Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 4efce0dc62b5b6bf60c192a8c3e14ae341bf1f8b / . / keystore / IKeystoreService.cpp
blob: 5331e32603fe79311ebe2b344ca0c81f64ac5a08 [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]33static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
34
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]35KeystoreArg::KeystoreArg(const void* data, size_t len)
36 : mData(data), mSize(len) {
37}
38
39KeystoreArg::~KeystoreArg() {
40}
41
42const void *KeystoreArg::data() const {
43 return mData;
44}
45
46size_t KeystoreArg::size() const {
47 return mSize;
48}
49
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]50OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]51 data(NULL), dataLength(0) {
52}
53
54OperationResult::~OperationResult() {
55}
56
57void OperationResult::readFromParcel(const Parcel& in) {
58 resultCode = in.readInt32();
59 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]60 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]61 inputConsumed = in.readInt32();
62 ssize_t length = in.readInt32();
63 dataLength = 0;
64 if (length > 0) {
65 const void* buf = in.readInplace(length);
66 if (buf) {
67 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
68 if (data.get()) {
69 memcpy(data.get(), buf, length);
70 dataLength = (size_t) length;
71 } else {
72 ALOGE("Failed to allocate OperationResult buffer");
73 }
74 } else {
75 ALOGE("Failed to readInplace OperationResult data");
76 }
77 }
78}
79
80void OperationResult::writeToParcel(Parcel* out) const {
81 out->writeInt32(resultCode);
82 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]83 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]84 out->writeInt32(inputConsumed);
85 out->writeInt32(dataLength);
86 if (dataLength && data) {
87 void* buf = out->writeInplace(dataLength);
88 if (buf) {
89 memcpy(buf, data.get(), dataLength);
90 } else {
91 ALOGE("Failed to writeInplace OperationResult data.");
92 }
93 }
94}
95
96ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
97}
98
99ExportResult::~ExportResult() {
100}
101
102void ExportResult::readFromParcel(const Parcel& in) {
103 resultCode = in.readInt32();
104 ssize_t length = in.readInt32();
105 dataLength = 0;
106 if (length > 0) {
107 const void* buf = in.readInplace(length);
108 if (buf) {
109 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
110 if (exportData.get()) {
111 memcpy(exportData.get(), buf, length);
112 dataLength = (size_t) length;
113 } else {
114 ALOGE("Failed to allocate ExportData buffer");
115 }
116 } else {
117 ALOGE("Failed to readInplace ExportData data");
118 }
119 }
120}
121
122void ExportResult::writeToParcel(Parcel* out) const {
123 out->writeInt32(resultCode);
124 out->writeInt32(dataLength);
125 if (exportData && dataLength) {
126 void* buf = out->writeInplace(dataLength);
127 if (buf) {
128 memcpy(buf, exportData.get(), dataLength);
129 } else {
130 ALOGE("Failed to writeInplace ExportResult data.");
131 }
132 }
133}
134
135KeymasterArguments::KeymasterArguments() {
136}
137
138KeymasterArguments::~KeymasterArguments() {
139 keymaster_free_param_values(params.data(), params.size());
140}
141
142void KeymasterArguments::readFromParcel(const Parcel& in) {
143 ssize_t length = in.readInt32();
144 size_t ulength = (size_t) length;
145 if (length < 0) {
146 ulength = 0;
147 }
148 keymaster_free_param_values(params.data(), params.size());
149 params.clear();
150 for(size_t i = 0; i < ulength; i++) {
151 keymaster_key_param_t param;
152 if (!readKeymasterArgumentFromParcel(in, &param)) {
153 ALOGE("Error reading keymaster argument from parcel");
154 break;
155 }
156 params.push_back(param);
157 }
158}
159
160void KeymasterArguments::writeToParcel(Parcel* out) const {
161 out->writeInt32(params.size());
162 for (auto param : params) {
163 out->writeInt32(1);
164 writeKeymasterArgumentToParcel(param, out);
165 }
166}
167
168KeyCharacteristics::KeyCharacteristics() {
169 memset((void*) &characteristics, 0, sizeof(characteristics));
170}
171
172KeyCharacteristics::~KeyCharacteristics() {
173 keymaster_free_characteristics(&characteristics);
174}
175
176void KeyCharacteristics::readFromParcel(const Parcel& in) {
177 size_t length = 0;
178 keymaster_key_param_t* params = readParamList(in, &length);
179 characteristics.sw_enforced.params = params;
180 characteristics.sw_enforced.length = length;
181
182 params = readParamList(in, &length);
183 characteristics.hw_enforced.params = params;
184 characteristics.hw_enforced.length = length;
185}
186
187void KeyCharacteristics::writeToParcel(Parcel* out) const {
188 if (characteristics.sw_enforced.params) {
189 out->writeInt32(characteristics.sw_enforced.length);
190 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
191 out->writeInt32(1);
192 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
193 }
194 } else {
195 out->writeInt32(0);
196 }
197 if (characteristics.hw_enforced.params) {
198 out->writeInt32(characteristics.hw_enforced.length);
199 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
200 out->writeInt32(1);
201 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
202 }
203 } else {
204 out->writeInt32(0);
205 }
206}
207
208void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
209 switch (keymaster_tag_get_type(param.tag)) {
210 case KM_ENUM:
211 case KM_ENUM_REP: {
212 out->writeInt32(param.tag);
213 out->writeInt32(param.enumerated);
214 break;
215 }
216 case KM_INT:
217 case KM_INT_REP: {
218 out->writeInt32(param.tag);
219 out->writeInt32(param.integer);
220 break;
221 }
Chad Brubaker686db062015-04-16 14:21:10 -0700[diff] [blame]222 case KM_LONG:
223 case KM_LONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]224 out->writeInt32(param.tag);
225 out->writeInt64(param.long_integer);
226 break;
227 }
228 case KM_DATE: {
229 out->writeInt32(param.tag);
230 out->writeInt64(param.date_time);
231 break;
232 }
233 case KM_BOOL: {
234 out->writeInt32(param.tag);
235 break;
236 }
237 case KM_BIGNUM:
238 case KM_BYTES: {
239 out->writeInt32(param.tag);
240 out->writeInt32(param.blob.data_length);
241 void* buf = out->writeInplace(param.blob.data_length);
242 if (buf) {
243 memcpy(buf, param.blob.data, param.blob.data_length);
244 } else {
245 ALOGE("Failed to writeInplace keymaster blob param");
246 }
247 break;
248 }
249 default: {
250 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
251 }
252 }
253}
254
255
256bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
257 if (in.readInt32() == 0) {
258 return false;
259 }
260 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
261 switch (keymaster_tag_get_type(tag)) {
262 case KM_ENUM:
263 case KM_ENUM_REP: {
264 uint32_t value = in.readInt32();
265 *out = keymaster_param_enum(tag, value);
266 break;
267 }
268 case KM_INT:
269 case KM_INT_REP: {
270 uint32_t value = in.readInt32();
271 *out = keymaster_param_int(tag, value);
272 break;
273 }
Chad Brubaker686db062015-04-16 14:21:10 -0700[diff] [blame]274 case KM_LONG:
275 case KM_LONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]276 uint64_t value = in.readInt64();
277 *out = keymaster_param_long(tag, value);
278 break;
279 }
280 case KM_DATE: {
281 uint64_t value = in.readInt64();
282 *out = keymaster_param_date(tag, value);
283 break;
284 }
285 case KM_BOOL: {
286 *out = keymaster_param_bool(tag);
287 break;
288 }
289 case KM_BIGNUM:
290 case KM_BYTES: {
291 ssize_t length = in.readInt32();
292 uint8_t* data = NULL;
293 size_t ulength = 0;
294 if (length >= 0) {
295 ulength = (size_t) length;
296 // use malloc here so we can use keymaster_free_param_values
297 // consistently.
298 data = reinterpret_cast<uint8_t*>(malloc(ulength));
299 const void* buf = in.readInplace(ulength);
300 if (!buf || !data) {
301 ALOGE("Failed to allocate buffer for keymaster blob param");
302 return false;
303 }
304 memcpy(data, buf, ulength);
305 }
306 *out = keymaster_param_blob(tag, data, ulength);
307 break;
308 }
309 default: {
310 ALOGE("Unsupported keymaster_tag_t %d", tag);
311 return false;
312 }
313 }
314 return true;
315}
316
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]317/**
318 * Read a byte array from in. The data at *data is still owned by the parcel
319 */
320static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
321 ssize_t slength = in.readInt32();
322 if (slength > 0) {
323 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
324 if (*data) {
325 *length = static_cast<size_t>(slength);
326 } else {
327 *length = 0;
328 }
329 } else {
330 *data = NULL;
331 *length = 0;
332 }
333}
334
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]335// Read a keymaster_key_param_t* from a Parcel for use in a
336// keymaster_key_characteristics_t. This will be free'd by calling
337// keymaster_free_key_characteristics.
338static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
339 ssize_t slength = in.readInt32();
340 *length = 0;
341 if (slength < 0) {
342 return NULL;
343 }
344 *length = (size_t) slength;
345 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
346 return NULL;
347 }
348 keymaster_key_param_t* list =
349 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
350 sizeof(keymaster_key_param_t)));
351 if (!list) {
352 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
353 goto err;
354 }
355 for (size_t i = 0; i < *length ; i++) {
356 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
357 ALOGE("Failed to read keymaster argument");
358 keymaster_free_param_values(list, i);
359 goto err;
360 }
361 }
362 return list;
363err:
364 free(list);
365 return NULL;
366}
367
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]368static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
369 std::unique_ptr<keymaster_blob_t> blob;
370 if (in.readInt32() != 1) {
371 blob.reset(NULL);
372 return blob;
373 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]374 ssize_t length = in.readInt32();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]375 blob.reset(new keymaster_blob_t);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]376 if (length > 0) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]377 blob->data = reinterpret_cast<const uint8_t*>(in.readInplace(length));
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]378 if (blob->data) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]379 blob->data_length = static_cast<size_t>(length);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]380 } else {
381 blob->data_length = 0;
382 }
383 } else {
384 blob->data = NULL;
385 blob->data_length = 0;
386 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]387 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]388}
389
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]390class BpKeystoreService: public BpInterface<IKeystoreService>
391{
392public:
393 BpKeystoreService(const sp<IBinder>& impl)
394 : BpInterface<IKeystoreService>(impl)
395 {
396 }
397
398 // test ping
399 virtual int32_t test()
400 {
401 Parcel data, reply;
402 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
403 status_t status = remote()->transact(BnKeystoreService::TEST, data, &reply);
404 if (status != NO_ERROR) {
405 ALOGD("test() could not contact remote: %d\n", status);
406 return -1;
407 }
408 int32_t err = reply.readExceptionCode();
409 int32_t ret = reply.readInt32();
410 if (err < 0) {
411 ALOGD("test() caught exception %d\n", err);
412 return -1;
413 }
414 return ret;
415 }
416
417 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
418 {
419 Parcel data, reply;
420 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
421 data.writeString16(name);
422 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
423 if (status != NO_ERROR) {
424 ALOGD("get() could not contact remote: %d\n", status);
425 return -1;
426 }
427 int32_t err = reply.readExceptionCode();
428 ssize_t len = reply.readInt32();
429 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
430 size_t ulen = (size_t) len;
431 const void* buf = reply.readInplace(ulen);
432 *item = (uint8_t*) malloc(ulen);
433 if (*item != NULL) {
434 memcpy(*item, buf, ulen);
435 *itemLength = ulen;
436 } else {
437 ALOGE("out of memory allocating output array in get");
438 *itemLength = 0;
439 }
440 } else {
441 *itemLength = 0;
442 }
443 if (err < 0) {
444 ALOGD("get() caught exception %d\n", err);
445 return -1;
446 }
447 return 0;
448 }
449
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]450 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
451 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]452 {
453 Parcel data, reply;
454 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
455 data.writeString16(name);
456 data.writeInt32(itemLength);
457 void* buf = data.writeInplace(itemLength);
458 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]459 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]460 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]461 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
462 if (status != NO_ERROR) {
463 ALOGD("import() could not contact remote: %d\n", status);
464 return -1;
465 }
466 int32_t err = reply.readExceptionCode();
467 int32_t ret = reply.readInt32();
468 if (err < 0) {
469 ALOGD("import() caught exception %d\n", err);
470 return -1;
471 }
472 return ret;
473 }
474
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]475 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]476 {
477 Parcel data, reply;
478 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
479 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]480 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]481 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
482 if (status != NO_ERROR) {
483 ALOGD("del() could not contact remote: %d\n", status);
484 return -1;
485 }
486 int32_t err = reply.readExceptionCode();
487 int32_t ret = reply.readInt32();
488 if (err < 0) {
489 ALOGD("del() caught exception %d\n", err);
490 return -1;
491 }
492 return ret;
493 }
494
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]495 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]496 {
497 Parcel data, reply;
498 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
499 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]500 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]501 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
502 if (status != NO_ERROR) {
503 ALOGD("exist() could not contact remote: %d\n", status);
504 return -1;
505 }
506 int32_t err = reply.readExceptionCode();
507 int32_t ret = reply.readInt32();
508 if (err < 0) {
509 ALOGD("exist() caught exception %d\n", err);
510 return -1;
511 }
512 return ret;
513 }
514
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]515 virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]516 {
517 Parcel data, reply;
518 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
519 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]520 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]521 status_t status = remote()->transact(BnKeystoreService::SAW, data, &reply);
522 if (status != NO_ERROR) {
523 ALOGD("saw() could not contact remote: %d\n", status);
524 return -1;
525 }
526 int32_t err = reply.readExceptionCode();
527 int32_t numMatches = reply.readInt32();
528 for (int32_t i = 0; i < numMatches; i++) {
529 matches->push(reply.readString16());
530 }
531 int32_t ret = reply.readInt32();
532 if (err < 0) {
533 ALOGD("saw() caught exception %d\n", err);
534 return -1;
535 }
536 return ret;
537 }
538
539 virtual int32_t reset()
540 {
541 Parcel data, reply;
542 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
543 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
544 if (status != NO_ERROR) {
545 ALOGD("reset() could not contact remote: %d\n", status);
546 return -1;
547 }
548 int32_t err = reply.readExceptionCode();
549 int32_t ret = reply.readInt32();
550 if (err < 0) {
551 ALOGD("reset() caught exception %d\n", err);
552 return -1;
553 }
554 return ret;
555 }
556
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]557 virtual int32_t onUserPasswordChanged(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]558 {
559 Parcel data, reply;
560 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]561 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]562 data.writeString16(password);
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]563 status_t status = remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data,
564 &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]565 if (status != NO_ERROR) {
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]566 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]567 return -1;
568 }
569 int32_t err = reply.readExceptionCode();
570 int32_t ret = reply.readInt32();
571 if (err < 0) {
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]572 ALOGD("onUserPasswordChanged() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]573 return -1;
574 }
575 return ret;
576 }
577
578 virtual int32_t lock()
579 {
580 Parcel data, reply;
581 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
582 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
583 if (status != NO_ERROR) {
584 ALOGD("lock() could not contact remote: %d\n", status);
585 return -1;
586 }
587 int32_t err = reply.readExceptionCode();
588 int32_t ret = reply.readInt32();
589 if (err < 0) {
590 ALOGD("lock() caught exception %d\n", err);
591 return -1;
592 }
593 return ret;
594 }
595
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]596 virtual int32_t unlock(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]597 {
598 Parcel data, reply;
599 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]600 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]601 data.writeString16(password);
602 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
603 if (status != NO_ERROR) {
604 ALOGD("unlock() could not contact remote: %d\n", status);
605 return -1;
606 }
607 int32_t err = reply.readExceptionCode();
608 int32_t ret = reply.readInt32();
609 if (err < 0) {
610 ALOGD("unlock() caught exception %d\n", err);
611 return -1;
612 }
613 return ret;
614 }
615
616 virtual int32_t zero()
617 {
618 Parcel data, reply;
619 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
620 status_t status = remote()->transact(BnKeystoreService::ZERO, data, &reply);
621 if (status != NO_ERROR) {
622 ALOGD("zero() could not contact remote: %d\n", status);
623 return -1;
624 }
625 int32_t err = reply.readExceptionCode();
626 int32_t ret = reply.readInt32();
627 if (err < 0) {
628 ALOGD("zero() caught exception %d\n", err);
629 return -1;
630 }
631 return ret;
632 }
633
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]634 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
635 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]636 {
637 Parcel data, reply;
638 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
639 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]640 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]641 data.writeInt32(keyType);
642 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]643 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]644 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]645 data.writeInt32(args->size());
646 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
647 sp<KeystoreArg> item = *it;
648 size_t keyLength = item->size();
649 data.writeInt32(keyLength);
650 void* buf = data.writeInplace(keyLength);
651 memcpy(buf, item->data(), keyLength);
652 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]653 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
654 if (status != NO_ERROR) {
655 ALOGD("generate() could not contact remote: %d\n", status);
656 return -1;
657 }
658 int32_t err = reply.readExceptionCode();
659 int32_t ret = reply.readInt32();
660 if (err < 0) {
661 ALOGD("generate() caught exception %d\n", err);
662 return -1;
663 }
664 return ret;
665 }
666
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]667 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
668 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]669 {
670 Parcel data, reply;
671 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
672 data.writeString16(name);
673 data.writeInt32(keyLength);
674 void* buf = data.writeInplace(keyLength);
675 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]676 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]677 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]678 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
679 if (status != NO_ERROR) {
680 ALOGD("import() could not contact remote: %d\n", status);
681 return -1;
682 }
683 int32_t err = reply.readExceptionCode();
684 int32_t ret = reply.readInt32();
685 if (err < 0) {
686 ALOGD("import() caught exception %d\n", err);
687 return -1;
688 }
689 return ret;
690 }
691
692 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
693 size_t* outLength)
694 {
695 Parcel data, reply;
696 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
697 data.writeString16(name);
698 data.writeInt32(inLength);
699 void* buf = data.writeInplace(inLength);
700 memcpy(buf, in, inLength);
701 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
702 if (status != NO_ERROR) {
703 ALOGD("import() could not contact remote: %d\n", status);
704 return -1;
705 }
706 int32_t err = reply.readExceptionCode();
707 ssize_t len = reply.readInt32();
708 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
709 size_t ulen = (size_t) len;
710 const void* outBuf = reply.readInplace(ulen);
711 *out = (uint8_t*) malloc(ulen);
712 if (*out != NULL) {
713 memcpy((void*) *out, outBuf, ulen);
714 *outLength = ulen;
715 } else {
716 ALOGE("out of memory allocating output array in sign");
717 *outLength = 0;
718 }
719 } else {
720 *outLength = 0;
721 }
722 if (err < 0) {
723 ALOGD("import() caught exception %d\n", err);
724 return -1;
725 }
726 return 0;
727 }
728
729 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
730 const uint8_t* signature, size_t signatureLength)
731 {
732 Parcel data, reply;
733 void* buf;
734
735 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
736 data.writeString16(name);
737 data.writeInt32(inLength);
738 buf = data.writeInplace(inLength);
739 memcpy(buf, in, inLength);
740 data.writeInt32(signatureLength);
741 buf = data.writeInplace(signatureLength);
742 memcpy(buf, signature, signatureLength);
743 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
744 if (status != NO_ERROR) {
745 ALOGD("verify() could not contact remote: %d\n", status);
746 return -1;
747 }
748 int32_t err = reply.readExceptionCode();
749 int32_t ret = reply.readInt32();
750 if (err < 0) {
751 ALOGD("verify() caught exception %d\n", err);
752 return -1;
753 }
754 return ret;
755 }
756
757 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
758 {
759 Parcel data, reply;
760 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
761 data.writeString16(name);
762 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
763 if (status != NO_ERROR) {
764 ALOGD("get_pubkey() could not contact remote: %d\n", status);
765 return -1;
766 }
767 int32_t err = reply.readExceptionCode();
768 ssize_t len = reply.readInt32();
769 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
770 size_t ulen = (size_t) len;
771 const void* buf = reply.readInplace(ulen);
772 *pubkey = (uint8_t*) malloc(ulen);
773 if (*pubkey != NULL) {
774 memcpy(*pubkey, buf, ulen);
775 *pubkeyLength = ulen;
776 } else {
777 ALOGE("out of memory allocating output array in get_pubkey");
778 *pubkeyLength = 0;
779 }
780 } else {
781 *pubkeyLength = 0;
782 }
783 if (err < 0) {
784 ALOGD("get_pubkey() caught exception %d\n", err);
785 return -1;
786 }
787 return 0;
788 }
789
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]790 virtual int32_t del_key(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]791 {
792 Parcel data, reply;
793 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
794 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]795 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]796 status_t status = remote()->transact(BnKeystoreService::DEL_KEY, data, &reply);
797 if (status != NO_ERROR) {
798 ALOGD("del_key() could not contact remote: %d\n", status);
799 return -1;
800 }
801 int32_t err = reply.readExceptionCode();
802 int32_t ret = reply.readInt32();
803 if (err < 0) {
804 ALOGD("del_key() caught exception %d\n", err);
805 return -1;
806 }
807 return ret;
808 }
809
810 virtual int32_t grant(const String16& name, int32_t granteeUid)
811 {
812 Parcel data, reply;
813 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
814 data.writeString16(name);
815 data.writeInt32(granteeUid);
816 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
817 if (status != NO_ERROR) {
818 ALOGD("grant() could not contact remote: %d\n", status);
819 return -1;
820 }
821 int32_t err = reply.readExceptionCode();
822 int32_t ret = reply.readInt32();
823 if (err < 0) {
824 ALOGD("grant() caught exception %d\n", err);
825 return -1;
826 }
827 return ret;
828 }
829
830 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
831 {
832 Parcel data, reply;
833 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
834 data.writeString16(name);
835 data.writeInt32(granteeUid);
836 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
837 if (status != NO_ERROR) {
838 ALOGD("ungrant() could not contact remote: %d\n", status);
839 return -1;
840 }
841 int32_t err = reply.readExceptionCode();
842 int32_t ret = reply.readInt32();
843 if (err < 0) {
844 ALOGD("ungrant() caught exception %d\n", err);
845 return -1;
846 }
847 return ret;
848 }
849
850 int64_t getmtime(const String16& name)
851 {
852 Parcel data, reply;
853 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
854 data.writeString16(name);
855 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
856 if (status != NO_ERROR) {
857 ALOGD("getmtime() could not contact remote: %d\n", status);
858 return -1;
859 }
860 int32_t err = reply.readExceptionCode();
861 int64_t ret = reply.readInt64();
862 if (err < 0) {
863 ALOGD("getmtime() caught exception %d\n", err);
864 return -1;
865 }
866 return ret;
867 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]868
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]869 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
870 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]871 {
872 Parcel data, reply;
873 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]874 data.writeString16(srcKey);
875 data.writeInt32(srcUid);
876 data.writeString16(destKey);
877 data.writeInt32(destUid);
878 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]879 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]880 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]881 return -1;
882 }
883 int32_t err = reply.readExceptionCode();
884 int32_t ret = reply.readInt32();
885 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]886 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]887 return -1;
888 }
889 return ret;
890 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]891
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]892 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]893 {
894 Parcel data, reply;
895 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]896 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]897 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
898 if (status != NO_ERROR) {
899 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
900 return -1;
901 }
902 int32_t err = reply.readExceptionCode();
903 int32_t ret = reply.readInt32();
904 if (err < 0) {
905 ALOGD("is_hardware_backed() caught exception %d\n", err);
906 return -1;
907 }
908 return ret;
909 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]910
911 virtual int32_t clear_uid(int64_t uid)
912 {
913 Parcel data, reply;
914 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
915 data.writeInt64(uid);
916 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
917 if (status != NO_ERROR) {
918 ALOGD("clear_uid() could not contact remote: %d\n", status);
919 return -1;
920 }
921 int32_t err = reply.readExceptionCode();
922 int32_t ret = reply.readInt32();
923 if (err < 0) {
924 ALOGD("clear_uid() caught exception %d\n", err);
925 return -1;
926 }
927 return ret;
928 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]929
930 virtual int32_t reset_uid(int32_t uid) {
931 Parcel data, reply;
932 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
933 data.writeInt32(uid);
934 status_t status = remote()->transact(BnKeystoreService::RESET_UID, data, &reply);
935 if (status != NO_ERROR) {
936 ALOGD("reset_uid() could not contact remote: %d\n", status);
937 return -1;
938 }
939 int32_t err = reply.readExceptionCode();
940 int32_t ret = reply.readInt32();
941 if (err < 0) {
942 ALOGD("reset_uid() caught exception %d\n", err);
943 return -1;
944 }
945 return ret;
946
947 }
948
949 virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid)
950 {
951 Parcel data, reply;
952 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
953 data.writeInt32(sourceUid);
954 data.writeInt32(targetUid);
955 status_t status = remote()->transact(BnKeystoreService::SYNC_UID, data, &reply);
956 if (status != NO_ERROR) {
957 ALOGD("sync_uid() could not contact remote: %d\n", status);
958 return -1;
959 }
960 int32_t err = reply.readExceptionCode();
961 int32_t ret = reply.readInt32();
962 if (err < 0) {
963 ALOGD("sync_uid() caught exception %d\n", err);
964 return -1;
965 }
966 return ret;
967 }
968
969 virtual int32_t password_uid(const String16& password, int32_t uid)
970 {
971 Parcel data, reply;
972 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
973 data.writeString16(password);
974 data.writeInt32(uid);
975 status_t status = remote()->transact(BnKeystoreService::PASSWORD_UID, data, &reply);
976 if (status != NO_ERROR) {
977 ALOGD("password_uid() could not contact remote: %d\n", status);
978 return -1;
979 }
980 int32_t err = reply.readExceptionCode();
981 int32_t ret = reply.readInt32();
982 if (err < 0) {
983 ALOGD("password_uid() caught exception %d\n", err);
984 return -1;
985 }
986 return ret;
987 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]988 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
989 {
990 Parcel data, reply;
991 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]992 data.writeByteArray(bufLength, buf);
993 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
994 if (status != NO_ERROR) {
995 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
996 return -1;
997 }
998 int32_t err = reply.readExceptionCode();
999 int32_t ret = reply.readInt32();
1000 if (err < 0) {
1001 ALOGD("addRngEntropy() caught exception %d\n", err);
1002 return -1;
1003 }
1004 return ret;
1005 };
1006
1007 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1008 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
1009 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1010 {
1011 Parcel data, reply;
1012 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1013 data.writeString16(name);
1014 data.writeInt32(1);
1015 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1016 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1017 data.writeInt32(uid);
1018 data.writeInt32(flags);
1019 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
1020 if (status != NO_ERROR) {
1021 ALOGD("generateKey() could not contact remote: %d\n", status);
1022 return KM_ERROR_UNKNOWN_ERROR;
1023 }
1024 int32_t err = reply.readExceptionCode();
1025 int32_t ret = reply.readInt32();
1026 if (err < 0) {
1027 ALOGD("generateKey() caught exception %d\n", err);
1028 return KM_ERROR_UNKNOWN_ERROR;
1029 }
1030 if (reply.readInt32() != 0 && outCharacteristics) {
1031 outCharacteristics->readFromParcel(reply);
1032 }
1033 return ret;
1034 }
1035 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1036 const keymaster_blob_t* clientId,
1037 const keymaster_blob_t* appData,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1038 KeyCharacteristics* outCharacteristics)
1039 {
1040 Parcel data, reply;
1041 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1042 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1043 if (clientId) {
1044 data.writeByteArray(clientId->data_length, clientId->data);
1045 } else {
1046 data.writeInt32(-1);
1047 }
1048 if (appData) {
1049 data.writeByteArray(appData->data_length, appData->data);
1050 } else {
1051 data.writeInt32(-1);
1052 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1053 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1054 data, &reply);
1055 if (status != NO_ERROR) {
1056 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1057 return KM_ERROR_UNKNOWN_ERROR;
1058 }
1059 int32_t err = reply.readExceptionCode();
1060 int32_t ret = reply.readInt32();
1061 if (err < 0) {
1062 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1063 return KM_ERROR_UNKNOWN_ERROR;
1064 }
1065 if (reply.readInt32() != 0 && outCharacteristics) {
1066 outCharacteristics->readFromParcel(reply);
1067 }
1068 return ret;
1069 }
1070 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1071 keymaster_key_format_t format, const uint8_t *keyData,
1072 size_t keyLength, int uid, int flags,
1073 KeyCharacteristics* outCharacteristics)
1074 {
1075 Parcel data, reply;
1076 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1077 data.writeString16(name);
1078 data.writeInt32(1);
1079 params.writeToParcel(&data);
1080 data.writeInt32(format);
1081 data.writeByteArray(keyLength, keyData);
1082 data.writeInt32(uid);
1083 data.writeInt32(flags);
1084 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1085 if (status != NO_ERROR) {
1086 ALOGD("importKey() could not contact remote: %d\n", status);
1087 return KM_ERROR_UNKNOWN_ERROR;
1088 }
1089 int32_t err = reply.readExceptionCode();
1090 int32_t ret = reply.readInt32();
1091 if (err < 0) {
1092 ALOGD("importKey() caught exception %d\n", err);
1093 return KM_ERROR_UNKNOWN_ERROR;
1094 }
1095 if (reply.readInt32() != 0 && outCharacteristics) {
1096 outCharacteristics->readFromParcel(reply);
1097 }
1098 return ret;
1099 }
1100
1101 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1102 const keymaster_blob_t* clientId,
1103 const keymaster_blob_t* appData, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1104 {
1105 if (!result) {
1106 return;
1107 }
1108
1109 Parcel data, reply;
1110 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1111 data.writeString16(name);
1112 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1113 if (clientId) {
1114 data.writeByteArray(clientId->data_length, clientId->data);
1115 } else {
1116 data.writeInt32(-1);
1117 }
1118 if (appData) {
1119 data.writeByteArray(appData->data_length, appData->data);
1120 } else {
1121 data.writeInt32(-1);
1122 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1123 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1124 if (status != NO_ERROR) {
1125 ALOGD("exportKey() could not contact remote: %d\n", status);
1126 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1127 return;
1128 }
1129 int32_t err = reply.readExceptionCode();
1130 if (err < 0) {
1131 ALOGD("exportKey() caught exception %d\n", err);
1132 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1133 return;
1134 }
1135 if (reply.readInt32() != 0) {
1136 result->readFromParcel(reply);
1137 }
1138 }
1139
1140 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1141 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1142 const KeymasterArguments& params, const uint8_t* entropy,
1143 size_t entropyLength, KeymasterArguments* outParams,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1144 OperationResult* result)
1145 {
1146 if (!result || !outParams) {
1147 return;
1148 }
1149 Parcel data, reply;
1150 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1151 data.writeStrongBinder(appToken);
1152 data.writeString16(name);
1153 data.writeInt32(purpose);
1154 data.writeInt32(pruneable ? 1 : 0);
1155 data.writeInt32(1);
1156 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1157 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1158 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1159 if (status != NO_ERROR) {
1160 ALOGD("begin() could not contact remote: %d\n", status);
1161 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1162 return;
1163 }
1164 int32_t err = reply.readExceptionCode();
1165 if (err < 0) {
1166 ALOGD("begin() caught exception %d\n", err);
1167 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1168 return;
1169 }
1170 if (reply.readInt32() != 0) {
1171 result->readFromParcel(reply);
1172 }
1173 if (reply.readInt32() != 0) {
1174 outParams->readFromParcel(reply);
1175 }
1176 }
1177
1178 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1179 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1180 {
1181 if (!result) {
1182 return;
1183 }
1184 Parcel data, reply;
1185 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1186 data.writeStrongBinder(token);
1187 data.writeInt32(1);
1188 params.writeToParcel(&data);
1189 data.writeByteArray(dataLength, opData);
1190 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1191 if (status != NO_ERROR) {
1192 ALOGD("update() could not contact remote: %d\n", status);
1193 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1194 return;
1195 }
1196 int32_t err = reply.readExceptionCode();
1197 if (err < 0) {
1198 ALOGD("update() caught exception %d\n", err);
1199 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1200 return;
1201 }
1202 if (reply.readInt32() != 0) {
1203 result->readFromParcel(reply);
1204 }
1205 }
1206
1207 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1208 const uint8_t* signature, size_t signatureLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1209 {
1210 if (!result) {
1211 return;
1212 }
1213 Parcel data, reply;
1214 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1215 data.writeStrongBinder(token);
1216 data.writeInt32(1);
1217 params.writeToParcel(&data);
1218 data.writeByteArray(signatureLength, signature);
1219 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1220 if (status != NO_ERROR) {
1221 ALOGD("finish() could not contact remote: %d\n", status);
1222 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1223 return;
1224 }
1225 int32_t err = reply.readExceptionCode();
1226 if (err < 0) {
1227 ALOGD("finish() caught exception %d\n", err);
1228 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1229 return;
1230 }
1231 if (reply.readInt32() != 0) {
1232 result->readFromParcel(reply);
1233 }
1234 }
1235
1236 virtual int32_t abort(const sp<IBinder>& token)
1237 {
1238 Parcel data, reply;
1239 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1240 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1241 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1242 if (status != NO_ERROR) {
1243 ALOGD("abort() could not contact remote: %d\n", status);
1244 return KM_ERROR_UNKNOWN_ERROR;
1245 }
1246 int32_t err = reply.readExceptionCode();
1247 int32_t ret = reply.readInt32();
1248 if (err < 0) {
1249 ALOGD("abort() caught exception %d\n", err);
1250 return KM_ERROR_UNKNOWN_ERROR;
1251 }
1252 return ret;
1253 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1254
1255 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1256 {
1257 Parcel data, reply;
1258 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1259 data.writeStrongBinder(token);
1260 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1261 &reply);
1262 if (status != NO_ERROR) {
1263 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1264 return false;
1265 }
1266 int32_t err = reply.readExceptionCode();
1267 int32_t ret = reply.readInt32();
1268 if (err < 0) {
1269 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1270 return false;
1271 }
1272 return ret == 1;
1273 }
1274
1275 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1276 {
1277 Parcel data, reply;
1278 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1279 data.writeByteArray(length, token);
1280 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1281 if (status != NO_ERROR) {
1282 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1283 return -1;
1284 }
1285 int32_t err = reply.readExceptionCode();
1286 int32_t ret = reply.readInt32();
1287 if (err < 0) {
1288 ALOGD("addAuthToken() caught exception %d\n", err);
1289 return -1;
1290 }
1291 return ret;
1292 };
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1293};
1294
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1295IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1296
1297// ----------------------------------------------------------------------
1298
1299status_t BnKeystoreService::onTransact(
1300 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1301{
1302 switch(code) {
1303 case TEST: {
1304 CHECK_INTERFACE(IKeystoreService, data, reply);
1305 int32_t ret = test();
1306 reply->writeNoException();
1307 reply->writeInt32(ret);
1308 return NO_ERROR;
1309 } break;
1310 case GET: {
1311 CHECK_INTERFACE(IKeystoreService, data, reply);
1312 String16 name = data.readString16();
1313 void* out = NULL;
1314 size_t outSize = 0;
1315 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1316 reply->writeNoException();
1317 if (ret == 1) {
1318 reply->writeInt32(outSize);
1319 void* buf = reply->writeInplace(outSize);
1320 memcpy(buf, out, outSize);
1321 free(out);
1322 } else {
1323 reply->writeInt32(-1);
1324 }
1325 return NO_ERROR;
1326 } break;
1327 case INSERT: {
1328 CHECK_INTERFACE(IKeystoreService, data, reply);
1329 String16 name = data.readString16();
1330 ssize_t inSize = data.readInt32();
1331 const void* in;
1332 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1333 in = data.readInplace(inSize);
1334 } else {
1335 in = NULL;
1336 inSize = 0;
1337 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1338 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1339 int32_t flags = data.readInt32();
1340 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1341 reply->writeNoException();
1342 reply->writeInt32(ret);
1343 return NO_ERROR;
1344 } break;
1345 case DEL: {
1346 CHECK_INTERFACE(IKeystoreService, data, reply);
1347 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1348 int uid = data.readInt32();
1349 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1350 reply->writeNoException();
1351 reply->writeInt32(ret);
1352 return NO_ERROR;
1353 } break;
1354 case EXIST: {
1355 CHECK_INTERFACE(IKeystoreService, data, reply);
1356 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1357 int uid = data.readInt32();
1358 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1359 reply->writeNoException();
1360 reply->writeInt32(ret);
1361 return NO_ERROR;
1362 } break;
1363 case SAW: {
1364 CHECK_INTERFACE(IKeystoreService, data, reply);
1365 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1366 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1367 Vector<String16> matches;
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1368 int32_t ret = saw(name, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1369 reply->writeNoException();
1370 reply->writeInt32(matches.size());
1371 Vector<String16>::const_iterator it = matches.begin();
1372 for (; it != matches.end(); ++it) {
1373 reply->writeString16(*it);
1374 }
1375 reply->writeInt32(ret);
1376 return NO_ERROR;
1377 } break;
1378 case RESET: {
1379 CHECK_INTERFACE(IKeystoreService, data, reply);
1380 int32_t ret = reset();
1381 reply->writeNoException();
1382 reply->writeInt32(ret);
1383 return NO_ERROR;
1384 } break;
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1385 case ON_USER_PASSWORD_CHANGED: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1386 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1387 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1388 String16 pass = data.readString16();
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1389 int32_t ret = onUserPasswordChanged(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1390 reply->writeNoException();
1391 reply->writeInt32(ret);
1392 return NO_ERROR;
1393 } break;
1394 case LOCK: {
1395 CHECK_INTERFACE(IKeystoreService, data, reply);
1396 int32_t ret = lock();
1397 reply->writeNoException();
1398 reply->writeInt32(ret);
1399 return NO_ERROR;
1400 } break;
1401 case UNLOCK: {
1402 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1403 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1404 String16 pass = data.readString16();
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1405 int32_t ret = unlock(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1406 reply->writeNoException();
1407 reply->writeInt32(ret);
1408 return NO_ERROR;
1409 } break;
1410 case ZERO: {
1411 CHECK_INTERFACE(IKeystoreService, data, reply);
1412 int32_t ret = zero();
1413 reply->writeNoException();
1414 reply->writeInt32(ret);
1415 return NO_ERROR;
1416 } break;
1417 case GENERATE: {
1418 CHECK_INTERFACE(IKeystoreService, data, reply);
1419 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1420 int32_t uid = data.readInt32();
1421 int32_t keyType = data.readInt32();
1422 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1423 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1424 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1425 int32_t argsPresent = data.readInt32();
1426 if (argsPresent == 1) {
1427 ssize_t numArgs = data.readInt32();
1428 if (numArgs > 0) {
1429 for (size_t i = 0; i < (size_t) numArgs; i++) {
1430 ssize_t inSize = data.readInt32();
1431 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1432 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1433 inSize);
1434 args.push_back(arg);
1435 } else {
1436 args.push_back(NULL);
1437 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1438 }
1439 }
1440 }
1441 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1442 reply->writeNoException();
1443 reply->writeInt32(ret);
1444 return NO_ERROR;
1445 } break;
1446 case IMPORT: {
1447 CHECK_INTERFACE(IKeystoreService, data, reply);
1448 String16 name = data.readString16();
1449 ssize_t inSize = data.readInt32();
1450 const void* in;
1451 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1452 in = data.readInplace(inSize);
1453 } else {
1454 in = NULL;
1455 inSize = 0;
1456 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1457 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1458 int32_t flags = data.readInt32();
1459 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1460 reply->writeNoException();
1461 reply->writeInt32(ret);
1462 return NO_ERROR;
1463 } break;
1464 case SIGN: {
1465 CHECK_INTERFACE(IKeystoreService, data, reply);
1466 String16 name = data.readString16();
1467 ssize_t inSize = data.readInt32();
1468 const void* in;
1469 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1470 in = data.readInplace(inSize);
1471 } else {
1472 in = NULL;
1473 inSize = 0;
1474 }
1475 void* out = NULL;
1476 size_t outSize = 0;
1477 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1478 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1479 if (outSize > 0 && out != NULL) {
1480 reply->writeInt32(outSize);
1481 void* buf = reply->writeInplace(outSize);
1482 memcpy(buf, out, outSize);
1483 free(out);
1484 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1485 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1486 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1487 reply->writeInt32(ret);
1488 return NO_ERROR;
1489 } break;
1490 case VERIFY: {
1491 CHECK_INTERFACE(IKeystoreService, data, reply);
1492 String16 name = data.readString16();
1493 ssize_t inSize = data.readInt32();
1494 const void* in;
1495 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1496 in = data.readInplace(inSize);
1497 } else {
1498 in = NULL;
1499 inSize = 0;
1500 }
1501 ssize_t sigSize = data.readInt32();
1502 const void* sig;
1503 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1504 sig = data.readInplace(sigSize);
1505 } else {
1506 sig = NULL;
1507 sigSize = 0;
1508 }
1509 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1510 (size_t) sigSize);
1511 reply->writeNoException();
1512 reply->writeInt32(ret ? 1 : 0);
1513 return NO_ERROR;
1514 } break;
1515 case GET_PUBKEY: {
1516 CHECK_INTERFACE(IKeystoreService, data, reply);
1517 String16 name = data.readString16();
1518 void* out = NULL;
1519 size_t outSize = 0;
1520 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1521 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1522 if (outSize > 0 && out != NULL) {
1523 reply->writeInt32(outSize);
1524 void* buf = reply->writeInplace(outSize);
1525 memcpy(buf, out, outSize);
1526 free(out);
1527 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1528 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1529 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1530 reply->writeInt32(ret);
1531 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1532 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1533 case DEL_KEY: {
1534 CHECK_INTERFACE(IKeystoreService, data, reply);
1535 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1536 int uid = data.readInt32();
1537 int32_t ret = del_key(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1538 reply->writeNoException();
1539 reply->writeInt32(ret);
1540 return NO_ERROR;
1541 } break;
1542 case GRANT: {
1543 CHECK_INTERFACE(IKeystoreService, data, reply);
1544 String16 name = data.readString16();
1545 int32_t granteeUid = data.readInt32();
1546 int32_t ret = grant(name, granteeUid);
1547 reply->writeNoException();
1548 reply->writeInt32(ret);
1549 return NO_ERROR;
1550 } break;
1551 case UNGRANT: {
1552 CHECK_INTERFACE(IKeystoreService, data, reply);
1553 String16 name = data.readString16();
1554 int32_t granteeUid = data.readInt32();
1555 int32_t ret = ungrant(name, granteeUid);
1556 reply->writeNoException();
1557 reply->writeInt32(ret);
1558 return NO_ERROR;
1559 } break;
1560 case GETMTIME: {
1561 CHECK_INTERFACE(IKeystoreService, data, reply);
1562 String16 name = data.readString16();
1563 int64_t ret = getmtime(name);
1564 reply->writeNoException();
1565 reply->writeInt64(ret);
1566 return NO_ERROR;
1567 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1568 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1569 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1570 String16 srcKey = data.readString16();
1571 int32_t srcUid = data.readInt32();
1572 String16 destKey = data.readString16();
1573 int32_t destUid = data.readInt32();
1574 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1575 reply->writeNoException();
1576 reply->writeInt32(ret);
1577 return NO_ERROR;
1578 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1579 case IS_HARDWARE_BACKED: {
1580 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1581 String16 keyType = data.readString16();
1582 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1583 reply->writeNoException();
1584 reply->writeInt32(ret);
1585 return NO_ERROR;
1586 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1587 case CLEAR_UID: {
1588 CHECK_INTERFACE(IKeystoreService, data, reply);
1589 int64_t uid = data.readInt64();
1590 int32_t ret = clear_uid(uid);
1591 reply->writeNoException();
1592 reply->writeInt32(ret);
1593 return NO_ERROR;
1594 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]1595 case RESET_UID: {
1596 CHECK_INTERFACE(IKeystoreService, data, reply);
1597 int32_t uid = data.readInt32();
1598 int32_t ret = reset_uid(uid);
1599 reply->writeNoException();
1600 reply->writeInt32(ret);
1601 return NO_ERROR;
1602 }
1603 case SYNC_UID: {
1604 CHECK_INTERFACE(IKeystoreService, data, reply);
1605 int32_t sourceUid = data.readInt32();
1606 int32_t targetUid = data.readInt32();
1607 int32_t ret = sync_uid(sourceUid, targetUid);
1608 reply->writeNoException();
1609 reply->writeInt32(ret);
1610 return NO_ERROR;
1611 }
1612 case PASSWORD_UID: {
1613 CHECK_INTERFACE(IKeystoreService, data, reply);
1614 String16 password = data.readString16();
1615 int32_t uid = data.readInt32();
1616 int32_t ret = password_uid(password, uid);
1617 reply->writeNoException();
1618 reply->writeInt32(ret);
1619 return NO_ERROR;
1620 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1621 case ADD_RNG_ENTROPY: {
1622 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1623 const uint8_t* bytes = NULL;
1624 size_t size = 0;
1625 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1626 int32_t ret = addRngEntropy(bytes, size);
1627 reply->writeNoException();
1628 reply->writeInt32(ret);
1629 return NO_ERROR;
1630 }
1631 case GENERATE_KEY: {
1632 CHECK_INTERFACE(IKeystoreService, data, reply);
1633 String16 name = data.readString16();
1634 KeymasterArguments args;
1635 if (data.readInt32() != 0) {
1636 args.readFromParcel(data);
1637 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1638 const uint8_t* entropy = NULL;
1639 size_t entropyLength = 0;
1640 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1641 int32_t uid = data.readInt32();
1642 int32_t flags = data.readInt32();
1643 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1644 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1645 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1646 reply->writeNoException();
1647 reply->writeInt32(ret);
1648 reply->writeInt32(1);
1649 outCharacteristics.writeToParcel(reply);
1650 return NO_ERROR;
1651 }
1652 case GET_KEY_CHARACTERISTICS: {
1653 CHECK_INTERFACE(IKeystoreService, data, reply);
1654 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1655 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1656 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1657 KeyCharacteristics outCharacteristics;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1658 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(),
1659 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1660 reply->writeNoException();
1661 reply->writeInt32(ret);
1662 reply->writeInt32(1);
1663 outCharacteristics.writeToParcel(reply);
1664 return NO_ERROR;
1665 }
1666 case IMPORT_KEY: {
1667 CHECK_INTERFACE(IKeystoreService, data, reply);
1668 String16 name = data.readString16();
1669 KeymasterArguments args;
1670 if (data.readInt32() != 0) {
1671 args.readFromParcel(data);
1672 }
1673 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1674 const uint8_t* keyData = NULL;
1675 size_t keyLength = 0;
1676 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1677 int32_t uid = data.readInt32();
1678 int32_t flags = data.readInt32();
1679 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1680 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1681 &outCharacteristics);
1682 reply->writeNoException();
1683 reply->writeInt32(ret);
1684 reply->writeInt32(1);
1685 outCharacteristics.writeToParcel(reply);
1686
1687 return NO_ERROR;
1688 }
1689 case EXPORT_KEY: {
1690 CHECK_INTERFACE(IKeystoreService, data, reply);
1691 String16 name = data.readString16();
1692 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1693 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1694 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1695 ExportResult result;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1696 exportKey(name, format, clientId.get(), appData.get(), &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1697 reply->writeNoException();
1698 reply->writeInt32(1);
1699 result.writeToParcel(reply);
1700
1701 return NO_ERROR;
1702 }
1703 case BEGIN: {
1704 CHECK_INTERFACE(IKeystoreService, data, reply);
1705 sp<IBinder> token = data.readStrongBinder();
1706 String16 name = data.readString16();
1707 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1708 bool pruneable = data.readInt32() != 0;
1709 KeymasterArguments args;
1710 if (data.readInt32() != 0) {
1711 args.readFromParcel(data);
1712 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1713 const uint8_t* entropy = NULL;
1714 size_t entropyLength = 0;
1715 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1716 KeymasterArguments outArgs;
1717 OperationResult result;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1718 begin(token, name, purpose, pruneable, args, entropy, entropyLength, &outArgs,
1719 &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1720 reply->writeNoException();
1721 reply->writeInt32(1);
1722 result.writeToParcel(reply);
1723 reply->writeInt32(1);
1724 outArgs.writeToParcel(reply);
1725
1726 return NO_ERROR;
1727 }
1728 case UPDATE: {
1729 CHECK_INTERFACE(IKeystoreService, data, reply);
1730 sp<IBinder> token = data.readStrongBinder();
1731 KeymasterArguments args;
1732 if (data.readInt32() != 0) {
1733 args.readFromParcel(data);
1734 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1735 const uint8_t* buf = NULL;
1736 size_t bufLength = 0;
1737 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1738 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1739 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1740 reply->writeNoException();
1741 reply->writeInt32(1);
1742 result.writeToParcel(reply);
1743
1744 return NO_ERROR;
1745 }
1746 case FINISH: {
1747 CHECK_INTERFACE(IKeystoreService, data, reply);
1748 sp<IBinder> token = data.readStrongBinder();
1749 KeymasterArguments args;
1750 if (data.readInt32() != 0) {
1751 args.readFromParcel(data);
1752 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1753 const uint8_t* buf = NULL;
1754 size_t bufLength = 0;
1755 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1756 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1757 finish(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1758 reply->writeNoException();
1759 reply->writeInt32(1);
1760 result.writeToParcel(reply);
1761
1762 return NO_ERROR;
1763 }
1764 case ABORT: {
1765 CHECK_INTERFACE(IKeystoreService, data, reply);
1766 sp<IBinder> token = data.readStrongBinder();
1767 int32_t result = abort(token);
1768 reply->writeNoException();
1769 reply->writeInt32(result);
1770
1771 return NO_ERROR;
1772 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1773 case IS_OPERATION_AUTHORIZED: {
1774 CHECK_INTERFACE(IKeystoreService, data, reply);
1775 sp<IBinder> token = data.readStrongBinder();
1776 bool result = isOperationAuthorized(token);
1777 reply->writeNoException();
1778 reply->writeInt32(result ? 1 : 0);
1779
1780 return NO_ERROR;
1781 }
1782 case ADD_AUTH_TOKEN: {
1783 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1784 const uint8_t* token_bytes = NULL;
1785 size_t size = 0;
1786 readByteArray(data, &token_bytes, &size);
1787 int32_t result = addAuthToken(token_bytes, size);
1788 reply->writeNoException();
1789 reply->writeInt32(result);
1790
1791 return NO_ERROR;
1792 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1793 default:
1794 return BBinder::onTransact(code, data, reply, flags);
1795 }
1796}
1797
1798// ----------------------------------------------------------------------------
1799
1800}; // namespace android