Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 067042f6d7be14cb0f01388c41af597caf8e60fe / . / keystore / IKeystoreService.cpp
blob: 6dc61473614c2af35a7b34384a72b4ef9c05f3c1 [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]33const ssize_t MAX_GENERATE_ARGS = 3;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]34static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]35
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]36KeystoreArg::KeystoreArg(const void* data, size_t len)
37 : mData(data), mSize(len) {
38}
39
40KeystoreArg::~KeystoreArg() {
41}
42
43const void *KeystoreArg::data() const {
44 return mData;
45}
46
47size_t KeystoreArg::size() const {
48 return mSize;
49}
50
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]51OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]52 data(NULL), dataLength(0) {
53}
54
55OperationResult::~OperationResult() {
56}
57
58void OperationResult::readFromParcel(const Parcel& in) {
59 resultCode = in.readInt32();
60 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]61 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]62 inputConsumed = in.readInt32();
63 ssize_t length = in.readInt32();
64 dataLength = 0;
65 if (length > 0) {
66 const void* buf = in.readInplace(length);
67 if (buf) {
68 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
69 if (data.get()) {
70 memcpy(data.get(), buf, length);
71 dataLength = (size_t) length;
72 } else {
73 ALOGE("Failed to allocate OperationResult buffer");
74 }
75 } else {
76 ALOGE("Failed to readInplace OperationResult data");
77 }
78 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]79 outParams.readFromParcel(in);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]80}
81
82void OperationResult::writeToParcel(Parcel* out) const {
83 out->writeInt32(resultCode);
84 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]85 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]86 out->writeInt32(inputConsumed);
87 out->writeInt32(dataLength);
88 if (dataLength && data) {
89 void* buf = out->writeInplace(dataLength);
90 if (buf) {
91 memcpy(buf, data.get(), dataLength);
92 } else {
93 ALOGE("Failed to writeInplace OperationResult data.");
94 }
95 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]96 outParams.writeToParcel(out);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]97}
98
99ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
100}
101
102ExportResult::~ExportResult() {
103}
104
105void ExportResult::readFromParcel(const Parcel& in) {
106 resultCode = in.readInt32();
107 ssize_t length = in.readInt32();
108 dataLength = 0;
109 if (length > 0) {
110 const void* buf = in.readInplace(length);
111 if (buf) {
112 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
113 if (exportData.get()) {
114 memcpy(exportData.get(), buf, length);
115 dataLength = (size_t) length;
116 } else {
117 ALOGE("Failed to allocate ExportData buffer");
118 }
119 } else {
120 ALOGE("Failed to readInplace ExportData data");
121 }
122 }
123}
124
125void ExportResult::writeToParcel(Parcel* out) const {
126 out->writeInt32(resultCode);
127 out->writeInt32(dataLength);
128 if (exportData && dataLength) {
129 void* buf = out->writeInplace(dataLength);
130 if (buf) {
131 memcpy(buf, exportData.get(), dataLength);
132 } else {
133 ALOGE("Failed to writeInplace ExportResult data.");
134 }
135 }
136}
137
138KeymasterArguments::KeymasterArguments() {
139}
140
141KeymasterArguments::~KeymasterArguments() {
142 keymaster_free_param_values(params.data(), params.size());
143}
144
145void KeymasterArguments::readFromParcel(const Parcel& in) {
146 ssize_t length = in.readInt32();
147 size_t ulength = (size_t) length;
148 if (length < 0) {
149 ulength = 0;
150 }
151 keymaster_free_param_values(params.data(), params.size());
152 params.clear();
153 for(size_t i = 0; i < ulength; i++) {
154 keymaster_key_param_t param;
155 if (!readKeymasterArgumentFromParcel(in, &param)) {
156 ALOGE("Error reading keymaster argument from parcel");
157 break;
158 }
159 params.push_back(param);
160 }
161}
162
163void KeymasterArguments::writeToParcel(Parcel* out) const {
164 out->writeInt32(params.size());
165 for (auto param : params) {
166 out->writeInt32(1);
167 writeKeymasterArgumentToParcel(param, out);
168 }
169}
170
171KeyCharacteristics::KeyCharacteristics() {
172 memset((void*) &characteristics, 0, sizeof(characteristics));
173}
174
175KeyCharacteristics::~KeyCharacteristics() {
176 keymaster_free_characteristics(&characteristics);
177}
178
179void KeyCharacteristics::readFromParcel(const Parcel& in) {
180 size_t length = 0;
181 keymaster_key_param_t* params = readParamList(in, &length);
182 characteristics.sw_enforced.params = params;
183 characteristics.sw_enforced.length = length;
184
185 params = readParamList(in, &length);
186 characteristics.hw_enforced.params = params;
187 characteristics.hw_enforced.length = length;
188}
189
190void KeyCharacteristics::writeToParcel(Parcel* out) const {
191 if (characteristics.sw_enforced.params) {
192 out->writeInt32(characteristics.sw_enforced.length);
193 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
194 out->writeInt32(1);
195 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
196 }
197 } else {
198 out->writeInt32(0);
199 }
200 if (characteristics.hw_enforced.params) {
201 out->writeInt32(characteristics.hw_enforced.length);
202 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
203 out->writeInt32(1);
204 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
205 }
206 } else {
207 out->writeInt32(0);
208 }
209}
210
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]211KeymasterCertificateChain::KeymasterCertificateChain() {
212 memset(&chain, 0, sizeof(chain));
213}
214
215KeymasterCertificateChain::~KeymasterCertificateChain() {
216 keymaster_free_cert_chain(&chain);
217}
218
219static bool readKeymasterBlob(const Parcel& in, keymaster_blob_t* blob) {
220 if (in.readInt32() != 1) {
221 return false;
222 }
223
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]224 ssize_t length = in.readInt32();
225 if (length <= 0) {
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]226 return false;
227 }
228
Shawn Willden067042f2016-02-02 17:32:31 -0700[diff] [blame^]229 blob->data = reinterpret_cast<const uint8_t*>(malloc(length));
230 if (!blob->data)
231 return false;
232
233 const void* buf = in.readInplace(length);
234 if (!buf)
235 return false;
236
237 blob->data_length = static_cast<size_t>(length);
238 memcpy(const_cast<uint8_t*>(blob->data), buf, length);
239
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]240 return true;
241}
242
243void KeymasterCertificateChain::readFromParcel(const Parcel& in) {
Shawn Willden067042f2016-02-02 17:32:31 -0700[diff] [blame^]244 keymaster_free_cert_chain(&chain);
245
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]246 ssize_t count = in.readInt32();
247 size_t ucount = count;
Shawn Willden067042f2016-02-02 17:32:31 -0700[diff] [blame^]248 if (count <= 0) {
249 return;
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]250 }
Shawn Willden067042f2016-02-02 17:32:31 -0700[diff] [blame^]251
252 chain.entries = reinterpret_cast<keymaster_blob_t*>(malloc(sizeof(keymaster_blob_t) * ucount));
253 if (!chain.entries) {
254 ALOGE("Error allocating memory for certificate chain");
255 return;
256 }
257
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]258 memset(chain.entries, 0, sizeof(keymaster_blob_t) * ucount);
259 for (size_t i = 0; i < ucount; ++i) {
260 if (!readKeymasterBlob(in, &chain.entries[i])) {
Shawn Willden067042f2016-02-02 17:32:31 -0700[diff] [blame^]261 ALOGE("Error reading certificate from parcel");
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]262 keymaster_free_cert_chain(&chain);
263 return;
264 }
265 }
266}
267
268void KeymasterCertificateChain::writeToParcel(Parcel* out) const {
269 out->writeInt32(chain.entry_count);
270 for (size_t i = 0; i < chain.entry_count; ++i) {
271 if (chain.entries[i].data) {
272 out->writeInt32(1); // Tell Java side that object is not NULL
273 out->writeInt32(chain.entries[i].data_length);
274 void* buf = out->writeInplace(chain.entries[i].data_length);
275 if (buf) {
276 memcpy(buf, chain.entries[i].data, chain.entries[i].data_length);
277 } else {
278 ALOGE("Failed to writeInplace keymaster cert chain entry");
279 }
280 } else {
281 out->writeInt32(0); // Tell Java side this object is NULL.
282 ALOGE("Found NULL certificate chain entry");
283 }
284 }
285}
286
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]287void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
288 switch (keymaster_tag_get_type(param.tag)) {
289 case KM_ENUM:
290 case KM_ENUM_REP: {
291 out->writeInt32(param.tag);
292 out->writeInt32(param.enumerated);
293 break;
294 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]295 case KM_UINT:
296 case KM_UINT_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]297 out->writeInt32(param.tag);
298 out->writeInt32(param.integer);
299 break;
300 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]301 case KM_ULONG:
302 case KM_ULONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]303 out->writeInt32(param.tag);
304 out->writeInt64(param.long_integer);
305 break;
306 }
307 case KM_DATE: {
308 out->writeInt32(param.tag);
309 out->writeInt64(param.date_time);
310 break;
311 }
312 case KM_BOOL: {
313 out->writeInt32(param.tag);
314 break;
315 }
316 case KM_BIGNUM:
317 case KM_BYTES: {
318 out->writeInt32(param.tag);
319 out->writeInt32(param.blob.data_length);
320 void* buf = out->writeInplace(param.blob.data_length);
321 if (buf) {
322 memcpy(buf, param.blob.data, param.blob.data_length);
323 } else {
324 ALOGE("Failed to writeInplace keymaster blob param");
325 }
326 break;
327 }
328 default: {
329 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
330 }
331 }
332}
333
334
335bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
336 if (in.readInt32() == 0) {
337 return false;
338 }
339 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
340 switch (keymaster_tag_get_type(tag)) {
341 case KM_ENUM:
342 case KM_ENUM_REP: {
343 uint32_t value = in.readInt32();
344 *out = keymaster_param_enum(tag, value);
345 break;
346 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]347 case KM_UINT:
348 case KM_UINT_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]349 uint32_t value = in.readInt32();
350 *out = keymaster_param_int(tag, value);
351 break;
352 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]353 case KM_ULONG:
354 case KM_ULONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]355 uint64_t value = in.readInt64();
356 *out = keymaster_param_long(tag, value);
357 break;
358 }
359 case KM_DATE: {
360 uint64_t value = in.readInt64();
361 *out = keymaster_param_date(tag, value);
362 break;
363 }
364 case KM_BOOL: {
365 *out = keymaster_param_bool(tag);
366 break;
367 }
368 case KM_BIGNUM:
369 case KM_BYTES: {
370 ssize_t length = in.readInt32();
371 uint8_t* data = NULL;
372 size_t ulength = 0;
373 if (length >= 0) {
374 ulength = (size_t) length;
375 // use malloc here so we can use keymaster_free_param_values
376 // consistently.
377 data = reinterpret_cast<uint8_t*>(malloc(ulength));
378 const void* buf = in.readInplace(ulength);
379 if (!buf || !data) {
380 ALOGE("Failed to allocate buffer for keymaster blob param");
Shawn Willden067042f2016-02-02 17:32:31 -0700[diff] [blame^]381 free(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]382 return false;
383 }
384 memcpy(data, buf, ulength);
385 }
386 *out = keymaster_param_blob(tag, data, ulength);
387 break;
388 }
389 default: {
390 ALOGE("Unsupported keymaster_tag_t %d", tag);
391 return false;
392 }
393 }
394 return true;
395}
396
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]397/**
398 * Read a byte array from in. The data at *data is still owned by the parcel
399 */
400static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
401 ssize_t slength = in.readInt32();
402 if (slength > 0) {
403 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
404 if (*data) {
405 *length = static_cast<size_t>(slength);
406 } else {
407 *length = 0;
408 }
409 } else {
410 *data = NULL;
411 *length = 0;
412 }
413}
414
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]415// Read a keymaster_key_param_t* from a Parcel for use in a
416// keymaster_key_characteristics_t. This will be free'd by calling
417// keymaster_free_key_characteristics.
418static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
419 ssize_t slength = in.readInt32();
420 *length = 0;
421 if (slength < 0) {
422 return NULL;
423 }
424 *length = (size_t) slength;
425 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
426 return NULL;
427 }
428 keymaster_key_param_t* list =
429 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
430 sizeof(keymaster_key_param_t)));
431 if (!list) {
432 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
433 goto err;
434 }
435 for (size_t i = 0; i < *length ; i++) {
436 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
437 ALOGE("Failed to read keymaster argument");
438 keymaster_free_param_values(list, i);
439 goto err;
440 }
441 }
442 return list;
443err:
444 free(list);
445 return NULL;
446}
447
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]448static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]449 std::unique_ptr<keymaster_blob_t> blob (new keymaster_blob_t);
450 if (!readKeymasterBlob(in, blob.get())) {
451 blob.reset();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]452 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]453 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]454}
455
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]456class BpKeystoreService: public BpInterface<IKeystoreService>
457{
458public:
459 BpKeystoreService(const sp<IBinder>& impl)
460 : BpInterface<IKeystoreService>(impl)
461 {
462 }
463
464 // test ping
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]465 virtual int32_t getState(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]466 {
467 Parcel data, reply;
468 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]469 data.writeInt32(userId);
470 status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]471 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]472 ALOGD("getState() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]473 return -1;
474 }
475 int32_t err = reply.readExceptionCode();
476 int32_t ret = reply.readInt32();
477 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]478 ALOGD("getState() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]479 return -1;
480 }
481 return ret;
482 }
483
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]484 virtual int32_t get(const String16& name, int32_t uid, uint8_t** item, size_t* itemLength)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]485 {
486 Parcel data, reply;
487 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
488 data.writeString16(name);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]489 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]490 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
491 if (status != NO_ERROR) {
492 ALOGD("get() could not contact remote: %d\n", status);
493 return -1;
494 }
495 int32_t err = reply.readExceptionCode();
496 ssize_t len = reply.readInt32();
497 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
498 size_t ulen = (size_t) len;
499 const void* buf = reply.readInplace(ulen);
500 *item = (uint8_t*) malloc(ulen);
501 if (*item != NULL) {
502 memcpy(*item, buf, ulen);
503 *itemLength = ulen;
504 } else {
505 ALOGE("out of memory allocating output array in get");
506 *itemLength = 0;
507 }
508 } else {
509 *itemLength = 0;
510 }
511 if (err < 0) {
512 ALOGD("get() caught exception %d\n", err);
513 return -1;
514 }
515 return 0;
516 }
517
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]518 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
519 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]520 {
521 Parcel data, reply;
522 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
523 data.writeString16(name);
524 data.writeInt32(itemLength);
525 void* buf = data.writeInplace(itemLength);
526 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]527 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]528 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]529 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
530 if (status != NO_ERROR) {
531 ALOGD("import() could not contact remote: %d\n", status);
532 return -1;
533 }
534 int32_t err = reply.readExceptionCode();
535 int32_t ret = reply.readInt32();
536 if (err < 0) {
537 ALOGD("import() caught exception %d\n", err);
538 return -1;
539 }
540 return ret;
541 }
542
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]543 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]544 {
545 Parcel data, reply;
546 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
547 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]548 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]549 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
550 if (status != NO_ERROR) {
551 ALOGD("del() could not contact remote: %d\n", status);
552 return -1;
553 }
554 int32_t err = reply.readExceptionCode();
555 int32_t ret = reply.readInt32();
556 if (err < 0) {
557 ALOGD("del() caught exception %d\n", err);
558 return -1;
559 }
560 return ret;
561 }
562
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]563 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]564 {
565 Parcel data, reply;
566 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
567 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]568 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]569 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
570 if (status != NO_ERROR) {
571 ALOGD("exist() could not contact remote: %d\n", status);
572 return -1;
573 }
574 int32_t err = reply.readExceptionCode();
575 int32_t ret = reply.readInt32();
576 if (err < 0) {
577 ALOGD("exist() caught exception %d\n", err);
578 return -1;
579 }
580 return ret;
581 }
582
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]583 virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]584 {
585 Parcel data, reply;
586 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]587 data.writeString16(prefix);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]588 data.writeInt32(uid);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]589 status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]590 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]591 ALOGD("list() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]592 return -1;
593 }
594 int32_t err = reply.readExceptionCode();
595 int32_t numMatches = reply.readInt32();
596 for (int32_t i = 0; i < numMatches; i++) {
597 matches->push(reply.readString16());
598 }
599 int32_t ret = reply.readInt32();
600 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]601 ALOGD("list() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]602 return -1;
603 }
604 return ret;
605 }
606
607 virtual int32_t reset()
608 {
609 Parcel data, reply;
610 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
611 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
612 if (status != NO_ERROR) {
613 ALOGD("reset() could not contact remote: %d\n", status);
614 return -1;
615 }
616 int32_t err = reply.readExceptionCode();
617 int32_t ret = reply.readInt32();
618 if (err < 0) {
619 ALOGD("reset() caught exception %d\n", err);
620 return -1;
621 }
622 return ret;
623 }
624
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]625 virtual int32_t onUserPasswordChanged(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]626 {
627 Parcel data, reply;
628 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]629 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]630 data.writeString16(password);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]631 status_t status = remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data,
632 &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]633 if (status != NO_ERROR) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]634 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]635 return -1;
636 }
637 int32_t err = reply.readExceptionCode();
638 int32_t ret = reply.readInt32();
639 if (err < 0) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]640 ALOGD("onUserPasswordChanged() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]641 return -1;
642 }
643 return ret;
644 }
645
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]646 virtual int32_t lock(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]647 {
648 Parcel data, reply;
649 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]650 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]651 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
652 if (status != NO_ERROR) {
653 ALOGD("lock() could not contact remote: %d\n", status);
654 return -1;
655 }
656 int32_t err = reply.readExceptionCode();
657 int32_t ret = reply.readInt32();
658 if (err < 0) {
659 ALOGD("lock() caught exception %d\n", err);
660 return -1;
661 }
662 return ret;
663 }
664
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]665 virtual int32_t unlock(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]666 {
667 Parcel data, reply;
668 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]669 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]670 data.writeString16(password);
671 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
672 if (status != NO_ERROR) {
673 ALOGD("unlock() could not contact remote: %d\n", status);
674 return -1;
675 }
676 int32_t err = reply.readExceptionCode();
677 int32_t ret = reply.readInt32();
678 if (err < 0) {
679 ALOGD("unlock() caught exception %d\n", err);
680 return -1;
681 }
682 return ret;
683 }
684
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]685 virtual bool isEmpty(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]686 {
687 Parcel data, reply;
688 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]689 data.writeInt32(userId);
690 status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]691 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]692 ALOGD("isEmpty() could not contact remote: %d\n", status);
693 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]694 }
695 int32_t err = reply.readExceptionCode();
696 int32_t ret = reply.readInt32();
697 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]698 ALOGD("isEmpty() caught exception %d\n", err);
699 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]700 }
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]701 return ret != 0;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]702 }
703
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]704 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
705 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]706 {
707 Parcel data, reply;
708 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
709 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]710 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]711 data.writeInt32(keyType);
712 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]713 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]714 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]715 data.writeInt32(args->size());
716 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
717 sp<KeystoreArg> item = *it;
718 size_t keyLength = item->size();
719 data.writeInt32(keyLength);
720 void* buf = data.writeInplace(keyLength);
721 memcpy(buf, item->data(), keyLength);
722 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]723 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
724 if (status != NO_ERROR) {
725 ALOGD("generate() could not contact remote: %d\n", status);
726 return -1;
727 }
728 int32_t err = reply.readExceptionCode();
729 int32_t ret = reply.readInt32();
730 if (err < 0) {
731 ALOGD("generate() caught exception %d\n", err);
732 return -1;
733 }
734 return ret;
735 }
736
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]737 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
738 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]739 {
740 Parcel data, reply;
741 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
742 data.writeString16(name);
743 data.writeInt32(keyLength);
744 void* buf = data.writeInplace(keyLength);
745 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]746 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]747 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]748 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
749 if (status != NO_ERROR) {
750 ALOGD("import() could not contact remote: %d\n", status);
751 return -1;
752 }
753 int32_t err = reply.readExceptionCode();
754 int32_t ret = reply.readInt32();
755 if (err < 0) {
756 ALOGD("import() caught exception %d\n", err);
757 return -1;
758 }
759 return ret;
760 }
761
762 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
763 size_t* outLength)
764 {
765 Parcel data, reply;
766 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
767 data.writeString16(name);
768 data.writeInt32(inLength);
769 void* buf = data.writeInplace(inLength);
770 memcpy(buf, in, inLength);
771 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
772 if (status != NO_ERROR) {
773 ALOGD("import() could not contact remote: %d\n", status);
774 return -1;
775 }
776 int32_t err = reply.readExceptionCode();
777 ssize_t len = reply.readInt32();
778 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
779 size_t ulen = (size_t) len;
780 const void* outBuf = reply.readInplace(ulen);
781 *out = (uint8_t*) malloc(ulen);
782 if (*out != NULL) {
783 memcpy((void*) *out, outBuf, ulen);
784 *outLength = ulen;
785 } else {
786 ALOGE("out of memory allocating output array in sign");
787 *outLength = 0;
788 }
789 } else {
790 *outLength = 0;
791 }
792 if (err < 0) {
793 ALOGD("import() caught exception %d\n", err);
794 return -1;
795 }
796 return 0;
797 }
798
799 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
800 const uint8_t* signature, size_t signatureLength)
801 {
802 Parcel data, reply;
803 void* buf;
804
805 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
806 data.writeString16(name);
807 data.writeInt32(inLength);
808 buf = data.writeInplace(inLength);
809 memcpy(buf, in, inLength);
810 data.writeInt32(signatureLength);
811 buf = data.writeInplace(signatureLength);
812 memcpy(buf, signature, signatureLength);
813 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
814 if (status != NO_ERROR) {
815 ALOGD("verify() could not contact remote: %d\n", status);
816 return -1;
817 }
818 int32_t err = reply.readExceptionCode();
819 int32_t ret = reply.readInt32();
820 if (err < 0) {
821 ALOGD("verify() caught exception %d\n", err);
822 return -1;
823 }
824 return ret;
825 }
826
827 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
828 {
829 Parcel data, reply;
830 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
831 data.writeString16(name);
832 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
833 if (status != NO_ERROR) {
834 ALOGD("get_pubkey() could not contact remote: %d\n", status);
835 return -1;
836 }
837 int32_t err = reply.readExceptionCode();
838 ssize_t len = reply.readInt32();
839 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
840 size_t ulen = (size_t) len;
841 const void* buf = reply.readInplace(ulen);
842 *pubkey = (uint8_t*) malloc(ulen);
843 if (*pubkey != NULL) {
844 memcpy(*pubkey, buf, ulen);
845 *pubkeyLength = ulen;
846 } else {
847 ALOGE("out of memory allocating output array in get_pubkey");
848 *pubkeyLength = 0;
849 }
850 } else {
851 *pubkeyLength = 0;
852 }
853 if (err < 0) {
854 ALOGD("get_pubkey() caught exception %d\n", err);
855 return -1;
856 }
857 return 0;
858 }
859
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]860 virtual int32_t grant(const String16& name, int32_t granteeUid)
861 {
862 Parcel data, reply;
863 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
864 data.writeString16(name);
865 data.writeInt32(granteeUid);
866 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
867 if (status != NO_ERROR) {
868 ALOGD("grant() could not contact remote: %d\n", status);
869 return -1;
870 }
871 int32_t err = reply.readExceptionCode();
872 int32_t ret = reply.readInt32();
873 if (err < 0) {
874 ALOGD("grant() caught exception %d\n", err);
875 return -1;
876 }
877 return ret;
878 }
879
880 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
881 {
882 Parcel data, reply;
883 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
884 data.writeString16(name);
885 data.writeInt32(granteeUid);
886 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
887 if (status != NO_ERROR) {
888 ALOGD("ungrant() could not contact remote: %d\n", status);
889 return -1;
890 }
891 int32_t err = reply.readExceptionCode();
892 int32_t ret = reply.readInt32();
893 if (err < 0) {
894 ALOGD("ungrant() caught exception %d\n", err);
895 return -1;
896 }
897 return ret;
898 }
899
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]900 int64_t getmtime(const String16& name, int32_t uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]901 {
902 Parcel data, reply;
903 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
904 data.writeString16(name);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]905 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]906 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
907 if (status != NO_ERROR) {
908 ALOGD("getmtime() could not contact remote: %d\n", status);
909 return -1;
910 }
911 int32_t err = reply.readExceptionCode();
912 int64_t ret = reply.readInt64();
913 if (err < 0) {
914 ALOGD("getmtime() caught exception %d\n", err);
915 return -1;
916 }
917 return ret;
918 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]919
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]920 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
921 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]922 {
923 Parcel data, reply;
924 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]925 data.writeString16(srcKey);
926 data.writeInt32(srcUid);
927 data.writeString16(destKey);
928 data.writeInt32(destUid);
929 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]930 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]931 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]932 return -1;
933 }
934 int32_t err = reply.readExceptionCode();
935 int32_t ret = reply.readInt32();
936 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]937 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]938 return -1;
939 }
940 return ret;
941 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]942
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]943 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]944 {
945 Parcel data, reply;
946 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]947 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]948 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
949 if (status != NO_ERROR) {
950 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
951 return -1;
952 }
953 int32_t err = reply.readExceptionCode();
954 int32_t ret = reply.readInt32();
955 if (err < 0) {
956 ALOGD("is_hardware_backed() caught exception %d\n", err);
957 return -1;
958 }
959 return ret;
960 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]961
962 virtual int32_t clear_uid(int64_t uid)
963 {
964 Parcel data, reply;
965 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
966 data.writeInt64(uid);
967 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
968 if (status != NO_ERROR) {
969 ALOGD("clear_uid() could not contact remote: %d\n", status);
970 return -1;
971 }
972 int32_t err = reply.readExceptionCode();
973 int32_t ret = reply.readInt32();
974 if (err < 0) {
975 ALOGD("clear_uid() caught exception %d\n", err);
976 return -1;
977 }
978 return ret;
979 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]980
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]981 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
982 {
983 Parcel data, reply;
984 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]985 data.writeByteArray(bufLength, buf);
986 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
987 if (status != NO_ERROR) {
988 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
989 return -1;
990 }
991 int32_t err = reply.readExceptionCode();
992 int32_t ret = reply.readInt32();
993 if (err < 0) {
994 ALOGD("addRngEntropy() caught exception %d\n", err);
995 return -1;
996 }
997 return ret;
998 };
999
1000 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1001 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
1002 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1003 {
1004 Parcel data, reply;
1005 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1006 data.writeString16(name);
1007 data.writeInt32(1);
1008 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1009 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1010 data.writeInt32(uid);
1011 data.writeInt32(flags);
1012 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
1013 if (status != NO_ERROR) {
1014 ALOGD("generateKey() could not contact remote: %d\n", status);
1015 return KM_ERROR_UNKNOWN_ERROR;
1016 }
1017 int32_t err = reply.readExceptionCode();
1018 int32_t ret = reply.readInt32();
1019 if (err < 0) {
1020 ALOGD("generateKey() caught exception %d\n", err);
1021 return KM_ERROR_UNKNOWN_ERROR;
1022 }
1023 if (reply.readInt32() != 0 && outCharacteristics) {
1024 outCharacteristics->readFromParcel(reply);
1025 }
1026 return ret;
1027 }
1028 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1029 const keymaster_blob_t* clientId,
1030 const keymaster_blob_t* appData,
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1031 int32_t uid, KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1032 {
1033 Parcel data, reply;
1034 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1035 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1036 if (clientId) {
1037 data.writeByteArray(clientId->data_length, clientId->data);
1038 } else {
1039 data.writeInt32(-1);
1040 }
1041 if (appData) {
1042 data.writeByteArray(appData->data_length, appData->data);
1043 } else {
1044 data.writeInt32(-1);
1045 }
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1046 data.writeInt32(uid);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1047 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1048 data, &reply);
1049 if (status != NO_ERROR) {
1050 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1051 return KM_ERROR_UNKNOWN_ERROR;
1052 }
1053 int32_t err = reply.readExceptionCode();
1054 int32_t ret = reply.readInt32();
1055 if (err < 0) {
1056 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1057 return KM_ERROR_UNKNOWN_ERROR;
1058 }
1059 if (reply.readInt32() != 0 && outCharacteristics) {
1060 outCharacteristics->readFromParcel(reply);
1061 }
1062 return ret;
1063 }
1064 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1065 keymaster_key_format_t format, const uint8_t *keyData,
1066 size_t keyLength, int uid, int flags,
1067 KeyCharacteristics* outCharacteristics)
1068 {
1069 Parcel data, reply;
1070 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1071 data.writeString16(name);
1072 data.writeInt32(1);
1073 params.writeToParcel(&data);
1074 data.writeInt32(format);
1075 data.writeByteArray(keyLength, keyData);
1076 data.writeInt32(uid);
1077 data.writeInt32(flags);
1078 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1079 if (status != NO_ERROR) {
1080 ALOGD("importKey() could not contact remote: %d\n", status);
1081 return KM_ERROR_UNKNOWN_ERROR;
1082 }
1083 int32_t err = reply.readExceptionCode();
1084 int32_t ret = reply.readInt32();
1085 if (err < 0) {
1086 ALOGD("importKey() caught exception %d\n", err);
1087 return KM_ERROR_UNKNOWN_ERROR;
1088 }
1089 if (reply.readInt32() != 0 && outCharacteristics) {
1090 outCharacteristics->readFromParcel(reply);
1091 }
1092 return ret;
1093 }
1094
1095 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1096 const keymaster_blob_t* clientId,
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1097 const keymaster_blob_t* appData, int32_t uid, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1098 {
1099 if (!result) {
1100 return;
1101 }
1102
1103 Parcel data, reply;
1104 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1105 data.writeString16(name);
1106 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1107 if (clientId) {
1108 data.writeByteArray(clientId->data_length, clientId->data);
1109 } else {
1110 data.writeInt32(-1);
1111 }
1112 if (appData) {
1113 data.writeByteArray(appData->data_length, appData->data);
1114 } else {
1115 data.writeInt32(-1);
1116 }
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1117 data.writeInt32(uid);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1118 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1119 if (status != NO_ERROR) {
1120 ALOGD("exportKey() could not contact remote: %d\n", status);
1121 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1122 return;
1123 }
1124 int32_t err = reply.readExceptionCode();
1125 if (err < 0) {
1126 ALOGD("exportKey() caught exception %d\n", err);
1127 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1128 return;
1129 }
1130 if (reply.readInt32() != 0) {
1131 result->readFromParcel(reply);
1132 }
1133 }
1134
1135 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1136 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1137 const KeymasterArguments& params, const uint8_t* entropy,
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1138 size_t entropyLength, int32_t uid, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1139 {
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1140 if (!result) {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1141 return;
1142 }
1143 Parcel data, reply;
1144 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1145 data.writeStrongBinder(appToken);
1146 data.writeString16(name);
1147 data.writeInt32(purpose);
1148 data.writeInt32(pruneable ? 1 : 0);
1149 data.writeInt32(1);
1150 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1151 data.writeByteArray(entropyLength, entropy);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1152 data.writeInt32(uid);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1153 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1154 if (status != NO_ERROR) {
1155 ALOGD("begin() could not contact remote: %d\n", status);
1156 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1157 return;
1158 }
1159 int32_t err = reply.readExceptionCode();
1160 if (err < 0) {
1161 ALOGD("begin() caught exception %d\n", err);
1162 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1163 return;
1164 }
1165 if (reply.readInt32() != 0) {
1166 result->readFromParcel(reply);
1167 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1168 }
1169
1170 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1171 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1172 {
1173 if (!result) {
1174 return;
1175 }
1176 Parcel data, reply;
1177 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1178 data.writeStrongBinder(token);
1179 data.writeInt32(1);
1180 params.writeToParcel(&data);
1181 data.writeByteArray(dataLength, opData);
1182 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1183 if (status != NO_ERROR) {
1184 ALOGD("update() could not contact remote: %d\n", status);
1185 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1186 return;
1187 }
1188 int32_t err = reply.readExceptionCode();
1189 if (err < 0) {
1190 ALOGD("update() caught exception %d\n", err);
1191 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1192 return;
1193 }
1194 if (reply.readInt32() != 0) {
1195 result->readFromParcel(reply);
1196 }
1197 }
1198
1199 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1200 const uint8_t* signature, size_t signatureLength,
1201 const uint8_t* entropy, size_t entropyLength,
1202 OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1203 {
1204 if (!result) {
1205 return;
1206 }
1207 Parcel data, reply;
1208 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1209 data.writeStrongBinder(token);
1210 data.writeInt32(1);
1211 params.writeToParcel(&data);
1212 data.writeByteArray(signatureLength, signature);
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1213 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1214 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1215 if (status != NO_ERROR) {
1216 ALOGD("finish() could not contact remote: %d\n", status);
1217 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1218 return;
1219 }
1220 int32_t err = reply.readExceptionCode();
1221 if (err < 0) {
1222 ALOGD("finish() caught exception %d\n", err);
1223 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1224 return;
1225 }
1226 if (reply.readInt32() != 0) {
1227 result->readFromParcel(reply);
1228 }
1229 }
1230
1231 virtual int32_t abort(const sp<IBinder>& token)
1232 {
1233 Parcel data, reply;
1234 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1235 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1236 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1237 if (status != NO_ERROR) {
1238 ALOGD("abort() could not contact remote: %d\n", status);
1239 return KM_ERROR_UNKNOWN_ERROR;
1240 }
1241 int32_t err = reply.readExceptionCode();
1242 int32_t ret = reply.readInt32();
1243 if (err < 0) {
1244 ALOGD("abort() caught exception %d\n", err);
1245 return KM_ERROR_UNKNOWN_ERROR;
1246 }
1247 return ret;
1248 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1249
1250 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1251 {
1252 Parcel data, reply;
1253 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1254 data.writeStrongBinder(token);
1255 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1256 &reply);
1257 if (status != NO_ERROR) {
1258 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1259 return false;
1260 }
1261 int32_t err = reply.readExceptionCode();
1262 int32_t ret = reply.readInt32();
1263 if (err < 0) {
1264 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1265 return false;
1266 }
1267 return ret == 1;
1268 }
1269
1270 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1271 {
1272 Parcel data, reply;
1273 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1274 data.writeByteArray(length, token);
1275 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1276 if (status != NO_ERROR) {
1277 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1278 return -1;
1279 }
1280 int32_t err = reply.readExceptionCode();
1281 int32_t ret = reply.readInt32();
1282 if (err < 0) {
1283 ALOGD("addAuthToken() caught exception %d\n", err);
1284 return -1;
1285 }
1286 return ret;
1287 };
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1288
1289 virtual int32_t onUserAdded(int32_t userId, int32_t parentId)
1290 {
1291 Parcel data, reply;
1292 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1293 data.writeInt32(userId);
1294 data.writeInt32(parentId);
1295 status_t status = remote()->transact(BnKeystoreService::ON_USER_ADDED, data, &reply);
1296 if (status != NO_ERROR) {
1297 ALOGD("onUserAdded() could not contact remote: %d\n", status);
1298 return -1;
1299 }
1300 int32_t err = reply.readExceptionCode();
1301 int32_t ret = reply.readInt32();
1302 if (err < 0) {
1303 ALOGD("onUserAdded() caught exception %d\n", err);
1304 return -1;
1305 }
1306 return ret;
1307 }
1308
1309 virtual int32_t onUserRemoved(int32_t userId)
1310 {
1311 Parcel data, reply;
1312 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1313 data.writeInt32(userId);
1314 status_t status = remote()->transact(BnKeystoreService::ON_USER_REMOVED, data, &reply);
1315 if (status != NO_ERROR) {
1316 ALOGD("onUserRemoved() could not contact remote: %d\n", status);
1317 return -1;
1318 }
1319 int32_t err = reply.readExceptionCode();
1320 int32_t ret = reply.readInt32();
1321 if (err < 0) {
1322 ALOGD("onUserRemoved() caught exception %d\n", err);
1323 return -1;
1324 }
1325 return ret;
1326 }
1327
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]1328 virtual int32_t attestKey(const String16& name, const KeymasterArguments& params,
1329 KeymasterCertificateChain* outChain) {
1330 if (!outChain)
1331 return KM_ERROR_OUTPUT_PARAMETER_NULL;
1332
1333 Parcel data, reply;
1334 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1335 data.writeString16(name);
1336 data.writeInt32(1); // params is not NULL.
1337 params.writeToParcel(&data);
1338
1339 status_t status = remote()->transact(BnKeystoreService::ATTEST_KEY, data, &reply);
1340 if (status != NO_ERROR) {
1341 ALOGD("attestkey() count not contact remote: %d\n", status);
1342 return KM_ERROR_UNKNOWN_ERROR;
1343 }
1344 int32_t err = reply.readExceptionCode();
1345 int32_t ret = reply.readInt32();
1346 if (err < 0) {
1347 ALOGD("attestKey() caught exception %d\n", err);
1348 return KM_ERROR_UNKNOWN_ERROR;
1349 }
1350 if (reply.readInt32() != 0) {
1351 outChain->readFromParcel(reply);
1352 }
1353 return ret;
1354 }
1355
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1356};
1357
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1358IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1359
1360// ----------------------------------------------------------------------
1361
1362status_t BnKeystoreService::onTransact(
1363 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1364{
1365 switch(code) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1366 case GET_STATE: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1367 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1368 int32_t userId = data.readInt32();
1369 int32_t ret = getState(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1370 reply->writeNoException();
1371 reply->writeInt32(ret);
1372 return NO_ERROR;
1373 } break;
1374 case GET: {
1375 CHECK_INTERFACE(IKeystoreService, data, reply);
1376 String16 name = data.readString16();
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1377 int32_t uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1378 void* out = NULL;
1379 size_t outSize = 0;
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1380 int32_t ret = get(name, uid, (uint8_t**) &out, &outSize);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1381 reply->writeNoException();
1382 if (ret == 1) {
1383 reply->writeInt32(outSize);
1384 void* buf = reply->writeInplace(outSize);
1385 memcpy(buf, out, outSize);
1386 free(out);
1387 } else {
1388 reply->writeInt32(-1);
1389 }
1390 return NO_ERROR;
1391 } break;
1392 case INSERT: {
1393 CHECK_INTERFACE(IKeystoreService, data, reply);
1394 String16 name = data.readString16();
1395 ssize_t inSize = data.readInt32();
1396 const void* in;
1397 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1398 in = data.readInplace(inSize);
1399 } else {
1400 in = NULL;
1401 inSize = 0;
1402 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1403 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1404 int32_t flags = data.readInt32();
1405 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1406 reply->writeNoException();
1407 reply->writeInt32(ret);
1408 return NO_ERROR;
1409 } break;
1410 case DEL: {
1411 CHECK_INTERFACE(IKeystoreService, data, reply);
1412 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1413 int uid = data.readInt32();
1414 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1415 reply->writeNoException();
1416 reply->writeInt32(ret);
1417 return NO_ERROR;
1418 } break;
1419 case EXIST: {
1420 CHECK_INTERFACE(IKeystoreService, data, reply);
1421 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1422 int uid = data.readInt32();
1423 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1424 reply->writeNoException();
1425 reply->writeInt32(ret);
1426 return NO_ERROR;
1427 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1428 case LIST: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1429 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1430 String16 prefix = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1431 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1432 Vector<String16> matches;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1433 int32_t ret = list(prefix, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1434 reply->writeNoException();
1435 reply->writeInt32(matches.size());
1436 Vector<String16>::const_iterator it = matches.begin();
1437 for (; it != matches.end(); ++it) {
1438 reply->writeString16(*it);
1439 }
1440 reply->writeInt32(ret);
1441 return NO_ERROR;
1442 } break;
1443 case RESET: {
1444 CHECK_INTERFACE(IKeystoreService, data, reply);
1445 int32_t ret = reset();
1446 reply->writeNoException();
1447 reply->writeInt32(ret);
1448 return NO_ERROR;
1449 } break;
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1450 case ON_USER_PASSWORD_CHANGED: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1451 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1452 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1453 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1454 int32_t ret = onUserPasswordChanged(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1455 reply->writeNoException();
1456 reply->writeInt32(ret);
1457 return NO_ERROR;
1458 } break;
1459 case LOCK: {
1460 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1461 int32_t userId = data.readInt32();
1462 int32_t ret = lock(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1463 reply->writeNoException();
1464 reply->writeInt32(ret);
1465 return NO_ERROR;
1466 } break;
1467 case UNLOCK: {
1468 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1469 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1470 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1471 int32_t ret = unlock(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1472 reply->writeNoException();
1473 reply->writeInt32(ret);
1474 return NO_ERROR;
1475 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1476 case IS_EMPTY: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1477 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1478 int32_t userId = data.readInt32();
1479 bool ret = isEmpty(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1480 reply->writeNoException();
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1481 reply->writeInt32(ret ? 1 : 0);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1482 return NO_ERROR;
1483 } break;
1484 case GENERATE: {
1485 CHECK_INTERFACE(IKeystoreService, data, reply);
1486 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1487 int32_t uid = data.readInt32();
1488 int32_t keyType = data.readInt32();
1489 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1490 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1491 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1492 int32_t argsPresent = data.readInt32();
1493 if (argsPresent == 1) {
1494 ssize_t numArgs = data.readInt32();
Chad Brubakered4f5662015-01-14 19:22:09 -0800[diff] [blame]1495 if (numArgs > MAX_GENERATE_ARGS) {
1496 return BAD_VALUE;
1497 }
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1498 if (numArgs > 0) {
1499 for (size_t i = 0; i < (size_t) numArgs; i++) {
1500 ssize_t inSize = data.readInt32();
1501 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1502 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1503 inSize);
1504 args.push_back(arg);
1505 } else {
1506 args.push_back(NULL);
1507 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1508 }
1509 }
1510 }
1511 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1512 reply->writeNoException();
1513 reply->writeInt32(ret);
1514 return NO_ERROR;
1515 } break;
1516 case IMPORT: {
1517 CHECK_INTERFACE(IKeystoreService, data, reply);
1518 String16 name = data.readString16();
1519 ssize_t inSize = data.readInt32();
1520 const void* in;
1521 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1522 in = data.readInplace(inSize);
1523 } else {
1524 in = NULL;
1525 inSize = 0;
1526 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1527 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1528 int32_t flags = data.readInt32();
1529 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1530 reply->writeNoException();
1531 reply->writeInt32(ret);
1532 return NO_ERROR;
1533 } break;
1534 case SIGN: {
1535 CHECK_INTERFACE(IKeystoreService, data, reply);
1536 String16 name = data.readString16();
1537 ssize_t inSize = data.readInt32();
1538 const void* in;
1539 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1540 in = data.readInplace(inSize);
1541 } else {
1542 in = NULL;
1543 inSize = 0;
1544 }
1545 void* out = NULL;
1546 size_t outSize = 0;
1547 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1548 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1549 if (outSize > 0 && out != NULL) {
1550 reply->writeInt32(outSize);
1551 void* buf = reply->writeInplace(outSize);
1552 memcpy(buf, out, outSize);
Chad Brubaker3a7d9e62015-06-04 15:01:46 -0700[diff] [blame]1553 delete[] reinterpret_cast<uint8_t*>(out);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1554 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1555 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1556 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1557 reply->writeInt32(ret);
1558 return NO_ERROR;
1559 } break;
1560 case VERIFY: {
1561 CHECK_INTERFACE(IKeystoreService, data, reply);
1562 String16 name = data.readString16();
1563 ssize_t inSize = data.readInt32();
1564 const void* in;
1565 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1566 in = data.readInplace(inSize);
1567 } else {
1568 in = NULL;
1569 inSize = 0;
1570 }
1571 ssize_t sigSize = data.readInt32();
1572 const void* sig;
1573 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1574 sig = data.readInplace(sigSize);
1575 } else {
1576 sig = NULL;
1577 sigSize = 0;
1578 }
1579 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1580 (size_t) sigSize);
1581 reply->writeNoException();
1582 reply->writeInt32(ret ? 1 : 0);
1583 return NO_ERROR;
1584 } break;
1585 case GET_PUBKEY: {
1586 CHECK_INTERFACE(IKeystoreService, data, reply);
1587 String16 name = data.readString16();
1588 void* out = NULL;
1589 size_t outSize = 0;
1590 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1591 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1592 if (outSize > 0 && out != NULL) {
1593 reply->writeInt32(outSize);
1594 void* buf = reply->writeInplace(outSize);
1595 memcpy(buf, out, outSize);
1596 free(out);
1597 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1598 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1599 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1600 reply->writeInt32(ret);
1601 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1602 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1603 case GRANT: {
1604 CHECK_INTERFACE(IKeystoreService, data, reply);
1605 String16 name = data.readString16();
1606 int32_t granteeUid = data.readInt32();
1607 int32_t ret = grant(name, granteeUid);
1608 reply->writeNoException();
1609 reply->writeInt32(ret);
1610 return NO_ERROR;
1611 } break;
1612 case UNGRANT: {
1613 CHECK_INTERFACE(IKeystoreService, data, reply);
1614 String16 name = data.readString16();
1615 int32_t granteeUid = data.readInt32();
1616 int32_t ret = ungrant(name, granteeUid);
1617 reply->writeNoException();
1618 reply->writeInt32(ret);
1619 return NO_ERROR;
1620 } break;
1621 case GETMTIME: {
1622 CHECK_INTERFACE(IKeystoreService, data, reply);
1623 String16 name = data.readString16();
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1624 int32_t uid = data.readInt32();
1625 int64_t ret = getmtime(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1626 reply->writeNoException();
1627 reply->writeInt64(ret);
1628 return NO_ERROR;
1629 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1630 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1631 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1632 String16 srcKey = data.readString16();
1633 int32_t srcUid = data.readInt32();
1634 String16 destKey = data.readString16();
1635 int32_t destUid = data.readInt32();
1636 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1637 reply->writeNoException();
1638 reply->writeInt32(ret);
1639 return NO_ERROR;
1640 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1641 case IS_HARDWARE_BACKED: {
1642 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1643 String16 keyType = data.readString16();
1644 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1645 reply->writeNoException();
1646 reply->writeInt32(ret);
1647 return NO_ERROR;
1648 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1649 case CLEAR_UID: {
1650 CHECK_INTERFACE(IKeystoreService, data, reply);
1651 int64_t uid = data.readInt64();
1652 int32_t ret = clear_uid(uid);
1653 reply->writeNoException();
1654 reply->writeInt32(ret);
1655 return NO_ERROR;
1656 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1657 case ADD_RNG_ENTROPY: {
1658 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1659 const uint8_t* bytes = NULL;
1660 size_t size = 0;
1661 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1662 int32_t ret = addRngEntropy(bytes, size);
1663 reply->writeNoException();
1664 reply->writeInt32(ret);
1665 return NO_ERROR;
1666 }
1667 case GENERATE_KEY: {
1668 CHECK_INTERFACE(IKeystoreService, data, reply);
1669 String16 name = data.readString16();
1670 KeymasterArguments args;
1671 if (data.readInt32() != 0) {
1672 args.readFromParcel(data);
1673 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1674 const uint8_t* entropy = NULL;
1675 size_t entropyLength = 0;
1676 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1677 int32_t uid = data.readInt32();
1678 int32_t flags = data.readInt32();
1679 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1680 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1681 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1682 reply->writeNoException();
1683 reply->writeInt32(ret);
1684 reply->writeInt32(1);
1685 outCharacteristics.writeToParcel(reply);
1686 return NO_ERROR;
1687 }
1688 case GET_KEY_CHARACTERISTICS: {
1689 CHECK_INTERFACE(IKeystoreService, data, reply);
1690 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1691 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1692 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1693 int32_t uid = data.readInt32();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1694 KeyCharacteristics outCharacteristics;
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1695 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(), uid,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1696 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1697 reply->writeNoException();
1698 reply->writeInt32(ret);
1699 reply->writeInt32(1);
1700 outCharacteristics.writeToParcel(reply);
1701 return NO_ERROR;
1702 }
1703 case IMPORT_KEY: {
1704 CHECK_INTERFACE(IKeystoreService, data, reply);
1705 String16 name = data.readString16();
1706 KeymasterArguments args;
1707 if (data.readInt32() != 0) {
1708 args.readFromParcel(data);
1709 }
1710 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1711 const uint8_t* keyData = NULL;
1712 size_t keyLength = 0;
1713 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1714 int32_t uid = data.readInt32();
1715 int32_t flags = data.readInt32();
1716 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1717 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1718 &outCharacteristics);
1719 reply->writeNoException();
1720 reply->writeInt32(ret);
1721 reply->writeInt32(1);
1722 outCharacteristics.writeToParcel(reply);
1723
1724 return NO_ERROR;
1725 }
1726 case EXPORT_KEY: {
1727 CHECK_INTERFACE(IKeystoreService, data, reply);
1728 String16 name = data.readString16();
1729 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1730 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1731 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1732 int32_t uid = data.readInt32();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1733 ExportResult result;
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1734 exportKey(name, format, clientId.get(), appData.get(), uid, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1735 reply->writeNoException();
1736 reply->writeInt32(1);
1737 result.writeToParcel(reply);
1738
1739 return NO_ERROR;
1740 }
1741 case BEGIN: {
1742 CHECK_INTERFACE(IKeystoreService, data, reply);
1743 sp<IBinder> token = data.readStrongBinder();
1744 String16 name = data.readString16();
1745 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1746 bool pruneable = data.readInt32() != 0;
1747 KeymasterArguments args;
1748 if (data.readInt32() != 0) {
1749 args.readFromParcel(data);
1750 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1751 const uint8_t* entropy = NULL;
1752 size_t entropyLength = 0;
1753 readByteArray(data, &entropy, &entropyLength);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1754 int32_t uid = data.readInt32();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1755 OperationResult result;
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame]1756 begin(token, name, purpose, pruneable, args, entropy, entropyLength, uid, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1757 reply->writeNoException();
1758 reply->writeInt32(1);
1759 result.writeToParcel(reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1760
1761 return NO_ERROR;
1762 }
1763 case UPDATE: {
1764 CHECK_INTERFACE(IKeystoreService, data, reply);
1765 sp<IBinder> token = data.readStrongBinder();
1766 KeymasterArguments args;
1767 if (data.readInt32() != 0) {
1768 args.readFromParcel(data);
1769 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1770 const uint8_t* buf = NULL;
1771 size_t bufLength = 0;
1772 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1773 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1774 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1775 reply->writeNoException();
1776 reply->writeInt32(1);
1777 result.writeToParcel(reply);
1778
1779 return NO_ERROR;
1780 }
1781 case FINISH: {
1782 CHECK_INTERFACE(IKeystoreService, data, reply);
1783 sp<IBinder> token = data.readStrongBinder();
1784 KeymasterArguments args;
1785 if (data.readInt32() != 0) {
1786 args.readFromParcel(data);
1787 }
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1788 const uint8_t* signature = NULL;
1789 size_t signatureLength = 0;
1790 readByteArray(data, &signature, &signatureLength);
1791 const uint8_t* entropy = NULL;
1792 size_t entropyLength = 0;
1793 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1794 OperationResult result;
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1795 finish(token, args, signature, signatureLength, entropy, entropyLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1796 reply->writeNoException();
1797 reply->writeInt32(1);
1798 result.writeToParcel(reply);
1799
1800 return NO_ERROR;
1801 }
1802 case ABORT: {
1803 CHECK_INTERFACE(IKeystoreService, data, reply);
1804 sp<IBinder> token = data.readStrongBinder();
1805 int32_t result = abort(token);
1806 reply->writeNoException();
1807 reply->writeInt32(result);
1808
1809 return NO_ERROR;
1810 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1811 case IS_OPERATION_AUTHORIZED: {
1812 CHECK_INTERFACE(IKeystoreService, data, reply);
1813 sp<IBinder> token = data.readStrongBinder();
1814 bool result = isOperationAuthorized(token);
1815 reply->writeNoException();
1816 reply->writeInt32(result ? 1 : 0);
1817
1818 return NO_ERROR;
1819 }
1820 case ADD_AUTH_TOKEN: {
1821 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1822 const uint8_t* token_bytes = NULL;
1823 size_t size = 0;
1824 readByteArray(data, &token_bytes, &size);
1825 int32_t result = addAuthToken(token_bytes, size);
1826 reply->writeNoException();
1827 reply->writeInt32(result);
1828
1829 return NO_ERROR;
1830 }
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1831 case ON_USER_ADDED: {
1832 CHECK_INTERFACE(IKeystoreService, data, reply);
1833 int32_t userId = data.readInt32();
1834 int32_t parentId = data.readInt32();
1835 int32_t result = onUserAdded(userId, parentId);
1836 reply->writeNoException();
1837 reply->writeInt32(result);
1838
1839 return NO_ERROR;
1840 }
1841 case ON_USER_REMOVED: {
1842 CHECK_INTERFACE(IKeystoreService, data, reply);
1843 int32_t userId = data.readInt32();
1844 int32_t result = onUserRemoved(userId);
1845 reply->writeNoException();
1846 reply->writeInt32(result);
1847
1848 return NO_ERROR;
1849 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1850 default:
1851 return BBinder::onTransact(code, data, reply, flags);
1852 }
1853}
1854
1855// ----------------------------------------------------------------------------
1856
1857}; // namespace android