platform_system_security/keystore/keystore_utils.h
David Benjamin dc4d142303 Replace custom BoringSSL scopers with bssl::UniquePtr.
BoringSSL already provides C++ scopers.

Test: mma
Change-Id: I34d4ec36fc0b51750560be0886768a83fe69fbf5
2019-08-08 13:13:54 -04:00

70 lines
2 KiB
C++

/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef KEYSTORE_KEYSTORE_UTILS_H_
#define KEYSTORE_KEYSTORE_UTILS_H_
#include <cstdint>
#include <string>
#include <vector>
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <memory>
#include <keystore/keymaster_types.h>
size_t readFully(int fd, uint8_t* data, size_t size);
size_t writeFully(int fd, uint8_t* data, size_t size);
std::string getContainingDirectory(const std::string& filename);
void fsyncDirectory(const std::string& path);
void add_legacy_key_authorizations(int keyType, keystore::AuthorizationSet* params);
/**
* Returns the app ID (in the Android multi-user sense) for the current
* UNIX UID.
*/
uid_t get_app_id(uid_t uid);
/**
* Returns the user ID (in the Android multi-user sense) for the current
* UNIX UID.
*/
uid_t get_user_id(uid_t uid);
class Blob;
// Tags for audit logging. Be careful and don't log sensitive data.
// Should be in sync with frameworks/base/core/java/android/app/admin/SecurityLogTags.logtags
constexpr int SEC_TAG_KEY_DESTROYED = 210026;
constexpr int SEC_TAG_KEY_INTEGRITY_VIOLATION = 210032;
constexpr int SEC_TAG_AUTH_KEY_GENERATED = 210024;
constexpr int SEC_TAG_KEY_IMPORTED = 210025;
void log_key_integrity_violation(const char* name, uid_t uid);
namespace keystore {
hidl_vec<uint8_t> blob2hidlVec(const Blob& blob);
SecurityLevel flagsToSecurityLevel(int32_t flags);
uint32_t securityLevelToFlags(SecurityLevel secLevel);
} // namespace keystore
#endif // KEYSTORE_KEYSTORE_UTILS_H_