Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 7d0e9a4170ec1b1ed0f80c1a75131dadf3dd6abe / . / keystore / IKeystoreService.cpp
blob: 1d9d48d4c605fd69d603a87b70f406629122d5b5 [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]33const ssize_t MAX_GENERATE_ARGS = 3;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]34static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]35
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]36KeystoreArg::KeystoreArg(const void* data, size_t len)
37 : mData(data), mSize(len) {
38}
39
40KeystoreArg::~KeystoreArg() {
41}
42
43const void *KeystoreArg::data() const {
44 return mData;
45}
46
47size_t KeystoreArg::size() const {
48 return mSize;
49}
50
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]51OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]52 data(NULL), dataLength(0) {
53}
54
55OperationResult::~OperationResult() {
56}
57
58void OperationResult::readFromParcel(const Parcel& in) {
59 resultCode = in.readInt32();
60 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]61 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]62 inputConsumed = in.readInt32();
63 ssize_t length = in.readInt32();
64 dataLength = 0;
65 if (length > 0) {
66 const void* buf = in.readInplace(length);
67 if (buf) {
68 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
69 if (data.get()) {
70 memcpy(data.get(), buf, length);
71 dataLength = (size_t) length;
72 } else {
73 ALOGE("Failed to allocate OperationResult buffer");
74 }
75 } else {
76 ALOGE("Failed to readInplace OperationResult data");
77 }
78 }
79}
80
81void OperationResult::writeToParcel(Parcel* out) const {
82 out->writeInt32(resultCode);
83 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]84 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]85 out->writeInt32(inputConsumed);
86 out->writeInt32(dataLength);
87 if (dataLength && data) {
88 void* buf = out->writeInplace(dataLength);
89 if (buf) {
90 memcpy(buf, data.get(), dataLength);
91 } else {
92 ALOGE("Failed to writeInplace OperationResult data.");
93 }
94 }
95}
96
97ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
98}
99
100ExportResult::~ExportResult() {
101}
102
103void ExportResult::readFromParcel(const Parcel& in) {
104 resultCode = in.readInt32();
105 ssize_t length = in.readInt32();
106 dataLength = 0;
107 if (length > 0) {
108 const void* buf = in.readInplace(length);
109 if (buf) {
110 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
111 if (exportData.get()) {
112 memcpy(exportData.get(), buf, length);
113 dataLength = (size_t) length;
114 } else {
115 ALOGE("Failed to allocate ExportData buffer");
116 }
117 } else {
118 ALOGE("Failed to readInplace ExportData data");
119 }
120 }
121}
122
123void ExportResult::writeToParcel(Parcel* out) const {
124 out->writeInt32(resultCode);
125 out->writeInt32(dataLength);
126 if (exportData && dataLength) {
127 void* buf = out->writeInplace(dataLength);
128 if (buf) {
129 memcpy(buf, exportData.get(), dataLength);
130 } else {
131 ALOGE("Failed to writeInplace ExportResult data.");
132 }
133 }
134}
135
136KeymasterArguments::KeymasterArguments() {
137}
138
139KeymasterArguments::~KeymasterArguments() {
140 keymaster_free_param_values(params.data(), params.size());
141}
142
143void KeymasterArguments::readFromParcel(const Parcel& in) {
144 ssize_t length = in.readInt32();
145 size_t ulength = (size_t) length;
146 if (length < 0) {
147 ulength = 0;
148 }
149 keymaster_free_param_values(params.data(), params.size());
150 params.clear();
151 for(size_t i = 0; i < ulength; i++) {
152 keymaster_key_param_t param;
153 if (!readKeymasterArgumentFromParcel(in, &param)) {
154 ALOGE("Error reading keymaster argument from parcel");
155 break;
156 }
157 params.push_back(param);
158 }
159}
160
161void KeymasterArguments::writeToParcel(Parcel* out) const {
162 out->writeInt32(params.size());
163 for (auto param : params) {
164 out->writeInt32(1);
165 writeKeymasterArgumentToParcel(param, out);
166 }
167}
168
169KeyCharacteristics::KeyCharacteristics() {
170 memset((void*) &characteristics, 0, sizeof(characteristics));
171}
172
173KeyCharacteristics::~KeyCharacteristics() {
174 keymaster_free_characteristics(&characteristics);
175}
176
177void KeyCharacteristics::readFromParcel(const Parcel& in) {
178 size_t length = 0;
179 keymaster_key_param_t* params = readParamList(in, &length);
180 characteristics.sw_enforced.params = params;
181 characteristics.sw_enforced.length = length;
182
183 params = readParamList(in, &length);
184 characteristics.hw_enforced.params = params;
185 characteristics.hw_enforced.length = length;
186}
187
188void KeyCharacteristics::writeToParcel(Parcel* out) const {
189 if (characteristics.sw_enforced.params) {
190 out->writeInt32(characteristics.sw_enforced.length);
191 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
192 out->writeInt32(1);
193 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
194 }
195 } else {
196 out->writeInt32(0);
197 }
198 if (characteristics.hw_enforced.params) {
199 out->writeInt32(characteristics.hw_enforced.length);
200 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
201 out->writeInt32(1);
202 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
203 }
204 } else {
205 out->writeInt32(0);
206 }
207}
208
209void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
210 switch (keymaster_tag_get_type(param.tag)) {
211 case KM_ENUM:
212 case KM_ENUM_REP: {
213 out->writeInt32(param.tag);
214 out->writeInt32(param.enumerated);
215 break;
216 }
217 case KM_INT:
218 case KM_INT_REP: {
219 out->writeInt32(param.tag);
220 out->writeInt32(param.integer);
221 break;
222 }
Chad Brubaker686db062015-04-16 14:21:10 -0700[diff] [blame]223 case KM_LONG:
224 case KM_LONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]225 out->writeInt32(param.tag);
226 out->writeInt64(param.long_integer);
227 break;
228 }
229 case KM_DATE: {
230 out->writeInt32(param.tag);
231 out->writeInt64(param.date_time);
232 break;
233 }
234 case KM_BOOL: {
235 out->writeInt32(param.tag);
236 break;
237 }
238 case KM_BIGNUM:
239 case KM_BYTES: {
240 out->writeInt32(param.tag);
241 out->writeInt32(param.blob.data_length);
242 void* buf = out->writeInplace(param.blob.data_length);
243 if (buf) {
244 memcpy(buf, param.blob.data, param.blob.data_length);
245 } else {
246 ALOGE("Failed to writeInplace keymaster blob param");
247 }
248 break;
249 }
250 default: {
251 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
252 }
253 }
254}
255
256
257bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
258 if (in.readInt32() == 0) {
259 return false;
260 }
261 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
262 switch (keymaster_tag_get_type(tag)) {
263 case KM_ENUM:
264 case KM_ENUM_REP: {
265 uint32_t value = in.readInt32();
266 *out = keymaster_param_enum(tag, value);
267 break;
268 }
269 case KM_INT:
270 case KM_INT_REP: {
271 uint32_t value = in.readInt32();
272 *out = keymaster_param_int(tag, value);
273 break;
274 }
Chad Brubaker686db062015-04-16 14:21:10 -0700[diff] [blame]275 case KM_LONG:
276 case KM_LONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]277 uint64_t value = in.readInt64();
278 *out = keymaster_param_long(tag, value);
279 break;
280 }
281 case KM_DATE: {
282 uint64_t value = in.readInt64();
283 *out = keymaster_param_date(tag, value);
284 break;
285 }
286 case KM_BOOL: {
287 *out = keymaster_param_bool(tag);
288 break;
289 }
290 case KM_BIGNUM:
291 case KM_BYTES: {
292 ssize_t length = in.readInt32();
293 uint8_t* data = NULL;
294 size_t ulength = 0;
295 if (length >= 0) {
296 ulength = (size_t) length;
297 // use malloc here so we can use keymaster_free_param_values
298 // consistently.
299 data = reinterpret_cast<uint8_t*>(malloc(ulength));
300 const void* buf = in.readInplace(ulength);
301 if (!buf || !data) {
302 ALOGE("Failed to allocate buffer for keymaster blob param");
303 return false;
304 }
305 memcpy(data, buf, ulength);
306 }
307 *out = keymaster_param_blob(tag, data, ulength);
308 break;
309 }
310 default: {
311 ALOGE("Unsupported keymaster_tag_t %d", tag);
312 return false;
313 }
314 }
315 return true;
316}
317
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]318/**
319 * Read a byte array from in. The data at *data is still owned by the parcel
320 */
321static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
322 ssize_t slength = in.readInt32();
323 if (slength > 0) {
324 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
325 if (*data) {
326 *length = static_cast<size_t>(slength);
327 } else {
328 *length = 0;
329 }
330 } else {
331 *data = NULL;
332 *length = 0;
333 }
334}
335
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]336// Read a keymaster_key_param_t* from a Parcel for use in a
337// keymaster_key_characteristics_t. This will be free'd by calling
338// keymaster_free_key_characteristics.
339static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
340 ssize_t slength = in.readInt32();
341 *length = 0;
342 if (slength < 0) {
343 return NULL;
344 }
345 *length = (size_t) slength;
346 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
347 return NULL;
348 }
349 keymaster_key_param_t* list =
350 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
351 sizeof(keymaster_key_param_t)));
352 if (!list) {
353 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
354 goto err;
355 }
356 for (size_t i = 0; i < *length ; i++) {
357 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
358 ALOGE("Failed to read keymaster argument");
359 keymaster_free_param_values(list, i);
360 goto err;
361 }
362 }
363 return list;
364err:
365 free(list);
366 return NULL;
367}
368
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]369static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
370 std::unique_ptr<keymaster_blob_t> blob;
371 if (in.readInt32() != 1) {
372 blob.reset(NULL);
373 return blob;
374 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]375 ssize_t length = in.readInt32();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]376 blob.reset(new keymaster_blob_t);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]377 if (length > 0) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]378 blob->data = reinterpret_cast<const uint8_t*>(in.readInplace(length));
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]379 if (blob->data) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]380 blob->data_length = static_cast<size_t>(length);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]381 } else {
382 blob->data_length = 0;
383 }
384 } else {
385 blob->data = NULL;
386 blob->data_length = 0;
387 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]388 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]389}
390
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]391class BpKeystoreService: public BpInterface<IKeystoreService>
392{
393public:
394 BpKeystoreService(const sp<IBinder>& impl)
395 : BpInterface<IKeystoreService>(impl)
396 {
397 }
398
399 // test ping
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]400 virtual int32_t getState(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]401 {
402 Parcel data, reply;
403 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]404 data.writeInt32(userId);
405 status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]406 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]407 ALOGD("getState() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]408 return -1;
409 }
410 int32_t err = reply.readExceptionCode();
411 int32_t ret = reply.readInt32();
412 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]413 ALOGD("getState() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]414 return -1;
415 }
416 return ret;
417 }
418
419 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
420 {
421 Parcel data, reply;
422 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
423 data.writeString16(name);
424 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
425 if (status != NO_ERROR) {
426 ALOGD("get() could not contact remote: %d\n", status);
427 return -1;
428 }
429 int32_t err = reply.readExceptionCode();
430 ssize_t len = reply.readInt32();
431 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
432 size_t ulen = (size_t) len;
433 const void* buf = reply.readInplace(ulen);
434 *item = (uint8_t*) malloc(ulen);
435 if (*item != NULL) {
436 memcpy(*item, buf, ulen);
437 *itemLength = ulen;
438 } else {
439 ALOGE("out of memory allocating output array in get");
440 *itemLength = 0;
441 }
442 } else {
443 *itemLength = 0;
444 }
445 if (err < 0) {
446 ALOGD("get() caught exception %d\n", err);
447 return -1;
448 }
449 return 0;
450 }
451
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]452 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
453 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]454 {
455 Parcel data, reply;
456 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
457 data.writeString16(name);
458 data.writeInt32(itemLength);
459 void* buf = data.writeInplace(itemLength);
460 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]461 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]462 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]463 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
464 if (status != NO_ERROR) {
465 ALOGD("import() could not contact remote: %d\n", status);
466 return -1;
467 }
468 int32_t err = reply.readExceptionCode();
469 int32_t ret = reply.readInt32();
470 if (err < 0) {
471 ALOGD("import() caught exception %d\n", err);
472 return -1;
473 }
474 return ret;
475 }
476
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]477 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]478 {
479 Parcel data, reply;
480 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
481 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]482 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]483 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
484 if (status != NO_ERROR) {
485 ALOGD("del() could not contact remote: %d\n", status);
486 return -1;
487 }
488 int32_t err = reply.readExceptionCode();
489 int32_t ret = reply.readInt32();
490 if (err < 0) {
491 ALOGD("del() caught exception %d\n", err);
492 return -1;
493 }
494 return ret;
495 }
496
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]497 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]498 {
499 Parcel data, reply;
500 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
501 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]502 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]503 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
504 if (status != NO_ERROR) {
505 ALOGD("exist() could not contact remote: %d\n", status);
506 return -1;
507 }
508 int32_t err = reply.readExceptionCode();
509 int32_t ret = reply.readInt32();
510 if (err < 0) {
511 ALOGD("exist() caught exception %d\n", err);
512 return -1;
513 }
514 return ret;
515 }
516
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]517 virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]518 {
519 Parcel data, reply;
520 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]521 data.writeString16(prefix);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]522 data.writeInt32(uid);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]523 status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]524 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]525 ALOGD("list() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]526 return -1;
527 }
528 int32_t err = reply.readExceptionCode();
529 int32_t numMatches = reply.readInt32();
530 for (int32_t i = 0; i < numMatches; i++) {
531 matches->push(reply.readString16());
532 }
533 int32_t ret = reply.readInt32();
534 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]535 ALOGD("list() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]536 return -1;
537 }
538 return ret;
539 }
540
541 virtual int32_t reset()
542 {
543 Parcel data, reply;
544 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
545 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
546 if (status != NO_ERROR) {
547 ALOGD("reset() could not contact remote: %d\n", status);
548 return -1;
549 }
550 int32_t err = reply.readExceptionCode();
551 int32_t ret = reply.readInt32();
552 if (err < 0) {
553 ALOGD("reset() caught exception %d\n", err);
554 return -1;
555 }
556 return ret;
557 }
558
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]559 virtual int32_t onUserPasswordChanged(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]560 {
561 Parcel data, reply;
562 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]563 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]564 data.writeString16(password);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]565 status_t status = remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data,
566 &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]567 if (status != NO_ERROR) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]568 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]569 return -1;
570 }
571 int32_t err = reply.readExceptionCode();
572 int32_t ret = reply.readInt32();
573 if (err < 0) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]574 ALOGD("onUserPasswordChanged() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]575 return -1;
576 }
577 return ret;
578 }
579
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]580 virtual int32_t lock(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]581 {
582 Parcel data, reply;
583 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]584 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]585 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
586 if (status != NO_ERROR) {
587 ALOGD("lock() could not contact remote: %d\n", status);
588 return -1;
589 }
590 int32_t err = reply.readExceptionCode();
591 int32_t ret = reply.readInt32();
592 if (err < 0) {
593 ALOGD("lock() caught exception %d\n", err);
594 return -1;
595 }
596 return ret;
597 }
598
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]599 virtual int32_t unlock(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]600 {
601 Parcel data, reply;
602 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]603 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]604 data.writeString16(password);
605 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
606 if (status != NO_ERROR) {
607 ALOGD("unlock() could not contact remote: %d\n", status);
608 return -1;
609 }
610 int32_t err = reply.readExceptionCode();
611 int32_t ret = reply.readInt32();
612 if (err < 0) {
613 ALOGD("unlock() caught exception %d\n", err);
614 return -1;
615 }
616 return ret;
617 }
618
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]619 virtual bool isEmpty(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]620 {
621 Parcel data, reply;
622 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]623 data.writeInt32(userId);
624 status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]625 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]626 ALOGD("isEmpty() could not contact remote: %d\n", status);
627 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]628 }
629 int32_t err = reply.readExceptionCode();
630 int32_t ret = reply.readInt32();
631 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]632 ALOGD("isEmpty() caught exception %d\n", err);
633 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]634 }
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]635 return ret != 0;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]636 }
637
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]638 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
639 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]640 {
641 Parcel data, reply;
642 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
643 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]644 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]645 data.writeInt32(keyType);
646 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]647 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]648 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]649 data.writeInt32(args->size());
650 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
651 sp<KeystoreArg> item = *it;
652 size_t keyLength = item->size();
653 data.writeInt32(keyLength);
654 void* buf = data.writeInplace(keyLength);
655 memcpy(buf, item->data(), keyLength);
656 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]657 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
658 if (status != NO_ERROR) {
659 ALOGD("generate() could not contact remote: %d\n", status);
660 return -1;
661 }
662 int32_t err = reply.readExceptionCode();
663 int32_t ret = reply.readInt32();
664 if (err < 0) {
665 ALOGD("generate() caught exception %d\n", err);
666 return -1;
667 }
668 return ret;
669 }
670
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]671 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
672 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]673 {
674 Parcel data, reply;
675 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
676 data.writeString16(name);
677 data.writeInt32(keyLength);
678 void* buf = data.writeInplace(keyLength);
679 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]680 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]681 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]682 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
683 if (status != NO_ERROR) {
684 ALOGD("import() could not contact remote: %d\n", status);
685 return -1;
686 }
687 int32_t err = reply.readExceptionCode();
688 int32_t ret = reply.readInt32();
689 if (err < 0) {
690 ALOGD("import() caught exception %d\n", err);
691 return -1;
692 }
693 return ret;
694 }
695
696 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
697 size_t* outLength)
698 {
699 Parcel data, reply;
700 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
701 data.writeString16(name);
702 data.writeInt32(inLength);
703 void* buf = data.writeInplace(inLength);
704 memcpy(buf, in, inLength);
705 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
706 if (status != NO_ERROR) {
707 ALOGD("import() could not contact remote: %d\n", status);
708 return -1;
709 }
710 int32_t err = reply.readExceptionCode();
711 ssize_t len = reply.readInt32();
712 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
713 size_t ulen = (size_t) len;
714 const void* outBuf = reply.readInplace(ulen);
715 *out = (uint8_t*) malloc(ulen);
716 if (*out != NULL) {
717 memcpy((void*) *out, outBuf, ulen);
718 *outLength = ulen;
719 } else {
720 ALOGE("out of memory allocating output array in sign");
721 *outLength = 0;
722 }
723 } else {
724 *outLength = 0;
725 }
726 if (err < 0) {
727 ALOGD("import() caught exception %d\n", err);
728 return -1;
729 }
730 return 0;
731 }
732
733 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
734 const uint8_t* signature, size_t signatureLength)
735 {
736 Parcel data, reply;
737 void* buf;
738
739 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
740 data.writeString16(name);
741 data.writeInt32(inLength);
742 buf = data.writeInplace(inLength);
743 memcpy(buf, in, inLength);
744 data.writeInt32(signatureLength);
745 buf = data.writeInplace(signatureLength);
746 memcpy(buf, signature, signatureLength);
747 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
748 if (status != NO_ERROR) {
749 ALOGD("verify() could not contact remote: %d\n", status);
750 return -1;
751 }
752 int32_t err = reply.readExceptionCode();
753 int32_t ret = reply.readInt32();
754 if (err < 0) {
755 ALOGD("verify() caught exception %d\n", err);
756 return -1;
757 }
758 return ret;
759 }
760
761 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
762 {
763 Parcel data, reply;
764 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
765 data.writeString16(name);
766 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
767 if (status != NO_ERROR) {
768 ALOGD("get_pubkey() could not contact remote: %d\n", status);
769 return -1;
770 }
771 int32_t err = reply.readExceptionCode();
772 ssize_t len = reply.readInt32();
773 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
774 size_t ulen = (size_t) len;
775 const void* buf = reply.readInplace(ulen);
776 *pubkey = (uint8_t*) malloc(ulen);
777 if (*pubkey != NULL) {
778 memcpy(*pubkey, buf, ulen);
779 *pubkeyLength = ulen;
780 } else {
781 ALOGE("out of memory allocating output array in get_pubkey");
782 *pubkeyLength = 0;
783 }
784 } else {
785 *pubkeyLength = 0;
786 }
787 if (err < 0) {
788 ALOGD("get_pubkey() caught exception %d\n", err);
789 return -1;
790 }
791 return 0;
792 }
793
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]794 virtual int32_t grant(const String16& name, int32_t granteeUid)
795 {
796 Parcel data, reply;
797 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
798 data.writeString16(name);
799 data.writeInt32(granteeUid);
800 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
801 if (status != NO_ERROR) {
802 ALOGD("grant() could not contact remote: %d\n", status);
803 return -1;
804 }
805 int32_t err = reply.readExceptionCode();
806 int32_t ret = reply.readInt32();
807 if (err < 0) {
808 ALOGD("grant() caught exception %d\n", err);
809 return -1;
810 }
811 return ret;
812 }
813
814 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
815 {
816 Parcel data, reply;
817 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
818 data.writeString16(name);
819 data.writeInt32(granteeUid);
820 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
821 if (status != NO_ERROR) {
822 ALOGD("ungrant() could not contact remote: %d\n", status);
823 return -1;
824 }
825 int32_t err = reply.readExceptionCode();
826 int32_t ret = reply.readInt32();
827 if (err < 0) {
828 ALOGD("ungrant() caught exception %d\n", err);
829 return -1;
830 }
831 return ret;
832 }
833
834 int64_t getmtime(const String16& name)
835 {
836 Parcel data, reply;
837 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
838 data.writeString16(name);
839 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
840 if (status != NO_ERROR) {
841 ALOGD("getmtime() could not contact remote: %d\n", status);
842 return -1;
843 }
844 int32_t err = reply.readExceptionCode();
845 int64_t ret = reply.readInt64();
846 if (err < 0) {
847 ALOGD("getmtime() caught exception %d\n", err);
848 return -1;
849 }
850 return ret;
851 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]852
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]853 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
854 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]855 {
856 Parcel data, reply;
857 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]858 data.writeString16(srcKey);
859 data.writeInt32(srcUid);
860 data.writeString16(destKey);
861 data.writeInt32(destUid);
862 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]863 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]864 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]865 return -1;
866 }
867 int32_t err = reply.readExceptionCode();
868 int32_t ret = reply.readInt32();
869 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]870 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]871 return -1;
872 }
873 return ret;
874 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]875
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]876 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]877 {
878 Parcel data, reply;
879 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]880 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]881 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
882 if (status != NO_ERROR) {
883 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
884 return -1;
885 }
886 int32_t err = reply.readExceptionCode();
887 int32_t ret = reply.readInt32();
888 if (err < 0) {
889 ALOGD("is_hardware_backed() caught exception %d\n", err);
890 return -1;
891 }
892 return ret;
893 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]894
895 virtual int32_t clear_uid(int64_t uid)
896 {
897 Parcel data, reply;
898 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
899 data.writeInt64(uid);
900 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
901 if (status != NO_ERROR) {
902 ALOGD("clear_uid() could not contact remote: %d\n", status);
903 return -1;
904 }
905 int32_t err = reply.readExceptionCode();
906 int32_t ret = reply.readInt32();
907 if (err < 0) {
908 ALOGD("clear_uid() caught exception %d\n", err);
909 return -1;
910 }
911 return ret;
912 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]913
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]914 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
915 {
916 Parcel data, reply;
917 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]918 data.writeByteArray(bufLength, buf);
919 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
920 if (status != NO_ERROR) {
921 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
922 return -1;
923 }
924 int32_t err = reply.readExceptionCode();
925 int32_t ret = reply.readInt32();
926 if (err < 0) {
927 ALOGD("addRngEntropy() caught exception %d\n", err);
928 return -1;
929 }
930 return ret;
931 };
932
933 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]934 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
935 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]936 {
937 Parcel data, reply;
938 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
939 data.writeString16(name);
940 data.writeInt32(1);
941 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]942 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]943 data.writeInt32(uid);
944 data.writeInt32(flags);
945 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
946 if (status != NO_ERROR) {
947 ALOGD("generateKey() could not contact remote: %d\n", status);
948 return KM_ERROR_UNKNOWN_ERROR;
949 }
950 int32_t err = reply.readExceptionCode();
951 int32_t ret = reply.readInt32();
952 if (err < 0) {
953 ALOGD("generateKey() caught exception %d\n", err);
954 return KM_ERROR_UNKNOWN_ERROR;
955 }
956 if (reply.readInt32() != 0 && outCharacteristics) {
957 outCharacteristics->readFromParcel(reply);
958 }
959 return ret;
960 }
961 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]962 const keymaster_blob_t* clientId,
963 const keymaster_blob_t* appData,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]964 KeyCharacteristics* outCharacteristics)
965 {
966 Parcel data, reply;
967 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
968 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]969 if (clientId) {
970 data.writeByteArray(clientId->data_length, clientId->data);
971 } else {
972 data.writeInt32(-1);
973 }
974 if (appData) {
975 data.writeByteArray(appData->data_length, appData->data);
976 } else {
977 data.writeInt32(-1);
978 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]979 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
980 data, &reply);
981 if (status != NO_ERROR) {
982 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
983 return KM_ERROR_UNKNOWN_ERROR;
984 }
985 int32_t err = reply.readExceptionCode();
986 int32_t ret = reply.readInt32();
987 if (err < 0) {
988 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
989 return KM_ERROR_UNKNOWN_ERROR;
990 }
991 if (reply.readInt32() != 0 && outCharacteristics) {
992 outCharacteristics->readFromParcel(reply);
993 }
994 return ret;
995 }
996 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
997 keymaster_key_format_t format, const uint8_t *keyData,
998 size_t keyLength, int uid, int flags,
999 KeyCharacteristics* outCharacteristics)
1000 {
1001 Parcel data, reply;
1002 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1003 data.writeString16(name);
1004 data.writeInt32(1);
1005 params.writeToParcel(&data);
1006 data.writeInt32(format);
1007 data.writeByteArray(keyLength, keyData);
1008 data.writeInt32(uid);
1009 data.writeInt32(flags);
1010 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1011 if (status != NO_ERROR) {
1012 ALOGD("importKey() could not contact remote: %d\n", status);
1013 return KM_ERROR_UNKNOWN_ERROR;
1014 }
1015 int32_t err = reply.readExceptionCode();
1016 int32_t ret = reply.readInt32();
1017 if (err < 0) {
1018 ALOGD("importKey() caught exception %d\n", err);
1019 return KM_ERROR_UNKNOWN_ERROR;
1020 }
1021 if (reply.readInt32() != 0 && outCharacteristics) {
1022 outCharacteristics->readFromParcel(reply);
1023 }
1024 return ret;
1025 }
1026
1027 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1028 const keymaster_blob_t* clientId,
1029 const keymaster_blob_t* appData, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1030 {
1031 if (!result) {
1032 return;
1033 }
1034
1035 Parcel data, reply;
1036 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1037 data.writeString16(name);
1038 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1039 if (clientId) {
1040 data.writeByteArray(clientId->data_length, clientId->data);
1041 } else {
1042 data.writeInt32(-1);
1043 }
1044 if (appData) {
1045 data.writeByteArray(appData->data_length, appData->data);
1046 } else {
1047 data.writeInt32(-1);
1048 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1049 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1050 if (status != NO_ERROR) {
1051 ALOGD("exportKey() could not contact remote: %d\n", status);
1052 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1053 return;
1054 }
1055 int32_t err = reply.readExceptionCode();
1056 if (err < 0) {
1057 ALOGD("exportKey() caught exception %d\n", err);
1058 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1059 return;
1060 }
1061 if (reply.readInt32() != 0) {
1062 result->readFromParcel(reply);
1063 }
1064 }
1065
1066 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1067 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1068 const KeymasterArguments& params, const uint8_t* entropy,
1069 size_t entropyLength, KeymasterArguments* outParams,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1070 OperationResult* result)
1071 {
1072 if (!result || !outParams) {
1073 return;
1074 }
1075 Parcel data, reply;
1076 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1077 data.writeStrongBinder(appToken);
1078 data.writeString16(name);
1079 data.writeInt32(purpose);
1080 data.writeInt32(pruneable ? 1 : 0);
1081 data.writeInt32(1);
1082 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1083 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1084 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1085 if (status != NO_ERROR) {
1086 ALOGD("begin() could not contact remote: %d\n", status);
1087 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1088 return;
1089 }
1090 int32_t err = reply.readExceptionCode();
1091 if (err < 0) {
1092 ALOGD("begin() caught exception %d\n", err);
1093 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1094 return;
1095 }
1096 if (reply.readInt32() != 0) {
1097 result->readFromParcel(reply);
1098 }
1099 if (reply.readInt32() != 0) {
1100 outParams->readFromParcel(reply);
1101 }
1102 }
1103
1104 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1105 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1106 {
1107 if (!result) {
1108 return;
1109 }
1110 Parcel data, reply;
1111 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1112 data.writeStrongBinder(token);
1113 data.writeInt32(1);
1114 params.writeToParcel(&data);
1115 data.writeByteArray(dataLength, opData);
1116 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1117 if (status != NO_ERROR) {
1118 ALOGD("update() could not contact remote: %d\n", status);
1119 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1120 return;
1121 }
1122 int32_t err = reply.readExceptionCode();
1123 if (err < 0) {
1124 ALOGD("update() caught exception %d\n", err);
1125 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1126 return;
1127 }
1128 if (reply.readInt32() != 0) {
1129 result->readFromParcel(reply);
1130 }
1131 }
1132
1133 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1134 const uint8_t* signature, size_t signatureLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1135 {
1136 if (!result) {
1137 return;
1138 }
1139 Parcel data, reply;
1140 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1141 data.writeStrongBinder(token);
1142 data.writeInt32(1);
1143 params.writeToParcel(&data);
1144 data.writeByteArray(signatureLength, signature);
1145 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1146 if (status != NO_ERROR) {
1147 ALOGD("finish() could not contact remote: %d\n", status);
1148 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1149 return;
1150 }
1151 int32_t err = reply.readExceptionCode();
1152 if (err < 0) {
1153 ALOGD("finish() caught exception %d\n", err);
1154 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1155 return;
1156 }
1157 if (reply.readInt32() != 0) {
1158 result->readFromParcel(reply);
1159 }
1160 }
1161
1162 virtual int32_t abort(const sp<IBinder>& token)
1163 {
1164 Parcel data, reply;
1165 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1166 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1167 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1168 if (status != NO_ERROR) {
1169 ALOGD("abort() could not contact remote: %d\n", status);
1170 return KM_ERROR_UNKNOWN_ERROR;
1171 }
1172 int32_t err = reply.readExceptionCode();
1173 int32_t ret = reply.readInt32();
1174 if (err < 0) {
1175 ALOGD("abort() caught exception %d\n", err);
1176 return KM_ERROR_UNKNOWN_ERROR;
1177 }
1178 return ret;
1179 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1180
1181 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1182 {
1183 Parcel data, reply;
1184 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1185 data.writeStrongBinder(token);
1186 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1187 &reply);
1188 if (status != NO_ERROR) {
1189 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1190 return false;
1191 }
1192 int32_t err = reply.readExceptionCode();
1193 int32_t ret = reply.readInt32();
1194 if (err < 0) {
1195 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1196 return false;
1197 }
1198 return ret == 1;
1199 }
1200
1201 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1202 {
1203 Parcel data, reply;
1204 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1205 data.writeByteArray(length, token);
1206 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1207 if (status != NO_ERROR) {
1208 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1209 return -1;
1210 }
1211 int32_t err = reply.readExceptionCode();
1212 int32_t ret = reply.readInt32();
1213 if (err < 0) {
1214 ALOGD("addAuthToken() caught exception %d\n", err);
1215 return -1;
1216 }
1217 return ret;
1218 };
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1219
1220 virtual int32_t onUserAdded(int32_t userId, int32_t parentId)
1221 {
1222 Parcel data, reply;
1223 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1224 data.writeInt32(userId);
1225 data.writeInt32(parentId);
1226 status_t status = remote()->transact(BnKeystoreService::ON_USER_ADDED, data, &reply);
1227 if (status != NO_ERROR) {
1228 ALOGD("onUserAdded() could not contact remote: %d\n", status);
1229 return -1;
1230 }
1231 int32_t err = reply.readExceptionCode();
1232 int32_t ret = reply.readInt32();
1233 if (err < 0) {
1234 ALOGD("onUserAdded() caught exception %d\n", err);
1235 return -1;
1236 }
1237 return ret;
1238 }
1239
1240 virtual int32_t onUserRemoved(int32_t userId)
1241 {
1242 Parcel data, reply;
1243 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1244 data.writeInt32(userId);
1245 status_t status = remote()->transact(BnKeystoreService::ON_USER_REMOVED, data, &reply);
1246 if (status != NO_ERROR) {
1247 ALOGD("onUserRemoved() could not contact remote: %d\n", status);
1248 return -1;
1249 }
1250 int32_t err = reply.readExceptionCode();
1251 int32_t ret = reply.readInt32();
1252 if (err < 0) {
1253 ALOGD("onUserRemoved() caught exception %d\n", err);
1254 return -1;
1255 }
1256 return ret;
1257 }
1258
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1259};
1260
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1261IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1262
1263// ----------------------------------------------------------------------
1264
1265status_t BnKeystoreService::onTransact(
1266 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1267{
1268 switch(code) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1269 case GET_STATE: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1270 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1271 int32_t userId = data.readInt32();
1272 int32_t ret = getState(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1273 reply->writeNoException();
1274 reply->writeInt32(ret);
1275 return NO_ERROR;
1276 } break;
1277 case GET: {
1278 CHECK_INTERFACE(IKeystoreService, data, reply);
1279 String16 name = data.readString16();
1280 void* out = NULL;
1281 size_t outSize = 0;
1282 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1283 reply->writeNoException();
1284 if (ret == 1) {
1285 reply->writeInt32(outSize);
1286 void* buf = reply->writeInplace(outSize);
1287 memcpy(buf, out, outSize);
1288 free(out);
1289 } else {
1290 reply->writeInt32(-1);
1291 }
1292 return NO_ERROR;
1293 } break;
1294 case INSERT: {
1295 CHECK_INTERFACE(IKeystoreService, data, reply);
1296 String16 name = data.readString16();
1297 ssize_t inSize = data.readInt32();
1298 const void* in;
1299 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1300 in = data.readInplace(inSize);
1301 } else {
1302 in = NULL;
1303 inSize = 0;
1304 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1305 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1306 int32_t flags = data.readInt32();
1307 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1308 reply->writeNoException();
1309 reply->writeInt32(ret);
1310 return NO_ERROR;
1311 } break;
1312 case DEL: {
1313 CHECK_INTERFACE(IKeystoreService, data, reply);
1314 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1315 int uid = data.readInt32();
1316 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1317 reply->writeNoException();
1318 reply->writeInt32(ret);
1319 return NO_ERROR;
1320 } break;
1321 case EXIST: {
1322 CHECK_INTERFACE(IKeystoreService, data, reply);
1323 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1324 int uid = data.readInt32();
1325 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1326 reply->writeNoException();
1327 reply->writeInt32(ret);
1328 return NO_ERROR;
1329 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1330 case LIST: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1331 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1332 String16 prefix = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1333 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1334 Vector<String16> matches;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1335 int32_t ret = list(prefix, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1336 reply->writeNoException();
1337 reply->writeInt32(matches.size());
1338 Vector<String16>::const_iterator it = matches.begin();
1339 for (; it != matches.end(); ++it) {
1340 reply->writeString16(*it);
1341 }
1342 reply->writeInt32(ret);
1343 return NO_ERROR;
1344 } break;
1345 case RESET: {
1346 CHECK_INTERFACE(IKeystoreService, data, reply);
1347 int32_t ret = reset();
1348 reply->writeNoException();
1349 reply->writeInt32(ret);
1350 return NO_ERROR;
1351 } break;
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1352 case ON_USER_PASSWORD_CHANGED: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1353 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1354 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1355 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1356 int32_t ret = onUserPasswordChanged(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1357 reply->writeNoException();
1358 reply->writeInt32(ret);
1359 return NO_ERROR;
1360 } break;
1361 case LOCK: {
1362 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1363 int32_t userId = data.readInt32();
1364 int32_t ret = lock(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1365 reply->writeNoException();
1366 reply->writeInt32(ret);
1367 return NO_ERROR;
1368 } break;
1369 case UNLOCK: {
1370 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1371 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1372 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1373 int32_t ret = unlock(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1374 reply->writeNoException();
1375 reply->writeInt32(ret);
1376 return NO_ERROR;
1377 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1378 case IS_EMPTY: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1379 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1380 int32_t userId = data.readInt32();
1381 bool ret = isEmpty(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1382 reply->writeNoException();
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1383 reply->writeInt32(ret ? 1 : 0);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1384 return NO_ERROR;
1385 } break;
1386 case GENERATE: {
1387 CHECK_INTERFACE(IKeystoreService, data, reply);
1388 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1389 int32_t uid = data.readInt32();
1390 int32_t keyType = data.readInt32();
1391 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1392 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1393 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1394 int32_t argsPresent = data.readInt32();
1395 if (argsPresent == 1) {
1396 ssize_t numArgs = data.readInt32();
Chad Brubakered4f5662015-01-14 19:22:09 -0800[diff] [blame]1397 if (numArgs > MAX_GENERATE_ARGS) {
1398 return BAD_VALUE;
1399 }
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1400 if (numArgs > 0) {
1401 for (size_t i = 0; i < (size_t) numArgs; i++) {
1402 ssize_t inSize = data.readInt32();
1403 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1404 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1405 inSize);
1406 args.push_back(arg);
1407 } else {
1408 args.push_back(NULL);
1409 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1410 }
1411 }
1412 }
1413 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1414 reply->writeNoException();
1415 reply->writeInt32(ret);
1416 return NO_ERROR;
1417 } break;
1418 case IMPORT: {
1419 CHECK_INTERFACE(IKeystoreService, data, reply);
1420 String16 name = data.readString16();
1421 ssize_t inSize = data.readInt32();
1422 const void* in;
1423 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1424 in = data.readInplace(inSize);
1425 } else {
1426 in = NULL;
1427 inSize = 0;
1428 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1429 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1430 int32_t flags = data.readInt32();
1431 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1432 reply->writeNoException();
1433 reply->writeInt32(ret);
1434 return NO_ERROR;
1435 } break;
1436 case SIGN: {
1437 CHECK_INTERFACE(IKeystoreService, data, reply);
1438 String16 name = data.readString16();
1439 ssize_t inSize = data.readInt32();
1440 const void* in;
1441 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1442 in = data.readInplace(inSize);
1443 } else {
1444 in = NULL;
1445 inSize = 0;
1446 }
1447 void* out = NULL;
1448 size_t outSize = 0;
1449 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1450 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1451 if (outSize > 0 && out != NULL) {
1452 reply->writeInt32(outSize);
1453 void* buf = reply->writeInplace(outSize);
1454 memcpy(buf, out, outSize);
1455 free(out);
1456 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1457 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1458 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1459 reply->writeInt32(ret);
1460 return NO_ERROR;
1461 } break;
1462 case VERIFY: {
1463 CHECK_INTERFACE(IKeystoreService, data, reply);
1464 String16 name = data.readString16();
1465 ssize_t inSize = data.readInt32();
1466 const void* in;
1467 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1468 in = data.readInplace(inSize);
1469 } else {
1470 in = NULL;
1471 inSize = 0;
1472 }
1473 ssize_t sigSize = data.readInt32();
1474 const void* sig;
1475 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1476 sig = data.readInplace(sigSize);
1477 } else {
1478 sig = NULL;
1479 sigSize = 0;
1480 }
1481 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1482 (size_t) sigSize);
1483 reply->writeNoException();
1484 reply->writeInt32(ret ? 1 : 0);
1485 return NO_ERROR;
1486 } break;
1487 case GET_PUBKEY: {
1488 CHECK_INTERFACE(IKeystoreService, data, reply);
1489 String16 name = data.readString16();
1490 void* out = NULL;
1491 size_t outSize = 0;
1492 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1493 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1494 if (outSize > 0 && out != NULL) {
1495 reply->writeInt32(outSize);
1496 void* buf = reply->writeInplace(outSize);
1497 memcpy(buf, out, outSize);
1498 free(out);
1499 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1500 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1501 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1502 reply->writeInt32(ret);
1503 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1504 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1505 case GRANT: {
1506 CHECK_INTERFACE(IKeystoreService, data, reply);
1507 String16 name = data.readString16();
1508 int32_t granteeUid = data.readInt32();
1509 int32_t ret = grant(name, granteeUid);
1510 reply->writeNoException();
1511 reply->writeInt32(ret);
1512 return NO_ERROR;
1513 } break;
1514 case UNGRANT: {
1515 CHECK_INTERFACE(IKeystoreService, data, reply);
1516 String16 name = data.readString16();
1517 int32_t granteeUid = data.readInt32();
1518 int32_t ret = ungrant(name, granteeUid);
1519 reply->writeNoException();
1520 reply->writeInt32(ret);
1521 return NO_ERROR;
1522 } break;
1523 case GETMTIME: {
1524 CHECK_INTERFACE(IKeystoreService, data, reply);
1525 String16 name = data.readString16();
1526 int64_t ret = getmtime(name);
1527 reply->writeNoException();
1528 reply->writeInt64(ret);
1529 return NO_ERROR;
1530 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1531 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1532 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1533 String16 srcKey = data.readString16();
1534 int32_t srcUid = data.readInt32();
1535 String16 destKey = data.readString16();
1536 int32_t destUid = data.readInt32();
1537 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1538 reply->writeNoException();
1539 reply->writeInt32(ret);
1540 return NO_ERROR;
1541 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1542 case IS_HARDWARE_BACKED: {
1543 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1544 String16 keyType = data.readString16();
1545 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1546 reply->writeNoException();
1547 reply->writeInt32(ret);
1548 return NO_ERROR;
1549 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1550 case CLEAR_UID: {
1551 CHECK_INTERFACE(IKeystoreService, data, reply);
1552 int64_t uid = data.readInt64();
1553 int32_t ret = clear_uid(uid);
1554 reply->writeNoException();
1555 reply->writeInt32(ret);
1556 return NO_ERROR;
1557 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1558 case ADD_RNG_ENTROPY: {
1559 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1560 const uint8_t* bytes = NULL;
1561 size_t size = 0;
1562 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1563 int32_t ret = addRngEntropy(bytes, size);
1564 reply->writeNoException();
1565 reply->writeInt32(ret);
1566 return NO_ERROR;
1567 }
1568 case GENERATE_KEY: {
1569 CHECK_INTERFACE(IKeystoreService, data, reply);
1570 String16 name = data.readString16();
1571 KeymasterArguments args;
1572 if (data.readInt32() != 0) {
1573 args.readFromParcel(data);
1574 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1575 const uint8_t* entropy = NULL;
1576 size_t entropyLength = 0;
1577 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1578 int32_t uid = data.readInt32();
1579 int32_t flags = data.readInt32();
1580 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1581 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1582 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1583 reply->writeNoException();
1584 reply->writeInt32(ret);
1585 reply->writeInt32(1);
1586 outCharacteristics.writeToParcel(reply);
1587 return NO_ERROR;
1588 }
1589 case GET_KEY_CHARACTERISTICS: {
1590 CHECK_INTERFACE(IKeystoreService, data, reply);
1591 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1592 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1593 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1594 KeyCharacteristics outCharacteristics;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1595 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(),
1596 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1597 reply->writeNoException();
1598 reply->writeInt32(ret);
1599 reply->writeInt32(1);
1600 outCharacteristics.writeToParcel(reply);
1601 return NO_ERROR;
1602 }
1603 case IMPORT_KEY: {
1604 CHECK_INTERFACE(IKeystoreService, data, reply);
1605 String16 name = data.readString16();
1606 KeymasterArguments args;
1607 if (data.readInt32() != 0) {
1608 args.readFromParcel(data);
1609 }
1610 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1611 const uint8_t* keyData = NULL;
1612 size_t keyLength = 0;
1613 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1614 int32_t uid = data.readInt32();
1615 int32_t flags = data.readInt32();
1616 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1617 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1618 &outCharacteristics);
1619 reply->writeNoException();
1620 reply->writeInt32(ret);
1621 reply->writeInt32(1);
1622 outCharacteristics.writeToParcel(reply);
1623
1624 return NO_ERROR;
1625 }
1626 case EXPORT_KEY: {
1627 CHECK_INTERFACE(IKeystoreService, data, reply);
1628 String16 name = data.readString16();
1629 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1630 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1631 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1632 ExportResult result;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1633 exportKey(name, format, clientId.get(), appData.get(), &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1634 reply->writeNoException();
1635 reply->writeInt32(1);
1636 result.writeToParcel(reply);
1637
1638 return NO_ERROR;
1639 }
1640 case BEGIN: {
1641 CHECK_INTERFACE(IKeystoreService, data, reply);
1642 sp<IBinder> token = data.readStrongBinder();
1643 String16 name = data.readString16();
1644 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1645 bool pruneable = data.readInt32() != 0;
1646 KeymasterArguments args;
1647 if (data.readInt32() != 0) {
1648 args.readFromParcel(data);
1649 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1650 const uint8_t* entropy = NULL;
1651 size_t entropyLength = 0;
1652 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1653 KeymasterArguments outArgs;
1654 OperationResult result;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1655 begin(token, name, purpose, pruneable, args, entropy, entropyLength, &outArgs,
1656 &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1657 reply->writeNoException();
1658 reply->writeInt32(1);
1659 result.writeToParcel(reply);
1660 reply->writeInt32(1);
1661 outArgs.writeToParcel(reply);
1662
1663 return NO_ERROR;
1664 }
1665 case UPDATE: {
1666 CHECK_INTERFACE(IKeystoreService, data, reply);
1667 sp<IBinder> token = data.readStrongBinder();
1668 KeymasterArguments args;
1669 if (data.readInt32() != 0) {
1670 args.readFromParcel(data);
1671 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1672 const uint8_t* buf = NULL;
1673 size_t bufLength = 0;
1674 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1675 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1676 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1677 reply->writeNoException();
1678 reply->writeInt32(1);
1679 result.writeToParcel(reply);
1680
1681 return NO_ERROR;
1682 }
1683 case FINISH: {
1684 CHECK_INTERFACE(IKeystoreService, data, reply);
1685 sp<IBinder> token = data.readStrongBinder();
1686 KeymasterArguments args;
1687 if (data.readInt32() != 0) {
1688 args.readFromParcel(data);
1689 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1690 const uint8_t* buf = NULL;
1691 size_t bufLength = 0;
1692 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1693 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1694 finish(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1695 reply->writeNoException();
1696 reply->writeInt32(1);
1697 result.writeToParcel(reply);
1698
1699 return NO_ERROR;
1700 }
1701 case ABORT: {
1702 CHECK_INTERFACE(IKeystoreService, data, reply);
1703 sp<IBinder> token = data.readStrongBinder();
1704 int32_t result = abort(token);
1705 reply->writeNoException();
1706 reply->writeInt32(result);
1707
1708 return NO_ERROR;
1709 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1710 case IS_OPERATION_AUTHORIZED: {
1711 CHECK_INTERFACE(IKeystoreService, data, reply);
1712 sp<IBinder> token = data.readStrongBinder();
1713 bool result = isOperationAuthorized(token);
1714 reply->writeNoException();
1715 reply->writeInt32(result ? 1 : 0);
1716
1717 return NO_ERROR;
1718 }
1719 case ADD_AUTH_TOKEN: {
1720 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1721 const uint8_t* token_bytes = NULL;
1722 size_t size = 0;
1723 readByteArray(data, &token_bytes, &size);
1724 int32_t result = addAuthToken(token_bytes, size);
1725 reply->writeNoException();
1726 reply->writeInt32(result);
1727
1728 return NO_ERROR;
1729 }
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1730 case ON_USER_ADDED: {
1731 CHECK_INTERFACE(IKeystoreService, data, reply);
1732 int32_t userId = data.readInt32();
1733 int32_t parentId = data.readInt32();
1734 int32_t result = onUserAdded(userId, parentId);
1735 reply->writeNoException();
1736 reply->writeInt32(result);
1737
1738 return NO_ERROR;
1739 }
1740 case ON_USER_REMOVED: {
1741 CHECK_INTERFACE(IKeystoreService, data, reply);
1742 int32_t userId = data.readInt32();
1743 int32_t result = onUserRemoved(userId);
1744 reply->writeNoException();
1745 reply->writeInt32(result);
1746
1747 return NO_ERROR;
1748 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1749 default:
1750 return BBinder::onTransact(code, data, reply, flags);
1751 }
1752}
1753
1754// ----------------------------------------------------------------------------
1755
1756}; // namespace android