Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 472e6c8e18c800b0b650bd8697e17ce65c1f3608 / . / identity / Credential.h
blob: 7f085150f249890373333f0631f98b0bf0f15436 [file] [log] [blame]
David Zeuthenab3e5652019-10-28 13:32:48 -0400[diff] [blame]1/*
2 * Copyright (c) 2019, The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef SYSTEM_SECURITY_CREDENTIAL_H_
18#define SYSTEM_SECURITY_CREDENTIAL_H_
19
20#include <string>
21#include <vector>
22
23#include <android/security/identity/BnCredential.h>
24
David Zeuthena6f9fba2020-02-11 22:08:27 -0500[diff] [blame]25#include <android/hardware/identity/IIdentityCredentialStore.h>
David Zeuthenab3e5652019-10-28 13:32:48 -0400[diff] [blame]26
27#include "CredentialData.h"
28
29namespace android {
30namespace security {
31namespace identity {
32
33using ::android::sp;
34using ::android::binder::Status;
35using ::std::string;
36using ::std::vector;
37
David Zeuthena6f9fba2020-02-11 22:08:27 -0500[diff] [blame]38using ::android::hardware::identity::CipherSuite;
David Zeuthen472e6c82020-10-16 11:50:13 -0400[diff] [blame^]39using ::android::hardware::identity::HardwareInformation;
David Zeuthena6f9fba2020-02-11 22:08:27 -0500[diff] [blame]40using ::android::hardware::identity::IIdentityCredential;
41using ::android::hardware::identity::IIdentityCredentialStore;
David Zeuthene2a78a42020-04-27 13:34:38 -0400[diff] [blame]42using ::android::hardware::identity::RequestDataItem;
43using ::android::hardware::identity::RequestNamespace;
David Zeuthenab3e5652019-10-28 13:32:48 -0400[diff] [blame]44
45class Credential : public BnCredential {
46 public:
David Zeuthen472e6c82020-10-16 11:50:13 -0400[diff] [blame^]47 Credential(CipherSuite cipherSuite, const string& dataPath, const string& credentialName,
48 uid_t callingUid, HardwareInformation hwInfo,
49 sp<IIdentityCredentialStore> halStoreBinder, int halApiVersion);
David Zeuthenab3e5652019-10-28 13:32:48 -0400[diff] [blame]50 ~Credential();
51
David Zeuthen472e6c82020-10-16 11:50:13 -0400[diff] [blame^]52 Status ensureOrReplaceHalBinder();
David Zeuthenab3e5652019-10-28 13:32:48 -0400[diff] [blame]53
54 // ICredential overrides
55 Status createEphemeralKeyPair(vector<uint8_t>* _aidl_return) override;
56
57 Status setReaderEphemeralPublicKey(const vector<uint8_t>& publicKey) override;
58
59 Status deleteCredential(vector<uint8_t>* _aidl_return) override;
60
David Zeuthen472e6c82020-10-16 11:50:13 -0400[diff] [blame^]61 Status deleteWithChallenge(const vector<uint8_t>& challenge,
62 vector<uint8_t>* _aidl_return) override;
63
64 Status proveOwnership(const vector<uint8_t>& challenge, vector<uint8_t>* _aidl_return) override;
65
David Zeuthenab3e5652019-10-28 13:32:48 -0400[diff] [blame]66 Status getCredentialKeyCertificateChain(vector<uint8_t>* _aidl_return) override;
67
David Zeuthen472e6c82020-10-16 11:50:13 -0400[diff] [blame^]68 Status selectAuthKey(bool allowUsingExhaustedKeys, bool allowUsingExpiredKeys,
69 int64_t* _aidl_return) override;
David Zeuthenab3e5652019-10-28 13:32:48 -0400[diff] [blame]70
71 Status getEntries(const vector<uint8_t>& requestMessage,
72 const vector<RequestNamespaceParcel>& requestNamespaces,
73 const vector<uint8_t>& sessionTranscript,
74 const vector<uint8_t>& readerSignature, bool allowUsingExhaustedKeys,
David Zeuthen472e6c82020-10-16 11:50:13 -0400[diff] [blame^]75 bool allowUsingExpiredKeys, GetEntriesResultParcel* _aidl_return) override;
David Zeuthenab3e5652019-10-28 13:32:48 -0400[diff] [blame]76
77 Status setAvailableAuthenticationKeys(int32_t keyCount, int32_t maxUsesPerKey) override;
78 Status getAuthKeysNeedingCertification(vector<AuthKeyParcel>* _aidl_return) override;
79 Status storeStaticAuthenticationData(const AuthKeyParcel& authenticationKey,
80 const vector<uint8_t>& staticAuthData) override;
David Zeuthen472e6c82020-10-16 11:50:13 -0400[diff] [blame^]81 Status
82 storeStaticAuthenticationDataWithExpiration(const AuthKeyParcel& authenticationKey,
83 int64_t expirationDateMillisSinceEpoch,
84 const vector<uint8_t>& staticAuthData) override;
David Zeuthenab3e5652019-10-28 13:32:48 -0400[diff] [blame]85 Status getAuthenticationDataUsageCount(vector<int32_t>* _aidl_return) override;
86
David Zeuthen472e6c82020-10-16 11:50:13 -0400[diff] [blame^]87 Status update(sp<IWritableCredential>* _aidl_return) override;
88
David Zeuthenab3e5652019-10-28 13:32:48 -0400[diff] [blame]89 private:
David Zeuthena6f9fba2020-02-11 22:08:27 -0500[diff] [blame]90 CipherSuite cipherSuite_;
David Zeuthenab3e5652019-10-28 13:32:48 -0400[diff] [blame]91 string dataPath_;
92 string credentialName_;
David Zeuthen472e6c82020-10-16 11:50:13 -0400[diff] [blame^]93 uid_t callingUid_;
94 HardwareInformation hwInfo_;
95 sp<IIdentityCredentialStore> halStoreBinder_;
David Zeuthenab3e5652019-10-28 13:32:48 -0400[diff] [blame]96
97 const AuthKeyData* selectedAuthKey_ = nullptr;
98 uint64_t selectedChallenge_ = 0;
99
David Zeuthenab3e5652019-10-28 13:32:48 -0400[diff] [blame]100 sp<IIdentityCredential> halBinder_;
David Zeuthen472e6c82020-10-16 11:50:13 -0400[diff] [blame^]101 int halApiVersion_;
David Zeuthene2a78a42020-04-27 13:34:38 -0400[diff] [blame]102
103 ssize_t
104 calcExpectedDeviceNameSpacesSize(const vector<uint8_t>& requestMessage,
105 const vector<RequestNamespaceParcel>& requestNamespaces,
106 uint32_t authorizedAcps);
David Zeuthenab3e5652019-10-28 13:32:48 -0400[diff] [blame]107};
108
109} // namespace identity
110} // namespace security
111} // namespace android
112
113#endif // SYSTEM_SECURITY_IDENTITY_CREDENTIAL_H_