1// Copyright 2015 The Android Open Source Project 2// 3// Licensed under the Apache License, Version 2.0 (the "License"); 4// you may not use this file except in compliance with the License. 5// You may obtain a copy of the License at 6// 7// http://www.apache.org/licenses/LICENSE-2.0 8// 9// Unless required by applicable law or agreed to in writing, software 10// distributed under the License is distributed on an "AS IS" BASIS, 11// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12// See the License for the specific language governing permissions and 13// limitations under the License. 14 15#ifndef KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 16#define KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 17 18#include "keystore_client.h" 19 20#include <string> 21#include <map> 22#include <vector> 23 24#include <binder/IBinder.h> 25#include <binder/IServiceManager.h> 26#include "IKeystoreService.h" 27#include <utils/StrongPointer.h> 28 29namespace keystore { 30 31class KeystoreClientImpl : public KeystoreClient { 32 public: 33 KeystoreClientImpl(); 34 ~KeystoreClientImpl() override = default; 35 36 // KeystoreClient methods. 37 bool encryptWithAuthentication(const std::string& key_name, const std::string& data, 38 std::string* encrypted_data) override; 39 bool decryptWithAuthentication(const std::string& key_name, const std::string& encrypted_data, 40 std::string* data) override; 41 bool oneShotOperation(KeyPurpose purpose, const std::string& key_name, 42 const keystore::AuthorizationSet& input_parameters, 43 const std::string& input_data, const std::string& signature_to_verify, 44 keystore::AuthorizationSet* output_parameters, 45 std::string* output_data) override; 46 KeyStoreNativeReturnCode addRandomNumberGeneratorEntropy(const std::string& entropy) override; 47 KeyStoreNativeReturnCode generateKey(const std::string& key_name, 48 const keystore::AuthorizationSet& key_parameters, 49 keystore::AuthorizationSet* hardware_enforced_characteristics, 50 keystore::AuthorizationSet* software_enforced_characteristics) override; 51 KeyStoreNativeReturnCode 52 getKeyCharacteristics(const std::string& key_name, 53 keystore::AuthorizationSet* hardware_enforced_characteristics, 54 keystore::AuthorizationSet* software_enforced_characteristics) override; 55 KeyStoreNativeReturnCode importKey(const std::string& key_name, 56 const keystore::AuthorizationSet& key_parameters, 57 KeyFormat key_format, const std::string& key_data, 58 keystore::AuthorizationSet* hardware_enforced_characteristics, 59 keystore::AuthorizationSet* software_enforced_characteristics) override; 60 KeyStoreNativeReturnCode exportKey(KeyFormat export_format, const std::string& key_name, 61 std::string* export_data) override; 62 KeyStoreNativeReturnCode deleteKey(const std::string& key_name) override; 63 KeyStoreNativeReturnCode deleteAllKeys() override; 64 KeyStoreNativeReturnCode beginOperation(KeyPurpose purpose, const std::string& key_name, 65 const keystore::AuthorizationSet& input_parameters, 66 keystore::AuthorizationSet* output_parameters, 67 uint64_t* handle) override; 68 KeyStoreNativeReturnCode updateOperation(uint64_t handle, 69 const keystore::AuthorizationSet& input_parameters, 70 const std::string& input_data, size_t* num_input_bytes_consumed, 71 keystore::AuthorizationSet* output_parameters, 72 std::string* output_data) override; 73 KeyStoreNativeReturnCode finishOperation(uint64_t handle, 74 const keystore::AuthorizationSet& input_parameters, 75 const std::string& signature_to_verify, 76 keystore::AuthorizationSet* output_parameters, 77 std::string* output_data) override; 78 KeyStoreNativeReturnCode abortOperation(uint64_t handle) override; 79 bool doesKeyExist(const std::string& key_name) override; 80 bool listKeys(const std::string& prefix, std::vector<std::string>* key_name_list) override; 81 82 private: 83 // Returns an available virtual operation handle. 84 uint64_t getNextVirtualHandle(); 85 86 // Maps a keystore error code to a code where all success cases use 87 // KM_ERROR_OK (not keystore's NO_ERROR). 88// int32_t mapKeystoreError(int32_t keystore_error); 89 90 // Creates an encryption key suitable for EncryptWithAuthentication or 91 // verifies attributes if the key already exists. Returns true on success. 92 bool createOrVerifyEncryptionKey(const std::string& key_name); 93 94 // Creates an authentication key suitable for EncryptWithAuthentication or 95 // verifies attributes if the key already exists. Returns true on success. 96 bool createOrVerifyAuthenticationKey(const std::string& key_name); 97 98 // Verifies attributes of an encryption key suitable for 99 // EncryptWithAuthentication. Returns true on success and populates |verified| 100 // with the result of the verification. 101 bool verifyEncryptionKeyAttributes(const std::string& key_name, bool* verified); 102 103 // Verifies attributes of an authentication key suitable for 104 // EncryptWithAuthentication. Returns true on success and populates |verified| 105 // with the result of the verification. 106 bool verifyAuthenticationKeyAttributes(const std::string& key_name, bool* verified); 107 108 android::sp<android::IServiceManager> service_manager_; 109 android::sp<android::IBinder> keystore_binder_; 110 android::sp<android::IKeystoreService> keystore_; 111 uint64_t next_virtual_handle_ = 1; 112 std::map<uint64_t, android::sp<android::IBinder>> active_operations_; 113 114 DISALLOW_COPY_AND_ASSIGN(KeystoreClientImpl); 115}; 116 117} // namespace keystore 118 119#endif // KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 120