From bd7492de28963b7e74e8e5d3f17ec9a5a287d9c3 Mon Sep 17 00:00:00 2001 From: Ethan Yonker Date: Wed, 7 Dec 2016 13:55:01 -0600 Subject: Support File Based Encryption Change-Id: Ib688ddd0c32d3999590cacd86b6d9b18eac336e9 --- crypto/ext4crypt/Keymaster.h | 110 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 crypto/ext4crypt/Keymaster.h (limited to 'crypto/ext4crypt/Keymaster.h') diff --git a/crypto/ext4crypt/Keymaster.h b/crypto/ext4crypt/Keymaster.h new file mode 100644 index 000000000..11b3532ad --- /dev/null +++ b/crypto/ext4crypt/Keymaster.h @@ -0,0 +1,110 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ANDROID_VOLD_KEYMASTER_H +#define ANDROID_VOLD_KEYMASTER_H + +#include +#include +#include + +#include + +namespace android { +namespace vold { + +using namespace keymaster; + +// C++ wrappers to the Keymaster C interface. +// This is tailored to the needs of KeyStorage, but could be extended to be +// a more general interface. + +// Class that wraps a keymaster1_device_t or keymaster2_device_t and provides methods +// they have in common. Also closes the device on destruction. +class IKeymasterDevice; + +// Wrapper for a keymaster_operation_handle_t representing an +// ongoing Keymaster operation. Aborts the operation +// in the destructor if it is unfinished. Methods log failures +// to LOG(ERROR). +class KeymasterOperation { + public: + ~KeymasterOperation(); + // Is this instance valid? This is false if creation fails, and becomes + // false on finish or if an update fails. + explicit operator bool() { return mDevice != nullptr; } + // Call "update" repeatedly until all of the input is consumed, and + // concatenate the output. Return true on success. + bool updateCompletely(const std::string& input, std::string* output); + // Finish; pass nullptr for the "output" param. + bool finish(); + // Finish and write the output to this string. + bool finishWithOutput(std::string* output); + // Move constructor + KeymasterOperation(KeymasterOperation&& rhs) { + mOpHandle = std::move(rhs.mOpHandle); + mDevice = std::move(rhs.mDevice); + } + + private: + KeymasterOperation(std::shared_ptr d, keymaster_operation_handle_t h) + : mDevice{d}, mOpHandle{h} {} + std::shared_ptr mDevice; + keymaster_operation_handle_t mOpHandle; + DISALLOW_COPY_AND_ASSIGN(KeymasterOperation); + friend class Keymaster; +}; + +// Wrapper for a Keymaster device for methods that start a KeymasterOperation or are not +// part of one. +class Keymaster { + public: + Keymaster(); + // false if we failed to open the keymaster device. + explicit operator bool() { return mDevice != nullptr; } + // Generate a key in the keymaster from the given params. + //bool generateKey(const AuthorizationSet& inParams, std::string* key); + // If the keymaster supports it, permanently delete a key. + bool deleteKey(const std::string& key); + // Begin a new cryptographic operation, collecting output parameters. + KeymasterOperation begin(keymaster_purpose_t purpose, const std::string& key, + const AuthorizationSet& inParams, AuthorizationSet* outParams); + // Begin a new cryptographic operation; don't collect output parameters. + KeymasterOperation begin(keymaster_purpose_t purpose, const std::string& key, + const AuthorizationSet& inParams); + + private: + std::shared_ptr mDevice; + DISALLOW_COPY_AND_ASSIGN(Keymaster); +}; + +template +inline AuthorizationSetBuilder& addStringParam(AuthorizationSetBuilder&& params, + TypedTag tag, + const std::string& val) { + return params.Authorization(tag, val.data(), val.size()); +} + +template +inline void addStringParam(AuthorizationSetBuilder* params, TypedTag tag, + const std::string& val) { + params->Authorization(tag, val.data(), val.size()); +} + +} // namespace vold +} // namespace android + +#endif -- cgit v1.2.3