1 /* 2 * Copyright (C) 2018 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 package android.hardware.biometrics; 18 19 import static android.hardware.biometrics.Flags.FLAG_ADD_KEY_AGREEMENT_CRYPTO_OBJECT; 20 21 import android.annotation.FlaggedApi; 22 import android.annotation.NonNull; 23 import android.annotation.Nullable; 24 import android.security.identity.IdentityCredential; 25 import android.security.identity.PresentationSession; 26 import android.security.keystore2.AndroidKeyStoreProvider; 27 28 import java.security.Signature; 29 30 import javax.crypto.Cipher; 31 import javax.crypto.KeyAgreement; 32 import javax.crypto.Mac; 33 34 /** 35 * A wrapper class for the crypto objects supported by BiometricPrompt and FingerprintManager. 36 * Currently the framework supports {@link Signature}, {@link Cipher}, {@link Mac}, 37 * {@link KeyAgreement}, {@link IdentityCredential}, and {@link PresentationSession} objects. 38 * @hide 39 */ 40 public class CryptoObject { 41 private final Object mCrypto; 42 43 /** 44 * Create from a {@link Signature} object. 45 * 46 * @param signature a {@link Signature} object. 47 */ CryptoObject(@onNull Signature signature)48 public CryptoObject(@NonNull Signature signature) { 49 mCrypto = signature; 50 } 51 52 /** 53 * Create from a {@link Cipher} object. 54 * 55 * @param cipher a {@link Cipher} object. 56 */ CryptoObject(@onNull Cipher cipher)57 public CryptoObject(@NonNull Cipher cipher) { 58 mCrypto = cipher; 59 } 60 61 /** 62 * Create from a {@link Mac} object. 63 * 64 * @param mac a {@link Mac} object. 65 */ CryptoObject(@onNull Mac mac)66 public CryptoObject(@NonNull Mac mac) { 67 mCrypto = mac; 68 } 69 70 /** 71 * Create from a {@link IdentityCredential} object. 72 * 73 * @param credential a {@link IdentityCredential} object. 74 * @deprecated Use {@link PresentationSession} instead of {@link IdentityCredential}. 75 */ 76 @Deprecated CryptoObject(@onNull IdentityCredential credential)77 public CryptoObject(@NonNull IdentityCredential credential) { 78 mCrypto = credential; 79 } 80 81 /** 82 * Create from a {@link PresentationSession} object. 83 * 84 * @param session a {@link PresentationSession} object. 85 */ CryptoObject(@onNull PresentationSession session)86 public CryptoObject(@NonNull PresentationSession session) { 87 mCrypto = session; 88 } 89 90 /** 91 * Create from a {@link KeyAgreement} object. 92 * 93 * @param keyAgreement a {@link KeyAgreement} object. 94 */ 95 @FlaggedApi(FLAG_ADD_KEY_AGREEMENT_CRYPTO_OBJECT) CryptoObject(@onNull KeyAgreement keyAgreement)96 public CryptoObject(@NonNull KeyAgreement keyAgreement) { 97 mCrypto = keyAgreement; 98 } 99 CryptoObject(long operationHandle)100 public CryptoObject(long operationHandle) { 101 mCrypto = operationHandle; 102 } 103 104 /** 105 * Get {@link Signature} object. 106 * @return {@link Signature} object or null if this doesn't contain one. 107 */ getSignature()108 public @Nullable Signature getSignature() { 109 return mCrypto instanceof Signature ? (Signature) mCrypto : null; 110 } 111 112 /** 113 * Get {@link Cipher} object. 114 * @return {@link Cipher} object or null if this doesn't contain one. 115 */ getCipher()116 public @Nullable Cipher getCipher() { 117 return mCrypto instanceof Cipher ? (Cipher) mCrypto : null; 118 } 119 120 /** 121 * Get {@link Mac} object. 122 * @return {@link Mac} object or null if this doesn't contain one. 123 */ getMac()124 public @Nullable Mac getMac() { 125 return mCrypto instanceof Mac ? (Mac) mCrypto : null; 126 } 127 128 /** 129 * Get {@link IdentityCredential} object. 130 * @return {@link IdentityCredential} object or null if this doesn't contain one. 131 * @deprecated Use {@link PresentationSession} instead of {@link IdentityCredential}. 132 */ 133 @Deprecated getIdentityCredential()134 public @Nullable IdentityCredential getIdentityCredential() { 135 return mCrypto instanceof IdentityCredential ? (IdentityCredential) mCrypto : null; 136 } 137 138 /** 139 * Get {@link PresentationSession} object. 140 * @return {@link PresentationSession} object or null if this doesn't contain one. 141 */ getPresentationSession()142 public @Nullable PresentationSession getPresentationSession() { 143 return mCrypto instanceof PresentationSession ? (PresentationSession) mCrypto : null; 144 } 145 146 /** 147 * Get {@link KeyAgreement} object. A key-agreement protocol is a protocol whereby 148 * two or more parties can agree on a shared secret using public key cryptography. 149 * 150 * @return {@link KeyAgreement} object or null if this doesn't contain one. 151 */ 152 @FlaggedApi(FLAG_ADD_KEY_AGREEMENT_CRYPTO_OBJECT) getKeyAgreement()153 public @Nullable KeyAgreement getKeyAgreement() { 154 return mCrypto instanceof KeyAgreement ? (KeyAgreement) mCrypto : null; 155 } 156 157 /** 158 * @hide 159 * @return the opId associated with this object or 0 if none 160 */ getOpId()161 public long getOpId() { 162 if (mCrypto == null) { 163 return 0; 164 } else if (mCrypto instanceof Long) { 165 return (long) mCrypto; 166 } else if (mCrypto instanceof IdentityCredential) { 167 return ((IdentityCredential) mCrypto).getCredstoreOperationHandle(); 168 } else if (mCrypto instanceof PresentationSession) { 169 return ((PresentationSession) mCrypto).getCredstoreOperationHandle(); 170 } 171 return AndroidKeyStoreProvider.getKeyStoreOperationHandle(mCrypto); 172 } 173 } 174