Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 50eb1b2f89ca455b2e9caa635bfe0b5ed94b416a / . / keystore / IKeystoreService.cpp
blob: 466ac241a77490d7d450f4c06d1c997f98f1b9dd [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]33const ssize_t MAX_GENERATE_ARGS = 3;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]34static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]35
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]36KeystoreArg::KeystoreArg(const void* data, size_t len)
37 : mData(data), mSize(len) {
38}
39
40KeystoreArg::~KeystoreArg() {
41}
42
43const void *KeystoreArg::data() const {
44 return mData;
45}
46
47size_t KeystoreArg::size() const {
48 return mSize;
49}
50
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]51OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]52 data(NULL), dataLength(0) {
53}
54
55OperationResult::~OperationResult() {
56}
57
58void OperationResult::readFromParcel(const Parcel& in) {
59 resultCode = in.readInt32();
60 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]61 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]62 inputConsumed = in.readInt32();
63 ssize_t length = in.readInt32();
64 dataLength = 0;
65 if (length > 0) {
66 const void* buf = in.readInplace(length);
67 if (buf) {
68 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
69 if (data.get()) {
70 memcpy(data.get(), buf, length);
71 dataLength = (size_t) length;
72 } else {
73 ALOGE("Failed to allocate OperationResult buffer");
74 }
75 } else {
76 ALOGE("Failed to readInplace OperationResult data");
77 }
78 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]79 outParams.readFromParcel(in);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]80}
81
82void OperationResult::writeToParcel(Parcel* out) const {
83 out->writeInt32(resultCode);
84 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]85 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]86 out->writeInt32(inputConsumed);
87 out->writeInt32(dataLength);
88 if (dataLength && data) {
89 void* buf = out->writeInplace(dataLength);
90 if (buf) {
91 memcpy(buf, data.get(), dataLength);
92 } else {
93 ALOGE("Failed to writeInplace OperationResult data.");
94 }
95 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]96 outParams.writeToParcel(out);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]97}
98
99ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
100}
101
102ExportResult::~ExportResult() {
103}
104
105void ExportResult::readFromParcel(const Parcel& in) {
106 resultCode = in.readInt32();
107 ssize_t length = in.readInt32();
108 dataLength = 0;
109 if (length > 0) {
110 const void* buf = in.readInplace(length);
111 if (buf) {
112 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
113 if (exportData.get()) {
114 memcpy(exportData.get(), buf, length);
115 dataLength = (size_t) length;
116 } else {
117 ALOGE("Failed to allocate ExportData buffer");
118 }
119 } else {
120 ALOGE("Failed to readInplace ExportData data");
121 }
122 }
123}
124
125void ExportResult::writeToParcel(Parcel* out) const {
126 out->writeInt32(resultCode);
127 out->writeInt32(dataLength);
128 if (exportData && dataLength) {
129 void* buf = out->writeInplace(dataLength);
130 if (buf) {
131 memcpy(buf, exportData.get(), dataLength);
132 } else {
133 ALOGE("Failed to writeInplace ExportResult data.");
134 }
135 }
136}
137
138KeymasterArguments::KeymasterArguments() {
139}
140
141KeymasterArguments::~KeymasterArguments() {
142 keymaster_free_param_values(params.data(), params.size());
143}
144
145void KeymasterArguments::readFromParcel(const Parcel& in) {
146 ssize_t length = in.readInt32();
147 size_t ulength = (size_t) length;
148 if (length < 0) {
149 ulength = 0;
150 }
151 keymaster_free_param_values(params.data(), params.size());
152 params.clear();
153 for(size_t i = 0; i < ulength; i++) {
154 keymaster_key_param_t param;
155 if (!readKeymasterArgumentFromParcel(in, &param)) {
156 ALOGE("Error reading keymaster argument from parcel");
157 break;
158 }
159 params.push_back(param);
160 }
161}
162
163void KeymasterArguments::writeToParcel(Parcel* out) const {
164 out->writeInt32(params.size());
165 for (auto param : params) {
166 out->writeInt32(1);
167 writeKeymasterArgumentToParcel(param, out);
168 }
169}
170
171KeyCharacteristics::KeyCharacteristics() {
172 memset((void*) &characteristics, 0, sizeof(characteristics));
173}
174
175KeyCharacteristics::~KeyCharacteristics() {
176 keymaster_free_characteristics(&characteristics);
177}
178
179void KeyCharacteristics::readFromParcel(const Parcel& in) {
180 size_t length = 0;
181 keymaster_key_param_t* params = readParamList(in, &length);
182 characteristics.sw_enforced.params = params;
183 characteristics.sw_enforced.length = length;
184
185 params = readParamList(in, &length);
186 characteristics.hw_enforced.params = params;
187 characteristics.hw_enforced.length = length;
188}
189
190void KeyCharacteristics::writeToParcel(Parcel* out) const {
191 if (characteristics.sw_enforced.params) {
192 out->writeInt32(characteristics.sw_enforced.length);
193 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
194 out->writeInt32(1);
195 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
196 }
197 } else {
198 out->writeInt32(0);
199 }
200 if (characteristics.hw_enforced.params) {
201 out->writeInt32(characteristics.hw_enforced.length);
202 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
203 out->writeInt32(1);
204 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
205 }
206 } else {
207 out->writeInt32(0);
208 }
209}
210
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame^]211KeymasterCertificateChain::KeymasterCertificateChain() {
212 memset(&chain, 0, sizeof(chain));
213}
214
215KeymasterCertificateChain::~KeymasterCertificateChain() {
216 keymaster_free_cert_chain(&chain);
217}
218
219static bool readKeymasterBlob(const Parcel& in, keymaster_blob_t* blob) {
220 if (in.readInt32() != 1) {
221 return false;
222 }
223
224 blob->data_length = 0;
225 ssize_t length = in.readInt32();
226 if (length <= 0) {
227 blob->data = nullptr;
228 return false;
229 }
230
231 blob->data = reinterpret_cast<const uint8_t*>(in.readInplace(length));
232 if (blob->data) {
233 blob->data_length = static_cast<size_t>(length);
234 }
235 return true;
236}
237
238void KeymasterCertificateChain::readFromParcel(const Parcel& in) {
239 ssize_t count = in.readInt32();
240 size_t ucount = count;
241 if (count < 0) {
242 ucount = 0;
243 }
244 keymaster_free_cert_chain(&chain);
245 chain.entries = new keymaster_blob_t[ucount];
246 memset(chain.entries, 0, sizeof(keymaster_blob_t) * ucount);
247 for (size_t i = 0; i < ucount; ++i) {
248 if (!readKeymasterBlob(in, &chain.entries[i])) {
249 keymaster_free_cert_chain(&chain);
250 return;
251 }
252 }
253}
254
255void KeymasterCertificateChain::writeToParcel(Parcel* out) const {
256 out->writeInt32(chain.entry_count);
257 for (size_t i = 0; i < chain.entry_count; ++i) {
258 if (chain.entries[i].data) {
259 out->writeInt32(1); // Tell Java side that object is not NULL
260 out->writeInt32(chain.entries[i].data_length);
261 void* buf = out->writeInplace(chain.entries[i].data_length);
262 if (buf) {
263 memcpy(buf, chain.entries[i].data, chain.entries[i].data_length);
264 } else {
265 ALOGE("Failed to writeInplace keymaster cert chain entry");
266 }
267 } else {
268 out->writeInt32(0); // Tell Java side this object is NULL.
269 ALOGE("Found NULL certificate chain entry");
270 }
271 }
272}
273
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]274void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
275 switch (keymaster_tag_get_type(param.tag)) {
276 case KM_ENUM:
277 case KM_ENUM_REP: {
278 out->writeInt32(param.tag);
279 out->writeInt32(param.enumerated);
280 break;
281 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]282 case KM_UINT:
283 case KM_UINT_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]284 out->writeInt32(param.tag);
285 out->writeInt32(param.integer);
286 break;
287 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]288 case KM_ULONG:
289 case KM_ULONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]290 out->writeInt32(param.tag);
291 out->writeInt64(param.long_integer);
292 break;
293 }
294 case KM_DATE: {
295 out->writeInt32(param.tag);
296 out->writeInt64(param.date_time);
297 break;
298 }
299 case KM_BOOL: {
300 out->writeInt32(param.tag);
301 break;
302 }
303 case KM_BIGNUM:
304 case KM_BYTES: {
305 out->writeInt32(param.tag);
306 out->writeInt32(param.blob.data_length);
307 void* buf = out->writeInplace(param.blob.data_length);
308 if (buf) {
309 memcpy(buf, param.blob.data, param.blob.data_length);
310 } else {
311 ALOGE("Failed to writeInplace keymaster blob param");
312 }
313 break;
314 }
315 default: {
316 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
317 }
318 }
319}
320
321
322bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
323 if (in.readInt32() == 0) {
324 return false;
325 }
326 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
327 switch (keymaster_tag_get_type(tag)) {
328 case KM_ENUM:
329 case KM_ENUM_REP: {
330 uint32_t value = in.readInt32();
331 *out = keymaster_param_enum(tag, value);
332 break;
333 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]334 case KM_UINT:
335 case KM_UINT_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]336 uint32_t value = in.readInt32();
337 *out = keymaster_param_int(tag, value);
338 break;
339 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]340 case KM_ULONG:
341 case KM_ULONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]342 uint64_t value = in.readInt64();
343 *out = keymaster_param_long(tag, value);
344 break;
345 }
346 case KM_DATE: {
347 uint64_t value = in.readInt64();
348 *out = keymaster_param_date(tag, value);
349 break;
350 }
351 case KM_BOOL: {
352 *out = keymaster_param_bool(tag);
353 break;
354 }
355 case KM_BIGNUM:
356 case KM_BYTES: {
357 ssize_t length = in.readInt32();
358 uint8_t* data = NULL;
359 size_t ulength = 0;
360 if (length >= 0) {
361 ulength = (size_t) length;
362 // use malloc here so we can use keymaster_free_param_values
363 // consistently.
364 data = reinterpret_cast<uint8_t*>(malloc(ulength));
365 const void* buf = in.readInplace(ulength);
366 if (!buf || !data) {
367 ALOGE("Failed to allocate buffer for keymaster blob param");
368 return false;
369 }
370 memcpy(data, buf, ulength);
371 }
372 *out = keymaster_param_blob(tag, data, ulength);
373 break;
374 }
375 default: {
376 ALOGE("Unsupported keymaster_tag_t %d", tag);
377 return false;
378 }
379 }
380 return true;
381}
382
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]383/**
384 * Read a byte array from in. The data at *data is still owned by the parcel
385 */
386static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
387 ssize_t slength = in.readInt32();
388 if (slength > 0) {
389 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
390 if (*data) {
391 *length = static_cast<size_t>(slength);
392 } else {
393 *length = 0;
394 }
395 } else {
396 *data = NULL;
397 *length = 0;
398 }
399}
400
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]401// Read a keymaster_key_param_t* from a Parcel for use in a
402// keymaster_key_characteristics_t. This will be free'd by calling
403// keymaster_free_key_characteristics.
404static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
405 ssize_t slength = in.readInt32();
406 *length = 0;
407 if (slength < 0) {
408 return NULL;
409 }
410 *length = (size_t) slength;
411 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
412 return NULL;
413 }
414 keymaster_key_param_t* list =
415 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
416 sizeof(keymaster_key_param_t)));
417 if (!list) {
418 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
419 goto err;
420 }
421 for (size_t i = 0; i < *length ; i++) {
422 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
423 ALOGE("Failed to read keymaster argument");
424 keymaster_free_param_values(list, i);
425 goto err;
426 }
427 }
428 return list;
429err:
430 free(list);
431 return NULL;
432}
433
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]434static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame^]435 std::unique_ptr<keymaster_blob_t> blob (new keymaster_blob_t);
436 if (!readKeymasterBlob(in, blob.get())) {
437 blob.reset();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]438 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]439 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]440}
441
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]442class BpKeystoreService: public BpInterface<IKeystoreService>
443{
444public:
445 BpKeystoreService(const sp<IBinder>& impl)
446 : BpInterface<IKeystoreService>(impl)
447 {
448 }
449
450 // test ping
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]451 virtual int32_t getState(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]452 {
453 Parcel data, reply;
454 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]455 data.writeInt32(userId);
456 status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]457 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]458 ALOGD("getState() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]459 return -1;
460 }
461 int32_t err = reply.readExceptionCode();
462 int32_t ret = reply.readInt32();
463 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]464 ALOGD("getState() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]465 return -1;
466 }
467 return ret;
468 }
469
470 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
471 {
472 Parcel data, reply;
473 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
474 data.writeString16(name);
475 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
476 if (status != NO_ERROR) {
477 ALOGD("get() could not contact remote: %d\n", status);
478 return -1;
479 }
480 int32_t err = reply.readExceptionCode();
481 ssize_t len = reply.readInt32();
482 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
483 size_t ulen = (size_t) len;
484 const void* buf = reply.readInplace(ulen);
485 *item = (uint8_t*) malloc(ulen);
486 if (*item != NULL) {
487 memcpy(*item, buf, ulen);
488 *itemLength = ulen;
489 } else {
490 ALOGE("out of memory allocating output array in get");
491 *itemLength = 0;
492 }
493 } else {
494 *itemLength = 0;
495 }
496 if (err < 0) {
497 ALOGD("get() caught exception %d\n", err);
498 return -1;
499 }
500 return 0;
501 }
502
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]503 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
504 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]505 {
506 Parcel data, reply;
507 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
508 data.writeString16(name);
509 data.writeInt32(itemLength);
510 void* buf = data.writeInplace(itemLength);
511 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]512 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]513 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]514 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
515 if (status != NO_ERROR) {
516 ALOGD("import() could not contact remote: %d\n", status);
517 return -1;
518 }
519 int32_t err = reply.readExceptionCode();
520 int32_t ret = reply.readInt32();
521 if (err < 0) {
522 ALOGD("import() caught exception %d\n", err);
523 return -1;
524 }
525 return ret;
526 }
527
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]528 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]529 {
530 Parcel data, reply;
531 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
532 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]533 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]534 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
535 if (status != NO_ERROR) {
536 ALOGD("del() could not contact remote: %d\n", status);
537 return -1;
538 }
539 int32_t err = reply.readExceptionCode();
540 int32_t ret = reply.readInt32();
541 if (err < 0) {
542 ALOGD("del() caught exception %d\n", err);
543 return -1;
544 }
545 return ret;
546 }
547
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]548 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]549 {
550 Parcel data, reply;
551 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
552 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]553 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]554 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
555 if (status != NO_ERROR) {
556 ALOGD("exist() could not contact remote: %d\n", status);
557 return -1;
558 }
559 int32_t err = reply.readExceptionCode();
560 int32_t ret = reply.readInt32();
561 if (err < 0) {
562 ALOGD("exist() caught exception %d\n", err);
563 return -1;
564 }
565 return ret;
566 }
567
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]568 virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]569 {
570 Parcel data, reply;
571 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]572 data.writeString16(prefix);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]573 data.writeInt32(uid);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]574 status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]575 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]576 ALOGD("list() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]577 return -1;
578 }
579 int32_t err = reply.readExceptionCode();
580 int32_t numMatches = reply.readInt32();
581 for (int32_t i = 0; i < numMatches; i++) {
582 matches->push(reply.readString16());
583 }
584 int32_t ret = reply.readInt32();
585 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]586 ALOGD("list() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]587 return -1;
588 }
589 return ret;
590 }
591
592 virtual int32_t reset()
593 {
594 Parcel data, reply;
595 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
596 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
597 if (status != NO_ERROR) {
598 ALOGD("reset() could not contact remote: %d\n", status);
599 return -1;
600 }
601 int32_t err = reply.readExceptionCode();
602 int32_t ret = reply.readInt32();
603 if (err < 0) {
604 ALOGD("reset() caught exception %d\n", err);
605 return -1;
606 }
607 return ret;
608 }
609
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]610 virtual int32_t onUserPasswordChanged(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]611 {
612 Parcel data, reply;
613 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]614 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]615 data.writeString16(password);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]616 status_t status = remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data,
617 &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]618 if (status != NO_ERROR) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]619 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]620 return -1;
621 }
622 int32_t err = reply.readExceptionCode();
623 int32_t ret = reply.readInt32();
624 if (err < 0) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]625 ALOGD("onUserPasswordChanged() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]626 return -1;
627 }
628 return ret;
629 }
630
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]631 virtual int32_t lock(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]632 {
633 Parcel data, reply;
634 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]635 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]636 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
637 if (status != NO_ERROR) {
638 ALOGD("lock() could not contact remote: %d\n", status);
639 return -1;
640 }
641 int32_t err = reply.readExceptionCode();
642 int32_t ret = reply.readInt32();
643 if (err < 0) {
644 ALOGD("lock() caught exception %d\n", err);
645 return -1;
646 }
647 return ret;
648 }
649
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]650 virtual int32_t unlock(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]651 {
652 Parcel data, reply;
653 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]654 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]655 data.writeString16(password);
656 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
657 if (status != NO_ERROR) {
658 ALOGD("unlock() could not contact remote: %d\n", status);
659 return -1;
660 }
661 int32_t err = reply.readExceptionCode();
662 int32_t ret = reply.readInt32();
663 if (err < 0) {
664 ALOGD("unlock() caught exception %d\n", err);
665 return -1;
666 }
667 return ret;
668 }
669
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]670 virtual bool isEmpty(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]671 {
672 Parcel data, reply;
673 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]674 data.writeInt32(userId);
675 status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]676 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]677 ALOGD("isEmpty() could not contact remote: %d\n", status);
678 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]679 }
680 int32_t err = reply.readExceptionCode();
681 int32_t ret = reply.readInt32();
682 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]683 ALOGD("isEmpty() caught exception %d\n", err);
684 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]685 }
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]686 return ret != 0;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]687 }
688
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]689 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
690 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]691 {
692 Parcel data, reply;
693 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
694 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]695 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]696 data.writeInt32(keyType);
697 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]698 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]699 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]700 data.writeInt32(args->size());
701 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
702 sp<KeystoreArg> item = *it;
703 size_t keyLength = item->size();
704 data.writeInt32(keyLength);
705 void* buf = data.writeInplace(keyLength);
706 memcpy(buf, item->data(), keyLength);
707 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]708 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
709 if (status != NO_ERROR) {
710 ALOGD("generate() could not contact remote: %d\n", status);
711 return -1;
712 }
713 int32_t err = reply.readExceptionCode();
714 int32_t ret = reply.readInt32();
715 if (err < 0) {
716 ALOGD("generate() caught exception %d\n", err);
717 return -1;
718 }
719 return ret;
720 }
721
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]722 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
723 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]724 {
725 Parcel data, reply;
726 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
727 data.writeString16(name);
728 data.writeInt32(keyLength);
729 void* buf = data.writeInplace(keyLength);
730 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]731 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]732 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]733 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
734 if (status != NO_ERROR) {
735 ALOGD("import() could not contact remote: %d\n", status);
736 return -1;
737 }
738 int32_t err = reply.readExceptionCode();
739 int32_t ret = reply.readInt32();
740 if (err < 0) {
741 ALOGD("import() caught exception %d\n", err);
742 return -1;
743 }
744 return ret;
745 }
746
747 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
748 size_t* outLength)
749 {
750 Parcel data, reply;
751 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
752 data.writeString16(name);
753 data.writeInt32(inLength);
754 void* buf = data.writeInplace(inLength);
755 memcpy(buf, in, inLength);
756 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
757 if (status != NO_ERROR) {
758 ALOGD("import() could not contact remote: %d\n", status);
759 return -1;
760 }
761 int32_t err = reply.readExceptionCode();
762 ssize_t len = reply.readInt32();
763 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
764 size_t ulen = (size_t) len;
765 const void* outBuf = reply.readInplace(ulen);
766 *out = (uint8_t*) malloc(ulen);
767 if (*out != NULL) {
768 memcpy((void*) *out, outBuf, ulen);
769 *outLength = ulen;
770 } else {
771 ALOGE("out of memory allocating output array in sign");
772 *outLength = 0;
773 }
774 } else {
775 *outLength = 0;
776 }
777 if (err < 0) {
778 ALOGD("import() caught exception %d\n", err);
779 return -1;
780 }
781 return 0;
782 }
783
784 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
785 const uint8_t* signature, size_t signatureLength)
786 {
787 Parcel data, reply;
788 void* buf;
789
790 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
791 data.writeString16(name);
792 data.writeInt32(inLength);
793 buf = data.writeInplace(inLength);
794 memcpy(buf, in, inLength);
795 data.writeInt32(signatureLength);
796 buf = data.writeInplace(signatureLength);
797 memcpy(buf, signature, signatureLength);
798 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
799 if (status != NO_ERROR) {
800 ALOGD("verify() could not contact remote: %d\n", status);
801 return -1;
802 }
803 int32_t err = reply.readExceptionCode();
804 int32_t ret = reply.readInt32();
805 if (err < 0) {
806 ALOGD("verify() caught exception %d\n", err);
807 return -1;
808 }
809 return ret;
810 }
811
812 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
813 {
814 Parcel data, reply;
815 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
816 data.writeString16(name);
817 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
818 if (status != NO_ERROR) {
819 ALOGD("get_pubkey() could not contact remote: %d\n", status);
820 return -1;
821 }
822 int32_t err = reply.readExceptionCode();
823 ssize_t len = reply.readInt32();
824 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
825 size_t ulen = (size_t) len;
826 const void* buf = reply.readInplace(ulen);
827 *pubkey = (uint8_t*) malloc(ulen);
828 if (*pubkey != NULL) {
829 memcpy(*pubkey, buf, ulen);
830 *pubkeyLength = ulen;
831 } else {
832 ALOGE("out of memory allocating output array in get_pubkey");
833 *pubkeyLength = 0;
834 }
835 } else {
836 *pubkeyLength = 0;
837 }
838 if (err < 0) {
839 ALOGD("get_pubkey() caught exception %d\n", err);
840 return -1;
841 }
842 return 0;
843 }
844
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]845 virtual int32_t grant(const String16& name, int32_t granteeUid)
846 {
847 Parcel data, reply;
848 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
849 data.writeString16(name);
850 data.writeInt32(granteeUid);
851 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
852 if (status != NO_ERROR) {
853 ALOGD("grant() could not contact remote: %d\n", status);
854 return -1;
855 }
856 int32_t err = reply.readExceptionCode();
857 int32_t ret = reply.readInt32();
858 if (err < 0) {
859 ALOGD("grant() caught exception %d\n", err);
860 return -1;
861 }
862 return ret;
863 }
864
865 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
866 {
867 Parcel data, reply;
868 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
869 data.writeString16(name);
870 data.writeInt32(granteeUid);
871 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
872 if (status != NO_ERROR) {
873 ALOGD("ungrant() could not contact remote: %d\n", status);
874 return -1;
875 }
876 int32_t err = reply.readExceptionCode();
877 int32_t ret = reply.readInt32();
878 if (err < 0) {
879 ALOGD("ungrant() caught exception %d\n", err);
880 return -1;
881 }
882 return ret;
883 }
884
885 int64_t getmtime(const String16& name)
886 {
887 Parcel data, reply;
888 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
889 data.writeString16(name);
890 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
891 if (status != NO_ERROR) {
892 ALOGD("getmtime() could not contact remote: %d\n", status);
893 return -1;
894 }
895 int32_t err = reply.readExceptionCode();
896 int64_t ret = reply.readInt64();
897 if (err < 0) {
898 ALOGD("getmtime() caught exception %d\n", err);
899 return -1;
900 }
901 return ret;
902 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]903
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]904 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
905 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]906 {
907 Parcel data, reply;
908 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]909 data.writeString16(srcKey);
910 data.writeInt32(srcUid);
911 data.writeString16(destKey);
912 data.writeInt32(destUid);
913 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]914 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]915 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]916 return -1;
917 }
918 int32_t err = reply.readExceptionCode();
919 int32_t ret = reply.readInt32();
920 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]921 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]922 return -1;
923 }
924 return ret;
925 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]926
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]927 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]928 {
929 Parcel data, reply;
930 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]931 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]932 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
933 if (status != NO_ERROR) {
934 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
935 return -1;
936 }
937 int32_t err = reply.readExceptionCode();
938 int32_t ret = reply.readInt32();
939 if (err < 0) {
940 ALOGD("is_hardware_backed() caught exception %d\n", err);
941 return -1;
942 }
943 return ret;
944 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]945
946 virtual int32_t clear_uid(int64_t uid)
947 {
948 Parcel data, reply;
949 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
950 data.writeInt64(uid);
951 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
952 if (status != NO_ERROR) {
953 ALOGD("clear_uid() could not contact remote: %d\n", status);
954 return -1;
955 }
956 int32_t err = reply.readExceptionCode();
957 int32_t ret = reply.readInt32();
958 if (err < 0) {
959 ALOGD("clear_uid() caught exception %d\n", err);
960 return -1;
961 }
962 return ret;
963 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]964
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]965 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
966 {
967 Parcel data, reply;
968 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]969 data.writeByteArray(bufLength, buf);
970 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
971 if (status != NO_ERROR) {
972 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
973 return -1;
974 }
975 int32_t err = reply.readExceptionCode();
976 int32_t ret = reply.readInt32();
977 if (err < 0) {
978 ALOGD("addRngEntropy() caught exception %d\n", err);
979 return -1;
980 }
981 return ret;
982 };
983
984 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]985 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
986 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]987 {
988 Parcel data, reply;
989 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
990 data.writeString16(name);
991 data.writeInt32(1);
992 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]993 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]994 data.writeInt32(uid);
995 data.writeInt32(flags);
996 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
997 if (status != NO_ERROR) {
998 ALOGD("generateKey() could not contact remote: %d\n", status);
999 return KM_ERROR_UNKNOWN_ERROR;
1000 }
1001 int32_t err = reply.readExceptionCode();
1002 int32_t ret = reply.readInt32();
1003 if (err < 0) {
1004 ALOGD("generateKey() caught exception %d\n", err);
1005 return KM_ERROR_UNKNOWN_ERROR;
1006 }
1007 if (reply.readInt32() != 0 && outCharacteristics) {
1008 outCharacteristics->readFromParcel(reply);
1009 }
1010 return ret;
1011 }
1012 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1013 const keymaster_blob_t* clientId,
1014 const keymaster_blob_t* appData,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1015 KeyCharacteristics* outCharacteristics)
1016 {
1017 Parcel data, reply;
1018 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1019 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1020 if (clientId) {
1021 data.writeByteArray(clientId->data_length, clientId->data);
1022 } else {
1023 data.writeInt32(-1);
1024 }
1025 if (appData) {
1026 data.writeByteArray(appData->data_length, appData->data);
1027 } else {
1028 data.writeInt32(-1);
1029 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1030 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1031 data, &reply);
1032 if (status != NO_ERROR) {
1033 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1034 return KM_ERROR_UNKNOWN_ERROR;
1035 }
1036 int32_t err = reply.readExceptionCode();
1037 int32_t ret = reply.readInt32();
1038 if (err < 0) {
1039 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1040 return KM_ERROR_UNKNOWN_ERROR;
1041 }
1042 if (reply.readInt32() != 0 && outCharacteristics) {
1043 outCharacteristics->readFromParcel(reply);
1044 }
1045 return ret;
1046 }
1047 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1048 keymaster_key_format_t format, const uint8_t *keyData,
1049 size_t keyLength, int uid, int flags,
1050 KeyCharacteristics* outCharacteristics)
1051 {
1052 Parcel data, reply;
1053 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1054 data.writeString16(name);
1055 data.writeInt32(1);
1056 params.writeToParcel(&data);
1057 data.writeInt32(format);
1058 data.writeByteArray(keyLength, keyData);
1059 data.writeInt32(uid);
1060 data.writeInt32(flags);
1061 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1062 if (status != NO_ERROR) {
1063 ALOGD("importKey() could not contact remote: %d\n", status);
1064 return KM_ERROR_UNKNOWN_ERROR;
1065 }
1066 int32_t err = reply.readExceptionCode();
1067 int32_t ret = reply.readInt32();
1068 if (err < 0) {
1069 ALOGD("importKey() caught exception %d\n", err);
1070 return KM_ERROR_UNKNOWN_ERROR;
1071 }
1072 if (reply.readInt32() != 0 && outCharacteristics) {
1073 outCharacteristics->readFromParcel(reply);
1074 }
1075 return ret;
1076 }
1077
1078 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1079 const keymaster_blob_t* clientId,
1080 const keymaster_blob_t* appData, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1081 {
1082 if (!result) {
1083 return;
1084 }
1085
1086 Parcel data, reply;
1087 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1088 data.writeString16(name);
1089 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1090 if (clientId) {
1091 data.writeByteArray(clientId->data_length, clientId->data);
1092 } else {
1093 data.writeInt32(-1);
1094 }
1095 if (appData) {
1096 data.writeByteArray(appData->data_length, appData->data);
1097 } else {
1098 data.writeInt32(-1);
1099 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1100 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1101 if (status != NO_ERROR) {
1102 ALOGD("exportKey() could not contact remote: %d\n", status);
1103 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1104 return;
1105 }
1106 int32_t err = reply.readExceptionCode();
1107 if (err < 0) {
1108 ALOGD("exportKey() caught exception %d\n", err);
1109 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1110 return;
1111 }
1112 if (reply.readInt32() != 0) {
1113 result->readFromParcel(reply);
1114 }
1115 }
1116
1117 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1118 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1119 const KeymasterArguments& params, const uint8_t* entropy,
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1120 size_t entropyLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1121 {
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1122 if (!result) {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1123 return;
1124 }
1125 Parcel data, reply;
1126 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1127 data.writeStrongBinder(appToken);
1128 data.writeString16(name);
1129 data.writeInt32(purpose);
1130 data.writeInt32(pruneable ? 1 : 0);
1131 data.writeInt32(1);
1132 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1133 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1134 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1135 if (status != NO_ERROR) {
1136 ALOGD("begin() could not contact remote: %d\n", status);
1137 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1138 return;
1139 }
1140 int32_t err = reply.readExceptionCode();
1141 if (err < 0) {
1142 ALOGD("begin() caught exception %d\n", err);
1143 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1144 return;
1145 }
1146 if (reply.readInt32() != 0) {
1147 result->readFromParcel(reply);
1148 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1149 }
1150
1151 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1152 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1153 {
1154 if (!result) {
1155 return;
1156 }
1157 Parcel data, reply;
1158 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1159 data.writeStrongBinder(token);
1160 data.writeInt32(1);
1161 params.writeToParcel(&data);
1162 data.writeByteArray(dataLength, opData);
1163 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1164 if (status != NO_ERROR) {
1165 ALOGD("update() could not contact remote: %d\n", status);
1166 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1167 return;
1168 }
1169 int32_t err = reply.readExceptionCode();
1170 if (err < 0) {
1171 ALOGD("update() caught exception %d\n", err);
1172 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1173 return;
1174 }
1175 if (reply.readInt32() != 0) {
1176 result->readFromParcel(reply);
1177 }
1178 }
1179
1180 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1181 const uint8_t* signature, size_t signatureLength,
1182 const uint8_t* entropy, size_t entropyLength,
1183 OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1184 {
1185 if (!result) {
1186 return;
1187 }
1188 Parcel data, reply;
1189 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1190 data.writeStrongBinder(token);
1191 data.writeInt32(1);
1192 params.writeToParcel(&data);
1193 data.writeByteArray(signatureLength, signature);
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1194 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1195 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1196 if (status != NO_ERROR) {
1197 ALOGD("finish() could not contact remote: %d\n", status);
1198 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1199 return;
1200 }
1201 int32_t err = reply.readExceptionCode();
1202 if (err < 0) {
1203 ALOGD("finish() caught exception %d\n", err);
1204 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1205 return;
1206 }
1207 if (reply.readInt32() != 0) {
1208 result->readFromParcel(reply);
1209 }
1210 }
1211
1212 virtual int32_t abort(const sp<IBinder>& token)
1213 {
1214 Parcel data, reply;
1215 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1216 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1217 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1218 if (status != NO_ERROR) {
1219 ALOGD("abort() could not contact remote: %d\n", status);
1220 return KM_ERROR_UNKNOWN_ERROR;
1221 }
1222 int32_t err = reply.readExceptionCode();
1223 int32_t ret = reply.readInt32();
1224 if (err < 0) {
1225 ALOGD("abort() caught exception %d\n", err);
1226 return KM_ERROR_UNKNOWN_ERROR;
1227 }
1228 return ret;
1229 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1230
1231 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1232 {
1233 Parcel data, reply;
1234 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1235 data.writeStrongBinder(token);
1236 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1237 &reply);
1238 if (status != NO_ERROR) {
1239 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1240 return false;
1241 }
1242 int32_t err = reply.readExceptionCode();
1243 int32_t ret = reply.readInt32();
1244 if (err < 0) {
1245 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1246 return false;
1247 }
1248 return ret == 1;
1249 }
1250
1251 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1252 {
1253 Parcel data, reply;
1254 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1255 data.writeByteArray(length, token);
1256 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1257 if (status != NO_ERROR) {
1258 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1259 return -1;
1260 }
1261 int32_t err = reply.readExceptionCode();
1262 int32_t ret = reply.readInt32();
1263 if (err < 0) {
1264 ALOGD("addAuthToken() caught exception %d\n", err);
1265 return -1;
1266 }
1267 return ret;
1268 };
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1269
1270 virtual int32_t onUserAdded(int32_t userId, int32_t parentId)
1271 {
1272 Parcel data, reply;
1273 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1274 data.writeInt32(userId);
1275 data.writeInt32(parentId);
1276 status_t status = remote()->transact(BnKeystoreService::ON_USER_ADDED, data, &reply);
1277 if (status != NO_ERROR) {
1278 ALOGD("onUserAdded() could not contact remote: %d\n", status);
1279 return -1;
1280 }
1281 int32_t err = reply.readExceptionCode();
1282 int32_t ret = reply.readInt32();
1283 if (err < 0) {
1284 ALOGD("onUserAdded() caught exception %d\n", err);
1285 return -1;
1286 }
1287 return ret;
1288 }
1289
1290 virtual int32_t onUserRemoved(int32_t userId)
1291 {
1292 Parcel data, reply;
1293 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1294 data.writeInt32(userId);
1295 status_t status = remote()->transact(BnKeystoreService::ON_USER_REMOVED, data, &reply);
1296 if (status != NO_ERROR) {
1297 ALOGD("onUserRemoved() could not contact remote: %d\n", status);
1298 return -1;
1299 }
1300 int32_t err = reply.readExceptionCode();
1301 int32_t ret = reply.readInt32();
1302 if (err < 0) {
1303 ALOGD("onUserRemoved() caught exception %d\n", err);
1304 return -1;
1305 }
1306 return ret;
1307 }
1308
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame^]1309 virtual int32_t attestKey(const String16& name, const KeymasterArguments& params,
1310 KeymasterCertificateChain* outChain) {
1311 if (!outChain)
1312 return KM_ERROR_OUTPUT_PARAMETER_NULL;
1313
1314 Parcel data, reply;
1315 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1316 data.writeString16(name);
1317 data.writeInt32(1); // params is not NULL.
1318 params.writeToParcel(&data);
1319
1320 status_t status = remote()->transact(BnKeystoreService::ATTEST_KEY, data, &reply);
1321 if (status != NO_ERROR) {
1322 ALOGD("attestkey() count not contact remote: %d\n", status);
1323 return KM_ERROR_UNKNOWN_ERROR;
1324 }
1325 int32_t err = reply.readExceptionCode();
1326 int32_t ret = reply.readInt32();
1327 if (err < 0) {
1328 ALOGD("attestKey() caught exception %d\n", err);
1329 return KM_ERROR_UNKNOWN_ERROR;
1330 }
1331 if (reply.readInt32() != 0) {
1332 outChain->readFromParcel(reply);
1333 }
1334 return ret;
1335 }
1336
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1337};
1338
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1339IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1340
1341// ----------------------------------------------------------------------
1342
1343status_t BnKeystoreService::onTransact(
1344 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1345{
1346 switch(code) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1347 case GET_STATE: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1348 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1349 int32_t userId = data.readInt32();
1350 int32_t ret = getState(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1351 reply->writeNoException();
1352 reply->writeInt32(ret);
1353 return NO_ERROR;
1354 } break;
1355 case GET: {
1356 CHECK_INTERFACE(IKeystoreService, data, reply);
1357 String16 name = data.readString16();
1358 void* out = NULL;
1359 size_t outSize = 0;
1360 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1361 reply->writeNoException();
1362 if (ret == 1) {
1363 reply->writeInt32(outSize);
1364 void* buf = reply->writeInplace(outSize);
1365 memcpy(buf, out, outSize);
1366 free(out);
1367 } else {
1368 reply->writeInt32(-1);
1369 }
1370 return NO_ERROR;
1371 } break;
1372 case INSERT: {
1373 CHECK_INTERFACE(IKeystoreService, data, reply);
1374 String16 name = data.readString16();
1375 ssize_t inSize = data.readInt32();
1376 const void* in;
1377 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1378 in = data.readInplace(inSize);
1379 } else {
1380 in = NULL;
1381 inSize = 0;
1382 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1383 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1384 int32_t flags = data.readInt32();
1385 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1386 reply->writeNoException();
1387 reply->writeInt32(ret);
1388 return NO_ERROR;
1389 } break;
1390 case DEL: {
1391 CHECK_INTERFACE(IKeystoreService, data, reply);
1392 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1393 int uid = data.readInt32();
1394 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1395 reply->writeNoException();
1396 reply->writeInt32(ret);
1397 return NO_ERROR;
1398 } break;
1399 case EXIST: {
1400 CHECK_INTERFACE(IKeystoreService, data, reply);
1401 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1402 int uid = data.readInt32();
1403 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1404 reply->writeNoException();
1405 reply->writeInt32(ret);
1406 return NO_ERROR;
1407 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1408 case LIST: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1409 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1410 String16 prefix = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1411 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1412 Vector<String16> matches;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1413 int32_t ret = list(prefix, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1414 reply->writeNoException();
1415 reply->writeInt32(matches.size());
1416 Vector<String16>::const_iterator it = matches.begin();
1417 for (; it != matches.end(); ++it) {
1418 reply->writeString16(*it);
1419 }
1420 reply->writeInt32(ret);
1421 return NO_ERROR;
1422 } break;
1423 case RESET: {
1424 CHECK_INTERFACE(IKeystoreService, data, reply);
1425 int32_t ret = reset();
1426 reply->writeNoException();
1427 reply->writeInt32(ret);
1428 return NO_ERROR;
1429 } break;
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1430 case ON_USER_PASSWORD_CHANGED: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1431 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1432 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1433 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1434 int32_t ret = onUserPasswordChanged(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1435 reply->writeNoException();
1436 reply->writeInt32(ret);
1437 return NO_ERROR;
1438 } break;
1439 case LOCK: {
1440 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1441 int32_t userId = data.readInt32();
1442 int32_t ret = lock(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1443 reply->writeNoException();
1444 reply->writeInt32(ret);
1445 return NO_ERROR;
1446 } break;
1447 case UNLOCK: {
1448 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1449 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1450 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1451 int32_t ret = unlock(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1452 reply->writeNoException();
1453 reply->writeInt32(ret);
1454 return NO_ERROR;
1455 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1456 case IS_EMPTY: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1457 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1458 int32_t userId = data.readInt32();
1459 bool ret = isEmpty(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1460 reply->writeNoException();
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1461 reply->writeInt32(ret ? 1 : 0);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1462 return NO_ERROR;
1463 } break;
1464 case GENERATE: {
1465 CHECK_INTERFACE(IKeystoreService, data, reply);
1466 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1467 int32_t uid = data.readInt32();
1468 int32_t keyType = data.readInt32();
1469 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1470 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1471 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1472 int32_t argsPresent = data.readInt32();
1473 if (argsPresent == 1) {
1474 ssize_t numArgs = data.readInt32();
Chad Brubakered4f5662015-01-14 19:22:09 -0800[diff] [blame]1475 if (numArgs > MAX_GENERATE_ARGS) {
1476 return BAD_VALUE;
1477 }
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1478 if (numArgs > 0) {
1479 for (size_t i = 0; i < (size_t) numArgs; i++) {
1480 ssize_t inSize = data.readInt32();
1481 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1482 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1483 inSize);
1484 args.push_back(arg);
1485 } else {
1486 args.push_back(NULL);
1487 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1488 }
1489 }
1490 }
1491 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1492 reply->writeNoException();
1493 reply->writeInt32(ret);
1494 return NO_ERROR;
1495 } break;
1496 case IMPORT: {
1497 CHECK_INTERFACE(IKeystoreService, data, reply);
1498 String16 name = data.readString16();
1499 ssize_t inSize = data.readInt32();
1500 const void* in;
1501 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1502 in = data.readInplace(inSize);
1503 } else {
1504 in = NULL;
1505 inSize = 0;
1506 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1507 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1508 int32_t flags = data.readInt32();
1509 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1510 reply->writeNoException();
1511 reply->writeInt32(ret);
1512 return NO_ERROR;
1513 } break;
1514 case SIGN: {
1515 CHECK_INTERFACE(IKeystoreService, data, reply);
1516 String16 name = data.readString16();
1517 ssize_t inSize = data.readInt32();
1518 const void* in;
1519 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1520 in = data.readInplace(inSize);
1521 } else {
1522 in = NULL;
1523 inSize = 0;
1524 }
1525 void* out = NULL;
1526 size_t outSize = 0;
1527 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1528 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1529 if (outSize > 0 && out != NULL) {
1530 reply->writeInt32(outSize);
1531 void* buf = reply->writeInplace(outSize);
1532 memcpy(buf, out, outSize);
Chad Brubaker3a7d9e62015-06-04 15:01:46 -0700[diff] [blame]1533 delete[] reinterpret_cast<uint8_t*>(out);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1534 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1535 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1536 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1537 reply->writeInt32(ret);
1538 return NO_ERROR;
1539 } break;
1540 case VERIFY: {
1541 CHECK_INTERFACE(IKeystoreService, data, reply);
1542 String16 name = data.readString16();
1543 ssize_t inSize = data.readInt32();
1544 const void* in;
1545 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1546 in = data.readInplace(inSize);
1547 } else {
1548 in = NULL;
1549 inSize = 0;
1550 }
1551 ssize_t sigSize = data.readInt32();
1552 const void* sig;
1553 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1554 sig = data.readInplace(sigSize);
1555 } else {
1556 sig = NULL;
1557 sigSize = 0;
1558 }
1559 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1560 (size_t) sigSize);
1561 reply->writeNoException();
1562 reply->writeInt32(ret ? 1 : 0);
1563 return NO_ERROR;
1564 } break;
1565 case GET_PUBKEY: {
1566 CHECK_INTERFACE(IKeystoreService, data, reply);
1567 String16 name = data.readString16();
1568 void* out = NULL;
1569 size_t outSize = 0;
1570 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1571 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1572 if (outSize > 0 && out != NULL) {
1573 reply->writeInt32(outSize);
1574 void* buf = reply->writeInplace(outSize);
1575 memcpy(buf, out, outSize);
1576 free(out);
1577 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1578 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1579 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1580 reply->writeInt32(ret);
1581 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1582 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1583 case GRANT: {
1584 CHECK_INTERFACE(IKeystoreService, data, reply);
1585 String16 name = data.readString16();
1586 int32_t granteeUid = data.readInt32();
1587 int32_t ret = grant(name, granteeUid);
1588 reply->writeNoException();
1589 reply->writeInt32(ret);
1590 return NO_ERROR;
1591 } break;
1592 case UNGRANT: {
1593 CHECK_INTERFACE(IKeystoreService, data, reply);
1594 String16 name = data.readString16();
1595 int32_t granteeUid = data.readInt32();
1596 int32_t ret = ungrant(name, granteeUid);
1597 reply->writeNoException();
1598 reply->writeInt32(ret);
1599 return NO_ERROR;
1600 } break;
1601 case GETMTIME: {
1602 CHECK_INTERFACE(IKeystoreService, data, reply);
1603 String16 name = data.readString16();
1604 int64_t ret = getmtime(name);
1605 reply->writeNoException();
1606 reply->writeInt64(ret);
1607 return NO_ERROR;
1608 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1609 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1610 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1611 String16 srcKey = data.readString16();
1612 int32_t srcUid = data.readInt32();
1613 String16 destKey = data.readString16();
1614 int32_t destUid = data.readInt32();
1615 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1616 reply->writeNoException();
1617 reply->writeInt32(ret);
1618 return NO_ERROR;
1619 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1620 case IS_HARDWARE_BACKED: {
1621 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1622 String16 keyType = data.readString16();
1623 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1624 reply->writeNoException();
1625 reply->writeInt32(ret);
1626 return NO_ERROR;
1627 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1628 case CLEAR_UID: {
1629 CHECK_INTERFACE(IKeystoreService, data, reply);
1630 int64_t uid = data.readInt64();
1631 int32_t ret = clear_uid(uid);
1632 reply->writeNoException();
1633 reply->writeInt32(ret);
1634 return NO_ERROR;
1635 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1636 case ADD_RNG_ENTROPY: {
1637 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1638 const uint8_t* bytes = NULL;
1639 size_t size = 0;
1640 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1641 int32_t ret = addRngEntropy(bytes, size);
1642 reply->writeNoException();
1643 reply->writeInt32(ret);
1644 return NO_ERROR;
1645 }
1646 case GENERATE_KEY: {
1647 CHECK_INTERFACE(IKeystoreService, data, reply);
1648 String16 name = data.readString16();
1649 KeymasterArguments args;
1650 if (data.readInt32() != 0) {
1651 args.readFromParcel(data);
1652 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1653 const uint8_t* entropy = NULL;
1654 size_t entropyLength = 0;
1655 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1656 int32_t uid = data.readInt32();
1657 int32_t flags = data.readInt32();
1658 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1659 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1660 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1661 reply->writeNoException();
1662 reply->writeInt32(ret);
1663 reply->writeInt32(1);
1664 outCharacteristics.writeToParcel(reply);
1665 return NO_ERROR;
1666 }
1667 case GET_KEY_CHARACTERISTICS: {
1668 CHECK_INTERFACE(IKeystoreService, data, reply);
1669 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1670 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1671 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1672 KeyCharacteristics outCharacteristics;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1673 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(),
1674 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1675 reply->writeNoException();
1676 reply->writeInt32(ret);
1677 reply->writeInt32(1);
1678 outCharacteristics.writeToParcel(reply);
1679 return NO_ERROR;
1680 }
1681 case IMPORT_KEY: {
1682 CHECK_INTERFACE(IKeystoreService, data, reply);
1683 String16 name = data.readString16();
1684 KeymasterArguments args;
1685 if (data.readInt32() != 0) {
1686 args.readFromParcel(data);
1687 }
1688 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1689 const uint8_t* keyData = NULL;
1690 size_t keyLength = 0;
1691 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1692 int32_t uid = data.readInt32();
1693 int32_t flags = data.readInt32();
1694 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1695 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1696 &outCharacteristics);
1697 reply->writeNoException();
1698 reply->writeInt32(ret);
1699 reply->writeInt32(1);
1700 outCharacteristics.writeToParcel(reply);
1701
1702 return NO_ERROR;
1703 }
1704 case EXPORT_KEY: {
1705 CHECK_INTERFACE(IKeystoreService, data, reply);
1706 String16 name = data.readString16();
1707 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1708 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1709 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1710 ExportResult result;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1711 exportKey(name, format, clientId.get(), appData.get(), &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1712 reply->writeNoException();
1713 reply->writeInt32(1);
1714 result.writeToParcel(reply);
1715
1716 return NO_ERROR;
1717 }
1718 case BEGIN: {
1719 CHECK_INTERFACE(IKeystoreService, data, reply);
1720 sp<IBinder> token = data.readStrongBinder();
1721 String16 name = data.readString16();
1722 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1723 bool pruneable = data.readInt32() != 0;
1724 KeymasterArguments args;
1725 if (data.readInt32() != 0) {
1726 args.readFromParcel(data);
1727 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1728 const uint8_t* entropy = NULL;
1729 size_t entropyLength = 0;
1730 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1731 OperationResult result;
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1732 begin(token, name, purpose, pruneable, args, entropy, entropyLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1733 reply->writeNoException();
1734 reply->writeInt32(1);
1735 result.writeToParcel(reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1736
1737 return NO_ERROR;
1738 }
1739 case UPDATE: {
1740 CHECK_INTERFACE(IKeystoreService, data, reply);
1741 sp<IBinder> token = data.readStrongBinder();
1742 KeymasterArguments args;
1743 if (data.readInt32() != 0) {
1744 args.readFromParcel(data);
1745 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1746 const uint8_t* buf = NULL;
1747 size_t bufLength = 0;
1748 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1749 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1750 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1751 reply->writeNoException();
1752 reply->writeInt32(1);
1753 result.writeToParcel(reply);
1754
1755 return NO_ERROR;
1756 }
1757 case FINISH: {
1758 CHECK_INTERFACE(IKeystoreService, data, reply);
1759 sp<IBinder> token = data.readStrongBinder();
1760 KeymasterArguments args;
1761 if (data.readInt32() != 0) {
1762 args.readFromParcel(data);
1763 }
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1764 const uint8_t* signature = NULL;
1765 size_t signatureLength = 0;
1766 readByteArray(data, &signature, &signatureLength);
1767 const uint8_t* entropy = NULL;
1768 size_t entropyLength = 0;
1769 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1770 OperationResult result;
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1771 finish(token, args, signature, signatureLength, entropy, entropyLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1772 reply->writeNoException();
1773 reply->writeInt32(1);
1774 result.writeToParcel(reply);
1775
1776 return NO_ERROR;
1777 }
1778 case ABORT: {
1779 CHECK_INTERFACE(IKeystoreService, data, reply);
1780 sp<IBinder> token = data.readStrongBinder();
1781 int32_t result = abort(token);
1782 reply->writeNoException();
1783 reply->writeInt32(result);
1784
1785 return NO_ERROR;
1786 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1787 case IS_OPERATION_AUTHORIZED: {
1788 CHECK_INTERFACE(IKeystoreService, data, reply);
1789 sp<IBinder> token = data.readStrongBinder();
1790 bool result = isOperationAuthorized(token);
1791 reply->writeNoException();
1792 reply->writeInt32(result ? 1 : 0);
1793
1794 return NO_ERROR;
1795 }
1796 case ADD_AUTH_TOKEN: {
1797 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1798 const uint8_t* token_bytes = NULL;
1799 size_t size = 0;
1800 readByteArray(data, &token_bytes, &size);
1801 int32_t result = addAuthToken(token_bytes, size);
1802 reply->writeNoException();
1803 reply->writeInt32(result);
1804
1805 return NO_ERROR;
1806 }
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1807 case ON_USER_ADDED: {
1808 CHECK_INTERFACE(IKeystoreService, data, reply);
1809 int32_t userId = data.readInt32();
1810 int32_t parentId = data.readInt32();
1811 int32_t result = onUserAdded(userId, parentId);
1812 reply->writeNoException();
1813 reply->writeInt32(result);
1814
1815 return NO_ERROR;
1816 }
1817 case ON_USER_REMOVED: {
1818 CHECK_INTERFACE(IKeystoreService, data, reply);
1819 int32_t userId = data.readInt32();
1820 int32_t result = onUserRemoved(userId);
1821 reply->writeNoException();
1822 reply->writeInt32(result);
1823
1824 return NO_ERROR;
1825 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1826 default:
1827 return BBinder::onTransact(code, data, reply, flags);
1828 }
1829}
1830
1831// ----------------------------------------------------------------------------
1832
1833}; // namespace android