Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 40a1a9b306d4e3c85b24f80ff39841507cf42357 / . / keystore / IKeystoreService.cpp
blob: 53e4e311bcf6114a0c6ad559e433cd9aedded5c2 [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]33static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
34
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]35KeystoreArg::KeystoreArg(const void* data, size_t len)
36 : mData(data), mSize(len) {
37}
38
39KeystoreArg::~KeystoreArg() {
40}
41
42const void *KeystoreArg::data() const {
43 return mData;
44}
45
46size_t KeystoreArg::size() const {
47 return mSize;
48}
49
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]50OperationResult::OperationResult() : resultCode(0), token(), inputConsumed(0),
51 data(NULL), dataLength(0) {
52}
53
54OperationResult::~OperationResult() {
55}
56
57void OperationResult::readFromParcel(const Parcel& in) {
58 resultCode = in.readInt32();
59 token = in.readStrongBinder();
60 inputConsumed = in.readInt32();
61 ssize_t length = in.readInt32();
62 dataLength = 0;
63 if (length > 0) {
64 const void* buf = in.readInplace(length);
65 if (buf) {
66 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
67 if (data.get()) {
68 memcpy(data.get(), buf, length);
69 dataLength = (size_t) length;
70 } else {
71 ALOGE("Failed to allocate OperationResult buffer");
72 }
73 } else {
74 ALOGE("Failed to readInplace OperationResult data");
75 }
76 }
77}
78
79void OperationResult::writeToParcel(Parcel* out) const {
80 out->writeInt32(resultCode);
81 out->writeStrongBinder(token);
82 out->writeInt32(inputConsumed);
83 out->writeInt32(dataLength);
84 if (dataLength && data) {
85 void* buf = out->writeInplace(dataLength);
86 if (buf) {
87 memcpy(buf, data.get(), dataLength);
88 } else {
89 ALOGE("Failed to writeInplace OperationResult data.");
90 }
91 }
92}
93
94ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
95}
96
97ExportResult::~ExportResult() {
98}
99
100void ExportResult::readFromParcel(const Parcel& in) {
101 resultCode = in.readInt32();
102 ssize_t length = in.readInt32();
103 dataLength = 0;
104 if (length > 0) {
105 const void* buf = in.readInplace(length);
106 if (buf) {
107 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
108 if (exportData.get()) {
109 memcpy(exportData.get(), buf, length);
110 dataLength = (size_t) length;
111 } else {
112 ALOGE("Failed to allocate ExportData buffer");
113 }
114 } else {
115 ALOGE("Failed to readInplace ExportData data");
116 }
117 }
118}
119
120void ExportResult::writeToParcel(Parcel* out) const {
121 out->writeInt32(resultCode);
122 out->writeInt32(dataLength);
123 if (exportData && dataLength) {
124 void* buf = out->writeInplace(dataLength);
125 if (buf) {
126 memcpy(buf, exportData.get(), dataLength);
127 } else {
128 ALOGE("Failed to writeInplace ExportResult data.");
129 }
130 }
131}
132
133KeymasterArguments::KeymasterArguments() {
134}
135
136KeymasterArguments::~KeymasterArguments() {
137 keymaster_free_param_values(params.data(), params.size());
138}
139
140void KeymasterArguments::readFromParcel(const Parcel& in) {
141 ssize_t length = in.readInt32();
142 size_t ulength = (size_t) length;
143 if (length < 0) {
144 ulength = 0;
145 }
146 keymaster_free_param_values(params.data(), params.size());
147 params.clear();
148 for(size_t i = 0; i < ulength; i++) {
149 keymaster_key_param_t param;
150 if (!readKeymasterArgumentFromParcel(in, &param)) {
151 ALOGE("Error reading keymaster argument from parcel");
152 break;
153 }
154 params.push_back(param);
155 }
156}
157
158void KeymasterArguments::writeToParcel(Parcel* out) const {
159 out->writeInt32(params.size());
160 for (auto param : params) {
161 out->writeInt32(1);
162 writeKeymasterArgumentToParcel(param, out);
163 }
164}
165
166KeyCharacteristics::KeyCharacteristics() {
167 memset((void*) &characteristics, 0, sizeof(characteristics));
168}
169
170KeyCharacteristics::~KeyCharacteristics() {
171 keymaster_free_characteristics(&characteristics);
172}
173
174void KeyCharacteristics::readFromParcel(const Parcel& in) {
175 size_t length = 0;
176 keymaster_key_param_t* params = readParamList(in, &length);
177 characteristics.sw_enforced.params = params;
178 characteristics.sw_enforced.length = length;
179
180 params = readParamList(in, &length);
181 characteristics.hw_enforced.params = params;
182 characteristics.hw_enforced.length = length;
183}
184
185void KeyCharacteristics::writeToParcel(Parcel* out) const {
186 if (characteristics.sw_enforced.params) {
187 out->writeInt32(characteristics.sw_enforced.length);
188 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
189 out->writeInt32(1);
190 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
191 }
192 } else {
193 out->writeInt32(0);
194 }
195 if (characteristics.hw_enforced.params) {
196 out->writeInt32(characteristics.hw_enforced.length);
197 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
198 out->writeInt32(1);
199 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
200 }
201 } else {
202 out->writeInt32(0);
203 }
204}
205
206void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
207 switch (keymaster_tag_get_type(param.tag)) {
208 case KM_ENUM:
209 case KM_ENUM_REP: {
210 out->writeInt32(param.tag);
211 out->writeInt32(param.enumerated);
212 break;
213 }
214 case KM_INT:
215 case KM_INT_REP: {
216 out->writeInt32(param.tag);
217 out->writeInt32(param.integer);
218 break;
219 }
220 case KM_LONG: {
221 out->writeInt32(param.tag);
222 out->writeInt64(param.long_integer);
223 break;
224 }
225 case KM_DATE: {
226 out->writeInt32(param.tag);
227 out->writeInt64(param.date_time);
228 break;
229 }
230 case KM_BOOL: {
231 out->writeInt32(param.tag);
232 break;
233 }
234 case KM_BIGNUM:
235 case KM_BYTES: {
236 out->writeInt32(param.tag);
237 out->writeInt32(param.blob.data_length);
238 void* buf = out->writeInplace(param.blob.data_length);
239 if (buf) {
240 memcpy(buf, param.blob.data, param.blob.data_length);
241 } else {
242 ALOGE("Failed to writeInplace keymaster blob param");
243 }
244 break;
245 }
246 default: {
247 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
248 }
249 }
250}
251
252
253bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
254 if (in.readInt32() == 0) {
255 return false;
256 }
257 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
258 switch (keymaster_tag_get_type(tag)) {
259 case KM_ENUM:
260 case KM_ENUM_REP: {
261 uint32_t value = in.readInt32();
262 *out = keymaster_param_enum(tag, value);
263 break;
264 }
265 case KM_INT:
266 case KM_INT_REP: {
267 uint32_t value = in.readInt32();
268 *out = keymaster_param_int(tag, value);
269 break;
270 }
271 case KM_LONG: {
272 uint64_t value = in.readInt64();
273 *out = keymaster_param_long(tag, value);
274 break;
275 }
276 case KM_DATE: {
277 uint64_t value = in.readInt64();
278 *out = keymaster_param_date(tag, value);
279 break;
280 }
281 case KM_BOOL: {
282 *out = keymaster_param_bool(tag);
283 break;
284 }
285 case KM_BIGNUM:
286 case KM_BYTES: {
287 ssize_t length = in.readInt32();
288 uint8_t* data = NULL;
289 size_t ulength = 0;
290 if (length >= 0) {
291 ulength = (size_t) length;
292 // use malloc here so we can use keymaster_free_param_values
293 // consistently.
294 data = reinterpret_cast<uint8_t*>(malloc(ulength));
295 const void* buf = in.readInplace(ulength);
296 if (!buf || !data) {
297 ALOGE("Failed to allocate buffer for keymaster blob param");
298 return false;
299 }
300 memcpy(data, buf, ulength);
301 }
302 *out = keymaster_param_blob(tag, data, ulength);
303 break;
304 }
305 default: {
306 ALOGE("Unsupported keymaster_tag_t %d", tag);
307 return false;
308 }
309 }
310 return true;
311}
312
313// Read a keymaster_key_param_t* from a Parcel for use in a
314// keymaster_key_characteristics_t. This will be free'd by calling
315// keymaster_free_key_characteristics.
316static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
317 ssize_t slength = in.readInt32();
318 *length = 0;
319 if (slength < 0) {
320 return NULL;
321 }
322 *length = (size_t) slength;
323 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
324 return NULL;
325 }
326 keymaster_key_param_t* list =
327 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
328 sizeof(keymaster_key_param_t)));
329 if (!list) {
330 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
331 goto err;
332 }
333 for (size_t i = 0; i < *length ; i++) {
334 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
335 ALOGE("Failed to read keymaster argument");
336 keymaster_free_param_values(list, i);
337 goto err;
338 }
339 }
340 return list;
341err:
342 free(list);
343 return NULL;
344}
345
346static void readKeymasterBlob(const Parcel& in, keymaster_blob_t* blob) {
347 ssize_t length = in.readInt32();
348 if (length > 0) {
349 blob->data = (uint8_t*) in.readInplace(length);
350 if (blob->data) {
351 blob->data_length = (size_t) length;
352 } else {
353 blob->data_length = 0;
354 }
355 } else {
356 blob->data = NULL;
357 blob->data_length = 0;
358 }
359}
360
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]361class BpKeystoreService: public BpInterface<IKeystoreService>
362{
363public:
364 BpKeystoreService(const sp<IBinder>& impl)
365 : BpInterface<IKeystoreService>(impl)
366 {
367 }
368
369 // test ping
370 virtual int32_t test()
371 {
372 Parcel data, reply;
373 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
374 status_t status = remote()->transact(BnKeystoreService::TEST, data, &reply);
375 if (status != NO_ERROR) {
376 ALOGD("test() could not contact remote: %d\n", status);
377 return -1;
378 }
379 int32_t err = reply.readExceptionCode();
380 int32_t ret = reply.readInt32();
381 if (err < 0) {
382 ALOGD("test() caught exception %d\n", err);
383 return -1;
384 }
385 return ret;
386 }
387
388 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
389 {
390 Parcel data, reply;
391 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
392 data.writeString16(name);
393 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
394 if (status != NO_ERROR) {
395 ALOGD("get() could not contact remote: %d\n", status);
396 return -1;
397 }
398 int32_t err = reply.readExceptionCode();
399 ssize_t len = reply.readInt32();
400 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
401 size_t ulen = (size_t) len;
402 const void* buf = reply.readInplace(ulen);
403 *item = (uint8_t*) malloc(ulen);
404 if (*item != NULL) {
405 memcpy(*item, buf, ulen);
406 *itemLength = ulen;
407 } else {
408 ALOGE("out of memory allocating output array in get");
409 *itemLength = 0;
410 }
411 } else {
412 *itemLength = 0;
413 }
414 if (err < 0) {
415 ALOGD("get() caught exception %d\n", err);
416 return -1;
417 }
418 return 0;
419 }
420
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]421 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
422 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]423 {
424 Parcel data, reply;
425 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
426 data.writeString16(name);
427 data.writeInt32(itemLength);
428 void* buf = data.writeInplace(itemLength);
429 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]430 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]431 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]432 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
433 if (status != NO_ERROR) {
434 ALOGD("import() could not contact remote: %d\n", status);
435 return -1;
436 }
437 int32_t err = reply.readExceptionCode();
438 int32_t ret = reply.readInt32();
439 if (err < 0) {
440 ALOGD("import() caught exception %d\n", err);
441 return -1;
442 }
443 return ret;
444 }
445
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]446 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]447 {
448 Parcel data, reply;
449 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
450 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]451 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]452 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
453 if (status != NO_ERROR) {
454 ALOGD("del() could not contact remote: %d\n", status);
455 return -1;
456 }
457 int32_t err = reply.readExceptionCode();
458 int32_t ret = reply.readInt32();
459 if (err < 0) {
460 ALOGD("del() caught exception %d\n", err);
461 return -1;
462 }
463 return ret;
464 }
465
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]466 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]467 {
468 Parcel data, reply;
469 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
470 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]471 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]472 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
473 if (status != NO_ERROR) {
474 ALOGD("exist() could not contact remote: %d\n", status);
475 return -1;
476 }
477 int32_t err = reply.readExceptionCode();
478 int32_t ret = reply.readInt32();
479 if (err < 0) {
480 ALOGD("exist() caught exception %d\n", err);
481 return -1;
482 }
483 return ret;
484 }
485
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]486 virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]487 {
488 Parcel data, reply;
489 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
490 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]491 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]492 status_t status = remote()->transact(BnKeystoreService::SAW, data, &reply);
493 if (status != NO_ERROR) {
494 ALOGD("saw() could not contact remote: %d\n", status);
495 return -1;
496 }
497 int32_t err = reply.readExceptionCode();
498 int32_t numMatches = reply.readInt32();
499 for (int32_t i = 0; i < numMatches; i++) {
500 matches->push(reply.readString16());
501 }
502 int32_t ret = reply.readInt32();
503 if (err < 0) {
504 ALOGD("saw() caught exception %d\n", err);
505 return -1;
506 }
507 return ret;
508 }
509
510 virtual int32_t reset()
511 {
512 Parcel data, reply;
513 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
514 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
515 if (status != NO_ERROR) {
516 ALOGD("reset() could not contact remote: %d\n", status);
517 return -1;
518 }
519 int32_t err = reply.readExceptionCode();
520 int32_t ret = reply.readInt32();
521 if (err < 0) {
522 ALOGD("reset() caught exception %d\n", err);
523 return -1;
524 }
525 return ret;
526 }
527
528 virtual int32_t password(const String16& password)
529 {
530 Parcel data, reply;
531 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
532 data.writeString16(password);
533 status_t status = remote()->transact(BnKeystoreService::PASSWORD, data, &reply);
534 if (status != NO_ERROR) {
535 ALOGD("password() could not contact remote: %d\n", status);
536 return -1;
537 }
538 int32_t err = reply.readExceptionCode();
539 int32_t ret = reply.readInt32();
540 if (err < 0) {
541 ALOGD("password() caught exception %d\n", err);
542 return -1;
543 }
544 return ret;
545 }
546
547 virtual int32_t lock()
548 {
549 Parcel data, reply;
550 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
551 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
552 if (status != NO_ERROR) {
553 ALOGD("lock() could not contact remote: %d\n", status);
554 return -1;
555 }
556 int32_t err = reply.readExceptionCode();
557 int32_t ret = reply.readInt32();
558 if (err < 0) {
559 ALOGD("lock() caught exception %d\n", err);
560 return -1;
561 }
562 return ret;
563 }
564
565 virtual int32_t unlock(const String16& password)
566 {
567 Parcel data, reply;
568 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
569 data.writeString16(password);
570 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
571 if (status != NO_ERROR) {
572 ALOGD("unlock() could not contact remote: %d\n", status);
573 return -1;
574 }
575 int32_t err = reply.readExceptionCode();
576 int32_t ret = reply.readInt32();
577 if (err < 0) {
578 ALOGD("unlock() caught exception %d\n", err);
579 return -1;
580 }
581 return ret;
582 }
583
584 virtual int32_t zero()
585 {
586 Parcel data, reply;
587 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
588 status_t status = remote()->transact(BnKeystoreService::ZERO, data, &reply);
589 if (status != NO_ERROR) {
590 ALOGD("zero() could not contact remote: %d\n", status);
591 return -1;
592 }
593 int32_t err = reply.readExceptionCode();
594 int32_t ret = reply.readInt32();
595 if (err < 0) {
596 ALOGD("zero() caught exception %d\n", err);
597 return -1;
598 }
599 return ret;
600 }
601
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]602 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
603 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]604 {
605 Parcel data, reply;
606 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
607 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]608 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]609 data.writeInt32(keyType);
610 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]611 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]612 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]613 data.writeInt32(args->size());
614 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
615 sp<KeystoreArg> item = *it;
616 size_t keyLength = item->size();
617 data.writeInt32(keyLength);
618 void* buf = data.writeInplace(keyLength);
619 memcpy(buf, item->data(), keyLength);
620 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]621 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
622 if (status != NO_ERROR) {
623 ALOGD("generate() could not contact remote: %d\n", status);
624 return -1;
625 }
626 int32_t err = reply.readExceptionCode();
627 int32_t ret = reply.readInt32();
628 if (err < 0) {
629 ALOGD("generate() caught exception %d\n", err);
630 return -1;
631 }
632 return ret;
633 }
634
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]635 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
636 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]637 {
638 Parcel data, reply;
639 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
640 data.writeString16(name);
641 data.writeInt32(keyLength);
642 void* buf = data.writeInplace(keyLength);
643 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]644 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]645 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]646 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
647 if (status != NO_ERROR) {
648 ALOGD("import() could not contact remote: %d\n", status);
649 return -1;
650 }
651 int32_t err = reply.readExceptionCode();
652 int32_t ret = reply.readInt32();
653 if (err < 0) {
654 ALOGD("import() caught exception %d\n", err);
655 return -1;
656 }
657 return ret;
658 }
659
660 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
661 size_t* outLength)
662 {
663 Parcel data, reply;
664 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
665 data.writeString16(name);
666 data.writeInt32(inLength);
667 void* buf = data.writeInplace(inLength);
668 memcpy(buf, in, inLength);
669 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
670 if (status != NO_ERROR) {
671 ALOGD("import() could not contact remote: %d\n", status);
672 return -1;
673 }
674 int32_t err = reply.readExceptionCode();
675 ssize_t len = reply.readInt32();
676 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
677 size_t ulen = (size_t) len;
678 const void* outBuf = reply.readInplace(ulen);
679 *out = (uint8_t*) malloc(ulen);
680 if (*out != NULL) {
681 memcpy((void*) *out, outBuf, ulen);
682 *outLength = ulen;
683 } else {
684 ALOGE("out of memory allocating output array in sign");
685 *outLength = 0;
686 }
687 } else {
688 *outLength = 0;
689 }
690 if (err < 0) {
691 ALOGD("import() caught exception %d\n", err);
692 return -1;
693 }
694 return 0;
695 }
696
697 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
698 const uint8_t* signature, size_t signatureLength)
699 {
700 Parcel data, reply;
701 void* buf;
702
703 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
704 data.writeString16(name);
705 data.writeInt32(inLength);
706 buf = data.writeInplace(inLength);
707 memcpy(buf, in, inLength);
708 data.writeInt32(signatureLength);
709 buf = data.writeInplace(signatureLength);
710 memcpy(buf, signature, signatureLength);
711 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
712 if (status != NO_ERROR) {
713 ALOGD("verify() could not contact remote: %d\n", status);
714 return -1;
715 }
716 int32_t err = reply.readExceptionCode();
717 int32_t ret = reply.readInt32();
718 if (err < 0) {
719 ALOGD("verify() caught exception %d\n", err);
720 return -1;
721 }
722 return ret;
723 }
724
725 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
726 {
727 Parcel data, reply;
728 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
729 data.writeString16(name);
730 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
731 if (status != NO_ERROR) {
732 ALOGD("get_pubkey() could not contact remote: %d\n", status);
733 return -1;
734 }
735 int32_t err = reply.readExceptionCode();
736 ssize_t len = reply.readInt32();
737 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
738 size_t ulen = (size_t) len;
739 const void* buf = reply.readInplace(ulen);
740 *pubkey = (uint8_t*) malloc(ulen);
741 if (*pubkey != NULL) {
742 memcpy(*pubkey, buf, ulen);
743 *pubkeyLength = ulen;
744 } else {
745 ALOGE("out of memory allocating output array in get_pubkey");
746 *pubkeyLength = 0;
747 }
748 } else {
749 *pubkeyLength = 0;
750 }
751 if (err < 0) {
752 ALOGD("get_pubkey() caught exception %d\n", err);
753 return -1;
754 }
755 return 0;
756 }
757
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]758 virtual int32_t del_key(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]759 {
760 Parcel data, reply;
761 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
762 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]763 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]764 status_t status = remote()->transact(BnKeystoreService::DEL_KEY, data, &reply);
765 if (status != NO_ERROR) {
766 ALOGD("del_key() could not contact remote: %d\n", status);
767 return -1;
768 }
769 int32_t err = reply.readExceptionCode();
770 int32_t ret = reply.readInt32();
771 if (err < 0) {
772 ALOGD("del_key() caught exception %d\n", err);
773 return -1;
774 }
775 return ret;
776 }
777
778 virtual int32_t grant(const String16& name, int32_t granteeUid)
779 {
780 Parcel data, reply;
781 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
782 data.writeString16(name);
783 data.writeInt32(granteeUid);
784 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
785 if (status != NO_ERROR) {
786 ALOGD("grant() could not contact remote: %d\n", status);
787 return -1;
788 }
789 int32_t err = reply.readExceptionCode();
790 int32_t ret = reply.readInt32();
791 if (err < 0) {
792 ALOGD("grant() caught exception %d\n", err);
793 return -1;
794 }
795 return ret;
796 }
797
798 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
799 {
800 Parcel data, reply;
801 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
802 data.writeString16(name);
803 data.writeInt32(granteeUid);
804 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
805 if (status != NO_ERROR) {
806 ALOGD("ungrant() could not contact remote: %d\n", status);
807 return -1;
808 }
809 int32_t err = reply.readExceptionCode();
810 int32_t ret = reply.readInt32();
811 if (err < 0) {
812 ALOGD("ungrant() caught exception %d\n", err);
813 return -1;
814 }
815 return ret;
816 }
817
818 int64_t getmtime(const String16& name)
819 {
820 Parcel data, reply;
821 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
822 data.writeString16(name);
823 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
824 if (status != NO_ERROR) {
825 ALOGD("getmtime() could not contact remote: %d\n", status);
826 return -1;
827 }
828 int32_t err = reply.readExceptionCode();
829 int64_t ret = reply.readInt64();
830 if (err < 0) {
831 ALOGD("getmtime() caught exception %d\n", err);
832 return -1;
833 }
834 return ret;
835 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]836
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]837 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
838 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]839 {
840 Parcel data, reply;
841 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]842 data.writeString16(srcKey);
843 data.writeInt32(srcUid);
844 data.writeString16(destKey);
845 data.writeInt32(destUid);
846 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]847 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]848 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]849 return -1;
850 }
851 int32_t err = reply.readExceptionCode();
852 int32_t ret = reply.readInt32();
853 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]854 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]855 return -1;
856 }
857 return ret;
858 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]859
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]860 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]861 {
862 Parcel data, reply;
863 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]864 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]865 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
866 if (status != NO_ERROR) {
867 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
868 return -1;
869 }
870 int32_t err = reply.readExceptionCode();
871 int32_t ret = reply.readInt32();
872 if (err < 0) {
873 ALOGD("is_hardware_backed() caught exception %d\n", err);
874 return -1;
875 }
876 return ret;
877 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]878
879 virtual int32_t clear_uid(int64_t uid)
880 {
881 Parcel data, reply;
882 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
883 data.writeInt64(uid);
884 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
885 if (status != NO_ERROR) {
886 ALOGD("clear_uid() could not contact remote: %d\n", status);
887 return -1;
888 }
889 int32_t err = reply.readExceptionCode();
890 int32_t ret = reply.readInt32();
891 if (err < 0) {
892 ALOGD("clear_uid() caught exception %d\n", err);
893 return -1;
894 }
895 return ret;
896 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]897
898 virtual int32_t reset_uid(int32_t uid) {
899 Parcel data, reply;
900 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
901 data.writeInt32(uid);
902 status_t status = remote()->transact(BnKeystoreService::RESET_UID, data, &reply);
903 if (status != NO_ERROR) {
904 ALOGD("reset_uid() could not contact remote: %d\n", status);
905 return -1;
906 }
907 int32_t err = reply.readExceptionCode();
908 int32_t ret = reply.readInt32();
909 if (err < 0) {
910 ALOGD("reset_uid() caught exception %d\n", err);
911 return -1;
912 }
913 return ret;
914
915 }
916
917 virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid)
918 {
919 Parcel data, reply;
920 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
921 data.writeInt32(sourceUid);
922 data.writeInt32(targetUid);
923 status_t status = remote()->transact(BnKeystoreService::SYNC_UID, data, &reply);
924 if (status != NO_ERROR) {
925 ALOGD("sync_uid() could not contact remote: %d\n", status);
926 return -1;
927 }
928 int32_t err = reply.readExceptionCode();
929 int32_t ret = reply.readInt32();
930 if (err < 0) {
931 ALOGD("sync_uid() caught exception %d\n", err);
932 return -1;
933 }
934 return ret;
935 }
936
937 virtual int32_t password_uid(const String16& password, int32_t uid)
938 {
939 Parcel data, reply;
940 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
941 data.writeString16(password);
942 data.writeInt32(uid);
943 status_t status = remote()->transact(BnKeystoreService::PASSWORD_UID, data, &reply);
944 if (status != NO_ERROR) {
945 ALOGD("password_uid() could not contact remote: %d\n", status);
946 return -1;
947 }
948 int32_t err = reply.readExceptionCode();
949 int32_t ret = reply.readInt32();
950 if (err < 0) {
951 ALOGD("password_uid() caught exception %d\n", err);
952 return -1;
953 }
954 return ret;
955 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]956 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
957 {
958 Parcel data, reply;
959 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
960 data.writeInt32(bufLength);
961 data.writeByteArray(bufLength, buf);
962 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
963 if (status != NO_ERROR) {
964 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
965 return -1;
966 }
967 int32_t err = reply.readExceptionCode();
968 int32_t ret = reply.readInt32();
969 if (err < 0) {
970 ALOGD("addRngEntropy() caught exception %d\n", err);
971 return -1;
972 }
973 return ret;
974 };
975
976 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
977 int uid, int flags, KeyCharacteristics* outCharacteristics)
978 {
979 Parcel data, reply;
980 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
981 data.writeString16(name);
982 data.writeInt32(1);
983 params.writeToParcel(&data);
984 data.writeInt32(uid);
985 data.writeInt32(flags);
986 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
987 if (status != NO_ERROR) {
988 ALOGD("generateKey() could not contact remote: %d\n", status);
989 return KM_ERROR_UNKNOWN_ERROR;
990 }
991 int32_t err = reply.readExceptionCode();
992 int32_t ret = reply.readInt32();
993 if (err < 0) {
994 ALOGD("generateKey() caught exception %d\n", err);
995 return KM_ERROR_UNKNOWN_ERROR;
996 }
997 if (reply.readInt32() != 0 && outCharacteristics) {
998 outCharacteristics->readFromParcel(reply);
999 }
1000 return ret;
1001 }
1002 virtual int32_t getKeyCharacteristics(const String16& name,
1003 const keymaster_blob_t& clientId,
1004 const keymaster_blob_t& appData,
1005 KeyCharacteristics* outCharacteristics)
1006 {
1007 Parcel data, reply;
1008 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1009 data.writeString16(name);
1010 data.writeByteArray(clientId.data_length, clientId.data);
1011 data.writeByteArray(appData.data_length, appData.data);
1012 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1013 data, &reply);
1014 if (status != NO_ERROR) {
1015 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1016 return KM_ERROR_UNKNOWN_ERROR;
1017 }
1018 int32_t err = reply.readExceptionCode();
1019 int32_t ret = reply.readInt32();
1020 if (err < 0) {
1021 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1022 return KM_ERROR_UNKNOWN_ERROR;
1023 }
1024 if (reply.readInt32() != 0 && outCharacteristics) {
1025 outCharacteristics->readFromParcel(reply);
1026 }
1027 return ret;
1028 }
1029 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1030 keymaster_key_format_t format, const uint8_t *keyData,
1031 size_t keyLength, int uid, int flags,
1032 KeyCharacteristics* outCharacteristics)
1033 {
1034 Parcel data, reply;
1035 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1036 data.writeString16(name);
1037 data.writeInt32(1);
1038 params.writeToParcel(&data);
1039 data.writeInt32(format);
1040 data.writeByteArray(keyLength, keyData);
1041 data.writeInt32(uid);
1042 data.writeInt32(flags);
1043 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1044 if (status != NO_ERROR) {
1045 ALOGD("importKey() could not contact remote: %d\n", status);
1046 return KM_ERROR_UNKNOWN_ERROR;
1047 }
1048 int32_t err = reply.readExceptionCode();
1049 int32_t ret = reply.readInt32();
1050 if (err < 0) {
1051 ALOGD("importKey() caught exception %d\n", err);
1052 return KM_ERROR_UNKNOWN_ERROR;
1053 }
1054 if (reply.readInt32() != 0 && outCharacteristics) {
1055 outCharacteristics->readFromParcel(reply);
1056 }
1057 return ret;
1058 }
1059
1060 virtual void exportKey(const String16& name, keymaster_key_format_t format,
1061 const keymaster_blob_t& clientId,
1062 const keymaster_blob_t& appData, ExportResult* result)
1063 {
1064 if (!result) {
1065 return;
1066 }
1067
1068 Parcel data, reply;
1069 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1070 data.writeString16(name);
1071 data.writeInt32(format);
1072 data.writeByteArray(clientId.data_length, clientId.data);
1073 data.writeByteArray(appData.data_length, appData.data);
1074 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1075 if (status != NO_ERROR) {
1076 ALOGD("exportKey() could not contact remote: %d\n", status);
1077 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1078 return;
1079 }
1080 int32_t err = reply.readExceptionCode();
1081 if (err < 0) {
1082 ALOGD("exportKey() caught exception %d\n", err);
1083 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1084 return;
1085 }
1086 if (reply.readInt32() != 0) {
1087 result->readFromParcel(reply);
1088 }
1089 }
1090
1091 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1092 keymaster_purpose_t purpose, bool pruneable,
1093 const KeymasterArguments& params, KeymasterArguments* outParams,
1094 OperationResult* result)
1095 {
1096 if (!result || !outParams) {
1097 return;
1098 }
1099 Parcel data, reply;
1100 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1101 data.writeStrongBinder(appToken);
1102 data.writeString16(name);
1103 data.writeInt32(purpose);
1104 data.writeInt32(pruneable ? 1 : 0);
1105 data.writeInt32(1);
1106 params.writeToParcel(&data);
1107 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1108 if (status != NO_ERROR) {
1109 ALOGD("begin() could not contact remote: %d\n", status);
1110 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1111 return;
1112 }
1113 int32_t err = reply.readExceptionCode();
1114 if (err < 0) {
1115 ALOGD("begin() caught exception %d\n", err);
1116 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1117 return;
1118 }
1119 if (reply.readInt32() != 0) {
1120 result->readFromParcel(reply);
1121 }
1122 if (reply.readInt32() != 0) {
1123 outParams->readFromParcel(reply);
1124 }
1125 }
1126
1127 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame^]1128 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1129 {
1130 if (!result) {
1131 return;
1132 }
1133 Parcel data, reply;
1134 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1135 data.writeStrongBinder(token);
1136 data.writeInt32(1);
1137 params.writeToParcel(&data);
1138 data.writeByteArray(dataLength, opData);
1139 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1140 if (status != NO_ERROR) {
1141 ALOGD("update() could not contact remote: %d\n", status);
1142 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1143 return;
1144 }
1145 int32_t err = reply.readExceptionCode();
1146 if (err < 0) {
1147 ALOGD("update() caught exception %d\n", err);
1148 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1149 return;
1150 }
1151 if (reply.readInt32() != 0) {
1152 result->readFromParcel(reply);
1153 }
1154 }
1155
1156 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame^]1157 const uint8_t* signature, size_t signatureLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1158 {
1159 if (!result) {
1160 return;
1161 }
1162 Parcel data, reply;
1163 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1164 data.writeStrongBinder(token);
1165 data.writeInt32(1);
1166 params.writeToParcel(&data);
1167 data.writeByteArray(signatureLength, signature);
1168 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1169 if (status != NO_ERROR) {
1170 ALOGD("finish() could not contact remote: %d\n", status);
1171 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1172 return;
1173 }
1174 int32_t err = reply.readExceptionCode();
1175 if (err < 0) {
1176 ALOGD("finish() caught exception %d\n", err);
1177 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1178 return;
1179 }
1180 if (reply.readInt32() != 0) {
1181 result->readFromParcel(reply);
1182 }
1183 }
1184
1185 virtual int32_t abort(const sp<IBinder>& token)
1186 {
1187 Parcel data, reply;
1188 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1189 data.writeStrongBinder(token);
1190 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1191 if (status != NO_ERROR) {
1192 ALOGD("abort() could not contact remote: %d\n", status);
1193 return KM_ERROR_UNKNOWN_ERROR;
1194 }
1195 int32_t err = reply.readExceptionCode();
1196 int32_t ret = reply.readInt32();
1197 if (err < 0) {
1198 ALOGD("abort() caught exception %d\n", err);
1199 return KM_ERROR_UNKNOWN_ERROR;
1200 }
1201 return ret;
1202 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1203};
1204
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1205IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1206
1207// ----------------------------------------------------------------------
1208
1209status_t BnKeystoreService::onTransact(
1210 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1211{
1212 switch(code) {
1213 case TEST: {
1214 CHECK_INTERFACE(IKeystoreService, data, reply);
1215 int32_t ret = test();
1216 reply->writeNoException();
1217 reply->writeInt32(ret);
1218 return NO_ERROR;
1219 } break;
1220 case GET: {
1221 CHECK_INTERFACE(IKeystoreService, data, reply);
1222 String16 name = data.readString16();
1223 void* out = NULL;
1224 size_t outSize = 0;
1225 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1226 reply->writeNoException();
1227 if (ret == 1) {
1228 reply->writeInt32(outSize);
1229 void* buf = reply->writeInplace(outSize);
1230 memcpy(buf, out, outSize);
1231 free(out);
1232 } else {
1233 reply->writeInt32(-1);
1234 }
1235 return NO_ERROR;
1236 } break;
1237 case INSERT: {
1238 CHECK_INTERFACE(IKeystoreService, data, reply);
1239 String16 name = data.readString16();
1240 ssize_t inSize = data.readInt32();
1241 const void* in;
1242 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1243 in = data.readInplace(inSize);
1244 } else {
1245 in = NULL;
1246 inSize = 0;
1247 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1248 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1249 int32_t flags = data.readInt32();
1250 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1251 reply->writeNoException();
1252 reply->writeInt32(ret);
1253 return NO_ERROR;
1254 } break;
1255 case DEL: {
1256 CHECK_INTERFACE(IKeystoreService, data, reply);
1257 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1258 int uid = data.readInt32();
1259 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1260 reply->writeNoException();
1261 reply->writeInt32(ret);
1262 return NO_ERROR;
1263 } break;
1264 case EXIST: {
1265 CHECK_INTERFACE(IKeystoreService, data, reply);
1266 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1267 int uid = data.readInt32();
1268 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1269 reply->writeNoException();
1270 reply->writeInt32(ret);
1271 return NO_ERROR;
1272 } break;
1273 case SAW: {
1274 CHECK_INTERFACE(IKeystoreService, data, reply);
1275 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1276 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1277 Vector<String16> matches;
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1278 int32_t ret = saw(name, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1279 reply->writeNoException();
1280 reply->writeInt32(matches.size());
1281 Vector<String16>::const_iterator it = matches.begin();
1282 for (; it != matches.end(); ++it) {
1283 reply->writeString16(*it);
1284 }
1285 reply->writeInt32(ret);
1286 return NO_ERROR;
1287 } break;
1288 case RESET: {
1289 CHECK_INTERFACE(IKeystoreService, data, reply);
1290 int32_t ret = reset();
1291 reply->writeNoException();
1292 reply->writeInt32(ret);
1293 return NO_ERROR;
1294 } break;
1295 case PASSWORD: {
1296 CHECK_INTERFACE(IKeystoreService, data, reply);
1297 String16 pass = data.readString16();
1298 int32_t ret = password(pass);
1299 reply->writeNoException();
1300 reply->writeInt32(ret);
1301 return NO_ERROR;
1302 } break;
1303 case LOCK: {
1304 CHECK_INTERFACE(IKeystoreService, data, reply);
1305 int32_t ret = lock();
1306 reply->writeNoException();
1307 reply->writeInt32(ret);
1308 return NO_ERROR;
1309 } break;
1310 case UNLOCK: {
1311 CHECK_INTERFACE(IKeystoreService, data, reply);
1312 String16 pass = data.readString16();
1313 int32_t ret = unlock(pass);
1314 reply->writeNoException();
1315 reply->writeInt32(ret);
1316 return NO_ERROR;
1317 } break;
1318 case ZERO: {
1319 CHECK_INTERFACE(IKeystoreService, data, reply);
1320 int32_t ret = zero();
1321 reply->writeNoException();
1322 reply->writeInt32(ret);
1323 return NO_ERROR;
1324 } break;
1325 case GENERATE: {
1326 CHECK_INTERFACE(IKeystoreService, data, reply);
1327 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1328 int32_t uid = data.readInt32();
1329 int32_t keyType = data.readInt32();
1330 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1331 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1332 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1333 int32_t argsPresent = data.readInt32();
1334 if (argsPresent == 1) {
1335 ssize_t numArgs = data.readInt32();
1336 if (numArgs > 0) {
1337 for (size_t i = 0; i < (size_t) numArgs; i++) {
1338 ssize_t inSize = data.readInt32();
1339 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1340 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1341 inSize);
1342 args.push_back(arg);
1343 } else {
1344 args.push_back(NULL);
1345 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1346 }
1347 }
1348 }
1349 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1350 reply->writeNoException();
1351 reply->writeInt32(ret);
1352 return NO_ERROR;
1353 } break;
1354 case IMPORT: {
1355 CHECK_INTERFACE(IKeystoreService, data, reply);
1356 String16 name = data.readString16();
1357 ssize_t inSize = data.readInt32();
1358 const void* in;
1359 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1360 in = data.readInplace(inSize);
1361 } else {
1362 in = NULL;
1363 inSize = 0;
1364 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1365 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1366 int32_t flags = data.readInt32();
1367 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1368 reply->writeNoException();
1369 reply->writeInt32(ret);
1370 return NO_ERROR;
1371 } break;
1372 case SIGN: {
1373 CHECK_INTERFACE(IKeystoreService, data, reply);
1374 String16 name = data.readString16();
1375 ssize_t inSize = data.readInt32();
1376 const void* in;
1377 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1378 in = data.readInplace(inSize);
1379 } else {
1380 in = NULL;
1381 inSize = 0;
1382 }
1383 void* out = NULL;
1384 size_t outSize = 0;
1385 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1386 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1387 if (outSize > 0 && out != NULL) {
1388 reply->writeInt32(outSize);
1389 void* buf = reply->writeInplace(outSize);
1390 memcpy(buf, out, outSize);
1391 free(out);
1392 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1393 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1394 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1395 reply->writeInt32(ret);
1396 return NO_ERROR;
1397 } break;
1398 case VERIFY: {
1399 CHECK_INTERFACE(IKeystoreService, data, reply);
1400 String16 name = data.readString16();
1401 ssize_t inSize = data.readInt32();
1402 const void* in;
1403 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1404 in = data.readInplace(inSize);
1405 } else {
1406 in = NULL;
1407 inSize = 0;
1408 }
1409 ssize_t sigSize = data.readInt32();
1410 const void* sig;
1411 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1412 sig = data.readInplace(sigSize);
1413 } else {
1414 sig = NULL;
1415 sigSize = 0;
1416 }
1417 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1418 (size_t) sigSize);
1419 reply->writeNoException();
1420 reply->writeInt32(ret ? 1 : 0);
1421 return NO_ERROR;
1422 } break;
1423 case GET_PUBKEY: {
1424 CHECK_INTERFACE(IKeystoreService, data, reply);
1425 String16 name = data.readString16();
1426 void* out = NULL;
1427 size_t outSize = 0;
1428 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1429 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1430 if (outSize > 0 && out != NULL) {
1431 reply->writeInt32(outSize);
1432 void* buf = reply->writeInplace(outSize);
1433 memcpy(buf, out, outSize);
1434 free(out);
1435 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1436 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1437 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1438 reply->writeInt32(ret);
1439 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1440 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1441 case DEL_KEY: {
1442 CHECK_INTERFACE(IKeystoreService, data, reply);
1443 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1444 int uid = data.readInt32();
1445 int32_t ret = del_key(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1446 reply->writeNoException();
1447 reply->writeInt32(ret);
1448 return NO_ERROR;
1449 } break;
1450 case GRANT: {
1451 CHECK_INTERFACE(IKeystoreService, data, reply);
1452 String16 name = data.readString16();
1453 int32_t granteeUid = data.readInt32();
1454 int32_t ret = grant(name, granteeUid);
1455 reply->writeNoException();
1456 reply->writeInt32(ret);
1457 return NO_ERROR;
1458 } break;
1459 case UNGRANT: {
1460 CHECK_INTERFACE(IKeystoreService, data, reply);
1461 String16 name = data.readString16();
1462 int32_t granteeUid = data.readInt32();
1463 int32_t ret = ungrant(name, granteeUid);
1464 reply->writeNoException();
1465 reply->writeInt32(ret);
1466 return NO_ERROR;
1467 } break;
1468 case GETMTIME: {
1469 CHECK_INTERFACE(IKeystoreService, data, reply);
1470 String16 name = data.readString16();
1471 int64_t ret = getmtime(name);
1472 reply->writeNoException();
1473 reply->writeInt64(ret);
1474 return NO_ERROR;
1475 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1476 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1477 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1478 String16 srcKey = data.readString16();
1479 int32_t srcUid = data.readInt32();
1480 String16 destKey = data.readString16();
1481 int32_t destUid = data.readInt32();
1482 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1483 reply->writeNoException();
1484 reply->writeInt32(ret);
1485 return NO_ERROR;
1486 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1487 case IS_HARDWARE_BACKED: {
1488 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1489 String16 keyType = data.readString16();
1490 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1491 reply->writeNoException();
1492 reply->writeInt32(ret);
1493 return NO_ERROR;
1494 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1495 case CLEAR_UID: {
1496 CHECK_INTERFACE(IKeystoreService, data, reply);
1497 int64_t uid = data.readInt64();
1498 int32_t ret = clear_uid(uid);
1499 reply->writeNoException();
1500 reply->writeInt32(ret);
1501 return NO_ERROR;
1502 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]1503 case RESET_UID: {
1504 CHECK_INTERFACE(IKeystoreService, data, reply);
1505 int32_t uid = data.readInt32();
1506 int32_t ret = reset_uid(uid);
1507 reply->writeNoException();
1508 reply->writeInt32(ret);
1509 return NO_ERROR;
1510 }
1511 case SYNC_UID: {
1512 CHECK_INTERFACE(IKeystoreService, data, reply);
1513 int32_t sourceUid = data.readInt32();
1514 int32_t targetUid = data.readInt32();
1515 int32_t ret = sync_uid(sourceUid, targetUid);
1516 reply->writeNoException();
1517 reply->writeInt32(ret);
1518 return NO_ERROR;
1519 }
1520 case PASSWORD_UID: {
1521 CHECK_INTERFACE(IKeystoreService, data, reply);
1522 String16 password = data.readString16();
1523 int32_t uid = data.readInt32();
1524 int32_t ret = password_uid(password, uid);
1525 reply->writeNoException();
1526 reply->writeInt32(ret);
1527 return NO_ERROR;
1528 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1529 case ADD_RNG_ENTROPY: {
1530 CHECK_INTERFACE(IKeystoreService, data, reply);
1531 size_t size = data.readInt32();
1532 uint8_t* bytes;
1533 if (size > 0) {
1534 bytes = (uint8_t*) data.readInplace(size);
1535 } else {
1536 bytes = NULL;
1537 }
1538 int32_t ret = addRngEntropy(bytes, size);
1539 reply->writeNoException();
1540 reply->writeInt32(ret);
1541 return NO_ERROR;
1542 }
1543 case GENERATE_KEY: {
1544 CHECK_INTERFACE(IKeystoreService, data, reply);
1545 String16 name = data.readString16();
1546 KeymasterArguments args;
1547 if (data.readInt32() != 0) {
1548 args.readFromParcel(data);
1549 }
1550 int32_t uid = data.readInt32();
1551 int32_t flags = data.readInt32();
1552 KeyCharacteristics outCharacteristics;
1553 int32_t ret = generateKey(name, args, uid, flags, &outCharacteristics);
1554 reply->writeNoException();
1555 reply->writeInt32(ret);
1556 reply->writeInt32(1);
1557 outCharacteristics.writeToParcel(reply);
1558 return NO_ERROR;
1559 }
1560 case GET_KEY_CHARACTERISTICS: {
1561 CHECK_INTERFACE(IKeystoreService, data, reply);
1562 String16 name = data.readString16();
1563 keymaster_blob_t clientId, appData;
1564 readKeymasterBlob(data, &clientId);
1565 readKeymasterBlob(data, &appData);
1566 KeyCharacteristics outCharacteristics;
1567 int ret = getKeyCharacteristics(name, clientId, appData, &outCharacteristics);
1568 reply->writeNoException();
1569 reply->writeInt32(ret);
1570 reply->writeInt32(1);
1571 outCharacteristics.writeToParcel(reply);
1572 return NO_ERROR;
1573 }
1574 case IMPORT_KEY: {
1575 CHECK_INTERFACE(IKeystoreService, data, reply);
1576 String16 name = data.readString16();
1577 KeymasterArguments args;
1578 if (data.readInt32() != 0) {
1579 args.readFromParcel(data);
1580 }
1581 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
1582 uint8_t* keyData = NULL;
1583 ssize_t keyLength = data.readInt32();
1584 size_t ukeyLength = (size_t) keyLength;
1585 if (keyLength >= 0) {
1586 keyData = (uint8_t*) data.readInplace(keyLength);
1587 } else {
1588 ukeyLength = 0;
1589 }
1590 int32_t uid = data.readInt32();
1591 int32_t flags = data.readInt32();
1592 KeyCharacteristics outCharacteristics;
1593 int32_t ret = importKey(name, args, format, keyData, ukeyLength, uid, flags,
1594 &outCharacteristics);
1595 reply->writeNoException();
1596 reply->writeInt32(ret);
1597 reply->writeInt32(1);
1598 outCharacteristics.writeToParcel(reply);
1599
1600 return NO_ERROR;
1601 }
1602 case EXPORT_KEY: {
1603 CHECK_INTERFACE(IKeystoreService, data, reply);
1604 String16 name = data.readString16();
1605 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
1606 keymaster_blob_t clientId, appData;
1607 readKeymasterBlob(data, &clientId);
1608 readKeymasterBlob(data, &appData);
1609 ExportResult result;
1610 exportKey(name, format, clientId, appData, &result);
1611 reply->writeNoException();
1612 reply->writeInt32(1);
1613 result.writeToParcel(reply);
1614
1615 return NO_ERROR;
1616 }
1617 case BEGIN: {
1618 CHECK_INTERFACE(IKeystoreService, data, reply);
1619 sp<IBinder> token = data.readStrongBinder();
1620 String16 name = data.readString16();
1621 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1622 bool pruneable = data.readInt32() != 0;
1623 KeymasterArguments args;
1624 if (data.readInt32() != 0) {
1625 args.readFromParcel(data);
1626 }
1627 KeymasterArguments outArgs;
1628 OperationResult result;
1629 begin(token, name, purpose, pruneable, args, &outArgs, &result);
1630 reply->writeNoException();
1631 reply->writeInt32(1);
1632 result.writeToParcel(reply);
1633 reply->writeInt32(1);
1634 outArgs.writeToParcel(reply);
1635
1636 return NO_ERROR;
1637 }
1638 case UPDATE: {
1639 CHECK_INTERFACE(IKeystoreService, data, reply);
1640 sp<IBinder> token = data.readStrongBinder();
1641 KeymasterArguments args;
1642 if (data.readInt32() != 0) {
1643 args.readFromParcel(data);
1644 }
1645 uint8_t* buf = NULL;
1646 ssize_t bufLength = data.readInt32();
1647 size_t ubufLength = (size_t) bufLength;
1648 if (bufLength > 0) {
1649 buf = (uint8_t*) data.readInplace(ubufLength);
1650 } else {
1651 ubufLength = 0;
1652 }
1653 OperationResult result;
1654 update(token, args, buf, ubufLength, &result);
1655 reply->writeNoException();
1656 reply->writeInt32(1);
1657 result.writeToParcel(reply);
1658
1659 return NO_ERROR;
1660 }
1661 case FINISH: {
1662 CHECK_INTERFACE(IKeystoreService, data, reply);
1663 sp<IBinder> token = data.readStrongBinder();
1664 KeymasterArguments args;
1665 if (data.readInt32() != 0) {
1666 args.readFromParcel(data);
1667 }
1668 uint8_t* buf = NULL;
1669 ssize_t bufLength = data.readInt32();
1670 size_t ubufLength = (size_t) bufLength;
1671 if (bufLength > 0) {
1672 buf = (uint8_t*) data.readInplace(ubufLength);
1673 } else {
1674 ubufLength = 0;
1675 }
1676 OperationResult result;
1677 finish(token, args, buf, ubufLength, &result);
1678 reply->writeNoException();
1679 reply->writeInt32(1);
1680 result.writeToParcel(reply);
1681
1682 return NO_ERROR;
1683 }
1684 case ABORT: {
1685 CHECK_INTERFACE(IKeystoreService, data, reply);
1686 sp<IBinder> token = data.readStrongBinder();
1687 int32_t result = abort(token);
1688 reply->writeNoException();
1689 reply->writeInt32(result);
1690
1691 return NO_ERROR;
1692 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1693 default:
1694 return BBinder::onTransact(code, data, reply, flags);
1695 }
1696}
1697
1698// ----------------------------------------------------------------------------
1699
1700}; // namespace android