1 /*
2  * Copyright (C) 2009 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 package android.security;
18 
19 import android.compat.annotation.UnsupportedAppUsage;
20 import android.os.Build;
21 import android.os.UserHandle;
22 import android.security.maintenance.UserState;
23 
24 /**
25  * @hide This should not be made public in its present form because it
26  * assumes that private and secret key bytes are available and would
27  * preclude the use of hardware crypto.
28  */
29 public class KeyStore {
30     private static final String TAG = "KeyStore";
31 
32     // ResponseCodes - see system/security/keystore/include/keystore/keystore.h
33     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
34     public static final int NO_ERROR = 1;
35 
36     // Used for UID field to indicate the calling UID.
37     public static final int UID_SELF = -1;
38 
39     // States
40     public enum State {
41         @UnsupportedAppUsage
42         UNLOCKED,
43         @UnsupportedAppUsage
44         LOCKED,
45         UNINITIALIZED
46     };
47 
48     private static final KeyStore KEY_STORE = new KeyStore();
49 
50     @UnsupportedAppUsage
getInstance()51     public static KeyStore getInstance() {
52         return KEY_STORE;
53     }
54 
55     /** @hide */
56     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
state(int userId)57     public State state(int userId) {
58         int userState = AndroidKeyStoreMaintenance.getState(userId);
59         switch (userState) {
60             case UserState.UNINITIALIZED:
61                 return KeyStore.State.UNINITIALIZED;
62             case UserState.LSKF_UNLOCKED:
63                 return KeyStore.State.UNLOCKED;
64             case UserState.LSKF_LOCKED:
65                 return KeyStore.State.LOCKED;
66             default:
67                 throw new AssertionError(userState);
68         }
69     }
70 
71     /** @hide */
72     @UnsupportedAppUsage
state()73     public State state() {
74         return state(UserHandle.myUserId());
75     }
76 
77     /** @hide */
78     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
get(String key)79     public byte[] get(String key) {
80         return null;
81     }
82 
83     /** @hide */
84     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
delete(String key)85     public boolean delete(String key) {
86         return false;
87     }
88 
89     /**
90      * List uids of all keys that are auth bound to the current user.
91      * Only system is allowed to call this method.
92      * @hide
93      * @deprecated This function always returns null.
94      */
95     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
listUidsOfAuthBoundKeys()96     public int[] listUidsOfAuthBoundKeys() {
97         return null;
98     }
99 
100 
101     /**
102      * @hide
103      * @deprecated This function has no effect.
104      */
105     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
unlock(String password)106     public boolean unlock(String password) {
107         return false;
108     }
109 
110     /**
111      *
112      * @return
113      * @deprecated This function always returns true.
114      * @hide
115      */
116     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.P, trackingBug = 115609023)
isEmpty()117     public boolean isEmpty() {
118         return true;
119     }
120 
121     /**
122      * Add an authentication record to the keystore authorization table.
123      *
124      * @param authToken The packed bytes of a hw_auth_token_t to be provided to keymaster.
125      * @return {@code KeyStore.NO_ERROR} on success, otherwise an error value corresponding to
126      * a {@code KeymasterDefs.KM_ERROR_} value or {@code KeyStore} ResponseCode.
127      */
addAuthToken(byte[] authToken)128     public int addAuthToken(byte[] authToken) {
129         return Authorization.addAuthToken(authToken);
130     }
131 
132     /**
133      * Notify keystore that the device went off-body.
134      */
onDeviceOffBody()135     public void onDeviceOffBody() {
136         AndroidKeyStoreMaintenance.onDeviceOffBody();
137     }
138 
139     /**
140      * Returns a {@link KeyStoreException} corresponding to the provided keystore/keymaster error
141      * code.
142      */
143     @UnsupportedAppUsage(maxTargetSdk = Build.VERSION_CODES.R, trackingBug = 170729553)
getKeyStoreException(int errorCode)144     public static KeyStoreException getKeyStoreException(int errorCode) {
145         return new KeyStoreException(-10000, "Should not be called.");
146     }
147 }
148