tee/TlcKeymint/include/AndroidKeyMintDevice.h - LeafOS-Devices/android_hardware_samsung_slsi-linaro_exynos - Gitiles

 /*
  * Copyright (c) 2021-2022 TRUSTONIC LIMITED
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are met:
  *
  * 1. Redistributions of source code must retain the above copyright notice,
  *    this list of conditions and the following disclaimer.
  *
  * 2. Redistributions in binary form must reproduce the above copyright
  *    notice, this list of conditions and the following disclaimer in the
  *    documentation and/or other materials provided with the distribution.
  *
  * 3. Neither the name of the TRUSTONIC LIMITED nor the names of its
  *    contributors may be used to endorse or promote products derived from
  *    this software without specific prior written permission.
  *
  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
  * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
  * CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
  * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
  * OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
  * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  * ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 #pragma once

 #include <aidl/android/hardware/security/keymint/BnKeyMintDevice.h>
 #include <aidl/android/hardware/security/keymint/BnKeyMintOperation.h>
 #include <aidl/android/hardware/security/keymint/HardwareAuthToken.h>

 #include "TrustonicKeymintDeviceImpl.h"

 namespace aidl::android::hardware::security::keymint {
 using ::ndk::ScopedAStatus;
 using std::optional;
 using std::vector;

 using secureclock::TimeStampToken;

 class AndroidKeyMintDevice : public BnKeyMintDevice {
   public:
     explicit AndroidKeyMintDevice(SecurityLevel securityLevel);
     virtual ~AndroidKeyMintDevice();

     ScopedAStatus getHardwareInfo(KeyMintHardwareInfo* info) override;

     ScopedAStatus addRngEntropy(const vector<uint8_t>& data) override;

     ScopedAStatus generateKey(const vector<KeyParameter>& keyParams,
                               const optional<AttestationKey>& attestationKey,
                               KeyCreationResult* creationResult) override;

     ScopedAStatus importKey(const vector<KeyParameter>& keyParams, KeyFormat keyFormat,
                             const vector<uint8_t>& keyData,
                             const optional<AttestationKey>& attestationKey,
                             KeyCreationResult* creationResult) override;

     ScopedAStatus importWrappedKey(const vector<uint8_t>& wrappedKeyData,
                                    const vector<uint8_t>& wrappingKeyBlob,
                                    const vector<uint8_t>& maskingKey,
                                    const vector<KeyParameter>& unwrappingParams,
                                    int64_t passwordSid, int64_t biometricSid,
                                    KeyCreationResult* creationResult) override;

     ScopedAStatus upgradeKey(const vector<uint8_t>& keyBlobToUpgrade,
                              const vector<KeyParameter>& upgradeParams,
                              vector<uint8_t>* keyBlob) override;

     ScopedAStatus deleteKey(const vector<uint8_t>& keyBlob) override;
     ScopedAStatus deleteAllKeys() override;
     ScopedAStatus destroyAttestationIds() override;

     ScopedAStatus begin(KeyPurpose purpose, const vector<uint8_t>& keyBlob,
                         const vector<KeyParameter>& params,
                         const optional<HardwareAuthToken>& authToken, BeginResult* result) override;

     ScopedAStatus deviceLocked(bool passwordOnly,
                                const optional<TimeStampToken>& timestampToken) override;
     ScopedAStatus earlyBootEnded() override;

     ScopedAStatus convertStorageKeyToEphemeral(const std::vector<uint8_t>& storageKeyBlob,
                                                std::vector<uint8_t>* ephemeralKeyBlob) override;

     ScopedAStatus
     getKeyCharacteristics(const std::vector<uint8_t>& keyBlob, const std::vector<uint8_t>& appId,
                           const std::vector<uint8_t>& appData,
                           std::vector<KeyCharacteristics>* keyCharacteristics) override;

     ScopedAStatus getRootOfTrustChallenge(std::array<uint8_t, 16>* rootOfTrustChallenge) override;

     ScopedAStatus getRootOfTrust(const std::array<uint8_t, 16>& in_challenge,
         std::vector<uint8_t>* rootOfTrust) override;

     ScopedAStatus sendRootOfTrust(const std::vector<uint8_t>& in_rootOfTrust) override;

     TrustonicKeymintDeviceImpl* getImpl() { return impl_; }

   protected:
     TrustonicKeymintDeviceImpl *impl_;
 };

 IKeyMintDevice* CreateKeyMintDevice(SecurityLevel securityLevel);

 }  // namespace aidl::android::hardware::security::keymint
	/*
	* Copyright (c) 2021-2022 TRUSTONIC LIMITED
	* All rights reserved.
	*
	* Redistribution and use in source and binary forms, with or without
	* modification, are permitted provided that the following conditions are met:
	*
	* 1. Redistributions of source code must retain the above copyright notice,
	* this list of conditions and the following disclaimer.
	*
	* 2. Redistributions in binary form must reproduce the above copyright
	* notice, this list of conditions and the following disclaimer in the
	* documentation and/or other materials provided with the distribution.
	*
	* 3. Neither the name of the TRUSTONIC LIMITED nor the names of its
	* contributors may be used to endorse or promote products derived from
	* this software without specific prior written permission.
	*
	* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
	* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
	* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
	* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
	* CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
	* EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
	* PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
	* OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
	* WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
	* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
	* ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	*/
	#pragma once

	#include <aidl/android/hardware/security/keymint/BnKeyMintDevice.h>
	#include <aidl/android/hardware/security/keymint/BnKeyMintOperation.h>
	#include <aidl/android/hardware/security/keymint/HardwareAuthToken.h>

	#include "TrustonicKeymintDeviceImpl.h"

	namespace aidl::android::hardware::security::keymint {
	using ::ndk::ScopedAStatus;
	using std::optional;
	using std::vector;

	using secureclock::TimeStampToken;

	class AndroidKeyMintDevice : public BnKeyMintDevice {
	public:
	explicit AndroidKeyMintDevice(SecurityLevel securityLevel);
	virtual ~AndroidKeyMintDevice();

	ScopedAStatus getHardwareInfo(KeyMintHardwareInfo* info) override;

	ScopedAStatus addRngEntropy(const vector<uint8_t>& data) override;

	ScopedAStatus generateKey(const vector<KeyParameter>& keyParams,
	const optional<AttestationKey>& attestationKey,
	KeyCreationResult* creationResult) override;

	ScopedAStatus importKey(const vector<KeyParameter>& keyParams, KeyFormat keyFormat,
	const vector<uint8_t>& keyData,
	const optional<AttestationKey>& attestationKey,
	KeyCreationResult* creationResult) override;

	ScopedAStatus importWrappedKey(const vector<uint8_t>& wrappedKeyData,
	const vector<uint8_t>& wrappingKeyBlob,
	const vector<uint8_t>& maskingKey,
	const vector<KeyParameter>& unwrappingParams,
	int64_t passwordSid, int64_t biometricSid,
	KeyCreationResult* creationResult) override;

	ScopedAStatus upgradeKey(const vector<uint8_t>& keyBlobToUpgrade,
	const vector<KeyParameter>& upgradeParams,
	vector<uint8_t>* keyBlob) override;

	ScopedAStatus deleteKey(const vector<uint8_t>& keyBlob) override;
	ScopedAStatus deleteAllKeys() override;
	ScopedAStatus destroyAttestationIds() override;

	ScopedAStatus begin(KeyPurpose purpose, const vector<uint8_t>& keyBlob,
	const vector<KeyParameter>& params,
	const optional<HardwareAuthToken>& authToken, BeginResult* result) override;

	ScopedAStatus deviceLocked(bool passwordOnly,
	const optional<TimeStampToken>& timestampToken) override;
	ScopedAStatus earlyBootEnded() override;

	ScopedAStatus convertStorageKeyToEphemeral(const std::vector<uint8_t>& storageKeyBlob,
	std::vector<uint8_t>* ephemeralKeyBlob) override;

	ScopedAStatus
	getKeyCharacteristics(const std::vector<uint8_t>& keyBlob, const std::vector<uint8_t>& appId,
	const std::vector<uint8_t>& appData,
	std::vector<KeyCharacteristics>* keyCharacteristics) override;

	ScopedAStatus getRootOfTrustChallenge(std::array<uint8_t, 16>* rootOfTrustChallenge) override;

	ScopedAStatus getRootOfTrust(const std::array<uint8_t, 16>& in_challenge,
	std::vector<uint8_t>* rootOfTrust) override;

	ScopedAStatus sendRootOfTrust(const std::vector<uint8_t>& in_rootOfTrust) override;

	TrustonicKeymintDeviceImpl* getImpl() { return impl_; }

	protected:
	TrustonicKeymintDeviceImpl *impl_;
	};

	IKeyMintDevice* CreateKeyMintDevice(SecurityLevel securityLevel);

	} // namespace aidl::android::hardware::security::keymint