2018 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TRUSTY_KEYMASTER_H_
+#define TRUSTY_KEYMASTER_H_
+
+#include <keymaster/android_keymaster_messages.h>
+
+namespace keymaster {
+
+class TrustyKeymaster {
+ public:
+ TrustyKeymaster();
+ ~TrustyKeymaster();
+ int Initialize();
+ void GetVersion(const GetVersionRequest& request, GetVersionResponse* response);
+ void SupportedAlgorithms(const SupportedAlgorithmsRequest& request,
+ SupportedAlgorithmsResponse* response);
+ void SupportedBlockModes(const SupportedBlockModesRequest& request,
+ SupportedBlockModesResponse* response);
+ void SupportedPaddingModes(const SupportedPaddingModesRequest& request,
+ SupportedPaddingModesResponse* response);
+ void SupportedDigests(const SupportedDigestsRequest& request,
+ SupportedDigestsResponse* response);
+ void SupportedImportFormats(const SupportedImportFormatsRequest& request,
+ SupportedImportFormatsResponse* response);
+ void SupportedExportFormats(const SupportedExportFormatsRequest& request,
+ SupportedExportFormatsResponse* response);
+ void AddRngEntropy(const AddEntropyRequest& request, AddEntropyResponse* response);
+ void Configure(const ConfigureRequest& request, ConfigureResponse* response);
+ void GenerateKey(const GenerateKeyRequest& request, GenerateKeyResponse* response);
+ void GetKeyCharacteristics(const GetKeyCharacteristicsRequest& request,
+ GetKeyCharacteristicsResponse* response);
+ void ImportKey(const ImportKeyRequest& request, ImportKeyResponse* response);
+ void ImportWrappedKey(const ImportWrappedKeyRequest& request,
+ ImportWrappedKeyResponse* response);
+ void ExportKey(const ExportKeyRequest& request, ExportKeyResponse* response);
+ void AttestKey(const AttestKeyRequest& request, AttestKeyResponse* response);
+ void UpgradeKey(const UpgradeKeyRequest& request, UpgradeKeyResponse* response);
+ void DeleteKey(const DeleteKeyRequest& request, DeleteKeyResponse* response);
+ void DeleteAllKeys(const DeleteAllKeysRequest& request, DeleteAllKeysResponse* response);
+ void BeginOperation(const BeginOperationRequest& request, BeginOperationResponse* response);
+ void UpdateOperation(const UpdateOperationRequest& request, UpdateOperationResponse* response);
+ void FinishOperation(const FinishOperationRequest& request, FinishOperationResponse* response);
+ void AbortOperation(const AbortOperationRequest& request, AbortOperationResponse* response);
+ GetHmacSharingParametersResponse GetHmacSharingParameters();
+ ComputeSharedHmacResponse ComputeSharedHmac(const ComputeSharedHmacRequest& request);
+ VerifyAuthorizationResponse VerifyAuthorization(const VerifyAuthorizationRequest& request);
+};
+
+} // namespace keymaster
+
+#endif // TRUSTY_KEYMASTER_H_
diff --git a/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster3Device.h b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster3Device.h
new file mode 100644
index 0000000..6fc79ce
--- /dev/null
+++ b/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster3Device.h
@@ -0,0 +1,84 @@
+/*
+ **
+ ** Copyright 2018, The Android Open Source Project
+ **
+ ** Licensed under the Apache License, Version 2.0 (the "License");
+ ** you may not use this file except in compliance with the License.
+ ** You may obtain a copy of the License at
+ **
+ ** http://www.apache.org/licenses/LICENSE-2.0
+ **
+ ** Unless required by applicable law or agreed to in writing, software
+ ** distributed under the License is distributed on an "AS IS" BASIS,
+ ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ ** See the License for the specific language governing permissions and
+ ** limitations under the License.
+ */
+
+#ifndef HIDL_android_hardware_keymaster_V3_0_TrustyKeymaster3Device_H_
+#define HIDL_android_hardware_keymaster_V3_0_TrustyKeymaster3Device_H_
+
+#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
+
+#include <hidl/MQDescriptor.h>
+#include <hidl/Status.h>
+
+#include <trusty_keymaster/TrustyKeymaster.h>
+
+namespace keymaster {
+
+using ::android::sp;
+using ::android::hardware::hidl_string;
+using ::android::hardware::hidl_vec;
+using ::android::hardware::Return;
+using ::android::hardware::Void;
+using ::android::hardware::keymaster::V3_0::ErrorCode;
+using ::android::hardware::keymaster::V3_0::IKeymasterDevice;
+using ::android::hardware::keymaster::V3_0::KeyCharacteristics;
+using ::android::hardware::keymaster::V3_0::KeyFormat;
+using ::android::hardware::keymaster::V3_0::KeyParameter;
+using ::android::hardware::keymaster::V3_0::KeyPurpose;
+
+class TrustyKeymaster3Device : public IKeymasterDevice {
+ public:
+ TrustyKeymaster3Device(TrustyKeymaster* impl);
+ virtual ~TrustyKeymaster3Device();
+
+ Return<void> getHardwareFeatures(getHardwareFeatures_cb _hidl_cb);
+ Return<ErrorCode> addRngEntropy(const hidl_vec<uint8_t>& data) override;
+ Return<void> generateKey(const hidl_vec<KeyParameter>& keyParams,
+ generateKey_cb _hidl_cb) override;
+ Return<void> getKeyCharacteristics(const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId,
+ const hidl_vec<uint8_t>& appData,
+ getKeyCharacteristics_cb _hidl_cb) override;
+ Return<void> importKey(const hidl_vec<KeyParameter>& params, KeyFormat keyFormat,
+ const hidl_vec<uint8_t>& keyData, importKey_cb _hidl_cb) override;
+ Return<void> exportKey(KeyFormat exportFormat, const hidl_vec<uint8_t>& keyBlob,
+ const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
+ exportKey_cb _hidl_cb) override;
+ Return<void> attestKey(const hidl_vec<uint8_t>& keyToAttest,
+ const hidl_vec<KeyParameter>& attestParams,
+ attestKey_cb _hidl_cb) override;
+ Return<void> upgradeKey(const hidl_vec<uint8_t>& keyBlobToUpgrade,
+ const hidl_vec<KeyParameter>& upgradeParams,
+ upgradeKey_cb _hidl_cb) override;
+ Return<ErrorCode> deleteKey(const hidl_vec<uint8_t>& keyBlob) override;
+ Return<ErrorCode> deleteAllKeys() override;
+ Return<ErrorCode> destroyAttestationIds() override;
+ Return<void> begin(KeyPurpose purpose, const hidl_vec<uint8_t>& key,
+ const hidl_vec<KeyParameter>& inParams, begin_cb _hidl_cb) override;
+ Return<void> update(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, update_cb _hidl_cb) override;
+ Return<void> finish(uint64_t operationHandle, const hidl_vec<KeyParameter>& inParams,
+ const hidl_vec<uint8_t>& input, const hidl_vec<uint8_t>& signature,
+ finish_cb _hidl_cb) override;
+ Return<ErrorCode> abort(uint64_t operationHandle) override;
+
+ private:
+ std::unique_ptr<TrustyKeymaster> impl_;
+};
+
+} // namespace keymaster
+
+#endif // HIDL_android_hardware_keymaster_V3_0_TrustyKeymaster3Device_H_
diff --git a/trusty/keymaster/keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
similarity index 83%
rename from trusty/keymaster/keymaster_ipc.h
rename to trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
index d63757b..13e6725 100644
--- a/trusty/keymaster/keymaster_ipc.h
+++ b/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
@@ -46,6 +46,13 @@
KM_ATTEST_KEY = (16 << KEYMASTER_REQ_SHIFT),
KM_UPGRADE_KEY = (17 << KEYMASTER_REQ_SHIFT),
KM_CONFIGURE = (18 << KEYMASTER_REQ_SHIFT),
+ KM_GET_HMAC_SHARING_PARAMETERS = (19 << KEYMASTER_REQ_SHIFT),
+ KM_COMPUTE_SHARED_HMAC = (20 << KEYMASTER_REQ_SHIFT),
+ KM_VERIFY_AUTHORIZATION = (21 << KEYMASTER_REQ_SHIFT),
+ KM_DELETE_KEY = (22 << KEYMASTER_REQ_SHIFT),
+ KM_DELETE_ALL_KEYS = (23 << KEYMASTER_REQ_SHIFT),
+ KM_DESTROY_ATTESTATION_IDS = (24 << KEYMASTER_REQ_SHIFT),
+ KM_IMPORT_WRAPPED_KEY = (25 << KEYMASTER_REQ_SHIFT),
};
#ifdef __ANDROID__
diff --git a/trusty/keymaster/trusty_keymaster_ipc.h b/trusty/keymaster/include/trusty_keymaster/ipc/trusty_keymaster_ipc.h
similarity index 66%
rename from trusty/keymaster/trusty_keymaster_ipc.h
rename to trusty/keymaster/include/trusty_keymaster/ipc/trusty_keymaster_ipc.h
index c15f7c1..16207e6 100644
--- a/trusty/keymaster/trusty_keymaster_ipc.h
+++ b/trusty/keymaster/include/trusty_keymaster/ipc/trusty_keymaster_ipc.h
@@ -17,13 +17,24 @@
#ifndef TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_IPC_H_
#define TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_IPC_H_
+#include <keymaster/android_keymaster_messages.h>
+#include <trusty_keymaster/ipc/keymaster_ipc.h>
+
__BEGIN_DECLS
+const uint32_t TRUSTY_KEYMASTER_RECV_BUF_SIZE = 2 * PAGE_SIZE;
+const uint32_t TRUSTY_KEYMASTER_SEND_BUF_SIZE =
+ (PAGE_SIZE - sizeof(struct keymaster_message) - 16 /* tipc header */);
+
int trusty_keymaster_connect(void);
int trusty_keymaster_call(uint32_t cmd, void* in, uint32_t in_size, uint8_t* out,
uint32_t* out_size);
void trusty_keymaster_disconnect(void);
+keymaster_error_t translate_error(int err);
+keymaster_error_t trusty_keymaster_send(uint32_t command, const keymaster::Serializable& req,
+ keymaster::KeymasterResponse* rsp);
+
__END_DECLS
#endif // TRUSTY_KEYMASTER_TRUSTY_KEYMASTER_IPC_H_
diff --git a/trusty/keymaster/trusty_keymaster_device.h b/trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h
similarity index 96%
rename from trusty/keymaster/trusty_keymaster_device.h
rename to trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h
index cfada1b..5a80795 100644
--- a/trusty/keymaster/trusty_keymaster_device.h
+++ b/trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h
@@ -36,7 +36,8 @@
* These are the only symbols that will be exported by libtrustykeymaster. All functionality
* can be reached via the function pointers in device_.
*/
- __attribute__((visibility("default"))) explicit TrustyKeymasterDevice(const hw_module_t* module);
+ __attribute__((visibility("default"))) explicit TrustyKeymasterDevice(
+ const hw_module_t* module);
__attribute__((visibility("default"))) hw_device_t* hw_device();
~TrustyKeymasterDevice();
@@ -134,12 +135,15 @@
keymaster_operation_handle_t operation_handle,
const keymaster_key_param_set_t* in_params,
const keymaster_blob_t* input, size_t* input_consumed,
- keymaster_key_param_set_t* out_params, keymaster_blob_t* output);
+ keymaster_key_param_set_t* out_params,
+ keymaster_blob_t* output);
static keymaster_error_t finish(const keymaster2_device_t* dev,
keymaster_operation_handle_t operation_handle,
const keymaster_key_param_set_t* in_params,
- const keymaster_blob_t* input, const keymaster_blob_t* signature,
- keymaster_key_param_set_t* out_params, keymaster_blob_t* output);
+ const keymaster_blob_t* input,
+ const keymaster_blob_t* signature,
+ keymaster_key_param_set_t* out_params,
+ keymaster_blob_t* output);
static keymaster_error_t abort(const keymaster2_device_t* dev,
keymaster_operation_handle_t operation_handle);
diff --git a/trusty/keymaster/ipc/trusty_keymaster_ipc.cpp b/trusty/keymaster/ipc/trusty_keymaster_ipc.cpp
new file mode 100644
index 0000000..8c5cff6
--- /dev/null
+++ b/trusty/keymaster/ipc/trusty_keymaster_ipc.cpp
@@ -0,0 +1,182 @@
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#define LOG_TAG "TrustyKeymaster"
+
+// TODO: make this generic in libtrusty
+
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/uio.h>
+#include <unistd.h>
+
+#include <algorithm>
+
+#include <log/log.h>
+#include <trusty/tipc.h>
+
+#include <trusty_keymaster/ipc/keymaster_ipc.h>
+#include <trusty_keymaster/ipc/trusty_keymaster_ipc.h>
+
+#define TRUSTY_DEVICE_NAME "/dev/trusty-ipc-dev0"
+
+static int handle_ = -1;
+
+int trusty_keymaster_connect() {
+ int rc = tipc_connect(TRUSTY_DEVICE_NAME, KEYMASTER_PORT);
+ if (rc < 0) {
+ return rc;
+ }
+
+ handle_ = rc;
+ return 0;
+}
+
+int trusty_keymaster_call(uint32_t cmd, void* in, uint32_t in_size, uint8_t* out,
+ uint32_t* out_size) {
+ if (handle_ < 0) {
+ ALOGE("not connected\n");
+ return -EINVAL;
+ }
+
+ size_t msg_size = in_size + sizeof(struct keymaster_message);
+ struct keymaster_message* msg = reinterpret_cast<struct keymaster_message*>(malloc(msg_size));
+ if (!msg) {
+ ALOGE("failed to allocate msg buffer\n");
+ return -EINVAL;
+ }
+
+ msg->cmd = cmd;
+ memcpy(msg->payload, in, in_size);
+
+ ssize_t rc = write(handle_, msg, msg_size);
+ free(msg);
+
+ if (rc < 0) {
+ ALOGE("failed to send cmd (%d) to %s: %s\n", cmd, KEYMASTER_PORT, strerror(errno));
+ return -errno;
+ }
+ size_t out_max_size = *out_size;
+ *out_size = 0;
+ struct iovec iov[2];
+ struct keymaster_message header;
+ iov[0] = {.iov_base = &header, .iov_len = sizeof(struct keymaster_message)};
+ while (true) {
+ iov[1] = {.iov_base = out + *out_size,
+ .iov_len = std::min<uint32_t>(KEYMASTER_MAX_BUFFER_LENGTH,
+ out_max_size - *out_size)};
+ rc = readv(handle_, iov, 2);
+ if (rc < 0) {
+ ALOGE("failed to retrieve response for cmd (%d) to %s: %s\n", cmd, KEYMASTER_PORT,
+ strerror(errno));
+ return -errno;
+ }
+
+ if ((size_t)rc < sizeof(struct keymaster_message)) {
+ ALOGE("invalid response size (%d)\n", (int)rc);
+ return -EINVAL;
+ }
+
+ if ((cmd | KEYMASTER_RESP_BIT) != (header.cmd & ~(KEYMASTER_STOP_BIT))) {
+ ALOGE("invalid command (%d)", header.cmd);
+ return -EINVAL;
+ }
+ *out_size += ((size_t)rc - sizeof(struct keymaster_message));
+ if (header.cmd & KEYMASTER_STOP_BIT) {
+ break;
+ }
+ }
+
+ return rc;
+}
+
+void trusty_keymaster_disconnect() {
+ if (handle_ >= 0) {
+ tipc_close(handle_);
+ }
+ handle_ = -1;
+}
+
+keymaster_error_t translate_error(int err) {
+ switch (err) {
+ case 0:
+ return KM_ERROR_OK;
+ case -EPERM:
+ case -EACCES:
+ return KM_ERROR_SECURE_HW_ACCESS_DENIED;
+
+ case -ECANCELED:
+ return KM_ERROR_OPERATION_CANCELLED;
+
+ case -ENODEV:
+ return KM_ERROR_UNIMPLEMENTED;
+
+ case -ENOMEM:
+ return KM_ERROR_MEMORY_ALLOCATION_FAILED;
+
+ case -EBUSY:
+ return KM_ERROR_SECURE_HW_BUSY;
+
+ case -EIO:
+ return KM_ERROR_SECURE_HW_COMMUNICATION_FAILED;
+
+ case -EOVERFLOW:
+ return KM_ERROR_INVALID_INPUT_LENGTH;
+
+ default:
+ return KM_ERROR_UNKNOWN_ERROR;
+ }
+}
+
+keymaster_error_t trusty_keymaster_send(uint32_t command, const keymaster::Serializable& req,
+ keymaster::KeymasterResponse* rsp) {
+ uint32_t req_size = req.SerializedSize();
+ if (req_size > TRUSTY_KEYMASTER_SEND_BUF_SIZE) {
+ ALOGE("Request too big: %u Max size: %u", req_size, TRUSTY_KEYMASTER_SEND_BUF_SIZE);
+ return KM_ERROR_INVALID_INPUT_LENGTH;
+ }
+
+ uint8_t send_buf[TRUSTY_KEYMASTER_SEND_BUF_SIZE];
+ keymaster::Eraser send_buf_eraser(send_buf, TRUSTY_KEYMASTER_SEND_BUF_SIZE);
+ req.Serialize(send_buf, send_buf + req_size);
+
+ // Send it
+ uint8_t recv_buf[TRUSTY_KEYMASTER_RECV_BUF_SIZE];
+ keymaster::Eraser recv_buf_eraser(recv_buf, TRUSTY_KEYMASTER_RECV_BUF_SIZE);
+ uint32_t rsp_size = TRUSTY_KEYMASTER_RECV_BUF_SIZE;
+ int rc = trusty_keymaster_call(command, send_buf, req_size, recv_buf, &rsp_size);
+ if (rc < 0) {
+ // Reset the connection on tipc error
+ trusty_keymaster_disconnect();
+ trusty_keymaster_connect();
+ ALOGE("tipc error: %d\n", rc);
+ // TODO(swillden): Distinguish permanent from transient errors and set error_ appropriately.
+ return translate_error(rc);
+ } else {
+ ALOGE("Received %d byte response\n", rsp_size);
+ }
+
+ const uint8_t* p = recv_buf;
+ if (!rsp->Deserialize(&p, p + rsp_size)) {
+ ALOGE("Error deserializing response of size %d\n", (int)rsp_size);
+ return KM_ERROR_UNKNOWN_ERROR;
+ } else if (rsp->error != KM_ERROR_OK) {
+ ALOGE("Response of size %d contained error code %d\n", (int)rsp_size, (int)rsp->error);
+ return rsp->error;
+ }
+ return rsp->error;
+}
diff --git a/trusty/keymaster/Makefile b/trusty/keymaster/legacy/Makefile
similarity index 100%
rename from trusty/keymaster/Makefile
rename to trusty/keymaster/legacy/Makefile
diff --git a/trusty/keymaster/module.cpp b/trusty/keymaster/legacy/module.cpp
similarity index 65%
rename from trusty/keymaster/module.cpp
rename to trusty/keymaster/legacy/module.cpp
index b472680..7aa1a4e 100644
--- a/trusty/keymaster/module.cpp
+++ b/trusty/keymaster/legacy/module.cpp
@@ -19,14 +19,15 @@
#include <hardware/hardware.h>
#include <hardware/keymaster0.h>
-#include "trusty_keymaster_device.h"
+#include <trusty_keymaster/legacy/trusty_keymaster_device.h>
using keymaster::TrustyKeymasterDevice;
/*
* Generic device handling
*/
-static int trusty_keymaster_open(const hw_module_t* module, const char* name, hw_device_t** device) {
+static int trusty_keymaster_open(const hw_module_t* module, const char* name,
+ hw_device_t** device) {
if (strcmp(name, KEYSTORE_KEYMASTER) != 0) {
return -EINVAL;
}
@@ -42,20 +43,20 @@
}
static struct hw_module_methods_t keystore_module_methods = {
- .open = trusty_keymaster_open,
+ .open = trusty_keymaster_open,
};
struct keystore_module HAL_MODULE_INFO_SYM __attribute__((visibility("default"))) = {
- .common =
- {
- .tag = HARDWARE_MODULE_TAG,
- .module_api_version = KEYMASTER_MODULE_API_VERSION_2_0,
- .hal_api_version = HARDWARE_HAL_API_VERSION,
- .id = KEYSTORE_HARDWARE_MODULE_ID,
- .name = "Trusty Keymaster HAL",
- .author = "The Android Open Source Project",
- .methods = &keystore_module_methods,
- .dso = 0,
- .reserved = {},
- },
+ .common =
+ {
+ .tag = HARDWARE_MODULE_TAG,
+ .module_api_version = KEYMASTER_MODULE_API_VERSION_2_0,
+ .hal_api_version = HARDWARE_HAL_API_VERSION,
+ .id = KEYSTORE_HARDWARE_MODULE_ID,
+ .name = "Trusty Keymaster HAL",
+ .author = "The Android Open Source Project",
+ .methods = &keystore_module_methods,
+ .dso = 0,
+ .reserved = {},
+ },
};
diff --git a/trusty/keymaster/trusty_keymaster_device.cpp b/trusty/keymaster/legacy/trusty_keymaster_device.cpp
similarity index 79%
rename from trusty/keymaster/trusty_keymaster_device.cpp
rename to trusty/keymaster/legacy/trusty_keymaster_device.cpp
index b8c2032..ea00a92 100644
--- a/trusty/keymaster/trusty_keymaster_device.cpp
+++ b/trusty/keymaster/legacy/trusty_keymaster_device.cpp
@@ -33,50 +33,15 @@
#include <keymaster/authorization_set.h>
#include <log/log.h>
-#include "keymaster_ipc.h"
-#include "trusty_keymaster_device.h"
-#include "trusty_keymaster_ipc.h"
-
-// Maximum size of message from Trusty is 8K (for RSA attestation key and chain)
-const uint32_t RECV_BUF_SIZE = 2*PAGE_SIZE;
-const uint32_t SEND_BUF_SIZE = (PAGE_SIZE - sizeof(struct keymaster_message) - 16 /* tipc header */);
+#include <trusty_keymaster/ipc/keymaster_ipc.h>
+#include <trusty_keymaster/ipc/trusty_keymaster_ipc.h>
+#include <trusty_keymaster/legacy/trusty_keymaster_device.h>
const size_t kMaximumAttestationChallengeLength = 128;
const size_t kMaximumFinishInputLength = 2048;
namespace keymaster {
-static keymaster_error_t translate_error(int err) {
- switch (err) {
- case 0:
- return KM_ERROR_OK;
- case -EPERM:
- case -EACCES:
- return KM_ERROR_SECURE_HW_ACCESS_DENIED;
-
- case -ECANCELED:
- return KM_ERROR_OPERATION_CANCELLED;
-
- case -ENODEV:
- return KM_ERROR_UNIMPLEMENTED;
-
- case -ENOMEM:
- return KM_ERROR_MEMORY_ALLOCATION_FAILED;
-
- case -EBUSY:
- return KM_ERROR_SECURE_HW_BUSY;
-
- case -EIO:
- return KM_ERROR_SECURE_HW_COMMUNICATION_FAILED;
-
- case -EOVERFLOW:
- return KM_ERROR_INVALID_INPUT_LENGTH;
-
- default:
- return KM_ERROR_UNKNOWN_ERROR;
- }
-}
-
TrustyKeymasterDevice::TrustyKeymasterDevice(const hw_module_t* module) {
static_assert(std::is_standard_layout<TrustyKeymasterDevice>::value,
"TrustyKeymasterDevice must be standard layout");
@@ -121,7 +86,7 @@
GetVersionRequest version_request;
GetVersionResponse version_response;
- error_ = Send(KM_GET_VERSION, version_request, &version_response);
+ error_ = trusty_keymaster_send(KM_GET_VERSION, version_request, &version_response);
if (error_ == KM_ERROR_INVALID_ARGUMENT || error_ == KM_ERROR_UNIMPLEMENTED) {
ALOGE("\"Bad parameters\" error on GetVersion call. Version 0 is not supported.");
error_ = KM_ERROR_VERSION_MISMATCH;
@@ -186,7 +151,7 @@
}
ConfigureResponse response(message_version_);
- keymaster_error_t err = Send(KM_CONFIGURE, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_CONFIGURE, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -204,12 +169,12 @@
AddEntropyRequest request(message_version_);
request.random_data.Reinitialize(data, data_length);
AddEntropyResponse response(message_version_);
- return Send(KM_ADD_RNG_ENTROPY, request, &response);
+ return trusty_keymaster_send(KM_ADD_RNG_ENTROPY, request, &response);
}
keymaster_error_t TrustyKeymasterDevice::generate_key(
- const keymaster_key_param_set_t* params, keymaster_key_blob_t* key_blob,
- keymaster_key_characteristics_t* characteristics) {
+ const keymaster_key_param_set_t* params, keymaster_key_blob_t* key_blob,
+ keymaster_key_characteristics_t* characteristics) {
ALOGD("Device received generate_key");
if (error_ != KM_ERROR_OK) {
@@ -227,14 +192,14 @@
request.key_description.push_back(TAG_CREATION_DATETIME, java_time(time(NULL)));
GenerateKeyResponse response(message_version_);
- keymaster_error_t err = Send(KM_GENERATE_KEY, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_GENERATE_KEY, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
key_blob->key_material_size = response.key_blob.key_material_size;
key_blob->key_material =
- DuplicateBuffer(response.key_blob.key_material, response.key_blob.key_material_size);
+ DuplicateBuffer(response.key_blob.key_material, response.key_blob.key_material_size);
if (!key_blob->key_material) {
return KM_ERROR_MEMORY_ALLOCATION_FAILED;
}
@@ -248,8 +213,8 @@
}
keymaster_error_t TrustyKeymasterDevice::get_key_characteristics(
- const keymaster_key_blob_t* key_blob, const keymaster_blob_t* client_id,
- const keymaster_blob_t* app_data, keymaster_key_characteristics_t* characteristics) {
+ const keymaster_key_blob_t* key_blob, const keymaster_blob_t* client_id,
+ const keymaster_blob_t* app_data, keymaster_key_characteristics_t* characteristics) {
ALOGD("Device received get_key_characteristics");
if (error_ != KM_ERROR_OK) {
@@ -267,7 +232,7 @@
AddClientAndAppData(client_id, app_data, &request);
GetKeyCharacteristicsResponse response(message_version_);
- keymaster_error_t err = Send(KM_GET_KEY_CHARACTERISTICS, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_GET_KEY_CHARACTERISTICS, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -279,9 +244,9 @@
}
keymaster_error_t TrustyKeymasterDevice::import_key(
- const keymaster_key_param_set_t* params, keymaster_key_format_t key_format,
- const keymaster_blob_t* key_data, keymaster_key_blob_t* key_blob,
- keymaster_key_characteristics_t* characteristics) {
+ const keymaster_key_param_set_t* params, keymaster_key_format_t key_format,
+ const keymaster_blob_t* key_data, keymaster_key_blob_t* key_blob,
+ keymaster_key_characteristics_t* characteristics) {
ALOGD("Device received import_key");
if (error_ != KM_ERROR_OK) {
@@ -302,14 +267,14 @@
request.SetKeyMaterial(key_data->data, key_data->data_length);
ImportKeyResponse response(message_version_);
- keymaster_error_t err = Send(KM_IMPORT_KEY, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_IMPORT_KEY, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
key_blob->key_material_size = response.key_blob.key_material_size;
key_blob->key_material =
- DuplicateBuffer(response.key_blob.key_material, response.key_blob.key_material_size);
+ DuplicateBuffer(response.key_blob.key_material, response.key_blob.key_material_size);
if (!key_blob->key_material) {
return KM_ERROR_MEMORY_ALLOCATION_FAILED;
}
@@ -348,7 +313,7 @@
AddClientAndAppData(client_id, app_data, &request);
ExportKeyResponse response(message_version_);
- keymaster_error_t err = Send(KM_EXPORT_KEY, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_EXPORT_KEY, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -393,7 +358,7 @@
}
AttestKeyResponse response(message_version_);
- keymaster_error_t err = Send(KM_ATTEST_KEY, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_ATTEST_KEY, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -401,7 +366,7 @@
// Allocate and clear storage for cert_chain.
keymaster_cert_chain_t& rsp_chain = response.certificate_chain;
cert_chain->entries = reinterpret_cast<keymaster_blob_t*>(
- malloc(rsp_chain.entry_count * sizeof(*cert_chain->entries)));
+ malloc(rsp_chain.entry_count * sizeof(*cert_chain->entries)));
if (!cert_chain->entries) {
return KM_ERROR_MEMORY_ALLOCATION_FAILED;
}
@@ -425,9 +390,9 @@
return KM_ERROR_OK;
}
-keymaster_error_t TrustyKeymasterDevice::upgrade_key(const keymaster_key_blob_t* key_to_upgrade,
- const keymaster_key_param_set_t* upgrade_params,
- keymaster_key_blob_t* upgraded_key) {
+keymaster_error_t TrustyKeymasterDevice::upgrade_key(
+ const keymaster_key_blob_t* key_to_upgrade, const keymaster_key_param_set_t* upgrade_params,
+ keymaster_key_blob_t* upgraded_key) {
ALOGD("Device received upgrade_key");
if (error_ != KM_ERROR_OK) {
@@ -445,7 +410,7 @@
request.upgrade_params.Reinitialize(*upgrade_params);
UpgradeKeyResponse response(message_version_);
- keymaster_error_t err = Send(KM_UPGRADE_KEY, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_UPGRADE_KEY, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -487,7 +452,7 @@
request.additional_params.Reinitialize(*in_params);
BeginOperationResponse response(message_version_);
- keymaster_error_t err = Send(KM_BEGIN_OPERATION, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_BEGIN_OPERATION, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -535,12 +500,12 @@
request.additional_params.Reinitialize(*in_params);
}
if (input && input->data_length > 0) {
- size_t max_input_size = SEND_BUF_SIZE - request.SerializedSize();
+ size_t max_input_size = TRUSTY_KEYMASTER_SEND_BUF_SIZE - request.SerializedSize();
request.input.Reinitialize(input->data, std::min(input->data_length, max_input_size));
}
UpdateOperationResponse response(message_version_);
- keymaster_error_t err = Send(KM_UPDATE_OPERATION, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_UPDATE_OPERATION, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -578,8 +543,8 @@
return error_;
}
if (input && input->data_length > kMaximumFinishInputLength) {
- ALOGE("%zu-byte input to finish; only %zu bytes allowed",
- input->data_length, kMaximumFinishInputLength);
+ ALOGE("%zu-byte input to finish; only %zu bytes allowed", input->data_length,
+ kMaximumFinishInputLength);
return KM_ERROR_INVALID_INPUT_LENGTH;
}
@@ -603,7 +568,7 @@
}
FinishOperationResponse response(message_version_);
- keymaster_error_t err = Send(KM_FINISH_OPERATION, request, &response);
+ keymaster_error_t err = trusty_keymaster_send(KM_FINISH_OPERATION, request, &response);
if (err != KM_ERROR_OK) {
return err;
}
@@ -638,7 +603,7 @@
AbortOperationRequest request(message_version_);
request.op_handle = operation_handle;
AbortOperationResponse response(message_version_);
- return Send(KM_ABORT_OPERATION, request, &response);
+ return trusty_keymaster_send(KM_ABORT_OPERATION, request, &response);
}
hw_device_t* TrustyKeymasterDevice::hw_device() {
@@ -669,25 +634,25 @@
/* static */
keymaster_error_t TrustyKeymasterDevice::generate_key(
- const keymaster2_device_t* dev, const keymaster_key_param_set_t* params,
- keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t* characteristics) {
+ const keymaster2_device_t* dev, const keymaster_key_param_set_t* params,
+ keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t* characteristics) {
return convert_device(dev)->generate_key(params, key_blob, characteristics);
}
/* static */
keymaster_error_t TrustyKeymasterDevice::get_key_characteristics(
- const keymaster2_device_t* dev, const keymaster_key_blob_t* key_blob,
- const keymaster_blob_t* client_id, const keymaster_blob_t* app_data,
- keymaster_key_characteristics_t* characteristics) {
+ const keymaster2_device_t* dev, const keymaster_key_blob_t* key_blob,
+ const keymaster_blob_t* client_id, const keymaster_blob_t* app_data,
+ keymaster_key_characteristics_t* characteristics) {
return convert_device(dev)->get_key_characteristics(key_blob, client_id, app_data,
characteristics);
}
/* static */
keymaster_error_t TrustyKeymasterDevice::import_key(
- const keymaster2_device_t* dev, const keymaster_key_param_set_t* params,
- keymaster_key_format_t key_format, const keymaster_blob_t* key_data,
- keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t* characteristics) {
+ const keymaster2_device_t* dev, const keymaster_key_param_set_t* params,
+ keymaster_key_format_t key_format, const keymaster_blob_t* key_data,
+ keymaster_key_blob_t* key_blob, keymaster_key_characteristics_t* characteristics) {
return convert_device(dev)->import_key(params, key_format, key_data, key_blob, characteristics);
}
@@ -711,10 +676,9 @@
}
/* static */
-keymaster_error_t TrustyKeymasterDevice::upgrade_key(const keymaster2_device_t* dev,
- const keymaster_key_blob_t* key_to_upgrade,
- const keymaster_key_param_set_t* upgrade_params,
- keymaster_key_blob_t* upgraded_key) {
+keymaster_error_t TrustyKeymasterDevice::upgrade_key(
+ const keymaster2_device_t* dev, const keymaster_key_blob_t* key_to_upgrade,
+ const keymaster_key_param_set_t* upgrade_params, keymaster_key_blob_t* upgraded_key) {
return convert_device(dev)->upgrade_key(key_to_upgrade, upgrade_params, upgraded_key);
}
@@ -730,9 +694,9 @@
/* static */
keymaster_error_t TrustyKeymasterDevice::update(
- const keymaster2_device_t* dev, keymaster_operation_handle_t operation_handle,
- const keymaster_key_param_set_t* in_params, const keymaster_blob_t* input,
- size_t* input_consumed, keymaster_key_param_set_t* out_params, keymaster_blob_t* output) {
+ const keymaster2_device_t* dev, keymaster_operation_handle_t operation_handle,
+ const keymaster_key_param_set_t* in_params, const keymaster_blob_t* input,
+ size_t* input_consumed, keymaster_key_param_set_t* out_params, keymaster_blob_t* output) {
return convert_device(dev)->update(operation_handle, in_params, input, input_consumed,
out_params, output);
}
@@ -755,42 +719,4 @@
return convert_device(dev)->abort(operation_handle);
}
-keymaster_error_t TrustyKeymasterDevice::Send(uint32_t command, const Serializable& req,
- KeymasterResponse* rsp) {
- uint32_t req_size = req.SerializedSize();
- if (req_size > SEND_BUF_SIZE) {
- return KM_ERROR_MEMORY_ALLOCATION_FAILED;
- }
- uint8_t send_buf[SEND_BUF_SIZE];
- Eraser send_buf_eraser(send_buf, SEND_BUF_SIZE);
- req.Serialize(send_buf, send_buf + req_size);
-
- // Send it
- uint8_t recv_buf[RECV_BUF_SIZE];
- Eraser recv_buf_eraser(recv_buf, RECV_BUF_SIZE);
- uint32_t rsp_size = RECV_BUF_SIZE;
- ALOGV("Sending %d byte request\n", (int)req.SerializedSize());
- int rc = trusty_keymaster_call(command, send_buf, req_size, recv_buf, &rsp_size);
- if (rc < 0) {
- // Reset the connection on tipc error
- trusty_keymaster_disconnect();
- trusty_keymaster_connect();
- ALOGE("tipc error: %d\n", rc);
- // TODO(swillden): Distinguish permanent from transient errors and set error_ appropriately.
- return translate_error(rc);
- } else {
- ALOGV("Received %d byte response\n", rsp_size);
- }
-
- const uint8_t* p = recv_buf;
- if (!rsp->Deserialize(&p, p + rsp_size)) {
- ALOGE("Error deserializing response of size %d\n", (int)rsp_size);
- return KM_ERROR_UNKNOWN_ERROR;
- } else if (rsp->error != KM_ERROR_OK) {
- ALOGE("Response of size %d contained error code %d\n", (int)rsp_size, (int)rsp->error);
- return rsp->error;
- }
- return rsp->error;
-}
-
} // namespace keymaster
diff --git a/trusty/keymaster/trusty_keymaster_device_test.cpp b/trusty/keymaster/legacy/trusty_keymaster_device_test.cpp
similarity index 90%
rename from trusty/keymaster/trusty_keymaster_device_test.cpp
rename to trusty/keymaster/legacy/trusty_keymaster_device_test.cpp
index 9227964..68def58 100644
--- a/trusty/keymaster/trusty_keymaster_device_test.cpp
+++ b/trusty/keymaster/legacy/trusty_keymaster_device_test.cpp
@@ -28,15 +28,15 @@
#include <keymaster/keymaster_tags.h>
#include <keymaster/soft_keymaster_context.h>
+#include <trusty_keymaster/legacy/trusty_keymaster_device.h>
#include "android_keymaster_test_utils.h"
-#include "trusty_keymaster_device.h"
#include "openssl_utils.h"
-using std::string;
using std::ifstream;
using std::istreambuf_iterator;
+using std::string;
-static keymaster::AndroidKeymaster *impl_ = nullptr;
+static keymaster::AndroidKeymaster* impl_ = nullptr;
extern "C" {
int __android_log_print();
@@ -65,8 +65,8 @@
template <typename Req, typename Rsp>
static int fake_call(keymaster::AndroidKeymaster* device,
- void (keymaster::AndroidKeymaster::*method)(const Req&, Rsp*), void* in_buf,
- uint32_t in_size, void* out_buf, uint32_t* out_size) {
+ void (keymaster::AndroidKeymaster::*method)(const Req&, Rsp*), void* in_buf,
+ uint32_t in_size, void* out_buf, uint32_t* out_size) {
Req req;
const uint8_t* in = static_cast<uint8_t*>(in_buf);
req.Deserialize(&in, in + in_size);
@@ -80,29 +80,28 @@
}
int trusty_keymaster_call(uint32_t cmd, void* in_buf, uint32_t in_size, void* out_buf,
- uint32_t* out_size) {
+ uint32_t* out_size) {
switch (cmd) {
- case KM_GENERATE_KEY:
- return fake_call(impl_, &keymaster::AndroidKeymaster::GenerateKey, in_buf, in_size,
- out_buf, out_size);
- case KM_BEGIN_OPERATION:
- return fake_call(impl_, &keymaster::AndroidKeymaster::BeginOperation, in_buf, in_size,
- out_buf, out_size);
- case KM_UPDATE_OPERATION:
- return fake_call(impl_, &keymaster::AndroidKeymaster::UpdateOperation, in_buf, in_size,
- out_buf, out_size);
- case KM_FINISH_OPERATION:
- return fake_call(impl_, &keymaster::AndroidKeymaster::FinishOperation, in_buf, in_size,
- out_buf, out_size);
- case KM_IMPORT_KEY:
- return fake_call(impl_, &keymaster::AndroidKeymaster::ImportKey, in_buf, in_size, out_buf,
- out_size);
- case KM_EXPORT_KEY:
- return fake_call(impl_, &keymaster::AndroidKeymaster::ExportKey, in_buf, in_size, out_buf,
- out_size);
+ case KM_GENERATE_KEY:
+ return fake_call(impl_, &keymaster::AndroidKeymaster::GenerateKey, in_buf, in_size,
+ out_buf, out_size);
+ case KM_BEGIN_OPERATION:
+ return fake_call(impl_, &keymaster::AndroidKeymaster::BeginOperation, in_buf, in_size,
+ out_buf, out_size);
+ case KM_UPDATE_OPERATION:
+ return fake_call(impl_, &keymaster::AndroidKeymaster::UpdateOperation, in_buf, in_size,
+ out_buf, out_size);
+ case KM_FINISH_OPERATION:
+ return fake_call(impl_, &keymaster::AndroidKeymaster::FinishOperation, in_buf, in_size,
+ out_buf, out_size);
+ case KM_IMPORT_KEY:
+ return fake_call(impl_, &keymaster::AndroidKeymaster::ImportKey, in_buf, in_size,
+ out_buf, out_size);
+ case KM_EXPORT_KEY:
+ return fake_call(impl_, &keymaster::AndroidKeymaster::ExportKey, in_buf, in_size,
+ out_buf, out_size);
}
return -EINVAL;
-
}
namespace keymaster {
@@ -127,15 +126,15 @@
size_t dsa_message_len(const keymaster_dsa_keygen_params_t& params) {
switch (params.key_size) {
- case 256:
- case 1024:
- return 48;
- case 2048:
- case 4096:
- return 72;
- default:
- // Oops.
- return 0;
+ case 256:
+ case 1024:
+ return 48;
+ case 2048:
+ case 4096:
+ return 72;
+ default:
+ // Oops.
+ return 0;
}
}
@@ -323,9 +322,9 @@
Malloc_Delete sig_deleter(signature);
signature[siglen / 2]++;
- EXPECT_EQ(
- KM_ERROR_VERIFICATION_FAILED,
- device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature, siglen));
+ EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED,
+ device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature,
+ siglen));
}
TEST_F(VerificationTest, RsaBadMessage) {
@@ -345,9 +344,9 @@
&signature, &siglen));
Malloc_Delete sig_deleter(signature);
message[0]++;
- EXPECT_EQ(
- KM_ERROR_VERIFICATION_FAILED,
- device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature, siglen));
+ EXPECT_EQ(KM_ERROR_VERIFICATION_FAILED,
+ device.verify_data(&sig_params, ptr, size, message.get(), message_len, signature,
+ siglen));
}
TEST_F(VerificationTest, RsaShortMessage) {
diff --git a/trusty/keymaster/legacy/trusty_keymaster_main.cpp b/trusty/keymaster/legacy/trusty_keymaster_main.cpp
new file mode 100644
index 0000000..e3e70e6
--- /dev/null
+++ b/trusty/keymaster/legacy/trusty_keymaster_main.cpp
@@ -0,0 +1,408 @@
+/*
+ * Copyright 2014 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <keymaster/keymaster_configuration.h>
+
+#include <stdio.h>
+#include <memory>
+
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+
+#include <trusty_keymaster/legacy/trusty_keymaster_device.h>
+
+using keymaster::TrustyKeymasterDevice;
+
+unsigned char rsa_privkey_pk8_der[] = {
+ 0x30, 0x82, 0x02, 0x75, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
+ 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x5f, 0x30, 0x82, 0x02, 0x5b,
+ 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xc6, 0x09, 0x54, 0x09, 0x04, 0x7d, 0x86, 0x34,
+ 0x81, 0x2d, 0x5a, 0x21, 0x81, 0x76, 0xe4, 0x5c, 0x41, 0xd6, 0x0a, 0x75, 0xb1, 0x39, 0x01,
+ 0xf2, 0x34, 0x22, 0x6c, 0xff, 0xe7, 0x76, 0x52, 0x1c, 0x5a, 0x77, 0xb9, 0xe3, 0x89, 0x41,
+ 0x7b, 0x71, 0xc0, 0xb6, 0xa4, 0x4d, 0x13, 0xaf, 0xe4, 0xe4, 0xa2, 0x80, 0x5d, 0x46, 0xc9,
+ 0xda, 0x29, 0x35, 0xad, 0xb1, 0xff, 0x0c, 0x1f, 0x24, 0xea, 0x06, 0xe6, 0x2b, 0x20, 0xd7,
+ 0x76, 0x43, 0x0a, 0x4d, 0x43, 0x51, 0x57, 0x23, 0x3c, 0x6f, 0x91, 0x67, 0x83, 0xc3, 0x0e,
+ 0x31, 0x0f, 0xcb, 0xd8, 0x9b, 0x85, 0xc2, 0xd5, 0x67, 0x71, 0x16, 0x97, 0x85, 0xac, 0x12,
+ 0xbc, 0xa2, 0x44, 0xab, 0xda, 0x72, 0xbf, 0xb1, 0x9f, 0xc4, 0x4d, 0x27, 0xc8, 0x1e, 0x1d,
+ 0x92, 0xde, 0x28, 0x4f, 0x40, 0x61, 0xed, 0xfd, 0x99, 0x28, 0x07, 0x45, 0xea, 0x6d, 0x25,
+ 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x1b, 0xe0, 0xf0, 0x4d, 0x9c, 0xae, 0x37,
+ 0x18, 0x69, 0x1f, 0x03, 0x53, 0x38, 0x30, 0x8e, 0x91, 0x56, 0x4b, 0x55, 0x89, 0x9f, 0xfb,
+ 0x50, 0x84, 0xd2, 0x46, 0x0e, 0x66, 0x30, 0x25, 0x7e, 0x05, 0xb3, 0xce, 0xab, 0x02, 0x97,
+ 0x2d, 0xfa, 0xbc, 0xd6, 0xce, 0x5f, 0x6e, 0xe2, 0x58, 0x9e, 0xb6, 0x79, 0x11, 0xed, 0x0f,
+ 0xac, 0x16, 0xe4, 0x3a, 0x44, 0x4b, 0x8c, 0x86, 0x1e, 0x54, 0x4a, 0x05, 0x93, 0x36, 0x57,
+ 0x72, 0xf8, 0xba, 0xf6, 0xb2, 0x2f, 0xc9, 0xe3, 0xc5, 0xf1, 0x02, 0x4b, 0x06, 0x3a, 0xc0,
+ 0x80, 0xa7, 0xb2, 0x23, 0x4c, 0xf8, 0xae, 0xe8, 0xf6, 0xc4, 0x7b, 0xbf, 0x4f, 0xd3, 0xac,
+ 0xe7, 0x24, 0x02, 0x90, 0xbe, 0xf1, 0x6c, 0x0b, 0x3f, 0x7f, 0x3c, 0xdd, 0x64, 0xce, 0x3a,
+ 0xb5, 0x91, 0x2c, 0xf6, 0xe3, 0x2f, 0x39, 0xab, 0x18, 0x83, 0x58, 0xaf, 0xcc, 0xcd, 0x80,
+ 0x81, 0x02, 0x41, 0x00, 0xe4, 0xb4, 0x9e, 0xf5, 0x0f, 0x76, 0x5d, 0x3b, 0x24, 0xdd, 0xe0,
+ 0x1a, 0xce, 0xaa, 0xf1, 0x30, 0xf2, 0xc7, 0x66, 0x70, 0xa9, 0x1a, 0x61, 0xae, 0x08, 0xaf,
+ 0x49, 0x7b, 0x4a, 0x82, 0xbe, 0x6d, 0xee, 0x8f, 0xcd, 0xd5, 0xe3, 0xf7, 0xba, 0x1c, 0xfb,
+ 0x1f, 0x0c, 0x92, 0x6b, 0x88, 0xf8, 0x8c, 0x92, 0xbf, 0xab, 0x13, 0x7f, 0xba, 0x22, 0x85,
+ 0x22, 0x7b, 0x83, 0xc3, 0x42, 0xff, 0x7c, 0x55, 0x02, 0x41, 0x00, 0xdd, 0xab, 0xb5, 0x83,
+ 0x9c, 0x4c, 0x7f, 0x6b, 0xf3, 0xd4, 0x18, 0x32, 0x31, 0xf0, 0x05, 0xb3, 0x1a, 0xa5, 0x8a,
+ 0xff, 0xdd, 0xa5, 0xc7, 0x9e, 0x4c, 0xce, 0x21, 0x7f, 0x6b, 0xc9, 0x30, 0xdb, 0xe5, 0x63,
+ 0xd4, 0x80, 0x70, 0x6c, 0x24, 0xe9, 0xeb, 0xfc, 0xab, 0x28, 0xa6, 0xcd, 0xef, 0xd3, 0x24,
+ 0xb7, 0x7e, 0x1b, 0xf7, 0x25, 0x1b, 0x70, 0x90, 0x92, 0xc2, 0x4f, 0xf5, 0x01, 0xfd, 0x91,
+ 0x02, 0x40, 0x23, 0xd4, 0x34, 0x0e, 0xda, 0x34, 0x45, 0xd8, 0xcd, 0x26, 0xc1, 0x44, 0x11,
+ 0xda, 0x6f, 0xdc, 0xa6, 0x3c, 0x1c, 0xcd, 0x4b, 0x80, 0xa9, 0x8a, 0xd5, 0x2b, 0x78, 0xcc,
+ 0x8a, 0xd8, 0xbe, 0xb2, 0x84, 0x2c, 0x1d, 0x28, 0x04, 0x05, 0xbc, 0x2f, 0x6c, 0x1b, 0xea,
+ 0x21, 0x4a, 0x1d, 0x74, 0x2a, 0xb9, 0x96, 0xb3, 0x5b, 0x63, 0xa8, 0x2a, 0x5e, 0x47, 0x0f,
+ 0xa8, 0x8d, 0xbf, 0x82, 0x3c, 0xdd, 0x02, 0x40, 0x1b, 0x7b, 0x57, 0x44, 0x9a, 0xd3, 0x0d,
+ 0x15, 0x18, 0x24, 0x9a, 0x5f, 0x56, 0xbb, 0x98, 0x29, 0x4d, 0x4b, 0x6a, 0xc1, 0x2f, 0xfc,
+ 0x86, 0x94, 0x04, 0x97, 0xa5, 0xa5, 0x83, 0x7a, 0x6c, 0xf9, 0x46, 0x26, 0x2b, 0x49, 0x45,
+ 0x26, 0xd3, 0x28, 0xc1, 0x1e, 0x11, 0x26, 0x38, 0x0f, 0xde, 0x04, 0xc2, 0x4f, 0x91, 0x6d,
+ 0xec, 0x25, 0x08, 0x92, 0xdb, 0x09, 0xa6, 0xd7, 0x7c, 0xdb, 0xa3, 0x51, 0x02, 0x40, 0x77,
+ 0x62, 0xcd, 0x8f, 0x4d, 0x05, 0x0d, 0xa5, 0x6b, 0xd5, 0x91, 0xad, 0xb5, 0x15, 0xd2, 0x4d,
+ 0x7c, 0xcd, 0x32, 0xcc, 0xa0, 0xd0, 0x5f, 0x86, 0x6d, 0x58, 0x35, 0x14, 0xbd, 0x73, 0x24,
+ 0xd5, 0xf3, 0x36, 0x45, 0xe8, 0xed, 0x8b, 0x4a, 0x1c, 0xb3, 0xcc, 0x4a, 0x1d, 0x67, 0x98,
+ 0x73, 0x99, 0xf2, 0xa0, 0x9f, 0x5b, 0x3f, 0xb6, 0x8c, 0x88, 0xd5, 0xe5, 0xd9, 0x0a, 0xc3,
+ 0x34, 0x92, 0xd6};
+unsigned int rsa_privkey_pk8_der_len = 633;
+
+unsigned char dsa_privkey_pk8_der[] = {
+ 0x30, 0x82, 0x01, 0x4b, 0x02, 0x01, 0x00, 0x30, 0x82, 0x01, 0x2b, 0x06, 0x07, 0x2a, 0x86,
+ 0x48, 0xce, 0x38, 0x04, 0x01, 0x30, 0x82, 0x01, 0x1e, 0x02, 0x81, 0x81, 0x00, 0xa3, 0xf3,
+ 0xe9, 0xb6, 0x7e, 0x7d, 0x88, 0xf6, 0xb7, 0xe5, 0xf5, 0x1f, 0x3b, 0xee, 0xac, 0xd7, 0xad,
+ 0xbc, 0xc9, 0xd1, 0x5a, 0xf8, 0x88, 0xc4, 0xef, 0x6e, 0x3d, 0x74, 0x19, 0x74, 0xe7, 0xd8,
+ 0xe0, 0x26, 0x44, 0x19, 0x86, 0xaf, 0x19, 0xdb, 0x05, 0xe9, 0x3b, 0x8b, 0x58, 0x58, 0xde,
+ 0xe5, 0x4f, 0x48, 0x15, 0x01, 0xea, 0xe6, 0x83, 0x52, 0xd7, 0xc1, 0x21, 0xdf, 0xb9, 0xb8,
+ 0x07, 0x66, 0x50, 0xfb, 0x3a, 0x0c, 0xb3, 0x85, 0xee, 0xbb, 0x04, 0x5f, 0xc2, 0x6d, 0x6d,
+ 0x95, 0xfa, 0x11, 0x93, 0x1e, 0x59, 0x5b, 0xb1, 0x45, 0x8d, 0xe0, 0x3d, 0x73, 0xaa, 0xf2,
+ 0x41, 0x14, 0x51, 0x07, 0x72, 0x3d, 0xa2, 0xf7, 0x58, 0xcd, 0x11, 0xa1, 0x32, 0xcf, 0xda,
+ 0x42, 0xb7, 0xcc, 0x32, 0x80, 0xdb, 0x87, 0x82, 0xec, 0x42, 0xdb, 0x5a, 0x55, 0x24, 0x24,
+ 0xa2, 0xd1, 0x55, 0x29, 0xad, 0xeb, 0x02, 0x15, 0x00, 0xeb, 0xea, 0x17, 0xd2, 0x09, 0xb3,
+ 0xd7, 0x21, 0x9a, 0x21, 0x07, 0x82, 0x8f, 0xab, 0xfe, 0x88, 0x71, 0x68, 0xf7, 0xe3, 0x02,
+ 0x81, 0x80, 0x19, 0x1c, 0x71, 0xfd, 0xe0, 0x03, 0x0c, 0x43, 0xd9, 0x0b, 0xf6, 0xcd, 0xd6,
+ 0xa9, 0x70, 0xe7, 0x37, 0x86, 0x3a, 0x78, 0xe9, 0xa7, 0x47, 0xa7, 0x47, 0x06, 0x88, 0xb1,
+ 0xaf, 0xd7, 0xf3, 0xf1, 0xa1, 0xd7, 0x00, 0x61, 0x28, 0x88, 0x31, 0x48, 0x60, 0xd8, 0x11,
+ 0xef, 0xa5, 0x24, 0x1a, 0x81, 0xc4, 0x2a, 0xe2, 0xea, 0x0e, 0x36, 0xd2, 0xd2, 0x05, 0x84,
+ 0x37, 0xcf, 0x32, 0x7d, 0x09, 0xe6, 0x0f, 0x8b, 0x0c, 0xc8, 0xc2, 0xa4, 0xb1, 0xdc, 0x80,
+ 0xca, 0x68, 0xdf, 0xaf, 0xd2, 0x90, 0xc0, 0x37, 0x58, 0x54, 0x36, 0x8f, 0x49, 0xb8, 0x62,
+ 0x75, 0x8b, 0x48, 0x47, 0xc0, 0xbe, 0xf7, 0x9a, 0x92, 0xa6, 0x68, 0x05, 0xda, 0x9d, 0xaf,
+ 0x72, 0x9a, 0x67, 0xb3, 0xb4, 0x14, 0x03, 0xae, 0x4f, 0x4c, 0x76, 0xb9, 0xd8, 0x64, 0x0a,
+ 0xba, 0x3b, 0xa8, 0x00, 0x60, 0x4d, 0xae, 0x81, 0xc3, 0xc5, 0x04, 0x17, 0x02, 0x15, 0x00,
+ 0x81, 0x9d, 0xfd, 0x53, 0x0c, 0xc1, 0x8f, 0xbe, 0x8b, 0xea, 0x00, 0x26, 0x19, 0x29, 0x33,
+ 0x91, 0x84, 0xbe, 0xad, 0x81};
+unsigned int dsa_privkey_pk8_der_len = 335;
+
+unsigned char ec_privkey_pk8_der[] = {
+ 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce,
+ 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04,
+ 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, 0x73, 0x7c, 0x2e, 0xcd, 0x7b, 0x8d,
+ 0x19, 0x40, 0xbf, 0x29, 0x30, 0xaa, 0x9b, 0x4e, 0xd3, 0xff, 0x94, 0x1e, 0xed, 0x09,
+ 0x36, 0x6b, 0xc0, 0x32, 0x99, 0x98, 0x64, 0x81, 0xf3, 0xa4, 0xd8, 0x59, 0xa1, 0x44,
+ 0x03, 0x42, 0x00, 0x04, 0xbf, 0x85, 0xd7, 0x72, 0x0d, 0x07, 0xc2, 0x54, 0x61, 0x68,
+ 0x3b, 0xc6, 0x48, 0xb4, 0x77, 0x8a, 0x9a, 0x14, 0xdd, 0x8a, 0x02, 0x4e, 0x3b, 0xdd,
+ 0x8c, 0x7d, 0xdd, 0x9a, 0xb2, 0xb5, 0x28, 0xbb, 0xc7, 0xaa, 0x1b, 0x51, 0xf1, 0x4e,
+ 0xbb, 0xbb, 0x0b, 0xd0, 0xce, 0x21, 0xbc, 0xc4, 0x1c, 0x6e, 0xb0, 0x00, 0x83, 0xcf,
+ 0x33, 0x76, 0xd1, 0x1f, 0xd4, 0x49, 0x49, 0xe0, 0xb2, 0x18, 0x3b, 0xfe};
+unsigned int ec_privkey_pk8_der_len = 138;
+
+keymaster_key_param_t ec_params[] = {
+ keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_EC),
+ keymaster_param_long(KM_TAG_EC_CURVE, KM_EC_CURVE_P_521),
+ keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
+ keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY),
+ keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
+ keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
+};
+keymaster_key_param_set_t ec_param_set = {ec_params, sizeof(ec_params) / sizeof(*ec_params)};
+
+keymaster_key_param_t rsa_params[] = {
+ keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA),
+ keymaster_param_int(KM_TAG_KEY_SIZE, 1024),
+ keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, 65537),
+ keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
+ keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY),
+ keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
+ keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
+ keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
+};
+keymaster_key_param_set_t rsa_param_set = {rsa_params, sizeof(rsa_params) / sizeof(*rsa_params)};
+
+struct EVP_PKEY_Delete {
+ void operator()(EVP_PKEY* p) const { EVP_PKEY_free(p); }
+};
+
+struct EVP_PKEY_CTX_Delete {
+ void operator()(EVP_PKEY_CTX* p) { EVP_PKEY_CTX_free(p); }
+};
+
+static bool do_operation(TrustyKeymasterDevice* device, keymaster_purpose_t purpose,
+ keymaster_key_blob_t* key, keymaster_blob_t* input,
+ keymaster_blob_t* signature, keymaster_blob_t* output) {
+ keymaster_key_param_t params[] = {
+ keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
+ keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
+ };
+ keymaster_key_param_set_t param_set = {params, sizeof(params) / sizeof(*params)};
+ keymaster_operation_handle_t op_handle;
+ keymaster_error_t error = device->begin(purpose, key, ¶m_set, nullptr, &op_handle);
+ if (error != KM_ERROR_OK) {
+ printf("Keymaster begin() failed: %d\n", error);
+ return false;
+ }
+ size_t input_consumed;
+ error = device->update(op_handle, nullptr, input, &input_consumed, nullptr, nullptr);
+ if (error != KM_ERROR_OK) {
+ printf("Keymaster update() failed: %d\n", error);
+ return false;
+ }
+ if (input_consumed != input->data_length) {
+ // This should never happen. If it does, it's a bug in the keymaster implementation.
+ printf("Keymaster update() did not consume all data.\n");
+ device->abort(op_handle);
+ return false;
+ }
+ error = device->finish(op_handle, nullptr, nullptr, signature, nullptr, output);
+ if (error != KM_ERROR_OK) {
+ printf("Keymaster finish() failed: %d\n", error);
+ return false;
+ }
+ return true;
+}
+
+static bool test_import_rsa(TrustyKeymasterDevice* device) {
+ printf("===================\n");
+ printf("= RSA Import Test =\n");
+ printf("===================\n\n");
+
+ printf("=== Importing RSA keypair === \n");
+ keymaster_key_blob_t key;
+ keymaster_blob_t private_key = {rsa_privkey_pk8_der, rsa_privkey_pk8_der_len};
+ int error =
+ device->import_key(&rsa_param_set, KM_KEY_FORMAT_PKCS8, &private_key, &key, nullptr);
+ if (error != KM_ERROR_OK) {
+ printf("Error importing RSA key: %d\n\n", error);
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> key_deleter(key.key_material);
+
+ printf("=== Signing with imported RSA key ===\n");
+ size_t message_len = 1024 / 8;
+ std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
+ memset(message.get(), 'a', message_len);
+ keymaster_blob_t input = {message.get(), message_len}, signature;
+
+ if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
+ printf("Error signing data with imported RSA key\n\n");
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
+
+ printf("=== Verifying with imported RSA key === \n");
+ if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
+ printf("Error verifying data with imported RSA key\n\n");
+ return false;
+ }
+
+ printf("\n");
+ return true;
+}
+
+static bool test_rsa(TrustyKeymasterDevice* device) {
+ printf("============\n");
+ printf("= RSA Test =\n");
+ printf("============\n\n");
+
+ printf("=== Generating RSA key pair ===\n");
+ keymaster_key_blob_t key;
+ int error = device->generate_key(&rsa_param_set, &key, nullptr);
+ if (error != KM_ERROR_OK) {
+ printf("Error generating RSA key pair: %d\n\n", error);
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> key_deleter(key.key_material);
+
+ printf("=== Signing with RSA key === \n");
+ size_t message_len = 1024 / 8;
+ std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
+ memset(message.get(), 'a', message_len);
+ keymaster_blob_t input = {message.get(), message_len}, signature;
+
+ if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
+ printf("Error signing data with RSA key\n\n");
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
+
+ printf("=== Verifying with RSA key === \n");
+ if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
+ printf("Error verifying data with RSA key\n\n");
+ return false;
+ }
+
+ printf("=== Exporting RSA public key ===\n");
+ keymaster_blob_t exported_key;
+ error = device->export_key(KM_KEY_FORMAT_X509, &key, nullptr, nullptr, &exported_key);
+ if (error != KM_ERROR_OK) {
+ printf("Error exporting RSA public key: %d\n\n", error);
+ return false;
+ }
+
+ printf("=== Verifying with exported key ===\n");
+ const uint8_t* tmp = exported_key.data;
+ std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(
+ d2i_PUBKEY(NULL, &tmp, exported_key.data_length));
+ std::unique_ptr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx(EVP_PKEY_CTX_new(pkey.get(), NULL));
+ if (EVP_PKEY_verify_init(ctx.get()) != 1) {
+ printf("Error initializing openss EVP context\n\n");
+ return false;
+ }
+ if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) {
+ printf("Exported key was the wrong type?!?\n\n");
+ return false;
+ }
+
+ EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_NO_PADDING);
+ if (EVP_PKEY_verify(ctx.get(), signature.data, signature.data_length, message.get(),
+ message_len) != 1) {
+ printf("Verification with exported pubkey failed.\n\n");
+ return false;
+ } else {
+ printf("Verification succeeded\n");
+ }
+
+ printf("\n");
+ return true;
+}
+
+static bool test_import_ecdsa(TrustyKeymasterDevice* device) {
+ printf("=====================\n");
+ printf("= ECDSA Import Test =\n");
+ printf("=====================\n\n");
+
+ printf("=== Importing ECDSA keypair === \n");
+ keymaster_key_blob_t key;
+ keymaster_blob_t private_key = {ec_privkey_pk8_der, ec_privkey_pk8_der_len};
+ int error = device->import_key(&ec_param_set, KM_KEY_FORMAT_PKCS8, &private_key, &key, nullptr);
+ if (error != KM_ERROR_OK) {
+ printf("Error importing ECDSA key: %d\n\n", error);
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> deleter(key.key_material);
+
+ printf("=== Signing with imported ECDSA key ===\n");
+ size_t message_len = 30 /* arbitrary */;
+ std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
+ memset(message.get(), 'a', message_len);
+ keymaster_blob_t input = {message.get(), message_len}, signature;
+
+ if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
+ printf("Error signing data with imported ECDSA key\n\n");
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
+
+ printf("=== Verifying with imported ECDSA key === \n");
+ if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
+ printf("Error verifying data with imported ECDSA key\n\n");
+ return false;
+ }
+
+ printf("\n");
+ return true;
+}
+
+static bool test_ecdsa(TrustyKeymasterDevice* device) {
+ printf("==============\n");
+ printf("= ECDSA Test =\n");
+ printf("==============\n\n");
+
+ printf("=== Generating ECDSA key pair ===\n");
+ keymaster_key_blob_t key;
+ int error = device->generate_key(&ec_param_set, &key, nullptr);
+ if (error != KM_ERROR_OK) {
+ printf("Error generating ECDSA key pair: %d\n\n", error);
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> key_deleter(key.key_material);
+
+ printf("=== Signing with ECDSA key === \n");
+ size_t message_len = 30 /* arbitrary */;
+ std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
+ memset(message.get(), 'a', message_len);
+ keymaster_blob_t input = {message.get(), message_len}, signature;
+
+ if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
+ printf("Error signing data with ECDSA key\n\n");
+ return false;
+ }
+ std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
+
+ printf("=== Verifying with ECDSA key === \n");
+ if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
+ printf("Error verifying data with ECDSA key\n\n");
+ return false;
+ }
+
+ printf("=== Exporting ECDSA public key ===\n");
+ keymaster_blob_t exported_key;
+ error = device->export_key(KM_KEY_FORMAT_X509, &key, nullptr, nullptr, &exported_key);
+ if (error != KM_ERROR_OK) {
+ printf("Error exporting ECDSA public key: %d\n\n", error);
+ return false;
+ }
+
+ printf("=== Verifying with exported key ===\n");
+ const uint8_t* tmp = exported_key.data;
+ std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(
+ d2i_PUBKEY(NULL, &tmp, exported_key.data_length));
+ std::unique_ptr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx(EVP_PKEY_CTX_new(pkey.get(), NULL));
+ if (EVP_PKEY_verify_init(ctx.get()) != 1) {
+ printf("Error initializing openssl EVP context\n\n");
+ return false;
+ }
+ if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) {
+ printf("Exported key was the wrong type?!?\n\n");
+ return false;
+ }
+
+ if (EVP_PKEY_verify(ctx.get(), signature.data, signature.data_length, message.get(),
+ message_len) != 1) {
+ printf("Verification with exported pubkey failed.\n\n");
+ return false;
+ } else {
+ printf("Verification succeeded\n");
+ }
+
+ printf("\n");
+ return true;
+}
+
+int main(void) {
+ TrustyKeymasterDevice device(NULL);
+ keymaster::ConfigureDevice(reinterpret_cast<keymaster2_device_t*>(&device));
+ if (device.session_error() != KM_ERROR_OK) {
+ printf("Failed to initialize Trusty session: %d\n", device.session_error());
+ return 1;
+ }
+ printf("Trusty session initialized\n");
+
+ bool success = true;
+ success &= test_rsa(&device);
+ success &= test_import_rsa(&device);
+ success &= test_ecdsa(&device);
+ success &= test_import_ecdsa(&device);
+
+ if (success) {
+ printf("\nTESTS PASSED!\n");
+ } else {
+ printf("\n!!!!TESTS FAILED!!!\n");
+ }
+
+ return success ? 0 : 1;
+}
diff --git a/trusty/keymaster/trusty_keymaster_ipc.cpp b/trusty/keymaster/trusty_keymaster_ipc.cpp
deleted file mode 100644
index 686e7ae..0000000
--- a/trusty/keymaster/trusty_keymaster_ipc.cpp
+++ /dev/null
@@ -1,112 +0,0 @@
-/*
- * Copyright (C) 2015 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#define LOG_TAG "TrustyKeymaster"
-
-// TODO: make this generic in libtrusty
-
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/uio.h>
-#include <unistd.h>
-
-#include <algorithm>
-
-#include <log/log.h>
-#include <trusty/tipc.h>
-
-#include "keymaster_ipc.h"
-#include "trusty_keymaster_ipc.h"
-
-#define TRUSTY_DEVICE_NAME "/dev/trusty-ipc-dev0"
-
-static int handle_ = -1;
-
-int trusty_keymaster_connect() {
- int rc = tipc_connect(TRUSTY_DEVICE_NAME, KEYMASTER_PORT);
- if (rc < 0) {
- return rc;
- }
-
- handle_ = rc;
- return 0;
-}
-
-int trusty_keymaster_call(uint32_t cmd, void* in, uint32_t in_size, uint8_t* out,
- uint32_t* out_size) {
- if (handle_ < 0) {
- ALOGE("not connected\n");
- return -EINVAL;
- }
-
- size_t msg_size = in_size + sizeof(struct keymaster_message);
- struct keymaster_message* msg = reinterpret_cast<struct keymaster_message*>(malloc(msg_size));
- if (!msg) {
- ALOGE("failed to allocate msg buffer\n");
- return -EINVAL;
- }
-
- msg->cmd = cmd;
- memcpy(msg->payload, in, in_size);
-
- ssize_t rc = write(handle_, msg, msg_size);
- free(msg);
-
- if (rc < 0) {
- ALOGE("failed to send cmd (%d) to %s: %s\n", cmd, KEYMASTER_PORT, strerror(errno));
- return -errno;
- }
- size_t out_max_size = *out_size;
- *out_size = 0;
- struct iovec iov[2];
- struct keymaster_message header;
- iov[0] = {.iov_base = &header, .iov_len = sizeof(struct keymaster_message)};
- while (true) {
- iov[1] = {
- .iov_base = out + *out_size,
- .iov_len = std::min<uint32_t>(KEYMASTER_MAX_BUFFER_LENGTH, out_max_size - *out_size)};
- rc = readv(handle_, iov, 2);
- if (rc < 0) {
- ALOGE("failed to retrieve response for cmd (%d) to %s: %s\n", cmd, KEYMASTER_PORT,
- strerror(errno));
- return -errno;
- }
-
- if ((size_t)rc < sizeof(struct keymaster_message)) {
- ALOGE("invalid response size (%d)\n", (int)rc);
- return -EINVAL;
- }
-
- if ((cmd | KEYMASTER_RESP_BIT) != (header.cmd & ~(KEYMASTER_STOP_BIT))) {
- ALOGE("invalid command (%d)", header.cmd);
- return -EINVAL;
- }
- *out_size += ((size_t)rc - sizeof(struct keymaster_message));
- if (header.cmd & KEYMASTER_STOP_BIT) {
- break;
- }
- }
-
- return rc;
-}
-
-void trusty_keymaster_disconnect() {
- if (handle_ >= 0) {
- tipc_close(handle_);
- }
- handle_ = -1;
-}
diff --git a/trusty/keymaster/trusty_keymaster_main.cpp b/trusty/keymaster/trusty_keymaster_main.cpp
deleted file mode 100644
index ed78b7f..0000000
--- a/trusty/keymaster/trusty_keymaster_main.cpp
+++ /dev/null
@@ -1,401 +0,0 @@
-/*
- * Copyright 2014 The Android Open Source Project
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-#include <keymaster/keymaster_configuration.h>
-
-#include <stdio.h>
-#include <memory>
-
-#include <openssl/evp.h>
-#include <openssl/x509.h>
-
-#include "trusty_keymaster_device.h"
-
-using keymaster::TrustyKeymasterDevice;
-
-unsigned char rsa_privkey_pk8_der[] = {
- 0x30, 0x82, 0x02, 0x75, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
- 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x5f, 0x30, 0x82, 0x02, 0x5b, 0x02, 0x01,
- 0x00, 0x02, 0x81, 0x81, 0x00, 0xc6, 0x09, 0x54, 0x09, 0x04, 0x7d, 0x86, 0x34, 0x81, 0x2d, 0x5a,
- 0x21, 0x81, 0x76, 0xe4, 0x5c, 0x41, 0xd6, 0x0a, 0x75, 0xb1, 0x39, 0x01, 0xf2, 0x34, 0x22, 0x6c,
- 0xff, 0xe7, 0x76, 0x52, 0x1c, 0x5a, 0x77, 0xb9, 0xe3, 0x89, 0x41, 0x7b, 0x71, 0xc0, 0xb6, 0xa4,
- 0x4d, 0x13, 0xaf, 0xe4, 0xe4, 0xa2, 0x80, 0x5d, 0x46, 0xc9, 0xda, 0x29, 0x35, 0xad, 0xb1, 0xff,
- 0x0c, 0x1f, 0x24, 0xea, 0x06, 0xe6, 0x2b, 0x20, 0xd7, 0x76, 0x43, 0x0a, 0x4d, 0x43, 0x51, 0x57,
- 0x23, 0x3c, 0x6f, 0x91, 0x67, 0x83, 0xc3, 0x0e, 0x31, 0x0f, 0xcb, 0xd8, 0x9b, 0x85, 0xc2, 0xd5,
- 0x67, 0x71, 0x16, 0x97, 0x85, 0xac, 0x12, 0xbc, 0xa2, 0x44, 0xab, 0xda, 0x72, 0xbf, 0xb1, 0x9f,
- 0xc4, 0x4d, 0x27, 0xc8, 0x1e, 0x1d, 0x92, 0xde, 0x28, 0x4f, 0x40, 0x61, 0xed, 0xfd, 0x99, 0x28,
- 0x07, 0x45, 0xea, 0x6d, 0x25, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x1b, 0xe0, 0xf0,
- 0x4d, 0x9c, 0xae, 0x37, 0x18, 0x69, 0x1f, 0x03, 0x53, 0x38, 0x30, 0x8e, 0x91, 0x56, 0x4b, 0x55,
- 0x89, 0x9f, 0xfb, 0x50, 0x84, 0xd2, 0x46, 0x0e, 0x66, 0x30, 0x25, 0x7e, 0x05, 0xb3, 0xce, 0xab,
- 0x02, 0x97, 0x2d, 0xfa, 0xbc, 0xd6, 0xce, 0x5f, 0x6e, 0xe2, 0x58, 0x9e, 0xb6, 0x79, 0x11, 0xed,
- 0x0f, 0xac, 0x16, 0xe4, 0x3a, 0x44, 0x4b, 0x8c, 0x86, 0x1e, 0x54, 0x4a, 0x05, 0x93, 0x36, 0x57,
- 0x72, 0xf8, 0xba, 0xf6, 0xb2, 0x2f, 0xc9, 0xe3, 0xc5, 0xf1, 0x02, 0x4b, 0x06, 0x3a, 0xc0, 0x80,
- 0xa7, 0xb2, 0x23, 0x4c, 0xf8, 0xae, 0xe8, 0xf6, 0xc4, 0x7b, 0xbf, 0x4f, 0xd3, 0xac, 0xe7, 0x24,
- 0x02, 0x90, 0xbe, 0xf1, 0x6c, 0x0b, 0x3f, 0x7f, 0x3c, 0xdd, 0x64, 0xce, 0x3a, 0xb5, 0x91, 0x2c,
- 0xf6, 0xe3, 0x2f, 0x39, 0xab, 0x18, 0x83, 0x58, 0xaf, 0xcc, 0xcd, 0x80, 0x81, 0x02, 0x41, 0x00,
- 0xe4, 0xb4, 0x9e, 0xf5, 0x0f, 0x76, 0x5d, 0x3b, 0x24, 0xdd, 0xe0, 0x1a, 0xce, 0xaa, 0xf1, 0x30,
- 0xf2, 0xc7, 0x66, 0x70, 0xa9, 0x1a, 0x61, 0xae, 0x08, 0xaf, 0x49, 0x7b, 0x4a, 0x82, 0xbe, 0x6d,
- 0xee, 0x8f, 0xcd, 0xd5, 0xe3, 0xf7, 0xba, 0x1c, 0xfb, 0x1f, 0x0c, 0x92, 0x6b, 0x88, 0xf8, 0x8c,
- 0x92, 0xbf, 0xab, 0x13, 0x7f, 0xba, 0x22, 0x85, 0x22, 0x7b, 0x83, 0xc3, 0x42, 0xff, 0x7c, 0x55,
- 0x02, 0x41, 0x00, 0xdd, 0xab, 0xb5, 0x83, 0x9c, 0x4c, 0x7f, 0x6b, 0xf3, 0xd4, 0x18, 0x32, 0x31,
- 0xf0, 0x05, 0xb3, 0x1a, 0xa5, 0x8a, 0xff, 0xdd, 0xa5, 0xc7, 0x9e, 0x4c, 0xce, 0x21, 0x7f, 0x6b,
- 0xc9, 0x30, 0xdb, 0xe5, 0x63, 0xd4, 0x80, 0x70, 0x6c, 0x24, 0xe9, 0xeb, 0xfc, 0xab, 0x28, 0xa6,
- 0xcd, 0xef, 0xd3, 0x24, 0xb7, 0x7e, 0x1b, 0xf7, 0x25, 0x1b, 0x70, 0x90, 0x92, 0xc2, 0x4f, 0xf5,
- 0x01, 0xfd, 0x91, 0x02, 0x40, 0x23, 0xd4, 0x34, 0x0e, 0xda, 0x34, 0x45, 0xd8, 0xcd, 0x26, 0xc1,
- 0x44, 0x11, 0xda, 0x6f, 0xdc, 0xa6, 0x3c, 0x1c, 0xcd, 0x4b, 0x80, 0xa9, 0x8a, 0xd5, 0x2b, 0x78,
- 0xcc, 0x8a, 0xd8, 0xbe, 0xb2, 0x84, 0x2c, 0x1d, 0x28, 0x04, 0x05, 0xbc, 0x2f, 0x6c, 0x1b, 0xea,
- 0x21, 0x4a, 0x1d, 0x74, 0x2a, 0xb9, 0x96, 0xb3, 0x5b, 0x63, 0xa8, 0x2a, 0x5e, 0x47, 0x0f, 0xa8,
- 0x8d, 0xbf, 0x82, 0x3c, 0xdd, 0x02, 0x40, 0x1b, 0x7b, 0x57, 0x44, 0x9a, 0xd3, 0x0d, 0x15, 0x18,
- 0x24, 0x9a, 0x5f, 0x56, 0xbb, 0x98, 0x29, 0x4d, 0x4b, 0x6a, 0xc1, 0x2f, 0xfc, 0x86, 0x94, 0x04,
- 0x97, 0xa5, 0xa5, 0x83, 0x7a, 0x6c, 0xf9, 0x46, 0x26, 0x2b, 0x49, 0x45, 0x26, 0xd3, 0x28, 0xc1,
- 0x1e, 0x11, 0x26, 0x38, 0x0f, 0xde, 0x04, 0xc2, 0x4f, 0x91, 0x6d, 0xec, 0x25, 0x08, 0x92, 0xdb,
- 0x09, 0xa6, 0xd7, 0x7c, 0xdb, 0xa3, 0x51, 0x02, 0x40, 0x77, 0x62, 0xcd, 0x8f, 0x4d, 0x05, 0x0d,
- 0xa5, 0x6b, 0xd5, 0x91, 0xad, 0xb5, 0x15, 0xd2, 0x4d, 0x7c, 0xcd, 0x32, 0xcc, 0xa0, 0xd0, 0x5f,
- 0x86, 0x6d, 0x58, 0x35, 0x14, 0xbd, 0x73, 0x24, 0xd5, 0xf3, 0x36, 0x45, 0xe8, 0xed, 0x8b, 0x4a,
- 0x1c, 0xb3, 0xcc, 0x4a, 0x1d, 0x67, 0x98, 0x73, 0x99, 0xf2, 0xa0, 0x9f, 0x5b, 0x3f, 0xb6, 0x8c,
- 0x88, 0xd5, 0xe5, 0xd9, 0x0a, 0xc3, 0x34, 0x92, 0xd6};
-unsigned int rsa_privkey_pk8_der_len = 633;
-
-unsigned char dsa_privkey_pk8_der[] = {
- 0x30, 0x82, 0x01, 0x4b, 0x02, 0x01, 0x00, 0x30, 0x82, 0x01, 0x2b, 0x06, 0x07, 0x2a, 0x86, 0x48,
- 0xce, 0x38, 0x04, 0x01, 0x30, 0x82, 0x01, 0x1e, 0x02, 0x81, 0x81, 0x00, 0xa3, 0xf3, 0xe9, 0xb6,
- 0x7e, 0x7d, 0x88, 0xf6, 0xb7, 0xe5, 0xf5, 0x1f, 0x3b, 0xee, 0xac, 0xd7, 0xad, 0xbc, 0xc9, 0xd1,
- 0x5a, 0xf8, 0x88, 0xc4, 0xef, 0x6e, 0x3d, 0x74, 0x19, 0x74, 0xe7, 0xd8, 0xe0, 0x26, 0x44, 0x19,
- 0x86, 0xaf, 0x19, 0xdb, 0x05, 0xe9, 0x3b, 0x8b, 0x58, 0x58, 0xde, 0xe5, 0x4f, 0x48, 0x15, 0x01,
- 0xea, 0xe6, 0x83, 0x52, 0xd7, 0xc1, 0x21, 0xdf, 0xb9, 0xb8, 0x07, 0x66, 0x50, 0xfb, 0x3a, 0x0c,
- 0xb3, 0x85, 0xee, 0xbb, 0x04, 0x5f, 0xc2, 0x6d, 0x6d, 0x95, 0xfa, 0x11, 0x93, 0x1e, 0x59, 0x5b,
- 0xb1, 0x45, 0x8d, 0xe0, 0x3d, 0x73, 0xaa, 0xf2, 0x41, 0x14, 0x51, 0x07, 0x72, 0x3d, 0xa2, 0xf7,
- 0x58, 0xcd, 0x11, 0xa1, 0x32, 0xcf, 0xda, 0x42, 0xb7, 0xcc, 0x32, 0x80, 0xdb, 0x87, 0x82, 0xec,
- 0x42, 0xdb, 0x5a, 0x55, 0x24, 0x24, 0xa2, 0xd1, 0x55, 0x29, 0xad, 0xeb, 0x02, 0x15, 0x00, 0xeb,
- 0xea, 0x17, 0xd2, 0x09, 0xb3, 0xd7, 0x21, 0x9a, 0x21, 0x07, 0x82, 0x8f, 0xab, 0xfe, 0x88, 0x71,
- 0x68, 0xf7, 0xe3, 0x02, 0x81, 0x80, 0x19, 0x1c, 0x71, 0xfd, 0xe0, 0x03, 0x0c, 0x43, 0xd9, 0x0b,
- 0xf6, 0xcd, 0xd6, 0xa9, 0x70, 0xe7, 0x37, 0x86, 0x3a, 0x78, 0xe9, 0xa7, 0x47, 0xa7, 0x47, 0x06,
- 0x88, 0xb1, 0xaf, 0xd7, 0xf3, 0xf1, 0xa1, 0xd7, 0x00, 0x61, 0x28, 0x88, 0x31, 0x48, 0x60, 0xd8,
- 0x11, 0xef, 0xa5, 0x24, 0x1a, 0x81, 0xc4, 0x2a, 0xe2, 0xea, 0x0e, 0x36, 0xd2, 0xd2, 0x05, 0x84,
- 0x37, 0xcf, 0x32, 0x7d, 0x09, 0xe6, 0x0f, 0x8b, 0x0c, 0xc8, 0xc2, 0xa4, 0xb1, 0xdc, 0x80, 0xca,
- 0x68, 0xdf, 0xaf, 0xd2, 0x90, 0xc0, 0x37, 0x58, 0x54, 0x36, 0x8f, 0x49, 0xb8, 0x62, 0x75, 0x8b,
- 0x48, 0x47, 0xc0, 0xbe, 0xf7, 0x9a, 0x92, 0xa6, 0x68, 0x05, 0xda, 0x9d, 0xaf, 0x72, 0x9a, 0x67,
- 0xb3, 0xb4, 0x14, 0x03, 0xae, 0x4f, 0x4c, 0x76, 0xb9, 0xd8, 0x64, 0x0a, 0xba, 0x3b, 0xa8, 0x00,
- 0x60, 0x4d, 0xae, 0x81, 0xc3, 0xc5, 0x04, 0x17, 0x02, 0x15, 0x00, 0x81, 0x9d, 0xfd, 0x53, 0x0c,
- 0xc1, 0x8f, 0xbe, 0x8b, 0xea, 0x00, 0x26, 0x19, 0x29, 0x33, 0x91, 0x84, 0xbe, 0xad, 0x81};
-unsigned int dsa_privkey_pk8_der_len = 335;
-
-unsigned char ec_privkey_pk8_der[] = {
- 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
- 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02,
- 0x01, 0x01, 0x04, 0x20, 0x73, 0x7c, 0x2e, 0xcd, 0x7b, 0x8d, 0x19, 0x40, 0xbf, 0x29, 0x30, 0xaa,
- 0x9b, 0x4e, 0xd3, 0xff, 0x94, 0x1e, 0xed, 0x09, 0x36, 0x6b, 0xc0, 0x32, 0x99, 0x98, 0x64, 0x81,
- 0xf3, 0xa4, 0xd8, 0x59, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xbf, 0x85, 0xd7, 0x72, 0x0d, 0x07,
- 0xc2, 0x54, 0x61, 0x68, 0x3b, 0xc6, 0x48, 0xb4, 0x77, 0x8a, 0x9a, 0x14, 0xdd, 0x8a, 0x02, 0x4e,
- 0x3b, 0xdd, 0x8c, 0x7d, 0xdd, 0x9a, 0xb2, 0xb5, 0x28, 0xbb, 0xc7, 0xaa, 0x1b, 0x51, 0xf1, 0x4e,
- 0xbb, 0xbb, 0x0b, 0xd0, 0xce, 0x21, 0xbc, 0xc4, 0x1c, 0x6e, 0xb0, 0x00, 0x83, 0xcf, 0x33, 0x76,
- 0xd1, 0x1f, 0xd4, 0x49, 0x49, 0xe0, 0xb2, 0x18, 0x3b, 0xfe};
-unsigned int ec_privkey_pk8_der_len = 138;
-
-keymaster_key_param_t ec_params[] = {
- keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_EC),
- keymaster_param_long(KM_TAG_EC_CURVE, KM_EC_CURVE_P_521),
- keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
- keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY),
- keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
- keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
-};
-keymaster_key_param_set_t ec_param_set = {ec_params, sizeof(ec_params) / sizeof(*ec_params)};
-
-keymaster_key_param_t rsa_params[] = {
- keymaster_param_enum(KM_TAG_ALGORITHM, KM_ALGORITHM_RSA),
- keymaster_param_int(KM_TAG_KEY_SIZE, 1024),
- keymaster_param_long(KM_TAG_RSA_PUBLIC_EXPONENT, 65537),
- keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_SIGN),
- keymaster_param_enum(KM_TAG_PURPOSE, KM_PURPOSE_VERIFY),
- keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
- keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
- keymaster_param_bool(KM_TAG_NO_AUTH_REQUIRED),
-};
-keymaster_key_param_set_t rsa_param_set = {rsa_params, sizeof(rsa_params) / sizeof(*rsa_params)};
-
-struct EVP_PKEY_Delete {
- void operator()(EVP_PKEY* p) const { EVP_PKEY_free(p); }
-};
-
-struct EVP_PKEY_CTX_Delete {
- void operator()(EVP_PKEY_CTX* p) { EVP_PKEY_CTX_free(p); }
-};
-
-static bool do_operation(TrustyKeymasterDevice* device, keymaster_purpose_t purpose,
- keymaster_key_blob_t* key, keymaster_blob_t* input,
- keymaster_blob_t* signature, keymaster_blob_t* output) {
- keymaster_key_param_t params[] = {
- keymaster_param_enum(KM_TAG_PADDING, KM_PAD_NONE),
- keymaster_param_enum(KM_TAG_DIGEST, KM_DIGEST_NONE),
- };
- keymaster_key_param_set_t param_set = {params, sizeof(params) / sizeof(*params)};
- keymaster_operation_handle_t op_handle;
- keymaster_error_t error = device->begin(purpose, key, ¶m_set, nullptr, &op_handle);
- if (error != KM_ERROR_OK) {
- printf("Keymaster begin() failed: %d\n", error);
- return false;
- }
- size_t input_consumed;
- error = device->update(op_handle, nullptr, input, &input_consumed, nullptr, nullptr);
- if (error != KM_ERROR_OK) {
- printf("Keymaster update() failed: %d\n", error);
- return false;
- }
- if (input_consumed != input->data_length) {
- // This should never happen. If it does, it's a bug in the keymaster implementation.
- printf("Keymaster update() did not consume all data.\n");
- device->abort(op_handle);
- return false;
- }
- error = device->finish(op_handle, nullptr, nullptr, signature, nullptr, output);
- if (error != KM_ERROR_OK) {
- printf("Keymaster finish() failed: %d\n", error);
- return false;
- }
- return true;
-}
-
-static bool test_import_rsa(TrustyKeymasterDevice* device) {
- printf("===================\n");
- printf("= RSA Import Test =\n");
- printf("===================\n\n");
-
- printf("=== Importing RSA keypair === \n");
- keymaster_key_blob_t key;
- keymaster_blob_t private_key = {rsa_privkey_pk8_der, rsa_privkey_pk8_der_len};
- int error = device->import_key(&rsa_param_set, KM_KEY_FORMAT_PKCS8, &private_key, &key, nullptr);
- if (error != KM_ERROR_OK) {
- printf("Error importing RSA key: %d\n\n", error);
- return false;
- }
- std::unique_ptr<const uint8_t[]> key_deleter(key.key_material);
-
- printf("=== Signing with imported RSA key ===\n");
- size_t message_len = 1024 / 8;
- std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
- memset(message.get(), 'a', message_len);
- keymaster_blob_t input = {message.get(), message_len}, signature;
-
- if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
- printf("Error signing data with imported RSA key\n\n");
- return false;
- }
- std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
-
- printf("=== Verifying with imported RSA key === \n");
- if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
- printf("Error verifying data with imported RSA key\n\n");
- return false;
- }
-
- printf("\n");
- return true;
-}
-
-static bool test_rsa(TrustyKeymasterDevice* device) {
- printf("============\n");
- printf("= RSA Test =\n");
- printf("============\n\n");
-
- printf("=== Generating RSA key pair ===\n");
- keymaster_key_blob_t key;
- int error = device->generate_key(&rsa_param_set, &key, nullptr);
- if (error != KM_ERROR_OK) {
- printf("Error generating RSA key pair: %d\n\n", error);
- return false;
- }
- std::unique_ptr<const uint8_t[]> key_deleter(key.key_material);
-
- printf("=== Signing with RSA key === \n");
- size_t message_len = 1024 / 8;
- std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
- memset(message.get(), 'a', message_len);
- keymaster_blob_t input = {message.get(), message_len}, signature;
-
- if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
- printf("Error signing data with RSA key\n\n");
- return false;
- }
- std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
-
- printf("=== Verifying with RSA key === \n");
- if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
- printf("Error verifying data with RSA key\n\n");
- return false;
- }
-
- printf("=== Exporting RSA public key ===\n");
- keymaster_blob_t exported_key;
- error = device->export_key(KM_KEY_FORMAT_X509, &key, nullptr, nullptr, &exported_key);
- if (error != KM_ERROR_OK) {
- printf("Error exporting RSA public key: %d\n\n", error);
- return false;
- }
-
- printf("=== Verifying with exported key ===\n");
- const uint8_t* tmp = exported_key.data;
- std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(
- d2i_PUBKEY(NULL, &tmp, exported_key.data_length));
- std::unique_ptr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx(EVP_PKEY_CTX_new(pkey.get(), NULL));
- if (EVP_PKEY_verify_init(ctx.get()) != 1) {
- printf("Error initializing openss EVP context\n\n");
- return false;
- }
- if (EVP_PKEY_type(pkey->type) != EVP_PKEY_RSA) {
- printf("Exported key was the wrong type?!?\n\n");
- return false;
- }
-
- EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_NO_PADDING);
- if (EVP_PKEY_verify(ctx.get(), signature.data, signature.data_length, message.get(),
- message_len) != 1) {
- printf("Verification with exported pubkey failed.\n\n");
- return false;
- } else {
- printf("Verification succeeded\n");
- }
-
- printf("\n");
- return true;
-}
-
-static bool test_import_ecdsa(TrustyKeymasterDevice* device) {
- printf("=====================\n");
- printf("= ECDSA Import Test =\n");
- printf("=====================\n\n");
-
- printf("=== Importing ECDSA keypair === \n");
- keymaster_key_blob_t key;
- keymaster_blob_t private_key = {ec_privkey_pk8_der, ec_privkey_pk8_der_len};
- int error = device->import_key(&ec_param_set, KM_KEY_FORMAT_PKCS8, &private_key, &key, nullptr);
- if (error != KM_ERROR_OK) {
- printf("Error importing ECDSA key: %d\n\n", error);
- return false;
- }
- std::unique_ptr<const uint8_t[]> deleter(key.key_material);
-
- printf("=== Signing with imported ECDSA key ===\n");
- size_t message_len = 30 /* arbitrary */;
- std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
- memset(message.get(), 'a', message_len);
- keymaster_blob_t input = {message.get(), message_len}, signature;
-
- if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
- printf("Error signing data with imported ECDSA key\n\n");
- return false;
- }
- std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
-
- printf("=== Verifying with imported ECDSA key === \n");
- if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
- printf("Error verifying data with imported ECDSA key\n\n");
- return false;
- }
-
- printf("\n");
- return true;
-}
-
-static bool test_ecdsa(TrustyKeymasterDevice* device) {
- printf("==============\n");
- printf("= ECDSA Test =\n");
- printf("==============\n\n");
-
- printf("=== Generating ECDSA key pair ===\n");
- keymaster_key_blob_t key;
- int error = device->generate_key(&ec_param_set, &key, nullptr);
- if (error != KM_ERROR_OK) {
- printf("Error generating ECDSA key pair: %d\n\n", error);
- return false;
- }
- std::unique_ptr<const uint8_t[]> key_deleter(key.key_material);
-
- printf("=== Signing with ECDSA key === \n");
- size_t message_len = 30 /* arbitrary */;
- std::unique_ptr<uint8_t[]> message(new uint8_t[message_len]);
- memset(message.get(), 'a', message_len);
- keymaster_blob_t input = {message.get(), message_len}, signature;
-
- if (!do_operation(device, KM_PURPOSE_SIGN, &key, &input, nullptr, &signature)) {
- printf("Error signing data with ECDSA key\n\n");
- return false;
- }
- std::unique_ptr<const uint8_t[]> signature_deleter(signature.data);
-
- printf("=== Verifying with ECDSA key === \n");
- if (!do_operation(device, KM_PURPOSE_VERIFY, &key, &input, &signature, nullptr)) {
- printf("Error verifying data with ECDSA key\n\n");
- return false;
- }
-
- printf("=== Exporting ECDSA public key ===\n");
- keymaster_blob_t exported_key;
- error = device->export_key(KM_KEY_FORMAT_X509, &key, nullptr, nullptr, &exported_key);
- if (error != KM_ERROR_OK) {
- printf("Error exporting ECDSA public key: %d\n\n", error);
- return false;
- }
-
- printf("=== Verifying with exported key ===\n");
- const uint8_t* tmp = exported_key.data;
- std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(
- d2i_PUBKEY(NULL, &tmp, exported_key.data_length));
- std::unique_ptr<EVP_PKEY_CTX, EVP_PKEY_CTX_Delete> ctx(EVP_PKEY_CTX_new(pkey.get(), NULL));
- if (EVP_PKEY_verify_init(ctx.get()) != 1) {
- printf("Error initializing openssl EVP context\n\n");
- return false;
- }
- if (EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) {
- printf("Exported key was the wrong type?!?\n\n");
- return false;
- }
-
- if (EVP_PKEY_verify(ctx.get(), signature.data, signature.data_length, message.get(),
- message_len) != 1) {
- printf("Verification with exported pubkey failed.\n\n");
- return false;
- } else {
- printf("Verification succeeded\n");
- }
-
- printf("\n");
- return true;
-}
-
-int main(void) {
- TrustyKeymasterDevice device(NULL);
- keymaster::ConfigureDevice(reinterpret_cast<keymaster2_device_t*>(&device));
- if (device.session_error() != KM_ERROR_OK) {
- printf("Failed to initialize Trusty session: %d\n", device.session_error());
- return 1;
- }
- printf("Trusty session initialized\n");
-
- bool success = true;
- success &= test_rsa(&device);
- success &= test_import_rsa(&device);
- success &= test_ecdsa(&device);
- success &= test_import_ecdsa(&device);
-
- if (success) {
- printf("\nTESTS PASSED!\n");
- } else {
- printf("\n!!!!TESTS FAILED!!!\n");
- }
-
- return success ? 0 : 1;
-}
diff --git a/trusty/trusty-base.mk b/trusty/trusty-base.mk
index 9c3a7df..0a0ecec 100644
--- a/trusty/trusty-base.mk
+++ b/trusty/trusty-base.mk
@@ -20,7 +20,7 @@
#
PRODUCT_PACKAGES += \
- keystore.trusty \
+ android.hardware.keymaster@3.0-service.trusty \
gatekeeper.trusty
PRODUCT_PROPERTY_OVERRIDES += \