1 /*
2  * Copyright (C) 2021 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #pragma once
18 
19 #include <optional>
20 
21 #include <keymaster/key_blob_utils/auth_encrypted_key_blob.h>
22 #include <keymaster/secure_deletion_secret_storage.h>
23 
24 namespace keymaster {
25 
26 class RandomSource;
27 
28 class TrustySecureDeletionSecretStorage : public SecureDeletionSecretStorage {
29 public:
TrustySecureDeletionSecretStorage(const RandomSource & random)30     TrustySecureDeletionSecretStorage(const RandomSource& random)
31             : SecureDeletionSecretStorage(random) {}
32 
33     std::optional<SecureDeletionData> CreateDataForNewKey(
34             bool secure_deletion,
35             bool is_upgrade) const override;
36     SecureDeletionData GetDataForKey(uint32_t key_slot) const override;
37     void DeleteKey(uint32_t key_slot) const override;
38     void DeleteAllKeys() const override;
39 
40 private:
41     bool LoadOrCreateFactoryResetSecret(bool wait_for_port) const;
42 
43     // Holds the factory reset secret.  If not std::nullopt, also indicates that
44     // secure storage has been read successfully at least once.
45     mutable std::optional<Buffer> factory_reset_secret_;
46 };
47 
48 }  // namespace keymaster
49