KeyStore.java revision a3788b00bb221e20abdd42f747d2af419e0a088c 
1/*
2 * Copyright (C) 2009 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17package android.security;
18
19import android.os.RemoteException;
20import android.os.ServiceManager;
21import android.util.Log;
22
23/**
24 * @hide This should not be made public in its present form because it
25 * assumes that private and secret key bytes are available and would
26 * preclude the use of hardware crypto.
27 */
28public class KeyStore {
29    private static final String TAG = "KeyStore";
30
31    // ResponseCodes
32    public static final int NO_ERROR = 1;
33    public static final int LOCKED = 2;
34    public static final int UNINITIALIZED = 3;
35    public static final int SYSTEM_ERROR = 4;
36    public static final int PROTOCOL_ERROR = 5;
37    public static final int PERMISSION_DENIED = 6;
38    public static final int KEY_NOT_FOUND = 7;
39    public static final int VALUE_CORRUPTED = 8;
40    public static final int UNDEFINED_ACTION = 9;
41    public static final int WRONG_PASSWORD = 10;
42
43    // Flags for "put" and "import"
44    public static final int FLAG_ENCRYPTED = 1;
45
46    // States
47    public enum State { UNLOCKED, LOCKED, UNINITIALIZED };
48
49    private int mError = NO_ERROR;
50
51    private final IKeystoreService mBinder;
52
53    private KeyStore(IKeystoreService binder) {
54        mBinder = binder;
55    }
56
57    public static KeyStore getInstance() {
58        IKeystoreService keystore = IKeystoreService.Stub.asInterface(ServiceManager
59                .getService("android.security.keystore"));
60        return new KeyStore(keystore);
61    }
62
63    public State state() {
64        final int ret;
65        try {
66            ret = mBinder.test();
67        } catch (RemoteException e) {
68            Log.w(TAG, "Cannot connect to keystore", e);
69            throw new AssertionError(e);
70        }
71
72        switch (ret) {
73            case NO_ERROR: return State.UNLOCKED;
74            case LOCKED: return State.LOCKED;
75            case UNINITIALIZED: return State.UNINITIALIZED;
76            default: throw new AssertionError(mError);
77        }
78    }
79
80    public boolean isUnlocked() {
81        return state() == State.UNLOCKED;
82    }
83
84    public byte[] get(String key) {
85        try {
86            return mBinder.get(key);
87        } catch (RemoteException e) {
88            Log.w(TAG, "Cannot connect to keystore", e);
89            return null;
90        }
91    }
92
93    public boolean put(String key, byte[] value, int uid, int flags) {
94        try {
95            return mBinder.insert(key, value, uid, flags) == NO_ERROR;
96        } catch (RemoteException e) {
97            Log.w(TAG, "Cannot connect to keystore", e);
98            return false;
99        }
100    }
101
102    public boolean put(String key, byte[] value, int uid) {
103        return put(key, value, uid, FLAG_ENCRYPTED);
104    }
105
106    public boolean put(String key, byte[] value) {
107        return put(key, value, -1);
108    }
109
110    public boolean delete(String key, int uid) {
111        try {
112            return mBinder.del(key, uid) == NO_ERROR;
113        } catch (RemoteException e) {
114            Log.w(TAG, "Cannot connect to keystore", e);
115            return false;
116        }
117    }
118
119    public boolean delete(String key) {
120        return delete(key, -1);
121    }
122
123    public boolean contains(String key, int uid) {
124        try {
125            return mBinder.exist(key, uid) == NO_ERROR;
126        } catch (RemoteException e) {
127            Log.w(TAG, "Cannot connect to keystore", e);
128            return false;
129        }
130    }
131
132    public boolean contains(String key) {
133        return contains(key, -1);
134    }
135
136    public String[] saw(String prefix, int uid) {
137        try {
138            return mBinder.saw(prefix, uid);
139        } catch (RemoteException e) {
140            Log.w(TAG, "Cannot connect to keystore", e);
141            return null;
142        }
143    }
144
145    public String[] saw(String prefix) {
146        return saw(prefix, -1);
147    }
148
149    public boolean reset() {
150        try {
151            return mBinder.reset() == NO_ERROR;
152        } catch (RemoteException e) {
153            Log.w(TAG, "Cannot connect to keystore", e);
154            return false;
155        }
156    }
157
158    public boolean password(String password) {
159        try {
160            return mBinder.password(password) == NO_ERROR;
161        } catch (RemoteException e) {
162            Log.w(TAG, "Cannot connect to keystore", e);
163            return false;
164        }
165    }
166
167    public boolean lock() {
168        try {
169            return mBinder.lock() == NO_ERROR;
170        } catch (RemoteException e) {
171            Log.w(TAG, "Cannot connect to keystore", e);
172            return false;
173        }
174    }
175
176    public boolean unlock(String password) {
177        try {
178            mError = mBinder.unlock(password);
179            return mError == NO_ERROR;
180        } catch (RemoteException e) {
181            Log.w(TAG, "Cannot connect to keystore", e);
182            return false;
183        }
184    }
185
186    public boolean isEmpty() {
187        try {
188            return mBinder.zero() == KEY_NOT_FOUND;
189        } catch (RemoteException e) {
190            Log.w(TAG, "Cannot connect to keystore", e);
191            return false;
192        }
193    }
194
195    public boolean generate(String key, int uid, int flags) {
196        try {
197            return mBinder.generate(key, uid, flags) == NO_ERROR;
198        } catch (RemoteException e) {
199            Log.w(TAG, "Cannot connect to keystore", e);
200            return false;
201        }
202    }
203
204    public boolean generate(String key, int uid) {
205        return generate(key, uid, FLAG_ENCRYPTED);
206    }
207
208    public boolean generate(String key) {
209        return generate(key, -1);
210    }
211
212    public boolean importKey(String keyName, byte[] key, int uid, int flags) {
213        try {
214            return mBinder.import_key(keyName, key, uid, flags) == NO_ERROR;
215        } catch (RemoteException e) {
216            Log.w(TAG, "Cannot connect to keystore", e);
217            return false;
218        }
219    }
220
221    public boolean importKey(String keyName, byte[] key, int uid) {
222        return importKey(keyName, key, uid, FLAG_ENCRYPTED);
223    }
224
225    public boolean importKey(String keyName, byte[] key) {
226        return importKey(keyName, key, -1);
227    }
228
229    public byte[] getPubkey(String key) {
230        try {
231            return mBinder.get_pubkey(key);
232        } catch (RemoteException e) {
233            Log.w(TAG, "Cannot connect to keystore", e);
234            return null;
235        }
236    }
237
238    public boolean delKey(String key, int uid) {
239        try {
240            return mBinder.del_key(key, uid) == NO_ERROR;
241        } catch (RemoteException e) {
242            Log.w(TAG, "Cannot connect to keystore", e);
243            return false;
244        }
245    }
246
247    public boolean delKey(String key) {
248        return delKey(key, -1);
249    }
250
251    public byte[] sign(String key, byte[] data) {
252        try {
253            return mBinder.sign(key, data);
254        } catch (RemoteException e) {
255            Log.w(TAG, "Cannot connect to keystore", e);
256            return null;
257        }
258    }
259
260    public boolean verify(String key, byte[] data, byte[] signature) {
261        try {
262            return mBinder.verify(key, data, signature) == NO_ERROR;
263        } catch (RemoteException e) {
264            Log.w(TAG, "Cannot connect to keystore", e);
265            return false;
266        }
267    }
268
269    public boolean grant(String key, int uid) {
270        try {
271            return mBinder.grant(key, uid) == NO_ERROR;
272        } catch (RemoteException e) {
273            Log.w(TAG, "Cannot connect to keystore", e);
274            return false;
275        }
276    }
277
278    public boolean ungrant(String key, int uid) {
279        try {
280            return mBinder.ungrant(key, uid) == NO_ERROR;
281        } catch (RemoteException e) {
282            Log.w(TAG, "Cannot connect to keystore", e);
283            return false;
284        }
285    }
286
287    /**
288     * Returns the last modification time of the key in milliseconds since the
289     * epoch. Will return -1L if the key could not be found or other error.
290     */
291    public long getmtime(String key) {
292        try {
293            final long millis = mBinder.getmtime(key);
294            if (millis == -1L) {
295                return -1L;
296            }
297
298            return millis * 1000L;
299        } catch (RemoteException e) {
300            Log.w(TAG, "Cannot connect to keystore", e);
301            return -1L;
302        }
303    }
304
305    public boolean duplicate(String srcKey, int srcUid, String destKey, int destUid) {
306        try {
307            return mBinder.duplicate(srcKey, srcUid, destKey, destUid) == NO_ERROR;
308        } catch (RemoteException e) {
309            Log.w(TAG, "Cannot connect to keystore", e);
310            return false;
311        }
312    }
313
314    public boolean isHardwareBacked() {
315        try {
316            return mBinder.is_hardware_backed() == NO_ERROR;
317        } catch (RemoteException e) {
318            Log.w(TAG, "Cannot connect to keystore", e);
319            return false;
320        }
321    }
322
323    public boolean clearUid(int uid) {
324        try {
325            return mBinder.clear_uid(uid) == NO_ERROR;
326        } catch (RemoteException e) {
327            Log.w(TAG, "Cannot connect to keystore", e);
328            return false;
329        }
330    }
331
332    public int getLastError() {
333        return mError;
334    }
335}
336