identity/Credential.h

/*
 * Copyright (c) 2019, The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef SYSTEM_SECURITY_CREDENTIAL_H_
#define SYSTEM_SECURITY_CREDENTIAL_H_

#include <string>
#include <vector>

#include <android/security/identity/BnCredential.h>

#include <android/hardware/identity/IIdentityCredentialStore.h>

#include "CredentialData.h"

namespace android {
namespace security {
namespace identity {

using ::android::sp;
using ::android::binder::Status;
using ::std::string;
using ::std::vector;

using ::android::hardware::identity::CipherSuite;
using ::android::hardware::identity::IIdentityCredential;
using ::android::hardware::identity::IIdentityCredentialStore;
using ::android::hardware::identity::RequestDataItem;
using ::android::hardware::identity::RequestNamespace;

class Credential : public BnCredential {
  public:
    Credential(CipherSuite cipherSuite, const string& dataPath, const string& credentialName);
    ~Credential();

    Status loadCredential(sp<IIdentityCredentialStore> halStoreBinder);

    // ICredential overrides
    Status createEphemeralKeyPair(vector<uint8_t>* _aidl_return) override;

    Status setReaderEphemeralPublicKey(const vector<uint8_t>& publicKey) override;

    Status deleteCredential(vector<uint8_t>* _aidl_return) override;

    Status getCredentialKeyCertificateChain(vector<uint8_t>* _aidl_return) override;

    Status selectAuthKey(bool allowUsingExhaustedKeys, int64_t* _aidl_return) override;

    Status getEntries(const vector<uint8_t>& requestMessage,
                      const vector<RequestNamespaceParcel>& requestNamespaces,
                      const vector<uint8_t>& sessionTranscript,
                      const vector<uint8_t>& readerSignature, bool allowUsingExhaustedKeys,
                      GetEntriesResultParcel* _aidl_return) override;

    Status setAvailableAuthenticationKeys(int32_t keyCount, int32_t maxUsesPerKey) override;
    Status getAuthKeysNeedingCertification(vector<AuthKeyParcel>* _aidl_return) override;
    Status storeStaticAuthenticationData(const AuthKeyParcel& authenticationKey,
                                         const vector<uint8_t>& staticAuthData) override;
    Status getAuthenticationDataUsageCount(vector<int32_t>* _aidl_return) override;

  private:
    CipherSuite cipherSuite_;
    string dataPath_;
    string credentialName_;

    const AuthKeyData* selectedAuthKey_ = nullptr;
    uint64_t selectedChallenge_ = 0;

    sp<CredentialData> data_;

    sp<IIdentityCredential> halBinder_;

    ssize_t
    calcExpectedDeviceNameSpacesSize(const vector<uint8_t>& requestMessage,
                                     const vector<RequestNamespaceParcel>& requestNamespaces,
                                     uint32_t authorizedAcps);
};

}  // namespace identity
}  // namespace security
}  // namespace android

#endif  // SYSTEM_SECURITY_IDENTITY_CREDENTIAL_H_