Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / b3bb39218888c573c1b341d3ee11516b9ad2d3b4 / . / keystore / IKeystoreService.cpp
blob: d03a0117bf534ebe5ccad30cfcfb65f677da53f5 [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]33const ssize_t MAX_GENERATE_ARGS = 3;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]34static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]35
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]36KeystoreArg::KeystoreArg(const void* data, size_t len)
37 : mData(data), mSize(len) {
38}
39
40KeystoreArg::~KeystoreArg() {
41}
42
43const void *KeystoreArg::data() const {
44 return mData;
45}
46
47size_t KeystoreArg::size() const {
48 return mSize;
49}
50
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]51OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]52 data(NULL), dataLength(0) {
53}
54
55OperationResult::~OperationResult() {
56}
57
58void OperationResult::readFromParcel(const Parcel& in) {
59 resultCode = in.readInt32();
60 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]61 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]62 inputConsumed = in.readInt32();
63 ssize_t length = in.readInt32();
64 dataLength = 0;
65 if (length > 0) {
66 const void* buf = in.readInplace(length);
67 if (buf) {
68 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
69 if (data.get()) {
70 memcpy(data.get(), buf, length);
71 dataLength = (size_t) length;
72 } else {
73 ALOGE("Failed to allocate OperationResult buffer");
74 }
75 } else {
76 ALOGE("Failed to readInplace OperationResult data");
77 }
78 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]79 outParams.readFromParcel(in);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]80}
81
82void OperationResult::writeToParcel(Parcel* out) const {
83 out->writeInt32(resultCode);
84 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]85 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]86 out->writeInt32(inputConsumed);
87 out->writeInt32(dataLength);
88 if (dataLength && data) {
89 void* buf = out->writeInplace(dataLength);
90 if (buf) {
91 memcpy(buf, data.get(), dataLength);
92 } else {
93 ALOGE("Failed to writeInplace OperationResult data.");
94 }
95 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]96 outParams.writeToParcel(out);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]97}
98
99ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
100}
101
102ExportResult::~ExportResult() {
103}
104
105void ExportResult::readFromParcel(const Parcel& in) {
106 resultCode = in.readInt32();
107 ssize_t length = in.readInt32();
108 dataLength = 0;
109 if (length > 0) {
110 const void* buf = in.readInplace(length);
111 if (buf) {
112 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
113 if (exportData.get()) {
114 memcpy(exportData.get(), buf, length);
115 dataLength = (size_t) length;
116 } else {
117 ALOGE("Failed to allocate ExportData buffer");
118 }
119 } else {
120 ALOGE("Failed to readInplace ExportData data");
121 }
122 }
123}
124
125void ExportResult::writeToParcel(Parcel* out) const {
126 out->writeInt32(resultCode);
127 out->writeInt32(dataLength);
128 if (exportData && dataLength) {
129 void* buf = out->writeInplace(dataLength);
130 if (buf) {
131 memcpy(buf, exportData.get(), dataLength);
132 } else {
133 ALOGE("Failed to writeInplace ExportResult data.");
134 }
135 }
136}
137
138KeymasterArguments::KeymasterArguments() {
139}
140
141KeymasterArguments::~KeymasterArguments() {
142 keymaster_free_param_values(params.data(), params.size());
143}
144
145void KeymasterArguments::readFromParcel(const Parcel& in) {
146 ssize_t length = in.readInt32();
147 size_t ulength = (size_t) length;
148 if (length < 0) {
149 ulength = 0;
150 }
151 keymaster_free_param_values(params.data(), params.size());
152 params.clear();
153 for(size_t i = 0; i < ulength; i++) {
154 keymaster_key_param_t param;
155 if (!readKeymasterArgumentFromParcel(in, &param)) {
156 ALOGE("Error reading keymaster argument from parcel");
157 break;
158 }
159 params.push_back(param);
160 }
161}
162
163void KeymasterArguments::writeToParcel(Parcel* out) const {
164 out->writeInt32(params.size());
165 for (auto param : params) {
166 out->writeInt32(1);
167 writeKeymasterArgumentToParcel(param, out);
168 }
169}
170
171KeyCharacteristics::KeyCharacteristics() {
172 memset((void*) &characteristics, 0, sizeof(characteristics));
173}
174
175KeyCharacteristics::~KeyCharacteristics() {
176 keymaster_free_characteristics(&characteristics);
177}
178
179void KeyCharacteristics::readFromParcel(const Parcel& in) {
180 size_t length = 0;
181 keymaster_key_param_t* params = readParamList(in, &length);
182 characteristics.sw_enforced.params = params;
183 characteristics.sw_enforced.length = length;
184
185 params = readParamList(in, &length);
186 characteristics.hw_enforced.params = params;
187 characteristics.hw_enforced.length = length;
188}
189
190void KeyCharacteristics::writeToParcel(Parcel* out) const {
191 if (characteristics.sw_enforced.params) {
192 out->writeInt32(characteristics.sw_enforced.length);
193 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
194 out->writeInt32(1);
195 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
196 }
197 } else {
198 out->writeInt32(0);
199 }
200 if (characteristics.hw_enforced.params) {
201 out->writeInt32(characteristics.hw_enforced.length);
202 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
203 out->writeInt32(1);
204 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
205 }
206 } else {
207 out->writeInt32(0);
208 }
209}
210
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]211KeymasterCertificateChain::KeymasterCertificateChain() {
212 memset(&chain, 0, sizeof(chain));
213}
214
215KeymasterCertificateChain::~KeymasterCertificateChain() {
216 keymaster_free_cert_chain(&chain);
217}
218
219static bool readKeymasterBlob(const Parcel& in, keymaster_blob_t* blob) {
220 if (in.readInt32() != 1) {
221 return false;
222 }
223
224 blob->data_length = 0;
225 ssize_t length = in.readInt32();
226 if (length <= 0) {
227 blob->data = nullptr;
228 return false;
229 }
230
231 blob->data = reinterpret_cast<const uint8_t*>(in.readInplace(length));
232 if (blob->data) {
233 blob->data_length = static_cast<size_t>(length);
234 }
235 return true;
236}
237
238void KeymasterCertificateChain::readFromParcel(const Parcel& in) {
239 ssize_t count = in.readInt32();
240 size_t ucount = count;
241 if (count < 0) {
242 ucount = 0;
243 }
244 keymaster_free_cert_chain(&chain);
245 chain.entries = new keymaster_blob_t[ucount];
246 memset(chain.entries, 0, sizeof(keymaster_blob_t) * ucount);
247 for (size_t i = 0; i < ucount; ++i) {
248 if (!readKeymasterBlob(in, &chain.entries[i])) {
249 keymaster_free_cert_chain(&chain);
250 return;
251 }
252 }
253}
254
255void KeymasterCertificateChain::writeToParcel(Parcel* out) const {
256 out->writeInt32(chain.entry_count);
257 for (size_t i = 0; i < chain.entry_count; ++i) {
258 if (chain.entries[i].data) {
259 out->writeInt32(1); // Tell Java side that object is not NULL
260 out->writeInt32(chain.entries[i].data_length);
261 void* buf = out->writeInplace(chain.entries[i].data_length);
262 if (buf) {
263 memcpy(buf, chain.entries[i].data, chain.entries[i].data_length);
264 } else {
265 ALOGE("Failed to writeInplace keymaster cert chain entry");
266 }
267 } else {
268 out->writeInt32(0); // Tell Java side this object is NULL.
269 ALOGE("Found NULL certificate chain entry");
270 }
271 }
272}
273
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]274void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
275 switch (keymaster_tag_get_type(param.tag)) {
276 case KM_ENUM:
277 case KM_ENUM_REP: {
278 out->writeInt32(param.tag);
279 out->writeInt32(param.enumerated);
280 break;
281 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]282 case KM_UINT:
283 case KM_UINT_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]284 out->writeInt32(param.tag);
285 out->writeInt32(param.integer);
286 break;
287 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]288 case KM_ULONG:
289 case KM_ULONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]290 out->writeInt32(param.tag);
291 out->writeInt64(param.long_integer);
292 break;
293 }
294 case KM_DATE: {
295 out->writeInt32(param.tag);
296 out->writeInt64(param.date_time);
297 break;
298 }
299 case KM_BOOL: {
300 out->writeInt32(param.tag);
301 break;
302 }
303 case KM_BIGNUM:
304 case KM_BYTES: {
305 out->writeInt32(param.tag);
306 out->writeInt32(param.blob.data_length);
307 void* buf = out->writeInplace(param.blob.data_length);
308 if (buf) {
309 memcpy(buf, param.blob.data, param.blob.data_length);
310 } else {
311 ALOGE("Failed to writeInplace keymaster blob param");
312 }
313 break;
314 }
315 default: {
316 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
317 }
318 }
319}
320
321
322bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
323 if (in.readInt32() == 0) {
324 return false;
325 }
326 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
327 switch (keymaster_tag_get_type(tag)) {
328 case KM_ENUM:
329 case KM_ENUM_REP: {
330 uint32_t value = in.readInt32();
331 *out = keymaster_param_enum(tag, value);
332 break;
333 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]334 case KM_UINT:
335 case KM_UINT_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]336 uint32_t value = in.readInt32();
337 *out = keymaster_param_int(tag, value);
338 break;
339 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]340 case KM_ULONG:
341 case KM_ULONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]342 uint64_t value = in.readInt64();
343 *out = keymaster_param_long(tag, value);
344 break;
345 }
346 case KM_DATE: {
347 uint64_t value = in.readInt64();
348 *out = keymaster_param_date(tag, value);
349 break;
350 }
351 case KM_BOOL: {
352 *out = keymaster_param_bool(tag);
353 break;
354 }
355 case KM_BIGNUM:
356 case KM_BYTES: {
357 ssize_t length = in.readInt32();
358 uint8_t* data = NULL;
359 size_t ulength = 0;
360 if (length >= 0) {
361 ulength = (size_t) length;
362 // use malloc here so we can use keymaster_free_param_values
363 // consistently.
364 data = reinterpret_cast<uint8_t*>(malloc(ulength));
365 const void* buf = in.readInplace(ulength);
366 if (!buf || !data) {
367 ALOGE("Failed to allocate buffer for keymaster blob param");
368 return false;
369 }
370 memcpy(data, buf, ulength);
371 }
372 *out = keymaster_param_blob(tag, data, ulength);
373 break;
374 }
375 default: {
376 ALOGE("Unsupported keymaster_tag_t %d", tag);
377 return false;
378 }
379 }
380 return true;
381}
382
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]383/**
384 * Read a byte array from in. The data at *data is still owned by the parcel
385 */
386static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
387 ssize_t slength = in.readInt32();
388 if (slength > 0) {
389 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
390 if (*data) {
391 *length = static_cast<size_t>(slength);
392 } else {
393 *length = 0;
394 }
395 } else {
396 *data = NULL;
397 *length = 0;
398 }
399}
400
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]401// Read a keymaster_key_param_t* from a Parcel for use in a
402// keymaster_key_characteristics_t. This will be free'd by calling
403// keymaster_free_key_characteristics.
404static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
405 ssize_t slength = in.readInt32();
406 *length = 0;
407 if (slength < 0) {
408 return NULL;
409 }
410 *length = (size_t) slength;
411 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
412 return NULL;
413 }
414 keymaster_key_param_t* list =
415 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
416 sizeof(keymaster_key_param_t)));
417 if (!list) {
418 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
419 goto err;
420 }
421 for (size_t i = 0; i < *length ; i++) {
422 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
423 ALOGE("Failed to read keymaster argument");
424 keymaster_free_param_values(list, i);
425 goto err;
426 }
427 }
428 return list;
429err:
430 free(list);
431 return NULL;
432}
433
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]434static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]435 std::unique_ptr<keymaster_blob_t> blob (new keymaster_blob_t);
436 if (!readKeymasterBlob(in, blob.get())) {
437 blob.reset();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]438 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]439 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]440}
441
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]442class BpKeystoreService: public BpInterface<IKeystoreService>
443{
444public:
445 BpKeystoreService(const sp<IBinder>& impl)
446 : BpInterface<IKeystoreService>(impl)
447 {
448 }
449
450 // test ping
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]451 virtual int32_t getState(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]452 {
453 Parcel data, reply;
454 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]455 data.writeInt32(userId);
456 status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]457 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]458 ALOGD("getState() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]459 return -1;
460 }
461 int32_t err = reply.readExceptionCode();
462 int32_t ret = reply.readInt32();
463 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]464 ALOGD("getState() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]465 return -1;
466 }
467 return ret;
468 }
469
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]470 virtual int32_t get(const String16& name, int32_t uid, uint8_t** item, size_t* itemLength)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]471 {
472 Parcel data, reply;
473 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
474 data.writeString16(name);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]475 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]476 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
477 if (status != NO_ERROR) {
478 ALOGD("get() could not contact remote: %d\n", status);
479 return -1;
480 }
481 int32_t err = reply.readExceptionCode();
482 ssize_t len = reply.readInt32();
483 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
484 size_t ulen = (size_t) len;
485 const void* buf = reply.readInplace(ulen);
486 *item = (uint8_t*) malloc(ulen);
487 if (*item != NULL) {
488 memcpy(*item, buf, ulen);
489 *itemLength = ulen;
490 } else {
491 ALOGE("out of memory allocating output array in get");
492 *itemLength = 0;
493 }
494 } else {
495 *itemLength = 0;
496 }
497 if (err < 0) {
498 ALOGD("get() caught exception %d\n", err);
499 return -1;
500 }
501 return 0;
502 }
503
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]504 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
505 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]506 {
507 Parcel data, reply;
508 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
509 data.writeString16(name);
510 data.writeInt32(itemLength);
511 void* buf = data.writeInplace(itemLength);
512 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]513 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]514 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]515 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
516 if (status != NO_ERROR) {
517 ALOGD("import() could not contact remote: %d\n", status);
518 return -1;
519 }
520 int32_t err = reply.readExceptionCode();
521 int32_t ret = reply.readInt32();
522 if (err < 0) {
523 ALOGD("import() caught exception %d\n", err);
524 return -1;
525 }
526 return ret;
527 }
528
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]529 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]530 {
531 Parcel data, reply;
532 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
533 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]534 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]535 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
536 if (status != NO_ERROR) {
537 ALOGD("del() could not contact remote: %d\n", status);
538 return -1;
539 }
540 int32_t err = reply.readExceptionCode();
541 int32_t ret = reply.readInt32();
542 if (err < 0) {
543 ALOGD("del() caught exception %d\n", err);
544 return -1;
545 }
546 return ret;
547 }
548
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]549 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]550 {
551 Parcel data, reply;
552 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
553 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]554 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]555 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
556 if (status != NO_ERROR) {
557 ALOGD("exist() could not contact remote: %d\n", status);
558 return -1;
559 }
560 int32_t err = reply.readExceptionCode();
561 int32_t ret = reply.readInt32();
562 if (err < 0) {
563 ALOGD("exist() caught exception %d\n", err);
564 return -1;
565 }
566 return ret;
567 }
568
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]569 virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]570 {
571 Parcel data, reply;
572 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]573 data.writeString16(prefix);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]574 data.writeInt32(uid);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]575 status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]576 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]577 ALOGD("list() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]578 return -1;
579 }
580 int32_t err = reply.readExceptionCode();
581 int32_t numMatches = reply.readInt32();
582 for (int32_t i = 0; i < numMatches; i++) {
583 matches->push(reply.readString16());
584 }
585 int32_t ret = reply.readInt32();
586 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]587 ALOGD("list() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]588 return -1;
589 }
590 return ret;
591 }
592
593 virtual int32_t reset()
594 {
595 Parcel data, reply;
596 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
597 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
598 if (status != NO_ERROR) {
599 ALOGD("reset() could not contact remote: %d\n", status);
600 return -1;
601 }
602 int32_t err = reply.readExceptionCode();
603 int32_t ret = reply.readInt32();
604 if (err < 0) {
605 ALOGD("reset() caught exception %d\n", err);
606 return -1;
607 }
608 return ret;
609 }
610
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]611 virtual int32_t onUserPasswordChanged(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]612 {
613 Parcel data, reply;
614 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]615 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]616 data.writeString16(password);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]617 status_t status = remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data,
618 &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]619 if (status != NO_ERROR) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]620 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]621 return -1;
622 }
623 int32_t err = reply.readExceptionCode();
624 int32_t ret = reply.readInt32();
625 if (err < 0) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]626 ALOGD("onUserPasswordChanged() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]627 return -1;
628 }
629 return ret;
630 }
631
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]632 virtual int32_t lock(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]633 {
634 Parcel data, reply;
635 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]636 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]637 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
638 if (status != NO_ERROR) {
639 ALOGD("lock() could not contact remote: %d\n", status);
640 return -1;
641 }
642 int32_t err = reply.readExceptionCode();
643 int32_t ret = reply.readInt32();
644 if (err < 0) {
645 ALOGD("lock() caught exception %d\n", err);
646 return -1;
647 }
648 return ret;
649 }
650
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]651 virtual int32_t unlock(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]652 {
653 Parcel data, reply;
654 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]655 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]656 data.writeString16(password);
657 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
658 if (status != NO_ERROR) {
659 ALOGD("unlock() could not contact remote: %d\n", status);
660 return -1;
661 }
662 int32_t err = reply.readExceptionCode();
663 int32_t ret = reply.readInt32();
664 if (err < 0) {
665 ALOGD("unlock() caught exception %d\n", err);
666 return -1;
667 }
668 return ret;
669 }
670
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]671 virtual bool isEmpty(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]672 {
673 Parcel data, reply;
674 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]675 data.writeInt32(userId);
676 status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]677 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]678 ALOGD("isEmpty() could not contact remote: %d\n", status);
679 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]680 }
681 int32_t err = reply.readExceptionCode();
682 int32_t ret = reply.readInt32();
683 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]684 ALOGD("isEmpty() caught exception %d\n", err);
685 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]686 }
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]687 return ret != 0;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]688 }
689
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]690 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
691 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]692 {
693 Parcel data, reply;
694 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
695 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]696 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]697 data.writeInt32(keyType);
698 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]699 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]700 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]701 data.writeInt32(args->size());
702 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
703 sp<KeystoreArg> item = *it;
704 size_t keyLength = item->size();
705 data.writeInt32(keyLength);
706 void* buf = data.writeInplace(keyLength);
707 memcpy(buf, item->data(), keyLength);
708 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]709 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
710 if (status != NO_ERROR) {
711 ALOGD("generate() could not contact remote: %d\n", status);
712 return -1;
713 }
714 int32_t err = reply.readExceptionCode();
715 int32_t ret = reply.readInt32();
716 if (err < 0) {
717 ALOGD("generate() caught exception %d\n", err);
718 return -1;
719 }
720 return ret;
721 }
722
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]723 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
724 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]725 {
726 Parcel data, reply;
727 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
728 data.writeString16(name);
729 data.writeInt32(keyLength);
730 void* buf = data.writeInplace(keyLength);
731 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]732 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]733 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]734 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
735 if (status != NO_ERROR) {
736 ALOGD("import() could not contact remote: %d\n", status);
737 return -1;
738 }
739 int32_t err = reply.readExceptionCode();
740 int32_t ret = reply.readInt32();
741 if (err < 0) {
742 ALOGD("import() caught exception %d\n", err);
743 return -1;
744 }
745 return ret;
746 }
747
748 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
749 size_t* outLength)
750 {
751 Parcel data, reply;
752 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
753 data.writeString16(name);
754 data.writeInt32(inLength);
755 void* buf = data.writeInplace(inLength);
756 memcpy(buf, in, inLength);
757 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
758 if (status != NO_ERROR) {
759 ALOGD("import() could not contact remote: %d\n", status);
760 return -1;
761 }
762 int32_t err = reply.readExceptionCode();
763 ssize_t len = reply.readInt32();
764 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
765 size_t ulen = (size_t) len;
766 const void* outBuf = reply.readInplace(ulen);
767 *out = (uint8_t*) malloc(ulen);
768 if (*out != NULL) {
769 memcpy((void*) *out, outBuf, ulen);
770 *outLength = ulen;
771 } else {
772 ALOGE("out of memory allocating output array in sign");
773 *outLength = 0;
774 }
775 } else {
776 *outLength = 0;
777 }
778 if (err < 0) {
779 ALOGD("import() caught exception %d\n", err);
780 return -1;
781 }
782 return 0;
783 }
784
785 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
786 const uint8_t* signature, size_t signatureLength)
787 {
788 Parcel data, reply;
789 void* buf;
790
791 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
792 data.writeString16(name);
793 data.writeInt32(inLength);
794 buf = data.writeInplace(inLength);
795 memcpy(buf, in, inLength);
796 data.writeInt32(signatureLength);
797 buf = data.writeInplace(signatureLength);
798 memcpy(buf, signature, signatureLength);
799 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
800 if (status != NO_ERROR) {
801 ALOGD("verify() could not contact remote: %d\n", status);
802 return -1;
803 }
804 int32_t err = reply.readExceptionCode();
805 int32_t ret = reply.readInt32();
806 if (err < 0) {
807 ALOGD("verify() caught exception %d\n", err);
808 return -1;
809 }
810 return ret;
811 }
812
813 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
814 {
815 Parcel data, reply;
816 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
817 data.writeString16(name);
818 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
819 if (status != NO_ERROR) {
820 ALOGD("get_pubkey() could not contact remote: %d\n", status);
821 return -1;
822 }
823 int32_t err = reply.readExceptionCode();
824 ssize_t len = reply.readInt32();
825 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
826 size_t ulen = (size_t) len;
827 const void* buf = reply.readInplace(ulen);
828 *pubkey = (uint8_t*) malloc(ulen);
829 if (*pubkey != NULL) {
830 memcpy(*pubkey, buf, ulen);
831 *pubkeyLength = ulen;
832 } else {
833 ALOGE("out of memory allocating output array in get_pubkey");
834 *pubkeyLength = 0;
835 }
836 } else {
837 *pubkeyLength = 0;
838 }
839 if (err < 0) {
840 ALOGD("get_pubkey() caught exception %d\n", err);
841 return -1;
842 }
843 return 0;
844 }
845
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]846 virtual int32_t grant(const String16& name, int32_t granteeUid)
847 {
848 Parcel data, reply;
849 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
850 data.writeString16(name);
851 data.writeInt32(granteeUid);
852 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
853 if (status != NO_ERROR) {
854 ALOGD("grant() could not contact remote: %d\n", status);
855 return -1;
856 }
857 int32_t err = reply.readExceptionCode();
858 int32_t ret = reply.readInt32();
859 if (err < 0) {
860 ALOGD("grant() caught exception %d\n", err);
861 return -1;
862 }
863 return ret;
864 }
865
866 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
867 {
868 Parcel data, reply;
869 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
870 data.writeString16(name);
871 data.writeInt32(granteeUid);
872 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
873 if (status != NO_ERROR) {
874 ALOGD("ungrant() could not contact remote: %d\n", status);
875 return -1;
876 }
877 int32_t err = reply.readExceptionCode();
878 int32_t ret = reply.readInt32();
879 if (err < 0) {
880 ALOGD("ungrant() caught exception %d\n", err);
881 return -1;
882 }
883 return ret;
884 }
885
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]886 int64_t getmtime(const String16& name, int32_t uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]887 {
888 Parcel data, reply;
889 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
890 data.writeString16(name);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]891 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]892 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
893 if (status != NO_ERROR) {
894 ALOGD("getmtime() could not contact remote: %d\n", status);
895 return -1;
896 }
897 int32_t err = reply.readExceptionCode();
898 int64_t ret = reply.readInt64();
899 if (err < 0) {
900 ALOGD("getmtime() caught exception %d\n", err);
901 return -1;
902 }
903 return ret;
904 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]905
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]906 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
907 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]908 {
909 Parcel data, reply;
910 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]911 data.writeString16(srcKey);
912 data.writeInt32(srcUid);
913 data.writeString16(destKey);
914 data.writeInt32(destUid);
915 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]916 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]917 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]918 return -1;
919 }
920 int32_t err = reply.readExceptionCode();
921 int32_t ret = reply.readInt32();
922 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]923 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]924 return -1;
925 }
926 return ret;
927 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]928
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]929 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]930 {
931 Parcel data, reply;
932 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]933 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]934 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
935 if (status != NO_ERROR) {
936 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
937 return -1;
938 }
939 int32_t err = reply.readExceptionCode();
940 int32_t ret = reply.readInt32();
941 if (err < 0) {
942 ALOGD("is_hardware_backed() caught exception %d\n", err);
943 return -1;
944 }
945 return ret;
946 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]947
948 virtual int32_t clear_uid(int64_t uid)
949 {
950 Parcel data, reply;
951 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
952 data.writeInt64(uid);
953 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
954 if (status != NO_ERROR) {
955 ALOGD("clear_uid() could not contact remote: %d\n", status);
956 return -1;
957 }
958 int32_t err = reply.readExceptionCode();
959 int32_t ret = reply.readInt32();
960 if (err < 0) {
961 ALOGD("clear_uid() caught exception %d\n", err);
962 return -1;
963 }
964 return ret;
965 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]966
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]967 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
968 {
969 Parcel data, reply;
970 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]971 data.writeByteArray(bufLength, buf);
972 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
973 if (status != NO_ERROR) {
974 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
975 return -1;
976 }
977 int32_t err = reply.readExceptionCode();
978 int32_t ret = reply.readInt32();
979 if (err < 0) {
980 ALOGD("addRngEntropy() caught exception %d\n", err);
981 return -1;
982 }
983 return ret;
984 };
985
986 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]987 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
988 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]989 {
990 Parcel data, reply;
991 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
992 data.writeString16(name);
993 data.writeInt32(1);
994 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]995 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]996 data.writeInt32(uid);
997 data.writeInt32(flags);
998 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
999 if (status != NO_ERROR) {
1000 ALOGD("generateKey() could not contact remote: %d\n", status);
1001 return KM_ERROR_UNKNOWN_ERROR;
1002 }
1003 int32_t err = reply.readExceptionCode();
1004 int32_t ret = reply.readInt32();
1005 if (err < 0) {
1006 ALOGD("generateKey() caught exception %d\n", err);
1007 return KM_ERROR_UNKNOWN_ERROR;
1008 }
1009 if (reply.readInt32() != 0 && outCharacteristics) {
1010 outCharacteristics->readFromParcel(reply);
1011 }
1012 return ret;
1013 }
1014 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1015 const keymaster_blob_t* clientId,
1016 const keymaster_blob_t* appData,
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1017 int32_t uid, KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1018 {
1019 Parcel data, reply;
1020 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1021 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1022 if (clientId) {
1023 data.writeByteArray(clientId->data_length, clientId->data);
1024 } else {
1025 data.writeInt32(-1);
1026 }
1027 if (appData) {
1028 data.writeByteArray(appData->data_length, appData->data);
1029 } else {
1030 data.writeInt32(-1);
1031 }
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1032 data.writeInt32(uid);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1033 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1034 data, &reply);
1035 if (status != NO_ERROR) {
1036 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1037 return KM_ERROR_UNKNOWN_ERROR;
1038 }
1039 int32_t err = reply.readExceptionCode();
1040 int32_t ret = reply.readInt32();
1041 if (err < 0) {
1042 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1043 return KM_ERROR_UNKNOWN_ERROR;
1044 }
1045 if (reply.readInt32() != 0 && outCharacteristics) {
1046 outCharacteristics->readFromParcel(reply);
1047 }
1048 return ret;
1049 }
1050 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1051 keymaster_key_format_t format, const uint8_t *keyData,
1052 size_t keyLength, int uid, int flags,
1053 KeyCharacteristics* outCharacteristics)
1054 {
1055 Parcel data, reply;
1056 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1057 data.writeString16(name);
1058 data.writeInt32(1);
1059 params.writeToParcel(&data);
1060 data.writeInt32(format);
1061 data.writeByteArray(keyLength, keyData);
1062 data.writeInt32(uid);
1063 data.writeInt32(flags);
1064 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1065 if (status != NO_ERROR) {
1066 ALOGD("importKey() could not contact remote: %d\n", status);
1067 return KM_ERROR_UNKNOWN_ERROR;
1068 }
1069 int32_t err = reply.readExceptionCode();
1070 int32_t ret = reply.readInt32();
1071 if (err < 0) {
1072 ALOGD("importKey() caught exception %d\n", err);
1073 return KM_ERROR_UNKNOWN_ERROR;
1074 }
1075 if (reply.readInt32() != 0 && outCharacteristics) {
1076 outCharacteristics->readFromParcel(reply);
1077 }
1078 return ret;
1079 }
1080
1081 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1082 const keymaster_blob_t* clientId,
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1083 const keymaster_blob_t* appData, int32_t uid, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1084 {
1085 if (!result) {
1086 return;
1087 }
1088
1089 Parcel data, reply;
1090 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1091 data.writeString16(name);
1092 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1093 if (clientId) {
1094 data.writeByteArray(clientId->data_length, clientId->data);
1095 } else {
1096 data.writeInt32(-1);
1097 }
1098 if (appData) {
1099 data.writeByteArray(appData->data_length, appData->data);
1100 } else {
1101 data.writeInt32(-1);
1102 }
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1103 data.writeInt32(uid);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1104 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1105 if (status != NO_ERROR) {
1106 ALOGD("exportKey() could not contact remote: %d\n", status);
1107 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1108 return;
1109 }
1110 int32_t err = reply.readExceptionCode();
1111 if (err < 0) {
1112 ALOGD("exportKey() caught exception %d\n", err);
1113 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1114 return;
1115 }
1116 if (reply.readInt32() != 0) {
1117 result->readFromParcel(reply);
1118 }
1119 }
1120
1121 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1122 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1123 const KeymasterArguments& params, const uint8_t* entropy,
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1124 size_t entropyLength, int32_t uid, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1125 {
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1126 if (!result) {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1127 return;
1128 }
1129 Parcel data, reply;
1130 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1131 data.writeStrongBinder(appToken);
1132 data.writeString16(name);
1133 data.writeInt32(purpose);
1134 data.writeInt32(pruneable ? 1 : 0);
1135 data.writeInt32(1);
1136 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1137 data.writeByteArray(entropyLength, entropy);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1138 data.writeInt32(uid);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1139 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1140 if (status != NO_ERROR) {
1141 ALOGD("begin() could not contact remote: %d\n", status);
1142 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1143 return;
1144 }
1145 int32_t err = reply.readExceptionCode();
1146 if (err < 0) {
1147 ALOGD("begin() caught exception %d\n", err);
1148 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1149 return;
1150 }
1151 if (reply.readInt32() != 0) {
1152 result->readFromParcel(reply);
1153 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1154 }
1155
1156 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1157 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1158 {
1159 if (!result) {
1160 return;
1161 }
1162 Parcel data, reply;
1163 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1164 data.writeStrongBinder(token);
1165 data.writeInt32(1);
1166 params.writeToParcel(&data);
1167 data.writeByteArray(dataLength, opData);
1168 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1169 if (status != NO_ERROR) {
1170 ALOGD("update() could not contact remote: %d\n", status);
1171 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1172 return;
1173 }
1174 int32_t err = reply.readExceptionCode();
1175 if (err < 0) {
1176 ALOGD("update() caught exception %d\n", err);
1177 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1178 return;
1179 }
1180 if (reply.readInt32() != 0) {
1181 result->readFromParcel(reply);
1182 }
1183 }
1184
1185 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1186 const uint8_t* signature, size_t signatureLength,
1187 const uint8_t* entropy, size_t entropyLength,
1188 OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1189 {
1190 if (!result) {
1191 return;
1192 }
1193 Parcel data, reply;
1194 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1195 data.writeStrongBinder(token);
1196 data.writeInt32(1);
1197 params.writeToParcel(&data);
1198 data.writeByteArray(signatureLength, signature);
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1199 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1200 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1201 if (status != NO_ERROR) {
1202 ALOGD("finish() could not contact remote: %d\n", status);
1203 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1204 return;
1205 }
1206 int32_t err = reply.readExceptionCode();
1207 if (err < 0) {
1208 ALOGD("finish() caught exception %d\n", err);
1209 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1210 return;
1211 }
1212 if (reply.readInt32() != 0) {
1213 result->readFromParcel(reply);
1214 }
1215 }
1216
1217 virtual int32_t abort(const sp<IBinder>& token)
1218 {
1219 Parcel data, reply;
1220 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1221 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1222 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1223 if (status != NO_ERROR) {
1224 ALOGD("abort() could not contact remote: %d\n", status);
1225 return KM_ERROR_UNKNOWN_ERROR;
1226 }
1227 int32_t err = reply.readExceptionCode();
1228 int32_t ret = reply.readInt32();
1229 if (err < 0) {
1230 ALOGD("abort() caught exception %d\n", err);
1231 return KM_ERROR_UNKNOWN_ERROR;
1232 }
1233 return ret;
1234 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1235
1236 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1237 {
1238 Parcel data, reply;
1239 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1240 data.writeStrongBinder(token);
1241 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1242 &reply);
1243 if (status != NO_ERROR) {
1244 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1245 return false;
1246 }
1247 int32_t err = reply.readExceptionCode();
1248 int32_t ret = reply.readInt32();
1249 if (err < 0) {
1250 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1251 return false;
1252 }
1253 return ret == 1;
1254 }
1255
1256 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1257 {
1258 Parcel data, reply;
1259 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1260 data.writeByteArray(length, token);
1261 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1262 if (status != NO_ERROR) {
1263 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1264 return -1;
1265 }
1266 int32_t err = reply.readExceptionCode();
1267 int32_t ret = reply.readInt32();
1268 if (err < 0) {
1269 ALOGD("addAuthToken() caught exception %d\n", err);
1270 return -1;
1271 }
1272 return ret;
1273 };
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1274
1275 virtual int32_t onUserAdded(int32_t userId, int32_t parentId)
1276 {
1277 Parcel data, reply;
1278 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1279 data.writeInt32(userId);
1280 data.writeInt32(parentId);
1281 status_t status = remote()->transact(BnKeystoreService::ON_USER_ADDED, data, &reply);
1282 if (status != NO_ERROR) {
1283 ALOGD("onUserAdded() could not contact remote: %d\n", status);
1284 return -1;
1285 }
1286 int32_t err = reply.readExceptionCode();
1287 int32_t ret = reply.readInt32();
1288 if (err < 0) {
1289 ALOGD("onUserAdded() caught exception %d\n", err);
1290 return -1;
1291 }
1292 return ret;
1293 }
1294
1295 virtual int32_t onUserRemoved(int32_t userId)
1296 {
1297 Parcel data, reply;
1298 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1299 data.writeInt32(userId);
1300 status_t status = remote()->transact(BnKeystoreService::ON_USER_REMOVED, data, &reply);
1301 if (status != NO_ERROR) {
1302 ALOGD("onUserRemoved() could not contact remote: %d\n", status);
1303 return -1;
1304 }
1305 int32_t err = reply.readExceptionCode();
1306 int32_t ret = reply.readInt32();
1307 if (err < 0) {
1308 ALOGD("onUserRemoved() caught exception %d\n", err);
1309 return -1;
1310 }
1311 return ret;
1312 }
1313
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]1314 virtual int32_t attestKey(const String16& name, const KeymasterArguments& params,
1315 KeymasterCertificateChain* outChain) {
1316 if (!outChain)
1317 return KM_ERROR_OUTPUT_PARAMETER_NULL;
1318
1319 Parcel data, reply;
1320 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1321 data.writeString16(name);
1322 data.writeInt32(1); // params is not NULL.
1323 params.writeToParcel(&data);
1324
1325 status_t status = remote()->transact(BnKeystoreService::ATTEST_KEY, data, &reply);
1326 if (status != NO_ERROR) {
1327 ALOGD("attestkey() count not contact remote: %d\n", status);
1328 return KM_ERROR_UNKNOWN_ERROR;
1329 }
1330 int32_t err = reply.readExceptionCode();
1331 int32_t ret = reply.readInt32();
1332 if (err < 0) {
1333 ALOGD("attestKey() caught exception %d\n", err);
1334 return KM_ERROR_UNKNOWN_ERROR;
1335 }
1336 if (reply.readInt32() != 0) {
1337 outChain->readFromParcel(reply);
1338 }
1339 return ret;
1340 }
1341
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1342};
1343
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1344IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1345
1346// ----------------------------------------------------------------------
1347
1348status_t BnKeystoreService::onTransact(
1349 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1350{
1351 switch(code) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1352 case GET_STATE: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1353 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1354 int32_t userId = data.readInt32();
1355 int32_t ret = getState(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1356 reply->writeNoException();
1357 reply->writeInt32(ret);
1358 return NO_ERROR;
1359 } break;
1360 case GET: {
1361 CHECK_INTERFACE(IKeystoreService, data, reply);
1362 String16 name = data.readString16();
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1363 int32_t uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1364 void* out = NULL;
1365 size_t outSize = 0;
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1366 int32_t ret = get(name, uid, (uint8_t**) &out, &outSize);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1367 reply->writeNoException();
1368 if (ret == 1) {
1369 reply->writeInt32(outSize);
1370 void* buf = reply->writeInplace(outSize);
1371 memcpy(buf, out, outSize);
1372 free(out);
1373 } else {
1374 reply->writeInt32(-1);
1375 }
1376 return NO_ERROR;
1377 } break;
1378 case INSERT: {
1379 CHECK_INTERFACE(IKeystoreService, data, reply);
1380 String16 name = data.readString16();
1381 ssize_t inSize = data.readInt32();
1382 const void* in;
1383 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1384 in = data.readInplace(inSize);
1385 } else {
1386 in = NULL;
1387 inSize = 0;
1388 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1389 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1390 int32_t flags = data.readInt32();
1391 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1392 reply->writeNoException();
1393 reply->writeInt32(ret);
1394 return NO_ERROR;
1395 } break;
1396 case DEL: {
1397 CHECK_INTERFACE(IKeystoreService, data, reply);
1398 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1399 int uid = data.readInt32();
1400 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1401 reply->writeNoException();
1402 reply->writeInt32(ret);
1403 return NO_ERROR;
1404 } break;
1405 case EXIST: {
1406 CHECK_INTERFACE(IKeystoreService, data, reply);
1407 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1408 int uid = data.readInt32();
1409 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1410 reply->writeNoException();
1411 reply->writeInt32(ret);
1412 return NO_ERROR;
1413 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1414 case LIST: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1415 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1416 String16 prefix = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1417 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1418 Vector<String16> matches;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1419 int32_t ret = list(prefix, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1420 reply->writeNoException();
1421 reply->writeInt32(matches.size());
1422 Vector<String16>::const_iterator it = matches.begin();
1423 for (; it != matches.end(); ++it) {
1424 reply->writeString16(*it);
1425 }
1426 reply->writeInt32(ret);
1427 return NO_ERROR;
1428 } break;
1429 case RESET: {
1430 CHECK_INTERFACE(IKeystoreService, data, reply);
1431 int32_t ret = reset();
1432 reply->writeNoException();
1433 reply->writeInt32(ret);
1434 return NO_ERROR;
1435 } break;
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1436 case ON_USER_PASSWORD_CHANGED: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1437 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1438 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1439 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1440 int32_t ret = onUserPasswordChanged(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1441 reply->writeNoException();
1442 reply->writeInt32(ret);
1443 return NO_ERROR;
1444 } break;
1445 case LOCK: {
1446 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1447 int32_t userId = data.readInt32();
1448 int32_t ret = lock(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1449 reply->writeNoException();
1450 reply->writeInt32(ret);
1451 return NO_ERROR;
1452 } break;
1453 case UNLOCK: {
1454 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1455 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1456 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1457 int32_t ret = unlock(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1458 reply->writeNoException();
1459 reply->writeInt32(ret);
1460 return NO_ERROR;
1461 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1462 case IS_EMPTY: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1463 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1464 int32_t userId = data.readInt32();
1465 bool ret = isEmpty(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1466 reply->writeNoException();
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1467 reply->writeInt32(ret ? 1 : 0);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1468 return NO_ERROR;
1469 } break;
1470 case GENERATE: {
1471 CHECK_INTERFACE(IKeystoreService, data, reply);
1472 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1473 int32_t uid = data.readInt32();
1474 int32_t keyType = data.readInt32();
1475 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1476 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1477 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1478 int32_t argsPresent = data.readInt32();
1479 if (argsPresent == 1) {
1480 ssize_t numArgs = data.readInt32();
Chad Brubakered4f5662015-01-14 19:22:09 -0800[diff] [blame]1481 if (numArgs > MAX_GENERATE_ARGS) {
1482 return BAD_VALUE;
1483 }
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1484 if (numArgs > 0) {
1485 for (size_t i = 0; i < (size_t) numArgs; i++) {
1486 ssize_t inSize = data.readInt32();
1487 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1488 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1489 inSize);
1490 args.push_back(arg);
1491 } else {
1492 args.push_back(NULL);
1493 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1494 }
1495 }
1496 }
1497 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1498 reply->writeNoException();
1499 reply->writeInt32(ret);
1500 return NO_ERROR;
1501 } break;
1502 case IMPORT: {
1503 CHECK_INTERFACE(IKeystoreService, data, reply);
1504 String16 name = data.readString16();
1505 ssize_t inSize = data.readInt32();
1506 const void* in;
1507 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1508 in = data.readInplace(inSize);
1509 } else {
1510 in = NULL;
1511 inSize = 0;
1512 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1513 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1514 int32_t flags = data.readInt32();
1515 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1516 reply->writeNoException();
1517 reply->writeInt32(ret);
1518 return NO_ERROR;
1519 } break;
1520 case SIGN: {
1521 CHECK_INTERFACE(IKeystoreService, data, reply);
1522 String16 name = data.readString16();
1523 ssize_t inSize = data.readInt32();
1524 const void* in;
1525 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1526 in = data.readInplace(inSize);
1527 } else {
1528 in = NULL;
1529 inSize = 0;
1530 }
1531 void* out = NULL;
1532 size_t outSize = 0;
1533 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1534 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1535 if (outSize > 0 && out != NULL) {
1536 reply->writeInt32(outSize);
1537 void* buf = reply->writeInplace(outSize);
1538 memcpy(buf, out, outSize);
Chad Brubaker3a7d9e62015-06-04 15:01:46 -0700[diff] [blame]1539 delete[] reinterpret_cast<uint8_t*>(out);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1540 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1541 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1542 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1543 reply->writeInt32(ret);
1544 return NO_ERROR;
1545 } break;
1546 case VERIFY: {
1547 CHECK_INTERFACE(IKeystoreService, data, reply);
1548 String16 name = data.readString16();
1549 ssize_t inSize = data.readInt32();
1550 const void* in;
1551 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1552 in = data.readInplace(inSize);
1553 } else {
1554 in = NULL;
1555 inSize = 0;
1556 }
1557 ssize_t sigSize = data.readInt32();
1558 const void* sig;
1559 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1560 sig = data.readInplace(sigSize);
1561 } else {
1562 sig = NULL;
1563 sigSize = 0;
1564 }
1565 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1566 (size_t) sigSize);
1567 reply->writeNoException();
1568 reply->writeInt32(ret ? 1 : 0);
1569 return NO_ERROR;
1570 } break;
1571 case GET_PUBKEY: {
1572 CHECK_INTERFACE(IKeystoreService, data, reply);
1573 String16 name = data.readString16();
1574 void* out = NULL;
1575 size_t outSize = 0;
1576 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1577 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1578 if (outSize > 0 && out != NULL) {
1579 reply->writeInt32(outSize);
1580 void* buf = reply->writeInplace(outSize);
1581 memcpy(buf, out, outSize);
1582 free(out);
1583 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1584 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1585 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1586 reply->writeInt32(ret);
1587 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1588 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1589 case GRANT: {
1590 CHECK_INTERFACE(IKeystoreService, data, reply);
1591 String16 name = data.readString16();
1592 int32_t granteeUid = data.readInt32();
1593 int32_t ret = grant(name, granteeUid);
1594 reply->writeNoException();
1595 reply->writeInt32(ret);
1596 return NO_ERROR;
1597 } break;
1598 case UNGRANT: {
1599 CHECK_INTERFACE(IKeystoreService, data, reply);
1600 String16 name = data.readString16();
1601 int32_t granteeUid = data.readInt32();
1602 int32_t ret = ungrant(name, granteeUid);
1603 reply->writeNoException();
1604 reply->writeInt32(ret);
1605 return NO_ERROR;
1606 } break;
1607 case GETMTIME: {
1608 CHECK_INTERFACE(IKeystoreService, data, reply);
1609 String16 name = data.readString16();
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1610 int32_t uid = data.readInt32();
1611 int64_t ret = getmtime(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1612 reply->writeNoException();
1613 reply->writeInt64(ret);
1614 return NO_ERROR;
1615 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1616 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1617 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1618 String16 srcKey = data.readString16();
1619 int32_t srcUid = data.readInt32();
1620 String16 destKey = data.readString16();
1621 int32_t destUid = data.readInt32();
1622 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1623 reply->writeNoException();
1624 reply->writeInt32(ret);
1625 return NO_ERROR;
1626 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1627 case IS_HARDWARE_BACKED: {
1628 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1629 String16 keyType = data.readString16();
1630 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1631 reply->writeNoException();
1632 reply->writeInt32(ret);
1633 return NO_ERROR;
1634 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1635 case CLEAR_UID: {
1636 CHECK_INTERFACE(IKeystoreService, data, reply);
1637 int64_t uid = data.readInt64();
1638 int32_t ret = clear_uid(uid);
1639 reply->writeNoException();
1640 reply->writeInt32(ret);
1641 return NO_ERROR;
1642 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1643 case ADD_RNG_ENTROPY: {
1644 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1645 const uint8_t* bytes = NULL;
1646 size_t size = 0;
1647 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1648 int32_t ret = addRngEntropy(bytes, size);
1649 reply->writeNoException();
1650 reply->writeInt32(ret);
1651 return NO_ERROR;
1652 }
1653 case GENERATE_KEY: {
1654 CHECK_INTERFACE(IKeystoreService, data, reply);
1655 String16 name = data.readString16();
1656 KeymasterArguments args;
1657 if (data.readInt32() != 0) {
1658 args.readFromParcel(data);
1659 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1660 const uint8_t* entropy = NULL;
1661 size_t entropyLength = 0;
1662 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1663 int32_t uid = data.readInt32();
1664 int32_t flags = data.readInt32();
1665 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1666 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1667 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1668 reply->writeNoException();
1669 reply->writeInt32(ret);
1670 reply->writeInt32(1);
1671 outCharacteristics.writeToParcel(reply);
1672 return NO_ERROR;
1673 }
1674 case GET_KEY_CHARACTERISTICS: {
1675 CHECK_INTERFACE(IKeystoreService, data, reply);
1676 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1677 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1678 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1679 int32_t uid = data.readInt32();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1680 KeyCharacteristics outCharacteristics;
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1681 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(), uid,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1682 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1683 reply->writeNoException();
1684 reply->writeInt32(ret);
1685 reply->writeInt32(1);
1686 outCharacteristics.writeToParcel(reply);
1687 return NO_ERROR;
1688 }
1689 case IMPORT_KEY: {
1690 CHECK_INTERFACE(IKeystoreService, data, reply);
1691 String16 name = data.readString16();
1692 KeymasterArguments args;
1693 if (data.readInt32() != 0) {
1694 args.readFromParcel(data);
1695 }
1696 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1697 const uint8_t* keyData = NULL;
1698 size_t keyLength = 0;
1699 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1700 int32_t uid = data.readInt32();
1701 int32_t flags = data.readInt32();
1702 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1703 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1704 &outCharacteristics);
1705 reply->writeNoException();
1706 reply->writeInt32(ret);
1707 reply->writeInt32(1);
1708 outCharacteristics.writeToParcel(reply);
1709
1710 return NO_ERROR;
1711 }
1712 case EXPORT_KEY: {
1713 CHECK_INTERFACE(IKeystoreService, data, reply);
1714 String16 name = data.readString16();
1715 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1716 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1717 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1718 int32_t uid = data.readInt32();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1719 ExportResult result;
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1720 exportKey(name, format, clientId.get(), appData.get(), uid, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1721 reply->writeNoException();
1722 reply->writeInt32(1);
1723 result.writeToParcel(reply);
1724
1725 return NO_ERROR;
1726 }
1727 case BEGIN: {
1728 CHECK_INTERFACE(IKeystoreService, data, reply);
1729 sp<IBinder> token = data.readStrongBinder();
1730 String16 name = data.readString16();
1731 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1732 bool pruneable = data.readInt32() != 0;
1733 KeymasterArguments args;
1734 if (data.readInt32() != 0) {
1735 args.readFromParcel(data);
1736 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1737 const uint8_t* entropy = NULL;
1738 size_t entropyLength = 0;
1739 readByteArray(data, &entropy, &entropyLength);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1740 int32_t uid = data.readInt32();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1741 OperationResult result;
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1742 begin(token, name, purpose, pruneable, args, entropy, entropyLength, uid, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1743 reply->writeNoException();
1744 reply->writeInt32(1);
1745 result.writeToParcel(reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1746
1747 return NO_ERROR;
1748 }
1749 case UPDATE: {
1750 CHECK_INTERFACE(IKeystoreService, data, reply);
1751 sp<IBinder> token = data.readStrongBinder();
1752 KeymasterArguments args;
1753 if (data.readInt32() != 0) {
1754 args.readFromParcel(data);
1755 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1756 const uint8_t* buf = NULL;
1757 size_t bufLength = 0;
1758 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1759 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1760 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1761 reply->writeNoException();
1762 reply->writeInt32(1);
1763 result.writeToParcel(reply);
1764
1765 return NO_ERROR;
1766 }
1767 case FINISH: {
1768 CHECK_INTERFACE(IKeystoreService, data, reply);
1769 sp<IBinder> token = data.readStrongBinder();
1770 KeymasterArguments args;
1771 if (data.readInt32() != 0) {
1772 args.readFromParcel(data);
1773 }
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1774 const uint8_t* signature = NULL;
1775 size_t signatureLength = 0;
1776 readByteArray(data, &signature, &signatureLength);
1777 const uint8_t* entropy = NULL;
1778 size_t entropyLength = 0;
1779 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1780 OperationResult result;
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1781 finish(token, args, signature, signatureLength, entropy, entropyLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1782 reply->writeNoException();
1783 reply->writeInt32(1);
1784 result.writeToParcel(reply);
1785
1786 return NO_ERROR;
1787 }
1788 case ABORT: {
1789 CHECK_INTERFACE(IKeystoreService, data, reply);
1790 sp<IBinder> token = data.readStrongBinder();
1791 int32_t result = abort(token);
1792 reply->writeNoException();
1793 reply->writeInt32(result);
1794
1795 return NO_ERROR;
1796 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1797 case IS_OPERATION_AUTHORIZED: {
1798 CHECK_INTERFACE(IKeystoreService, data, reply);
1799 sp<IBinder> token = data.readStrongBinder();
1800 bool result = isOperationAuthorized(token);
1801 reply->writeNoException();
1802 reply->writeInt32(result ? 1 : 0);
1803
1804 return NO_ERROR;
1805 }
1806 case ADD_AUTH_TOKEN: {
1807 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1808 const uint8_t* token_bytes = NULL;
1809 size_t size = 0;
1810 readByteArray(data, &token_bytes, &size);
1811 int32_t result = addAuthToken(token_bytes, size);
1812 reply->writeNoException();
1813 reply->writeInt32(result);
1814
1815 return NO_ERROR;
1816 }
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1817 case ON_USER_ADDED: {
1818 CHECK_INTERFACE(IKeystoreService, data, reply);
1819 int32_t userId = data.readInt32();
1820 int32_t parentId = data.readInt32();
1821 int32_t result = onUserAdded(userId, parentId);
1822 reply->writeNoException();
1823 reply->writeInt32(result);
1824
1825 return NO_ERROR;
1826 }
1827 case ON_USER_REMOVED: {
1828 CHECK_INTERFACE(IKeystoreService, data, reply);
1829 int32_t userId = data.readInt32();
1830 int32_t result = onUserRemoved(userId);
1831 reply->writeNoException();
1832 reply->writeInt32(result);
1833
1834 return NO_ERROR;
1835 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1836 default:
1837 return BBinder::onTransact(code, data, reply, flags);
1838 }
1839}
1840
1841// ----------------------------------------------------------------------------
1842
1843}; // namespace android