Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 9443616391a705856b2cad026afb69dc23a346e9 / . / keystore / IKeystoreService.cpp
blob: bd740022d300112357f6b236ca7b4eb2af081d01 [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]33static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
34
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]35KeystoreArg::KeystoreArg(const void* data, size_t len)
36 : mData(data), mSize(len) {
37}
38
39KeystoreArg::~KeystoreArg() {
40}
41
42const void *KeystoreArg::data() const {
43 return mData;
44}
45
46size_t KeystoreArg::size() const {
47 return mSize;
48}
49
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]50OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]51 data(NULL), dataLength(0) {
52}
53
54OperationResult::~OperationResult() {
55}
56
57void OperationResult::readFromParcel(const Parcel& in) {
58 resultCode = in.readInt32();
59 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]60 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]61 inputConsumed = in.readInt32();
62 ssize_t length = in.readInt32();
63 dataLength = 0;
64 if (length > 0) {
65 const void* buf = in.readInplace(length);
66 if (buf) {
67 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
68 if (data.get()) {
69 memcpy(data.get(), buf, length);
70 dataLength = (size_t) length;
71 } else {
72 ALOGE("Failed to allocate OperationResult buffer");
73 }
74 } else {
75 ALOGE("Failed to readInplace OperationResult data");
76 }
77 }
78}
79
80void OperationResult::writeToParcel(Parcel* out) const {
81 out->writeInt32(resultCode);
82 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]83 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]84 out->writeInt32(inputConsumed);
85 out->writeInt32(dataLength);
86 if (dataLength && data) {
87 void* buf = out->writeInplace(dataLength);
88 if (buf) {
89 memcpy(buf, data.get(), dataLength);
90 } else {
91 ALOGE("Failed to writeInplace OperationResult data.");
92 }
93 }
94}
95
96ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
97}
98
99ExportResult::~ExportResult() {
100}
101
102void ExportResult::readFromParcel(const Parcel& in) {
103 resultCode = in.readInt32();
104 ssize_t length = in.readInt32();
105 dataLength = 0;
106 if (length > 0) {
107 const void* buf = in.readInplace(length);
108 if (buf) {
109 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
110 if (exportData.get()) {
111 memcpy(exportData.get(), buf, length);
112 dataLength = (size_t) length;
113 } else {
114 ALOGE("Failed to allocate ExportData buffer");
115 }
116 } else {
117 ALOGE("Failed to readInplace ExportData data");
118 }
119 }
120}
121
122void ExportResult::writeToParcel(Parcel* out) const {
123 out->writeInt32(resultCode);
124 out->writeInt32(dataLength);
125 if (exportData && dataLength) {
126 void* buf = out->writeInplace(dataLength);
127 if (buf) {
128 memcpy(buf, exportData.get(), dataLength);
129 } else {
130 ALOGE("Failed to writeInplace ExportResult data.");
131 }
132 }
133}
134
135KeymasterArguments::KeymasterArguments() {
136}
137
138KeymasterArguments::~KeymasterArguments() {
139 keymaster_free_param_values(params.data(), params.size());
140}
141
142void KeymasterArguments::readFromParcel(const Parcel& in) {
143 ssize_t length = in.readInt32();
144 size_t ulength = (size_t) length;
145 if (length < 0) {
146 ulength = 0;
147 }
148 keymaster_free_param_values(params.data(), params.size());
149 params.clear();
150 for(size_t i = 0; i < ulength; i++) {
151 keymaster_key_param_t param;
152 if (!readKeymasterArgumentFromParcel(in, &param)) {
153 ALOGE("Error reading keymaster argument from parcel");
154 break;
155 }
156 params.push_back(param);
157 }
158}
159
160void KeymasterArguments::writeToParcel(Parcel* out) const {
161 out->writeInt32(params.size());
162 for (auto param : params) {
163 out->writeInt32(1);
164 writeKeymasterArgumentToParcel(param, out);
165 }
166}
167
168KeyCharacteristics::KeyCharacteristics() {
169 memset((void*) &characteristics, 0, sizeof(characteristics));
170}
171
172KeyCharacteristics::~KeyCharacteristics() {
173 keymaster_free_characteristics(&characteristics);
174}
175
176void KeyCharacteristics::readFromParcel(const Parcel& in) {
177 size_t length = 0;
178 keymaster_key_param_t* params = readParamList(in, &length);
179 characteristics.sw_enforced.params = params;
180 characteristics.sw_enforced.length = length;
181
182 params = readParamList(in, &length);
183 characteristics.hw_enforced.params = params;
184 characteristics.hw_enforced.length = length;
185}
186
187void KeyCharacteristics::writeToParcel(Parcel* out) const {
188 if (characteristics.sw_enforced.params) {
189 out->writeInt32(characteristics.sw_enforced.length);
190 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
191 out->writeInt32(1);
192 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
193 }
194 } else {
195 out->writeInt32(0);
196 }
197 if (characteristics.hw_enforced.params) {
198 out->writeInt32(characteristics.hw_enforced.length);
199 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
200 out->writeInt32(1);
201 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
202 }
203 } else {
204 out->writeInt32(0);
205 }
206}
207
208void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
209 switch (keymaster_tag_get_type(param.tag)) {
210 case KM_ENUM:
211 case KM_ENUM_REP: {
212 out->writeInt32(param.tag);
213 out->writeInt32(param.enumerated);
214 break;
215 }
216 case KM_INT:
217 case KM_INT_REP: {
218 out->writeInt32(param.tag);
219 out->writeInt32(param.integer);
220 break;
221 }
Chad Brubaker686db062015-04-16 14:21:10 -0700[diff] [blame]222 case KM_LONG:
223 case KM_LONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]224 out->writeInt32(param.tag);
225 out->writeInt64(param.long_integer);
226 break;
227 }
228 case KM_DATE: {
229 out->writeInt32(param.tag);
230 out->writeInt64(param.date_time);
231 break;
232 }
233 case KM_BOOL: {
234 out->writeInt32(param.tag);
235 break;
236 }
237 case KM_BIGNUM:
238 case KM_BYTES: {
239 out->writeInt32(param.tag);
240 out->writeInt32(param.blob.data_length);
241 void* buf = out->writeInplace(param.blob.data_length);
242 if (buf) {
243 memcpy(buf, param.blob.data, param.blob.data_length);
244 } else {
245 ALOGE("Failed to writeInplace keymaster blob param");
246 }
247 break;
248 }
249 default: {
250 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
251 }
252 }
253}
254
255
256bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
257 if (in.readInt32() == 0) {
258 return false;
259 }
260 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
261 switch (keymaster_tag_get_type(tag)) {
262 case KM_ENUM:
263 case KM_ENUM_REP: {
264 uint32_t value = in.readInt32();
265 *out = keymaster_param_enum(tag, value);
266 break;
267 }
268 case KM_INT:
269 case KM_INT_REP: {
270 uint32_t value = in.readInt32();
271 *out = keymaster_param_int(tag, value);
272 break;
273 }
Chad Brubaker686db062015-04-16 14:21:10 -0700[diff] [blame]274 case KM_LONG:
275 case KM_LONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]276 uint64_t value = in.readInt64();
277 *out = keymaster_param_long(tag, value);
278 break;
279 }
280 case KM_DATE: {
281 uint64_t value = in.readInt64();
282 *out = keymaster_param_date(tag, value);
283 break;
284 }
285 case KM_BOOL: {
286 *out = keymaster_param_bool(tag);
287 break;
288 }
289 case KM_BIGNUM:
290 case KM_BYTES: {
291 ssize_t length = in.readInt32();
292 uint8_t* data = NULL;
293 size_t ulength = 0;
294 if (length >= 0) {
295 ulength = (size_t) length;
296 // use malloc here so we can use keymaster_free_param_values
297 // consistently.
298 data = reinterpret_cast<uint8_t*>(malloc(ulength));
299 const void* buf = in.readInplace(ulength);
300 if (!buf || !data) {
301 ALOGE("Failed to allocate buffer for keymaster blob param");
302 return false;
303 }
304 memcpy(data, buf, ulength);
305 }
306 *out = keymaster_param_blob(tag, data, ulength);
307 break;
308 }
309 default: {
310 ALOGE("Unsupported keymaster_tag_t %d", tag);
311 return false;
312 }
313 }
314 return true;
315}
316
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]317/**
318 * Read a byte array from in. The data at *data is still owned by the parcel
319 */
320static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
321 ssize_t slength = in.readInt32();
322 if (slength > 0) {
323 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
324 if (*data) {
325 *length = static_cast<size_t>(slength);
326 } else {
327 *length = 0;
328 }
329 } else {
330 *data = NULL;
331 *length = 0;
332 }
333}
334
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]335// Read a keymaster_key_param_t* from a Parcel for use in a
336// keymaster_key_characteristics_t. This will be free'd by calling
337// keymaster_free_key_characteristics.
338static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
339 ssize_t slength = in.readInt32();
340 *length = 0;
341 if (slength < 0) {
342 return NULL;
343 }
344 *length = (size_t) slength;
345 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
346 return NULL;
347 }
348 keymaster_key_param_t* list =
349 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
350 sizeof(keymaster_key_param_t)));
351 if (!list) {
352 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
353 goto err;
354 }
355 for (size_t i = 0; i < *length ; i++) {
356 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
357 ALOGE("Failed to read keymaster argument");
358 keymaster_free_param_values(list, i);
359 goto err;
360 }
361 }
362 return list;
363err:
364 free(list);
365 return NULL;
366}
367
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]368static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
369 std::unique_ptr<keymaster_blob_t> blob;
370 if (in.readInt32() != 1) {
371 blob.reset(NULL);
372 return blob;
373 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]374 ssize_t length = in.readInt32();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]375 blob.reset(new keymaster_blob_t);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]376 if (length > 0) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]377 blob->data = reinterpret_cast<const uint8_t*>(in.readInplace(length));
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]378 if (blob->data) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]379 blob->data_length = static_cast<size_t>(length);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]380 } else {
381 blob->data_length = 0;
382 }
383 } else {
384 blob->data = NULL;
385 blob->data_length = 0;
386 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]387 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]388}
389
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]390class BpKeystoreService: public BpInterface<IKeystoreService>
391{
392public:
393 BpKeystoreService(const sp<IBinder>& impl)
394 : BpInterface<IKeystoreService>(impl)
395 {
396 }
397
398 // test ping
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]399 virtual int32_t getState(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]400 {
401 Parcel data, reply;
402 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]403 data.writeInt32(userId);
404 status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]405 if (status != NO_ERROR) {
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]406 ALOGD("getState() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]407 return -1;
408 }
409 int32_t err = reply.readExceptionCode();
410 int32_t ret = reply.readInt32();
411 if (err < 0) {
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]412 ALOGD("getState() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]413 return -1;
414 }
415 return ret;
416 }
417
418 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
419 {
420 Parcel data, reply;
421 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
422 data.writeString16(name);
423 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
424 if (status != NO_ERROR) {
425 ALOGD("get() could not contact remote: %d\n", status);
426 return -1;
427 }
428 int32_t err = reply.readExceptionCode();
429 ssize_t len = reply.readInt32();
430 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
431 size_t ulen = (size_t) len;
432 const void* buf = reply.readInplace(ulen);
433 *item = (uint8_t*) malloc(ulen);
434 if (*item != NULL) {
435 memcpy(*item, buf, ulen);
436 *itemLength = ulen;
437 } else {
438 ALOGE("out of memory allocating output array in get");
439 *itemLength = 0;
440 }
441 } else {
442 *itemLength = 0;
443 }
444 if (err < 0) {
445 ALOGD("get() caught exception %d\n", err);
446 return -1;
447 }
448 return 0;
449 }
450
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]451 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
452 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]453 {
454 Parcel data, reply;
455 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
456 data.writeString16(name);
457 data.writeInt32(itemLength);
458 void* buf = data.writeInplace(itemLength);
459 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]460 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]461 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]462 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
463 if (status != NO_ERROR) {
464 ALOGD("import() could not contact remote: %d\n", status);
465 return -1;
466 }
467 int32_t err = reply.readExceptionCode();
468 int32_t ret = reply.readInt32();
469 if (err < 0) {
470 ALOGD("import() caught exception %d\n", err);
471 return -1;
472 }
473 return ret;
474 }
475
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]476 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]477 {
478 Parcel data, reply;
479 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
480 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]481 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]482 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
483 if (status != NO_ERROR) {
484 ALOGD("del() could not contact remote: %d\n", status);
485 return -1;
486 }
487 int32_t err = reply.readExceptionCode();
488 int32_t ret = reply.readInt32();
489 if (err < 0) {
490 ALOGD("del() caught exception %d\n", err);
491 return -1;
492 }
493 return ret;
494 }
495
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]496 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]497 {
498 Parcel data, reply;
499 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
500 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]501 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]502 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
503 if (status != NO_ERROR) {
504 ALOGD("exist() could not contact remote: %d\n", status);
505 return -1;
506 }
507 int32_t err = reply.readExceptionCode();
508 int32_t ret = reply.readInt32();
509 if (err < 0) {
510 ALOGD("exist() caught exception %d\n", err);
511 return -1;
512 }
513 return ret;
514 }
515
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]516 virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]517 {
518 Parcel data, reply;
519 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]520 data.writeString16(prefix);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]521 data.writeInt32(uid);
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]522 status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]523 if (status != NO_ERROR) {
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]524 ALOGD("list() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]525 return -1;
526 }
527 int32_t err = reply.readExceptionCode();
528 int32_t numMatches = reply.readInt32();
529 for (int32_t i = 0; i < numMatches; i++) {
530 matches->push(reply.readString16());
531 }
532 int32_t ret = reply.readInt32();
533 if (err < 0) {
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]534 ALOGD("list() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]535 return -1;
536 }
537 return ret;
538 }
539
540 virtual int32_t reset()
541 {
542 Parcel data, reply;
543 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
544 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
545 if (status != NO_ERROR) {
546 ALOGD("reset() could not contact remote: %d\n", status);
547 return -1;
548 }
549 int32_t err = reply.readExceptionCode();
550 int32_t ret = reply.readInt32();
551 if (err < 0) {
552 ALOGD("reset() caught exception %d\n", err);
553 return -1;
554 }
555 return ret;
556 }
557
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]558 virtual int32_t onUserPasswordChanged(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]559 {
560 Parcel data, reply;
561 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]562 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]563 data.writeString16(password);
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]564 status_t status = remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data,
565 &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]566 if (status != NO_ERROR) {
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]567 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]568 return -1;
569 }
570 int32_t err = reply.readExceptionCode();
571 int32_t ret = reply.readInt32();
572 if (err < 0) {
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]573 ALOGD("onUserPasswordChanged() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]574 return -1;
575 }
576 return ret;
577 }
578
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]579 virtual int32_t lock(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]580 {
581 Parcel data, reply;
582 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]583 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]584 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
585 if (status != NO_ERROR) {
586 ALOGD("lock() could not contact remote: %d\n", status);
587 return -1;
588 }
589 int32_t err = reply.readExceptionCode();
590 int32_t ret = reply.readInt32();
591 if (err < 0) {
592 ALOGD("lock() caught exception %d\n", err);
593 return -1;
594 }
595 return ret;
596 }
597
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]598 virtual int32_t unlock(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]599 {
600 Parcel data, reply;
601 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]602 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]603 data.writeString16(password);
604 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
605 if (status != NO_ERROR) {
606 ALOGD("unlock() could not contact remote: %d\n", status);
607 return -1;
608 }
609 int32_t err = reply.readExceptionCode();
610 int32_t ret = reply.readInt32();
611 if (err < 0) {
612 ALOGD("unlock() caught exception %d\n", err);
613 return -1;
614 }
615 return ret;
616 }
617
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]618 virtual bool isEmpty(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]619 {
620 Parcel data, reply;
621 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]622 data.writeInt32(userId);
623 status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]624 if (status != NO_ERROR) {
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]625 ALOGD("isEmpty() could not contact remote: %d\n", status);
626 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]627 }
628 int32_t err = reply.readExceptionCode();
629 int32_t ret = reply.readInt32();
630 if (err < 0) {
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]631 ALOGD("isEmpty() caught exception %d\n", err);
632 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]633 }
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]634 return ret != 0;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]635 }
636
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]637 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
638 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]639 {
640 Parcel data, reply;
641 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
642 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]643 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]644 data.writeInt32(keyType);
645 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]646 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]647 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]648 data.writeInt32(args->size());
649 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
650 sp<KeystoreArg> item = *it;
651 size_t keyLength = item->size();
652 data.writeInt32(keyLength);
653 void* buf = data.writeInplace(keyLength);
654 memcpy(buf, item->data(), keyLength);
655 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]656 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
657 if (status != NO_ERROR) {
658 ALOGD("generate() could not contact remote: %d\n", status);
659 return -1;
660 }
661 int32_t err = reply.readExceptionCode();
662 int32_t ret = reply.readInt32();
663 if (err < 0) {
664 ALOGD("generate() caught exception %d\n", err);
665 return -1;
666 }
667 return ret;
668 }
669
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]670 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
671 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]672 {
673 Parcel data, reply;
674 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
675 data.writeString16(name);
676 data.writeInt32(keyLength);
677 void* buf = data.writeInplace(keyLength);
678 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]679 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]680 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]681 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
682 if (status != NO_ERROR) {
683 ALOGD("import() could not contact remote: %d\n", status);
684 return -1;
685 }
686 int32_t err = reply.readExceptionCode();
687 int32_t ret = reply.readInt32();
688 if (err < 0) {
689 ALOGD("import() caught exception %d\n", err);
690 return -1;
691 }
692 return ret;
693 }
694
695 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
696 size_t* outLength)
697 {
698 Parcel data, reply;
699 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
700 data.writeString16(name);
701 data.writeInt32(inLength);
702 void* buf = data.writeInplace(inLength);
703 memcpy(buf, in, inLength);
704 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
705 if (status != NO_ERROR) {
706 ALOGD("import() could not contact remote: %d\n", status);
707 return -1;
708 }
709 int32_t err = reply.readExceptionCode();
710 ssize_t len = reply.readInt32();
711 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
712 size_t ulen = (size_t) len;
713 const void* outBuf = reply.readInplace(ulen);
714 *out = (uint8_t*) malloc(ulen);
715 if (*out != NULL) {
716 memcpy((void*) *out, outBuf, ulen);
717 *outLength = ulen;
718 } else {
719 ALOGE("out of memory allocating output array in sign");
720 *outLength = 0;
721 }
722 } else {
723 *outLength = 0;
724 }
725 if (err < 0) {
726 ALOGD("import() caught exception %d\n", err);
727 return -1;
728 }
729 return 0;
730 }
731
732 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
733 const uint8_t* signature, size_t signatureLength)
734 {
735 Parcel data, reply;
736 void* buf;
737
738 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
739 data.writeString16(name);
740 data.writeInt32(inLength);
741 buf = data.writeInplace(inLength);
742 memcpy(buf, in, inLength);
743 data.writeInt32(signatureLength);
744 buf = data.writeInplace(signatureLength);
745 memcpy(buf, signature, signatureLength);
746 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
747 if (status != NO_ERROR) {
748 ALOGD("verify() could not contact remote: %d\n", status);
749 return -1;
750 }
751 int32_t err = reply.readExceptionCode();
752 int32_t ret = reply.readInt32();
753 if (err < 0) {
754 ALOGD("verify() caught exception %d\n", err);
755 return -1;
756 }
757 return ret;
758 }
759
760 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
761 {
762 Parcel data, reply;
763 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
764 data.writeString16(name);
765 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
766 if (status != NO_ERROR) {
767 ALOGD("get_pubkey() could not contact remote: %d\n", status);
768 return -1;
769 }
770 int32_t err = reply.readExceptionCode();
771 ssize_t len = reply.readInt32();
772 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
773 size_t ulen = (size_t) len;
774 const void* buf = reply.readInplace(ulen);
775 *pubkey = (uint8_t*) malloc(ulen);
776 if (*pubkey != NULL) {
777 memcpy(*pubkey, buf, ulen);
778 *pubkeyLength = ulen;
779 } else {
780 ALOGE("out of memory allocating output array in get_pubkey");
781 *pubkeyLength = 0;
782 }
783 } else {
784 *pubkeyLength = 0;
785 }
786 if (err < 0) {
787 ALOGD("get_pubkey() caught exception %d\n", err);
788 return -1;
789 }
790 return 0;
791 }
792
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]793 virtual int32_t grant(const String16& name, int32_t granteeUid)
794 {
795 Parcel data, reply;
796 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
797 data.writeString16(name);
798 data.writeInt32(granteeUid);
799 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
800 if (status != NO_ERROR) {
801 ALOGD("grant() could not contact remote: %d\n", status);
802 return -1;
803 }
804 int32_t err = reply.readExceptionCode();
805 int32_t ret = reply.readInt32();
806 if (err < 0) {
807 ALOGD("grant() caught exception %d\n", err);
808 return -1;
809 }
810 return ret;
811 }
812
813 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
814 {
815 Parcel data, reply;
816 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
817 data.writeString16(name);
818 data.writeInt32(granteeUid);
819 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
820 if (status != NO_ERROR) {
821 ALOGD("ungrant() could not contact remote: %d\n", status);
822 return -1;
823 }
824 int32_t err = reply.readExceptionCode();
825 int32_t ret = reply.readInt32();
826 if (err < 0) {
827 ALOGD("ungrant() caught exception %d\n", err);
828 return -1;
829 }
830 return ret;
831 }
832
833 int64_t getmtime(const String16& name)
834 {
835 Parcel data, reply;
836 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
837 data.writeString16(name);
838 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
839 if (status != NO_ERROR) {
840 ALOGD("getmtime() could not contact remote: %d\n", status);
841 return -1;
842 }
843 int32_t err = reply.readExceptionCode();
844 int64_t ret = reply.readInt64();
845 if (err < 0) {
846 ALOGD("getmtime() caught exception %d\n", err);
847 return -1;
848 }
849 return ret;
850 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]851
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]852 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
853 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]854 {
855 Parcel data, reply;
856 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]857 data.writeString16(srcKey);
858 data.writeInt32(srcUid);
859 data.writeString16(destKey);
860 data.writeInt32(destUid);
861 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]862 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]863 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]864 return -1;
865 }
866 int32_t err = reply.readExceptionCode();
867 int32_t ret = reply.readInt32();
868 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]869 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]870 return -1;
871 }
872 return ret;
873 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]874
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]875 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]876 {
877 Parcel data, reply;
878 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]879 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]880 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
881 if (status != NO_ERROR) {
882 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
883 return -1;
884 }
885 int32_t err = reply.readExceptionCode();
886 int32_t ret = reply.readInt32();
887 if (err < 0) {
888 ALOGD("is_hardware_backed() caught exception %d\n", err);
889 return -1;
890 }
891 return ret;
892 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]893
894 virtual int32_t clear_uid(int64_t uid)
895 {
896 Parcel data, reply;
897 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
898 data.writeInt64(uid);
899 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
900 if (status != NO_ERROR) {
901 ALOGD("clear_uid() could not contact remote: %d\n", status);
902 return -1;
903 }
904 int32_t err = reply.readExceptionCode();
905 int32_t ret = reply.readInt32();
906 if (err < 0) {
907 ALOGD("clear_uid() caught exception %d\n", err);
908 return -1;
909 }
910 return ret;
911 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]912
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]913 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
914 {
915 Parcel data, reply;
916 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]917 data.writeByteArray(bufLength, buf);
918 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
919 if (status != NO_ERROR) {
920 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
921 return -1;
922 }
923 int32_t err = reply.readExceptionCode();
924 int32_t ret = reply.readInt32();
925 if (err < 0) {
926 ALOGD("addRngEntropy() caught exception %d\n", err);
927 return -1;
928 }
929 return ret;
930 };
931
932 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]933 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
934 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]935 {
936 Parcel data, reply;
937 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
938 data.writeString16(name);
939 data.writeInt32(1);
940 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]941 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]942 data.writeInt32(uid);
943 data.writeInt32(flags);
944 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
945 if (status != NO_ERROR) {
946 ALOGD("generateKey() could not contact remote: %d\n", status);
947 return KM_ERROR_UNKNOWN_ERROR;
948 }
949 int32_t err = reply.readExceptionCode();
950 int32_t ret = reply.readInt32();
951 if (err < 0) {
952 ALOGD("generateKey() caught exception %d\n", err);
953 return KM_ERROR_UNKNOWN_ERROR;
954 }
955 if (reply.readInt32() != 0 && outCharacteristics) {
956 outCharacteristics->readFromParcel(reply);
957 }
958 return ret;
959 }
960 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]961 const keymaster_blob_t* clientId,
962 const keymaster_blob_t* appData,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]963 KeyCharacteristics* outCharacteristics)
964 {
965 Parcel data, reply;
966 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
967 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]968 if (clientId) {
969 data.writeByteArray(clientId->data_length, clientId->data);
970 } else {
971 data.writeInt32(-1);
972 }
973 if (appData) {
974 data.writeByteArray(appData->data_length, appData->data);
975 } else {
976 data.writeInt32(-1);
977 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]978 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
979 data, &reply);
980 if (status != NO_ERROR) {
981 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
982 return KM_ERROR_UNKNOWN_ERROR;
983 }
984 int32_t err = reply.readExceptionCode();
985 int32_t ret = reply.readInt32();
986 if (err < 0) {
987 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
988 return KM_ERROR_UNKNOWN_ERROR;
989 }
990 if (reply.readInt32() != 0 && outCharacteristics) {
991 outCharacteristics->readFromParcel(reply);
992 }
993 return ret;
994 }
995 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
996 keymaster_key_format_t format, const uint8_t *keyData,
997 size_t keyLength, int uid, int flags,
998 KeyCharacteristics* outCharacteristics)
999 {
1000 Parcel data, reply;
1001 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1002 data.writeString16(name);
1003 data.writeInt32(1);
1004 params.writeToParcel(&data);
1005 data.writeInt32(format);
1006 data.writeByteArray(keyLength, keyData);
1007 data.writeInt32(uid);
1008 data.writeInt32(flags);
1009 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1010 if (status != NO_ERROR) {
1011 ALOGD("importKey() could not contact remote: %d\n", status);
1012 return KM_ERROR_UNKNOWN_ERROR;
1013 }
1014 int32_t err = reply.readExceptionCode();
1015 int32_t ret = reply.readInt32();
1016 if (err < 0) {
1017 ALOGD("importKey() caught exception %d\n", err);
1018 return KM_ERROR_UNKNOWN_ERROR;
1019 }
1020 if (reply.readInt32() != 0 && outCharacteristics) {
1021 outCharacteristics->readFromParcel(reply);
1022 }
1023 return ret;
1024 }
1025
1026 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1027 const keymaster_blob_t* clientId,
1028 const keymaster_blob_t* appData, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1029 {
1030 if (!result) {
1031 return;
1032 }
1033
1034 Parcel data, reply;
1035 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1036 data.writeString16(name);
1037 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1038 if (clientId) {
1039 data.writeByteArray(clientId->data_length, clientId->data);
1040 } else {
1041 data.writeInt32(-1);
1042 }
1043 if (appData) {
1044 data.writeByteArray(appData->data_length, appData->data);
1045 } else {
1046 data.writeInt32(-1);
1047 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1048 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1049 if (status != NO_ERROR) {
1050 ALOGD("exportKey() could not contact remote: %d\n", status);
1051 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1052 return;
1053 }
1054 int32_t err = reply.readExceptionCode();
1055 if (err < 0) {
1056 ALOGD("exportKey() caught exception %d\n", err);
1057 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1058 return;
1059 }
1060 if (reply.readInt32() != 0) {
1061 result->readFromParcel(reply);
1062 }
1063 }
1064
1065 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1066 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1067 const KeymasterArguments& params, const uint8_t* entropy,
1068 size_t entropyLength, KeymasterArguments* outParams,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1069 OperationResult* result)
1070 {
1071 if (!result || !outParams) {
1072 return;
1073 }
1074 Parcel data, reply;
1075 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1076 data.writeStrongBinder(appToken);
1077 data.writeString16(name);
1078 data.writeInt32(purpose);
1079 data.writeInt32(pruneable ? 1 : 0);
1080 data.writeInt32(1);
1081 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1082 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1083 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1084 if (status != NO_ERROR) {
1085 ALOGD("begin() could not contact remote: %d\n", status);
1086 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1087 return;
1088 }
1089 int32_t err = reply.readExceptionCode();
1090 if (err < 0) {
1091 ALOGD("begin() caught exception %d\n", err);
1092 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1093 return;
1094 }
1095 if (reply.readInt32() != 0) {
1096 result->readFromParcel(reply);
1097 }
1098 if (reply.readInt32() != 0) {
1099 outParams->readFromParcel(reply);
1100 }
1101 }
1102
1103 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1104 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1105 {
1106 if (!result) {
1107 return;
1108 }
1109 Parcel data, reply;
1110 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1111 data.writeStrongBinder(token);
1112 data.writeInt32(1);
1113 params.writeToParcel(&data);
1114 data.writeByteArray(dataLength, opData);
1115 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1116 if (status != NO_ERROR) {
1117 ALOGD("update() could not contact remote: %d\n", status);
1118 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1119 return;
1120 }
1121 int32_t err = reply.readExceptionCode();
1122 if (err < 0) {
1123 ALOGD("update() caught exception %d\n", err);
1124 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1125 return;
1126 }
1127 if (reply.readInt32() != 0) {
1128 result->readFromParcel(reply);
1129 }
1130 }
1131
1132 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1133 const uint8_t* signature, size_t signatureLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1134 {
1135 if (!result) {
1136 return;
1137 }
1138 Parcel data, reply;
1139 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1140 data.writeStrongBinder(token);
1141 data.writeInt32(1);
1142 params.writeToParcel(&data);
1143 data.writeByteArray(signatureLength, signature);
1144 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1145 if (status != NO_ERROR) {
1146 ALOGD("finish() could not contact remote: %d\n", status);
1147 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1148 return;
1149 }
1150 int32_t err = reply.readExceptionCode();
1151 if (err < 0) {
1152 ALOGD("finish() caught exception %d\n", err);
1153 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1154 return;
1155 }
1156 if (reply.readInt32() != 0) {
1157 result->readFromParcel(reply);
1158 }
1159 }
1160
1161 virtual int32_t abort(const sp<IBinder>& token)
1162 {
1163 Parcel data, reply;
1164 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1165 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1166 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1167 if (status != NO_ERROR) {
1168 ALOGD("abort() could not contact remote: %d\n", status);
1169 return KM_ERROR_UNKNOWN_ERROR;
1170 }
1171 int32_t err = reply.readExceptionCode();
1172 int32_t ret = reply.readInt32();
1173 if (err < 0) {
1174 ALOGD("abort() caught exception %d\n", err);
1175 return KM_ERROR_UNKNOWN_ERROR;
1176 }
1177 return ret;
1178 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1179
1180 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1181 {
1182 Parcel data, reply;
1183 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1184 data.writeStrongBinder(token);
1185 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1186 &reply);
1187 if (status != NO_ERROR) {
1188 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1189 return false;
1190 }
1191 int32_t err = reply.readExceptionCode();
1192 int32_t ret = reply.readInt32();
1193 if (err < 0) {
1194 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1195 return false;
1196 }
1197 return ret == 1;
1198 }
1199
1200 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1201 {
1202 Parcel data, reply;
1203 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1204 data.writeByteArray(length, token);
1205 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1206 if (status != NO_ERROR) {
1207 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1208 return -1;
1209 }
1210 int32_t err = reply.readExceptionCode();
1211 int32_t ret = reply.readInt32();
1212 if (err < 0) {
1213 ALOGD("addAuthToken() caught exception %d\n", err);
1214 return -1;
1215 }
1216 return ret;
1217 };
Chad Brubakerfd777e72015-05-12 10:43:10 -0700[diff] [blame]1218
1219 virtual int32_t onUserAdded(int32_t userId, int32_t parentId)
1220 {
1221 Parcel data, reply;
1222 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1223 data.writeInt32(userId);
1224 data.writeInt32(parentId);
1225 status_t status = remote()->transact(BnKeystoreService::ON_USER_ADDED, data, &reply);
1226 if (status != NO_ERROR) {
1227 ALOGD("onUserAdded() could not contact remote: %d\n", status);
1228 return -1;
1229 }
1230 int32_t err = reply.readExceptionCode();
1231 int32_t ret = reply.readInt32();
1232 if (err < 0) {
1233 ALOGD("onUserAdded() caught exception %d\n", err);
1234 return -1;
1235 }
1236 return ret;
1237 }
1238
1239 virtual int32_t onUserRemoved(int32_t userId)
1240 {
1241 Parcel data, reply;
1242 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1243 data.writeInt32(userId);
1244 status_t status = remote()->transact(BnKeystoreService::ON_USER_REMOVED, data, &reply);
1245 if (status != NO_ERROR) {
1246 ALOGD("onUserRemoved() could not contact remote: %d\n", status);
1247 return -1;
1248 }
1249 int32_t err = reply.readExceptionCode();
1250 int32_t ret = reply.readInt32();
1251 if (err < 0) {
1252 ALOGD("onUserRemoved() caught exception %d\n", err);
1253 return -1;
1254 }
1255 return ret;
1256 }
1257
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1258};
1259
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1260IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1261
1262// ----------------------------------------------------------------------
1263
1264status_t BnKeystoreService::onTransact(
1265 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1266{
1267 switch(code) {
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]1268 case GET_STATE: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1269 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]1270 int32_t userId = data.readInt32();
1271 int32_t ret = getState(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1272 reply->writeNoException();
1273 reply->writeInt32(ret);
1274 return NO_ERROR;
1275 } break;
1276 case GET: {
1277 CHECK_INTERFACE(IKeystoreService, data, reply);
1278 String16 name = data.readString16();
1279 void* out = NULL;
1280 size_t outSize = 0;
1281 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1282 reply->writeNoException();
1283 if (ret == 1) {
1284 reply->writeInt32(outSize);
1285 void* buf = reply->writeInplace(outSize);
1286 memcpy(buf, out, outSize);
1287 free(out);
1288 } else {
1289 reply->writeInt32(-1);
1290 }
1291 return NO_ERROR;
1292 } break;
1293 case INSERT: {
1294 CHECK_INTERFACE(IKeystoreService, data, reply);
1295 String16 name = data.readString16();
1296 ssize_t inSize = data.readInt32();
1297 const void* in;
1298 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1299 in = data.readInplace(inSize);
1300 } else {
1301 in = NULL;
1302 inSize = 0;
1303 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1304 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1305 int32_t flags = data.readInt32();
1306 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1307 reply->writeNoException();
1308 reply->writeInt32(ret);
1309 return NO_ERROR;
1310 } break;
1311 case DEL: {
1312 CHECK_INTERFACE(IKeystoreService, data, reply);
1313 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1314 int uid = data.readInt32();
1315 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1316 reply->writeNoException();
1317 reply->writeInt32(ret);
1318 return NO_ERROR;
1319 } break;
1320 case EXIST: {
1321 CHECK_INTERFACE(IKeystoreService, data, reply);
1322 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1323 int uid = data.readInt32();
1324 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1325 reply->writeNoException();
1326 reply->writeInt32(ret);
1327 return NO_ERROR;
1328 } break;
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]1329 case LIST: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1330 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]1331 String16 prefix = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1332 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1333 Vector<String16> matches;
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]1334 int32_t ret = list(prefix, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1335 reply->writeNoException();
1336 reply->writeInt32(matches.size());
1337 Vector<String16>::const_iterator it = matches.begin();
1338 for (; it != matches.end(); ++it) {
1339 reply->writeString16(*it);
1340 }
1341 reply->writeInt32(ret);
1342 return NO_ERROR;
1343 } break;
1344 case RESET: {
1345 CHECK_INTERFACE(IKeystoreService, data, reply);
1346 int32_t ret = reset();
1347 reply->writeNoException();
1348 reply->writeInt32(ret);
1349 return NO_ERROR;
1350 } break;
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1351 case ON_USER_PASSWORD_CHANGED: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1352 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1353 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1354 String16 pass = data.readString16();
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1355 int32_t ret = onUserPasswordChanged(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1356 reply->writeNoException();
1357 reply->writeInt32(ret);
1358 return NO_ERROR;
1359 } break;
1360 case LOCK: {
1361 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]1362 int32_t userId = data.readInt32();
1363 int32_t ret = lock(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1364 reply->writeNoException();
1365 reply->writeInt32(ret);
1366 return NO_ERROR;
1367 } break;
1368 case UNLOCK: {
1369 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1370 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1371 String16 pass = data.readString16();
Chad Brubakereecdd122015-05-07 10:19:40 -0700[diff] [blame]1372 int32_t ret = unlock(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1373 reply->writeNoException();
1374 reply->writeInt32(ret);
1375 return NO_ERROR;
1376 } break;
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]1377 case IS_EMPTY: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1378 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]1379 int32_t userId = data.readInt32();
1380 bool ret = isEmpty(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1381 reply->writeNoException();
Chad Brubaker94436162015-05-12 15:18:26 -0700[diff] [blame^]1382 reply->writeInt32(ret ? 1 : 0);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1383 return NO_ERROR;
1384 } break;
1385 case GENERATE: {
1386 CHECK_INTERFACE(IKeystoreService, data, reply);
1387 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1388 int32_t uid = data.readInt32();
1389 int32_t keyType = data.readInt32();
1390 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1391 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1392 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1393 int32_t argsPresent = data.readInt32();
1394 if (argsPresent == 1) {
1395 ssize_t numArgs = data.readInt32();
1396 if (numArgs > 0) {
1397 for (size_t i = 0; i < (size_t) numArgs; i++) {
1398 ssize_t inSize = data.readInt32();
1399 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1400 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1401 inSize);
1402 args.push_back(arg);
1403 } else {
1404 args.push_back(NULL);
1405 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1406 }
1407 }
1408 }
1409 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1410 reply->writeNoException();
1411 reply->writeInt32(ret);
1412 return NO_ERROR;
1413 } break;
1414 case IMPORT: {
1415 CHECK_INTERFACE(IKeystoreService, data, reply);
1416 String16 name = data.readString16();
1417 ssize_t inSize = data.readInt32();
1418 const void* in;
1419 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1420 in = data.readInplace(inSize);
1421 } else {
1422 in = NULL;
1423 inSize = 0;
1424 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1425 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1426 int32_t flags = data.readInt32();
1427 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1428 reply->writeNoException();
1429 reply->writeInt32(ret);
1430 return NO_ERROR;
1431 } break;
1432 case SIGN: {
1433 CHECK_INTERFACE(IKeystoreService, data, reply);
1434 String16 name = data.readString16();
1435 ssize_t inSize = data.readInt32();
1436 const void* in;
1437 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1438 in = data.readInplace(inSize);
1439 } else {
1440 in = NULL;
1441 inSize = 0;
1442 }
1443 void* out = NULL;
1444 size_t outSize = 0;
1445 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1446 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1447 if (outSize > 0 && out != NULL) {
1448 reply->writeInt32(outSize);
1449 void* buf = reply->writeInplace(outSize);
1450 memcpy(buf, out, outSize);
1451 free(out);
1452 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1453 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1454 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1455 reply->writeInt32(ret);
1456 return NO_ERROR;
1457 } break;
1458 case VERIFY: {
1459 CHECK_INTERFACE(IKeystoreService, data, reply);
1460 String16 name = data.readString16();
1461 ssize_t inSize = data.readInt32();
1462 const void* in;
1463 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1464 in = data.readInplace(inSize);
1465 } else {
1466 in = NULL;
1467 inSize = 0;
1468 }
1469 ssize_t sigSize = data.readInt32();
1470 const void* sig;
1471 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1472 sig = data.readInplace(sigSize);
1473 } else {
1474 sig = NULL;
1475 sigSize = 0;
1476 }
1477 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1478 (size_t) sigSize);
1479 reply->writeNoException();
1480 reply->writeInt32(ret ? 1 : 0);
1481 return NO_ERROR;
1482 } break;
1483 case GET_PUBKEY: {
1484 CHECK_INTERFACE(IKeystoreService, data, reply);
1485 String16 name = data.readString16();
1486 void* out = NULL;
1487 size_t outSize = 0;
1488 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1489 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1490 if (outSize > 0 && out != NULL) {
1491 reply->writeInt32(outSize);
1492 void* buf = reply->writeInplace(outSize);
1493 memcpy(buf, out, outSize);
1494 free(out);
1495 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1496 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1497 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1498 reply->writeInt32(ret);
1499 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1500 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1501 case GRANT: {
1502 CHECK_INTERFACE(IKeystoreService, data, reply);
1503 String16 name = data.readString16();
1504 int32_t granteeUid = data.readInt32();
1505 int32_t ret = grant(name, granteeUid);
1506 reply->writeNoException();
1507 reply->writeInt32(ret);
1508 return NO_ERROR;
1509 } break;
1510 case UNGRANT: {
1511 CHECK_INTERFACE(IKeystoreService, data, reply);
1512 String16 name = data.readString16();
1513 int32_t granteeUid = data.readInt32();
1514 int32_t ret = ungrant(name, granteeUid);
1515 reply->writeNoException();
1516 reply->writeInt32(ret);
1517 return NO_ERROR;
1518 } break;
1519 case GETMTIME: {
1520 CHECK_INTERFACE(IKeystoreService, data, reply);
1521 String16 name = data.readString16();
1522 int64_t ret = getmtime(name);
1523 reply->writeNoException();
1524 reply->writeInt64(ret);
1525 return NO_ERROR;
1526 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1527 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1528 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1529 String16 srcKey = data.readString16();
1530 int32_t srcUid = data.readInt32();
1531 String16 destKey = data.readString16();
1532 int32_t destUid = data.readInt32();
1533 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1534 reply->writeNoException();
1535 reply->writeInt32(ret);
1536 return NO_ERROR;
1537 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1538 case IS_HARDWARE_BACKED: {
1539 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1540 String16 keyType = data.readString16();
1541 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1542 reply->writeNoException();
1543 reply->writeInt32(ret);
1544 return NO_ERROR;
1545 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1546 case CLEAR_UID: {
1547 CHECK_INTERFACE(IKeystoreService, data, reply);
1548 int64_t uid = data.readInt64();
1549 int32_t ret = clear_uid(uid);
1550 reply->writeNoException();
1551 reply->writeInt32(ret);
1552 return NO_ERROR;
1553 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1554 case ADD_RNG_ENTROPY: {
1555 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1556 const uint8_t* bytes = NULL;
1557 size_t size = 0;
1558 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1559 int32_t ret = addRngEntropy(bytes, size);
1560 reply->writeNoException();
1561 reply->writeInt32(ret);
1562 return NO_ERROR;
1563 }
1564 case GENERATE_KEY: {
1565 CHECK_INTERFACE(IKeystoreService, data, reply);
1566 String16 name = data.readString16();
1567 KeymasterArguments args;
1568 if (data.readInt32() != 0) {
1569 args.readFromParcel(data);
1570 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1571 const uint8_t* entropy = NULL;
1572 size_t entropyLength = 0;
1573 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1574 int32_t uid = data.readInt32();
1575 int32_t flags = data.readInt32();
1576 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1577 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1578 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1579 reply->writeNoException();
1580 reply->writeInt32(ret);
1581 reply->writeInt32(1);
1582 outCharacteristics.writeToParcel(reply);
1583 return NO_ERROR;
1584 }
1585 case GET_KEY_CHARACTERISTICS: {
1586 CHECK_INTERFACE(IKeystoreService, data, reply);
1587 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1588 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1589 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1590 KeyCharacteristics outCharacteristics;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1591 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(),
1592 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1593 reply->writeNoException();
1594 reply->writeInt32(ret);
1595 reply->writeInt32(1);
1596 outCharacteristics.writeToParcel(reply);
1597 return NO_ERROR;
1598 }
1599 case IMPORT_KEY: {
1600 CHECK_INTERFACE(IKeystoreService, data, reply);
1601 String16 name = data.readString16();
1602 KeymasterArguments args;
1603 if (data.readInt32() != 0) {
1604 args.readFromParcel(data);
1605 }
1606 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1607 const uint8_t* keyData = NULL;
1608 size_t keyLength = 0;
1609 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1610 int32_t uid = data.readInt32();
1611 int32_t flags = data.readInt32();
1612 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1613 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1614 &outCharacteristics);
1615 reply->writeNoException();
1616 reply->writeInt32(ret);
1617 reply->writeInt32(1);
1618 outCharacteristics.writeToParcel(reply);
1619
1620 return NO_ERROR;
1621 }
1622 case EXPORT_KEY: {
1623 CHECK_INTERFACE(IKeystoreService, data, reply);
1624 String16 name = data.readString16();
1625 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1626 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1627 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1628 ExportResult result;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1629 exportKey(name, format, clientId.get(), appData.get(), &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1630 reply->writeNoException();
1631 reply->writeInt32(1);
1632 result.writeToParcel(reply);
1633
1634 return NO_ERROR;
1635 }
1636 case BEGIN: {
1637 CHECK_INTERFACE(IKeystoreService, data, reply);
1638 sp<IBinder> token = data.readStrongBinder();
1639 String16 name = data.readString16();
1640 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1641 bool pruneable = data.readInt32() != 0;
1642 KeymasterArguments args;
1643 if (data.readInt32() != 0) {
1644 args.readFromParcel(data);
1645 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1646 const uint8_t* entropy = NULL;
1647 size_t entropyLength = 0;
1648 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1649 KeymasterArguments outArgs;
1650 OperationResult result;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1651 begin(token, name, purpose, pruneable, args, entropy, entropyLength, &outArgs,
1652 &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1653 reply->writeNoException();
1654 reply->writeInt32(1);
1655 result.writeToParcel(reply);
1656 reply->writeInt32(1);
1657 outArgs.writeToParcel(reply);
1658
1659 return NO_ERROR;
1660 }
1661 case UPDATE: {
1662 CHECK_INTERFACE(IKeystoreService, data, reply);
1663 sp<IBinder> token = data.readStrongBinder();
1664 KeymasterArguments args;
1665 if (data.readInt32() != 0) {
1666 args.readFromParcel(data);
1667 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1668 const uint8_t* buf = NULL;
1669 size_t bufLength = 0;
1670 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1671 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1672 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1673 reply->writeNoException();
1674 reply->writeInt32(1);
1675 result.writeToParcel(reply);
1676
1677 return NO_ERROR;
1678 }
1679 case FINISH: {
1680 CHECK_INTERFACE(IKeystoreService, data, reply);
1681 sp<IBinder> token = data.readStrongBinder();
1682 KeymasterArguments args;
1683 if (data.readInt32() != 0) {
1684 args.readFromParcel(data);
1685 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1686 const uint8_t* buf = NULL;
1687 size_t bufLength = 0;
1688 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1689 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1690 finish(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1691 reply->writeNoException();
1692 reply->writeInt32(1);
1693 result.writeToParcel(reply);
1694
1695 return NO_ERROR;
1696 }
1697 case ABORT: {
1698 CHECK_INTERFACE(IKeystoreService, data, reply);
1699 sp<IBinder> token = data.readStrongBinder();
1700 int32_t result = abort(token);
1701 reply->writeNoException();
1702 reply->writeInt32(result);
1703
1704 return NO_ERROR;
1705 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1706 case IS_OPERATION_AUTHORIZED: {
1707 CHECK_INTERFACE(IKeystoreService, data, reply);
1708 sp<IBinder> token = data.readStrongBinder();
1709 bool result = isOperationAuthorized(token);
1710 reply->writeNoException();
1711 reply->writeInt32(result ? 1 : 0);
1712
1713 return NO_ERROR;
1714 }
1715 case ADD_AUTH_TOKEN: {
1716 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1717 const uint8_t* token_bytes = NULL;
1718 size_t size = 0;
1719 readByteArray(data, &token_bytes, &size);
1720 int32_t result = addAuthToken(token_bytes, size);
1721 reply->writeNoException();
1722 reply->writeInt32(result);
1723
1724 return NO_ERROR;
1725 }
Chad Brubakerfd777e72015-05-12 10:43:10 -0700[diff] [blame]1726 case ON_USER_ADDED: {
1727 CHECK_INTERFACE(IKeystoreService, data, reply);
1728 int32_t userId = data.readInt32();
1729 int32_t parentId = data.readInt32();
1730 int32_t result = onUserAdded(userId, parentId);
1731 reply->writeNoException();
1732 reply->writeInt32(result);
1733
1734 return NO_ERROR;
1735 }
1736 case ON_USER_REMOVED: {
1737 CHECK_INTERFACE(IKeystoreService, data, reply);
1738 int32_t userId = data.readInt32();
1739 int32_t result = onUserRemoved(userId);
1740 reply->writeNoException();
1741 reply->writeInt32(result);
1742
1743 return NO_ERROR;
1744 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1745 default:
1746 return BBinder::onTransact(code, data, reply, flags);
1747 }
1748}
1749
1750// ----------------------------------------------------------------------------
1751
1752}; // namespace android