Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_vold / 6b7fa1bf178cd941aabe815d17da38d2e55d9867^! / . / Keymaster.h
commit6b7fa1bf178cd941aabe815d17da38d2e55d9867[log] [tgz]
authorJanis Danisevskis <jdanis@google.com>Tue Jan 31 11:31:08 2017 +0000
committerJanis Danisevskis <jdanis@google.com>Fri Feb 03 07:00:47 2017 +0000
treec668f7e423eb20f7321353fd00392e706c84d3a7
parentbcbf326779eb7bbe54a38500ea0218e27d9495c6 [diff] [blame]
Port cryptfs to HILD keymaster HAL

Cryptfs uses keymaster for key derivation. Vold has a C++ abstraction
for Keymaster. However, cryptfs, being a pure C implementation, uses
its own abstraction of the keymaster HAL.

This patch expresses cryptfs' keymaster abstraction in terms of
vold's C++ Keymaster abstraction, consolidating the code base to a
single point where the actual keymaster HAL is beeing used.

Test: marlin device boots with FBE enabled
Change-Id: Ia51fed5508e06fd6c436cca193791e57e0ab99ea

diff --git a/Keymaster.h b/Keymaster.h
index 893a6d1..44836ea 100644
--- a/Keymaster.h
+++ b/Keymaster.h

@@ -17,6 +17,8 @@
 #ifndef ANDROID_VOLD_KEYMASTER_H
 #define ANDROID_VOLD_KEYMASTER_H
 
+#ifdef __cplusplus
+
 #include <memory>
 #include <string>
 #include <utility>
@@ -59,8 +61,17 @@
     }
     // Construct an object in an error state for error returns
     KeymasterOperation()
-        : mDevice{nullptr}, mOpHandle{static_cast<uint64_t>(0)},
+        : mDevice{nullptr}, mOpHandle{0},
           mError {ErrorCode::UNKNOWN_ERROR} {}
+    // Move Assignment
+    KeymasterOperation& operator= (KeymasterOperation&& rhs) {
+        mDevice = std::move(rhs.mDevice);
+        mOpHandle = std::move(rhs.mOpHandle);
+        mError = std::move(rhs.mError);
+        rhs.mError = ErrorCode::UNKNOWN_ERROR;
+        rhs.mOpHandle = 0;
+        return *this;
+    }
 
   private:
     KeymasterOperation(const sp<IKeymasterDevice>& d, uint64_t h)
@@ -92,6 +103,7 @@
     // Begin a new cryptographic operation, collecting output parameters if pointer is non-null
     KeymasterOperation begin(KeyPurpose purpose, const std::string& key,
                              const AuthorizationSet& inParams, AuthorizationSet* outParams);
+    bool isSecure();
 
   private:
     sp<hardware::keymaster::V3_0::IKeymasterDevice> mDevice;
@@ -101,4 +113,27 @@
 }  // namespace vold
 }  // namespace android
 
+
+extern "C" {
+#endif
+
+int keymaster_compatibility_cryptfs_scrypt();
+int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size,
+                                            uint64_t rsa_exponent,
+                                            uint32_t ratelimit,
+                                            uint8_t* key_buffer,
+                                            uint32_t key_buffer_size,
+                                            uint32_t* key_out_size);
+
+int keymaster_sign_object_for_cryptfs_scrypt(const uint8_t* key_blob,
+                                             size_t key_blob_size,
+                                             uint32_t ratelimit,
+                                             const uint8_t* object,
+                                             const size_t object_size,
+                                             uint8_t** signature_buffer,
+                                             size_t* signature_buffer_size);
+#ifdef __cplusplus
+}
+#endif
+
 #endif