Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 57e106dc183744cdc05c62bea11bc285b3346846 / . / keystore / IKeystoreService.cpp
blob: fc0b8daa96fd628a824afac7fcc65cc7e85a798e [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]33const ssize_t MAX_GENERATE_ARGS = 3;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]34static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]35
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]36KeystoreArg::KeystoreArg(const void* data, size_t len)
37 : mData(data), mSize(len) {
38}
39
40KeystoreArg::~KeystoreArg() {
41}
42
43const void *KeystoreArg::data() const {
44 return mData;
45}
46
47size_t KeystoreArg::size() const {
48 return mSize;
49}
50
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]51OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]52 data(NULL), dataLength(0) {
53}
54
55OperationResult::~OperationResult() {
56}
57
58void OperationResult::readFromParcel(const Parcel& in) {
59 resultCode = in.readInt32();
60 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]61 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]62 inputConsumed = in.readInt32();
63 ssize_t length = in.readInt32();
64 dataLength = 0;
65 if (length > 0) {
66 const void* buf = in.readInplace(length);
67 if (buf) {
68 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
69 if (data.get()) {
70 memcpy(data.get(), buf, length);
71 dataLength = (size_t) length;
72 } else {
73 ALOGE("Failed to allocate OperationResult buffer");
74 }
75 } else {
76 ALOGE("Failed to readInplace OperationResult data");
77 }
78 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame^]79 outParams.readFromParcel(in);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]80}
81
82void OperationResult::writeToParcel(Parcel* out) const {
83 out->writeInt32(resultCode);
84 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]85 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]86 out->writeInt32(inputConsumed);
87 out->writeInt32(dataLength);
88 if (dataLength && data) {
89 void* buf = out->writeInplace(dataLength);
90 if (buf) {
91 memcpy(buf, data.get(), dataLength);
92 } else {
93 ALOGE("Failed to writeInplace OperationResult data.");
94 }
95 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame^]96 outParams.writeToParcel(out);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]97}
98
99ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
100}
101
102ExportResult::~ExportResult() {
103}
104
105void ExportResult::readFromParcel(const Parcel& in) {
106 resultCode = in.readInt32();
107 ssize_t length = in.readInt32();
108 dataLength = 0;
109 if (length > 0) {
110 const void* buf = in.readInplace(length);
111 if (buf) {
112 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
113 if (exportData.get()) {
114 memcpy(exportData.get(), buf, length);
115 dataLength = (size_t) length;
116 } else {
117 ALOGE("Failed to allocate ExportData buffer");
118 }
119 } else {
120 ALOGE("Failed to readInplace ExportData data");
121 }
122 }
123}
124
125void ExportResult::writeToParcel(Parcel* out) const {
126 out->writeInt32(resultCode);
127 out->writeInt32(dataLength);
128 if (exportData && dataLength) {
129 void* buf = out->writeInplace(dataLength);
130 if (buf) {
131 memcpy(buf, exportData.get(), dataLength);
132 } else {
133 ALOGE("Failed to writeInplace ExportResult data.");
134 }
135 }
136}
137
138KeymasterArguments::KeymasterArguments() {
139}
140
141KeymasterArguments::~KeymasterArguments() {
142 keymaster_free_param_values(params.data(), params.size());
143}
144
145void KeymasterArguments::readFromParcel(const Parcel& in) {
146 ssize_t length = in.readInt32();
147 size_t ulength = (size_t) length;
148 if (length < 0) {
149 ulength = 0;
150 }
151 keymaster_free_param_values(params.data(), params.size());
152 params.clear();
153 for(size_t i = 0; i < ulength; i++) {
154 keymaster_key_param_t param;
155 if (!readKeymasterArgumentFromParcel(in, &param)) {
156 ALOGE("Error reading keymaster argument from parcel");
157 break;
158 }
159 params.push_back(param);
160 }
161}
162
163void KeymasterArguments::writeToParcel(Parcel* out) const {
164 out->writeInt32(params.size());
165 for (auto param : params) {
166 out->writeInt32(1);
167 writeKeymasterArgumentToParcel(param, out);
168 }
169}
170
171KeyCharacteristics::KeyCharacteristics() {
172 memset((void*) &characteristics, 0, sizeof(characteristics));
173}
174
175KeyCharacteristics::~KeyCharacteristics() {
176 keymaster_free_characteristics(&characteristics);
177}
178
179void KeyCharacteristics::readFromParcel(const Parcel& in) {
180 size_t length = 0;
181 keymaster_key_param_t* params = readParamList(in, &length);
182 characteristics.sw_enforced.params = params;
183 characteristics.sw_enforced.length = length;
184
185 params = readParamList(in, &length);
186 characteristics.hw_enforced.params = params;
187 characteristics.hw_enforced.length = length;
188}
189
190void KeyCharacteristics::writeToParcel(Parcel* out) const {
191 if (characteristics.sw_enforced.params) {
192 out->writeInt32(characteristics.sw_enforced.length);
193 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
194 out->writeInt32(1);
195 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
196 }
197 } else {
198 out->writeInt32(0);
199 }
200 if (characteristics.hw_enforced.params) {
201 out->writeInt32(characteristics.hw_enforced.length);
202 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
203 out->writeInt32(1);
204 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
205 }
206 } else {
207 out->writeInt32(0);
208 }
209}
210
211void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
212 switch (keymaster_tag_get_type(param.tag)) {
213 case KM_ENUM:
214 case KM_ENUM_REP: {
215 out->writeInt32(param.tag);
216 out->writeInt32(param.enumerated);
217 break;
218 }
219 case KM_INT:
220 case KM_INT_REP: {
221 out->writeInt32(param.tag);
222 out->writeInt32(param.integer);
223 break;
224 }
Chad Brubaker686db062015-04-16 14:21:10 -0700[diff] [blame]225 case KM_LONG:
226 case KM_LONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]227 out->writeInt32(param.tag);
228 out->writeInt64(param.long_integer);
229 break;
230 }
231 case KM_DATE: {
232 out->writeInt32(param.tag);
233 out->writeInt64(param.date_time);
234 break;
235 }
236 case KM_BOOL: {
237 out->writeInt32(param.tag);
238 break;
239 }
240 case KM_BIGNUM:
241 case KM_BYTES: {
242 out->writeInt32(param.tag);
243 out->writeInt32(param.blob.data_length);
244 void* buf = out->writeInplace(param.blob.data_length);
245 if (buf) {
246 memcpy(buf, param.blob.data, param.blob.data_length);
247 } else {
248 ALOGE("Failed to writeInplace keymaster blob param");
249 }
250 break;
251 }
252 default: {
253 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
254 }
255 }
256}
257
258
259bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
260 if (in.readInt32() == 0) {
261 return false;
262 }
263 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
264 switch (keymaster_tag_get_type(tag)) {
265 case KM_ENUM:
266 case KM_ENUM_REP: {
267 uint32_t value = in.readInt32();
268 *out = keymaster_param_enum(tag, value);
269 break;
270 }
271 case KM_INT:
272 case KM_INT_REP: {
273 uint32_t value = in.readInt32();
274 *out = keymaster_param_int(tag, value);
275 break;
276 }
Chad Brubaker686db062015-04-16 14:21:10 -0700[diff] [blame]277 case KM_LONG:
278 case KM_LONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]279 uint64_t value = in.readInt64();
280 *out = keymaster_param_long(tag, value);
281 break;
282 }
283 case KM_DATE: {
284 uint64_t value = in.readInt64();
285 *out = keymaster_param_date(tag, value);
286 break;
287 }
288 case KM_BOOL: {
289 *out = keymaster_param_bool(tag);
290 break;
291 }
292 case KM_BIGNUM:
293 case KM_BYTES: {
294 ssize_t length = in.readInt32();
295 uint8_t* data = NULL;
296 size_t ulength = 0;
297 if (length >= 0) {
298 ulength = (size_t) length;
299 // use malloc here so we can use keymaster_free_param_values
300 // consistently.
301 data = reinterpret_cast<uint8_t*>(malloc(ulength));
302 const void* buf = in.readInplace(ulength);
303 if (!buf || !data) {
304 ALOGE("Failed to allocate buffer for keymaster blob param");
305 return false;
306 }
307 memcpy(data, buf, ulength);
308 }
309 *out = keymaster_param_blob(tag, data, ulength);
310 break;
311 }
312 default: {
313 ALOGE("Unsupported keymaster_tag_t %d", tag);
314 return false;
315 }
316 }
317 return true;
318}
319
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]320/**
321 * Read a byte array from in. The data at *data is still owned by the parcel
322 */
323static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
324 ssize_t slength = in.readInt32();
325 if (slength > 0) {
326 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
327 if (*data) {
328 *length = static_cast<size_t>(slength);
329 } else {
330 *length = 0;
331 }
332 } else {
333 *data = NULL;
334 *length = 0;
335 }
336}
337
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]338// Read a keymaster_key_param_t* from a Parcel for use in a
339// keymaster_key_characteristics_t. This will be free'd by calling
340// keymaster_free_key_characteristics.
341static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
342 ssize_t slength = in.readInt32();
343 *length = 0;
344 if (slength < 0) {
345 return NULL;
346 }
347 *length = (size_t) slength;
348 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
349 return NULL;
350 }
351 keymaster_key_param_t* list =
352 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
353 sizeof(keymaster_key_param_t)));
354 if (!list) {
355 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
356 goto err;
357 }
358 for (size_t i = 0; i < *length ; i++) {
359 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
360 ALOGE("Failed to read keymaster argument");
361 keymaster_free_param_values(list, i);
362 goto err;
363 }
364 }
365 return list;
366err:
367 free(list);
368 return NULL;
369}
370
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]371static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
372 std::unique_ptr<keymaster_blob_t> blob;
373 if (in.readInt32() != 1) {
374 blob.reset(NULL);
375 return blob;
376 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]377 ssize_t length = in.readInt32();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]378 blob.reset(new keymaster_blob_t);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]379 if (length > 0) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]380 blob->data = reinterpret_cast<const uint8_t*>(in.readInplace(length));
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]381 if (blob->data) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]382 blob->data_length = static_cast<size_t>(length);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]383 } else {
384 blob->data_length = 0;
385 }
386 } else {
387 blob->data = NULL;
388 blob->data_length = 0;
389 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]390 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]391}
392
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]393class BpKeystoreService: public BpInterface<IKeystoreService>
394{
395public:
396 BpKeystoreService(const sp<IBinder>& impl)
397 : BpInterface<IKeystoreService>(impl)
398 {
399 }
400
401 // test ping
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]402 virtual int32_t getState(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]403 {
404 Parcel data, reply;
405 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]406 data.writeInt32(userId);
407 status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]408 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]409 ALOGD("getState() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]410 return -1;
411 }
412 int32_t err = reply.readExceptionCode();
413 int32_t ret = reply.readInt32();
414 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]415 ALOGD("getState() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]416 return -1;
417 }
418 return ret;
419 }
420
421 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
422 {
423 Parcel data, reply;
424 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
425 data.writeString16(name);
426 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
427 if (status != NO_ERROR) {
428 ALOGD("get() could not contact remote: %d\n", status);
429 return -1;
430 }
431 int32_t err = reply.readExceptionCode();
432 ssize_t len = reply.readInt32();
433 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
434 size_t ulen = (size_t) len;
435 const void* buf = reply.readInplace(ulen);
436 *item = (uint8_t*) malloc(ulen);
437 if (*item != NULL) {
438 memcpy(*item, buf, ulen);
439 *itemLength = ulen;
440 } else {
441 ALOGE("out of memory allocating output array in get");
442 *itemLength = 0;
443 }
444 } else {
445 *itemLength = 0;
446 }
447 if (err < 0) {
448 ALOGD("get() caught exception %d\n", err);
449 return -1;
450 }
451 return 0;
452 }
453
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]454 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
455 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]456 {
457 Parcel data, reply;
458 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
459 data.writeString16(name);
460 data.writeInt32(itemLength);
461 void* buf = data.writeInplace(itemLength);
462 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]463 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]464 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]465 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
466 if (status != NO_ERROR) {
467 ALOGD("import() could not contact remote: %d\n", status);
468 return -1;
469 }
470 int32_t err = reply.readExceptionCode();
471 int32_t ret = reply.readInt32();
472 if (err < 0) {
473 ALOGD("import() caught exception %d\n", err);
474 return -1;
475 }
476 return ret;
477 }
478
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]479 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]480 {
481 Parcel data, reply;
482 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
483 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]484 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]485 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
486 if (status != NO_ERROR) {
487 ALOGD("del() could not contact remote: %d\n", status);
488 return -1;
489 }
490 int32_t err = reply.readExceptionCode();
491 int32_t ret = reply.readInt32();
492 if (err < 0) {
493 ALOGD("del() caught exception %d\n", err);
494 return -1;
495 }
496 return ret;
497 }
498
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]499 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]500 {
501 Parcel data, reply;
502 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
503 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]504 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]505 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
506 if (status != NO_ERROR) {
507 ALOGD("exist() could not contact remote: %d\n", status);
508 return -1;
509 }
510 int32_t err = reply.readExceptionCode();
511 int32_t ret = reply.readInt32();
512 if (err < 0) {
513 ALOGD("exist() caught exception %d\n", err);
514 return -1;
515 }
516 return ret;
517 }
518
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]519 virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]520 {
521 Parcel data, reply;
522 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]523 data.writeString16(prefix);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]524 data.writeInt32(uid);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]525 status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]526 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]527 ALOGD("list() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]528 return -1;
529 }
530 int32_t err = reply.readExceptionCode();
531 int32_t numMatches = reply.readInt32();
532 for (int32_t i = 0; i < numMatches; i++) {
533 matches->push(reply.readString16());
534 }
535 int32_t ret = reply.readInt32();
536 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]537 ALOGD("list() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]538 return -1;
539 }
540 return ret;
541 }
542
543 virtual int32_t reset()
544 {
545 Parcel data, reply;
546 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
547 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
548 if (status != NO_ERROR) {
549 ALOGD("reset() could not contact remote: %d\n", status);
550 return -1;
551 }
552 int32_t err = reply.readExceptionCode();
553 int32_t ret = reply.readInt32();
554 if (err < 0) {
555 ALOGD("reset() caught exception %d\n", err);
556 return -1;
557 }
558 return ret;
559 }
560
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]561 virtual int32_t onUserPasswordChanged(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]562 {
563 Parcel data, reply;
564 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]565 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]566 data.writeString16(password);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]567 status_t status = remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data,
568 &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]569 if (status != NO_ERROR) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]570 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]571 return -1;
572 }
573 int32_t err = reply.readExceptionCode();
574 int32_t ret = reply.readInt32();
575 if (err < 0) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]576 ALOGD("onUserPasswordChanged() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]577 return -1;
578 }
579 return ret;
580 }
581
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]582 virtual int32_t lock(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]583 {
584 Parcel data, reply;
585 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]586 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]587 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
588 if (status != NO_ERROR) {
589 ALOGD("lock() could not contact remote: %d\n", status);
590 return -1;
591 }
592 int32_t err = reply.readExceptionCode();
593 int32_t ret = reply.readInt32();
594 if (err < 0) {
595 ALOGD("lock() caught exception %d\n", err);
596 return -1;
597 }
598 return ret;
599 }
600
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]601 virtual int32_t unlock(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]602 {
603 Parcel data, reply;
604 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]605 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]606 data.writeString16(password);
607 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
608 if (status != NO_ERROR) {
609 ALOGD("unlock() could not contact remote: %d\n", status);
610 return -1;
611 }
612 int32_t err = reply.readExceptionCode();
613 int32_t ret = reply.readInt32();
614 if (err < 0) {
615 ALOGD("unlock() caught exception %d\n", err);
616 return -1;
617 }
618 return ret;
619 }
620
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]621 virtual bool isEmpty(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]622 {
623 Parcel data, reply;
624 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]625 data.writeInt32(userId);
626 status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]627 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]628 ALOGD("isEmpty() could not contact remote: %d\n", status);
629 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]630 }
631 int32_t err = reply.readExceptionCode();
632 int32_t ret = reply.readInt32();
633 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]634 ALOGD("isEmpty() caught exception %d\n", err);
635 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]636 }
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]637 return ret != 0;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]638 }
639
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]640 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
641 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]642 {
643 Parcel data, reply;
644 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
645 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]646 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]647 data.writeInt32(keyType);
648 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]649 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]650 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]651 data.writeInt32(args->size());
652 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
653 sp<KeystoreArg> item = *it;
654 size_t keyLength = item->size();
655 data.writeInt32(keyLength);
656 void* buf = data.writeInplace(keyLength);
657 memcpy(buf, item->data(), keyLength);
658 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]659 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
660 if (status != NO_ERROR) {
661 ALOGD("generate() could not contact remote: %d\n", status);
662 return -1;
663 }
664 int32_t err = reply.readExceptionCode();
665 int32_t ret = reply.readInt32();
666 if (err < 0) {
667 ALOGD("generate() caught exception %d\n", err);
668 return -1;
669 }
670 return ret;
671 }
672
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]673 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
674 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]675 {
676 Parcel data, reply;
677 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
678 data.writeString16(name);
679 data.writeInt32(keyLength);
680 void* buf = data.writeInplace(keyLength);
681 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]682 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]683 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]684 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
685 if (status != NO_ERROR) {
686 ALOGD("import() could not contact remote: %d\n", status);
687 return -1;
688 }
689 int32_t err = reply.readExceptionCode();
690 int32_t ret = reply.readInt32();
691 if (err < 0) {
692 ALOGD("import() caught exception %d\n", err);
693 return -1;
694 }
695 return ret;
696 }
697
698 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
699 size_t* outLength)
700 {
701 Parcel data, reply;
702 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
703 data.writeString16(name);
704 data.writeInt32(inLength);
705 void* buf = data.writeInplace(inLength);
706 memcpy(buf, in, inLength);
707 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
708 if (status != NO_ERROR) {
709 ALOGD("import() could not contact remote: %d\n", status);
710 return -1;
711 }
712 int32_t err = reply.readExceptionCode();
713 ssize_t len = reply.readInt32();
714 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
715 size_t ulen = (size_t) len;
716 const void* outBuf = reply.readInplace(ulen);
717 *out = (uint8_t*) malloc(ulen);
718 if (*out != NULL) {
719 memcpy((void*) *out, outBuf, ulen);
720 *outLength = ulen;
721 } else {
722 ALOGE("out of memory allocating output array in sign");
723 *outLength = 0;
724 }
725 } else {
726 *outLength = 0;
727 }
728 if (err < 0) {
729 ALOGD("import() caught exception %d\n", err);
730 return -1;
731 }
732 return 0;
733 }
734
735 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
736 const uint8_t* signature, size_t signatureLength)
737 {
738 Parcel data, reply;
739 void* buf;
740
741 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
742 data.writeString16(name);
743 data.writeInt32(inLength);
744 buf = data.writeInplace(inLength);
745 memcpy(buf, in, inLength);
746 data.writeInt32(signatureLength);
747 buf = data.writeInplace(signatureLength);
748 memcpy(buf, signature, signatureLength);
749 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
750 if (status != NO_ERROR) {
751 ALOGD("verify() could not contact remote: %d\n", status);
752 return -1;
753 }
754 int32_t err = reply.readExceptionCode();
755 int32_t ret = reply.readInt32();
756 if (err < 0) {
757 ALOGD("verify() caught exception %d\n", err);
758 return -1;
759 }
760 return ret;
761 }
762
763 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
764 {
765 Parcel data, reply;
766 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
767 data.writeString16(name);
768 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
769 if (status != NO_ERROR) {
770 ALOGD("get_pubkey() could not contact remote: %d\n", status);
771 return -1;
772 }
773 int32_t err = reply.readExceptionCode();
774 ssize_t len = reply.readInt32();
775 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
776 size_t ulen = (size_t) len;
777 const void* buf = reply.readInplace(ulen);
778 *pubkey = (uint8_t*) malloc(ulen);
779 if (*pubkey != NULL) {
780 memcpy(*pubkey, buf, ulen);
781 *pubkeyLength = ulen;
782 } else {
783 ALOGE("out of memory allocating output array in get_pubkey");
784 *pubkeyLength = 0;
785 }
786 } else {
787 *pubkeyLength = 0;
788 }
789 if (err < 0) {
790 ALOGD("get_pubkey() caught exception %d\n", err);
791 return -1;
792 }
793 return 0;
794 }
795
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]796 virtual int32_t grant(const String16& name, int32_t granteeUid)
797 {
798 Parcel data, reply;
799 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
800 data.writeString16(name);
801 data.writeInt32(granteeUid);
802 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
803 if (status != NO_ERROR) {
804 ALOGD("grant() could not contact remote: %d\n", status);
805 return -1;
806 }
807 int32_t err = reply.readExceptionCode();
808 int32_t ret = reply.readInt32();
809 if (err < 0) {
810 ALOGD("grant() caught exception %d\n", err);
811 return -1;
812 }
813 return ret;
814 }
815
816 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
817 {
818 Parcel data, reply;
819 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
820 data.writeString16(name);
821 data.writeInt32(granteeUid);
822 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
823 if (status != NO_ERROR) {
824 ALOGD("ungrant() could not contact remote: %d\n", status);
825 return -1;
826 }
827 int32_t err = reply.readExceptionCode();
828 int32_t ret = reply.readInt32();
829 if (err < 0) {
830 ALOGD("ungrant() caught exception %d\n", err);
831 return -1;
832 }
833 return ret;
834 }
835
836 int64_t getmtime(const String16& name)
837 {
838 Parcel data, reply;
839 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
840 data.writeString16(name);
841 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
842 if (status != NO_ERROR) {
843 ALOGD("getmtime() could not contact remote: %d\n", status);
844 return -1;
845 }
846 int32_t err = reply.readExceptionCode();
847 int64_t ret = reply.readInt64();
848 if (err < 0) {
849 ALOGD("getmtime() caught exception %d\n", err);
850 return -1;
851 }
852 return ret;
853 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]854
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]855 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
856 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]857 {
858 Parcel data, reply;
859 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]860 data.writeString16(srcKey);
861 data.writeInt32(srcUid);
862 data.writeString16(destKey);
863 data.writeInt32(destUid);
864 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]865 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]866 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]867 return -1;
868 }
869 int32_t err = reply.readExceptionCode();
870 int32_t ret = reply.readInt32();
871 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]872 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]873 return -1;
874 }
875 return ret;
876 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]877
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]878 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]879 {
880 Parcel data, reply;
881 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]882 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]883 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
884 if (status != NO_ERROR) {
885 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
886 return -1;
887 }
888 int32_t err = reply.readExceptionCode();
889 int32_t ret = reply.readInt32();
890 if (err < 0) {
891 ALOGD("is_hardware_backed() caught exception %d\n", err);
892 return -1;
893 }
894 return ret;
895 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]896
897 virtual int32_t clear_uid(int64_t uid)
898 {
899 Parcel data, reply;
900 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
901 data.writeInt64(uid);
902 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
903 if (status != NO_ERROR) {
904 ALOGD("clear_uid() could not contact remote: %d\n", status);
905 return -1;
906 }
907 int32_t err = reply.readExceptionCode();
908 int32_t ret = reply.readInt32();
909 if (err < 0) {
910 ALOGD("clear_uid() caught exception %d\n", err);
911 return -1;
912 }
913 return ret;
914 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]915
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]916 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
917 {
918 Parcel data, reply;
919 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]920 data.writeByteArray(bufLength, buf);
921 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
922 if (status != NO_ERROR) {
923 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
924 return -1;
925 }
926 int32_t err = reply.readExceptionCode();
927 int32_t ret = reply.readInt32();
928 if (err < 0) {
929 ALOGD("addRngEntropy() caught exception %d\n", err);
930 return -1;
931 }
932 return ret;
933 };
934
935 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]936 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
937 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]938 {
939 Parcel data, reply;
940 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
941 data.writeString16(name);
942 data.writeInt32(1);
943 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]944 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]945 data.writeInt32(uid);
946 data.writeInt32(flags);
947 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
948 if (status != NO_ERROR) {
949 ALOGD("generateKey() could not contact remote: %d\n", status);
950 return KM_ERROR_UNKNOWN_ERROR;
951 }
952 int32_t err = reply.readExceptionCode();
953 int32_t ret = reply.readInt32();
954 if (err < 0) {
955 ALOGD("generateKey() caught exception %d\n", err);
956 return KM_ERROR_UNKNOWN_ERROR;
957 }
958 if (reply.readInt32() != 0 && outCharacteristics) {
959 outCharacteristics->readFromParcel(reply);
960 }
961 return ret;
962 }
963 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]964 const keymaster_blob_t* clientId,
965 const keymaster_blob_t* appData,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]966 KeyCharacteristics* outCharacteristics)
967 {
968 Parcel data, reply;
969 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
970 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]971 if (clientId) {
972 data.writeByteArray(clientId->data_length, clientId->data);
973 } else {
974 data.writeInt32(-1);
975 }
976 if (appData) {
977 data.writeByteArray(appData->data_length, appData->data);
978 } else {
979 data.writeInt32(-1);
980 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]981 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
982 data, &reply);
983 if (status != NO_ERROR) {
984 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
985 return KM_ERROR_UNKNOWN_ERROR;
986 }
987 int32_t err = reply.readExceptionCode();
988 int32_t ret = reply.readInt32();
989 if (err < 0) {
990 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
991 return KM_ERROR_UNKNOWN_ERROR;
992 }
993 if (reply.readInt32() != 0 && outCharacteristics) {
994 outCharacteristics->readFromParcel(reply);
995 }
996 return ret;
997 }
998 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
999 keymaster_key_format_t format, const uint8_t *keyData,
1000 size_t keyLength, int uid, int flags,
1001 KeyCharacteristics* outCharacteristics)
1002 {
1003 Parcel data, reply;
1004 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1005 data.writeString16(name);
1006 data.writeInt32(1);
1007 params.writeToParcel(&data);
1008 data.writeInt32(format);
1009 data.writeByteArray(keyLength, keyData);
1010 data.writeInt32(uid);
1011 data.writeInt32(flags);
1012 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1013 if (status != NO_ERROR) {
1014 ALOGD("importKey() could not contact remote: %d\n", status);
1015 return KM_ERROR_UNKNOWN_ERROR;
1016 }
1017 int32_t err = reply.readExceptionCode();
1018 int32_t ret = reply.readInt32();
1019 if (err < 0) {
1020 ALOGD("importKey() caught exception %d\n", err);
1021 return KM_ERROR_UNKNOWN_ERROR;
1022 }
1023 if (reply.readInt32() != 0 && outCharacteristics) {
1024 outCharacteristics->readFromParcel(reply);
1025 }
1026 return ret;
1027 }
1028
1029 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1030 const keymaster_blob_t* clientId,
1031 const keymaster_blob_t* appData, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1032 {
1033 if (!result) {
1034 return;
1035 }
1036
1037 Parcel data, reply;
1038 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1039 data.writeString16(name);
1040 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1041 if (clientId) {
1042 data.writeByteArray(clientId->data_length, clientId->data);
1043 } else {
1044 data.writeInt32(-1);
1045 }
1046 if (appData) {
1047 data.writeByteArray(appData->data_length, appData->data);
1048 } else {
1049 data.writeInt32(-1);
1050 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1051 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1052 if (status != NO_ERROR) {
1053 ALOGD("exportKey() could not contact remote: %d\n", status);
1054 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1055 return;
1056 }
1057 int32_t err = reply.readExceptionCode();
1058 if (err < 0) {
1059 ALOGD("exportKey() caught exception %d\n", err);
1060 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1061 return;
1062 }
1063 if (reply.readInt32() != 0) {
1064 result->readFromParcel(reply);
1065 }
1066 }
1067
1068 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1069 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1070 const KeymasterArguments& params, const uint8_t* entropy,
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame^]1071 size_t entropyLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1072 {
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame^]1073 if (!result) {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1074 return;
1075 }
1076 Parcel data, reply;
1077 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1078 data.writeStrongBinder(appToken);
1079 data.writeString16(name);
1080 data.writeInt32(purpose);
1081 data.writeInt32(pruneable ? 1 : 0);
1082 data.writeInt32(1);
1083 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1084 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1085 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1086 if (status != NO_ERROR) {
1087 ALOGD("begin() could not contact remote: %d\n", status);
1088 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1089 return;
1090 }
1091 int32_t err = reply.readExceptionCode();
1092 if (err < 0) {
1093 ALOGD("begin() caught exception %d\n", err);
1094 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1095 return;
1096 }
1097 if (reply.readInt32() != 0) {
1098 result->readFromParcel(reply);
1099 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1100 }
1101
1102 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1103 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1104 {
1105 if (!result) {
1106 return;
1107 }
1108 Parcel data, reply;
1109 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1110 data.writeStrongBinder(token);
1111 data.writeInt32(1);
1112 params.writeToParcel(&data);
1113 data.writeByteArray(dataLength, opData);
1114 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1115 if (status != NO_ERROR) {
1116 ALOGD("update() could not contact remote: %d\n", status);
1117 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1118 return;
1119 }
1120 int32_t err = reply.readExceptionCode();
1121 if (err < 0) {
1122 ALOGD("update() caught exception %d\n", err);
1123 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1124 return;
1125 }
1126 if (reply.readInt32() != 0) {
1127 result->readFromParcel(reply);
1128 }
1129 }
1130
1131 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1132 const uint8_t* signature, size_t signatureLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1133 {
1134 if (!result) {
1135 return;
1136 }
1137 Parcel data, reply;
1138 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1139 data.writeStrongBinder(token);
1140 data.writeInt32(1);
1141 params.writeToParcel(&data);
1142 data.writeByteArray(signatureLength, signature);
1143 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1144 if (status != NO_ERROR) {
1145 ALOGD("finish() could not contact remote: %d\n", status);
1146 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1147 return;
1148 }
1149 int32_t err = reply.readExceptionCode();
1150 if (err < 0) {
1151 ALOGD("finish() caught exception %d\n", err);
1152 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1153 return;
1154 }
1155 if (reply.readInt32() != 0) {
1156 result->readFromParcel(reply);
1157 }
1158 }
1159
1160 virtual int32_t abort(const sp<IBinder>& token)
1161 {
1162 Parcel data, reply;
1163 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1164 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1165 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1166 if (status != NO_ERROR) {
1167 ALOGD("abort() could not contact remote: %d\n", status);
1168 return KM_ERROR_UNKNOWN_ERROR;
1169 }
1170 int32_t err = reply.readExceptionCode();
1171 int32_t ret = reply.readInt32();
1172 if (err < 0) {
1173 ALOGD("abort() caught exception %d\n", err);
1174 return KM_ERROR_UNKNOWN_ERROR;
1175 }
1176 return ret;
1177 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1178
1179 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1180 {
1181 Parcel data, reply;
1182 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1183 data.writeStrongBinder(token);
1184 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1185 &reply);
1186 if (status != NO_ERROR) {
1187 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1188 return false;
1189 }
1190 int32_t err = reply.readExceptionCode();
1191 int32_t ret = reply.readInt32();
1192 if (err < 0) {
1193 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1194 return false;
1195 }
1196 return ret == 1;
1197 }
1198
1199 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1200 {
1201 Parcel data, reply;
1202 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1203 data.writeByteArray(length, token);
1204 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1205 if (status != NO_ERROR) {
1206 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1207 return -1;
1208 }
1209 int32_t err = reply.readExceptionCode();
1210 int32_t ret = reply.readInt32();
1211 if (err < 0) {
1212 ALOGD("addAuthToken() caught exception %d\n", err);
1213 return -1;
1214 }
1215 return ret;
1216 };
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1217
1218 virtual int32_t onUserAdded(int32_t userId, int32_t parentId)
1219 {
1220 Parcel data, reply;
1221 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1222 data.writeInt32(userId);
1223 data.writeInt32(parentId);
1224 status_t status = remote()->transact(BnKeystoreService::ON_USER_ADDED, data, &reply);
1225 if (status != NO_ERROR) {
1226 ALOGD("onUserAdded() could not contact remote: %d\n", status);
1227 return -1;
1228 }
1229 int32_t err = reply.readExceptionCode();
1230 int32_t ret = reply.readInt32();
1231 if (err < 0) {
1232 ALOGD("onUserAdded() caught exception %d\n", err);
1233 return -1;
1234 }
1235 return ret;
1236 }
1237
1238 virtual int32_t onUserRemoved(int32_t userId)
1239 {
1240 Parcel data, reply;
1241 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1242 data.writeInt32(userId);
1243 status_t status = remote()->transact(BnKeystoreService::ON_USER_REMOVED, data, &reply);
1244 if (status != NO_ERROR) {
1245 ALOGD("onUserRemoved() could not contact remote: %d\n", status);
1246 return -1;
1247 }
1248 int32_t err = reply.readExceptionCode();
1249 int32_t ret = reply.readInt32();
1250 if (err < 0) {
1251 ALOGD("onUserRemoved() caught exception %d\n", err);
1252 return -1;
1253 }
1254 return ret;
1255 }
1256
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1257};
1258
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1259IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1260
1261// ----------------------------------------------------------------------
1262
1263status_t BnKeystoreService::onTransact(
1264 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1265{
1266 switch(code) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1267 case GET_STATE: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1268 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1269 int32_t userId = data.readInt32();
1270 int32_t ret = getState(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1271 reply->writeNoException();
1272 reply->writeInt32(ret);
1273 return NO_ERROR;
1274 } break;
1275 case GET: {
1276 CHECK_INTERFACE(IKeystoreService, data, reply);
1277 String16 name = data.readString16();
1278 void* out = NULL;
1279 size_t outSize = 0;
1280 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1281 reply->writeNoException();
1282 if (ret == 1) {
1283 reply->writeInt32(outSize);
1284 void* buf = reply->writeInplace(outSize);
1285 memcpy(buf, out, outSize);
1286 free(out);
1287 } else {
1288 reply->writeInt32(-1);
1289 }
1290 return NO_ERROR;
1291 } break;
1292 case INSERT: {
1293 CHECK_INTERFACE(IKeystoreService, data, reply);
1294 String16 name = data.readString16();
1295 ssize_t inSize = data.readInt32();
1296 const void* in;
1297 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1298 in = data.readInplace(inSize);
1299 } else {
1300 in = NULL;
1301 inSize = 0;
1302 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1303 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1304 int32_t flags = data.readInt32();
1305 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1306 reply->writeNoException();
1307 reply->writeInt32(ret);
1308 return NO_ERROR;
1309 } break;
1310 case DEL: {
1311 CHECK_INTERFACE(IKeystoreService, data, reply);
1312 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1313 int uid = data.readInt32();
1314 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1315 reply->writeNoException();
1316 reply->writeInt32(ret);
1317 return NO_ERROR;
1318 } break;
1319 case EXIST: {
1320 CHECK_INTERFACE(IKeystoreService, data, reply);
1321 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1322 int uid = data.readInt32();
1323 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1324 reply->writeNoException();
1325 reply->writeInt32(ret);
1326 return NO_ERROR;
1327 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1328 case LIST: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1329 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1330 String16 prefix = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1331 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1332 Vector<String16> matches;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1333 int32_t ret = list(prefix, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1334 reply->writeNoException();
1335 reply->writeInt32(matches.size());
1336 Vector<String16>::const_iterator it = matches.begin();
1337 for (; it != matches.end(); ++it) {
1338 reply->writeString16(*it);
1339 }
1340 reply->writeInt32(ret);
1341 return NO_ERROR;
1342 } break;
1343 case RESET: {
1344 CHECK_INTERFACE(IKeystoreService, data, reply);
1345 int32_t ret = reset();
1346 reply->writeNoException();
1347 reply->writeInt32(ret);
1348 return NO_ERROR;
1349 } break;
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1350 case ON_USER_PASSWORD_CHANGED: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1351 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1352 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1353 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1354 int32_t ret = onUserPasswordChanged(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1355 reply->writeNoException();
1356 reply->writeInt32(ret);
1357 return NO_ERROR;
1358 } break;
1359 case LOCK: {
1360 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1361 int32_t userId = data.readInt32();
1362 int32_t ret = lock(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1363 reply->writeNoException();
1364 reply->writeInt32(ret);
1365 return NO_ERROR;
1366 } break;
1367 case UNLOCK: {
1368 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1369 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1370 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1371 int32_t ret = unlock(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1372 reply->writeNoException();
1373 reply->writeInt32(ret);
1374 return NO_ERROR;
1375 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1376 case IS_EMPTY: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1377 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1378 int32_t userId = data.readInt32();
1379 bool ret = isEmpty(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1380 reply->writeNoException();
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1381 reply->writeInt32(ret ? 1 : 0);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1382 return NO_ERROR;
1383 } break;
1384 case GENERATE: {
1385 CHECK_INTERFACE(IKeystoreService, data, reply);
1386 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1387 int32_t uid = data.readInt32();
1388 int32_t keyType = data.readInt32();
1389 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1390 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1391 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1392 int32_t argsPresent = data.readInt32();
1393 if (argsPresent == 1) {
1394 ssize_t numArgs = data.readInt32();
Chad Brubakered4f5662015-01-14 19:22:09 -0800[diff] [blame]1395 if (numArgs > MAX_GENERATE_ARGS) {
1396 return BAD_VALUE;
1397 }
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1398 if (numArgs > 0) {
1399 for (size_t i = 0; i < (size_t) numArgs; i++) {
1400 ssize_t inSize = data.readInt32();
1401 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1402 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1403 inSize);
1404 args.push_back(arg);
1405 } else {
1406 args.push_back(NULL);
1407 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1408 }
1409 }
1410 }
1411 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1412 reply->writeNoException();
1413 reply->writeInt32(ret);
1414 return NO_ERROR;
1415 } break;
1416 case IMPORT: {
1417 CHECK_INTERFACE(IKeystoreService, data, reply);
1418 String16 name = data.readString16();
1419 ssize_t inSize = data.readInt32();
1420 const void* in;
1421 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1422 in = data.readInplace(inSize);
1423 } else {
1424 in = NULL;
1425 inSize = 0;
1426 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1427 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1428 int32_t flags = data.readInt32();
1429 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1430 reply->writeNoException();
1431 reply->writeInt32(ret);
1432 return NO_ERROR;
1433 } break;
1434 case SIGN: {
1435 CHECK_INTERFACE(IKeystoreService, data, reply);
1436 String16 name = data.readString16();
1437 ssize_t inSize = data.readInt32();
1438 const void* in;
1439 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1440 in = data.readInplace(inSize);
1441 } else {
1442 in = NULL;
1443 inSize = 0;
1444 }
1445 void* out = NULL;
1446 size_t outSize = 0;
1447 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1448 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1449 if (outSize > 0 && out != NULL) {
1450 reply->writeInt32(outSize);
1451 void* buf = reply->writeInplace(outSize);
1452 memcpy(buf, out, outSize);
1453 free(out);
1454 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1455 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1456 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1457 reply->writeInt32(ret);
1458 return NO_ERROR;
1459 } break;
1460 case VERIFY: {
1461 CHECK_INTERFACE(IKeystoreService, data, reply);
1462 String16 name = data.readString16();
1463 ssize_t inSize = data.readInt32();
1464 const void* in;
1465 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1466 in = data.readInplace(inSize);
1467 } else {
1468 in = NULL;
1469 inSize = 0;
1470 }
1471 ssize_t sigSize = data.readInt32();
1472 const void* sig;
1473 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1474 sig = data.readInplace(sigSize);
1475 } else {
1476 sig = NULL;
1477 sigSize = 0;
1478 }
1479 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1480 (size_t) sigSize);
1481 reply->writeNoException();
1482 reply->writeInt32(ret ? 1 : 0);
1483 return NO_ERROR;
1484 } break;
1485 case GET_PUBKEY: {
1486 CHECK_INTERFACE(IKeystoreService, data, reply);
1487 String16 name = data.readString16();
1488 void* out = NULL;
1489 size_t outSize = 0;
1490 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1491 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1492 if (outSize > 0 && out != NULL) {
1493 reply->writeInt32(outSize);
1494 void* buf = reply->writeInplace(outSize);
1495 memcpy(buf, out, outSize);
1496 free(out);
1497 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1498 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1499 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1500 reply->writeInt32(ret);
1501 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1502 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1503 case GRANT: {
1504 CHECK_INTERFACE(IKeystoreService, data, reply);
1505 String16 name = data.readString16();
1506 int32_t granteeUid = data.readInt32();
1507 int32_t ret = grant(name, granteeUid);
1508 reply->writeNoException();
1509 reply->writeInt32(ret);
1510 return NO_ERROR;
1511 } break;
1512 case UNGRANT: {
1513 CHECK_INTERFACE(IKeystoreService, data, reply);
1514 String16 name = data.readString16();
1515 int32_t granteeUid = data.readInt32();
1516 int32_t ret = ungrant(name, granteeUid);
1517 reply->writeNoException();
1518 reply->writeInt32(ret);
1519 return NO_ERROR;
1520 } break;
1521 case GETMTIME: {
1522 CHECK_INTERFACE(IKeystoreService, data, reply);
1523 String16 name = data.readString16();
1524 int64_t ret = getmtime(name);
1525 reply->writeNoException();
1526 reply->writeInt64(ret);
1527 return NO_ERROR;
1528 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1529 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1530 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1531 String16 srcKey = data.readString16();
1532 int32_t srcUid = data.readInt32();
1533 String16 destKey = data.readString16();
1534 int32_t destUid = data.readInt32();
1535 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1536 reply->writeNoException();
1537 reply->writeInt32(ret);
1538 return NO_ERROR;
1539 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1540 case IS_HARDWARE_BACKED: {
1541 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1542 String16 keyType = data.readString16();
1543 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1544 reply->writeNoException();
1545 reply->writeInt32(ret);
1546 return NO_ERROR;
1547 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1548 case CLEAR_UID: {
1549 CHECK_INTERFACE(IKeystoreService, data, reply);
1550 int64_t uid = data.readInt64();
1551 int32_t ret = clear_uid(uid);
1552 reply->writeNoException();
1553 reply->writeInt32(ret);
1554 return NO_ERROR;
1555 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1556 case ADD_RNG_ENTROPY: {
1557 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1558 const uint8_t* bytes = NULL;
1559 size_t size = 0;
1560 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1561 int32_t ret = addRngEntropy(bytes, size);
1562 reply->writeNoException();
1563 reply->writeInt32(ret);
1564 return NO_ERROR;
1565 }
1566 case GENERATE_KEY: {
1567 CHECK_INTERFACE(IKeystoreService, data, reply);
1568 String16 name = data.readString16();
1569 KeymasterArguments args;
1570 if (data.readInt32() != 0) {
1571 args.readFromParcel(data);
1572 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1573 const uint8_t* entropy = NULL;
1574 size_t entropyLength = 0;
1575 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1576 int32_t uid = data.readInt32();
1577 int32_t flags = data.readInt32();
1578 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1579 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1580 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1581 reply->writeNoException();
1582 reply->writeInt32(ret);
1583 reply->writeInt32(1);
1584 outCharacteristics.writeToParcel(reply);
1585 return NO_ERROR;
1586 }
1587 case GET_KEY_CHARACTERISTICS: {
1588 CHECK_INTERFACE(IKeystoreService, data, reply);
1589 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1590 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1591 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1592 KeyCharacteristics outCharacteristics;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1593 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(),
1594 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1595 reply->writeNoException();
1596 reply->writeInt32(ret);
1597 reply->writeInt32(1);
1598 outCharacteristics.writeToParcel(reply);
1599 return NO_ERROR;
1600 }
1601 case IMPORT_KEY: {
1602 CHECK_INTERFACE(IKeystoreService, data, reply);
1603 String16 name = data.readString16();
1604 KeymasterArguments args;
1605 if (data.readInt32() != 0) {
1606 args.readFromParcel(data);
1607 }
1608 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1609 const uint8_t* keyData = NULL;
1610 size_t keyLength = 0;
1611 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1612 int32_t uid = data.readInt32();
1613 int32_t flags = data.readInt32();
1614 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1615 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1616 &outCharacteristics);
1617 reply->writeNoException();
1618 reply->writeInt32(ret);
1619 reply->writeInt32(1);
1620 outCharacteristics.writeToParcel(reply);
1621
1622 return NO_ERROR;
1623 }
1624 case EXPORT_KEY: {
1625 CHECK_INTERFACE(IKeystoreService, data, reply);
1626 String16 name = data.readString16();
1627 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1628 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1629 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1630 ExportResult result;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1631 exportKey(name, format, clientId.get(), appData.get(), &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1632 reply->writeNoException();
1633 reply->writeInt32(1);
1634 result.writeToParcel(reply);
1635
1636 return NO_ERROR;
1637 }
1638 case BEGIN: {
1639 CHECK_INTERFACE(IKeystoreService, data, reply);
1640 sp<IBinder> token = data.readStrongBinder();
1641 String16 name = data.readString16();
1642 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1643 bool pruneable = data.readInt32() != 0;
1644 KeymasterArguments args;
1645 if (data.readInt32() != 0) {
1646 args.readFromParcel(data);
1647 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1648 const uint8_t* entropy = NULL;
1649 size_t entropyLength = 0;
1650 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1651 OperationResult result;
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame^]1652 begin(token, name, purpose, pruneable, args, entropy, entropyLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1653 reply->writeNoException();
1654 reply->writeInt32(1);
1655 result.writeToParcel(reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1656
1657 return NO_ERROR;
1658 }
1659 case UPDATE: {
1660 CHECK_INTERFACE(IKeystoreService, data, reply);
1661 sp<IBinder> token = data.readStrongBinder();
1662 KeymasterArguments args;
1663 if (data.readInt32() != 0) {
1664 args.readFromParcel(data);
1665 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1666 const uint8_t* buf = NULL;
1667 size_t bufLength = 0;
1668 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1669 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1670 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1671 reply->writeNoException();
1672 reply->writeInt32(1);
1673 result.writeToParcel(reply);
1674
1675 return NO_ERROR;
1676 }
1677 case FINISH: {
1678 CHECK_INTERFACE(IKeystoreService, data, reply);
1679 sp<IBinder> token = data.readStrongBinder();
1680 KeymasterArguments args;
1681 if (data.readInt32() != 0) {
1682 args.readFromParcel(data);
1683 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1684 const uint8_t* buf = NULL;
1685 size_t bufLength = 0;
1686 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1687 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1688 finish(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1689 reply->writeNoException();
1690 reply->writeInt32(1);
1691 result.writeToParcel(reply);
1692
1693 return NO_ERROR;
1694 }
1695 case ABORT: {
1696 CHECK_INTERFACE(IKeystoreService, data, reply);
1697 sp<IBinder> token = data.readStrongBinder();
1698 int32_t result = abort(token);
1699 reply->writeNoException();
1700 reply->writeInt32(result);
1701
1702 return NO_ERROR;
1703 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1704 case IS_OPERATION_AUTHORIZED: {
1705 CHECK_INTERFACE(IKeystoreService, data, reply);
1706 sp<IBinder> token = data.readStrongBinder();
1707 bool result = isOperationAuthorized(token);
1708 reply->writeNoException();
1709 reply->writeInt32(result ? 1 : 0);
1710
1711 return NO_ERROR;
1712 }
1713 case ADD_AUTH_TOKEN: {
1714 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1715 const uint8_t* token_bytes = NULL;
1716 size_t size = 0;
1717 readByteArray(data, &token_bytes, &size);
1718 int32_t result = addAuthToken(token_bytes, size);
1719 reply->writeNoException();
1720 reply->writeInt32(result);
1721
1722 return NO_ERROR;
1723 }
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1724 case ON_USER_ADDED: {
1725 CHECK_INTERFACE(IKeystoreService, data, reply);
1726 int32_t userId = data.readInt32();
1727 int32_t parentId = data.readInt32();
1728 int32_t result = onUserAdded(userId, parentId);
1729 reply->writeNoException();
1730 reply->writeInt32(result);
1731
1732 return NO_ERROR;
1733 }
1734 case ON_USER_REMOVED: {
1735 CHECK_INTERFACE(IKeystoreService, data, reply);
1736 int32_t userId = data.readInt32();
1737 int32_t result = onUserRemoved(userId);
1738 reply->writeNoException();
1739 reply->writeInt32(result);
1740
1741 return NO_ERROR;
1742 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1743 default:
1744 return BBinder::onTransact(code, data, reply, flags);
1745 }
1746}
1747
1748// ----------------------------------------------------------------------------
1749
1750}; // namespace android