Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 1ed701682aab38fc77118f5d44dc4c73be5f2807 / . / keystore / IKeystoreService.cpp
blob: 79edd42a252b6c55e07834bfbcbb0bb5138772bc [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubakerc5b1ae12015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Chad Brubakerc5b1ae12015-02-03 13:03:00 -0800[diff] [blame]33static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
34
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]35KeystoreArg::KeystoreArg(const void* data, size_t len)
36 : mData(data), mSize(len) {
37}
38
39KeystoreArg::~KeystoreArg() {
40}
41
42const void *KeystoreArg::data() const {
43 return mData;
44}
45
46size_t KeystoreArg::size() const {
47 return mSize;
48}
49
Chad Brubakerc5b1ae12015-02-03 13:03:00 -0800[diff] [blame]50OperationResult::OperationResult() : resultCode(0), token(), inputConsumed(0),
51 data(NULL), dataLength(0) {
52}
53
54OperationResult::~OperationResult() {
55}
56
57void OperationResult::readFromParcel(const Parcel& in) {
58 resultCode = in.readInt32();
59 token = in.readStrongBinder();
60 inputConsumed = in.readInt32();
61 ssize_t length = in.readInt32();
62 dataLength = 0;
63 if (length > 0) {
64 const void* buf = in.readInplace(length);
65 if (buf) {
66 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
67 if (data.get()) {
68 memcpy(data.get(), buf, length);
69 dataLength = (size_t) length;
70 } else {
71 ALOGE("Failed to allocate OperationResult buffer");
72 }
73 } else {
74 ALOGE("Failed to readInplace OperationResult data");
75 }
76 }
77}
78
79void OperationResult::writeToParcel(Parcel* out) const {
80 out->writeInt32(resultCode);
81 out->writeStrongBinder(token);
82 out->writeInt32(inputConsumed);
83 out->writeInt32(dataLength);
84 if (dataLength && data) {
85 void* buf = out->writeInplace(dataLength);
86 if (buf) {
87 memcpy(buf, data.get(), dataLength);
88 } else {
89 ALOGE("Failed to writeInplace OperationResult data.");
90 }
91 }
92}
93
94ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
95}
96
97ExportResult::~ExportResult() {
98}
99
100void ExportResult::readFromParcel(const Parcel& in) {
101 resultCode = in.readInt32();
102 ssize_t length = in.readInt32();
103 dataLength = 0;
104 if (length > 0) {
105 const void* buf = in.readInplace(length);
106 if (buf) {
107 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
108 if (exportData.get()) {
109 memcpy(exportData.get(), buf, length);
110 dataLength = (size_t) length;
111 } else {
112 ALOGE("Failed to allocate ExportData buffer");
113 }
114 } else {
115 ALOGE("Failed to readInplace ExportData data");
116 }
117 }
118}
119
120void ExportResult::writeToParcel(Parcel* out) const {
121 out->writeInt32(resultCode);
122 out->writeInt32(dataLength);
123 if (exportData && dataLength) {
124 void* buf = out->writeInplace(dataLength);
125 if (buf) {
126 memcpy(buf, exportData.get(), dataLength);
127 } else {
128 ALOGE("Failed to writeInplace ExportResult data.");
129 }
130 }
131}
132
133KeymasterArguments::KeymasterArguments() {
134}
135
136KeymasterArguments::~KeymasterArguments() {
137 keymaster_free_param_values(params.data(), params.size());
138}
139
140void KeymasterArguments::readFromParcel(const Parcel& in) {
141 ssize_t length = in.readInt32();
142 size_t ulength = (size_t) length;
143 if (length < 0) {
144 ulength = 0;
145 }
146 keymaster_free_param_values(params.data(), params.size());
147 params.clear();
148 for(size_t i = 0; i < ulength; i++) {
149 keymaster_key_param_t param;
150 if (!readKeymasterArgumentFromParcel(in, &param)) {
151 ALOGE("Error reading keymaster argument from parcel");
152 break;
153 }
154 params.push_back(param);
155 }
156}
157
158void KeymasterArguments::writeToParcel(Parcel* out) const {
159 out->writeInt32(params.size());
160 for (auto param : params) {
161 out->writeInt32(1);
162 writeKeymasterArgumentToParcel(param, out);
163 }
164}
165
166KeyCharacteristics::KeyCharacteristics() {
167 memset((void*) &characteristics, 0, sizeof(characteristics));
168}
169
170KeyCharacteristics::~KeyCharacteristics() {
171 keymaster_free_characteristics(&characteristics);
172}
173
174void KeyCharacteristics::readFromParcel(const Parcel& in) {
175 size_t length;
176 keymaster_key_param_t* params = readParamList(in, &length);
177 characteristics.sw_enforced.params = params;
178 characteristics.sw_enforced.length = length;
179
180 params = readParamList(in, &length);
181 characteristics.hw_enforced.params = params;
182 characteristics.hw_enforced.length = length;
183}
184
185void KeyCharacteristics::writeToParcel(Parcel* out) const {
186 if (characteristics.sw_enforced.params) {
187 out->writeInt32(characteristics.sw_enforced.length);
188 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
189 out->writeInt32(1);
190 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
191 }
192 } else {
193 out->writeInt32(0);
194 }
195 if (characteristics.hw_enforced.params) {
196 out->writeInt32(characteristics.hw_enforced.length);
197 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
198 out->writeInt32(1);
199 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
200 }
201 } else {
202 out->writeInt32(0);
203 }
204}
205
206void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
207 switch (keymaster_tag_get_type(param.tag)) {
208 case KM_ENUM:
209 case KM_ENUM_REP: {
210 out->writeInt32(param.tag);
211 out->writeInt32(param.enumerated);
212 break;
213 }
214 case KM_INT:
215 case KM_INT_REP: {
216 out->writeInt32(param.tag);
217 out->writeInt32(param.integer);
218 break;
219 }
220 case KM_LONG: {
221 out->writeInt32(param.tag);
222 out->writeInt64(param.long_integer);
223 break;
224 }
225 case KM_DATE: {
226 out->writeInt32(param.tag);
227 out->writeInt64(param.date_time);
228 break;
229 }
230 case KM_BOOL: {
231 out->writeInt32(param.tag);
232 break;
233 }
234 case KM_BIGNUM:
235 case KM_BYTES: {
236 out->writeInt32(param.tag);
237 out->writeInt32(param.blob.data_length);
238 void* buf = out->writeInplace(param.blob.data_length);
239 if (buf) {
240 memcpy(buf, param.blob.data, param.blob.data_length);
241 } else {
242 ALOGE("Failed to writeInplace keymaster blob param");
243 }
244 break;
245 }
246 default: {
247 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
248 }
249 }
250}
251
252
253bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
254 if (in.readInt32() == 0) {
255 return false;
256 }
257 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
258 switch (keymaster_tag_get_type(tag)) {
259 case KM_ENUM:
260 case KM_ENUM_REP: {
261 uint32_t value = in.readInt32();
262 *out = keymaster_param_enum(tag, value);
263 break;
264 }
265 case KM_INT:
266 case KM_INT_REP: {
267 uint32_t value = in.readInt32();
268 *out = keymaster_param_int(tag, value);
269 break;
270 }
271 case KM_LONG: {
272 uint64_t value = in.readInt64();
273 *out = keymaster_param_long(tag, value);
274 break;
275 }
276 case KM_DATE: {
277 uint64_t value = in.readInt64();
278 *out = keymaster_param_date(tag, value);
279 break;
280 }
281 case KM_BOOL: {
282 *out = keymaster_param_bool(tag);
283 break;
284 }
285 case KM_BIGNUM:
286 case KM_BYTES: {
287 ssize_t length = in.readInt32();
288 uint8_t* data = NULL;
289 size_t ulength = 0;
290 if (length >= 0) {
291 ulength = (size_t) length;
292 // use malloc here so we can use keymaster_free_param_values
293 // consistently.
294 data = reinterpret_cast<uint8_t*>(malloc(ulength));
295 const void* buf = in.readInplace(ulength);
296 if (!buf || !data) {
297 ALOGE("Failed to allocate buffer for keymaster blob param");
298 return false;
299 }
300 memcpy(data, buf, ulength);
301 }
302 *out = keymaster_param_blob(tag, data, ulength);
303 break;
304 }
305 default: {
306 ALOGE("Unsupported keymaster_tag_t %d", tag);
307 return false;
308 }
309 }
310 return true;
311}
312
313// Read a keymaster_key_param_t* from a Parcel for use in a
314// keymaster_key_characteristics_t. This will be free'd by calling
315// keymaster_free_key_characteristics.
316static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
317 ssize_t slength = in.readInt32();
318 if (slength < 0) {
319 return NULL;
320 }
321 *length = (size_t) slength;
322 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
323 return NULL;
324 }
325 keymaster_key_param_t* list =
326 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
327 sizeof(keymaster_key_param_t)));
328 if (!list) {
329 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
330 goto err;
331 }
332 for (size_t i = 0; i < *length ; i++) {
333 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
334 ALOGE("Failed to read keymaster argument");
335 keymaster_free_param_values(list, i);
336 goto err;
337 }
338 }
339 return list;
340err:
341 free(list);
342 return NULL;
343}
344
345static void readKeymasterBlob(const Parcel& in, keymaster_blob_t* blob) {
346 ssize_t length = in.readInt32();
347 if (length > 0) {
348 blob->data = (uint8_t*) in.readInplace(length);
349 if (blob->data) {
350 blob->data_length = (size_t) length;
351 } else {
352 blob->data_length = 0;
353 }
354 } else {
355 blob->data = NULL;
356 blob->data_length = 0;
357 }
358}
359
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]360class BpKeystoreService: public BpInterface<IKeystoreService>
361{
362public:
363 BpKeystoreService(const sp<IBinder>& impl)
364 : BpInterface<IKeystoreService>(impl)
365 {
366 }
367
368 // test ping
369 virtual int32_t test()
370 {
371 Parcel data, reply;
372 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
373 status_t status = remote()->transact(BnKeystoreService::TEST, data, &reply);
374 if (status != NO_ERROR) {
375 ALOGD("test() could not contact remote: %d\n", status);
376 return -1;
377 }
378 int32_t err = reply.readExceptionCode();
379 int32_t ret = reply.readInt32();
380 if (err < 0) {
381 ALOGD("test() caught exception %d\n", err);
382 return -1;
383 }
384 return ret;
385 }
386
387 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
388 {
389 Parcel data, reply;
390 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
391 data.writeString16(name);
392 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
393 if (status != NO_ERROR) {
394 ALOGD("get() could not contact remote: %d\n", status);
395 return -1;
396 }
397 int32_t err = reply.readExceptionCode();
398 ssize_t len = reply.readInt32();
399 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
400 size_t ulen = (size_t) len;
401 const void* buf = reply.readInplace(ulen);
402 *item = (uint8_t*) malloc(ulen);
403 if (*item != NULL) {
404 memcpy(*item, buf, ulen);
405 *itemLength = ulen;
406 } else {
407 ALOGE("out of memory allocating output array in get");
408 *itemLength = 0;
409 }
410 } else {
411 *itemLength = 0;
412 }
413 if (err < 0) {
414 ALOGD("get() caught exception %d\n", err);
415 return -1;
416 }
417 return 0;
418 }
419
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]420 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
421 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]422 {
423 Parcel data, reply;
424 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
425 data.writeString16(name);
426 data.writeInt32(itemLength);
427 void* buf = data.writeInplace(itemLength);
428 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]429 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]430 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]431 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
432 if (status != NO_ERROR) {
433 ALOGD("import() could not contact remote: %d\n", status);
434 return -1;
435 }
436 int32_t err = reply.readExceptionCode();
437 int32_t ret = reply.readInt32();
438 if (err < 0) {
439 ALOGD("import() caught exception %d\n", err);
440 return -1;
441 }
442 return ret;
443 }
444
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]445 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]446 {
447 Parcel data, reply;
448 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
449 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]450 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]451 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
452 if (status != NO_ERROR) {
453 ALOGD("del() could not contact remote: %d\n", status);
454 return -1;
455 }
456 int32_t err = reply.readExceptionCode();
457 int32_t ret = reply.readInt32();
458 if (err < 0) {
459 ALOGD("del() caught exception %d\n", err);
460 return -1;
461 }
462 return ret;
463 }
464
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]465 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]466 {
467 Parcel data, reply;
468 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
469 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]470 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]471 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
472 if (status != NO_ERROR) {
473 ALOGD("exist() could not contact remote: %d\n", status);
474 return -1;
475 }
476 int32_t err = reply.readExceptionCode();
477 int32_t ret = reply.readInt32();
478 if (err < 0) {
479 ALOGD("exist() caught exception %d\n", err);
480 return -1;
481 }
482 return ret;
483 }
484
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]485 virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]486 {
487 Parcel data, reply;
488 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
489 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]490 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]491 status_t status = remote()->transact(BnKeystoreService::SAW, data, &reply);
492 if (status != NO_ERROR) {
493 ALOGD("saw() could not contact remote: %d\n", status);
494 return -1;
495 }
496 int32_t err = reply.readExceptionCode();
497 int32_t numMatches = reply.readInt32();
498 for (int32_t i = 0; i < numMatches; i++) {
499 matches->push(reply.readString16());
500 }
501 int32_t ret = reply.readInt32();
502 if (err < 0) {
503 ALOGD("saw() caught exception %d\n", err);
504 return -1;
505 }
506 return ret;
507 }
508
509 virtual int32_t reset()
510 {
511 Parcel data, reply;
512 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
513 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
514 if (status != NO_ERROR) {
515 ALOGD("reset() could not contact remote: %d\n", status);
516 return -1;
517 }
518 int32_t err = reply.readExceptionCode();
519 int32_t ret = reply.readInt32();
520 if (err < 0) {
521 ALOGD("reset() caught exception %d\n", err);
522 return -1;
523 }
524 return ret;
525 }
526
527 virtual int32_t password(const String16& password)
528 {
529 Parcel data, reply;
530 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
531 data.writeString16(password);
532 status_t status = remote()->transact(BnKeystoreService::PASSWORD, data, &reply);
533 if (status != NO_ERROR) {
534 ALOGD("password() could not contact remote: %d\n", status);
535 return -1;
536 }
537 int32_t err = reply.readExceptionCode();
538 int32_t ret = reply.readInt32();
539 if (err < 0) {
540 ALOGD("password() caught exception %d\n", err);
541 return -1;
542 }
543 return ret;
544 }
545
546 virtual int32_t lock()
547 {
548 Parcel data, reply;
549 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
550 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
551 if (status != NO_ERROR) {
552 ALOGD("lock() could not contact remote: %d\n", status);
553 return -1;
554 }
555 int32_t err = reply.readExceptionCode();
556 int32_t ret = reply.readInt32();
557 if (err < 0) {
558 ALOGD("lock() caught exception %d\n", err);
559 return -1;
560 }
561 return ret;
562 }
563
564 virtual int32_t unlock(const String16& password)
565 {
566 Parcel data, reply;
567 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
568 data.writeString16(password);
569 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
570 if (status != NO_ERROR) {
571 ALOGD("unlock() could not contact remote: %d\n", status);
572 return -1;
573 }
574 int32_t err = reply.readExceptionCode();
575 int32_t ret = reply.readInt32();
576 if (err < 0) {
577 ALOGD("unlock() caught exception %d\n", err);
578 return -1;
579 }
580 return ret;
581 }
582
583 virtual int32_t zero()
584 {
585 Parcel data, reply;
586 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
587 status_t status = remote()->transact(BnKeystoreService::ZERO, data, &reply);
588 if (status != NO_ERROR) {
589 ALOGD("zero() could not contact remote: %d\n", status);
590 return -1;
591 }
592 int32_t err = reply.readExceptionCode();
593 int32_t ret = reply.readInt32();
594 if (err < 0) {
595 ALOGD("zero() caught exception %d\n", err);
596 return -1;
597 }
598 return ret;
599 }
600
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]601 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
602 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]603 {
604 Parcel data, reply;
605 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
606 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]607 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]608 data.writeInt32(keyType);
609 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]610 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]611 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]612 data.writeInt32(args->size());
613 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
614 sp<KeystoreArg> item = *it;
615 size_t keyLength = item->size();
616 data.writeInt32(keyLength);
617 void* buf = data.writeInplace(keyLength);
618 memcpy(buf, item->data(), keyLength);
619 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]620 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
621 if (status != NO_ERROR) {
622 ALOGD("generate() could not contact remote: %d\n", status);
623 return -1;
624 }
625 int32_t err = reply.readExceptionCode();
626 int32_t ret = reply.readInt32();
627 if (err < 0) {
628 ALOGD("generate() caught exception %d\n", err);
629 return -1;
630 }
631 return ret;
632 }
633
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]634 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
635 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]636 {
637 Parcel data, reply;
638 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
639 data.writeString16(name);
640 data.writeInt32(keyLength);
641 void* buf = data.writeInplace(keyLength);
642 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]643 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]644 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]645 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
646 if (status != NO_ERROR) {
647 ALOGD("import() could not contact remote: %d\n", status);
648 return -1;
649 }
650 int32_t err = reply.readExceptionCode();
651 int32_t ret = reply.readInt32();
652 if (err < 0) {
653 ALOGD("import() caught exception %d\n", err);
654 return -1;
655 }
656 return ret;
657 }
658
659 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
660 size_t* outLength)
661 {
662 Parcel data, reply;
663 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
664 data.writeString16(name);
665 data.writeInt32(inLength);
666 void* buf = data.writeInplace(inLength);
667 memcpy(buf, in, inLength);
668 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
669 if (status != NO_ERROR) {
670 ALOGD("import() could not contact remote: %d\n", status);
671 return -1;
672 }
673 int32_t err = reply.readExceptionCode();
674 ssize_t len = reply.readInt32();
675 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
676 size_t ulen = (size_t) len;
677 const void* outBuf = reply.readInplace(ulen);
678 *out = (uint8_t*) malloc(ulen);
679 if (*out != NULL) {
680 memcpy((void*) *out, outBuf, ulen);
681 *outLength = ulen;
682 } else {
683 ALOGE("out of memory allocating output array in sign");
684 *outLength = 0;
685 }
686 } else {
687 *outLength = 0;
688 }
689 if (err < 0) {
690 ALOGD("import() caught exception %d\n", err);
691 return -1;
692 }
693 return 0;
694 }
695
696 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
697 const uint8_t* signature, size_t signatureLength)
698 {
699 Parcel data, reply;
700 void* buf;
701
702 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
703 data.writeString16(name);
704 data.writeInt32(inLength);
705 buf = data.writeInplace(inLength);
706 memcpy(buf, in, inLength);
707 data.writeInt32(signatureLength);
708 buf = data.writeInplace(signatureLength);
709 memcpy(buf, signature, signatureLength);
710 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
711 if (status != NO_ERROR) {
712 ALOGD("verify() could not contact remote: %d\n", status);
713 return -1;
714 }
715 int32_t err = reply.readExceptionCode();
716 int32_t ret = reply.readInt32();
717 if (err < 0) {
718 ALOGD("verify() caught exception %d\n", err);
719 return -1;
720 }
721 return ret;
722 }
723
724 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
725 {
726 Parcel data, reply;
727 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
728 data.writeString16(name);
729 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
730 if (status != NO_ERROR) {
731 ALOGD("get_pubkey() could not contact remote: %d\n", status);
732 return -1;
733 }
734 int32_t err = reply.readExceptionCode();
735 ssize_t len = reply.readInt32();
736 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
737 size_t ulen = (size_t) len;
738 const void* buf = reply.readInplace(ulen);
739 *pubkey = (uint8_t*) malloc(ulen);
740 if (*pubkey != NULL) {
741 memcpy(*pubkey, buf, ulen);
742 *pubkeyLength = ulen;
743 } else {
744 ALOGE("out of memory allocating output array in get_pubkey");
745 *pubkeyLength = 0;
746 }
747 } else {
748 *pubkeyLength = 0;
749 }
750 if (err < 0) {
751 ALOGD("get_pubkey() caught exception %d\n", err);
752 return -1;
753 }
754 return 0;
755 }
756
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]757 virtual int32_t del_key(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]758 {
759 Parcel data, reply;
760 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
761 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]762 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]763 status_t status = remote()->transact(BnKeystoreService::DEL_KEY, data, &reply);
764 if (status != NO_ERROR) {
765 ALOGD("del_key() could not contact remote: %d\n", status);
766 return -1;
767 }
768 int32_t err = reply.readExceptionCode();
769 int32_t ret = reply.readInt32();
770 if (err < 0) {
771 ALOGD("del_key() caught exception %d\n", err);
772 return -1;
773 }
774 return ret;
775 }
776
777 virtual int32_t grant(const String16& name, int32_t granteeUid)
778 {
779 Parcel data, reply;
780 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
781 data.writeString16(name);
782 data.writeInt32(granteeUid);
783 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
784 if (status != NO_ERROR) {
785 ALOGD("grant() could not contact remote: %d\n", status);
786 return -1;
787 }
788 int32_t err = reply.readExceptionCode();
789 int32_t ret = reply.readInt32();
790 if (err < 0) {
791 ALOGD("grant() caught exception %d\n", err);
792 return -1;
793 }
794 return ret;
795 }
796
797 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
798 {
799 Parcel data, reply;
800 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
801 data.writeString16(name);
802 data.writeInt32(granteeUid);
803 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
804 if (status != NO_ERROR) {
805 ALOGD("ungrant() could not contact remote: %d\n", status);
806 return -1;
807 }
808 int32_t err = reply.readExceptionCode();
809 int32_t ret = reply.readInt32();
810 if (err < 0) {
811 ALOGD("ungrant() caught exception %d\n", err);
812 return -1;
813 }
814 return ret;
815 }
816
817 int64_t getmtime(const String16& name)
818 {
819 Parcel data, reply;
820 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
821 data.writeString16(name);
822 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
823 if (status != NO_ERROR) {
824 ALOGD("getmtime() could not contact remote: %d\n", status);
825 return -1;
826 }
827 int32_t err = reply.readExceptionCode();
828 int64_t ret = reply.readInt64();
829 if (err < 0) {
830 ALOGD("getmtime() caught exception %d\n", err);
831 return -1;
832 }
833 return ret;
834 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]835
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]836 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
837 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]838 {
839 Parcel data, reply;
840 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]841 data.writeString16(srcKey);
842 data.writeInt32(srcUid);
843 data.writeString16(destKey);
844 data.writeInt32(destUid);
845 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]846 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]847 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]848 return -1;
849 }
850 int32_t err = reply.readExceptionCode();
851 int32_t ret = reply.readInt32();
852 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]853 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]854 return -1;
855 }
856 return ret;
857 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]858
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]859 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]860 {
861 Parcel data, reply;
862 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]863 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]864 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
865 if (status != NO_ERROR) {
866 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
867 return -1;
868 }
869 int32_t err = reply.readExceptionCode();
870 int32_t ret = reply.readInt32();
871 if (err < 0) {
872 ALOGD("is_hardware_backed() caught exception %d\n", err);
873 return -1;
874 }
875 return ret;
876 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]877
878 virtual int32_t clear_uid(int64_t uid)
879 {
880 Parcel data, reply;
881 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
882 data.writeInt64(uid);
883 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
884 if (status != NO_ERROR) {
885 ALOGD("clear_uid() could not contact remote: %d\n", status);
886 return -1;
887 }
888 int32_t err = reply.readExceptionCode();
889 int32_t ret = reply.readInt32();
890 if (err < 0) {
891 ALOGD("clear_uid() caught exception %d\n", err);
892 return -1;
893 }
894 return ret;
895 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]896
897 virtual int32_t reset_uid(int32_t uid) {
898 Parcel data, reply;
899 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
900 data.writeInt32(uid);
901 status_t status = remote()->transact(BnKeystoreService::RESET_UID, data, &reply);
902 if (status != NO_ERROR) {
903 ALOGD("reset_uid() could not contact remote: %d\n", status);
904 return -1;
905 }
906 int32_t err = reply.readExceptionCode();
907 int32_t ret = reply.readInt32();
908 if (err < 0) {
909 ALOGD("reset_uid() caught exception %d\n", err);
910 return -1;
911 }
912 return ret;
913
914 }
915
916 virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid)
917 {
918 Parcel data, reply;
919 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
920 data.writeInt32(sourceUid);
921 data.writeInt32(targetUid);
922 status_t status = remote()->transact(BnKeystoreService::SYNC_UID, data, &reply);
923 if (status != NO_ERROR) {
924 ALOGD("sync_uid() could not contact remote: %d\n", status);
925 return -1;
926 }
927 int32_t err = reply.readExceptionCode();
928 int32_t ret = reply.readInt32();
929 if (err < 0) {
930 ALOGD("sync_uid() caught exception %d\n", err);
931 return -1;
932 }
933 return ret;
934 }
935
936 virtual int32_t password_uid(const String16& password, int32_t uid)
937 {
938 Parcel data, reply;
939 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
940 data.writeString16(password);
941 data.writeInt32(uid);
942 status_t status = remote()->transact(BnKeystoreService::PASSWORD_UID, data, &reply);
943 if (status != NO_ERROR) {
944 ALOGD("password_uid() could not contact remote: %d\n", status);
945 return -1;
946 }
947 int32_t err = reply.readExceptionCode();
948 int32_t ret = reply.readInt32();
949 if (err < 0) {
950 ALOGD("password_uid() caught exception %d\n", err);
951 return -1;
952 }
953 return ret;
954 }
Chad Brubakerc5b1ae12015-02-03 13:03:00 -0800[diff] [blame]955 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
956 {
957 Parcel data, reply;
958 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
959 data.writeInt32(bufLength);
960 data.writeByteArray(bufLength, buf);
961 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
962 if (status != NO_ERROR) {
963 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
964 return -1;
965 }
966 int32_t err = reply.readExceptionCode();
967 int32_t ret = reply.readInt32();
968 if (err < 0) {
969 ALOGD("addRngEntropy() caught exception %d\n", err);
970 return -1;
971 }
972 return ret;
973 };
974
975 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
976 int uid, int flags, KeyCharacteristics* outCharacteristics)
977 {
978 Parcel data, reply;
979 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
980 data.writeString16(name);
981 data.writeInt32(1);
982 params.writeToParcel(&data);
983 data.writeInt32(uid);
984 data.writeInt32(flags);
985 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
986 if (status != NO_ERROR) {
987 ALOGD("generateKey() could not contact remote: %d\n", status);
988 return KM_ERROR_UNKNOWN_ERROR;
989 }
990 int32_t err = reply.readExceptionCode();
991 int32_t ret = reply.readInt32();
992 if (err < 0) {
993 ALOGD("generateKey() caught exception %d\n", err);
994 return KM_ERROR_UNKNOWN_ERROR;
995 }
996 if (reply.readInt32() != 0 && outCharacteristics) {
997 outCharacteristics->readFromParcel(reply);
998 }
999 return ret;
1000 }
1001 virtual int32_t getKeyCharacteristics(const String16& name,
1002 const keymaster_blob_t& clientId,
1003 const keymaster_blob_t& appData,
1004 KeyCharacteristics* outCharacteristics)
1005 {
1006 Parcel data, reply;
1007 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1008 data.writeString16(name);
1009 data.writeByteArray(clientId.data_length, clientId.data);
1010 data.writeByteArray(appData.data_length, appData.data);
1011 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1012 data, &reply);
1013 if (status != NO_ERROR) {
1014 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1015 return KM_ERROR_UNKNOWN_ERROR;
1016 }
1017 int32_t err = reply.readExceptionCode();
1018 int32_t ret = reply.readInt32();
1019 if (err < 0) {
1020 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1021 return KM_ERROR_UNKNOWN_ERROR;
1022 }
1023 if (reply.readInt32() != 0 && outCharacteristics) {
1024 outCharacteristics->readFromParcel(reply);
1025 }
1026 return ret;
1027 }
1028 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1029 keymaster_key_format_t format, const uint8_t *keyData,
1030 size_t keyLength, int uid, int flags,
1031 KeyCharacteristics* outCharacteristics)
1032 {
1033 Parcel data, reply;
1034 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1035 data.writeString16(name);
1036 data.writeInt32(1);
1037 params.writeToParcel(&data);
1038 data.writeInt32(format);
1039 data.writeByteArray(keyLength, keyData);
1040 data.writeInt32(uid);
1041 data.writeInt32(flags);
1042 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1043 if (status != NO_ERROR) {
1044 ALOGD("importKey() could not contact remote: %d\n", status);
1045 return KM_ERROR_UNKNOWN_ERROR;
1046 }
1047 int32_t err = reply.readExceptionCode();
1048 int32_t ret = reply.readInt32();
1049 if (err < 0) {
1050 ALOGD("importKey() caught exception %d\n", err);
1051 return KM_ERROR_UNKNOWN_ERROR;
1052 }
1053 if (reply.readInt32() != 0 && outCharacteristics) {
1054 outCharacteristics->readFromParcel(reply);
1055 }
1056 return ret;
1057 }
1058
1059 virtual void exportKey(const String16& name, keymaster_key_format_t format,
1060 const keymaster_blob_t& clientId,
1061 const keymaster_blob_t& appData, ExportResult* result)
1062 {
1063 if (!result) {
1064 return;
1065 }
1066
1067 Parcel data, reply;
1068 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1069 data.writeString16(name);
1070 data.writeInt32(format);
1071 data.writeByteArray(clientId.data_length, clientId.data);
1072 data.writeByteArray(appData.data_length, appData.data);
1073 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1074 if (status != NO_ERROR) {
1075 ALOGD("exportKey() could not contact remote: %d\n", status);
1076 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1077 return;
1078 }
1079 int32_t err = reply.readExceptionCode();
Chad Brubakerc5b1ae12015-02-03 13:03:00 -0800[diff] [blame]1080 if (err < 0) {
1081 ALOGD("exportKey() caught exception %d\n", err);
1082 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1083 return;
1084 }
1085 if (reply.readInt32() != 0) {
1086 result->readFromParcel(reply);
1087 }
1088 }
1089
1090 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1091 keymaster_purpose_t purpose, bool pruneable,
1092 const KeymasterArguments& params, KeymasterArguments* outParams,
1093 OperationResult* result)
1094 {
1095 if (!result || !outParams) {
1096 return;
1097 }
1098 Parcel data, reply;
1099 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1100 data.writeStrongBinder(appToken);
1101 data.writeString16(name);
1102 data.writeInt32(purpose);
1103 data.writeInt32(pruneable ? 1 : 0);
1104 data.writeInt32(1);
1105 params.writeToParcel(&data);
1106 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1107 if (status != NO_ERROR) {
1108 ALOGD("begin() could not contact remote: %d\n", status);
1109 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1110 return;
1111 }
1112 int32_t err = reply.readExceptionCode();
1113 if (err < 0) {
1114 ALOGD("begin() caught exception %d\n", err);
1115 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1116 return;
1117 }
1118 if (reply.readInt32() != 0) {
1119 result->readFromParcel(reply);
1120 }
1121 if (reply.readInt32() != 0) {
1122 outParams->readFromParcel(reply);
1123 }
1124 }
1125
1126 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
1127 uint8_t* opData, size_t dataLength, OperationResult* result)
1128 {
1129 if (!result) {
1130 return;
1131 }
1132 Parcel data, reply;
1133 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1134 data.writeStrongBinder(token);
1135 data.writeInt32(1);
1136 params.writeToParcel(&data);
1137 data.writeByteArray(dataLength, opData);
1138 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1139 if (status != NO_ERROR) {
1140 ALOGD("update() could not contact remote: %d\n", status);
1141 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1142 return;
1143 }
1144 int32_t err = reply.readExceptionCode();
1145 if (err < 0) {
1146 ALOGD("update() caught exception %d\n", err);
1147 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1148 return;
1149 }
1150 if (reply.readInt32() != 0) {
1151 result->readFromParcel(reply);
1152 }
1153 }
1154
1155 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
1156 uint8_t* signature, size_t signatureLength, OperationResult* result)
1157 {
1158 if (!result) {
1159 return;
1160 }
1161 Parcel data, reply;
1162 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1163 data.writeStrongBinder(token);
1164 data.writeInt32(1);
1165 params.writeToParcel(&data);
1166 data.writeByteArray(signatureLength, signature);
1167 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1168 if (status != NO_ERROR) {
1169 ALOGD("finish() could not contact remote: %d\n", status);
1170 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1171 return;
1172 }
1173 int32_t err = reply.readExceptionCode();
1174 if (err < 0) {
1175 ALOGD("finish() caught exception %d\n", err);
1176 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1177 return;
1178 }
1179 if (reply.readInt32() != 0) {
1180 result->readFromParcel(reply);
1181 }
1182 }
1183
1184 virtual int32_t abort(const sp<IBinder>& token)
1185 {
1186 Parcel data, reply;
1187 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1188 data.writeStrongBinder(token);
1189 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1190 if (status != NO_ERROR) {
1191 ALOGD("abort() could not contact remote: %d\n", status);
1192 return KM_ERROR_UNKNOWN_ERROR;
1193 }
1194 int32_t err = reply.readExceptionCode();
1195 int32_t ret = reply.readInt32();
1196 if (err < 0) {
1197 ALOGD("abort() caught exception %d\n", err);
1198 return KM_ERROR_UNKNOWN_ERROR;
1199 }
1200 return ret;
1201 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1202};
1203
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1204IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1205
1206// ----------------------------------------------------------------------
1207
1208status_t BnKeystoreService::onTransact(
1209 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1210{
1211 switch(code) {
1212 case TEST: {
1213 CHECK_INTERFACE(IKeystoreService, data, reply);
1214 int32_t ret = test();
1215 reply->writeNoException();
1216 reply->writeInt32(ret);
1217 return NO_ERROR;
1218 } break;
1219 case GET: {
1220 CHECK_INTERFACE(IKeystoreService, data, reply);
1221 String16 name = data.readString16();
1222 void* out = NULL;
1223 size_t outSize = 0;
1224 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1225 reply->writeNoException();
1226 if (ret == 1) {
1227 reply->writeInt32(outSize);
1228 void* buf = reply->writeInplace(outSize);
1229 memcpy(buf, out, outSize);
1230 free(out);
1231 } else {
1232 reply->writeInt32(-1);
1233 }
1234 return NO_ERROR;
1235 } break;
1236 case INSERT: {
1237 CHECK_INTERFACE(IKeystoreService, data, reply);
1238 String16 name = data.readString16();
1239 ssize_t inSize = data.readInt32();
1240 const void* in;
1241 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1242 in = data.readInplace(inSize);
1243 } else {
1244 in = NULL;
1245 inSize = 0;
1246 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1247 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1248 int32_t flags = data.readInt32();
1249 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1250 reply->writeNoException();
1251 reply->writeInt32(ret);
1252 return NO_ERROR;
1253 } break;
1254 case DEL: {
1255 CHECK_INTERFACE(IKeystoreService, data, reply);
1256 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1257 int uid = data.readInt32();
1258 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1259 reply->writeNoException();
1260 reply->writeInt32(ret);
1261 return NO_ERROR;
1262 } break;
1263 case EXIST: {
1264 CHECK_INTERFACE(IKeystoreService, data, reply);
1265 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1266 int uid = data.readInt32();
1267 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1268 reply->writeNoException();
1269 reply->writeInt32(ret);
1270 return NO_ERROR;
1271 } break;
1272 case SAW: {
1273 CHECK_INTERFACE(IKeystoreService, data, reply);
1274 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1275 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1276 Vector<String16> matches;
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1277 int32_t ret = saw(name, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1278 reply->writeNoException();
1279 reply->writeInt32(matches.size());
1280 Vector<String16>::const_iterator it = matches.begin();
1281 for (; it != matches.end(); ++it) {
1282 reply->writeString16(*it);
1283 }
1284 reply->writeInt32(ret);
1285 return NO_ERROR;
1286 } break;
1287 case RESET: {
1288 CHECK_INTERFACE(IKeystoreService, data, reply);
1289 int32_t ret = reset();
1290 reply->writeNoException();
1291 reply->writeInt32(ret);
1292 return NO_ERROR;
1293 } break;
1294 case PASSWORD: {
1295 CHECK_INTERFACE(IKeystoreService, data, reply);
1296 String16 pass = data.readString16();
1297 int32_t ret = password(pass);
1298 reply->writeNoException();
1299 reply->writeInt32(ret);
1300 return NO_ERROR;
1301 } break;
1302 case LOCK: {
1303 CHECK_INTERFACE(IKeystoreService, data, reply);
1304 int32_t ret = lock();
1305 reply->writeNoException();
1306 reply->writeInt32(ret);
1307 return NO_ERROR;
1308 } break;
1309 case UNLOCK: {
1310 CHECK_INTERFACE(IKeystoreService, data, reply);
1311 String16 pass = data.readString16();
1312 int32_t ret = unlock(pass);
1313 reply->writeNoException();
1314 reply->writeInt32(ret);
1315 return NO_ERROR;
1316 } break;
1317 case ZERO: {
1318 CHECK_INTERFACE(IKeystoreService, data, reply);
1319 int32_t ret = zero();
1320 reply->writeNoException();
1321 reply->writeInt32(ret);
1322 return NO_ERROR;
1323 } break;
1324 case GENERATE: {
1325 CHECK_INTERFACE(IKeystoreService, data, reply);
1326 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1327 int32_t uid = data.readInt32();
1328 int32_t keyType = data.readInt32();
1329 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1330 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1331 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1332 int32_t argsPresent = data.readInt32();
1333 if (argsPresent == 1) {
1334 ssize_t numArgs = data.readInt32();
1335 if (numArgs > 0) {
1336 for (size_t i = 0; i < (size_t) numArgs; i++) {
1337 ssize_t inSize = data.readInt32();
1338 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1339 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1340 inSize);
1341 args.push_back(arg);
1342 } else {
1343 args.push_back(NULL);
1344 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1345 }
1346 }
1347 }
1348 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1349 reply->writeNoException();
1350 reply->writeInt32(ret);
1351 return NO_ERROR;
1352 } break;
1353 case IMPORT: {
1354 CHECK_INTERFACE(IKeystoreService, data, reply);
1355 String16 name = data.readString16();
1356 ssize_t inSize = data.readInt32();
1357 const void* in;
1358 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1359 in = data.readInplace(inSize);
1360 } else {
1361 in = NULL;
1362 inSize = 0;
1363 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1364 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1365 int32_t flags = data.readInt32();
1366 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1367 reply->writeNoException();
1368 reply->writeInt32(ret);
1369 return NO_ERROR;
1370 } break;
1371 case SIGN: {
1372 CHECK_INTERFACE(IKeystoreService, data, reply);
1373 String16 name = data.readString16();
1374 ssize_t inSize = data.readInt32();
1375 const void* in;
1376 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1377 in = data.readInplace(inSize);
1378 } else {
1379 in = NULL;
1380 inSize = 0;
1381 }
1382 void* out = NULL;
1383 size_t outSize = 0;
1384 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1385 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1386 if (outSize > 0 && out != NULL) {
1387 reply->writeInt32(outSize);
1388 void* buf = reply->writeInplace(outSize);
1389 memcpy(buf, out, outSize);
1390 free(out);
1391 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1392 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1393 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1394 reply->writeInt32(ret);
1395 return NO_ERROR;
1396 } break;
1397 case VERIFY: {
1398 CHECK_INTERFACE(IKeystoreService, data, reply);
1399 String16 name = data.readString16();
1400 ssize_t inSize = data.readInt32();
1401 const void* in;
1402 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1403 in = data.readInplace(inSize);
1404 } else {
1405 in = NULL;
1406 inSize = 0;
1407 }
1408 ssize_t sigSize = data.readInt32();
1409 const void* sig;
1410 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1411 sig = data.readInplace(sigSize);
1412 } else {
1413 sig = NULL;
1414 sigSize = 0;
1415 }
1416 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1417 (size_t) sigSize);
1418 reply->writeNoException();
1419 reply->writeInt32(ret ? 1 : 0);
1420 return NO_ERROR;
1421 } break;
1422 case GET_PUBKEY: {
1423 CHECK_INTERFACE(IKeystoreService, data, reply);
1424 String16 name = data.readString16();
1425 void* out = NULL;
1426 size_t outSize = 0;
1427 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1428 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1429 if (outSize > 0 && out != NULL) {
1430 reply->writeInt32(outSize);
1431 void* buf = reply->writeInplace(outSize);
1432 memcpy(buf, out, outSize);
1433 free(out);
1434 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1435 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1436 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1437 reply->writeInt32(ret);
1438 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1439 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1440 case DEL_KEY: {
1441 CHECK_INTERFACE(IKeystoreService, data, reply);
1442 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1443 int uid = data.readInt32();
1444 int32_t ret = del_key(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1445 reply->writeNoException();
1446 reply->writeInt32(ret);
1447 return NO_ERROR;
1448 } break;
1449 case GRANT: {
1450 CHECK_INTERFACE(IKeystoreService, data, reply);
1451 String16 name = data.readString16();
1452 int32_t granteeUid = data.readInt32();
1453 int32_t ret = grant(name, granteeUid);
1454 reply->writeNoException();
1455 reply->writeInt32(ret);
1456 return NO_ERROR;
1457 } break;
1458 case UNGRANT: {
1459 CHECK_INTERFACE(IKeystoreService, data, reply);
1460 String16 name = data.readString16();
1461 int32_t granteeUid = data.readInt32();
1462 int32_t ret = ungrant(name, granteeUid);
1463 reply->writeNoException();
1464 reply->writeInt32(ret);
1465 return NO_ERROR;
1466 } break;
1467 case GETMTIME: {
1468 CHECK_INTERFACE(IKeystoreService, data, reply);
1469 String16 name = data.readString16();
1470 int64_t ret = getmtime(name);
1471 reply->writeNoException();
1472 reply->writeInt64(ret);
1473 return NO_ERROR;
1474 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1475 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1476 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1477 String16 srcKey = data.readString16();
1478 int32_t srcUid = data.readInt32();
1479 String16 destKey = data.readString16();
1480 int32_t destUid = data.readInt32();
1481 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1482 reply->writeNoException();
1483 reply->writeInt32(ret);
1484 return NO_ERROR;
1485 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1486 case IS_HARDWARE_BACKED: {
1487 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1488 String16 keyType = data.readString16();
1489 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1490 reply->writeNoException();
1491 reply->writeInt32(ret);
1492 return NO_ERROR;
1493 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1494 case CLEAR_UID: {
1495 CHECK_INTERFACE(IKeystoreService, data, reply);
1496 int64_t uid = data.readInt64();
1497 int32_t ret = clear_uid(uid);
1498 reply->writeNoException();
1499 reply->writeInt32(ret);
1500 return NO_ERROR;
1501 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]1502 case RESET_UID: {
1503 CHECK_INTERFACE(IKeystoreService, data, reply);
1504 int32_t uid = data.readInt32();
1505 int32_t ret = reset_uid(uid);
1506 reply->writeNoException();
1507 reply->writeInt32(ret);
1508 return NO_ERROR;
1509 }
1510 case SYNC_UID: {
1511 CHECK_INTERFACE(IKeystoreService, data, reply);
1512 int32_t sourceUid = data.readInt32();
1513 int32_t targetUid = data.readInt32();
1514 int32_t ret = sync_uid(sourceUid, targetUid);
1515 reply->writeNoException();
1516 reply->writeInt32(ret);
1517 return NO_ERROR;
1518 }
1519 case PASSWORD_UID: {
1520 CHECK_INTERFACE(IKeystoreService, data, reply);
1521 String16 password = data.readString16();
1522 int32_t uid = data.readInt32();
1523 int32_t ret = password_uid(password, uid);
1524 reply->writeNoException();
1525 reply->writeInt32(ret);
1526 return NO_ERROR;
1527 }
Chad Brubakerc5b1ae12015-02-03 13:03:00 -0800[diff] [blame]1528 case ADD_RNG_ENTROPY: {
1529 CHECK_INTERFACE(IKeystoreService, data, reply);
1530 size_t size = data.readInt32();
1531 uint8_t* bytes;
1532 if (size > 0) {
1533 bytes = (uint8_t*) data.readInplace(size);
1534 } else {
1535 bytes = NULL;
1536 }
1537 int32_t ret = addRngEntropy(bytes, size);
1538 reply->writeNoException();
1539 reply->writeInt32(ret);
1540 return NO_ERROR;
1541 }
1542 case GENERATE_KEY: {
1543 CHECK_INTERFACE(IKeystoreService, data, reply);
1544 String16 name = data.readString16();
1545 KeymasterArguments args;
1546 if (data.readInt32() != 0) {
1547 args.readFromParcel(data);
1548 }
1549 int32_t uid = data.readInt32();
1550 int32_t flags = data.readInt32();
1551 KeyCharacteristics outCharacteristics;
1552 int32_t ret = generateKey(name, args, uid, flags, &outCharacteristics);
1553 reply->writeNoException();
1554 reply->writeInt32(ret);
1555 reply->writeInt32(1);
1556 outCharacteristics.writeToParcel(reply);
1557 return NO_ERROR;
1558 }
1559 case GET_KEY_CHARACTERISTICS: {
1560 CHECK_INTERFACE(IKeystoreService, data, reply);
1561 String16 name = data.readString16();
1562 keymaster_blob_t clientId, appData;
1563 readKeymasterBlob(data, &clientId);
1564 readKeymasterBlob(data, &appData);
1565 KeyCharacteristics outCharacteristics;
1566 int ret = getKeyCharacteristics(name, clientId, appData, &outCharacteristics);
1567 reply->writeNoException();
1568 reply->writeInt32(ret);
1569 reply->writeInt32(1);
1570 outCharacteristics.writeToParcel(reply);
1571 return NO_ERROR;
1572 }
1573 case IMPORT_KEY: {
1574 CHECK_INTERFACE(IKeystoreService, data, reply);
1575 String16 name = data.readString16();
1576 KeymasterArguments args;
1577 if (data.readInt32() != 0) {
1578 args.readFromParcel(data);
1579 }
1580 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
1581 uint8_t* keyData = NULL;
1582 ssize_t keyLength = data.readInt32();
1583 size_t ukeyLength = (size_t) keyLength;
1584 if (keyLength >= 0) {
1585 keyData = (uint8_t*) data.readInplace(keyLength);
1586 } else {
1587 ukeyLength = 0;
1588 }
1589 int32_t uid = data.readInt32();
1590 int32_t flags = data.readInt32();
1591 KeyCharacteristics outCharacteristics;
1592 int32_t ret = importKey(name, args, format, keyData, ukeyLength, uid, flags,
1593 &outCharacteristics);
1594 reply->writeNoException();
1595 reply->writeInt32(ret);
1596 reply->writeInt32(1);
1597 outCharacteristics.writeToParcel(reply);
1598
1599 return NO_ERROR;
1600 }
1601 case EXPORT_KEY: {
1602 CHECK_INTERFACE(IKeystoreService, data, reply);
1603 String16 name = data.readString16();
1604 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
1605 keymaster_blob_t clientId, appData;
1606 readKeymasterBlob(data, &clientId);
1607 readKeymasterBlob(data, &appData);
1608 ExportResult result;
1609 exportKey(name, format, clientId, appData, &result);
1610 reply->writeNoException();
1611 reply->writeInt32(1);
1612 result.writeToParcel(reply);
1613
1614 return NO_ERROR;
1615 }
1616 case BEGIN: {
1617 CHECK_INTERFACE(IKeystoreService, data, reply);
1618 sp<IBinder> token = data.readStrongBinder();
1619 String16 name = data.readString16();
1620 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1621 bool pruneable = data.readInt32() != 0;
1622 KeymasterArguments args;
1623 if (data.readInt32() != 0) {
1624 args.readFromParcel(data);
1625 }
1626 KeymasterArguments outArgs;
1627 OperationResult result;
1628 begin(token, name, purpose, pruneable, args, &outArgs, &result);
1629 reply->writeNoException();
1630 reply->writeInt32(1);
1631 result.writeToParcel(reply);
1632 reply->writeInt32(1);
1633 outArgs.writeToParcel(reply);
1634
1635 return NO_ERROR;
1636 }
1637 case UPDATE: {
1638 CHECK_INTERFACE(IKeystoreService, data, reply);
1639 sp<IBinder> token = data.readStrongBinder();
1640 KeymasterArguments args;
1641 if (data.readInt32() != 0) {
1642 args.readFromParcel(data);
1643 }
1644 uint8_t* buf = NULL;
1645 ssize_t bufLength = data.readInt32();
1646 size_t ubufLength = (size_t) bufLength;
1647 if (bufLength > 0) {
1648 buf = (uint8_t*) data.readInplace(ubufLength);
1649 } else {
1650 ubufLength = 0;
1651 }
1652 OperationResult result;
1653 update(token, args, buf, ubufLength, &result);
1654 reply->writeNoException();
1655 reply->writeInt32(1);
1656 result.writeToParcel(reply);
1657
1658 return NO_ERROR;
1659 }
1660 case FINISH: {
1661 CHECK_INTERFACE(IKeystoreService, data, reply);
1662 sp<IBinder> token = data.readStrongBinder();
1663 KeymasterArguments args;
1664 if (data.readInt32() != 0) {
1665 args.readFromParcel(data);
1666 }
1667 uint8_t* buf = NULL;
1668 ssize_t bufLength = data.readInt32();
1669 size_t ubufLength = (size_t) bufLength;
1670 if (bufLength > 0) {
1671 buf = (uint8_t*) data.readInplace(ubufLength);
1672 } else {
1673 ubufLength = 0;
1674 }
1675 OperationResult result;
1676 finish(token, args, buf, ubufLength, &result);
1677 reply->writeNoException();
1678 reply->writeInt32(1);
1679 result.writeToParcel(reply);
1680
1681 return NO_ERROR;
1682 }
1683 case ABORT: {
1684 CHECK_INTERFACE(IKeystoreService, data, reply);
1685 sp<IBinder> token = data.readStrongBinder();
1686 int32_t result = abort(token);
1687 reply->writeNoException();
1688 reply->writeInt32(result);
1689
1690 return NO_ERROR;
1691 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1692 default:
1693 return BBinder::onTransact(code, data, reply, flags);
1694 }
1695}
1696
1697// ----------------------------------------------------------------------------
1698
1699}; // namespace android