1*789431f2SAndroid Build Coastguard Worker /* 2*789431f2SAndroid Build Coastguard Worker * Copyright 2020, The Android Open Source Project 3*789431f2SAndroid Build Coastguard Worker * 4*789431f2SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*789431f2SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*789431f2SAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*789431f2SAndroid Build Coastguard Worker * 8*789431f2SAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*789431f2SAndroid Build Coastguard Worker * 10*789431f2SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*789431f2SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*789431f2SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*789431f2SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*789431f2SAndroid Build Coastguard Worker * limitations under the License. 15*789431f2SAndroid Build Coastguard Worker */ 16*789431f2SAndroid Build Coastguard Worker 17*789431f2SAndroid Build Coastguard Worker #pragma once 18*789431f2SAndroid Build Coastguard Worker 19*789431f2SAndroid Build Coastguard Worker #include <aidl/android/hardware/security/keymint/BnKeyMintDevice.h> 20*789431f2SAndroid Build Coastguard Worker #include <aidl/android/hardware/security/keymint/BnKeyMintOperation.h> 21*789431f2SAndroid Build Coastguard Worker #include <aidl/android/hardware/security/keymint/HardwareAuthToken.h> 22*789431f2SAndroid Build Coastguard Worker 23*789431f2SAndroid Build Coastguard Worker namespace keymaster { 24*789431f2SAndroid Build Coastguard Worker class AndroidKeymaster; 25*789431f2SAndroid Build Coastguard Worker } 26*789431f2SAndroid Build Coastguard Worker 27*789431f2SAndroid Build Coastguard Worker namespace aidl::android::hardware::security::keymint { 28*789431f2SAndroid Build Coastguard Worker using ::ndk::ScopedAStatus; 29*789431f2SAndroid Build Coastguard Worker using std::array; 30*789431f2SAndroid Build Coastguard Worker using std::optional; 31*789431f2SAndroid Build Coastguard Worker using std::shared_ptr; 32*789431f2SAndroid Build Coastguard Worker using std::vector; 33*789431f2SAndroid Build Coastguard Worker 34*789431f2SAndroid Build Coastguard Worker using secureclock::TimeStampToken; 35*789431f2SAndroid Build Coastguard Worker 36*789431f2SAndroid Build Coastguard Worker class AndroidKeyMintDevice : public BnKeyMintDevice { 37*789431f2SAndroid Build Coastguard Worker public: 38*789431f2SAndroid Build Coastguard Worker explicit AndroidKeyMintDevice(SecurityLevel securityLevel); 39*789431f2SAndroid Build Coastguard Worker virtual ~AndroidKeyMintDevice(); 40*789431f2SAndroid Build Coastguard Worker 41*789431f2SAndroid Build Coastguard Worker ScopedAStatus getHardwareInfo(KeyMintHardwareInfo* info) override; 42*789431f2SAndroid Build Coastguard Worker 43*789431f2SAndroid Build Coastguard Worker ScopedAStatus addRngEntropy(const vector<uint8_t>& data) override; 44*789431f2SAndroid Build Coastguard Worker 45*789431f2SAndroid Build Coastguard Worker ScopedAStatus generateKey(const vector<KeyParameter>& keyParams, 46*789431f2SAndroid Build Coastguard Worker const optional<AttestationKey>& attestationKey, 47*789431f2SAndroid Build Coastguard Worker KeyCreationResult* creationResult) override; 48*789431f2SAndroid Build Coastguard Worker 49*789431f2SAndroid Build Coastguard Worker ScopedAStatus importKey(const vector<KeyParameter>& keyParams, KeyFormat keyFormat, 50*789431f2SAndroid Build Coastguard Worker const vector<uint8_t>& keyData, 51*789431f2SAndroid Build Coastguard Worker const optional<AttestationKey>& attestationKey, 52*789431f2SAndroid Build Coastguard Worker KeyCreationResult* creationResult) override; 53*789431f2SAndroid Build Coastguard Worker 54*789431f2SAndroid Build Coastguard Worker ScopedAStatus importWrappedKey(const vector<uint8_t>& wrappedKeyData, 55*789431f2SAndroid Build Coastguard Worker const vector<uint8_t>& wrappingKeyBlob, 56*789431f2SAndroid Build Coastguard Worker const vector<uint8_t>& maskingKey, 57*789431f2SAndroid Build Coastguard Worker const vector<KeyParameter>& unwrappingParams, 58*789431f2SAndroid Build Coastguard Worker int64_t passwordSid, int64_t biometricSid, 59*789431f2SAndroid Build Coastguard Worker KeyCreationResult* creationResult) override; 60*789431f2SAndroid Build Coastguard Worker 61*789431f2SAndroid Build Coastguard Worker ScopedAStatus upgradeKey(const vector<uint8_t>& keyBlobToUpgrade, 62*789431f2SAndroid Build Coastguard Worker const vector<KeyParameter>& upgradeParams, 63*789431f2SAndroid Build Coastguard Worker vector<uint8_t>* keyBlob) override; 64*789431f2SAndroid Build Coastguard Worker 65*789431f2SAndroid Build Coastguard Worker ScopedAStatus deleteKey(const vector<uint8_t>& keyBlob) override; 66*789431f2SAndroid Build Coastguard Worker ScopedAStatus deleteAllKeys() override; 67*789431f2SAndroid Build Coastguard Worker ScopedAStatus destroyAttestationIds() override; 68*789431f2SAndroid Build Coastguard Worker 69*789431f2SAndroid Build Coastguard Worker ScopedAStatus begin(KeyPurpose purpose, const vector<uint8_t>& keyBlob, 70*789431f2SAndroid Build Coastguard Worker const vector<KeyParameter>& params, 71*789431f2SAndroid Build Coastguard Worker const optional<HardwareAuthToken>& authToken, BeginResult* result) override; 72*789431f2SAndroid Build Coastguard Worker 73*789431f2SAndroid Build Coastguard Worker ScopedAStatus deviceLocked(bool passwordOnly, 74*789431f2SAndroid Build Coastguard Worker const optional<TimeStampToken>& timestampToken) override; 75*789431f2SAndroid Build Coastguard Worker ScopedAStatus earlyBootEnded() override; 76*789431f2SAndroid Build Coastguard Worker 77*789431f2SAndroid Build Coastguard Worker ScopedAStatus convertStorageKeyToEphemeral(const vector<uint8_t>& storageKeyBlob, 78*789431f2SAndroid Build Coastguard Worker vector<uint8_t>* ephemeralKeyBlob) override; 79*789431f2SAndroid Build Coastguard Worker 80*789431f2SAndroid Build Coastguard Worker ScopedAStatus getKeyCharacteristics(const vector<uint8_t>& keyBlob, 81*789431f2SAndroid Build Coastguard Worker const vector<uint8_t>& appId, 82*789431f2SAndroid Build Coastguard Worker const vector<uint8_t>& appData, 83*789431f2SAndroid Build Coastguard Worker vector<KeyCharacteristics>* keyCharacteristics) override; 84*789431f2SAndroid Build Coastguard Worker 85*789431f2SAndroid Build Coastguard Worker ScopedAStatus getRootOfTrustChallenge(array<uint8_t, 16>* challenge) override; 86*789431f2SAndroid Build Coastguard Worker ScopedAStatus getRootOfTrust(const array<uint8_t, 16>& challenge, 87*789431f2SAndroid Build Coastguard Worker vector<uint8_t>* rootOfTrust) override; 88*789431f2SAndroid Build Coastguard Worker ScopedAStatus sendRootOfTrust(const vector<uint8_t>& rootOfTrust) override; 89*789431f2SAndroid Build Coastguard Worker 90*789431f2SAndroid Build Coastguard Worker ScopedAStatus 91*789431f2SAndroid Build Coastguard Worker setAdditionalAttestationInfo(const vector<KeyParameter>& additionalAttestationInfo) override; 92*789431f2SAndroid Build Coastguard Worker getKeymasterImpl()93*789431f2SAndroid Build Coastguard Worker shared_ptr<::keymaster::AndroidKeymaster>& getKeymasterImpl() { return impl_; } 94*789431f2SAndroid Build Coastguard Worker 95*789431f2SAndroid Build Coastguard Worker protected: 96*789431f2SAndroid Build Coastguard Worker std::shared_ptr<::keymaster::AndroidKeymaster> impl_; 97*789431f2SAndroid Build Coastguard Worker SecurityLevel securityLevel_; 98*789431f2SAndroid Build Coastguard Worker }; 99*789431f2SAndroid Build Coastguard Worker 100*789431f2SAndroid Build Coastguard Worker std::shared_ptr<IKeyMintDevice> CreateKeyMintDevice(SecurityLevel securityLevel); 101*789431f2SAndroid Build Coastguard Worker 102*789431f2SAndroid Build Coastguard Worker } // namespace aidl::android::hardware::security::keymint 103