• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2009 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security;
18 
19 import android.compat.annotation.UnsupportedAppUsage;
20 import android.os.Build;
21 import android.os.UserHandle;
22 import android.security.maintenance.UserState;
23 import android.system.keystore2.Domain;
24 
25 /**
26  * @hide This should not be made public in its present form because it
27  * assumes that private and secret key bytes are available and would
28  * preclude the use of hardware crypto.
29  */
30 public class KeyStore {
31     private static final String TAG = "KeyStore";
32 
33     // ResponseCodes - see system/security/keystore/include/keystore/keystore.h
34     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
35     public static final int NO_ERROR = 1;
36 
37     // Used for UID field to indicate the calling UID.
38     public static final int UID_SELF = -1;
39 
40     // States
41     public enum State {
42         @UnsupportedAppUsage
43         UNLOCKED,
44         @UnsupportedAppUsage
45         LOCKED,
46         UNINITIALIZED
47     };
48 
49     private static final KeyStore KEY_STORE = new KeyStore();
50 
51     @UnsupportedAppUsage
getInstance()52     public static KeyStore getInstance() {
53         return KEY_STORE;
54     }
55 
56     /** @hide */
57     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
state(int userId)58     public State state(int userId) {
59         int userState = AndroidKeyStoreMaintenance.getState(userId);
60         switch (userState) {
61             case UserState.UNINITIALIZED:
62                 return KeyStore.State.UNINITIALIZED;
63             case UserState.LSKF_UNLOCKED:
64                 return KeyStore.State.UNLOCKED;
65             case UserState.LSKF_LOCKED:
66                 return KeyStore.State.LOCKED;
67             default:
68                 throw new AssertionError(userState);
69         }
70     }
71 
72     /** @hide */
73     @UnsupportedAppUsage
state()74     public State state() {
75         return state(UserHandle.myUserId());
76     }
77 
78     /** @hide */
79     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
get(String key)80     public byte[] get(String key) {
81         return null;
82     }
83 
84     /** @hide */
85     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
delete(String key)86     public boolean delete(String key) {
87         return false;
88     }
89 
90     /**
91      * List uids of all keys that are auth bound to the current user.
92      * Only system is allowed to call this method.
93      * @hide
94      * @deprecated This function always returns null.
95      */
96     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
listUidsOfAuthBoundKeys()97     public int[] listUidsOfAuthBoundKeys() {
98         return null;
99     }
100 
101 
102     /**
103      * @hide
104      * @deprecated This function has no effect.
105      */
106     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
unlock(String password)107     public boolean unlock(String password) {
108         return false;
109     }
110 
111     /**
112      *
113      * @return
114      * @deprecated This function always returns true.
115      * @hide
116      */
117     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 115609023)
isEmpty()118     public boolean isEmpty() {
119         return true;
120     }
121 
122     /**
123      * Forwards the request to clear a UID to Keystore 2.0.
124      * @hide
125      */
clearUid(int uid)126     public boolean clearUid(int uid) {
127         return AndroidKeyStoreMaintenance.clearNamespace(Domain.APP, uid) == 0;
128     }
129 
130 
131     /**
132      * Add an authentication record to the keystore authorization table.
133      *
134      * @param authToken The packed bytes of a hw_auth_token_t to be provided to keymaster.
135      * @return {@code KeyStore.NO_ERROR} on success, otherwise an error value corresponding to
136      * a {@code KeymasterDefs.KM_ERROR_} value or {@code KeyStore} ResponseCode.
137      */
addAuthToken(byte[] authToken)138     public int addAuthToken(byte[] authToken) {
139         return Authorization.addAuthToken(authToken);
140     }
141 
142     /**
143      * Notify keystore that the device went off-body.
144      */
onDeviceOffBody()145     public void onDeviceOffBody() {
146         AndroidKeyStoreMaintenance.onDeviceOffBody();
147     }
148 
149     /**
150      * Returns a {@link KeyStoreException} corresponding to the provided keystore/keymaster error
151      * code.
152      */
153     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
getKeyStoreException(int errorCode)154     public static KeyStoreException getKeyStoreException(int errorCode) {
155         return new KeyStoreException(-10000, "Should not be called.");
156     }
157 }
158