1 /* 2 * Copyright 2020, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <aidl/android/hardware/security/keymint/BnKeyMintDevice.h> 20 #include <aidl/android/hardware/security/keymint/BnKeyMintOperation.h> 21 #include <aidl/android/hardware/security/keymint/HardwareAuthToken.h> 22 23 namespace keymaster { 24 class AndroidKeymaster; 25 } 26 27 namespace aidl::android::hardware::security::keymint { 28 using ::ndk::ScopedAStatus; 29 using std::array; 30 using std::optional; 31 using std::shared_ptr; 32 using std::vector; 33 34 using secureclock::TimeStampToken; 35 36 class AndroidKeyMintDevice : public BnKeyMintDevice { 37 public: 38 explicit AndroidKeyMintDevice(SecurityLevel securityLevel); 39 virtual ~AndroidKeyMintDevice(); 40 41 ScopedAStatus getHardwareInfo(KeyMintHardwareInfo* info) override; 42 43 ScopedAStatus addRngEntropy(const vector<uint8_t>& data) override; 44 45 ScopedAStatus generateKey(const vector<KeyParameter>& keyParams, 46 const optional<AttestationKey>& attestationKey, 47 KeyCreationResult* creationResult) override; 48 49 ScopedAStatus importKey(const vector<KeyParameter>& keyParams, KeyFormat keyFormat, 50 const vector<uint8_t>& keyData, 51 const optional<AttestationKey>& attestationKey, 52 KeyCreationResult* creationResult) override; 53 54 ScopedAStatus importWrappedKey(const vector<uint8_t>& wrappedKeyData, 55 const vector<uint8_t>& wrappingKeyBlob, 56 const vector<uint8_t>& maskingKey, 57 const vector<KeyParameter>& unwrappingParams, 58 int64_t passwordSid, int64_t biometricSid, 59 KeyCreationResult* creationResult) override; 60 61 ScopedAStatus upgradeKey(const vector<uint8_t>& keyBlobToUpgrade, 62 const vector<KeyParameter>& upgradeParams, 63 vector<uint8_t>* keyBlob) override; 64 65 ScopedAStatus deleteKey(const vector<uint8_t>& keyBlob) override; 66 ScopedAStatus deleteAllKeys() override; 67 ScopedAStatus destroyAttestationIds() override; 68 69 ScopedAStatus begin(KeyPurpose purpose, const vector<uint8_t>& keyBlob, 70 const vector<KeyParameter>& params, 71 const optional<HardwareAuthToken>& authToken, BeginResult* result) override; 72 73 ScopedAStatus deviceLocked(bool passwordOnly, 74 const optional<TimeStampToken>& timestampToken) override; 75 ScopedAStatus earlyBootEnded() override; 76 77 ScopedAStatus convertStorageKeyToEphemeral(const vector<uint8_t>& storageKeyBlob, 78 vector<uint8_t>* ephemeralKeyBlob) override; 79 80 ScopedAStatus getKeyCharacteristics(const vector<uint8_t>& keyBlob, 81 const vector<uint8_t>& appId, 82 const vector<uint8_t>& appData, 83 vector<KeyCharacteristics>* keyCharacteristics) override; 84 85 ScopedAStatus getRootOfTrustChallenge(array<uint8_t, 16>* challenge) override; 86 ScopedAStatus getRootOfTrust(const array<uint8_t, 16>& challenge, 87 vector<uint8_t>* rootOfTrust) override; 88 ScopedAStatus sendRootOfTrust(const vector<uint8_t>& rootOfTrust) override; 89 getKeymasterImpl()90 shared_ptr<::keymaster::AndroidKeymaster>& getKeymasterImpl() { return impl_; } 91 92 protected: 93 std::shared_ptr<::keymaster::AndroidKeymaster> impl_; 94 SecurityLevel securityLevel_; 95 }; 96 97 std::shared_ptr<IKeyMintDevice> CreateKeyMintDevice(SecurityLevel securityLevel); 98 99 } // namespace aidl::android::hardware::security::keymint 100