KeyStore.java revision e66769ad5194cb4533d1087416a2e804ac384285 
1/*
2 * Copyright (C) 2009 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.security;
18
19import android.os.RemoteException;
20import android.os.ServiceManager;
21import android.util.Log;
22
23/**
24 * @hide This should not be made public in its present form because it
25 * assumes that private and secret key bytes are available and would
26 * preclude the use of hardware crypto.
27 */
28public class KeyStore {
29    private static final String TAG = "KeyStore";
30
31    // ResponseCodes
32    public static final int NO_ERROR = 1;
33    public static final int LOCKED = 2;
34    public static final int UNINITIALIZED = 3;
35    public static final int SYSTEM_ERROR = 4;
36    public static final int PROTOCOL_ERROR = 5;
37    public static final int PERMISSION_DENIED = 6;
38    public static final int KEY_NOT_FOUND = 7;
39    public static final int VALUE_CORRUPTED = 8;
40    public static final int UNDEFINED_ACTION = 9;
41    public static final int WRONG_PASSWORD = 10;
42
43    // States
44    public enum State { UNLOCKED, LOCKED, UNINITIALIZED };
45
46    private int mError = NO_ERROR;
47
48    private final IKeystoreService mBinder;
49
50    private KeyStore(IKeystoreService binder) {
51        mBinder = binder;
52    }
53
54    public static KeyStore getInstance() {
55        IKeystoreService keystore = IKeystoreService.Stub.asInterface(ServiceManager
56                .getService("android.security.keystore"));
57        return new KeyStore(keystore);
58    }
59
60    public State state() {
61        final int ret;
62        try {
63            ret = mBinder.test();
64        } catch (RemoteException e) {
65            Log.w(TAG, "Cannot connect to keystore", e);
66            throw new AssertionError(e);
67        }
68
69        switch (ret) {
70            case NO_ERROR: return State.UNLOCKED;
71            case LOCKED: return State.LOCKED;
72            case UNINITIALIZED: return State.UNINITIALIZED;
73            default: throw new AssertionError(mError);
74        }
75    }
76
77    public byte[] get(String key) {
78        try {
79            return mBinder.get(key);
80        } catch (RemoteException e) {
81            Log.w(TAG, "Cannot connect to keystore", e);
82            return null;
83        }
84    }
85
86    public boolean put(String key, byte[] value) {
87        try {
88            return mBinder.insert(key, value) == NO_ERROR;
89        } catch (RemoteException e) {
90            Log.w(TAG, "Cannot connect to keystore", e);
91            return false;
92        }
93    }
94
95    public boolean delete(String key) {
96        try {
97            return mBinder.del(key) == NO_ERROR;
98        } catch (RemoteException e) {
99            Log.w(TAG, "Cannot connect to keystore", e);
100            return false;
101        }
102    }
103
104    public boolean contains(String key) {
105        try {
106            return mBinder.exist(key) == NO_ERROR;
107        } catch (RemoteException e) {
108            Log.w(TAG, "Cannot connect to keystore", e);
109            return false;
110        }
111    }
112
113    public String[] saw(String prefix) {
114        try {
115            return mBinder.saw(prefix);
116        } catch (RemoteException e) {
117            Log.w(TAG, "Cannot connect to keystore", e);
118            return null;
119        }
120    }
121
122    public boolean reset() {
123        try {
124            return mBinder.reset() == NO_ERROR;
125        } catch (RemoteException e) {
126            Log.w(TAG, "Cannot connect to keystore", e);
127            return false;
128        }
129    }
130
131    public boolean password(String password) {
132        try {
133            return mBinder.password(password) == NO_ERROR;
134        } catch (RemoteException e) {
135            Log.w(TAG, "Cannot connect to keystore", e);
136            return false;
137        }
138    }
139
140    public boolean lock() {
141        try {
142            return mBinder.lock() == NO_ERROR;
143        } catch (RemoteException e) {
144            Log.w(TAG, "Cannot connect to keystore", e);
145            return false;
146        }
147    }
148
149    public boolean unlock(String password) {
150        try {
151            mError = mBinder.unlock(password);
152            return mError == NO_ERROR;
153        } catch (RemoteException e) {
154            Log.w(TAG, "Cannot connect to keystore", e);
155            return false;
156        }
157    }
158
159    public boolean isEmpty() {
160        try {
161            return mBinder.zero() == KEY_NOT_FOUND;
162        } catch (RemoteException e) {
163            Log.w(TAG, "Cannot connect to keystore", e);
164            return false;
165        }
166    }
167
168    public boolean generate(String key) {
169        try {
170            return mBinder.generate(key) == NO_ERROR;
171        } catch (RemoteException e) {
172            Log.w(TAG, "Cannot connect to keystore", e);
173            return false;
174        }
175    }
176
177    public boolean importKey(String keyName, byte[] key) {
178        try {
179            return mBinder.import_key(keyName, key) == NO_ERROR;
180        } catch (RemoteException e) {
181            Log.w(TAG, "Cannot connect to keystore", e);
182            return false;
183        }
184    }
185
186    public byte[] getPubkey(String key) {
187        try {
188            return mBinder.get_pubkey(key);
189        } catch (RemoteException e) {
190            Log.w(TAG, "Cannot connect to keystore", e);
191            return null;
192        }
193    }
194
195    public boolean delKey(String key) {
196        try {
197            return mBinder.del_key(key) == NO_ERROR;
198        } catch (RemoteException e) {
199            Log.w(TAG, "Cannot connect to keystore", e);
200            return false;
201        }
202    }
203
204    public byte[] sign(String key, byte[] data) {
205        try {
206            return mBinder.sign(key, data);
207        } catch (RemoteException e) {
208            Log.w(TAG, "Cannot connect to keystore", e);
209            return null;
210        }
211    }
212
213    public boolean verify(String key, byte[] data, byte[] signature) {
214        try {
215            return mBinder.verify(key, data, signature) == NO_ERROR;
216        } catch (RemoteException e) {
217            Log.w(TAG, "Cannot connect to keystore", e);
218            return false;
219        }
220    }
221
222    public boolean grant(String key, int uid) {
223        try {
224            return mBinder.grant(key, uid) == NO_ERROR;
225        } catch (RemoteException e) {
226            Log.w(TAG, "Cannot connect to keystore", e);
227            return false;
228        }
229    }
230
231    public boolean ungrant(String key, int uid) {
232        try {
233            return mBinder.ungrant(key, uid) == NO_ERROR;
234        } catch (RemoteException e) {
235            Log.w(TAG, "Cannot connect to keystore", e);
236            return false;
237        }
238    }
239
240    /**
241     * Returns the last modification time of the key in milliseconds since the
242     * epoch. Will return -1L if the key could not be found or other error.
243     */
244    public long getmtime(String key) {
245        try {
246            final long millis = mBinder.getmtime(key);
247            if (millis == -1L) {
248                return -1L;
249            }
250
251            return millis * 1000L;
252        } catch (RemoteException e) {
253            Log.w(TAG, "Cannot connect to keystore", e);
254            return -1L;
255        }
256    }
257
258    public int getLastError() {
259        return mError;
260    }
261}
262