platform_system_security/identity/Credential.h

129 lines
4.9 KiB
C
Raw Normal View History

/*
* Copyright (c) 2019, The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef SYSTEM_SECURITY_CREDENTIAL_H_
#define SYSTEM_SECURITY_CREDENTIAL_H_
#include <string>
#include <vector>
#include <android/security/identity/BnCredential.h>
#include <android/hardware/identity/IIdentityCredentialStore.h>
#include "CredentialData.h"
namespace android {
namespace security {
namespace identity {
using ::android::sp;
using ::android::binder::Status;
using ::std::string;
using ::std::vector;
using ::android::hardware::identity::CipherSuite;
using ::android::hardware::identity::HardwareInformation;
using ::android::hardware::identity::IIdentityCredential;
using ::android::hardware::identity::IIdentityCredentialStore;
using ::android::hardware::identity::IPresentationSession;
using ::android::hardware::identity::RequestDataItem;
using ::android::hardware::identity::RequestNamespace;
class Credential : public BnCredential {
public:
Credential(CipherSuite cipherSuite, const string& dataPath, const string& credentialName,
uid_t callingUid, HardwareInformation hwInfo,
sp<IIdentityCredentialStore> halStoreBinder,
sp<IPresentationSession> halSessionBinder, int halApiVersion);
~Credential();
Status ensureOrReplaceHalBinder();
2021-03-04 22:32:43 +01:00
void writableCredentialPersonalized();
// ICredential overrides
Status createEphemeralKeyPair(vector<uint8_t>* _aidl_return) override;
Status setReaderEphemeralPublicKey(const vector<uint8_t>& publicKey) override;
Status deleteCredential(vector<uint8_t>* _aidl_return) override;
Status deleteWithChallenge(const vector<uint8_t>& challenge,
vector<uint8_t>* _aidl_return) override;
Status proveOwnership(const vector<uint8_t>& challenge, vector<uint8_t>* _aidl_return) override;
Status getCredentialKeyCertificateChain(vector<uint8_t>* _aidl_return) override;
Status selectAuthKey(bool allowUsingExhaustedKeys, bool allowUsingExpiredKeys,
bool incrementUsageCount, int64_t* _aidl_return) override;
Status getEntries(const vector<uint8_t>& requestMessage,
const vector<RequestNamespaceParcel>& requestNamespaces,
const vector<uint8_t>& sessionTranscript,
const vector<uint8_t>& readerSignature, bool allowUsingExhaustedKeys,
bool allowUsingExpiredKeys, bool incrementUsageCount,
GetEntriesResultParcel* _aidl_return) override;
Status setAvailableAuthenticationKeys(int32_t keyCount, int32_t maxUsesPerKey,
int64_t minValidTimeMillis) override;
Status getAuthKeysNeedingCertification(vector<AuthKeyParcel>* _aidl_return) override;
Status storeStaticAuthenticationData(const AuthKeyParcel& authenticationKey,
const vector<uint8_t>& staticAuthData) override;
Status
storeStaticAuthenticationDataWithExpiration(const AuthKeyParcel& authenticationKey,
int64_t expirationDateMillisSinceEpoch,
const vector<uint8_t>& staticAuthData) override;
Status getAuthenticationDataUsageCount(vector<int32_t>* _aidl_return) override;
Status getAuthenticationDataExpirations(vector<int64_t>* _aidl_return) override;
Status update(sp<IWritableCredential>* _aidl_return) override;
private:
CipherSuite cipherSuite_;
string dataPath_;
string credentialName_;
uid_t callingUid_;
HardwareInformation hwInfo_;
sp<IIdentityCredentialStore> halStoreBinder_;
sp<IPresentationSession> halSessionBinder_;
uint64_t selectedChallenge_ = 0;
sp<IIdentityCredential> halBinder_;
int halApiVersion_;
// This is used to cache the selected AuthKey to ensure the same AuthKey is used across
// multiple getEntries() calls.
//
bool selectedAuthKey_ = false;
vector<uint8_t> selectedAuthKeySigningKeyBlob_;
vector<uint8_t> selectedAuthKeyStaticAuthData_;
2021-03-04 22:32:43 +01:00
bool ensureChallenge();
ssize_t
calcExpectedDeviceNameSpacesSize(const vector<uint8_t>& requestMessage,
const vector<RequestNamespaceParcel>& requestNamespaces,
uint32_t authorizedAcps);
};
} // namespace identity
} // namespace security
} // namespace android
#endif // SYSTEM_SECURITY_IDENTITY_CREDENTIAL_H_