Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 37896101eae3d88a142e7d659140ff20dc45a807 / . / keystore / keystore_utils.h
blob: 3bc9c0102350aefaed330b1d0a0c5988e8455020 [file] [log] [blame]
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef KEYSTORE_KEYSTORE_UTILS_H_
18#define KEYSTORE_KEYSTORE_UTILS_H_
19
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame]20#include <cstdint>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]21#include <vector>
22
23#include <openssl/evp.h>
24#include <openssl/pem.h>
25
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame]26#include <memory>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]27
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame]28#include <keystore/keymaster_types.h>
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]29
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]30size_t readFully(int fd, uint8_t* data, size_t size);
31size_t writeFully(int fd, uint8_t* data, size_t size);
32
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]33void add_legacy_key_authorizations(int keyType, keystore::AuthorizationSet* params);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]34
35/**
36 * Returns the app ID (in the Android multi-user sense) for the current
37 * UNIX UID.
38 */
39uid_t get_app_id(uid_t uid);
40
41/**
42 * Returns the user ID (in the Android multi-user sense) for the current
43 * UNIX UID.
44 */
45uid_t get_user_id(uid_t uid);
46
47struct EVP_PKEY_Delete {
48 void operator()(EVP_PKEY* p) const { EVP_PKEY_free(p); }
49};
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame]50typedef std::unique_ptr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]51
52struct PKCS8_PRIV_KEY_INFO_Delete {
53 void operator()(PKCS8_PRIV_KEY_INFO* p) const { PKCS8_PRIV_KEY_INFO_free(p); }
54};
Janis Danisevskisccfff102017-05-01 11:02:51 -0700[diff] [blame]55typedef std::unique_ptr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]56
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]57class Blob;
58
Pavel Grafovcef39472018-02-12 18:45:02 +0000[diff] [blame]59// Tags for audit logging. Be careful and don't log sensitive data.
60// Should be in sync with frameworks/base/core/java/android/app/admin/SecurityLogTags.logtags
61constexpr int SEC_TAG_KEY_DESTROYED = 210026;
62constexpr int SEC_TAG_KEY_INTEGRITY_VIOLATION = 210032;
63constexpr int SEC_TAG_AUTH_KEY_GENERATED = 210024;
64constexpr int SEC_TAG_KEY_IMPORTED = 210025;
65
66void log_key_integrity_violation(const char* name, uid_t uid);
67
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]68namespace keystore {
69
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]70hidl_vec<uint8_t> blob2hidlVec(const Blob& blob);
71
72SecurityLevel flagsToSecurityLevel(int32_t flags);
73uint32_t securityLevelToFlags(SecurityLevel secLevel);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]74
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame]75} // namespace keystore
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]76
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]77#endif // KEYSTORE_KEYSTORE_UTILS_H_