1 /* 2 * Copyright 2020, The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #pragma once 18 19 #include <aidl/android/hardware/security/keymint/BnKeyMintDevice.h> 20 #include <aidl/android/hardware/security/keymint/BnKeyMintOperation.h> 21 #include <aidl/android/hardware/security/keymint/HardwareAuthToken.h> 22 23 namespace keymaster { 24 class AndroidKeymaster; 25 } 26 27 namespace aidl::android::hardware::security::keymint { 28 using ::ndk::ScopedAStatus; 29 using std::optional; 30 using std::shared_ptr; 31 using std::vector; 32 33 using secureclock::TimeStampToken; 34 35 class AndroidKeyMintDevice : public BnKeyMintDevice { 36 public: 37 explicit AndroidKeyMintDevice(SecurityLevel securityLevel); 38 virtual ~AndroidKeyMintDevice(); 39 40 ScopedAStatus getHardwareInfo(KeyMintHardwareInfo* info) override; 41 42 ScopedAStatus addRngEntropy(const vector<uint8_t>& data) override; 43 44 ScopedAStatus generateKey(const vector<KeyParameter>& keyParams, 45 const optional<AttestationKey>& attestationKey, 46 KeyCreationResult* creationResult) override; 47 48 ScopedAStatus importKey(const vector<KeyParameter>& keyParams, KeyFormat keyFormat, 49 const vector<uint8_t>& keyData, 50 const optional<AttestationKey>& attestationKey, 51 KeyCreationResult* creationResult) override; 52 53 ScopedAStatus importWrappedKey(const vector<uint8_t>& wrappedKeyData, 54 const vector<uint8_t>& wrappingKeyBlob, 55 const vector<uint8_t>& maskingKey, 56 const vector<KeyParameter>& unwrappingParams, 57 int64_t passwordSid, int64_t biometricSid, 58 KeyCreationResult* creationResult) override; 59 60 ScopedAStatus upgradeKey(const vector<uint8_t>& keyBlobToUpgrade, 61 const vector<KeyParameter>& upgradeParams, 62 vector<uint8_t>* keyBlob) override; 63 64 ScopedAStatus deleteKey(const vector<uint8_t>& keyBlob) override; 65 ScopedAStatus deleteAllKeys() override; 66 ScopedAStatus destroyAttestationIds() override; 67 68 ScopedAStatus begin(KeyPurpose purpose, const vector<uint8_t>& keyBlob, 69 const vector<KeyParameter>& params, 70 const optional<HardwareAuthToken>& authToken, BeginResult* result) override; 71 72 ScopedAStatus deviceLocked(bool passwordOnly, 73 const optional<TimeStampToken>& timestampToken) override; 74 ScopedAStatus earlyBootEnded() override; 75 76 ScopedAStatus convertStorageKeyToEphemeral(const std::vector<uint8_t>& storageKeyBlob, 77 std::vector<uint8_t>* ephemeralKeyBlob) override; 78 79 ScopedAStatus 80 getKeyCharacteristics(const std::vector<uint8_t>& keyBlob, const std::vector<uint8_t>& appId, 81 const std::vector<uint8_t>& appData, 82 std::vector<KeyCharacteristics>* keyCharacteristics) override; 83 getKeymasterImpl()84 shared_ptr<::keymaster::AndroidKeymaster>& getKeymasterImpl() { return impl_; } 85 86 protected: 87 std::shared_ptr<::keymaster::AndroidKeymaster> impl_; 88 SecurityLevel securityLevel_; 89 }; 90 91 IKeyMintDevice* CreateKeyMintDevice(SecurityLevel securityLevel); 92 93 } // namespace aidl::android::hardware::security::keymint 94