1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 // TODO(154013771): this is copied from vold and modified to remove un-needed
18 // methods and use std::string instead of KeyBuffer. We should instead
19 // create a library to support both.
20 
21 #pragma once
22 
23 #include <memory>
24 #include <string>
25 #include <utility>
26 
27 #include <android-base/macros.h>
28 #include <keymint_support/authorization_set.h>
29 #include <keymint_support/keymint_tags.h>
30 
31 #include <aidl/android/hardware/security/keymint/ErrorCode.h>
32 #include <aidl/android/system/keystore2/IKeystoreService.h>
33 #include <android/binder_manager.h>
34 
35 namespace android {
36 namespace kernel {
37 
38 namespace ks2 = ::aidl::android::system::keystore2;
39 namespace km = ::aidl::android::hardware::security::keymint;
40 
41 // Wrapper for keystore2 methods that vold uses.
42 class Keymaster {
43  public:
44   Keymaster();
45   // false if we failed to get a keystore2 security level.
46   explicit operator bool() { return (bool)securityLevel; }
47   // Generate a key using keystore2 from the given params.
48   bool generateKey(const km::AuthorizationSet& inParams, std::string* key);
49   // Exports a keystore2 key with STORAGE_KEY tag wrapped with a per-boot
50   // ephemeral key
51   bool exportKey(const std::string& kmKey, std::string* key);
52   // Import a key into the keymint
53   bool importKey(const km::AuthorizationSet& inParams, const std::string& key,
54                  std::string* outKeyBlob);
55 
56  private:
57   std::shared_ptr<ks2::IKeystoreSecurityLevel> securityLevel;
58   DISALLOW_COPY_AND_ASSIGN(Keymaster);
59 };
60 
61 }  // namespace kernel
62 }  // namespace android
63