1 // Copyright 2015 The Android Open Source Project 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #ifndef KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 16 #define KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 17 18 #include "keystore_client.h" 19 20 #include <map> 21 #include <string> 22 #include <vector> 23 24 #include <android/security/IKeystoreService.h> 25 #include <binder/IBinder.h> 26 #include <binder/IServiceManager.h> 27 #include <utils/StrongPointer.h> 28 29 namespace keystore { 30 31 class KeystoreClientImpl : public KeystoreClient { 32 public: 33 KeystoreClientImpl(); 34 ~KeystoreClientImpl() override = default; 35 36 // KeystoreClient methods. 37 bool encryptWithAuthentication(const std::string& key_name, const std::string& data, 38 int32_t flags, std::string* encrypted_data) override; 39 bool decryptWithAuthentication(const std::string& key_name, const std::string& encrypted_data, 40 std::string* data) override; 41 bool oneShotOperation(KeyPurpose purpose, const std::string& key_name, 42 const keystore::AuthorizationSet& input_parameters, 43 const std::string& input_data, const std::string& signature_to_verify, 44 keystore::AuthorizationSet* output_parameters, 45 std::string* output_data) override; 46 KeyStoreNativeReturnCode addRandomNumberGeneratorEntropy(const std::string& entropy, 47 int32_t flags) override; 48 KeyStoreNativeReturnCode 49 generateKey(const std::string& key_name, const keystore::AuthorizationSet& key_parameters, 50 int32_t flags, keystore::AuthorizationSet* hardware_enforced_characteristics, 51 keystore::AuthorizationSet* software_enforced_characteristics) override; 52 KeyStoreNativeReturnCode 53 getKeyCharacteristics(const std::string& key_name, 54 keystore::AuthorizationSet* hardware_enforced_characteristics, 55 keystore::AuthorizationSet* software_enforced_characteristics) override; 56 KeyStoreNativeReturnCode 57 importKey(const std::string& key_name, const keystore::AuthorizationSet& key_parameters, 58 KeyFormat key_format, const std::string& key_data, 59 keystore::AuthorizationSet* hardware_enforced_characteristics, 60 keystore::AuthorizationSet* software_enforced_characteristics) override; 61 KeyStoreNativeReturnCode exportKey(KeyFormat export_format, const std::string& key_name, 62 std::string* export_data) override; 63 KeyStoreNativeReturnCode deleteKey(const std::string& key_name) override; 64 KeyStoreNativeReturnCode deleteAllKeys() override; 65 KeyStoreNativeReturnCode beginOperation(KeyPurpose purpose, const std::string& key_name, 66 const keystore::AuthorizationSet& input_parameters, 67 keystore::AuthorizationSet* output_parameters, 68 uint64_t* handle) override; 69 KeyStoreNativeReturnCode updateOperation(uint64_t handle, 70 const keystore::AuthorizationSet& input_parameters, 71 const std::string& input_data, 72 size_t* num_input_bytes_consumed, 73 keystore::AuthorizationSet* output_parameters, 74 std::string* output_data) override; 75 KeyStoreNativeReturnCode finishOperation(uint64_t handle, 76 const keystore::AuthorizationSet& input_parameters, 77 const std::string& signature_to_verify, 78 keystore::AuthorizationSet* output_parameters, 79 std::string* output_data) override; 80 KeyStoreNativeReturnCode abortOperation(uint64_t handle) override; 81 bool doesKeyExist(const std::string& key_name) override; 82 bool listKeys(const std::string& prefix, std::vector<std::string>* key_name_list) override; 83 84 private: 85 // Returns an available virtual operation handle. 86 uint64_t getNextVirtualHandle(); 87 88 // Maps a keystore error code to a code where all success cases use 89 // KM_ERROR_OK (not keystore's NO_ERROR). 90 // int32_t mapKeystoreError(int32_t keystore_error); 91 92 // Creates an encryption key suitable for EncryptWithAuthentication or 93 // verifies attributes if the key already exists. Returns true on success. 94 bool createOrVerifyEncryptionKey(const std::string& key_name, int32_t flags); 95 96 // Creates an authentication key suitable for EncryptWithAuthentication or 97 // verifies attributes if the key already exists. Returns true on success. 98 bool createOrVerifyAuthenticationKey(const std::string& key_name, int32_t flags); 99 100 // Verifies attributes of an encryption key suitable for 101 // EncryptWithAuthentication. Returns true on success and populates |verified| 102 // with the result of the verification. 103 bool verifyEncryptionKeyAttributes(const std::string& key_name, bool* verified); 104 105 // Verifies attributes of an authentication key suitable for 106 // EncryptWithAuthentication. Returns true on success and populates |verified| 107 // with the result of the verification. 108 bool verifyAuthenticationKeyAttributes(const std::string& key_name, bool* verified); 109 110 android::sp<android::IServiceManager> service_manager_; 111 android::sp<android::IBinder> keystore_binder_; 112 android::sp<android::security::IKeystoreService> keystore_; 113 uint64_t next_virtual_handle_ = 1; 114 std::map<uint64_t, android::sp<android::IBinder>> active_operations_; 115 116 DISALLOW_COPY_AND_ASSIGN(KeystoreClientImpl); 117 }; 118 119 } // namespace keystore 120 121 #endif // KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 122