1 // Copyright 2015 The Android Open Source Project 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #ifndef KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 16 #define KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 17 18 #include "keystore_client.h" 19 20 #include <future> 21 #include <map> 22 #include <string> 23 #include <vector> 24 25 #include <android/security/keystore/IKeystoreService.h> 26 #include <binder/IBinder.h> 27 #include <binder/IServiceManager.h> 28 #include <utils/StrongPointer.h> 29 30 namespace keystore { 31 32 class KeystoreClientImpl : public KeystoreClient { 33 public: 34 KeystoreClientImpl(); 35 ~KeystoreClientImpl() override = default; 36 37 // KeystoreClient methods. 38 bool encryptWithAuthentication(const std::string& key_name, const std::string& data, 39 int32_t flags, std::string* encrypted_data) override; 40 bool decryptWithAuthentication(const std::string& key_name, const std::string& encrypted_data, 41 std::string* data) override; 42 bool oneShotOperation(KeyPurpose purpose, const std::string& key_name, 43 const keystore::AuthorizationSet& input_parameters, 44 const std::string& input_data, const std::string& signature_to_verify, 45 keystore::AuthorizationSet* output_parameters, 46 std::string* output_data) override; 47 KeyStoreNativeReturnCode addRandomNumberGeneratorEntropy(const std::string& entropy, 48 int32_t flags) override; 49 KeyStoreNativeReturnCode 50 generateKey(const std::string& key_name, const keystore::AuthorizationSet& key_parameters, 51 int32_t flags, keystore::AuthorizationSet* hardware_enforced_characteristics, 52 keystore::AuthorizationSet* software_enforced_characteristics) override; 53 KeyStoreNativeReturnCode 54 getKeyCharacteristics(const std::string& key_name, 55 keystore::AuthorizationSet* hardware_enforced_characteristics, 56 keystore::AuthorizationSet* software_enforced_characteristics) override; 57 KeyStoreNativeReturnCode 58 importKey(const std::string& key_name, const keystore::AuthorizationSet& key_parameters, 59 KeyFormat key_format, const std::string& key_data, 60 keystore::AuthorizationSet* hardware_enforced_characteristics, 61 keystore::AuthorizationSet* software_enforced_characteristics) override; 62 KeyStoreNativeReturnCode exportKey(KeyFormat export_format, const std::string& key_name, 63 std::string* export_data) override; 64 KeyStoreNativeReturnCode deleteKey(const std::string& key_name) override; 65 KeyStoreNativeReturnCode deleteAllKeys() override; 66 KeyStoreNativeReturnCode beginOperation(KeyPurpose purpose, const std::string& key_name, 67 const keystore::AuthorizationSet& input_parameters, 68 keystore::AuthorizationSet* output_parameters, 69 uint64_t* handle) override; 70 KeyStoreNativeReturnCode updateOperation(uint64_t handle, 71 const keystore::AuthorizationSet& input_parameters, 72 const std::string& input_data, 73 size_t* num_input_bytes_consumed, 74 keystore::AuthorizationSet* output_parameters, 75 std::string* output_data) override; 76 KeyStoreNativeReturnCode finishOperation(uint64_t handle, 77 const keystore::AuthorizationSet& input_parameters, 78 const std::string& signature_to_verify, 79 keystore::AuthorizationSet* output_parameters, 80 std::string* output_data) override; 81 KeyStoreNativeReturnCode abortOperation(uint64_t handle) override; 82 bool doesKeyExist(const std::string& key_name) override; 83 bool listKeys(const std::string& prefix, std::vector<std::string>* key_name_list) override; 84 85 private: 86 // Returns an available virtual operation handle. 87 uint64_t getNextVirtualHandle(); 88 89 // Maps a keystore error code to a code where all success cases use 90 // KM_ERROR_OK (not keystore's NO_ERROR). 91 // int32_t mapKeystoreError(int32_t keystore_error); 92 93 // Creates an encryption key suitable for EncryptWithAuthentication or 94 // verifies attributes if the key already exists. Returns true on success. 95 bool createOrVerifyEncryptionKey(const std::string& key_name, int32_t flags); 96 97 // Creates an authentication key suitable for EncryptWithAuthentication or 98 // verifies attributes if the key already exists. Returns true on success. 99 bool createOrVerifyAuthenticationKey(const std::string& key_name, int32_t flags); 100 101 // Verifies attributes of an encryption key suitable for 102 // EncryptWithAuthentication. Returns true on success and populates |verified| 103 // with the result of the verification. 104 bool verifyEncryptionKeyAttributes(const std::string& key_name, bool* verified); 105 106 // Verifies attributes of an authentication key suitable for 107 // EncryptWithAuthentication. Returns true on success and populates |verified| 108 // with the result of the verification. 109 bool verifyAuthenticationKeyAttributes(const std::string& key_name, bool* verified); 110 111 android::sp<android::IServiceManager> service_manager_; 112 android::sp<android::IBinder> keystore_binder_; 113 android::sp<android::security::keystore::IKeystoreService> keystore_; 114 uint64_t next_virtual_handle_ = 1; 115 std::map<uint64_t, android::sp<android::IBinder>> active_operations_; 116 117 DISALLOW_COPY_AND_ASSIGN(KeystoreClientImpl); 118 }; 119 120 } // namespace keystore 121 122 #endif // KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 123