1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 // TODO(154013771): this is copied from vold and modified to remove un-needed
18 // methods and use std::string instead of KeyBuffer. We should instead
19 // create a library to support both.
20 
21 #pragma once
22 
23 #include <android-base/macros.h>
24 #include <keymasterV4_1/Keymaster.h>
25 #include <keymasterV4_1/authorization_set.h>
26 
27 #include <memory>
28 #include <string>
29 #include <utility>
30 
31 namespace android {
32 namespace kernel {
33 
34 namespace km {
35 
36 using namespace ::android::hardware::keymaster::V4_1;
37 
38 // Surprisingly -- to me, at least -- this is totally fine.  You can re-define
39 // symbols that were brought in via a using directive (the "using namespace")
40 // above.  In general this seems like a dangerous thing to rely on, but in this
41 // case its implications are simple and straightforward: km::ErrorCode refers to
42 // the 4.0 ErrorCode, though we pull everything else from 4.1.
43 using ErrorCode = ::android::hardware::keymaster::V4_0::ErrorCode;
44 using V4_1_ErrorCode = ::android::hardware::keymaster::V4_1::ErrorCode;
45 
46 }  // namespace km
47 
48 using KmDevice = km::support::Keymaster;
49 
50 // Wrapper for a Keymaster device
51 class Keymaster {
52  public:
53   Keymaster();
54   // false if we failed to open the keymaster device.
55   explicit operator bool() { return mDevice.get() != nullptr; }
56   // Generate a key in the keymaster from the given params.
57   bool generateKey(const km::AuthorizationSet& inParams, std::string* key);
58   // Import a key into the keymaster
59   bool importKey(const km::AuthorizationSet& inParams, km::KeyFormat format,
60                  const std::string& key, std::string* outKeyBlob);
61   // Exports a keymaster key with STORAGE_KEY tag wrapped with a per-boot
62   // ephemeral key
63   bool exportKey(const std::string& kmKey, std::string* key);
64   // If the keymaster supports it, permanently delete a key.
65   bool deleteKey(const std::string& key);
66   // Replace stored key blob in response to KM_ERROR_KEY_REQUIRES_UPGRADE.
67   bool upgradeKey(const std::string& oldKey,
68                   const km::AuthorizationSet& inParams, std::string* newKey);
69 
70  private:
71   android::sp<KmDevice> mDevice;
72   DISALLOW_COPY_AND_ASSIGN(Keymaster);
73 };
74 
75 }  // namespace kernel
76 }  // namespace android
77