1*e1997b9aSAndroid Build Coastguard Worker /* 2*e1997b9aSAndroid Build Coastguard Worker * Copyright (c) 2019, The Android Open Source Project 3*e1997b9aSAndroid Build Coastguard Worker * 4*e1997b9aSAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License"); 5*e1997b9aSAndroid Build Coastguard Worker * you may not use this file except in compliance with the License. 6*e1997b9aSAndroid Build Coastguard Worker * You may obtain a copy of the License at 7*e1997b9aSAndroid Build Coastguard Worker * 8*e1997b9aSAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0 9*e1997b9aSAndroid Build Coastguard Worker * 10*e1997b9aSAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software 11*e1997b9aSAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS, 12*e1997b9aSAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13*e1997b9aSAndroid Build Coastguard Worker * See the License for the specific language governing permissions and 14*e1997b9aSAndroid Build Coastguard Worker * limitations under the License. 15*e1997b9aSAndroid Build Coastguard Worker */ 16*e1997b9aSAndroid Build Coastguard Worker 17*e1997b9aSAndroid Build Coastguard Worker #ifndef SYSTEM_SECURITY_CREDENTIAL_H_ 18*e1997b9aSAndroid Build Coastguard Worker #define SYSTEM_SECURITY_CREDENTIAL_H_ 19*e1997b9aSAndroid Build Coastguard Worker 20*e1997b9aSAndroid Build Coastguard Worker #include <string> 21*e1997b9aSAndroid Build Coastguard Worker #include <vector> 22*e1997b9aSAndroid Build Coastguard Worker 23*e1997b9aSAndroid Build Coastguard Worker #include <android/security/identity/BnCredential.h> 24*e1997b9aSAndroid Build Coastguard Worker 25*e1997b9aSAndroid Build Coastguard Worker #include <android/hardware/identity/IIdentityCredentialStore.h> 26*e1997b9aSAndroid Build Coastguard Worker 27*e1997b9aSAndroid Build Coastguard Worker #include "CredentialData.h" 28*e1997b9aSAndroid Build Coastguard Worker 29*e1997b9aSAndroid Build Coastguard Worker namespace android { 30*e1997b9aSAndroid Build Coastguard Worker namespace security { 31*e1997b9aSAndroid Build Coastguard Worker namespace identity { 32*e1997b9aSAndroid Build Coastguard Worker 33*e1997b9aSAndroid Build Coastguard Worker using ::android::sp; 34*e1997b9aSAndroid Build Coastguard Worker using ::android::binder::Status; 35*e1997b9aSAndroid Build Coastguard Worker using ::std::string; 36*e1997b9aSAndroid Build Coastguard Worker using ::std::vector; 37*e1997b9aSAndroid Build Coastguard Worker 38*e1997b9aSAndroid Build Coastguard Worker using ::android::hardware::identity::CipherSuite; 39*e1997b9aSAndroid Build Coastguard Worker using ::android::hardware::identity::HardwareInformation; 40*e1997b9aSAndroid Build Coastguard Worker using ::android::hardware::identity::IIdentityCredential; 41*e1997b9aSAndroid Build Coastguard Worker using ::android::hardware::identity::IIdentityCredentialStore; 42*e1997b9aSAndroid Build Coastguard Worker using ::android::hardware::identity::IPresentationSession; 43*e1997b9aSAndroid Build Coastguard Worker using ::android::hardware::identity::RequestDataItem; 44*e1997b9aSAndroid Build Coastguard Worker using ::android::hardware::identity::RequestNamespace; 45*e1997b9aSAndroid Build Coastguard Worker 46*e1997b9aSAndroid Build Coastguard Worker class Credential : public BnCredential { 47*e1997b9aSAndroid Build Coastguard Worker public: 48*e1997b9aSAndroid Build Coastguard Worker Credential(CipherSuite cipherSuite, const string& dataPath, const string& credentialName, 49*e1997b9aSAndroid Build Coastguard Worker uid_t callingUid, HardwareInformation hwInfo, 50*e1997b9aSAndroid Build Coastguard Worker sp<IIdentityCredentialStore> halStoreBinder, 51*e1997b9aSAndroid Build Coastguard Worker sp<IPresentationSession> halSessionBinder, int halApiVersion); 52*e1997b9aSAndroid Build Coastguard Worker ~Credential(); 53*e1997b9aSAndroid Build Coastguard Worker 54*e1997b9aSAndroid Build Coastguard Worker Status ensureOrReplaceHalBinder(); 55*e1997b9aSAndroid Build Coastguard Worker void writableCredentialPersonalized(); 56*e1997b9aSAndroid Build Coastguard Worker 57*e1997b9aSAndroid Build Coastguard Worker // ICredential overrides 58*e1997b9aSAndroid Build Coastguard Worker Status createEphemeralKeyPair(vector<uint8_t>* _aidl_return) override; 59*e1997b9aSAndroid Build Coastguard Worker 60*e1997b9aSAndroid Build Coastguard Worker Status setReaderEphemeralPublicKey(const vector<uint8_t>& publicKey) override; 61*e1997b9aSAndroid Build Coastguard Worker 62*e1997b9aSAndroid Build Coastguard Worker Status deleteCredential(vector<uint8_t>* _aidl_return) override; 63*e1997b9aSAndroid Build Coastguard Worker 64*e1997b9aSAndroid Build Coastguard Worker Status deleteWithChallenge(const vector<uint8_t>& challenge, 65*e1997b9aSAndroid Build Coastguard Worker vector<uint8_t>* _aidl_return) override; 66*e1997b9aSAndroid Build Coastguard Worker 67*e1997b9aSAndroid Build Coastguard Worker Status proveOwnership(const vector<uint8_t>& challenge, vector<uint8_t>* _aidl_return) override; 68*e1997b9aSAndroid Build Coastguard Worker 69*e1997b9aSAndroid Build Coastguard Worker Status getCredentialKeyCertificateChain(vector<uint8_t>* _aidl_return) override; 70*e1997b9aSAndroid Build Coastguard Worker 71*e1997b9aSAndroid Build Coastguard Worker Status selectAuthKey(bool allowUsingExhaustedKeys, bool allowUsingExpiredKeys, 72*e1997b9aSAndroid Build Coastguard Worker bool incrementUsageCount, int64_t* _aidl_return) override; 73*e1997b9aSAndroid Build Coastguard Worker 74*e1997b9aSAndroid Build Coastguard Worker Status getEntries(const vector<uint8_t>& requestMessage, 75*e1997b9aSAndroid Build Coastguard Worker const vector<RequestNamespaceParcel>& requestNamespaces, 76*e1997b9aSAndroid Build Coastguard Worker const vector<uint8_t>& sessionTranscript, 77*e1997b9aSAndroid Build Coastguard Worker const vector<uint8_t>& readerSignature, bool allowUsingExhaustedKeys, 78*e1997b9aSAndroid Build Coastguard Worker bool allowUsingExpiredKeys, bool incrementUsageCount, 79*e1997b9aSAndroid Build Coastguard Worker GetEntriesResultParcel* _aidl_return) override; 80*e1997b9aSAndroid Build Coastguard Worker 81*e1997b9aSAndroid Build Coastguard Worker Status setAvailableAuthenticationKeys(int32_t keyCount, int32_t maxUsesPerKey, 82*e1997b9aSAndroid Build Coastguard Worker int64_t minValidTimeMillis) override; 83*e1997b9aSAndroid Build Coastguard Worker Status getAuthKeysNeedingCertification(vector<AuthKeyParcel>* _aidl_return) override; 84*e1997b9aSAndroid Build Coastguard Worker Status storeStaticAuthenticationData(const AuthKeyParcel& authenticationKey, 85*e1997b9aSAndroid Build Coastguard Worker const vector<uint8_t>& staticAuthData) override; 86*e1997b9aSAndroid Build Coastguard Worker Status 87*e1997b9aSAndroid Build Coastguard Worker storeStaticAuthenticationDataWithExpiration(const AuthKeyParcel& authenticationKey, 88*e1997b9aSAndroid Build Coastguard Worker int64_t expirationDateMillisSinceEpoch, 89*e1997b9aSAndroid Build Coastguard Worker const vector<uint8_t>& staticAuthData) override; 90*e1997b9aSAndroid Build Coastguard Worker Status getAuthenticationDataUsageCount(vector<int32_t>* _aidl_return) override; 91*e1997b9aSAndroid Build Coastguard Worker Status getAuthenticationDataExpirations(vector<int64_t>* _aidl_return) override; 92*e1997b9aSAndroid Build Coastguard Worker 93*e1997b9aSAndroid Build Coastguard Worker Status update(sp<IWritableCredential>* _aidl_return) override; 94*e1997b9aSAndroid Build Coastguard Worker 95*e1997b9aSAndroid Build Coastguard Worker private: 96*e1997b9aSAndroid Build Coastguard Worker CipherSuite cipherSuite_; 97*e1997b9aSAndroid Build Coastguard Worker string dataPath_; 98*e1997b9aSAndroid Build Coastguard Worker string credentialName_; 99*e1997b9aSAndroid Build Coastguard Worker uid_t callingUid_; 100*e1997b9aSAndroid Build Coastguard Worker HardwareInformation hwInfo_; 101*e1997b9aSAndroid Build Coastguard Worker sp<IIdentityCredentialStore> halStoreBinder_; 102*e1997b9aSAndroid Build Coastguard Worker sp<IPresentationSession> halSessionBinder_; 103*e1997b9aSAndroid Build Coastguard Worker 104*e1997b9aSAndroid Build Coastguard Worker uint64_t selectedChallenge_ = 0; 105*e1997b9aSAndroid Build Coastguard Worker 106*e1997b9aSAndroid Build Coastguard Worker sp<IIdentityCredential> halBinder_; 107*e1997b9aSAndroid Build Coastguard Worker int halApiVersion_; 108*e1997b9aSAndroid Build Coastguard Worker 109*e1997b9aSAndroid Build Coastguard Worker // This is used to cache the selected AuthKey to ensure the same AuthKey is used across 110*e1997b9aSAndroid Build Coastguard Worker // multiple getEntries() calls. 111*e1997b9aSAndroid Build Coastguard Worker // 112*e1997b9aSAndroid Build Coastguard Worker bool selectedAuthKey_ = false; 113*e1997b9aSAndroid Build Coastguard Worker vector<uint8_t> selectedAuthKeySigningKeyBlob_; 114*e1997b9aSAndroid Build Coastguard Worker vector<uint8_t> selectedAuthKeyStaticAuthData_; 115*e1997b9aSAndroid Build Coastguard Worker 116*e1997b9aSAndroid Build Coastguard Worker bool ensureChallenge(); 117*e1997b9aSAndroid Build Coastguard Worker 118*e1997b9aSAndroid Build Coastguard Worker ssize_t 119*e1997b9aSAndroid Build Coastguard Worker calcExpectedDeviceNameSpacesSize(const vector<uint8_t>& requestMessage, 120*e1997b9aSAndroid Build Coastguard Worker const vector<RequestNamespaceParcel>& requestNamespaces, 121*e1997b9aSAndroid Build Coastguard Worker uint32_t authorizedAcps); 122*e1997b9aSAndroid Build Coastguard Worker }; 123*e1997b9aSAndroid Build Coastguard Worker 124*e1997b9aSAndroid Build Coastguard Worker } // namespace identity 125*e1997b9aSAndroid Build Coastguard Worker } // namespace security 126*e1997b9aSAndroid Build Coastguard Worker } // namespace android 127*e1997b9aSAndroid Build Coastguard Worker 128*e1997b9aSAndroid Build Coastguard Worker #endif // SYSTEM_SECURITY_IDENTITY_CREDENTIAL_H_ 129