1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef ANDROID_VOLD_KEYSTORAGE_H 18 #define ANDROID_VOLD_KEYSTORAGE_H 19 20 #include <string> 21 22 namespace android { 23 namespace vold { 24 25 // Represents the information needed to decrypt a disk encryption key. 26 // If "token" is nonempty, it is passed in as a required Gatekeeper auth token. 27 // If "secret" is nonempty, it is appended to the application-specific 28 // binary needed to unlock. 29 class KeyAuthentication { 30 public: KeyAuthentication(std::string t,std::string s)31 KeyAuthentication(std::string t, std::string s) : token{t}, secret{s} {}; 32 const std::string token; 33 const std::string secret; 34 }; 35 36 extern const KeyAuthentication kEmptyAuthentication; 37 38 // Create a directory at the named path, and store "key" in it, 39 // in such a way that it can only be retrieved via Keymaster and 40 // can be securely deleted. 41 // It's safe to move/rename the directory after creation. 42 bool storeKey(const std::string& dir, const KeyAuthentication& auth, const std::string& key); 43 44 // Retrieve the key from the named directory. 45 bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, std::string* key); 46 47 // Securely destroy the key stored in the named directory and delete the directory. 48 bool destroyKey(const std::string& dir); 49 50 } // namespace vold 51 } // namespace android 52 53 #endif 54