Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 773a2ba83309dc531c5a4b61ec0658bd6ee67dab / . / keystore / IKeystoreService.cpp
blob: 8c464d7399b00b674200f4d719be16ef3301a76e [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]33static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
34
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]35KeystoreArg::KeystoreArg(const void* data, size_t len)
36 : mData(data), mSize(len) {
37}
38
39KeystoreArg::~KeystoreArg() {
40}
41
42const void *KeystoreArg::data() const {
43 return mData;
44}
45
46size_t KeystoreArg::size() const {
47 return mSize;
48}
49
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]50OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]51 data(NULL), dataLength(0) {
52}
53
54OperationResult::~OperationResult() {
55}
56
57void OperationResult::readFromParcel(const Parcel& in) {
58 resultCode = in.readInt32();
59 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]60 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]61 inputConsumed = in.readInt32();
62 ssize_t length = in.readInt32();
63 dataLength = 0;
64 if (length > 0) {
65 const void* buf = in.readInplace(length);
66 if (buf) {
67 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
68 if (data.get()) {
69 memcpy(data.get(), buf, length);
70 dataLength = (size_t) length;
71 } else {
72 ALOGE("Failed to allocate OperationResult buffer");
73 }
74 } else {
75 ALOGE("Failed to readInplace OperationResult data");
76 }
77 }
Chad Brubaker773a2ba2015-06-01 12:59:00 -0700[diff] [blame^]78 outParams.readFromParcel(in);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]79}
80
81void OperationResult::writeToParcel(Parcel* out) const {
82 out->writeInt32(resultCode);
83 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]84 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]85 out->writeInt32(inputConsumed);
86 out->writeInt32(dataLength);
87 if (dataLength && data) {
88 void* buf = out->writeInplace(dataLength);
89 if (buf) {
90 memcpy(buf, data.get(), dataLength);
91 } else {
92 ALOGE("Failed to writeInplace OperationResult data.");
93 }
94 }
Chad Brubaker773a2ba2015-06-01 12:59:00 -0700[diff] [blame^]95 outParams.writeToParcel(out);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]96}
97
98ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
99}
100
101ExportResult::~ExportResult() {
102}
103
104void ExportResult::readFromParcel(const Parcel& in) {
105 resultCode = in.readInt32();
106 ssize_t length = in.readInt32();
107 dataLength = 0;
108 if (length > 0) {
109 const void* buf = in.readInplace(length);
110 if (buf) {
111 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
112 if (exportData.get()) {
113 memcpy(exportData.get(), buf, length);
114 dataLength = (size_t) length;
115 } else {
116 ALOGE("Failed to allocate ExportData buffer");
117 }
118 } else {
119 ALOGE("Failed to readInplace ExportData data");
120 }
121 }
122}
123
124void ExportResult::writeToParcel(Parcel* out) const {
125 out->writeInt32(resultCode);
126 out->writeInt32(dataLength);
127 if (exportData && dataLength) {
128 void* buf = out->writeInplace(dataLength);
129 if (buf) {
130 memcpy(buf, exportData.get(), dataLength);
131 } else {
132 ALOGE("Failed to writeInplace ExportResult data.");
133 }
134 }
135}
136
137KeymasterArguments::KeymasterArguments() {
138}
139
140KeymasterArguments::~KeymasterArguments() {
141 keymaster_free_param_values(params.data(), params.size());
142}
143
144void KeymasterArguments::readFromParcel(const Parcel& in) {
145 ssize_t length = in.readInt32();
146 size_t ulength = (size_t) length;
147 if (length < 0) {
148 ulength = 0;
149 }
150 keymaster_free_param_values(params.data(), params.size());
151 params.clear();
152 for(size_t i = 0; i < ulength; i++) {
153 keymaster_key_param_t param;
154 if (!readKeymasterArgumentFromParcel(in, &param)) {
155 ALOGE("Error reading keymaster argument from parcel");
156 break;
157 }
158 params.push_back(param);
159 }
160}
161
162void KeymasterArguments::writeToParcel(Parcel* out) const {
163 out->writeInt32(params.size());
164 for (auto param : params) {
165 out->writeInt32(1);
166 writeKeymasterArgumentToParcel(param, out);
167 }
168}
169
170KeyCharacteristics::KeyCharacteristics() {
171 memset((void*) &characteristics, 0, sizeof(characteristics));
172}
173
174KeyCharacteristics::~KeyCharacteristics() {
175 keymaster_free_characteristics(&characteristics);
176}
177
178void KeyCharacteristics::readFromParcel(const Parcel& in) {
179 size_t length = 0;
180 keymaster_key_param_t* params = readParamList(in, &length);
181 characteristics.sw_enforced.params = params;
182 characteristics.sw_enforced.length = length;
183
184 params = readParamList(in, &length);
185 characteristics.hw_enforced.params = params;
186 characteristics.hw_enforced.length = length;
187}
188
189void KeyCharacteristics::writeToParcel(Parcel* out) const {
190 if (characteristics.sw_enforced.params) {
191 out->writeInt32(characteristics.sw_enforced.length);
192 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
193 out->writeInt32(1);
194 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
195 }
196 } else {
197 out->writeInt32(0);
198 }
199 if (characteristics.hw_enforced.params) {
200 out->writeInt32(characteristics.hw_enforced.length);
201 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
202 out->writeInt32(1);
203 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
204 }
205 } else {
206 out->writeInt32(0);
207 }
208}
209
210void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
211 switch (keymaster_tag_get_type(param.tag)) {
212 case KM_ENUM:
213 case KM_ENUM_REP: {
214 out->writeInt32(param.tag);
215 out->writeInt32(param.enumerated);
216 break;
217 }
218 case KM_INT:
219 case KM_INT_REP: {
220 out->writeInt32(param.tag);
221 out->writeInt32(param.integer);
222 break;
223 }
Chad Brubaker686db062015-04-16 14:21:10 -0700[diff] [blame]224 case KM_LONG:
225 case KM_LONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]226 out->writeInt32(param.tag);
227 out->writeInt64(param.long_integer);
228 break;
229 }
230 case KM_DATE: {
231 out->writeInt32(param.tag);
232 out->writeInt64(param.date_time);
233 break;
234 }
235 case KM_BOOL: {
236 out->writeInt32(param.tag);
237 break;
238 }
239 case KM_BIGNUM:
240 case KM_BYTES: {
241 out->writeInt32(param.tag);
242 out->writeInt32(param.blob.data_length);
243 void* buf = out->writeInplace(param.blob.data_length);
244 if (buf) {
245 memcpy(buf, param.blob.data, param.blob.data_length);
246 } else {
247 ALOGE("Failed to writeInplace keymaster blob param");
248 }
249 break;
250 }
251 default: {
252 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
253 }
254 }
255}
256
257
258bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
259 if (in.readInt32() == 0) {
260 return false;
261 }
262 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
263 switch (keymaster_tag_get_type(tag)) {
264 case KM_ENUM:
265 case KM_ENUM_REP: {
266 uint32_t value = in.readInt32();
267 *out = keymaster_param_enum(tag, value);
268 break;
269 }
270 case KM_INT:
271 case KM_INT_REP: {
272 uint32_t value = in.readInt32();
273 *out = keymaster_param_int(tag, value);
274 break;
275 }
Chad Brubaker686db062015-04-16 14:21:10 -0700[diff] [blame]276 case KM_LONG:
277 case KM_LONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]278 uint64_t value = in.readInt64();
279 *out = keymaster_param_long(tag, value);
280 break;
281 }
282 case KM_DATE: {
283 uint64_t value = in.readInt64();
284 *out = keymaster_param_date(tag, value);
285 break;
286 }
287 case KM_BOOL: {
288 *out = keymaster_param_bool(tag);
289 break;
290 }
291 case KM_BIGNUM:
292 case KM_BYTES: {
293 ssize_t length = in.readInt32();
294 uint8_t* data = NULL;
295 size_t ulength = 0;
296 if (length >= 0) {
297 ulength = (size_t) length;
298 // use malloc here so we can use keymaster_free_param_values
299 // consistently.
300 data = reinterpret_cast<uint8_t*>(malloc(ulength));
301 const void* buf = in.readInplace(ulength);
302 if (!buf || !data) {
303 ALOGE("Failed to allocate buffer for keymaster blob param");
304 return false;
305 }
306 memcpy(data, buf, ulength);
307 }
308 *out = keymaster_param_blob(tag, data, ulength);
309 break;
310 }
311 default: {
312 ALOGE("Unsupported keymaster_tag_t %d", tag);
313 return false;
314 }
315 }
316 return true;
317}
318
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]319/**
320 * Read a byte array from in. The data at *data is still owned by the parcel
321 */
322static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
323 ssize_t slength = in.readInt32();
324 if (slength > 0) {
325 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
326 if (*data) {
327 *length = static_cast<size_t>(slength);
328 } else {
329 *length = 0;
330 }
331 } else {
332 *data = NULL;
333 *length = 0;
334 }
335}
336
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]337// Read a keymaster_key_param_t* from a Parcel for use in a
338// keymaster_key_characteristics_t. This will be free'd by calling
339// keymaster_free_key_characteristics.
340static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
341 ssize_t slength = in.readInt32();
342 *length = 0;
343 if (slength < 0) {
344 return NULL;
345 }
346 *length = (size_t) slength;
347 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
348 return NULL;
349 }
350 keymaster_key_param_t* list =
351 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
352 sizeof(keymaster_key_param_t)));
353 if (!list) {
354 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
355 goto err;
356 }
357 for (size_t i = 0; i < *length ; i++) {
358 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
359 ALOGE("Failed to read keymaster argument");
360 keymaster_free_param_values(list, i);
361 goto err;
362 }
363 }
364 return list;
365err:
366 free(list);
367 return NULL;
368}
369
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]370static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
371 std::unique_ptr<keymaster_blob_t> blob;
372 if (in.readInt32() != 1) {
373 blob.reset(NULL);
374 return blob;
375 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]376 ssize_t length = in.readInt32();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]377 blob.reset(new keymaster_blob_t);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]378 if (length > 0) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]379 blob->data = reinterpret_cast<const uint8_t*>(in.readInplace(length));
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]380 if (blob->data) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]381 blob->data_length = static_cast<size_t>(length);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]382 } else {
383 blob->data_length = 0;
384 }
385 } else {
386 blob->data = NULL;
387 blob->data_length = 0;
388 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]389 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]390}
391
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]392class BpKeystoreService: public BpInterface<IKeystoreService>
393{
394public:
395 BpKeystoreService(const sp<IBinder>& impl)
396 : BpInterface<IKeystoreService>(impl)
397 {
398 }
399
400 // test ping
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]401 virtual int32_t getState(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]402 {
403 Parcel data, reply;
404 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]405 data.writeInt32(userId);
406 status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]407 if (status != NO_ERROR) {
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]408 ALOGD("getState() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]409 return -1;
410 }
411 int32_t err = reply.readExceptionCode();
412 int32_t ret = reply.readInt32();
413 if (err < 0) {
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]414 ALOGD("getState() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]415 return -1;
416 }
417 return ret;
418 }
419
420 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
421 {
422 Parcel data, reply;
423 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
424 data.writeString16(name);
425 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
426 if (status != NO_ERROR) {
427 ALOGD("get() could not contact remote: %d\n", status);
428 return -1;
429 }
430 int32_t err = reply.readExceptionCode();
431 ssize_t len = reply.readInt32();
432 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
433 size_t ulen = (size_t) len;
434 const void* buf = reply.readInplace(ulen);
435 *item = (uint8_t*) malloc(ulen);
436 if (*item != NULL) {
437 memcpy(*item, buf, ulen);
438 *itemLength = ulen;
439 } else {
440 ALOGE("out of memory allocating output array in get");
441 *itemLength = 0;
442 }
443 } else {
444 *itemLength = 0;
445 }
446 if (err < 0) {
447 ALOGD("get() caught exception %d\n", err);
448 return -1;
449 }
450 return 0;
451 }
452
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]453 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
454 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]455 {
456 Parcel data, reply;
457 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
458 data.writeString16(name);
459 data.writeInt32(itemLength);
460 void* buf = data.writeInplace(itemLength);
461 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]462 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]463 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]464 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
465 if (status != NO_ERROR) {
466 ALOGD("import() could not contact remote: %d\n", status);
467 return -1;
468 }
469 int32_t err = reply.readExceptionCode();
470 int32_t ret = reply.readInt32();
471 if (err < 0) {
472 ALOGD("import() caught exception %d\n", err);
473 return -1;
474 }
475 return ret;
476 }
477
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]478 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]479 {
480 Parcel data, reply;
481 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
482 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]483 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]484 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
485 if (status != NO_ERROR) {
486 ALOGD("del() could not contact remote: %d\n", status);
487 return -1;
488 }
489 int32_t err = reply.readExceptionCode();
490 int32_t ret = reply.readInt32();
491 if (err < 0) {
492 ALOGD("del() caught exception %d\n", err);
493 return -1;
494 }
495 return ret;
496 }
497
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]498 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]499 {
500 Parcel data, reply;
501 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
502 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]503 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]504 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
505 if (status != NO_ERROR) {
506 ALOGD("exist() could not contact remote: %d\n", status);
507 return -1;
508 }
509 int32_t err = reply.readExceptionCode();
510 int32_t ret = reply.readInt32();
511 if (err < 0) {
512 ALOGD("exist() caught exception %d\n", err);
513 return -1;
514 }
515 return ret;
516 }
517
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]518 virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]519 {
520 Parcel data, reply;
521 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]522 data.writeString16(prefix);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]523 data.writeInt32(uid);
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]524 status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]525 if (status != NO_ERROR) {
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]526 ALOGD("list() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]527 return -1;
528 }
529 int32_t err = reply.readExceptionCode();
530 int32_t numMatches = reply.readInt32();
531 for (int32_t i = 0; i < numMatches; i++) {
532 matches->push(reply.readString16());
533 }
534 int32_t ret = reply.readInt32();
535 if (err < 0) {
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]536 ALOGD("list() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]537 return -1;
538 }
539 return ret;
540 }
541
542 virtual int32_t reset()
543 {
544 Parcel data, reply;
545 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
546 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
547 if (status != NO_ERROR) {
548 ALOGD("reset() could not contact remote: %d\n", status);
549 return -1;
550 }
551 int32_t err = reply.readExceptionCode();
552 int32_t ret = reply.readInt32();
553 if (err < 0) {
554 ALOGD("reset() caught exception %d\n", err);
555 return -1;
556 }
557 return ret;
558 }
559
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]560 virtual int32_t onUserPasswordChanged(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]561 {
562 Parcel data, reply;
563 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]564 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]565 data.writeString16(password);
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]566 status_t status = remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data,
567 &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]568 if (status != NO_ERROR) {
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]569 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]570 return -1;
571 }
572 int32_t err = reply.readExceptionCode();
573 int32_t ret = reply.readInt32();
574 if (err < 0) {
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]575 ALOGD("onUserPasswordChanged() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]576 return -1;
577 }
578 return ret;
579 }
580
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]581 virtual int32_t lock(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]582 {
583 Parcel data, reply;
584 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]585 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]586 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
587 if (status != NO_ERROR) {
588 ALOGD("lock() could not contact remote: %d\n", status);
589 return -1;
590 }
591 int32_t err = reply.readExceptionCode();
592 int32_t ret = reply.readInt32();
593 if (err < 0) {
594 ALOGD("lock() caught exception %d\n", err);
595 return -1;
596 }
597 return ret;
598 }
599
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]600 virtual int32_t unlock(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]601 {
602 Parcel data, reply;
603 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]604 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]605 data.writeString16(password);
606 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
607 if (status != NO_ERROR) {
608 ALOGD("unlock() could not contact remote: %d\n", status);
609 return -1;
610 }
611 int32_t err = reply.readExceptionCode();
612 int32_t ret = reply.readInt32();
613 if (err < 0) {
614 ALOGD("unlock() caught exception %d\n", err);
615 return -1;
616 }
617 return ret;
618 }
619
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]620 virtual bool isEmpty(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]621 {
622 Parcel data, reply;
623 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]624 data.writeInt32(userId);
625 status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]626 if (status != NO_ERROR) {
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]627 ALOGD("isEmpty() could not contact remote: %d\n", status);
628 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]629 }
630 int32_t err = reply.readExceptionCode();
631 int32_t ret = reply.readInt32();
632 if (err < 0) {
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]633 ALOGD("isEmpty() caught exception %d\n", err);
634 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]635 }
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]636 return ret != 0;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]637 }
638
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]639 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
640 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]641 {
642 Parcel data, reply;
643 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
644 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]645 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]646 data.writeInt32(keyType);
647 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]648 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]649 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]650 data.writeInt32(args->size());
651 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
652 sp<KeystoreArg> item = *it;
653 size_t keyLength = item->size();
654 data.writeInt32(keyLength);
655 void* buf = data.writeInplace(keyLength);
656 memcpy(buf, item->data(), keyLength);
657 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]658 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
659 if (status != NO_ERROR) {
660 ALOGD("generate() could not contact remote: %d\n", status);
661 return -1;
662 }
663 int32_t err = reply.readExceptionCode();
664 int32_t ret = reply.readInt32();
665 if (err < 0) {
666 ALOGD("generate() caught exception %d\n", err);
667 return -1;
668 }
669 return ret;
670 }
671
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]672 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
673 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]674 {
675 Parcel data, reply;
676 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
677 data.writeString16(name);
678 data.writeInt32(keyLength);
679 void* buf = data.writeInplace(keyLength);
680 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]681 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]682 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]683 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
684 if (status != NO_ERROR) {
685 ALOGD("import() could not contact remote: %d\n", status);
686 return -1;
687 }
688 int32_t err = reply.readExceptionCode();
689 int32_t ret = reply.readInt32();
690 if (err < 0) {
691 ALOGD("import() caught exception %d\n", err);
692 return -1;
693 }
694 return ret;
695 }
696
697 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
698 size_t* outLength)
699 {
700 Parcel data, reply;
701 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
702 data.writeString16(name);
703 data.writeInt32(inLength);
704 void* buf = data.writeInplace(inLength);
705 memcpy(buf, in, inLength);
706 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
707 if (status != NO_ERROR) {
708 ALOGD("import() could not contact remote: %d\n", status);
709 return -1;
710 }
711 int32_t err = reply.readExceptionCode();
712 ssize_t len = reply.readInt32();
713 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
714 size_t ulen = (size_t) len;
715 const void* outBuf = reply.readInplace(ulen);
716 *out = (uint8_t*) malloc(ulen);
717 if (*out != NULL) {
718 memcpy((void*) *out, outBuf, ulen);
719 *outLength = ulen;
720 } else {
721 ALOGE("out of memory allocating output array in sign");
722 *outLength = 0;
723 }
724 } else {
725 *outLength = 0;
726 }
727 if (err < 0) {
728 ALOGD("import() caught exception %d\n", err);
729 return -1;
730 }
731 return 0;
732 }
733
734 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
735 const uint8_t* signature, size_t signatureLength)
736 {
737 Parcel data, reply;
738 void* buf;
739
740 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
741 data.writeString16(name);
742 data.writeInt32(inLength);
743 buf = data.writeInplace(inLength);
744 memcpy(buf, in, inLength);
745 data.writeInt32(signatureLength);
746 buf = data.writeInplace(signatureLength);
747 memcpy(buf, signature, signatureLength);
748 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
749 if (status != NO_ERROR) {
750 ALOGD("verify() could not contact remote: %d\n", status);
751 return -1;
752 }
753 int32_t err = reply.readExceptionCode();
754 int32_t ret = reply.readInt32();
755 if (err < 0) {
756 ALOGD("verify() caught exception %d\n", err);
757 return -1;
758 }
759 return ret;
760 }
761
762 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
763 {
764 Parcel data, reply;
765 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
766 data.writeString16(name);
767 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
768 if (status != NO_ERROR) {
769 ALOGD("get_pubkey() could not contact remote: %d\n", status);
770 return -1;
771 }
772 int32_t err = reply.readExceptionCode();
773 ssize_t len = reply.readInt32();
774 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
775 size_t ulen = (size_t) len;
776 const void* buf = reply.readInplace(ulen);
777 *pubkey = (uint8_t*) malloc(ulen);
778 if (*pubkey != NULL) {
779 memcpy(*pubkey, buf, ulen);
780 *pubkeyLength = ulen;
781 } else {
782 ALOGE("out of memory allocating output array in get_pubkey");
783 *pubkeyLength = 0;
784 }
785 } else {
786 *pubkeyLength = 0;
787 }
788 if (err < 0) {
789 ALOGD("get_pubkey() caught exception %d\n", err);
790 return -1;
791 }
792 return 0;
793 }
794
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]795 virtual int32_t grant(const String16& name, int32_t granteeUid)
796 {
797 Parcel data, reply;
798 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
799 data.writeString16(name);
800 data.writeInt32(granteeUid);
801 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
802 if (status != NO_ERROR) {
803 ALOGD("grant() could not contact remote: %d\n", status);
804 return -1;
805 }
806 int32_t err = reply.readExceptionCode();
807 int32_t ret = reply.readInt32();
808 if (err < 0) {
809 ALOGD("grant() caught exception %d\n", err);
810 return -1;
811 }
812 return ret;
813 }
814
815 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
816 {
817 Parcel data, reply;
818 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
819 data.writeString16(name);
820 data.writeInt32(granteeUid);
821 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
822 if (status != NO_ERROR) {
823 ALOGD("ungrant() could not contact remote: %d\n", status);
824 return -1;
825 }
826 int32_t err = reply.readExceptionCode();
827 int32_t ret = reply.readInt32();
828 if (err < 0) {
829 ALOGD("ungrant() caught exception %d\n", err);
830 return -1;
831 }
832 return ret;
833 }
834
835 int64_t getmtime(const String16& name)
836 {
837 Parcel data, reply;
838 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
839 data.writeString16(name);
840 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
841 if (status != NO_ERROR) {
842 ALOGD("getmtime() could not contact remote: %d\n", status);
843 return -1;
844 }
845 int32_t err = reply.readExceptionCode();
846 int64_t ret = reply.readInt64();
847 if (err < 0) {
848 ALOGD("getmtime() caught exception %d\n", err);
849 return -1;
850 }
851 return ret;
852 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]853
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]854 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
855 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]856 {
857 Parcel data, reply;
858 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]859 data.writeString16(srcKey);
860 data.writeInt32(srcUid);
861 data.writeString16(destKey);
862 data.writeInt32(destUid);
863 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]864 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]865 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]866 return -1;
867 }
868 int32_t err = reply.readExceptionCode();
869 int32_t ret = reply.readInt32();
870 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]871 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]872 return -1;
873 }
874 return ret;
875 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]876
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]877 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]878 {
879 Parcel data, reply;
880 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]881 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]882 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
883 if (status != NO_ERROR) {
884 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
885 return -1;
886 }
887 int32_t err = reply.readExceptionCode();
888 int32_t ret = reply.readInt32();
889 if (err < 0) {
890 ALOGD("is_hardware_backed() caught exception %d\n", err);
891 return -1;
892 }
893 return ret;
894 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]895
896 virtual int32_t clear_uid(int64_t uid)
897 {
898 Parcel data, reply;
899 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
900 data.writeInt64(uid);
901 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
902 if (status != NO_ERROR) {
903 ALOGD("clear_uid() could not contact remote: %d\n", status);
904 return -1;
905 }
906 int32_t err = reply.readExceptionCode();
907 int32_t ret = reply.readInt32();
908 if (err < 0) {
909 ALOGD("clear_uid() caught exception %d\n", err);
910 return -1;
911 }
912 return ret;
913 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]914
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]915 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
916 {
917 Parcel data, reply;
918 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]919 data.writeByteArray(bufLength, buf);
920 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
921 if (status != NO_ERROR) {
922 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
923 return -1;
924 }
925 int32_t err = reply.readExceptionCode();
926 int32_t ret = reply.readInt32();
927 if (err < 0) {
928 ALOGD("addRngEntropy() caught exception %d\n", err);
929 return -1;
930 }
931 return ret;
932 };
933
934 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]935 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
936 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]937 {
938 Parcel data, reply;
939 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
940 data.writeString16(name);
941 data.writeInt32(1);
942 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]943 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]944 data.writeInt32(uid);
945 data.writeInt32(flags);
946 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
947 if (status != NO_ERROR) {
948 ALOGD("generateKey() could not contact remote: %d\n", status);
949 return KM_ERROR_UNKNOWN_ERROR;
950 }
951 int32_t err = reply.readExceptionCode();
952 int32_t ret = reply.readInt32();
953 if (err < 0) {
954 ALOGD("generateKey() caught exception %d\n", err);
955 return KM_ERROR_UNKNOWN_ERROR;
956 }
957 if (reply.readInt32() != 0 && outCharacteristics) {
958 outCharacteristics->readFromParcel(reply);
959 }
960 return ret;
961 }
962 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]963 const keymaster_blob_t* clientId,
964 const keymaster_blob_t* appData,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]965 KeyCharacteristics* outCharacteristics)
966 {
967 Parcel data, reply;
968 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
969 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]970 if (clientId) {
971 data.writeByteArray(clientId->data_length, clientId->data);
972 } else {
973 data.writeInt32(-1);
974 }
975 if (appData) {
976 data.writeByteArray(appData->data_length, appData->data);
977 } else {
978 data.writeInt32(-1);
979 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]980 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
981 data, &reply);
982 if (status != NO_ERROR) {
983 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
984 return KM_ERROR_UNKNOWN_ERROR;
985 }
986 int32_t err = reply.readExceptionCode();
987 int32_t ret = reply.readInt32();
988 if (err < 0) {
989 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
990 return KM_ERROR_UNKNOWN_ERROR;
991 }
992 if (reply.readInt32() != 0 && outCharacteristics) {
993 outCharacteristics->readFromParcel(reply);
994 }
995 return ret;
996 }
997 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
998 keymaster_key_format_t format, const uint8_t *keyData,
999 size_t keyLength, int uid, int flags,
1000 KeyCharacteristics* outCharacteristics)
1001 {
1002 Parcel data, reply;
1003 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1004 data.writeString16(name);
1005 data.writeInt32(1);
1006 params.writeToParcel(&data);
1007 data.writeInt32(format);
1008 data.writeByteArray(keyLength, keyData);
1009 data.writeInt32(uid);
1010 data.writeInt32(flags);
1011 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1012 if (status != NO_ERROR) {
1013 ALOGD("importKey() could not contact remote: %d\n", status);
1014 return KM_ERROR_UNKNOWN_ERROR;
1015 }
1016 int32_t err = reply.readExceptionCode();
1017 int32_t ret = reply.readInt32();
1018 if (err < 0) {
1019 ALOGD("importKey() caught exception %d\n", err);
1020 return KM_ERROR_UNKNOWN_ERROR;
1021 }
1022 if (reply.readInt32() != 0 && outCharacteristics) {
1023 outCharacteristics->readFromParcel(reply);
1024 }
1025 return ret;
1026 }
1027
1028 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1029 const keymaster_blob_t* clientId,
1030 const keymaster_blob_t* appData, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1031 {
1032 if (!result) {
1033 return;
1034 }
1035
1036 Parcel data, reply;
1037 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1038 data.writeString16(name);
1039 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1040 if (clientId) {
1041 data.writeByteArray(clientId->data_length, clientId->data);
1042 } else {
1043 data.writeInt32(-1);
1044 }
1045 if (appData) {
1046 data.writeByteArray(appData->data_length, appData->data);
1047 } else {
1048 data.writeInt32(-1);
1049 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1050 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1051 if (status != NO_ERROR) {
1052 ALOGD("exportKey() could not contact remote: %d\n", status);
1053 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1054 return;
1055 }
1056 int32_t err = reply.readExceptionCode();
1057 if (err < 0) {
1058 ALOGD("exportKey() caught exception %d\n", err);
1059 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1060 return;
1061 }
1062 if (reply.readInt32() != 0) {
1063 result->readFromParcel(reply);
1064 }
1065 }
1066
1067 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1068 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1069 const KeymasterArguments& params, const uint8_t* entropy,
Chad Brubaker773a2ba2015-06-01 12:59:00 -0700[diff] [blame^]1070 size_t entropyLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1071 {
Chad Brubaker773a2ba2015-06-01 12:59:00 -0700[diff] [blame^]1072 if (!result) {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1073 return;
1074 }
1075 Parcel data, reply;
1076 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1077 data.writeStrongBinder(appToken);
1078 data.writeString16(name);
1079 data.writeInt32(purpose);
1080 data.writeInt32(pruneable ? 1 : 0);
1081 data.writeInt32(1);
1082 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1083 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1084 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1085 if (status != NO_ERROR) {
1086 ALOGD("begin() could not contact remote: %d\n", status);
1087 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1088 return;
1089 }
1090 int32_t err = reply.readExceptionCode();
1091 if (err < 0) {
1092 ALOGD("begin() caught exception %d\n", err);
1093 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1094 return;
1095 }
1096 if (reply.readInt32() != 0) {
1097 result->readFromParcel(reply);
1098 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1099 }
1100
1101 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1102 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1103 {
1104 if (!result) {
1105 return;
1106 }
1107 Parcel data, reply;
1108 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1109 data.writeStrongBinder(token);
1110 data.writeInt32(1);
1111 params.writeToParcel(&data);
1112 data.writeByteArray(dataLength, opData);
1113 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1114 if (status != NO_ERROR) {
1115 ALOGD("update() could not contact remote: %d\n", status);
1116 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1117 return;
1118 }
1119 int32_t err = reply.readExceptionCode();
1120 if (err < 0) {
1121 ALOGD("update() caught exception %d\n", err);
1122 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1123 return;
1124 }
1125 if (reply.readInt32() != 0) {
1126 result->readFromParcel(reply);
1127 }
1128 }
1129
1130 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker8cfb8ac2015-05-29 12:30:19 -0700[diff] [blame]1131 const uint8_t* signature, size_t signatureLength,
1132 const uint8_t* entropy, size_t entropyLength,
1133 OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1134 {
1135 if (!result) {
1136 return;
1137 }
1138 Parcel data, reply;
1139 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1140 data.writeStrongBinder(token);
1141 data.writeInt32(1);
1142 params.writeToParcel(&data);
1143 data.writeByteArray(signatureLength, signature);
Chad Brubaker8cfb8ac2015-05-29 12:30:19 -0700[diff] [blame]1144 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1145 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1146 if (status != NO_ERROR) {
1147 ALOGD("finish() could not contact remote: %d\n", status);
1148 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1149 return;
1150 }
1151 int32_t err = reply.readExceptionCode();
1152 if (err < 0) {
1153 ALOGD("finish() caught exception %d\n", err);
1154 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1155 return;
1156 }
1157 if (reply.readInt32() != 0) {
1158 result->readFromParcel(reply);
1159 }
1160 }
1161
1162 virtual int32_t abort(const sp<IBinder>& token)
1163 {
1164 Parcel data, reply;
1165 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1166 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1167 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1168 if (status != NO_ERROR) {
1169 ALOGD("abort() could not contact remote: %d\n", status);
1170 return KM_ERROR_UNKNOWN_ERROR;
1171 }
1172 int32_t err = reply.readExceptionCode();
1173 int32_t ret = reply.readInt32();
1174 if (err < 0) {
1175 ALOGD("abort() caught exception %d\n", err);
1176 return KM_ERROR_UNKNOWN_ERROR;
1177 }
1178 return ret;
1179 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1180
1181 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1182 {
1183 Parcel data, reply;
1184 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1185 data.writeStrongBinder(token);
1186 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1187 &reply);
1188 if (status != NO_ERROR) {
1189 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1190 return false;
1191 }
1192 int32_t err = reply.readExceptionCode();
1193 int32_t ret = reply.readInt32();
1194 if (err < 0) {
1195 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1196 return false;
1197 }
1198 return ret == 1;
1199 }
1200
1201 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1202 {
1203 Parcel data, reply;
1204 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1205 data.writeByteArray(length, token);
1206 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1207 if (status != NO_ERROR) {
1208 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1209 return -1;
1210 }
1211 int32_t err = reply.readExceptionCode();
1212 int32_t ret = reply.readInt32();
1213 if (err < 0) {
1214 ALOGD("addAuthToken() caught exception %d\n", err);
1215 return -1;
1216 }
1217 return ret;
1218 };
Chad Brubakerfd777e72015-05-12 10:43:10 -0700[diff] [blame]1219
1220 virtual int32_t onUserAdded(int32_t userId, int32_t parentId)
1221 {
1222 Parcel data, reply;
1223 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1224 data.writeInt32(userId);
1225 data.writeInt32(parentId);
1226 status_t status = remote()->transact(BnKeystoreService::ON_USER_ADDED, data, &reply);
1227 if (status != NO_ERROR) {
1228 ALOGD("onUserAdded() could not contact remote: %d\n", status);
1229 return -1;
1230 }
1231 int32_t err = reply.readExceptionCode();
1232 int32_t ret = reply.readInt32();
1233 if (err < 0) {
1234 ALOGD("onUserAdded() caught exception %d\n", err);
1235 return -1;
1236 }
1237 return ret;
1238 }
1239
1240 virtual int32_t onUserRemoved(int32_t userId)
1241 {
1242 Parcel data, reply;
1243 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1244 data.writeInt32(userId);
1245 status_t status = remote()->transact(BnKeystoreService::ON_USER_REMOVED, data, &reply);
1246 if (status != NO_ERROR) {
1247 ALOGD("onUserRemoved() could not contact remote: %d\n", status);
1248 return -1;
1249 }
1250 int32_t err = reply.readExceptionCode();
1251 int32_t ret = reply.readInt32();
1252 if (err < 0) {
1253 ALOGD("onUserRemoved() caught exception %d\n", err);
1254 return -1;
1255 }
1256 return ret;
1257 }
1258
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1259};
1260
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1261IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1262
1263// ----------------------------------------------------------------------
1264
1265status_t BnKeystoreService::onTransact(
1266 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1267{
1268 switch(code) {
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]1269 case GET_STATE: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1270 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]1271 int32_t userId = data.readInt32();
1272 int32_t ret = getState(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1273 reply->writeNoException();
1274 reply->writeInt32(ret);
1275 return NO_ERROR;
1276 } break;
1277 case GET: {
1278 CHECK_INTERFACE(IKeystoreService, data, reply);
1279 String16 name = data.readString16();
1280 void* out = NULL;
1281 size_t outSize = 0;
1282 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1283 reply->writeNoException();
1284 if (ret == 1) {
1285 reply->writeInt32(outSize);
1286 void* buf = reply->writeInplace(outSize);
1287 memcpy(buf, out, outSize);
1288 free(out);
1289 } else {
1290 reply->writeInt32(-1);
1291 }
1292 return NO_ERROR;
1293 } break;
1294 case INSERT: {
1295 CHECK_INTERFACE(IKeystoreService, data, reply);
1296 String16 name = data.readString16();
1297 ssize_t inSize = data.readInt32();
1298 const void* in;
1299 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1300 in = data.readInplace(inSize);
1301 } else {
1302 in = NULL;
1303 inSize = 0;
1304 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1305 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1306 int32_t flags = data.readInt32();
1307 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1308 reply->writeNoException();
1309 reply->writeInt32(ret);
1310 return NO_ERROR;
1311 } break;
1312 case DEL: {
1313 CHECK_INTERFACE(IKeystoreService, data, reply);
1314 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1315 int uid = data.readInt32();
1316 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1317 reply->writeNoException();
1318 reply->writeInt32(ret);
1319 return NO_ERROR;
1320 } break;
1321 case EXIST: {
1322 CHECK_INTERFACE(IKeystoreService, data, reply);
1323 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1324 int uid = data.readInt32();
1325 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1326 reply->writeNoException();
1327 reply->writeInt32(ret);
1328 return NO_ERROR;
1329 } break;
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]1330 case LIST: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1331 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]1332 String16 prefix = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1333 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1334 Vector<String16> matches;
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]1335 int32_t ret = list(prefix, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1336 reply->writeNoException();
1337 reply->writeInt32(matches.size());
1338 Vector<String16>::const_iterator it = matches.begin();
1339 for (; it != matches.end(); ++it) {
1340 reply->writeString16(*it);
1341 }
1342 reply->writeInt32(ret);
1343 return NO_ERROR;
1344 } break;
1345 case RESET: {
1346 CHECK_INTERFACE(IKeystoreService, data, reply);
1347 int32_t ret = reset();
1348 reply->writeNoException();
1349 reply->writeInt32(ret);
1350 return NO_ERROR;
1351 } break;
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1352 case ON_USER_PASSWORD_CHANGED: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1353 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1354 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1355 String16 pass = data.readString16();
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1356 int32_t ret = onUserPasswordChanged(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1357 reply->writeNoException();
1358 reply->writeInt32(ret);
1359 return NO_ERROR;
1360 } break;
1361 case LOCK: {
1362 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]1363 int32_t userId = data.readInt32();
1364 int32_t ret = lock(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1365 reply->writeNoException();
1366 reply->writeInt32(ret);
1367 return NO_ERROR;
1368 } break;
1369 case UNLOCK: {
1370 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1371 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1372 String16 pass = data.readString16();
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1373 int32_t ret = unlock(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1374 reply->writeNoException();
1375 reply->writeInt32(ret);
1376 return NO_ERROR;
1377 } break;
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]1378 case IS_EMPTY: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1379 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]1380 int32_t userId = data.readInt32();
1381 bool ret = isEmpty(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1382 reply->writeNoException();
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame]1383 reply->writeInt32(ret ? 1 : 0);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1384 return NO_ERROR;
1385 } break;
1386 case GENERATE: {
1387 CHECK_INTERFACE(IKeystoreService, data, reply);
1388 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1389 int32_t uid = data.readInt32();
1390 int32_t keyType = data.readInt32();
1391 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1392 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1393 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1394 int32_t argsPresent = data.readInt32();
1395 if (argsPresent == 1) {
1396 ssize_t numArgs = data.readInt32();
1397 if (numArgs > 0) {
1398 for (size_t i = 0; i < (size_t) numArgs; i++) {
1399 ssize_t inSize = data.readInt32();
1400 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1401 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1402 inSize);
1403 args.push_back(arg);
1404 } else {
1405 args.push_back(NULL);
1406 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1407 }
1408 }
1409 }
1410 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1411 reply->writeNoException();
1412 reply->writeInt32(ret);
1413 return NO_ERROR;
1414 } break;
1415 case IMPORT: {
1416 CHECK_INTERFACE(IKeystoreService, data, reply);
1417 String16 name = data.readString16();
1418 ssize_t inSize = data.readInt32();
1419 const void* in;
1420 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1421 in = data.readInplace(inSize);
1422 } else {
1423 in = NULL;
1424 inSize = 0;
1425 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1426 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1427 int32_t flags = data.readInt32();
1428 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1429 reply->writeNoException();
1430 reply->writeInt32(ret);
1431 return NO_ERROR;
1432 } break;
1433 case SIGN: {
1434 CHECK_INTERFACE(IKeystoreService, data, reply);
1435 String16 name = data.readString16();
1436 ssize_t inSize = data.readInt32();
1437 const void* in;
1438 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1439 in = data.readInplace(inSize);
1440 } else {
1441 in = NULL;
1442 inSize = 0;
1443 }
1444 void* out = NULL;
1445 size_t outSize = 0;
1446 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1447 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1448 if (outSize > 0 && out != NULL) {
1449 reply->writeInt32(outSize);
1450 void* buf = reply->writeInplace(outSize);
1451 memcpy(buf, out, outSize);
1452 free(out);
1453 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1454 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1455 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1456 reply->writeInt32(ret);
1457 return NO_ERROR;
1458 } break;
1459 case VERIFY: {
1460 CHECK_INTERFACE(IKeystoreService, data, reply);
1461 String16 name = data.readString16();
1462 ssize_t inSize = data.readInt32();
1463 const void* in;
1464 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1465 in = data.readInplace(inSize);
1466 } else {
1467 in = NULL;
1468 inSize = 0;
1469 }
1470 ssize_t sigSize = data.readInt32();
1471 const void* sig;
1472 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1473 sig = data.readInplace(sigSize);
1474 } else {
1475 sig = NULL;
1476 sigSize = 0;
1477 }
1478 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1479 (size_t) sigSize);
1480 reply->writeNoException();
1481 reply->writeInt32(ret ? 1 : 0);
1482 return NO_ERROR;
1483 } break;
1484 case GET_PUBKEY: {
1485 CHECK_INTERFACE(IKeystoreService, data, reply);
1486 String16 name = data.readString16();
1487 void* out = NULL;
1488 size_t outSize = 0;
1489 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1490 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1491 if (outSize > 0 && out != NULL) {
1492 reply->writeInt32(outSize);
1493 void* buf = reply->writeInplace(outSize);
1494 memcpy(buf, out, outSize);
1495 free(out);
1496 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1497 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1498 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1499 reply->writeInt32(ret);
1500 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1501 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1502 case GRANT: {
1503 CHECK_INTERFACE(IKeystoreService, data, reply);
1504 String16 name = data.readString16();
1505 int32_t granteeUid = data.readInt32();
1506 int32_t ret = grant(name, granteeUid);
1507 reply->writeNoException();
1508 reply->writeInt32(ret);
1509 return NO_ERROR;
1510 } break;
1511 case UNGRANT: {
1512 CHECK_INTERFACE(IKeystoreService, data, reply);
1513 String16 name = data.readString16();
1514 int32_t granteeUid = data.readInt32();
1515 int32_t ret = ungrant(name, granteeUid);
1516 reply->writeNoException();
1517 reply->writeInt32(ret);
1518 return NO_ERROR;
1519 } break;
1520 case GETMTIME: {
1521 CHECK_INTERFACE(IKeystoreService, data, reply);
1522 String16 name = data.readString16();
1523 int64_t ret = getmtime(name);
1524 reply->writeNoException();
1525 reply->writeInt64(ret);
1526 return NO_ERROR;
1527 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1528 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1529 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1530 String16 srcKey = data.readString16();
1531 int32_t srcUid = data.readInt32();
1532 String16 destKey = data.readString16();
1533 int32_t destUid = data.readInt32();
1534 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1535 reply->writeNoException();
1536 reply->writeInt32(ret);
1537 return NO_ERROR;
1538 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1539 case IS_HARDWARE_BACKED: {
1540 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1541 String16 keyType = data.readString16();
1542 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1543 reply->writeNoException();
1544 reply->writeInt32(ret);
1545 return NO_ERROR;
1546 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1547 case CLEAR_UID: {
1548 CHECK_INTERFACE(IKeystoreService, data, reply);
1549 int64_t uid = data.readInt64();
1550 int32_t ret = clear_uid(uid);
1551 reply->writeNoException();
1552 reply->writeInt32(ret);
1553 return NO_ERROR;
1554 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1555 case ADD_RNG_ENTROPY: {
1556 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1557 const uint8_t* bytes = NULL;
1558 size_t size = 0;
1559 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1560 int32_t ret = addRngEntropy(bytes, size);
1561 reply->writeNoException();
1562 reply->writeInt32(ret);
1563 return NO_ERROR;
1564 }
1565 case GENERATE_KEY: {
1566 CHECK_INTERFACE(IKeystoreService, data, reply);
1567 String16 name = data.readString16();
1568 KeymasterArguments args;
1569 if (data.readInt32() != 0) {
1570 args.readFromParcel(data);
1571 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1572 const uint8_t* entropy = NULL;
1573 size_t entropyLength = 0;
1574 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1575 int32_t uid = data.readInt32();
1576 int32_t flags = data.readInt32();
1577 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1578 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1579 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1580 reply->writeNoException();
1581 reply->writeInt32(ret);
1582 reply->writeInt32(1);
1583 outCharacteristics.writeToParcel(reply);
1584 return NO_ERROR;
1585 }
1586 case GET_KEY_CHARACTERISTICS: {
1587 CHECK_INTERFACE(IKeystoreService, data, reply);
1588 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1589 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1590 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1591 KeyCharacteristics outCharacteristics;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1592 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(),
1593 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1594 reply->writeNoException();
1595 reply->writeInt32(ret);
1596 reply->writeInt32(1);
1597 outCharacteristics.writeToParcel(reply);
1598 return NO_ERROR;
1599 }
1600 case IMPORT_KEY: {
1601 CHECK_INTERFACE(IKeystoreService, data, reply);
1602 String16 name = data.readString16();
1603 KeymasterArguments args;
1604 if (data.readInt32() != 0) {
1605 args.readFromParcel(data);
1606 }
1607 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1608 const uint8_t* keyData = NULL;
1609 size_t keyLength = 0;
1610 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1611 int32_t uid = data.readInt32();
1612 int32_t flags = data.readInt32();
1613 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1614 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1615 &outCharacteristics);
1616 reply->writeNoException();
1617 reply->writeInt32(ret);
1618 reply->writeInt32(1);
1619 outCharacteristics.writeToParcel(reply);
1620
1621 return NO_ERROR;
1622 }
1623 case EXPORT_KEY: {
1624 CHECK_INTERFACE(IKeystoreService, data, reply);
1625 String16 name = data.readString16();
1626 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1627 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1628 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1629 ExportResult result;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1630 exportKey(name, format, clientId.get(), appData.get(), &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1631 reply->writeNoException();
1632 reply->writeInt32(1);
1633 result.writeToParcel(reply);
1634
1635 return NO_ERROR;
1636 }
1637 case BEGIN: {
1638 CHECK_INTERFACE(IKeystoreService, data, reply);
1639 sp<IBinder> token = data.readStrongBinder();
1640 String16 name = data.readString16();
1641 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1642 bool pruneable = data.readInt32() != 0;
1643 KeymasterArguments args;
1644 if (data.readInt32() != 0) {
1645 args.readFromParcel(data);
1646 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1647 const uint8_t* entropy = NULL;
1648 size_t entropyLength = 0;
1649 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1650 OperationResult result;
Chad Brubaker773a2ba2015-06-01 12:59:00 -0700[diff] [blame^]1651 begin(token, name, purpose, pruneable, args, entropy, entropyLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1652 reply->writeNoException();
1653 reply->writeInt32(1);
1654 result.writeToParcel(reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1655
1656 return NO_ERROR;
1657 }
1658 case UPDATE: {
1659 CHECK_INTERFACE(IKeystoreService, data, reply);
1660 sp<IBinder> token = data.readStrongBinder();
1661 KeymasterArguments args;
1662 if (data.readInt32() != 0) {
1663 args.readFromParcel(data);
1664 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1665 const uint8_t* buf = NULL;
1666 size_t bufLength = 0;
1667 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1668 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1669 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1670 reply->writeNoException();
1671 reply->writeInt32(1);
1672 result.writeToParcel(reply);
1673
1674 return NO_ERROR;
1675 }
1676 case FINISH: {
1677 CHECK_INTERFACE(IKeystoreService, data, reply);
1678 sp<IBinder> token = data.readStrongBinder();
1679 KeymasterArguments args;
1680 if (data.readInt32() != 0) {
1681 args.readFromParcel(data);
1682 }
Chad Brubaker8cfb8ac2015-05-29 12:30:19 -0700[diff] [blame]1683 const uint8_t* signature = NULL;
1684 size_t signatureLength = 0;
1685 readByteArray(data, &signature, &signatureLength);
1686 const uint8_t* entropy = NULL;
1687 size_t entropyLength = 0;
1688 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1689 OperationResult result;
Chad Brubaker8cfb8ac2015-05-29 12:30:19 -0700[diff] [blame]1690 finish(token, args, signature, signatureLength, entropy, entropyLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1691 reply->writeNoException();
1692 reply->writeInt32(1);
1693 result.writeToParcel(reply);
1694
1695 return NO_ERROR;
1696 }
1697 case ABORT: {
1698 CHECK_INTERFACE(IKeystoreService, data, reply);
1699 sp<IBinder> token = data.readStrongBinder();
1700 int32_t result = abort(token);
1701 reply->writeNoException();
1702 reply->writeInt32(result);
1703
1704 return NO_ERROR;
1705 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1706 case IS_OPERATION_AUTHORIZED: {
1707 CHECK_INTERFACE(IKeystoreService, data, reply);
1708 sp<IBinder> token = data.readStrongBinder();
1709 bool result = isOperationAuthorized(token);
1710 reply->writeNoException();
1711 reply->writeInt32(result ? 1 : 0);
1712
1713 return NO_ERROR;
1714 }
1715 case ADD_AUTH_TOKEN: {
1716 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1717 const uint8_t* token_bytes = NULL;
1718 size_t size = 0;
1719 readByteArray(data, &token_bytes, &size);
1720 int32_t result = addAuthToken(token_bytes, size);
1721 reply->writeNoException();
1722 reply->writeInt32(result);
1723
1724 return NO_ERROR;
1725 }
Chad Brubakerfd777e72015-05-12 10:43:10 -0700[diff] [blame]1726 case ON_USER_ADDED: {
1727 CHECK_INTERFACE(IKeystoreService, data, reply);
1728 int32_t userId = data.readInt32();
1729 int32_t parentId = data.readInt32();
1730 int32_t result = onUserAdded(userId, parentId);
1731 reply->writeNoException();
1732 reply->writeInt32(result);
1733
1734 return NO_ERROR;
1735 }
1736 case ON_USER_REMOVED: {
1737 CHECK_INTERFACE(IKeystoreService, data, reply);
1738 int32_t userId = data.readInt32();
1739 int32_t result = onUserRemoved(userId);
1740 reply->writeNoException();
1741 reply->writeInt32(result);
1742
1743 return NO_ERROR;
1744 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1745 default:
1746 return BBinder::onTransact(code, data, reply, flags);
1747 }
1748}
1749
1750// ----------------------------------------------------------------------------
1751
1752}; // namespace android