1*e1997b9aSAndroid Build Coastguard Worker /* 2*e1997b9aSAndroid Build Coastguard Worker * Copyright (C) 2020 The Android Open Source Project 3*e1997b9aSAndroid Build Coastguard Worker * 4*e1997b9aSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*e1997b9aSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*e1997b9aSAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*e1997b9aSAndroid Build Coastguard Worker * 8*e1997b9aSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*e1997b9aSAndroid Build Coastguard Worker * 10*e1997b9aSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*e1997b9aSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*e1997b9aSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*e1997b9aSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*e1997b9aSAndroid Build Coastguard Worker * limitations under the License. 15*e1997b9aSAndroid Build Coastguard Worker */ 16*e1997b9aSAndroid Build Coastguard Worker 17*e1997b9aSAndroid Build Coastguard Worker #pragma once 18*e1997b9aSAndroid Build Coastguard Worker 19*e1997b9aSAndroid Build Coastguard Worker #include <optional> 20*e1997b9aSAndroid Build Coastguard Worker 21*e1997b9aSAndroid Build Coastguard Worker #include <android-base/macros.h> 22*e1997b9aSAndroid Build Coastguard Worker #include <android-base/result.h> 23*e1997b9aSAndroid Build Coastguard Worker 24*e1997b9aSAndroid Build Coastguard Worker #include <utils/StrongPointer.h> 25*e1997b9aSAndroid Build Coastguard Worker 26*e1997b9aSAndroid Build Coastguard Worker #include <android/system/keystore2/IKeystoreService.h> 27*e1997b9aSAndroid Build Coastguard Worker 28*e1997b9aSAndroid Build Coastguard Worker #include "KeystoreHmacKey.h" 29*e1997b9aSAndroid Build Coastguard Worker #include "SigningKey.h" 30*e1997b9aSAndroid Build Coastguard Worker 31*e1997b9aSAndroid Build Coastguard Worker class KeystoreKey : public SigningKey { 32*e1997b9aSAndroid Build Coastguard Worker using IKeystoreService = ::android::system::keystore2::IKeystoreService; 33*e1997b9aSAndroid Build Coastguard Worker using IKeystoreSecurityLevel = ::android::system::keystore2::IKeystoreSecurityLevel; 34*e1997b9aSAndroid Build Coastguard Worker using KeyDescriptor = ::android::system::keystore2::KeyDescriptor; 35*e1997b9aSAndroid Build Coastguard Worker using KeyMetadata = ::android::system::keystore2::KeyMetadata; 36*e1997b9aSAndroid Build Coastguard Worker 37*e1997b9aSAndroid Build Coastguard Worker public: ~KeystoreKey()38*e1997b9aSAndroid Build Coastguard Worker virtual ~KeystoreKey(){}; 39*e1997b9aSAndroid Build Coastguard Worker static android::base::Result<SigningKey*> getInstance(const std::string& signedPubKeyPath, 40*e1997b9aSAndroid Build Coastguard Worker const android::String16& keyAlias, 41*e1997b9aSAndroid Build Coastguard Worker int64_t KeyNspace, int keyBootLevel); 42*e1997b9aSAndroid Build Coastguard Worker 43*e1997b9aSAndroid Build Coastguard Worker virtual android::base::Result<std::string> sign(const std::string& message) const; 44*e1997b9aSAndroid Build Coastguard Worker virtual android::base::Result<std::vector<uint8_t>> getPublicKey() const; 45*e1997b9aSAndroid Build Coastguard Worker 46*e1997b9aSAndroid Build Coastguard Worker private: 47*e1997b9aSAndroid Build Coastguard Worker KeystoreKey(std::string signedPubKeyPath, const android::String16& keyAlias, int64_t keyNspace, 48*e1997b9aSAndroid Build Coastguard Worker int keyBootLevel); 49*e1997b9aSAndroid Build Coastguard Worker bool initialize(); 50*e1997b9aSAndroid Build Coastguard Worker android::base::Result<std::vector<uint8_t>> verifyExistingKey(); 51*e1997b9aSAndroid Build Coastguard Worker android::base::Result<std::vector<uint8_t>> createKey(); 52*e1997b9aSAndroid Build Coastguard Worker android::base::Result<std::vector<uint8_t>> getOrCreateKey(); 53*e1997b9aSAndroid Build Coastguard Worker 54*e1997b9aSAndroid Build Coastguard Worker KeyDescriptor mDescriptor; 55*e1997b9aSAndroid Build Coastguard Worker KeystoreHmacKey mHmacKey; 56*e1997b9aSAndroid Build Coastguard Worker android::sp<IKeystoreService> mService; 57*e1997b9aSAndroid Build Coastguard Worker android::sp<IKeystoreSecurityLevel> mSecurityLevel; 58*e1997b9aSAndroid Build Coastguard Worker std::vector<uint8_t> mPublicKey; 59*e1997b9aSAndroid Build Coastguard Worker 60*e1997b9aSAndroid Build Coastguard Worker std::string mSignedPubKeyPath; 61*e1997b9aSAndroid Build Coastguard Worker int mKeyBootLevel; 62*e1997b9aSAndroid Build Coastguard Worker }; 63