xref: /aosp_15_r20/hardware/interfaces/rebootescrow/aidl/default/RebootEscrow.cpp (revision 4d7e907c777eeecc4c5bd7cf640a754fac206ff7) 
1*4d7e907cSAndroid Build Coastguard Worker /*
2*4d7e907cSAndroid Build Coastguard Worker  * Copyright (C) 2019 The Android Open Source Project
3*4d7e907cSAndroid Build Coastguard Worker  *
4*4d7e907cSAndroid Build Coastguard Worker  * Licensed under the Apache License, Version 2.0 (the "License");
5*4d7e907cSAndroid Build Coastguard Worker  * you may not use this file except in compliance with the License.
6*4d7e907cSAndroid Build Coastguard Worker  * You may obtain a copy of the License at
7*4d7e907cSAndroid Build Coastguard Worker  *
8*4d7e907cSAndroid Build Coastguard Worker  *      http://www.apache.org/licenses/LICENSE-2.0
9*4d7e907cSAndroid Build Coastguard Worker  *
10*4d7e907cSAndroid Build Coastguard Worker  * Unless required by applicable law or agreed to in writing, software
11*4d7e907cSAndroid Build Coastguard Worker  * distributed under the License is distributed on an "AS IS" BASIS,
12*4d7e907cSAndroid Build Coastguard Worker  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*4d7e907cSAndroid Build Coastguard Worker  * See the License for the specific language governing permissions and
14*4d7e907cSAndroid Build Coastguard Worker  * limitations under the License.
15*4d7e907cSAndroid Build Coastguard Worker  */
16*4d7e907cSAndroid Build Coastguard Worker 
17*4d7e907cSAndroid Build Coastguard Worker #include <android-base/file.h>
18*4d7e907cSAndroid Build Coastguard Worker #include <android-base/logging.h>
19*4d7e907cSAndroid Build Coastguard Worker #include <android-base/unique_fd.h>
20*4d7e907cSAndroid Build Coastguard Worker 
21*4d7e907cSAndroid Build Coastguard Worker #include "HadamardUtils.h"
22*4d7e907cSAndroid Build Coastguard Worker #include "rebootescrow-impl/RebootEscrow.h"
23*4d7e907cSAndroid Build Coastguard Worker 
24*4d7e907cSAndroid Build Coastguard Worker namespace aidl {
25*4d7e907cSAndroid Build Coastguard Worker namespace android {
26*4d7e907cSAndroid Build Coastguard Worker namespace hardware {
27*4d7e907cSAndroid Build Coastguard Worker namespace rebootescrow {
28*4d7e907cSAndroid Build Coastguard Worker 
29*4d7e907cSAndroid Build Coastguard Worker using ::android::base::unique_fd;
30*4d7e907cSAndroid Build Coastguard Worker 
storeKey(const std::vector<uint8_t> & ukek)31*4d7e907cSAndroid Build Coastguard Worker ndk::ScopedAStatus RebootEscrow::storeKey(const std::vector<uint8_t>& ukek) {
32*4d7e907cSAndroid Build Coastguard Worker     int rawFd = TEMP_FAILURE_RETRY(::open(devicePath_.c_str(), O_WRONLY | O_NOFOLLOW | O_CLOEXEC));
33*4d7e907cSAndroid Build Coastguard Worker     unique_fd fd(rawFd);
34*4d7e907cSAndroid Build Coastguard Worker     if (fd.get() < 0) {
35*4d7e907cSAndroid Build Coastguard Worker         LOG(WARNING) << "Could not open reboot escrow device";
36*4d7e907cSAndroid Build Coastguard Worker         return ndk::ScopedAStatus(AStatus_fromExceptionCode(EX_UNSUPPORTED_OPERATION));
37*4d7e907cSAndroid Build Coastguard Worker     }
38*4d7e907cSAndroid Build Coastguard Worker 
39*4d7e907cSAndroid Build Coastguard Worker     auto encoded = hadamard::EncodeKey(ukek);
40*4d7e907cSAndroid Build Coastguard Worker 
41*4d7e907cSAndroid Build Coastguard Worker     if (!::android::base::WriteFully(fd, encoded.data(), encoded.size())) {
42*4d7e907cSAndroid Build Coastguard Worker         LOG(WARNING) << "Could not write data fully to character device";
43*4d7e907cSAndroid Build Coastguard Worker         return ndk::ScopedAStatus(AStatus_fromExceptionCode(EX_UNSUPPORTED_OPERATION));
44*4d7e907cSAndroid Build Coastguard Worker     }
45*4d7e907cSAndroid Build Coastguard Worker 
46*4d7e907cSAndroid Build Coastguard Worker     return ndk::ScopedAStatus::ok();
47*4d7e907cSAndroid Build Coastguard Worker }
48*4d7e907cSAndroid Build Coastguard Worker 
retrieveKey(std::vector<uint8_t> * _aidl_return)49*4d7e907cSAndroid Build Coastguard Worker ndk::ScopedAStatus RebootEscrow::retrieveKey(std::vector<uint8_t>* _aidl_return) {
50*4d7e907cSAndroid Build Coastguard Worker     int rawFd = TEMP_FAILURE_RETRY(::open(devicePath_.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC));
51*4d7e907cSAndroid Build Coastguard Worker     unique_fd fd(rawFd);
52*4d7e907cSAndroid Build Coastguard Worker     if (fd.get() < 0) {
53*4d7e907cSAndroid Build Coastguard Worker         LOG(WARNING) << "Could not open reboot escrow device";
54*4d7e907cSAndroid Build Coastguard Worker         return ndk::ScopedAStatus(AStatus_fromExceptionCode(EX_UNSUPPORTED_OPERATION));
55*4d7e907cSAndroid Build Coastguard Worker     }
56*4d7e907cSAndroid Build Coastguard Worker 
57*4d7e907cSAndroid Build Coastguard Worker     std::vector<uint8_t> encodedBytes(hadamard::OUTPUT_SIZE_BYTES);
58*4d7e907cSAndroid Build Coastguard Worker     if (!::android::base::ReadFully(fd, &encodedBytes[0], encodedBytes.size())) {
59*4d7e907cSAndroid Build Coastguard Worker         LOG(WARNING) << "Could not read device";
60*4d7e907cSAndroid Build Coastguard Worker         return ndk::ScopedAStatus(AStatus_fromExceptionCode(EX_UNSUPPORTED_OPERATION));
61*4d7e907cSAndroid Build Coastguard Worker     }
62*4d7e907cSAndroid Build Coastguard Worker 
63*4d7e907cSAndroid Build Coastguard Worker     auto keyBytes = hadamard::DecodeKey(encodedBytes);
64*4d7e907cSAndroid Build Coastguard Worker 
65*4d7e907cSAndroid Build Coastguard Worker     *_aidl_return = keyBytes;
66*4d7e907cSAndroid Build Coastguard Worker     return ndk::ScopedAStatus::ok();
67*4d7e907cSAndroid Build Coastguard Worker }
68*4d7e907cSAndroid Build Coastguard Worker 
69*4d7e907cSAndroid Build Coastguard Worker }  // namespace rebootescrow
70*4d7e907cSAndroid Build Coastguard Worker }  // namespace hardware
71*4d7e907cSAndroid Build Coastguard Worker }  // namespace android
72*4d7e907cSAndroid Build Coastguard Worker }  // namespace aidl
73