1c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden/* 2c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Copyright (C) 2016 The Android Open Source Project 3c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * 4c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Licensed under the Apache License, Version 2.0 (the "License"); 5c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * you may not use this file except in compliance with the License. 6c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * You may obtain a copy of the License at 7c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * 8c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * http://www.apache.org/licenses/LICENSE-2.0 9c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * 10c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Unless required by applicable law or agreed to in writing, software 11c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * distributed under the License is distributed on an "AS IS" BASIS, 12c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * See the License for the specific language governing permissions and 14c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * limitations under the License. 15c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden */ 16c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 17c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#ifndef KEYSTORE_KEYSTORE_SERVICE_H_ 18c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#define KEYSTORE_KEYSTORE_SERVICE_H_ 19c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 20c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#include <keystore/IKeystoreService.h> 21c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 22c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis#include <keystore/authorization_set.h> 2398c5916d4a807614fad5fdfb63aa10d724b9ef0aShawn Willden 24c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#include "auth_token_table.h" 25c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#include "keystore.h" 26c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#include "keystore_keymaster_enforcement.h" 27c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#include "operation.h" 28c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#include "permissions.h" 29c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 30c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskisnamespace keystore { 31c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 32c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskisclass KeyStoreService : public android::BnKeystoreService, public android::IBinder::DeathRecipient { 33c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis typedef ::android::sp<::android::hardware::keymaster::V3_0::IKeymasterDevice> km_device_t; 34c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 35c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden public: 36d7791be04b7572dbcb8c683408e66ce7184841f2Chih-Hung Hsieh explicit KeyStoreService(KeyStore* keyStore) : mKeyStore(keyStore), mOperationMap(this) {} 37c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 38c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis void binderDied(const android::wp<android::IBinder>& who); 39c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 40c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode getState(int32_t userId) override; 41c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 42c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode get(const android::String16& name, int32_t uid, 43c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis hidl_vec<uint8_t>* item) override; 44c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode insert(const android::String16& name, const hidl_vec<uint8_t>& item, 45c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis int targetUid, int32_t flags) override; 46c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode del(const android::String16& name, int targetUid) override; 47c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode exist(const android::String16& name, int targetUid) override; 48c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode list(const android::String16& prefix, int targetUid, 49c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis android::Vector<android::String16>* matches) override; 50c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 51c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode reset() override; 52c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 53c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode onUserPasswordChanged(int32_t userId, 54c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const android::String16& password) override; 55c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode onUserAdded(int32_t userId, int32_t parentId) override; 56c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode onUserRemoved(int32_t userId) override; 57c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 58c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode lock(int32_t userId) override; 59c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode unlock(int32_t userId, const android::String16& pw) override; 60c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 61c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis bool isEmpty(int32_t userId) override; 62c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 63c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode 64c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis generate(const android::String16& name, int32_t targetUid, int32_t keyType, int32_t keySize, 65c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis int32_t flags, android::Vector<android::sp<android::KeystoreArg>>* args) override; 66c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode import(const android::String16& name, const hidl_vec<uint8_t>& data, 67c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis int targetUid, int32_t flags) override; 68c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode sign(const android::String16& name, const hidl_vec<uint8_t>& data, 69c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis hidl_vec<uint8_t>* out) override; 70c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode verify(const android::String16& name, const hidl_vec<uint8_t>& data, 71c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const hidl_vec<uint8_t>& signature) override; 72c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 73c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden /* 74c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * TODO: The abstraction between things stored in hardware and regular blobs 75c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * of data stored on the filesystem should be moved down to keystore itself. 76c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Unfortunately the Java code that calls this has naming conventions that it 77c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * knows about. Ideally keystore shouldn't be used to store random blobs of 78c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * data. 79c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * 80c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Until that happens, it's necessary to have a separate "get_pubkey" and 81c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * "del_key" since the Java code doesn't really communicate what it's 82c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * intentions are. 83c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden */ 84c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode get_pubkey(const android::String16& name, 85c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis hidl_vec<uint8_t>* pubKey) override; 86c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 876d449e8f4317b064c7868957b8ecc4472237d19eJanis Danisevskis android::String16 grant(const android::String16& name, int32_t granteeUid) override; 88c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode ungrant(const android::String16& name, int32_t granteeUid) override; 89c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 90c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis int64_t getmtime(const android::String16& name, int32_t uid) override; 91c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 92c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode duplicate(const android::String16& srcKey, int32_t srcUid, 93c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const android::String16& destKey, int32_t destUid) override; 94c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 95c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis int32_t is_hardware_backed(const android::String16& keyType) override; 96c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 97c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode clear_uid(int64_t targetUid64) override; 98c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 99c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode addRngEntropy(const hidl_vec<uint8_t>& entropy) override; 100c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode generateKey(const android::String16& name, 101c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const hidl_vec<KeyParameter>& params, 102c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const hidl_vec<uint8_t>& entropy, int uid, int flags, 103c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyCharacteristics* outCharacteristics) override; 104c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode 105c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis getKeyCharacteristics(const android::String16& name, const hidl_vec<uint8_t>& clientId, 106c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const hidl_vec<uint8_t>& appData, int32_t uid, 107c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyCharacteristics* outCharacteristics) override; 108c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode importKey(const android::String16& name, 109c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const hidl_vec<KeyParameter>& params, KeyFormat format, 110c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const hidl_vec<uint8_t>& keyData, int uid, int flags, 111c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyCharacteristics* outCharacteristics) override; 112c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis void exportKey(const android::String16& name, KeyFormat format, 113c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData, int32_t uid, 114c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis android::ExportResult* result) override; 115c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis void begin(const sp<android::IBinder>& appToken, const android::String16& name, 116c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyPurpose purpose, bool pruneable, const hidl_vec<KeyParameter>& params, 117c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const hidl_vec<uint8_t>& entropy, int32_t uid, 118c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis android::OperationResult* result) override; 119c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis void update(const sp<android::IBinder>& token, const hidl_vec<KeyParameter>& params, 120c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const hidl_vec<uint8_t>& data, android::OperationResult* result) override; 121c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis void finish(const sp<android::IBinder>& token, const hidl_vec<KeyParameter>& params, 122c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const hidl_vec<uint8_t>& signature, const hidl_vec<uint8_t>& entropy, 123c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis android::OperationResult* result) override; 124c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode abort(const sp<android::IBinder>& token) override; 125c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 126c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis bool isOperationAuthorized(const sp<android::IBinder>& token) override; 127c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 128c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode addAuthToken(const uint8_t* token, size_t length) override; 129c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 130c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode attestKey(const android::String16& name, 131c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const hidl_vec<KeyParameter>& params, 132c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis hidl_vec<hidl_vec<uint8_t>>* outChain) override; 133c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis 1345aa93e08a8715cfcec5f52fb4ffe41ba1a9bad50Bartosz Fabianowski KeyStoreServiceReturnCode attestDeviceIds(const hidl_vec<KeyParameter>& params, 1355aa93e08a8715cfcec5f52fb4ffe41ba1a9bad50Bartosz Fabianowski hidl_vec<hidl_vec<uint8_t>>* outChain) override; 1365aa93e08a8715cfcec5f52fb4ffe41ba1a9bad50Bartosz Fabianowski 137c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode onDeviceOffBody() override; 1380ab28b78bd06a06a0ffa150cef5876d56212902aTucker Sylvestro 139c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden private: 140c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden static const int32_t UID_SELF = -1; 141c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 142c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden /** 143c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Prune the oldest pruneable operation. 144c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden */ 145c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden bool pruneOperation(); 146c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 147c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden /** 148c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Get the effective target uid for a binder operation that takes an 149c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * optional uid as the target. 150c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden */ 151c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden uid_t getEffectiveUid(int32_t targetUid); 152c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 153c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden /** 154c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Check if the caller of the current binder method has the required 155c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * permission and if acting on other uids the grants to do so. 156c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden */ 157c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF); 158c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 159c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden /** 160c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Check if the caller of the current binder method has the required 161c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * permission and the target uid is the caller or the caller is system. 162c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden */ 163c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden bool checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid); 164c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 165c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden /** 166c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Check if the caller of the current binder method has the required 167c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * permission or the target of the operation is the caller's uid. This is 168c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * for operation where the permission is only for cross-uid activity and all 169c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * uids are allowed to act on their own (ie: clearing all entries for a 170c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * given uid). 171c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden */ 172c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid); 173c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 174c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden /** 175c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Helper method to check that the caller has the required permission as 176c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * well as the keystore is in the unlocked state if checkUnlocked is true. 177c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * 178c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and 179c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * otherwise the state of keystore when not unlocked and checkUnlocked is 180c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * true. 181c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden */ 182c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode checkBinderPermissionAndKeystoreState(perm_t permission, 183c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis int32_t targetUid = -1, 184c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis bool checkUnlocked = true); 185c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 186c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden bool isKeystoreUnlocked(State state); 187c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 188c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden /** 189c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Check that all keymaster_key_param_t's provided by the application are 190c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * allowed. Any parameter that keystore adds itself should be disallowed here. 191c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden */ 192c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis bool checkAllowedOperationParams(const hidl_vec<KeyParameter>& params); 193c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 194c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis ErrorCode getOperationCharacteristics(const hidl_vec<uint8_t>& key, km_device_t* dev, 195c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const AuthorizationSet& params, KeyCharacteristics* out); 196c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 197c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden /** 198c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Get the auth token for this operation from the auth token table. 199c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * 200c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Returns ::NO_ERROR if the auth token was set or none was required. 201c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * ::OP_AUTH_NEEDED if it is a per op authorization, no 202c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * authorization token exists for that operation and 203c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * failOnTokenMissing is false. 204c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth 205c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * token for the operation 206c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden */ 207c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode getAuthToken(const KeyCharacteristics& characteristics, 208c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis uint64_t handle, KeyPurpose purpose, 209d3ed3a207990fa2a1cd2902a07afc9bd3d1f5777Shawn Willden const HardwareAuthToken** authToken, 210c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis bool failOnTokenMissing = true); 211c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 212c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden /** 213c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Add the auth token for the operation to the param list if the operation 214c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * requires authorization. Uses the cached result in the OperationMap if available 215c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * otherwise gets the token from the AuthTokenTable and caches the result. 216c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * 217c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Returns ::NO_ERROR if the auth token was added or not needed. 218c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if the operation is not 219c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * authenticated. 220c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * KM_ERROR_INVALID_OPERATION_HANDLE if token is not a valid 221c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * operation token. 222c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden */ 223c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode addOperationAuthTokenIfNeeded(const sp<android::IBinder>& token, 224c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis AuthorizationSet* params); 225c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 226c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden /** 227c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Translate a result value to a legacy return value. All keystore errors are 228c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * preserved and keymaster errors become SYSTEM_ERRORs 229c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden */ 230c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode translateResultToLegacyResult(int32_t result); 231c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 232c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis void addLegacyBeginParams(const android::String16& name, AuthorizationSet* params); 233c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 234c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode doLegacySignVerify(const android::String16& name, 235c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const hidl_vec<uint8_t>& data, 236c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis hidl_vec<uint8_t>* out, 237c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const hidl_vec<uint8_t>& signature, 238c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyPurpose purpose); 239c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 24098c5916d4a807614fad5fdfb63aa10d724b9ef0aShawn Willden /** 24198c5916d4a807614fad5fdfb63aa10d724b9ef0aShawn Willden * Upgrade a key blob under alias "name", returning the new blob in "blob". If "blob" 24298c5916d4a807614fad5fdfb63aa10d724b9ef0aShawn Willden * previously contained data, it will be overwritten. 24398c5916d4a807614fad5fdfb63aa10d724b9ef0aShawn Willden * 24498c5916d4a807614fad5fdfb63aa10d724b9ef0aShawn Willden * Returns ::NO_ERROR if the key was upgraded successfully. 24598c5916d4a807614fad5fdfb63aa10d724b9ef0aShawn Willden * KM_ERROR_VERSION_MISMATCH if called on a key whose patch level is greater than or 24698c5916d4a807614fad5fdfb63aa10d724b9ef0aShawn Willden * equal to the current system patch level. 24798c5916d4a807614fad5fdfb63aa10d724b9ef0aShawn Willden */ 248c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis KeyStoreServiceReturnCode upgradeKeyBlob(const android::String16& name, uid_t targetUid, 249c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis const AuthorizationSet& params, Blob* blob); 25098c5916d4a807614fad5fdfb63aa10d724b9ef0aShawn Willden 251c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden ::KeyStore* mKeyStore; 252c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden OperationMap mOperationMap; 253c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis keystore::AuthTokenTable mAuthTokenTable; 254c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden KeystoreKeymasterEnforcement enforcement_policy; 255c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden}; 256c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 257c7a9fa29c185a8c1889486d4acf00fd59c513870Janis Danisevskis}; // namespace keystore 258c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden 259c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#endif // KEYSTORE_KEYSTORE_SERVICE_H_ 260