1*f40fafd4SAndroid Build Coastguard Worker /* 2*f40fafd4SAndroid Build Coastguard Worker * Copyright (C) 2016 The Android Open Source Project 3*f40fafd4SAndroid Build Coastguard Worker * 4*f40fafd4SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*f40fafd4SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*f40fafd4SAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*f40fafd4SAndroid Build Coastguard Worker * 8*f40fafd4SAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*f40fafd4SAndroid Build Coastguard Worker * 10*f40fafd4SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*f40fafd4SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*f40fafd4SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*f40fafd4SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*f40fafd4SAndroid Build Coastguard Worker * limitations under the License. 15*f40fafd4SAndroid Build Coastguard Worker */ 16*f40fafd4SAndroid Build Coastguard Worker 17*f40fafd4SAndroid Build Coastguard Worker #ifndef ANDROID_VOLD_KEYUTIL_H 18*f40fafd4SAndroid Build Coastguard Worker #define ANDROID_VOLD_KEYUTIL_H 19*f40fafd4SAndroid Build Coastguard Worker 20*f40fafd4SAndroid Build Coastguard Worker #include "KeyBuffer.h" 21*f40fafd4SAndroid Build Coastguard Worker #include "KeyStorage.h" 22*f40fafd4SAndroid Build Coastguard Worker 23*f40fafd4SAndroid Build Coastguard Worker #include <fscrypt/fscrypt.h> 24*f40fafd4SAndroid Build Coastguard Worker 25*f40fafd4SAndroid Build Coastguard Worker #include <memory> 26*f40fafd4SAndroid Build Coastguard Worker #include <string> 27*f40fafd4SAndroid Build Coastguard Worker 28*f40fafd4SAndroid Build Coastguard Worker namespace android { 29*f40fafd4SAndroid Build Coastguard Worker namespace vold { 30*f40fafd4SAndroid Build Coastguard Worker 31*f40fafd4SAndroid Build Coastguard Worker // Description of how to generate a key when needed. 32*f40fafd4SAndroid Build Coastguard Worker struct KeyGeneration { 33*f40fafd4SAndroid Build Coastguard Worker size_t keysize; 34*f40fafd4SAndroid Build Coastguard Worker bool allow_gen; 35*f40fafd4SAndroid Build Coastguard Worker bool use_hw_wrapped_key; 36*f40fafd4SAndroid Build Coastguard Worker }; 37*f40fafd4SAndroid Build Coastguard Worker 38*f40fafd4SAndroid Build Coastguard Worker // Generate a key as specified in KeyGeneration 39*f40fafd4SAndroid Build Coastguard Worker bool generateStorageKey(const KeyGeneration& gen, KeyBuffer* key); 40*f40fafd4SAndroid Build Coastguard Worker 41*f40fafd4SAndroid Build Coastguard Worker // Returns a key with allow_gen false so generateStorageKey returns false; 42*f40fafd4SAndroid Build Coastguard Worker // this is used to indicate to retrieveOrGenerateKey that a key should not 43*f40fafd4SAndroid Build Coastguard Worker // be generated. 44*f40fafd4SAndroid Build Coastguard Worker const KeyGeneration neverGen(); 45*f40fafd4SAndroid Build Coastguard Worker 46*f40fafd4SAndroid Build Coastguard Worker // Install a file-based encryption key to the kernel, for use by encrypted files 47*f40fafd4SAndroid Build Coastguard Worker // on the specified filesystem using the specified encryption policy version. 48*f40fafd4SAndroid Build Coastguard Worker // 49*f40fafd4SAndroid Build Coastguard Worker // Returns %true on success, %false on failure. On success also sets *policy 50*f40fafd4SAndroid Build Coastguard Worker // to the EncryptionPolicy used to refer to this key. 51*f40fafd4SAndroid Build Coastguard Worker bool installKey(const std::string& mountpoint, const android::fscrypt::EncryptionOptions& options, 52*f40fafd4SAndroid Build Coastguard Worker const KeyBuffer& key, android::fscrypt::EncryptionPolicy* policy); 53*f40fafd4SAndroid Build Coastguard Worker 54*f40fafd4SAndroid Build Coastguard Worker // Evict a file-based encryption key from the kernel. 55*f40fafd4SAndroid Build Coastguard Worker bool evictKey(const std::string& mountpoint, const android::fscrypt::EncryptionPolicy& policy); 56*f40fafd4SAndroid Build Coastguard Worker 57*f40fafd4SAndroid Build Coastguard Worker // Retrieves the key from the named directory, or generates it if it doesn't 58*f40fafd4SAndroid Build Coastguard Worker // exist. 59*f40fafd4SAndroid Build Coastguard Worker bool retrieveOrGenerateKey(const std::string& key_path, const std::string& tmp_path, 60*f40fafd4SAndroid Build Coastguard Worker const KeyAuthentication& key_authentication, const KeyGeneration& gen, 61*f40fafd4SAndroid Build Coastguard Worker KeyBuffer* key); 62*f40fafd4SAndroid Build Coastguard Worker 63*f40fafd4SAndroid Build Coastguard Worker } // namespace vold 64*f40fafd4SAndroid Build Coastguard Worker } // namespace android 65*f40fafd4SAndroid Build Coastguard Worker 66*f40fafd4SAndroid Build Coastguard Worker #endif 67