Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 6432df7173778954f3e2dfe7d495ab5daa6983ab / . / keystore / IKeystoreService.cpp
blob: 3818acf4b5248260dff673d7a18a680c551cff27 [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]33static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
34
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]35KeystoreArg::KeystoreArg(const void* data, size_t len)
36 : mData(data), mSize(len) {
37}
38
39KeystoreArg::~KeystoreArg() {
40}
41
42const void *KeystoreArg::data() const {
43 return mData;
44}
45
46size_t KeystoreArg::size() const {
47 return mSize;
48}
49
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]50OperationResult::OperationResult() : resultCode(0), token(), inputConsumed(0),
51 data(NULL), dataLength(0) {
52}
53
54OperationResult::~OperationResult() {
55}
56
57void OperationResult::readFromParcel(const Parcel& in) {
58 resultCode = in.readInt32();
59 token = in.readStrongBinder();
60 inputConsumed = in.readInt32();
61 ssize_t length = in.readInt32();
62 dataLength = 0;
63 if (length > 0) {
64 const void* buf = in.readInplace(length);
65 if (buf) {
66 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
67 if (data.get()) {
68 memcpy(data.get(), buf, length);
69 dataLength = (size_t) length;
70 } else {
71 ALOGE("Failed to allocate OperationResult buffer");
72 }
73 } else {
74 ALOGE("Failed to readInplace OperationResult data");
75 }
76 }
77}
78
79void OperationResult::writeToParcel(Parcel* out) const {
80 out->writeInt32(resultCode);
81 out->writeStrongBinder(token);
82 out->writeInt32(inputConsumed);
83 out->writeInt32(dataLength);
84 if (dataLength && data) {
85 void* buf = out->writeInplace(dataLength);
86 if (buf) {
87 memcpy(buf, data.get(), dataLength);
88 } else {
89 ALOGE("Failed to writeInplace OperationResult data.");
90 }
91 }
92}
93
94ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
95}
96
97ExportResult::~ExportResult() {
98}
99
100void ExportResult::readFromParcel(const Parcel& in) {
101 resultCode = in.readInt32();
102 ssize_t length = in.readInt32();
103 dataLength = 0;
104 if (length > 0) {
105 const void* buf = in.readInplace(length);
106 if (buf) {
107 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
108 if (exportData.get()) {
109 memcpy(exportData.get(), buf, length);
110 dataLength = (size_t) length;
111 } else {
112 ALOGE("Failed to allocate ExportData buffer");
113 }
114 } else {
115 ALOGE("Failed to readInplace ExportData data");
116 }
117 }
118}
119
120void ExportResult::writeToParcel(Parcel* out) const {
121 out->writeInt32(resultCode);
122 out->writeInt32(dataLength);
123 if (exportData && dataLength) {
124 void* buf = out->writeInplace(dataLength);
125 if (buf) {
126 memcpy(buf, exportData.get(), dataLength);
127 } else {
128 ALOGE("Failed to writeInplace ExportResult data.");
129 }
130 }
131}
132
133KeymasterArguments::KeymasterArguments() {
134}
135
136KeymasterArguments::~KeymasterArguments() {
137 keymaster_free_param_values(params.data(), params.size());
138}
139
140void KeymasterArguments::readFromParcel(const Parcel& in) {
141 ssize_t length = in.readInt32();
142 size_t ulength = (size_t) length;
143 if (length < 0) {
144 ulength = 0;
145 }
146 keymaster_free_param_values(params.data(), params.size());
147 params.clear();
148 for(size_t i = 0; i < ulength; i++) {
149 keymaster_key_param_t param;
150 if (!readKeymasterArgumentFromParcel(in, &param)) {
151 ALOGE("Error reading keymaster argument from parcel");
152 break;
153 }
154 params.push_back(param);
155 }
156}
157
158void KeymasterArguments::writeToParcel(Parcel* out) const {
159 out->writeInt32(params.size());
160 for (auto param : params) {
161 out->writeInt32(1);
162 writeKeymasterArgumentToParcel(param, out);
163 }
164}
165
166KeyCharacteristics::KeyCharacteristics() {
167 memset((void*) &characteristics, 0, sizeof(characteristics));
168}
169
170KeyCharacteristics::~KeyCharacteristics() {
171 keymaster_free_characteristics(&characteristics);
172}
173
174void KeyCharacteristics::readFromParcel(const Parcel& in) {
175 size_t length = 0;
176 keymaster_key_param_t* params = readParamList(in, &length);
177 characteristics.sw_enforced.params = params;
178 characteristics.sw_enforced.length = length;
179
180 params = readParamList(in, &length);
181 characteristics.hw_enforced.params = params;
182 characteristics.hw_enforced.length = length;
183}
184
185void KeyCharacteristics::writeToParcel(Parcel* out) const {
186 if (characteristics.sw_enforced.params) {
187 out->writeInt32(characteristics.sw_enforced.length);
188 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
189 out->writeInt32(1);
190 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
191 }
192 } else {
193 out->writeInt32(0);
194 }
195 if (characteristics.hw_enforced.params) {
196 out->writeInt32(characteristics.hw_enforced.length);
197 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
198 out->writeInt32(1);
199 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
200 }
201 } else {
202 out->writeInt32(0);
203 }
204}
205
206void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
207 switch (keymaster_tag_get_type(param.tag)) {
208 case KM_ENUM:
209 case KM_ENUM_REP: {
210 out->writeInt32(param.tag);
211 out->writeInt32(param.enumerated);
212 break;
213 }
214 case KM_INT:
215 case KM_INT_REP: {
216 out->writeInt32(param.tag);
217 out->writeInt32(param.integer);
218 break;
219 }
220 case KM_LONG: {
221 out->writeInt32(param.tag);
222 out->writeInt64(param.long_integer);
223 break;
224 }
225 case KM_DATE: {
226 out->writeInt32(param.tag);
227 out->writeInt64(param.date_time);
228 break;
229 }
230 case KM_BOOL: {
231 out->writeInt32(param.tag);
232 break;
233 }
234 case KM_BIGNUM:
235 case KM_BYTES: {
236 out->writeInt32(param.tag);
237 out->writeInt32(param.blob.data_length);
238 void* buf = out->writeInplace(param.blob.data_length);
239 if (buf) {
240 memcpy(buf, param.blob.data, param.blob.data_length);
241 } else {
242 ALOGE("Failed to writeInplace keymaster blob param");
243 }
244 break;
245 }
246 default: {
247 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
248 }
249 }
250}
251
252
253bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
254 if (in.readInt32() == 0) {
255 return false;
256 }
257 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
258 switch (keymaster_tag_get_type(tag)) {
259 case KM_ENUM:
260 case KM_ENUM_REP: {
261 uint32_t value = in.readInt32();
262 *out = keymaster_param_enum(tag, value);
263 break;
264 }
265 case KM_INT:
266 case KM_INT_REP: {
267 uint32_t value = in.readInt32();
268 *out = keymaster_param_int(tag, value);
269 break;
270 }
271 case KM_LONG: {
272 uint64_t value = in.readInt64();
273 *out = keymaster_param_long(tag, value);
274 break;
275 }
276 case KM_DATE: {
277 uint64_t value = in.readInt64();
278 *out = keymaster_param_date(tag, value);
279 break;
280 }
281 case KM_BOOL: {
282 *out = keymaster_param_bool(tag);
283 break;
284 }
285 case KM_BIGNUM:
286 case KM_BYTES: {
287 ssize_t length = in.readInt32();
288 uint8_t* data = NULL;
289 size_t ulength = 0;
290 if (length >= 0) {
291 ulength = (size_t) length;
292 // use malloc here so we can use keymaster_free_param_values
293 // consistently.
294 data = reinterpret_cast<uint8_t*>(malloc(ulength));
295 const void* buf = in.readInplace(ulength);
296 if (!buf || !data) {
297 ALOGE("Failed to allocate buffer for keymaster blob param");
298 return false;
299 }
300 memcpy(data, buf, ulength);
301 }
302 *out = keymaster_param_blob(tag, data, ulength);
303 break;
304 }
305 default: {
306 ALOGE("Unsupported keymaster_tag_t %d", tag);
307 return false;
308 }
309 }
310 return true;
311}
312
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame^]313/**
314 * Read a byte array from in. The data at *data is still owned by the parcel
315 */
316static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
317 ssize_t slength = in.readInt32();
318 if (slength > 0) {
319 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
320 if (*data) {
321 *length = static_cast<size_t>(slength);
322 } else {
323 *length = 0;
324 }
325 } else {
326 *data = NULL;
327 *length = 0;
328 }
329}
330
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]331// Read a keymaster_key_param_t* from a Parcel for use in a
332// keymaster_key_characteristics_t. This will be free'd by calling
333// keymaster_free_key_characteristics.
334static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
335 ssize_t slength = in.readInt32();
336 *length = 0;
337 if (slength < 0) {
338 return NULL;
339 }
340 *length = (size_t) slength;
341 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
342 return NULL;
343 }
344 keymaster_key_param_t* list =
345 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
346 sizeof(keymaster_key_param_t)));
347 if (!list) {
348 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
349 goto err;
350 }
351 for (size_t i = 0; i < *length ; i++) {
352 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
353 ALOGE("Failed to read keymaster argument");
354 keymaster_free_param_values(list, i);
355 goto err;
356 }
357 }
358 return list;
359err:
360 free(list);
361 return NULL;
362}
363
364static void readKeymasterBlob(const Parcel& in, keymaster_blob_t* blob) {
365 ssize_t length = in.readInt32();
366 if (length > 0) {
367 blob->data = (uint8_t*) in.readInplace(length);
368 if (blob->data) {
369 blob->data_length = (size_t) length;
370 } else {
371 blob->data_length = 0;
372 }
373 } else {
374 blob->data = NULL;
375 blob->data_length = 0;
376 }
377}
378
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]379class BpKeystoreService: public BpInterface<IKeystoreService>
380{
381public:
382 BpKeystoreService(const sp<IBinder>& impl)
383 : BpInterface<IKeystoreService>(impl)
384 {
385 }
386
387 // test ping
388 virtual int32_t test()
389 {
390 Parcel data, reply;
391 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
392 status_t status = remote()->transact(BnKeystoreService::TEST, data, &reply);
393 if (status != NO_ERROR) {
394 ALOGD("test() could not contact remote: %d\n", status);
395 return -1;
396 }
397 int32_t err = reply.readExceptionCode();
398 int32_t ret = reply.readInt32();
399 if (err < 0) {
400 ALOGD("test() caught exception %d\n", err);
401 return -1;
402 }
403 return ret;
404 }
405
406 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
407 {
408 Parcel data, reply;
409 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
410 data.writeString16(name);
411 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
412 if (status != NO_ERROR) {
413 ALOGD("get() could not contact remote: %d\n", status);
414 return -1;
415 }
416 int32_t err = reply.readExceptionCode();
417 ssize_t len = reply.readInt32();
418 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
419 size_t ulen = (size_t) len;
420 const void* buf = reply.readInplace(ulen);
421 *item = (uint8_t*) malloc(ulen);
422 if (*item != NULL) {
423 memcpy(*item, buf, ulen);
424 *itemLength = ulen;
425 } else {
426 ALOGE("out of memory allocating output array in get");
427 *itemLength = 0;
428 }
429 } else {
430 *itemLength = 0;
431 }
432 if (err < 0) {
433 ALOGD("get() caught exception %d\n", err);
434 return -1;
435 }
436 return 0;
437 }
438
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]439 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
440 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]441 {
442 Parcel data, reply;
443 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
444 data.writeString16(name);
445 data.writeInt32(itemLength);
446 void* buf = data.writeInplace(itemLength);
447 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]448 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]449 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]450 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
451 if (status != NO_ERROR) {
452 ALOGD("import() could not contact remote: %d\n", status);
453 return -1;
454 }
455 int32_t err = reply.readExceptionCode();
456 int32_t ret = reply.readInt32();
457 if (err < 0) {
458 ALOGD("import() caught exception %d\n", err);
459 return -1;
460 }
461 return ret;
462 }
463
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]464 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]465 {
466 Parcel data, reply;
467 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
468 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]469 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]470 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
471 if (status != NO_ERROR) {
472 ALOGD("del() could not contact remote: %d\n", status);
473 return -1;
474 }
475 int32_t err = reply.readExceptionCode();
476 int32_t ret = reply.readInt32();
477 if (err < 0) {
478 ALOGD("del() caught exception %d\n", err);
479 return -1;
480 }
481 return ret;
482 }
483
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]484 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]485 {
486 Parcel data, reply;
487 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
488 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]489 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]490 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
491 if (status != NO_ERROR) {
492 ALOGD("exist() could not contact remote: %d\n", status);
493 return -1;
494 }
495 int32_t err = reply.readExceptionCode();
496 int32_t ret = reply.readInt32();
497 if (err < 0) {
498 ALOGD("exist() caught exception %d\n", err);
499 return -1;
500 }
501 return ret;
502 }
503
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]504 virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]505 {
506 Parcel data, reply;
507 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
508 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]509 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]510 status_t status = remote()->transact(BnKeystoreService::SAW, data, &reply);
511 if (status != NO_ERROR) {
512 ALOGD("saw() could not contact remote: %d\n", status);
513 return -1;
514 }
515 int32_t err = reply.readExceptionCode();
516 int32_t numMatches = reply.readInt32();
517 for (int32_t i = 0; i < numMatches; i++) {
518 matches->push(reply.readString16());
519 }
520 int32_t ret = reply.readInt32();
521 if (err < 0) {
522 ALOGD("saw() caught exception %d\n", err);
523 return -1;
524 }
525 return ret;
526 }
527
528 virtual int32_t reset()
529 {
530 Parcel data, reply;
531 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
532 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
533 if (status != NO_ERROR) {
534 ALOGD("reset() could not contact remote: %d\n", status);
535 return -1;
536 }
537 int32_t err = reply.readExceptionCode();
538 int32_t ret = reply.readInt32();
539 if (err < 0) {
540 ALOGD("reset() caught exception %d\n", err);
541 return -1;
542 }
543 return ret;
544 }
545
546 virtual int32_t password(const String16& password)
547 {
548 Parcel data, reply;
549 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
550 data.writeString16(password);
551 status_t status = remote()->transact(BnKeystoreService::PASSWORD, data, &reply);
552 if (status != NO_ERROR) {
553 ALOGD("password() could not contact remote: %d\n", status);
554 return -1;
555 }
556 int32_t err = reply.readExceptionCode();
557 int32_t ret = reply.readInt32();
558 if (err < 0) {
559 ALOGD("password() caught exception %d\n", err);
560 return -1;
561 }
562 return ret;
563 }
564
565 virtual int32_t lock()
566 {
567 Parcel data, reply;
568 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
569 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
570 if (status != NO_ERROR) {
571 ALOGD("lock() could not contact remote: %d\n", status);
572 return -1;
573 }
574 int32_t err = reply.readExceptionCode();
575 int32_t ret = reply.readInt32();
576 if (err < 0) {
577 ALOGD("lock() caught exception %d\n", err);
578 return -1;
579 }
580 return ret;
581 }
582
583 virtual int32_t unlock(const String16& password)
584 {
585 Parcel data, reply;
586 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
587 data.writeString16(password);
588 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
589 if (status != NO_ERROR) {
590 ALOGD("unlock() could not contact remote: %d\n", status);
591 return -1;
592 }
593 int32_t err = reply.readExceptionCode();
594 int32_t ret = reply.readInt32();
595 if (err < 0) {
596 ALOGD("unlock() caught exception %d\n", err);
597 return -1;
598 }
599 return ret;
600 }
601
602 virtual int32_t zero()
603 {
604 Parcel data, reply;
605 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
606 status_t status = remote()->transact(BnKeystoreService::ZERO, data, &reply);
607 if (status != NO_ERROR) {
608 ALOGD("zero() could not contact remote: %d\n", status);
609 return -1;
610 }
611 int32_t err = reply.readExceptionCode();
612 int32_t ret = reply.readInt32();
613 if (err < 0) {
614 ALOGD("zero() caught exception %d\n", err);
615 return -1;
616 }
617 return ret;
618 }
619
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]620 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
621 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]622 {
623 Parcel data, reply;
624 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
625 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]626 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]627 data.writeInt32(keyType);
628 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]629 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]630 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]631 data.writeInt32(args->size());
632 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
633 sp<KeystoreArg> item = *it;
634 size_t keyLength = item->size();
635 data.writeInt32(keyLength);
636 void* buf = data.writeInplace(keyLength);
637 memcpy(buf, item->data(), keyLength);
638 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]639 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
640 if (status != NO_ERROR) {
641 ALOGD("generate() could not contact remote: %d\n", status);
642 return -1;
643 }
644 int32_t err = reply.readExceptionCode();
645 int32_t ret = reply.readInt32();
646 if (err < 0) {
647 ALOGD("generate() caught exception %d\n", err);
648 return -1;
649 }
650 return ret;
651 }
652
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]653 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
654 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]655 {
656 Parcel data, reply;
657 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
658 data.writeString16(name);
659 data.writeInt32(keyLength);
660 void* buf = data.writeInplace(keyLength);
661 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]662 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]663 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]664 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
665 if (status != NO_ERROR) {
666 ALOGD("import() could not contact remote: %d\n", status);
667 return -1;
668 }
669 int32_t err = reply.readExceptionCode();
670 int32_t ret = reply.readInt32();
671 if (err < 0) {
672 ALOGD("import() caught exception %d\n", err);
673 return -1;
674 }
675 return ret;
676 }
677
678 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
679 size_t* outLength)
680 {
681 Parcel data, reply;
682 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
683 data.writeString16(name);
684 data.writeInt32(inLength);
685 void* buf = data.writeInplace(inLength);
686 memcpy(buf, in, inLength);
687 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
688 if (status != NO_ERROR) {
689 ALOGD("import() could not contact remote: %d\n", status);
690 return -1;
691 }
692 int32_t err = reply.readExceptionCode();
693 ssize_t len = reply.readInt32();
694 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
695 size_t ulen = (size_t) len;
696 const void* outBuf = reply.readInplace(ulen);
697 *out = (uint8_t*) malloc(ulen);
698 if (*out != NULL) {
699 memcpy((void*) *out, outBuf, ulen);
700 *outLength = ulen;
701 } else {
702 ALOGE("out of memory allocating output array in sign");
703 *outLength = 0;
704 }
705 } else {
706 *outLength = 0;
707 }
708 if (err < 0) {
709 ALOGD("import() caught exception %d\n", err);
710 return -1;
711 }
712 return 0;
713 }
714
715 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
716 const uint8_t* signature, size_t signatureLength)
717 {
718 Parcel data, reply;
719 void* buf;
720
721 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
722 data.writeString16(name);
723 data.writeInt32(inLength);
724 buf = data.writeInplace(inLength);
725 memcpy(buf, in, inLength);
726 data.writeInt32(signatureLength);
727 buf = data.writeInplace(signatureLength);
728 memcpy(buf, signature, signatureLength);
729 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
730 if (status != NO_ERROR) {
731 ALOGD("verify() could not contact remote: %d\n", status);
732 return -1;
733 }
734 int32_t err = reply.readExceptionCode();
735 int32_t ret = reply.readInt32();
736 if (err < 0) {
737 ALOGD("verify() caught exception %d\n", err);
738 return -1;
739 }
740 return ret;
741 }
742
743 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
744 {
745 Parcel data, reply;
746 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
747 data.writeString16(name);
748 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
749 if (status != NO_ERROR) {
750 ALOGD("get_pubkey() could not contact remote: %d\n", status);
751 return -1;
752 }
753 int32_t err = reply.readExceptionCode();
754 ssize_t len = reply.readInt32();
755 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
756 size_t ulen = (size_t) len;
757 const void* buf = reply.readInplace(ulen);
758 *pubkey = (uint8_t*) malloc(ulen);
759 if (*pubkey != NULL) {
760 memcpy(*pubkey, buf, ulen);
761 *pubkeyLength = ulen;
762 } else {
763 ALOGE("out of memory allocating output array in get_pubkey");
764 *pubkeyLength = 0;
765 }
766 } else {
767 *pubkeyLength = 0;
768 }
769 if (err < 0) {
770 ALOGD("get_pubkey() caught exception %d\n", err);
771 return -1;
772 }
773 return 0;
774 }
775
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]776 virtual int32_t del_key(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]777 {
778 Parcel data, reply;
779 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
780 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]781 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]782 status_t status = remote()->transact(BnKeystoreService::DEL_KEY, data, &reply);
783 if (status != NO_ERROR) {
784 ALOGD("del_key() could not contact remote: %d\n", status);
785 return -1;
786 }
787 int32_t err = reply.readExceptionCode();
788 int32_t ret = reply.readInt32();
789 if (err < 0) {
790 ALOGD("del_key() caught exception %d\n", err);
791 return -1;
792 }
793 return ret;
794 }
795
796 virtual int32_t grant(const String16& name, int32_t granteeUid)
797 {
798 Parcel data, reply;
799 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
800 data.writeString16(name);
801 data.writeInt32(granteeUid);
802 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
803 if (status != NO_ERROR) {
804 ALOGD("grant() could not contact remote: %d\n", status);
805 return -1;
806 }
807 int32_t err = reply.readExceptionCode();
808 int32_t ret = reply.readInt32();
809 if (err < 0) {
810 ALOGD("grant() caught exception %d\n", err);
811 return -1;
812 }
813 return ret;
814 }
815
816 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
817 {
818 Parcel data, reply;
819 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
820 data.writeString16(name);
821 data.writeInt32(granteeUid);
822 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
823 if (status != NO_ERROR) {
824 ALOGD("ungrant() could not contact remote: %d\n", status);
825 return -1;
826 }
827 int32_t err = reply.readExceptionCode();
828 int32_t ret = reply.readInt32();
829 if (err < 0) {
830 ALOGD("ungrant() caught exception %d\n", err);
831 return -1;
832 }
833 return ret;
834 }
835
836 int64_t getmtime(const String16& name)
837 {
838 Parcel data, reply;
839 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
840 data.writeString16(name);
841 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
842 if (status != NO_ERROR) {
843 ALOGD("getmtime() could not contact remote: %d\n", status);
844 return -1;
845 }
846 int32_t err = reply.readExceptionCode();
847 int64_t ret = reply.readInt64();
848 if (err < 0) {
849 ALOGD("getmtime() caught exception %d\n", err);
850 return -1;
851 }
852 return ret;
853 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]854
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]855 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
856 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]857 {
858 Parcel data, reply;
859 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]860 data.writeString16(srcKey);
861 data.writeInt32(srcUid);
862 data.writeString16(destKey);
863 data.writeInt32(destUid);
864 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]865 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]866 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]867 return -1;
868 }
869 int32_t err = reply.readExceptionCode();
870 int32_t ret = reply.readInt32();
871 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]872 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]873 return -1;
874 }
875 return ret;
876 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]877
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]878 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]879 {
880 Parcel data, reply;
881 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]882 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]883 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
884 if (status != NO_ERROR) {
885 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
886 return -1;
887 }
888 int32_t err = reply.readExceptionCode();
889 int32_t ret = reply.readInt32();
890 if (err < 0) {
891 ALOGD("is_hardware_backed() caught exception %d\n", err);
892 return -1;
893 }
894 return ret;
895 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]896
897 virtual int32_t clear_uid(int64_t uid)
898 {
899 Parcel data, reply;
900 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
901 data.writeInt64(uid);
902 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
903 if (status != NO_ERROR) {
904 ALOGD("clear_uid() could not contact remote: %d\n", status);
905 return -1;
906 }
907 int32_t err = reply.readExceptionCode();
908 int32_t ret = reply.readInt32();
909 if (err < 0) {
910 ALOGD("clear_uid() caught exception %d\n", err);
911 return -1;
912 }
913 return ret;
914 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]915
916 virtual int32_t reset_uid(int32_t uid) {
917 Parcel data, reply;
918 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
919 data.writeInt32(uid);
920 status_t status = remote()->transact(BnKeystoreService::RESET_UID, data, &reply);
921 if (status != NO_ERROR) {
922 ALOGD("reset_uid() could not contact remote: %d\n", status);
923 return -1;
924 }
925 int32_t err = reply.readExceptionCode();
926 int32_t ret = reply.readInt32();
927 if (err < 0) {
928 ALOGD("reset_uid() caught exception %d\n", err);
929 return -1;
930 }
931 return ret;
932
933 }
934
935 virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid)
936 {
937 Parcel data, reply;
938 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
939 data.writeInt32(sourceUid);
940 data.writeInt32(targetUid);
941 status_t status = remote()->transact(BnKeystoreService::SYNC_UID, data, &reply);
942 if (status != NO_ERROR) {
943 ALOGD("sync_uid() could not contact remote: %d\n", status);
944 return -1;
945 }
946 int32_t err = reply.readExceptionCode();
947 int32_t ret = reply.readInt32();
948 if (err < 0) {
949 ALOGD("sync_uid() caught exception %d\n", err);
950 return -1;
951 }
952 return ret;
953 }
954
955 virtual int32_t password_uid(const String16& password, int32_t uid)
956 {
957 Parcel data, reply;
958 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
959 data.writeString16(password);
960 data.writeInt32(uid);
961 status_t status = remote()->transact(BnKeystoreService::PASSWORD_UID, data, &reply);
962 if (status != NO_ERROR) {
963 ALOGD("password_uid() could not contact remote: %d\n", status);
964 return -1;
965 }
966 int32_t err = reply.readExceptionCode();
967 int32_t ret = reply.readInt32();
968 if (err < 0) {
969 ALOGD("password_uid() caught exception %d\n", err);
970 return -1;
971 }
972 return ret;
973 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]974 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
975 {
976 Parcel data, reply;
977 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
978 data.writeInt32(bufLength);
979 data.writeByteArray(bufLength, buf);
980 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
981 if (status != NO_ERROR) {
982 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
983 return -1;
984 }
985 int32_t err = reply.readExceptionCode();
986 int32_t ret = reply.readInt32();
987 if (err < 0) {
988 ALOGD("addRngEntropy() caught exception %d\n", err);
989 return -1;
990 }
991 return ret;
992 };
993
994 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
995 int uid, int flags, KeyCharacteristics* outCharacteristics)
996 {
997 Parcel data, reply;
998 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
999 data.writeString16(name);
1000 data.writeInt32(1);
1001 params.writeToParcel(&data);
1002 data.writeInt32(uid);
1003 data.writeInt32(flags);
1004 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
1005 if (status != NO_ERROR) {
1006 ALOGD("generateKey() could not contact remote: %d\n", status);
1007 return KM_ERROR_UNKNOWN_ERROR;
1008 }
1009 int32_t err = reply.readExceptionCode();
1010 int32_t ret = reply.readInt32();
1011 if (err < 0) {
1012 ALOGD("generateKey() caught exception %d\n", err);
1013 return KM_ERROR_UNKNOWN_ERROR;
1014 }
1015 if (reply.readInt32() != 0 && outCharacteristics) {
1016 outCharacteristics->readFromParcel(reply);
1017 }
1018 return ret;
1019 }
1020 virtual int32_t getKeyCharacteristics(const String16& name,
1021 const keymaster_blob_t& clientId,
1022 const keymaster_blob_t& appData,
1023 KeyCharacteristics* outCharacteristics)
1024 {
1025 Parcel data, reply;
1026 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1027 data.writeString16(name);
1028 data.writeByteArray(clientId.data_length, clientId.data);
1029 data.writeByteArray(appData.data_length, appData.data);
1030 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1031 data, &reply);
1032 if (status != NO_ERROR) {
1033 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1034 return KM_ERROR_UNKNOWN_ERROR;
1035 }
1036 int32_t err = reply.readExceptionCode();
1037 int32_t ret = reply.readInt32();
1038 if (err < 0) {
1039 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1040 return KM_ERROR_UNKNOWN_ERROR;
1041 }
1042 if (reply.readInt32() != 0 && outCharacteristics) {
1043 outCharacteristics->readFromParcel(reply);
1044 }
1045 return ret;
1046 }
1047 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1048 keymaster_key_format_t format, const uint8_t *keyData,
1049 size_t keyLength, int uid, int flags,
1050 KeyCharacteristics* outCharacteristics)
1051 {
1052 Parcel data, reply;
1053 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1054 data.writeString16(name);
1055 data.writeInt32(1);
1056 params.writeToParcel(&data);
1057 data.writeInt32(format);
1058 data.writeByteArray(keyLength, keyData);
1059 data.writeInt32(uid);
1060 data.writeInt32(flags);
1061 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1062 if (status != NO_ERROR) {
1063 ALOGD("importKey() could not contact remote: %d\n", status);
1064 return KM_ERROR_UNKNOWN_ERROR;
1065 }
1066 int32_t err = reply.readExceptionCode();
1067 int32_t ret = reply.readInt32();
1068 if (err < 0) {
1069 ALOGD("importKey() caught exception %d\n", err);
1070 return KM_ERROR_UNKNOWN_ERROR;
1071 }
1072 if (reply.readInt32() != 0 && outCharacteristics) {
1073 outCharacteristics->readFromParcel(reply);
1074 }
1075 return ret;
1076 }
1077
1078 virtual void exportKey(const String16& name, keymaster_key_format_t format,
1079 const keymaster_blob_t& clientId,
1080 const keymaster_blob_t& appData, ExportResult* result)
1081 {
1082 if (!result) {
1083 return;
1084 }
1085
1086 Parcel data, reply;
1087 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1088 data.writeString16(name);
1089 data.writeInt32(format);
1090 data.writeByteArray(clientId.data_length, clientId.data);
1091 data.writeByteArray(appData.data_length, appData.data);
1092 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1093 if (status != NO_ERROR) {
1094 ALOGD("exportKey() could not contact remote: %d\n", status);
1095 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1096 return;
1097 }
1098 int32_t err = reply.readExceptionCode();
1099 if (err < 0) {
1100 ALOGD("exportKey() caught exception %d\n", err);
1101 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1102 return;
1103 }
1104 if (reply.readInt32() != 0) {
1105 result->readFromParcel(reply);
1106 }
1107 }
1108
1109 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1110 keymaster_purpose_t purpose, bool pruneable,
1111 const KeymasterArguments& params, KeymasterArguments* outParams,
1112 OperationResult* result)
1113 {
1114 if (!result || !outParams) {
1115 return;
1116 }
1117 Parcel data, reply;
1118 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1119 data.writeStrongBinder(appToken);
1120 data.writeString16(name);
1121 data.writeInt32(purpose);
1122 data.writeInt32(pruneable ? 1 : 0);
1123 data.writeInt32(1);
1124 params.writeToParcel(&data);
1125 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1126 if (status != NO_ERROR) {
1127 ALOGD("begin() could not contact remote: %d\n", status);
1128 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1129 return;
1130 }
1131 int32_t err = reply.readExceptionCode();
1132 if (err < 0) {
1133 ALOGD("begin() caught exception %d\n", err);
1134 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1135 return;
1136 }
1137 if (reply.readInt32() != 0) {
1138 result->readFromParcel(reply);
1139 }
1140 if (reply.readInt32() != 0) {
1141 outParams->readFromParcel(reply);
1142 }
1143 }
1144
1145 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1146 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1147 {
1148 if (!result) {
1149 return;
1150 }
1151 Parcel data, reply;
1152 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1153 data.writeStrongBinder(token);
1154 data.writeInt32(1);
1155 params.writeToParcel(&data);
1156 data.writeByteArray(dataLength, opData);
1157 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1158 if (status != NO_ERROR) {
1159 ALOGD("update() could not contact remote: %d\n", status);
1160 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1161 return;
1162 }
1163 int32_t err = reply.readExceptionCode();
1164 if (err < 0) {
1165 ALOGD("update() caught exception %d\n", err);
1166 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1167 return;
1168 }
1169 if (reply.readInt32() != 0) {
1170 result->readFromParcel(reply);
1171 }
1172 }
1173
1174 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1175 const uint8_t* signature, size_t signatureLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1176 {
1177 if (!result) {
1178 return;
1179 }
1180 Parcel data, reply;
1181 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1182 data.writeStrongBinder(token);
1183 data.writeInt32(1);
1184 params.writeToParcel(&data);
1185 data.writeByteArray(signatureLength, signature);
1186 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1187 if (status != NO_ERROR) {
1188 ALOGD("finish() could not contact remote: %d\n", status);
1189 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1190 return;
1191 }
1192 int32_t err = reply.readExceptionCode();
1193 if (err < 0) {
1194 ALOGD("finish() caught exception %d\n", err);
1195 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1196 return;
1197 }
1198 if (reply.readInt32() != 0) {
1199 result->readFromParcel(reply);
1200 }
1201 }
1202
1203 virtual int32_t abort(const sp<IBinder>& token)
1204 {
1205 Parcel data, reply;
1206 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1207 data.writeStrongBinder(token);
1208 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1209 if (status != NO_ERROR) {
1210 ALOGD("abort() could not contact remote: %d\n", status);
1211 return KM_ERROR_UNKNOWN_ERROR;
1212 }
1213 int32_t err = reply.readExceptionCode();
1214 int32_t ret = reply.readInt32();
1215 if (err < 0) {
1216 ALOGD("abort() caught exception %d\n", err);
1217 return KM_ERROR_UNKNOWN_ERROR;
1218 }
1219 return ret;
1220 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1221};
1222
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1223IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1224
1225// ----------------------------------------------------------------------
1226
1227status_t BnKeystoreService::onTransact(
1228 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1229{
1230 switch(code) {
1231 case TEST: {
1232 CHECK_INTERFACE(IKeystoreService, data, reply);
1233 int32_t ret = test();
1234 reply->writeNoException();
1235 reply->writeInt32(ret);
1236 return NO_ERROR;
1237 } break;
1238 case GET: {
1239 CHECK_INTERFACE(IKeystoreService, data, reply);
1240 String16 name = data.readString16();
1241 void* out = NULL;
1242 size_t outSize = 0;
1243 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1244 reply->writeNoException();
1245 if (ret == 1) {
1246 reply->writeInt32(outSize);
1247 void* buf = reply->writeInplace(outSize);
1248 memcpy(buf, out, outSize);
1249 free(out);
1250 } else {
1251 reply->writeInt32(-1);
1252 }
1253 return NO_ERROR;
1254 } break;
1255 case INSERT: {
1256 CHECK_INTERFACE(IKeystoreService, data, reply);
1257 String16 name = data.readString16();
1258 ssize_t inSize = data.readInt32();
1259 const void* in;
1260 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1261 in = data.readInplace(inSize);
1262 } else {
1263 in = NULL;
1264 inSize = 0;
1265 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1266 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1267 int32_t flags = data.readInt32();
1268 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1269 reply->writeNoException();
1270 reply->writeInt32(ret);
1271 return NO_ERROR;
1272 } break;
1273 case DEL: {
1274 CHECK_INTERFACE(IKeystoreService, data, reply);
1275 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1276 int uid = data.readInt32();
1277 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1278 reply->writeNoException();
1279 reply->writeInt32(ret);
1280 return NO_ERROR;
1281 } break;
1282 case EXIST: {
1283 CHECK_INTERFACE(IKeystoreService, data, reply);
1284 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1285 int uid = data.readInt32();
1286 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1287 reply->writeNoException();
1288 reply->writeInt32(ret);
1289 return NO_ERROR;
1290 } break;
1291 case SAW: {
1292 CHECK_INTERFACE(IKeystoreService, data, reply);
1293 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1294 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1295 Vector<String16> matches;
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1296 int32_t ret = saw(name, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1297 reply->writeNoException();
1298 reply->writeInt32(matches.size());
1299 Vector<String16>::const_iterator it = matches.begin();
1300 for (; it != matches.end(); ++it) {
1301 reply->writeString16(*it);
1302 }
1303 reply->writeInt32(ret);
1304 return NO_ERROR;
1305 } break;
1306 case RESET: {
1307 CHECK_INTERFACE(IKeystoreService, data, reply);
1308 int32_t ret = reset();
1309 reply->writeNoException();
1310 reply->writeInt32(ret);
1311 return NO_ERROR;
1312 } break;
1313 case PASSWORD: {
1314 CHECK_INTERFACE(IKeystoreService, data, reply);
1315 String16 pass = data.readString16();
1316 int32_t ret = password(pass);
1317 reply->writeNoException();
1318 reply->writeInt32(ret);
1319 return NO_ERROR;
1320 } break;
1321 case LOCK: {
1322 CHECK_INTERFACE(IKeystoreService, data, reply);
1323 int32_t ret = lock();
1324 reply->writeNoException();
1325 reply->writeInt32(ret);
1326 return NO_ERROR;
1327 } break;
1328 case UNLOCK: {
1329 CHECK_INTERFACE(IKeystoreService, data, reply);
1330 String16 pass = data.readString16();
1331 int32_t ret = unlock(pass);
1332 reply->writeNoException();
1333 reply->writeInt32(ret);
1334 return NO_ERROR;
1335 } break;
1336 case ZERO: {
1337 CHECK_INTERFACE(IKeystoreService, data, reply);
1338 int32_t ret = zero();
1339 reply->writeNoException();
1340 reply->writeInt32(ret);
1341 return NO_ERROR;
1342 } break;
1343 case GENERATE: {
1344 CHECK_INTERFACE(IKeystoreService, data, reply);
1345 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1346 int32_t uid = data.readInt32();
1347 int32_t keyType = data.readInt32();
1348 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1349 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1350 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1351 int32_t argsPresent = data.readInt32();
1352 if (argsPresent == 1) {
1353 ssize_t numArgs = data.readInt32();
1354 if (numArgs > 0) {
1355 for (size_t i = 0; i < (size_t) numArgs; i++) {
1356 ssize_t inSize = data.readInt32();
1357 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1358 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1359 inSize);
1360 args.push_back(arg);
1361 } else {
1362 args.push_back(NULL);
1363 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1364 }
1365 }
1366 }
1367 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1368 reply->writeNoException();
1369 reply->writeInt32(ret);
1370 return NO_ERROR;
1371 } break;
1372 case IMPORT: {
1373 CHECK_INTERFACE(IKeystoreService, data, reply);
1374 String16 name = data.readString16();
1375 ssize_t inSize = data.readInt32();
1376 const void* in;
1377 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1378 in = data.readInplace(inSize);
1379 } else {
1380 in = NULL;
1381 inSize = 0;
1382 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1383 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1384 int32_t flags = data.readInt32();
1385 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1386 reply->writeNoException();
1387 reply->writeInt32(ret);
1388 return NO_ERROR;
1389 } break;
1390 case SIGN: {
1391 CHECK_INTERFACE(IKeystoreService, data, reply);
1392 String16 name = data.readString16();
1393 ssize_t inSize = data.readInt32();
1394 const void* in;
1395 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1396 in = data.readInplace(inSize);
1397 } else {
1398 in = NULL;
1399 inSize = 0;
1400 }
1401 void* out = NULL;
1402 size_t outSize = 0;
1403 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1404 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1405 if (outSize > 0 && out != NULL) {
1406 reply->writeInt32(outSize);
1407 void* buf = reply->writeInplace(outSize);
1408 memcpy(buf, out, outSize);
1409 free(out);
1410 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1411 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1412 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1413 reply->writeInt32(ret);
1414 return NO_ERROR;
1415 } break;
1416 case VERIFY: {
1417 CHECK_INTERFACE(IKeystoreService, data, reply);
1418 String16 name = data.readString16();
1419 ssize_t inSize = data.readInt32();
1420 const void* in;
1421 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1422 in = data.readInplace(inSize);
1423 } else {
1424 in = NULL;
1425 inSize = 0;
1426 }
1427 ssize_t sigSize = data.readInt32();
1428 const void* sig;
1429 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1430 sig = data.readInplace(sigSize);
1431 } else {
1432 sig = NULL;
1433 sigSize = 0;
1434 }
1435 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1436 (size_t) sigSize);
1437 reply->writeNoException();
1438 reply->writeInt32(ret ? 1 : 0);
1439 return NO_ERROR;
1440 } break;
1441 case GET_PUBKEY: {
1442 CHECK_INTERFACE(IKeystoreService, data, reply);
1443 String16 name = data.readString16();
1444 void* out = NULL;
1445 size_t outSize = 0;
1446 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1447 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1448 if (outSize > 0 && out != NULL) {
1449 reply->writeInt32(outSize);
1450 void* buf = reply->writeInplace(outSize);
1451 memcpy(buf, out, outSize);
1452 free(out);
1453 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1454 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1455 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1456 reply->writeInt32(ret);
1457 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1458 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1459 case DEL_KEY: {
1460 CHECK_INTERFACE(IKeystoreService, data, reply);
1461 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1462 int uid = data.readInt32();
1463 int32_t ret = del_key(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1464 reply->writeNoException();
1465 reply->writeInt32(ret);
1466 return NO_ERROR;
1467 } break;
1468 case GRANT: {
1469 CHECK_INTERFACE(IKeystoreService, data, reply);
1470 String16 name = data.readString16();
1471 int32_t granteeUid = data.readInt32();
1472 int32_t ret = grant(name, granteeUid);
1473 reply->writeNoException();
1474 reply->writeInt32(ret);
1475 return NO_ERROR;
1476 } break;
1477 case UNGRANT: {
1478 CHECK_INTERFACE(IKeystoreService, data, reply);
1479 String16 name = data.readString16();
1480 int32_t granteeUid = data.readInt32();
1481 int32_t ret = ungrant(name, granteeUid);
1482 reply->writeNoException();
1483 reply->writeInt32(ret);
1484 return NO_ERROR;
1485 } break;
1486 case GETMTIME: {
1487 CHECK_INTERFACE(IKeystoreService, data, reply);
1488 String16 name = data.readString16();
1489 int64_t ret = getmtime(name);
1490 reply->writeNoException();
1491 reply->writeInt64(ret);
1492 return NO_ERROR;
1493 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1494 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1495 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1496 String16 srcKey = data.readString16();
1497 int32_t srcUid = data.readInt32();
1498 String16 destKey = data.readString16();
1499 int32_t destUid = data.readInt32();
1500 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1501 reply->writeNoException();
1502 reply->writeInt32(ret);
1503 return NO_ERROR;
1504 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1505 case IS_HARDWARE_BACKED: {
1506 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1507 String16 keyType = data.readString16();
1508 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1509 reply->writeNoException();
1510 reply->writeInt32(ret);
1511 return NO_ERROR;
1512 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1513 case CLEAR_UID: {
1514 CHECK_INTERFACE(IKeystoreService, data, reply);
1515 int64_t uid = data.readInt64();
1516 int32_t ret = clear_uid(uid);
1517 reply->writeNoException();
1518 reply->writeInt32(ret);
1519 return NO_ERROR;
1520 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]1521 case RESET_UID: {
1522 CHECK_INTERFACE(IKeystoreService, data, reply);
1523 int32_t uid = data.readInt32();
1524 int32_t ret = reset_uid(uid);
1525 reply->writeNoException();
1526 reply->writeInt32(ret);
1527 return NO_ERROR;
1528 }
1529 case SYNC_UID: {
1530 CHECK_INTERFACE(IKeystoreService, data, reply);
1531 int32_t sourceUid = data.readInt32();
1532 int32_t targetUid = data.readInt32();
1533 int32_t ret = sync_uid(sourceUid, targetUid);
1534 reply->writeNoException();
1535 reply->writeInt32(ret);
1536 return NO_ERROR;
1537 }
1538 case PASSWORD_UID: {
1539 CHECK_INTERFACE(IKeystoreService, data, reply);
1540 String16 password = data.readString16();
1541 int32_t uid = data.readInt32();
1542 int32_t ret = password_uid(password, uid);
1543 reply->writeNoException();
1544 reply->writeInt32(ret);
1545 return NO_ERROR;
1546 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1547 case ADD_RNG_ENTROPY: {
1548 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame^]1549 const uint8_t* bytes = NULL;
1550 size_t size = 0;
1551 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1552 int32_t ret = addRngEntropy(bytes, size);
1553 reply->writeNoException();
1554 reply->writeInt32(ret);
1555 return NO_ERROR;
1556 }
1557 case GENERATE_KEY: {
1558 CHECK_INTERFACE(IKeystoreService, data, reply);
1559 String16 name = data.readString16();
1560 KeymasterArguments args;
1561 if (data.readInt32() != 0) {
1562 args.readFromParcel(data);
1563 }
1564 int32_t uid = data.readInt32();
1565 int32_t flags = data.readInt32();
1566 KeyCharacteristics outCharacteristics;
1567 int32_t ret = generateKey(name, args, uid, flags, &outCharacteristics);
1568 reply->writeNoException();
1569 reply->writeInt32(ret);
1570 reply->writeInt32(1);
1571 outCharacteristics.writeToParcel(reply);
1572 return NO_ERROR;
1573 }
1574 case GET_KEY_CHARACTERISTICS: {
1575 CHECK_INTERFACE(IKeystoreService, data, reply);
1576 String16 name = data.readString16();
1577 keymaster_blob_t clientId, appData;
1578 readKeymasterBlob(data, &clientId);
1579 readKeymasterBlob(data, &appData);
1580 KeyCharacteristics outCharacteristics;
1581 int ret = getKeyCharacteristics(name, clientId, appData, &outCharacteristics);
1582 reply->writeNoException();
1583 reply->writeInt32(ret);
1584 reply->writeInt32(1);
1585 outCharacteristics.writeToParcel(reply);
1586 return NO_ERROR;
1587 }
1588 case IMPORT_KEY: {
1589 CHECK_INTERFACE(IKeystoreService, data, reply);
1590 String16 name = data.readString16();
1591 KeymasterArguments args;
1592 if (data.readInt32() != 0) {
1593 args.readFromParcel(data);
1594 }
1595 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame^]1596 const uint8_t* keyData = NULL;
1597 size_t keyLength = 0;
1598 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1599 int32_t uid = data.readInt32();
1600 int32_t flags = data.readInt32();
1601 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame^]1602 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1603 &outCharacteristics);
1604 reply->writeNoException();
1605 reply->writeInt32(ret);
1606 reply->writeInt32(1);
1607 outCharacteristics.writeToParcel(reply);
1608
1609 return NO_ERROR;
1610 }
1611 case EXPORT_KEY: {
1612 CHECK_INTERFACE(IKeystoreService, data, reply);
1613 String16 name = data.readString16();
1614 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
1615 keymaster_blob_t clientId, appData;
1616 readKeymasterBlob(data, &clientId);
1617 readKeymasterBlob(data, &appData);
1618 ExportResult result;
1619 exportKey(name, format, clientId, appData, &result);
1620 reply->writeNoException();
1621 reply->writeInt32(1);
1622 result.writeToParcel(reply);
1623
1624 return NO_ERROR;
1625 }
1626 case BEGIN: {
1627 CHECK_INTERFACE(IKeystoreService, data, reply);
1628 sp<IBinder> token = data.readStrongBinder();
1629 String16 name = data.readString16();
1630 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1631 bool pruneable = data.readInt32() != 0;
1632 KeymasterArguments args;
1633 if (data.readInt32() != 0) {
1634 args.readFromParcel(data);
1635 }
1636 KeymasterArguments outArgs;
1637 OperationResult result;
1638 begin(token, name, purpose, pruneable, args, &outArgs, &result);
1639 reply->writeNoException();
1640 reply->writeInt32(1);
1641 result.writeToParcel(reply);
1642 reply->writeInt32(1);
1643 outArgs.writeToParcel(reply);
1644
1645 return NO_ERROR;
1646 }
1647 case UPDATE: {
1648 CHECK_INTERFACE(IKeystoreService, data, reply);
1649 sp<IBinder> token = data.readStrongBinder();
1650 KeymasterArguments args;
1651 if (data.readInt32() != 0) {
1652 args.readFromParcel(data);
1653 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame^]1654 const uint8_t* buf = NULL;
1655 size_t bufLength = 0;
1656 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1657 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame^]1658 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1659 reply->writeNoException();
1660 reply->writeInt32(1);
1661 result.writeToParcel(reply);
1662
1663 return NO_ERROR;
1664 }
1665 case FINISH: {
1666 CHECK_INTERFACE(IKeystoreService, data, reply);
1667 sp<IBinder> token = data.readStrongBinder();
1668 KeymasterArguments args;
1669 if (data.readInt32() != 0) {
1670 args.readFromParcel(data);
1671 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame^]1672 const uint8_t* buf = NULL;
1673 size_t bufLength = 0;
1674 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1675 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame^]1676 finish(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1677 reply->writeNoException();
1678 reply->writeInt32(1);
1679 result.writeToParcel(reply);
1680
1681 return NO_ERROR;
1682 }
1683 case ABORT: {
1684 CHECK_INTERFACE(IKeystoreService, data, reply);
1685 sp<IBinder> token = data.readStrongBinder();
1686 int32_t result = abort(token);
1687 reply->writeNoException();
1688 reply->writeInt32(result);
1689
1690 return NO_ERROR;
1691 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1692 default:
1693 return BBinder::onTransact(code, data, reply, flags);
1694 }
1695}
1696
1697// ----------------------------------------------------------------------------
1698
1699}; // namespace android