diff options
author | Ethan Yonker <dees_troy@teamw.in> | 2018-08-30 22:16:27 +0200 |
---|---|---|
committer | Ethan Yonker <dees_troy@teamw.in> | 2018-08-31 17:37:08 +0200 |
commit | e9afc3de0fe1df795cc2f8cfab489177252812be (patch) | |
tree | 867698dc2670b97f821726b71043a232ad54c6ce /crypto/ext4crypt/KeyStorage4.h | |
parent | Merge AOSP android-9.0.0_r3 (diff) | |
download | android_bootable_recovery-e9afc3de0fe1df795cc2f8cfab489177252812be.tar android_bootable_recovery-e9afc3de0fe1df795cc2f8cfab489177252812be.tar.gz android_bootable_recovery-e9afc3de0fe1df795cc2f8cfab489177252812be.tar.bz2 android_bootable_recovery-e9afc3de0fe1df795cc2f8cfab489177252812be.tar.lz android_bootable_recovery-e9afc3de0fe1df795cc2f8cfab489177252812be.tar.xz android_bootable_recovery-e9afc3de0fe1df795cc2f8cfab489177252812be.tar.zst android_bootable_recovery-e9afc3de0fe1df795cc2f8cfab489177252812be.zip |
Diffstat (limited to '')
-rw-r--r-- | crypto/ext4crypt/KeyStorage4.h | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/crypto/ext4crypt/KeyStorage4.h b/crypto/ext4crypt/KeyStorage4.h new file mode 100644 index 000000000..35ff65e63 --- /dev/null +++ b/crypto/ext4crypt/KeyStorage4.h @@ -0,0 +1,73 @@ +/* + * Copyright (C) 2016 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef ANDROID_TWRP_KEYSTORAGE_H +#define ANDROID_TWRP_KEYSTORAGE_H + +#include "KeyBuffer.h" + +#include <string> + +namespace android { +namespace vold { + +// Represents the information needed to decrypt a disk encryption key. +// If "token" is nonempty, it is passed in as a required Gatekeeper auth token. +// If "token" and "secret" are nonempty, "secret" is appended to the application-specific +// binary needed to unlock. +// If only "secret" is nonempty, it is used to decrypt in a non-Keymaster process. +class KeyAuthentication { + public: + KeyAuthentication(std::string t, std::string s) : token{t}, secret{s} {}; + + bool usesKeymaster() const { return !token.empty() || secret.empty(); }; + + const std::string token; + const std::string secret; +}; + +extern const KeyAuthentication kEmptyAuthentication; + +// Checks if path "path" exists. +bool pathExists(const std::string& path); + +bool createSecdiscardable(const std::string& path, std::string* hash); +bool readSecdiscardable(const std::string& path, std::string* hash); + +// Create a directory at the named path, and store "key" in it, +// in such a way that it can only be retrieved via Keymaster and +// can be securely deleted. +// It's safe to move/rename the directory after creation. +bool storeKey(const std::string& dir, const KeyAuthentication& auth, const KeyBuffer& key); + +// Create a directory at the named path, and store "key" in it as storeKey +// This version creates the key in "tmp_path" then atomically renames "tmp_path" +// to "key_path" thereby ensuring that the key is either stored entirely or +// not at all. +bool storeKeyAtomically(const std::string& key_path, const std::string& tmp_path, + const KeyAuthentication& auth, const KeyBuffer& key); + +// Retrieve the key from the named directory. +bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, KeyBuffer* key); + +// Securely destroy the key stored in the named directory and delete the directory. +bool destroyKey(const std::string& dir); + +bool runSecdiscardSingle(const std::string& file); +} // namespace vold +} // namespace android + +#endif |