169a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn// Copyright 2015 The Android Open Source Project 269a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn// 369a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn// Licensed under the Apache License, Version 2.0 (the "License"); 469a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn// you may not use this file except in compliance with the License. 569a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn// You may obtain a copy of the License at 669a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn// 769a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn// http://www.apache.org/licenses/LICENSE-2.0 869a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn// 969a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn// Unless required by applicable law or agreed to in writing, software 1069a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn// distributed under the License is distributed on an "AS IS" BASIS, 1169a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 1269a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn// See the License for the specific language governing permissions and 1369a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn// limitations under the License. 1469a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn 1569a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn#ifndef KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 1669a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn#define KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 1769a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn 18c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis#include "keystore_client.h" 1969a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn 2069a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn#include <string> 2169a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn#include <map> 2269a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn#include <vector> 2369a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn 24c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis#include <binder/IBinder.h> 25c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis#include <binder/IServiceManager.h> 26c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis#include "IKeystoreService.h" 27c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis#include <utils/StrongPointer.h> 2869a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn 2969a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahnnamespace keystore { 3069a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn 3169a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahnclass KeystoreClientImpl : public KeystoreClient { 3269a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn public: 3369a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn KeystoreClientImpl(); 3469a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn ~KeystoreClientImpl() override = default; 3569a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn 3669a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn // KeystoreClient methods. 37251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn bool encryptWithAuthentication(const std::string& key_name, const std::string& data, 38251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn std::string* encrypted_data) override; 39251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn bool decryptWithAuthentication(const std::string& key_name, const std::string& encrypted_data, 40251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn std::string* data) override; 41c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis bool oneShotOperation(KeyPurpose purpose, const std::string& key_name, 42c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const keystore::AuthorizationSet& input_parameters, 43251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn const std::string& input_data, const std::string& signature_to_verify, 44c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis keystore::AuthorizationSet* output_parameters, 45251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn std::string* output_data) override; 46c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreNativeReturnCode addRandomNumberGeneratorEntropy(const std::string& entropy) override; 47c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreNativeReturnCode generateKey(const std::string& key_name, 48c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const keystore::AuthorizationSet& key_parameters, 49c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis keystore::AuthorizationSet* hardware_enforced_characteristics, 50c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis keystore::AuthorizationSet* software_enforced_characteristics) override; 51c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreNativeReturnCode 5269a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn getKeyCharacteristics(const std::string& key_name, 53c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis keystore::AuthorizationSet* hardware_enforced_characteristics, 54c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis keystore::AuthorizationSet* software_enforced_characteristics) override; 55c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreNativeReturnCode importKey(const std::string& key_name, 56c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const keystore::AuthorizationSet& key_parameters, 57c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyFormat key_format, const std::string& key_data, 58c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis keystore::AuthorizationSet* hardware_enforced_characteristics, 59c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis keystore::AuthorizationSet* software_enforced_characteristics) override; 60c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreNativeReturnCode exportKey(KeyFormat export_format, const std::string& key_name, 6169a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn std::string* export_data) override; 62c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreNativeReturnCode deleteKey(const std::string& key_name) override; 63c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreNativeReturnCode deleteAllKeys() override; 64c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreNativeReturnCode beginOperation(KeyPurpose purpose, const std::string& key_name, 65c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const keystore::AuthorizationSet& input_parameters, 66c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis keystore::AuthorizationSet* output_parameters, 67c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis uint64_t* handle) override; 68c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreNativeReturnCode updateOperation(uint64_t handle, 69c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const keystore::AuthorizationSet& input_parameters, 7069a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn const std::string& input_data, size_t* num_input_bytes_consumed, 71c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis keystore::AuthorizationSet* output_parameters, 7269a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn std::string* output_data) override; 73c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreNativeReturnCode finishOperation(uint64_t handle, 74c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const keystore::AuthorizationSet& input_parameters, 7569a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn const std::string& signature_to_verify, 76c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis keystore::AuthorizationSet* output_parameters, 7769a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn std::string* output_data) override; 78c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreNativeReturnCode abortOperation(uint64_t handle) override; 7969a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn bool doesKeyExist(const std::string& key_name) override; 8069a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn bool listKeys(const std::string& prefix, std::vector<std::string>* key_name_list) override; 8169a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn 8269a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn private: 8369a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn // Returns an available virtual operation handle. 84c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis uint64_t getNextVirtualHandle(); 8569a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn 8669a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn // Maps a keystore error code to a code where all success cases use 8769a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn // KM_ERROR_OK (not keystore's NO_ERROR). 88c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis// int32_t mapKeystoreError(int32_t keystore_error); 8969a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn 90251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn // Creates an encryption key suitable for EncryptWithAuthentication or 91251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn // verifies attributes if the key already exists. Returns true on success. 92251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn bool createOrVerifyEncryptionKey(const std::string& key_name); 93251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn 94251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn // Creates an authentication key suitable for EncryptWithAuthentication or 95251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn // verifies attributes if the key already exists. Returns true on success. 96251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn bool createOrVerifyAuthenticationKey(const std::string& key_name); 97251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn 98251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn // Verifies attributes of an encryption key suitable for 99251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn // EncryptWithAuthentication. Returns true on success and populates |verified| 100251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn // with the result of the verification. 101251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn bool verifyEncryptionKeyAttributes(const std::string& key_name, bool* verified); 102251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn 103251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn // Verifies attributes of an authentication key suitable for 104251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn // EncryptWithAuthentication. Returns true on success and populates |verified| 105251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn // with the result of the verification. 106251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn bool verifyAuthenticationKeyAttributes(const std::string& key_name, bool* verified); 107251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn 108251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn android::sp<android::IServiceManager> service_manager_; 109251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn android::sp<android::IBinder> keystore_binder_; 110251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn android::sp<android::IKeystoreService> keystore_; 111c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis uint64_t next_virtual_handle_ = 1; 112c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis std::map<uint64_t, android::sp<android::IBinder>> active_operations_; 113251cb28132e456f81374c8f8a983a5a9ad9aaee8Darren Krahn 11469a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn DISALLOW_COPY_AND_ASSIGN(KeystoreClientImpl); 11569a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn}; 11669a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn 11769a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn} // namespace keystore 11869a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn 11969a3dbc2bbbe0b304eb91376ff7f79c8bde995a1Darren Krahn#endif // KEYSTORE_KEYSTORE_CLIENT_IMPL_H_ 120