2 * Copyright (C) 2016 The Android Open Source Project
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 #ifndef ANDROID_VOLD_KEYMASTER1_H
18 #define ANDROID_VOLD_KEYMASTER1_H
22 #include <hardware/hardware.h>
23 #include <hardware/keymaster1.h>
25 #include <keymaster/authorization_set.h>
30 using namespace keymaster;
32 // C++ wrappers to the keymaster1 C interface.
33 // This is tailored to the needs of KeyStorage, but could be extended to be
34 // a more general interface.
36 // Wrapper for a keymaster_operation_handle_t representing an
37 // ongoing Keymaster operation. Aborts the operation
38 // in the destructor if it is unfinished. Methods log failures
40 class KeymasterOperation {
42 ~KeymasterOperation() { if (mDevice) mDevice->abort(mDevice, mOpHandle); }
43 // Is this instance valid? This is false if creation fails, and becomes
44 // false on finish or if an update fails.
45 explicit operator bool() {return mDevice != nullptr;}
46 // Call "update" repeatedly until all of the input is consumed, and
47 // concatenate the output. Return true on success.
48 bool updateCompletely(const std::string &input, std::string *output);
49 // Finish; pass nullptr for the "output" param.
51 // Finish and write the output to this string.
52 bool finishWithOutput(std::string *output);
54 KeymasterOperation(KeymasterOperation&& rhs) {
55 mOpHandle = rhs.mOpHandle;
56 mDevice = rhs.mDevice;
57 rhs.mDevice = nullptr;
60 KeymasterOperation(keymaster1_device_t *d, keymaster_operation_handle_t h):
61 mDevice {d}, mOpHandle {h} {}
62 keymaster1_device_t *mDevice;
63 keymaster_operation_handle_t mOpHandle;
64 DISALLOW_COPY_AND_ASSIGN(KeymasterOperation);
65 friend class Keymaster;
68 // Wrapper for a keymaster1_device_t representing an open connection
69 // to the keymaster, which is closed in the destructor.
73 ~Keymaster() { if (mDevice) keymaster1_close(mDevice); }
74 // false if we failed to open the keymaster device.
75 explicit operator bool() {return mDevice != nullptr;}
76 // Generate a key in the keymaster from the given params.
77 bool generateKey(const AuthorizationSet &inParams, std::string *key);
78 // If the keymaster supports it, permanently delete a key.
79 bool deleteKey(const std::string &key);
80 // Begin a new cryptographic operation, collecting output parameters.
81 KeymasterOperation begin(
82 keymaster_purpose_t purpose,
83 const std::string &key,
84 const AuthorizationSet &inParams,
85 AuthorizationSet *outParams);
86 // Begin a new cryptographic operation; don't collect output parameters.
87 KeymasterOperation begin(
88 keymaster_purpose_t purpose,
89 const std::string &key,
90 const AuthorizationSet &inParams);
92 keymaster1_device_t *mDevice;
93 DISALLOW_COPY_AND_ASSIGN(Keymaster);
96 template <keymaster_tag_t Tag>
97 inline AuthorizationSetBuilder& addStringParam(AuthorizationSetBuilder &¶ms,
98 TypedTag<KM_BYTES, Tag> tag, const std::string& val) {
99 return params.Authorization(tag, val.data(), val.size());
102 template <keymaster_tag_t Tag>
103 inline void addStringParam(AuthorizationSetBuilder *params,
104 TypedTag<KM_BYTES, Tag> tag, const std::string& val) {
105 params->Authorization(tag, val.data(), val.size());
109 } // namespace android