1 // Copyright 2015 The Android Open Source Project 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 #ifndef KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 16 #define KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 17 18 #include "keystore/keystore_client.h" 19 20 #include <string> 21 #include <map> 22 #include <vector> 23 24 #include "binder/IBinder.h" 25 #include "binder/IServiceManager.h" 26 #include "keystore/IKeystoreService.h" 27 #include "utils/StrongPointer.h" 28 29 namespace keystore { 30 31 class KeystoreClientImpl : public KeystoreClient { 32 public: 33 KeystoreClientImpl(); 34 ~KeystoreClientImpl() override = default; 35 36 // KeystoreClient methods. 37 bool encryptWithAuthentication(const std::string& key_name, const std::string& data, 38 std::string* encrypted_data) override; 39 bool decryptWithAuthentication(const std::string& key_name, const std::string& encrypted_data, 40 std::string* data) override; 41 bool oneShotOperation(keymaster_purpose_t purpose, const std::string& key_name, 42 const keymaster::AuthorizationSet& input_parameters, 43 const std::string& input_data, const std::string& signature_to_verify, 44 keymaster::AuthorizationSet* output_parameters, 45 std::string* output_data) override; 46 int32_t addRandomNumberGeneratorEntropy(const std::string& entropy) override; 47 int32_t generateKey(const std::string& key_name, 48 const keymaster::AuthorizationSet& key_parameters, 49 keymaster::AuthorizationSet* hardware_enforced_characteristics, 50 keymaster::AuthorizationSet* software_enforced_characteristics) override; 51 int32_t 52 getKeyCharacteristics(const std::string& key_name, 53 keymaster::AuthorizationSet* hardware_enforced_characteristics, 54 keymaster::AuthorizationSet* software_enforced_characteristics) override; 55 int32_t importKey(const std::string& key_name, 56 const keymaster::AuthorizationSet& key_parameters, 57 keymaster_key_format_t key_format, const std::string& key_data, 58 keymaster::AuthorizationSet* hardware_enforced_characteristics, 59 keymaster::AuthorizationSet* software_enforced_characteristics) override; 60 int32_t exportKey(keymaster_key_format_t export_format, const std::string& key_name, 61 std::string* export_data) override; 62 int32_t deleteKey(const std::string& key_name) override; 63 int32_t deleteAllKeys() override; 64 int32_t beginOperation(keymaster_purpose_t purpose, const std::string& key_name, 65 const keymaster::AuthorizationSet& input_parameters, 66 keymaster::AuthorizationSet* output_parameters, 67 keymaster_operation_handle_t* handle) override; 68 int32_t updateOperation(keymaster_operation_handle_t handle, 69 const keymaster::AuthorizationSet& input_parameters, 70 const std::string& input_data, size_t* num_input_bytes_consumed, 71 keymaster::AuthorizationSet* output_parameters, 72 std::string* output_data) override; 73 int32_t finishOperation(keymaster_operation_handle_t handle, 74 const keymaster::AuthorizationSet& input_parameters, 75 const std::string& signature_to_verify, 76 keymaster::AuthorizationSet* output_parameters, 77 std::string* output_data) override; 78 int32_t abortOperation(keymaster_operation_handle_t handle) override; 79 bool doesKeyExist(const std::string& key_name) override; 80 bool listKeys(const std::string& prefix, std::vector<std::string>* key_name_list) override; 81 82 private: 83 // Returns an available virtual operation handle. 84 keymaster_operation_handle_t getNextVirtualHandle(); 85 86 // Maps a keystore error code to a code where all success cases use 87 // KM_ERROR_OK (not keystore's NO_ERROR). 88 int32_t mapKeystoreError(int32_t keystore_error); 89 90 // Creates an encryption key suitable for EncryptWithAuthentication or 91 // verifies attributes if the key already exists. Returns true on success. 92 bool createOrVerifyEncryptionKey(const std::string& key_name); 93 94 // Creates an authentication key suitable for EncryptWithAuthentication or 95 // verifies attributes if the key already exists. Returns true on success. 96 bool createOrVerifyAuthenticationKey(const std::string& key_name); 97 98 // Verifies attributes of an encryption key suitable for 99 // EncryptWithAuthentication. Returns true on success and populates |verified| 100 // with the result of the verification. 101 bool verifyEncryptionKeyAttributes(const std::string& key_name, bool* verified); 102 103 // Verifies attributes of an authentication key suitable for 104 // EncryptWithAuthentication. Returns true on success and populates |verified| 105 // with the result of the verification. 106 bool verifyAuthenticationKeyAttributes(const std::string& key_name, bool* verified); 107 108 android::sp<android::IServiceManager> service_manager_; 109 android::sp<android::IBinder> keystore_binder_; 110 android::sp<android::IKeystoreService> keystore_; 111 keymaster_operation_handle_t next_virtual_handle_ = 1; 112 std::map<keymaster_operation_handle_t, android::sp<android::IBinder>> active_operations_; 113 114 DISALLOW_COPY_AND_ASSIGN(KeystoreClientImpl); 115 }; 116 117 } // namespace keystore 118 119 #endif // KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 120