Blame - identity/Credential.h - android_system_security

blob: 0906fea22a86755546cb7ac83987eb62c55f6e98 [file] [log] [blame]

David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	1	/*
				2	* Copyright (c) 2019, The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
				17	#ifndef SYSTEM_SECURITY_CREDENTIAL_H_
				18	#define SYSTEM_SECURITY_CREDENTIAL_H_
				19
				20	#include <string>
				21	#include <vector>
				22
				23	#include <android/security/identity/BnCredential.h>
				24
David Zeuthen	a6f9fba	2020-02-11 22:08:27 -0500	[diff] [blame]	25	#include <android/hardware/identity/IIdentityCredentialStore.h>
David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	26
				27	#include "CredentialData.h"
				28
				29	namespace android {
				30	namespace security {
				31	namespace identity {
				32
				33	using ::android::sp;
				34	using ::android::binder::Status;
				35	using ::std::string;
				36	using ::std::vector;
				37
David Zeuthen	a6f9fba	2020-02-11 22:08:27 -0500	[diff] [blame]	38	using ::android::hardware::identity::CipherSuite;
David Zeuthen	472e6c8	2020-10-16 11:50:13 -0400	[diff] [blame]	39	using ::android::hardware::identity::HardwareInformation;
David Zeuthen	a6f9fba	2020-02-11 22:08:27 -0500	[diff] [blame]	40	using ::android::hardware::identity::IIdentityCredential;
				41	using ::android::hardware::identity::IIdentityCredentialStore;
David Zeuthen	045a2c8	2021-09-11 13:52:17 -0400	[diff] [blame]	42	using ::android::hardware::identity::IPresentationSession;
David Zeuthen	e2a78a4	2020-04-27 13:34:38 -0400	[diff] [blame]	43	using ::android::hardware::identity::RequestDataItem;
				44	using ::android::hardware::identity::RequestNamespace;
David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	45
				46	class Credential : public BnCredential {
				47	public:
David Zeuthen	472e6c8	2020-10-16 11:50:13 -0400	[diff] [blame]	48	Credential(CipherSuite cipherSuite, const string& dataPath, const string& credentialName,
				49	uid_t callingUid, HardwareInformation hwInfo,
David Zeuthen	045a2c8	2021-09-11 13:52:17 -0400	[diff] [blame]	50	sp<IIdentityCredentialStore> halStoreBinder,
				51	sp<IPresentationSession> halSessionBinder, int halApiVersion);
David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	52	~Credential();
				53
David Zeuthen	472e6c8	2020-10-16 11:50:13 -0400	[diff] [blame]	54	Status ensureOrReplaceHalBinder();
David Zeuthen	27407a5	2021-03-04 16:32:43 -0500	[diff] [blame]	55	void writableCredentialPersonalized();
David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	56
				57	// ICredential overrides
				58	Status createEphemeralKeyPair(vector<uint8_t>* _aidl_return) override;
				59
				60	Status setReaderEphemeralPublicKey(const vector<uint8_t>& publicKey) override;
				61
				62	Status deleteCredential(vector<uint8_t>* _aidl_return) override;
				63
David Zeuthen	472e6c8	2020-10-16 11:50:13 -0400	[diff] [blame]	64	Status deleteWithChallenge(const vector<uint8_t>& challenge,
				65	vector<uint8_t>* _aidl_return) override;
				66
				67	Status proveOwnership(const vector<uint8_t>& challenge, vector<uint8_t>* _aidl_return) override;
				68
David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	69	Status getCredentialKeyCertificateChain(vector<uint8_t>* _aidl_return) override;
				70
David Zeuthen	472e6c8	2020-10-16 11:50:13 -0400	[diff] [blame]	71	Status selectAuthKey(bool allowUsingExhaustedKeys, bool allowUsingExpiredKeys,
David Zeuthen	045a2c8	2021-09-11 13:52:17 -0400	[diff] [blame]	72	bool incrementUsageCount, int64_t* _aidl_return) override;
David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	73
				74	Status getEntries(const vector<uint8_t>& requestMessage,
				75	const vector<RequestNamespaceParcel>& requestNamespaces,
				76	const vector<uint8_t>& sessionTranscript,
				77	const vector<uint8_t>& readerSignature, bool allowUsingExhaustedKeys,
David Zeuthen	045a2c8	2021-09-11 13:52:17 -0400	[diff] [blame]	78	bool allowUsingExpiredKeys, bool incrementUsageCount,
				79	GetEntriesResultParcel* _aidl_return) override;
David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	80
				81	Status setAvailableAuthenticationKeys(int32_t keyCount, int32_t maxUsesPerKey) override;
				82	Status getAuthKeysNeedingCertification(vector<AuthKeyParcel>* _aidl_return) override;
				83	Status storeStaticAuthenticationData(const AuthKeyParcel& authenticationKey,
				84	const vector<uint8_t>& staticAuthData) override;
David Zeuthen	472e6c8	2020-10-16 11:50:13 -0400	[diff] [blame]	85	Status
				86	storeStaticAuthenticationDataWithExpiration(const AuthKeyParcel& authenticationKey,
				87	int64_t expirationDateMillisSinceEpoch,
				88	const vector<uint8_t>& staticAuthData) override;
David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	89	Status getAuthenticationDataUsageCount(vector<int32_t>* _aidl_return) override;
				90
David Zeuthen	472e6c8	2020-10-16 11:50:13 -0400	[diff] [blame]	91	Status update(sp<IWritableCredential>* _aidl_return) override;
				92
David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	93	private:
David Zeuthen	a6f9fba	2020-02-11 22:08:27 -0500	[diff] [blame]	94	CipherSuite cipherSuite_;
David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	95	string dataPath_;
				96	string credentialName_;
David Zeuthen	472e6c8	2020-10-16 11:50:13 -0400	[diff] [blame]	97	uid_t callingUid_;
				98	HardwareInformation hwInfo_;
				99	sp<IIdentityCredentialStore> halStoreBinder_;
David Zeuthen	045a2c8	2021-09-11 13:52:17 -0400	[diff] [blame]	100	sp<IPresentationSession> halSessionBinder_;
David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	101
David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	102	uint64_t selectedChallenge_ = 0;
				103
David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	104	sp<IIdentityCredential> halBinder_;
David Zeuthen	472e6c8	2020-10-16 11:50:13 -0400	[diff] [blame]	105	int halApiVersion_;
David Zeuthen	e2a78a4	2020-04-27 13:34:38 -0400	[diff] [blame]	106
David Zeuthen	045a2c8	2021-09-11 13:52:17 -0400	[diff] [blame]	107	// This is used to cache the selected AuthKey to ensure the same AuthKey is used across
				108	// multiple getEntries() calls.
				109	//
				110	bool selectedAuthKey_ = false;
				111	vector<uint8_t> selectedAuthKeySigningKeyBlob_;
				112	vector<uint8_t> selectedAuthKeyStaticAuthData_;
				113
David Zeuthen	27407a5	2021-03-04 16:32:43 -0500	[diff] [blame]	114	bool ensureChallenge();
				115
David Zeuthen	e2a78a4	2020-04-27 13:34:38 -0400	[diff] [blame]	116	ssize_t
				117	calcExpectedDeviceNameSpacesSize(const vector<uint8_t>& requestMessage,
				118	const vector<RequestNamespaceParcel>& requestNamespaces,
				119	uint32_t authorizedAcps);
David Zeuthen	ab3e565	2019-10-28 13:32:48 -0400	[diff] [blame]	120	};
				121
				122	} // namespace identity
				123	} // namespace security
				124	} // namespace android
				125
				126	#endif // SYSTEM_SECURITY_IDENTITY_CREDENTIAL_H_