Merge "Change KeyParameters to use a union." (d389d165) · Commits · e / os / android_hardware_interfaces

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameter.aidl

+2 −5

Original line number	Diff line number	Diff line
		@@ -16,11 +16,8 @@
		// later when a module using the interface is updated, e.g., Mainline modules.

		package android.hardware.security.keymint;
		@VintfStability
		@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
		parcelable KeyParameter {
		android.hardware.security.keymint.Tag tag;
		boolean boolValue;
		int integer;
		long longInteger;
		byte[] blob;
		android.hardware.security.keymint.KeyParameterValue value;
		}

security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyDerivationFunction.aidl→security/keymint/aidl/aidl_api/android.hardware.security.keymint/current/android/hardware/security/keymint/KeyParameterValue.aidl

+17 −8

Original line number	Diff line number	Diff line
		@@ -16,12 +16,21 @@
		// later when a module using the interface is updated, e.g., Mainline modules.

		package android.hardware.security.keymint;
		@Backing(type="int") @VintfStability
		enum KeyDerivationFunction {
		NONE = 0,
		RFC5869_SHA256 = 1,
		ISO18033_2_KDF1_SHA1 = 2,
		ISO18033_2_KDF1_SHA256 = 3,
		ISO18033_2_KDF2_SHA1 = 4,
		ISO18033_2_KDF2_SHA256 = 5,
		@RustDerive(Clone=true, Eq=true, Hash=true, Ord=true, PartialEq=true, PartialOrd=true) @VintfStability
		union KeyParameterValue {
		int invalid;
		android.hardware.security.keymint.Algorithm algorithm;
		android.hardware.security.keymint.BlockMode blockMode;
		android.hardware.security.keymint.PaddingMode paddingMode;
		android.hardware.security.keymint.Digest digest;
		android.hardware.security.keymint.EcCurve ecCurve;
		android.hardware.security.keymint.KeyOrigin origin;
		android.hardware.security.keymint.KeyPurpose keyPurpose;
		android.hardware.security.keymint.HardwareAuthenticatorType hardwareAuthenticatorType;
		android.hardware.security.keymint.SecurityLevel securityLevel;
		boolean boolValue;
		int integer;
		long longInteger;
		long dateTime;
		byte[] blob;
		}

security/keymint/aidl/android/hardware/security/keymint/KeyParameter.aidl

+3 −27

Original line number	Diff line number	Diff line
		@@ -16,40 +16,16 @@

		package android.hardware.security.keymint;

		import android.hardware.security.keymint.Algorithm;
		import android.hardware.security.keymint.BlockMode;
		import android.hardware.security.keymint.Digest;
		import android.hardware.security.keymint.EcCurve;
		import android.hardware.security.keymint.HardwareAuthenticatorType;
		import android.hardware.security.keymint.KeyDerivationFunction;
		import android.hardware.security.keymint.KeyOrigin;
		import android.hardware.security.keymint.KeyPurpose;
		import android.hardware.security.keymint.PaddingMode;
		import android.hardware.security.keymint.SecurityLevel;
		import android.hardware.security.keymint.Tag;

		import android.hardware.security.keymint.KeyParameterValue;

		/**
		* Identifies the key authorization parameters to be used with keyMint. This is usually
		* provided as an array of KeyParameters to IKeyMintDevice or Operation.
		*
		* TODO(seleneh): Union was not supported in aidl when this cl is first drafted. So we just had
		* the Tags, and bool, int, long, int[], and we will cast to the appropate types base on the
		* Tag value. We need to update this defination to distingish Algorithm, BlockMode,
		* PaddingMode, KeyOrigin...etc later, as union support is recently added to aidl.
		* b/173253030
		*/
		@VintfStability
		@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
		parcelable KeyParameter {
		/**
		* Identify what type of key parameter this parcelable actually holds, and based on the type
		* of tag is int, long, bool, or byte[], one of the fields below will be referenced.
		*/
		Tag tag;

		boolean boolValue;
		int integer;
		long longInteger;
		// TODO: change this to nullable.
		byte[] blob;
		KeyParameterValue value;
		}

security/keymint/aidl/android/hardware/security/keymint/KeyDerivationFunction.aidl→security/keymint/aidl/android/hardware/security/keymint/KeyParameterValue.aidl

+54 −0

Original line number	Diff line number	Diff line
		@@ -16,22 +16,39 @@

		package android.hardware.security.keymint;

		/**
		* Key derivation functions, mostly used in ECIES.
		*/
		import android.hardware.security.keymint.Algorithm;
		import android.hardware.security.keymint.BlockMode;
		import android.hardware.security.keymint.Digest;
		import android.hardware.security.keymint.EcCurve;
		import android.hardware.security.keymint.HardwareAuthenticatorType;
		import android.hardware.security.keymint.KeyOrigin;
		import android.hardware.security.keymint.KeyPurpose;
		import android.hardware.security.keymint.PaddingMode;
		import android.hardware.security.keymint.SecurityLevel;

		@VintfStability
		@Backing(type="int")
		enum KeyDerivationFunction {
		/** Do not apply a key derivation function; use the raw agreed key */
		NONE = 0,
		/** HKDF defined in RFC 5869 with SHA256 */
		RFC5869_SHA256 = 1,
		/** KDF1 defined in ISO 18033-2 with SHA1 */
		ISO18033_2_KDF1_SHA1 = 2,
		/** KDF1 defined in ISO 18033-2 with SHA256 */
		ISO18033_2_KDF1_SHA256 = 3,
		/** KDF2 defined in ISO 18033-2 with SHA1 */
		ISO18033_2_KDF2_SHA1 = 4,
		/** KDF2 defined in ISO 18033-2 with SHA256 */
		ISO18033_2_KDF2_SHA256 = 5,
		@RustDerive(Clone=true, Eq=true, PartialEq=true, Ord=true, PartialOrd=true, Hash=true)
		union KeyParameterValue {

		/* Represents an invalid value type. */
		int invalid;

		/* Enum types */
		Algorithm algorithm;
		BlockMode blockMode;
		PaddingMode paddingMode;
		Digest digest;
		EcCurve ecCurve;
		KeyOrigin origin;
		KeyPurpose keyPurpose;
		HardwareAuthenticatorType hardwareAuthenticatorType;
		SecurityLevel securityLevel;

		/* Other types */
		boolean boolValue; // Always true, if present.
		int integer;
		long longInteger;
		long dateTime;

		byte[] blob;
		}

security/keymint/support/include/keymint_support/keymint_tags.h

+48 −47

Original line number	Diff line number	Diff line
		@@ -144,69 +144,70 @@ struct TypedTag2ValueType;
		#define MAKE_TAG_VALUE_ACCESSOR(tag_type, field_name) \
		template <Tag tag> \
		struct TypedTag2ValueType<TypedTag<tag_type, tag>> { \
		typedef decltype(static_cast<KeyParameter*>(nullptr)->field_name) type; \
		using type = std::remove_reference<decltype( \
		static_cast<KeyParameterValue*>(nullptr) \
		->get<KeyParameterValue::field_name>())>::type; \
		static constexpr KeyParameterValue::Tag unionTag = KeyParameterValue::field_name; \
		}; \
		template <Tag tag> \
		inline auto accessTagValue(TypedTag<tag_type, tag>, const KeyParameter& param) \
		->const decltype(param.field_name)& { \
		return param.field_name; \
		inline auto& accessTagValue(TypedTag<tag_type, tag>, const KeyParameter& param) { \
		return param.value.get<KeyParameterValue::field_name>(); \
		} \
		template <Tag tag> \
		inline auto accessTagValue(TypedTag<tag_type, tag>, KeyParameter& param) \
		->decltype(param.field_name)& { \
		return param.field_name; \
		inline auto& accessTagValue(TypedTag<tag_type, tag>, KeyParameter& param) { \
		return param.value.get<KeyParameterValue::field_name>(); \
		}

		MAKE_TAG_VALUE_ACCESSOR(TagType::ULONG, longInteger)
		MAKE_TAG_VALUE_ACCESSOR(TagType::ULONG_REP, longInteger)
		MAKE_TAG_VALUE_ACCESSOR(TagType::DATE, longInteger)
		MAKE_TAG_VALUE_ACCESSOR(TagType::DATE, dateTime)
		MAKE_TAG_VALUE_ACCESSOR(TagType::UINT, integer)
		MAKE_TAG_VALUE_ACCESSOR(TagType::UINT_REP, integer)
		MAKE_TAG_VALUE_ACCESSOR(TagType::BOOL, boolValue)
		MAKE_TAG_VALUE_ACCESSOR(TagType::BYTES, blob)
		MAKE_TAG_VALUE_ACCESSOR(TagType::BIGNUM, blob)

		// TODO(seleneh) change these MAKE_TAG_ENUM_VALUE_ACCESSOR back to the 2 parameter
		// version when aidl supports union
		#define MAKE_TAG_ENUM_VALUE_ACCESSOR(typed_tag, field_name, field_type) \
		#define MAKE_TAG_ENUM_VALUE_ACCESSOR(typed_tag, field_name) \
		template <> \
		struct TypedTag2ValueType<decltype(typed_tag)> { \
		typedef field_type type; \
		using type = std::remove_reference<decltype( \
		static_cast<KeyParameterValue*>(nullptr) \
		->get<KeyParameterValue::field_name>())>::type; \
		static constexpr KeyParameterValue::Tag unionTag = KeyParameterValue::field_name; \
		}; \
		inline auto accessTagValue(decltype(typed_tag), const KeyParameter& param) \
		->const field_type& { \
		return reinterpret_cast<const field_type>(&param.field_name); \
		inline auto& accessTagValue(decltype(typed_tag), const KeyParameter& param) { \
		return param.value.get<KeyParameterValue::field_name>(); \
		} \
		inline auto accessTagValue(decltype(typed_tag), KeyParameter& param)->field_type& { \
		return reinterpret_cast<field_type>(&param.field_name); \
		inline auto& accessTagValue(decltype(typed_tag), KeyParameter& param) { \
		return param.value.get<KeyParameterValue::field_name>(); \
		}

		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_ALGORITHM, integer, Algorithm)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_BLOCK_MODE, integer, BlockMode)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_DIGEST, integer, Digest)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_EC_CURVE, integer, EcCurve)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_ORIGIN, integer, KeyOrigin)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_PADDING, integer, PaddingMode)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_PURPOSE, integer, KeyPurpose)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_USER_AUTH_TYPE, integer, HardwareAuthenticatorType)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_HARDWARE_TYPE, integer, SecurityLevel)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_ALGORITHM, algorithm)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_BLOCK_MODE, blockMode)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_DIGEST, digest)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_EC_CURVE, ecCurve)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_ORIGIN, origin)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_PADDING, paddingMode)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_PURPOSE, keyPurpose)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_USER_AUTH_TYPE, hardwareAuthenticatorType)
		MAKE_TAG_ENUM_VALUE_ACCESSOR(TAG_HARDWARE_TYPE, securityLevel)

		template <TagType tag_type, Tag tag, typename ValueT>
		inline KeyParameter makeKeyParameter(TypedTag<tag_type, tag> ttag, ValueT&& value) {
		KeyParameter param;
		param.tag = tag;
		param.longInteger = 0;
		accessTagValue(ttag, param) = std::forward<ValueT>(value);
		return param;
		KeyParameter retval;
		retval.tag = tag;
		retval.value = KeyParameterValue::make<TypedTag2ValueType<decltype(ttag)>::unionTag>(
		std::forward<ValueT>(value));
		return retval;
		}

		// the boolean case
		template <Tag tag>
		inline KeyParameter makeKeyParameter(TypedTag<TagType::BOOL, tag>) {
		KeyParameter param;
		param.tag = tag;
		param.boolValue = true;
		return param;
		KeyParameter retval;
		retval.tag = tag;
		retval.value = KeyParameterValue::make<KeyParameterValue::boolValue>(true);
		return retval;
		}

		template <typename... Pack>
		@@ -321,7 +322,7 @@ std::remove_reference_t<Wrapped> defaultOr(NullOr<Wrapped>&& optional, Default&&
		template <TagType tag_type, Tag tag>
		inline NullOr<const typename TypedTag2ValueType<TypedTag<tag_type, tag>>::type&> authorizationValue(
		TypedTag<tag_type, tag> ttag, const KeyParameter& param) {
		if (tag != param.tag) return {};
		if (TypedTag2ValueType<TypedTag<tag_type, tag>>::unionTag != param.value.getTag()) return {};
		return accessTagValue(ttag, param);
		}