1 /* 2 * Copyright 2014 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef SYSTEM_KEYMASTER_KEY_H_ 18 #define SYSTEM_KEYMASTER_KEY_H_ 19 20 #include <utility> 21 22 #include <assert.h> 23 24 #include <hardware/keymaster_defs.h> 25 #include <keymaster/UniquePtr.h> 26 #include <keymaster/android_keymaster_utils.h> 27 #include <keymaster/authorization_set.h> 28 29 namespace keymaster { 30 31 class KeyFactory; 32 33 class Key { 34 public: ~Key()35 virtual ~Key() {} 36 Key(const Key&) = delete; 37 void operator=(const Key&) = delete; 38 39 /** 40 * Return a copy of raw key material, in the specified format. 41 */ 42 virtual keymaster_error_t formatted_key_material(keymaster_key_format_t format, 43 UniquePtr<uint8_t[]>* material, 44 size_t* size) const = 0; 45 authorizations()46 AuthProxy authorizations() const { return AuthProxy(hw_enforced_, sw_enforced_); } hw_enforced()47 const AuthorizationSet& hw_enforced() const { return hw_enforced_; } sw_enforced()48 const AuthorizationSet& sw_enforced() const { return sw_enforced_; } hw_enforced()49 AuthorizationSet& hw_enforced() { return hw_enforced_; } sw_enforced()50 AuthorizationSet& sw_enforced() { return sw_enforced_; } 51 key_material()52 const KeymasterKeyBlob& key_material() const { return key_material_; } key_material()53 KeymasterKeyBlob& key_material() { return key_material_; } 54 55 // Methods to move data out of the key. These could be overloads of the methods above, with ref 56 // qualifiers, but naming them differently makes it harder to accidentally make a temporary copy 57 // when we mean to move. hw_enforced_move()58 AuthorizationSet&& hw_enforced_move() { return std::move(hw_enforced_); } sw_enforced_move()59 AuthorizationSet&& sw_enforced_move() { return std::move(sw_enforced_); } key_material_move()60 KeymasterKeyBlob&& key_material_move() { return std::move(key_material_); } 61 key_factory()62 const KeyFactory* key_factory() const { return key_factory_; } key_factory()63 const KeyFactory*& key_factory() { return key_factory_; } 64 set_secure_deletion_slot(uint32_t slot)65 void set_secure_deletion_slot(uint32_t slot) { secure_deletion_slot_ = slot; } secure_deletion_slot()66 uint32_t secure_deletion_slot() const { return secure_deletion_slot_; } 67 68 protected: Key(AuthorizationSet && hw_enforced,AuthorizationSet && sw_enforced,const KeyFactory * key_factory)69 Key(AuthorizationSet&& hw_enforced, AuthorizationSet&& sw_enforced, 70 const KeyFactory* key_factory) 71 : hw_enforced_(std::move(hw_enforced)), sw_enforced_(std::move(sw_enforced)), 72 key_factory_(key_factory) {} 73 74 protected: 75 AuthorizationSet hw_enforced_; 76 AuthorizationSet sw_enforced_; 77 KeymasterKeyBlob key_material_; 78 const KeyFactory* key_factory_; 79 uint32_t secure_deletion_slot_ = 0; 80 }; 81 82 } // namespace keymaster 83 84 #endif // SYSTEM_KEYMASTER_KEY_H_ 85