1 /*
2  * Copyright (c) 2019, The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *     http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef SYSTEM_SECURITY_CREDENTIAL_H_
18 #define SYSTEM_SECURITY_CREDENTIAL_H_
19 
20 #include <string>
21 #include <vector>
22 
23 #include <android/security/identity/BnCredential.h>
24 
25 #include <android/hardware/identity/IIdentityCredentialStore.h>
26 
27 #include "CredentialData.h"
28 
29 namespace android {
30 namespace security {
31 namespace identity {
32 
33 using ::android::sp;
34 using ::android::binder::Status;
35 using ::std::string;
36 using ::std::vector;
37 
38 using ::android::hardware::identity::CipherSuite;
39 using ::android::hardware::identity::IIdentityCredential;
40 using ::android::hardware::identity::IIdentityCredentialStore;
41 using ::android::hardware::identity::RequestDataItem;
42 using ::android::hardware::identity::RequestNamespace;
43 
44 class Credential : public BnCredential {
45   public:
46     Credential(CipherSuite cipherSuite, const string& dataPath, const string& credentialName);
47     ~Credential();
48 
49     Status loadCredential(sp<IIdentityCredentialStore> halStoreBinder);
50 
51     // ICredential overrides
52     Status createEphemeralKeyPair(vector<uint8_t>* _aidl_return) override;
53 
54     Status setReaderEphemeralPublicKey(const vector<uint8_t>& publicKey) override;
55 
56     Status deleteCredential(vector<uint8_t>* _aidl_return) override;
57 
58     Status getCredentialKeyCertificateChain(vector<uint8_t>* _aidl_return) override;
59 
60     Status selectAuthKey(bool allowUsingExhaustedKeys, int64_t* _aidl_return) override;
61 
62     Status getEntries(const vector<uint8_t>& requestMessage,
63                       const vector<RequestNamespaceParcel>& requestNamespaces,
64                       const vector<uint8_t>& sessionTranscript,
65                       const vector<uint8_t>& readerSignature, bool allowUsingExhaustedKeys,
66                       GetEntriesResultParcel* _aidl_return) override;
67 
68     Status setAvailableAuthenticationKeys(int32_t keyCount, int32_t maxUsesPerKey) override;
69     Status getAuthKeysNeedingCertification(vector<AuthKeyParcel>* _aidl_return) override;
70     Status storeStaticAuthenticationData(const AuthKeyParcel& authenticationKey,
71                                          const vector<uint8_t>& staticAuthData) override;
72     Status getAuthenticationDataUsageCount(vector<int32_t>* _aidl_return) override;
73 
74   private:
75     CipherSuite cipherSuite_;
76     string dataPath_;
77     string credentialName_;
78 
79     const AuthKeyData* selectedAuthKey_ = nullptr;
80     uint64_t selectedChallenge_ = 0;
81 
82     sp<CredentialData> data_;
83 
84     sp<IIdentityCredential> halBinder_;
85 
86     ssize_t
87     calcExpectedDeviceNameSpacesSize(const vector<uint8_t>& requestMessage,
88                                      const vector<RequestNamespaceParcel>& requestNamespaces,
89                                      uint32_t authorizedAcps);
90 };
91 
92 }  // namespace identity
93 }  // namespace security
94 }  // namespace android
95 
96 #endif  // SYSTEM_SECURITY_IDENTITY_CREDENTIAL_H_
97