Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 9ec9270dbb274060d008c49a61fb196a533f5191 / . / keystore / IKeystoreService.cpp
blob: 6507f796e9df2d40ce86b7d340d69c4fa02393b3 [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]33const ssize_t MAX_GENERATE_ARGS = 3;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]34static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]35
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]36KeystoreArg::KeystoreArg(const void* data, size_t len)
37 : mData(data), mSize(len) {
38}
39
40KeystoreArg::~KeystoreArg() {
41}
42
43const void *KeystoreArg::data() const {
44 return mData;
45}
46
47size_t KeystoreArg::size() const {
48 return mSize;
49}
50
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]51OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]52 data(NULL), dataLength(0) {
53}
54
55OperationResult::~OperationResult() {
56}
57
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame^]58status_t OperationResult::readFromParcel(const Parcel* inn) {
59 const Parcel& in = *inn;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]60 resultCode = in.readInt32();
61 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]62 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]63 inputConsumed = in.readInt32();
64 ssize_t length = in.readInt32();
65 dataLength = 0;
66 if (length > 0) {
67 const void* buf = in.readInplace(length);
68 if (buf) {
69 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
70 if (data.get()) {
71 memcpy(data.get(), buf, length);
72 dataLength = (size_t) length;
73 } else {
74 ALOGE("Failed to allocate OperationResult buffer");
75 }
76 } else {
77 ALOGE("Failed to readInplace OperationResult data");
78 }
79 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]80 outParams.readFromParcel(in);
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame^]81 return OK;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]82}
83
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame^]84status_t OperationResult::writeToParcel(Parcel* out) const {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]85 out->writeInt32(resultCode);
86 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]87 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]88 out->writeInt32(inputConsumed);
89 out->writeInt32(dataLength);
90 if (dataLength && data) {
91 void* buf = out->writeInplace(dataLength);
92 if (buf) {
93 memcpy(buf, data.get(), dataLength);
94 } else {
95 ALOGE("Failed to writeInplace OperationResult data.");
96 }
97 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]98 outParams.writeToParcel(out);
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame^]99 return OK;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]100}
101
102ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
103}
104
105ExportResult::~ExportResult() {
106}
107
108void ExportResult::readFromParcel(const Parcel& in) {
109 resultCode = in.readInt32();
110 ssize_t length = in.readInt32();
111 dataLength = 0;
112 if (length > 0) {
113 const void* buf = in.readInplace(length);
114 if (buf) {
115 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
116 if (exportData.get()) {
117 memcpy(exportData.get(), buf, length);
118 dataLength = (size_t) length;
119 } else {
120 ALOGE("Failed to allocate ExportData buffer");
121 }
122 } else {
123 ALOGE("Failed to readInplace ExportData data");
124 }
125 }
126}
127
128void ExportResult::writeToParcel(Parcel* out) const {
129 out->writeInt32(resultCode);
130 out->writeInt32(dataLength);
131 if (exportData && dataLength) {
132 void* buf = out->writeInplace(dataLength);
133 if (buf) {
134 memcpy(buf, exportData.get(), dataLength);
135 } else {
136 ALOGE("Failed to writeInplace ExportResult data.");
137 }
138 }
139}
140
141KeymasterArguments::KeymasterArguments() {
142}
143
144KeymasterArguments::~KeymasterArguments() {
145 keymaster_free_param_values(params.data(), params.size());
146}
147
148void KeymasterArguments::readFromParcel(const Parcel& in) {
149 ssize_t length = in.readInt32();
150 size_t ulength = (size_t) length;
151 if (length < 0) {
152 ulength = 0;
153 }
154 keymaster_free_param_values(params.data(), params.size());
155 params.clear();
156 for(size_t i = 0; i < ulength; i++) {
157 keymaster_key_param_t param;
158 if (!readKeymasterArgumentFromParcel(in, &param)) {
159 ALOGE("Error reading keymaster argument from parcel");
160 break;
161 }
162 params.push_back(param);
163 }
164}
165
166void KeymasterArguments::writeToParcel(Parcel* out) const {
167 out->writeInt32(params.size());
168 for (auto param : params) {
169 out->writeInt32(1);
170 writeKeymasterArgumentToParcel(param, out);
171 }
172}
173
174KeyCharacteristics::KeyCharacteristics() {
175 memset((void*) &characteristics, 0, sizeof(characteristics));
176}
177
178KeyCharacteristics::~KeyCharacteristics() {
179 keymaster_free_characteristics(&characteristics);
180}
181
182void KeyCharacteristics::readFromParcel(const Parcel& in) {
183 size_t length = 0;
184 keymaster_key_param_t* params = readParamList(in, &length);
185 characteristics.sw_enforced.params = params;
186 characteristics.sw_enforced.length = length;
187
188 params = readParamList(in, &length);
189 characteristics.hw_enforced.params = params;
190 characteristics.hw_enforced.length = length;
191}
192
193void KeyCharacteristics::writeToParcel(Parcel* out) const {
194 if (characteristics.sw_enforced.params) {
195 out->writeInt32(characteristics.sw_enforced.length);
196 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
197 out->writeInt32(1);
198 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
199 }
200 } else {
201 out->writeInt32(0);
202 }
203 if (characteristics.hw_enforced.params) {
204 out->writeInt32(characteristics.hw_enforced.length);
205 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
206 out->writeInt32(1);
207 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
208 }
209 } else {
210 out->writeInt32(0);
211 }
212}
213
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]214KeymasterCertificateChain::KeymasterCertificateChain() {
215 memset(&chain, 0, sizeof(chain));
216}
217
218KeymasterCertificateChain::~KeymasterCertificateChain() {
219 keymaster_free_cert_chain(&chain);
220}
221
222static bool readKeymasterBlob(const Parcel& in, keymaster_blob_t* blob) {
223 if (in.readInt32() != 1) {
224 return false;
225 }
226
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]227 ssize_t length = in.readInt32();
228 if (length <= 0) {
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]229 return false;
230 }
231
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]232 blob->data = reinterpret_cast<const uint8_t*>(malloc(length));
233 if (!blob->data)
234 return false;
235
236 const void* buf = in.readInplace(length);
237 if (!buf)
238 return false;
239
240 blob->data_length = static_cast<size_t>(length);
241 memcpy(const_cast<uint8_t*>(blob->data), buf, length);
242
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]243 return true;
244}
245
246void KeymasterCertificateChain::readFromParcel(const Parcel& in) {
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]247 keymaster_free_cert_chain(&chain);
248
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]249 ssize_t count = in.readInt32();
250 size_t ucount = count;
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]251 if (count <= 0) {
252 return;
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]253 }
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]254
255 chain.entries = reinterpret_cast<keymaster_blob_t*>(malloc(sizeof(keymaster_blob_t) * ucount));
256 if (!chain.entries) {
257 ALOGE("Error allocating memory for certificate chain");
258 return;
259 }
260
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]261 memset(chain.entries, 0, sizeof(keymaster_blob_t) * ucount);
262 for (size_t i = 0; i < ucount; ++i) {
263 if (!readKeymasterBlob(in, &chain.entries[i])) {
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]264 ALOGE("Error reading certificate from parcel");
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]265 keymaster_free_cert_chain(&chain);
266 return;
267 }
268 }
269}
270
271void KeymasterCertificateChain::writeToParcel(Parcel* out) const {
272 out->writeInt32(chain.entry_count);
273 for (size_t i = 0; i < chain.entry_count; ++i) {
274 if (chain.entries[i].data) {
275 out->writeInt32(1); // Tell Java side that object is not NULL
276 out->writeInt32(chain.entries[i].data_length);
277 void* buf = out->writeInplace(chain.entries[i].data_length);
278 if (buf) {
279 memcpy(buf, chain.entries[i].data, chain.entries[i].data_length);
280 } else {
281 ALOGE("Failed to writeInplace keymaster cert chain entry");
282 }
283 } else {
284 out->writeInt32(0); // Tell Java side this object is NULL.
285 ALOGE("Found NULL certificate chain entry");
286 }
287 }
288}
289
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]290void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
291 switch (keymaster_tag_get_type(param.tag)) {
292 case KM_ENUM:
293 case KM_ENUM_REP: {
294 out->writeInt32(param.tag);
295 out->writeInt32(param.enumerated);
296 break;
297 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]298 case KM_UINT:
299 case KM_UINT_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]300 out->writeInt32(param.tag);
301 out->writeInt32(param.integer);
302 break;
303 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]304 case KM_ULONG:
305 case KM_ULONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]306 out->writeInt32(param.tag);
307 out->writeInt64(param.long_integer);
308 break;
309 }
310 case KM_DATE: {
311 out->writeInt32(param.tag);
312 out->writeInt64(param.date_time);
313 break;
314 }
315 case KM_BOOL: {
316 out->writeInt32(param.tag);
317 break;
318 }
319 case KM_BIGNUM:
320 case KM_BYTES: {
321 out->writeInt32(param.tag);
322 out->writeInt32(param.blob.data_length);
323 void* buf = out->writeInplace(param.blob.data_length);
324 if (buf) {
325 memcpy(buf, param.blob.data, param.blob.data_length);
326 } else {
327 ALOGE("Failed to writeInplace keymaster blob param");
328 }
329 break;
330 }
331 default: {
332 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
333 }
334 }
335}
336
337
338bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
339 if (in.readInt32() == 0) {
340 return false;
341 }
342 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
343 switch (keymaster_tag_get_type(tag)) {
344 case KM_ENUM:
345 case KM_ENUM_REP: {
346 uint32_t value = in.readInt32();
347 *out = keymaster_param_enum(tag, value);
348 break;
349 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]350 case KM_UINT:
351 case KM_UINT_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]352 uint32_t value = in.readInt32();
353 *out = keymaster_param_int(tag, value);
354 break;
355 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]356 case KM_ULONG:
357 case KM_ULONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]358 uint64_t value = in.readInt64();
359 *out = keymaster_param_long(tag, value);
360 break;
361 }
362 case KM_DATE: {
363 uint64_t value = in.readInt64();
364 *out = keymaster_param_date(tag, value);
365 break;
366 }
367 case KM_BOOL: {
368 *out = keymaster_param_bool(tag);
369 break;
370 }
371 case KM_BIGNUM:
372 case KM_BYTES: {
373 ssize_t length = in.readInt32();
374 uint8_t* data = NULL;
375 size_t ulength = 0;
376 if (length >= 0) {
377 ulength = (size_t) length;
378 // use malloc here so we can use keymaster_free_param_values
379 // consistently.
380 data = reinterpret_cast<uint8_t*>(malloc(ulength));
381 const void* buf = in.readInplace(ulength);
382 if (!buf || !data) {
383 ALOGE("Failed to allocate buffer for keymaster blob param");
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]384 free(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]385 return false;
386 }
387 memcpy(data, buf, ulength);
388 }
389 *out = keymaster_param_blob(tag, data, ulength);
390 break;
391 }
392 default: {
393 ALOGE("Unsupported keymaster_tag_t %d", tag);
394 return false;
395 }
396 }
397 return true;
398}
399
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]400/**
401 * Read a byte array from in. The data at *data is still owned by the parcel
402 */
403static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
404 ssize_t slength = in.readInt32();
405 if (slength > 0) {
406 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
407 if (*data) {
408 *length = static_cast<size_t>(slength);
409 } else {
410 *length = 0;
411 }
412 } else {
413 *data = NULL;
414 *length = 0;
415 }
416}
417
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]418// Read a keymaster_key_param_t* from a Parcel for use in a
419// keymaster_key_characteristics_t. This will be free'd by calling
420// keymaster_free_key_characteristics.
421static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
422 ssize_t slength = in.readInt32();
423 *length = 0;
424 if (slength < 0) {
425 return NULL;
426 }
427 *length = (size_t) slength;
428 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
429 return NULL;
430 }
431 keymaster_key_param_t* list =
432 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
433 sizeof(keymaster_key_param_t)));
434 if (!list) {
435 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
436 goto err;
437 }
438 for (size_t i = 0; i < *length ; i++) {
439 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
440 ALOGE("Failed to read keymaster argument");
441 keymaster_free_param_values(list, i);
442 goto err;
443 }
444 }
445 return list;
446err:
447 free(list);
448 return NULL;
449}
450
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]451static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]452 std::unique_ptr<keymaster_blob_t> blob (new keymaster_blob_t);
453 if (!readKeymasterBlob(in, blob.get())) {
454 blob.reset();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]455 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]456 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]457}
458
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]459class BpKeystoreService: public BpInterface<IKeystoreService>
460{
461public:
Chih-Hung Hsiehd3bccc82016-04-25 12:11:44 -0700[diff] [blame]462 explicit BpKeystoreService(const sp<IBinder>& impl)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]463 : BpInterface<IKeystoreService>(impl)
464 {
465 }
466
467 // test ping
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]468 virtual int32_t getState(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]469 {
470 Parcel data, reply;
471 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]472 data.writeInt32(userId);
473 status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]474 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]475 ALOGD("getState() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]476 return -1;
477 }
478 int32_t err = reply.readExceptionCode();
479 int32_t ret = reply.readInt32();
480 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]481 ALOGD("getState() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]482 return -1;
483 }
484 return ret;
485 }
486
487 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
488 {
489 Parcel data, reply;
490 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
491 data.writeString16(name);
492 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
493 if (status != NO_ERROR) {
494 ALOGD("get() could not contact remote: %d\n", status);
495 return -1;
496 }
497 int32_t err = reply.readExceptionCode();
498 ssize_t len = reply.readInt32();
499 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
500 size_t ulen = (size_t) len;
501 const void* buf = reply.readInplace(ulen);
502 *item = (uint8_t*) malloc(ulen);
503 if (*item != NULL) {
504 memcpy(*item, buf, ulen);
505 *itemLength = ulen;
506 } else {
507 ALOGE("out of memory allocating output array in get");
508 *itemLength = 0;
509 }
510 } else {
511 *itemLength = 0;
512 }
513 if (err < 0) {
514 ALOGD("get() caught exception %d\n", err);
515 return -1;
516 }
517 return 0;
518 }
519
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]520 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
521 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]522 {
523 Parcel data, reply;
524 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
525 data.writeString16(name);
526 data.writeInt32(itemLength);
527 void* buf = data.writeInplace(itemLength);
528 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]529 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]530 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]531 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
532 if (status != NO_ERROR) {
533 ALOGD("import() could not contact remote: %d\n", status);
534 return -1;
535 }
536 int32_t err = reply.readExceptionCode();
537 int32_t ret = reply.readInt32();
538 if (err < 0) {
539 ALOGD("import() caught exception %d\n", err);
540 return -1;
541 }
542 return ret;
543 }
544
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]545 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]546 {
547 Parcel data, reply;
548 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
549 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]550 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]551 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
552 if (status != NO_ERROR) {
553 ALOGD("del() could not contact remote: %d\n", status);
554 return -1;
555 }
556 int32_t err = reply.readExceptionCode();
557 int32_t ret = reply.readInt32();
558 if (err < 0) {
559 ALOGD("del() caught exception %d\n", err);
560 return -1;
561 }
562 return ret;
563 }
564
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]565 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]566 {
567 Parcel data, reply;
568 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
569 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]570 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]571 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
572 if (status != NO_ERROR) {
573 ALOGD("exist() could not contact remote: %d\n", status);
574 return -1;
575 }
576 int32_t err = reply.readExceptionCode();
577 int32_t ret = reply.readInt32();
578 if (err < 0) {
579 ALOGD("exist() caught exception %d\n", err);
580 return -1;
581 }
582 return ret;
583 }
584
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]585 virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]586 {
587 Parcel data, reply;
588 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]589 data.writeString16(prefix);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]590 data.writeInt32(uid);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]591 status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]592 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]593 ALOGD("list() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]594 return -1;
595 }
596 int32_t err = reply.readExceptionCode();
597 int32_t numMatches = reply.readInt32();
598 for (int32_t i = 0; i < numMatches; i++) {
599 matches->push(reply.readString16());
600 }
601 int32_t ret = reply.readInt32();
602 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]603 ALOGD("list() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]604 return -1;
605 }
606 return ret;
607 }
608
609 virtual int32_t reset()
610 {
611 Parcel data, reply;
612 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
613 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
614 if (status != NO_ERROR) {
615 ALOGD("reset() could not contact remote: %d\n", status);
616 return -1;
617 }
618 int32_t err = reply.readExceptionCode();
619 int32_t ret = reply.readInt32();
620 if (err < 0) {
621 ALOGD("reset() caught exception %d\n", err);
622 return -1;
623 }
624 return ret;
625 }
626
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]627 virtual int32_t onUserPasswordChanged(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]628 {
629 Parcel data, reply;
630 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]631 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]632 data.writeString16(password);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]633 status_t status = remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data,
634 &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]635 if (status != NO_ERROR) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]636 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]637 return -1;
638 }
639 int32_t err = reply.readExceptionCode();
640 int32_t ret = reply.readInt32();
641 if (err < 0) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]642 ALOGD("onUserPasswordChanged() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]643 return -1;
644 }
645 return ret;
646 }
647
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]648 virtual int32_t lock(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]649 {
650 Parcel data, reply;
651 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]652 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]653 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
654 if (status != NO_ERROR) {
655 ALOGD("lock() could not contact remote: %d\n", status);
656 return -1;
657 }
658 int32_t err = reply.readExceptionCode();
659 int32_t ret = reply.readInt32();
660 if (err < 0) {
661 ALOGD("lock() caught exception %d\n", err);
662 return -1;
663 }
664 return ret;
665 }
666
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]667 virtual int32_t unlock(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]668 {
669 Parcel data, reply;
670 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]671 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]672 data.writeString16(password);
673 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
674 if (status != NO_ERROR) {
675 ALOGD("unlock() could not contact remote: %d\n", status);
676 return -1;
677 }
678 int32_t err = reply.readExceptionCode();
679 int32_t ret = reply.readInt32();
680 if (err < 0) {
681 ALOGD("unlock() caught exception %d\n", err);
682 return -1;
683 }
684 return ret;
685 }
686
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]687 virtual bool isEmpty(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]688 {
689 Parcel data, reply;
690 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]691 data.writeInt32(userId);
692 status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]693 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]694 ALOGD("isEmpty() could not contact remote: %d\n", status);
695 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]696 }
697 int32_t err = reply.readExceptionCode();
698 int32_t ret = reply.readInt32();
699 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]700 ALOGD("isEmpty() caught exception %d\n", err);
701 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]702 }
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]703 return ret != 0;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]704 }
705
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]706 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
707 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]708 {
709 Parcel data, reply;
710 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
711 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]712 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]713 data.writeInt32(keyType);
714 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]715 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]716 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]717 data.writeInt32(args->size());
718 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
719 sp<KeystoreArg> item = *it;
720 size_t keyLength = item->size();
721 data.writeInt32(keyLength);
722 void* buf = data.writeInplace(keyLength);
723 memcpy(buf, item->data(), keyLength);
724 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]725 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
726 if (status != NO_ERROR) {
727 ALOGD("generate() could not contact remote: %d\n", status);
728 return -1;
729 }
730 int32_t err = reply.readExceptionCode();
731 int32_t ret = reply.readInt32();
732 if (err < 0) {
733 ALOGD("generate() caught exception %d\n", err);
734 return -1;
735 }
736 return ret;
737 }
738
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]739 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
740 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]741 {
742 Parcel data, reply;
743 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
744 data.writeString16(name);
745 data.writeInt32(keyLength);
746 void* buf = data.writeInplace(keyLength);
747 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]748 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]749 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]750 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
751 if (status != NO_ERROR) {
752 ALOGD("import() could not contact remote: %d\n", status);
753 return -1;
754 }
755 int32_t err = reply.readExceptionCode();
756 int32_t ret = reply.readInt32();
757 if (err < 0) {
758 ALOGD("import() caught exception %d\n", err);
759 return -1;
760 }
761 return ret;
762 }
763
764 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
765 size_t* outLength)
766 {
767 Parcel data, reply;
768 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
769 data.writeString16(name);
770 data.writeInt32(inLength);
771 void* buf = data.writeInplace(inLength);
772 memcpy(buf, in, inLength);
773 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
774 if (status != NO_ERROR) {
775 ALOGD("import() could not contact remote: %d\n", status);
776 return -1;
777 }
778 int32_t err = reply.readExceptionCode();
779 ssize_t len = reply.readInt32();
780 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
781 size_t ulen = (size_t) len;
782 const void* outBuf = reply.readInplace(ulen);
783 *out = (uint8_t*) malloc(ulen);
784 if (*out != NULL) {
785 memcpy((void*) *out, outBuf, ulen);
786 *outLength = ulen;
787 } else {
788 ALOGE("out of memory allocating output array in sign");
789 *outLength = 0;
790 }
791 } else {
792 *outLength = 0;
793 }
794 if (err < 0) {
795 ALOGD("import() caught exception %d\n", err);
796 return -1;
797 }
798 return 0;
799 }
800
801 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
802 const uint8_t* signature, size_t signatureLength)
803 {
804 Parcel data, reply;
805 void* buf;
806
807 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
808 data.writeString16(name);
809 data.writeInt32(inLength);
810 buf = data.writeInplace(inLength);
811 memcpy(buf, in, inLength);
812 data.writeInt32(signatureLength);
813 buf = data.writeInplace(signatureLength);
814 memcpy(buf, signature, signatureLength);
815 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
816 if (status != NO_ERROR) {
817 ALOGD("verify() could not contact remote: %d\n", status);
818 return -1;
819 }
820 int32_t err = reply.readExceptionCode();
821 int32_t ret = reply.readInt32();
822 if (err < 0) {
823 ALOGD("verify() caught exception %d\n", err);
824 return -1;
825 }
826 return ret;
827 }
828
829 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
830 {
831 Parcel data, reply;
832 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
833 data.writeString16(name);
834 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
835 if (status != NO_ERROR) {
836 ALOGD("get_pubkey() could not contact remote: %d\n", status);
837 return -1;
838 }
839 int32_t err = reply.readExceptionCode();
840 ssize_t len = reply.readInt32();
841 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
842 size_t ulen = (size_t) len;
843 const void* buf = reply.readInplace(ulen);
844 *pubkey = (uint8_t*) malloc(ulen);
845 if (*pubkey != NULL) {
846 memcpy(*pubkey, buf, ulen);
847 *pubkeyLength = ulen;
848 } else {
849 ALOGE("out of memory allocating output array in get_pubkey");
850 *pubkeyLength = 0;
851 }
852 } else {
853 *pubkeyLength = 0;
854 }
855 if (err < 0) {
856 ALOGD("get_pubkey() caught exception %d\n", err);
857 return -1;
858 }
859 return 0;
860 }
861
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]862 virtual int32_t grant(const String16& name, int32_t granteeUid)
863 {
864 Parcel data, reply;
865 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
866 data.writeString16(name);
867 data.writeInt32(granteeUid);
868 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
869 if (status != NO_ERROR) {
870 ALOGD("grant() could not contact remote: %d\n", status);
871 return -1;
872 }
873 int32_t err = reply.readExceptionCode();
874 int32_t ret = reply.readInt32();
875 if (err < 0) {
876 ALOGD("grant() caught exception %d\n", err);
877 return -1;
878 }
879 return ret;
880 }
881
882 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
883 {
884 Parcel data, reply;
885 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
886 data.writeString16(name);
887 data.writeInt32(granteeUid);
888 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
889 if (status != NO_ERROR) {
890 ALOGD("ungrant() could not contact remote: %d\n", status);
891 return -1;
892 }
893 int32_t err = reply.readExceptionCode();
894 int32_t ret = reply.readInt32();
895 if (err < 0) {
896 ALOGD("ungrant() caught exception %d\n", err);
897 return -1;
898 }
899 return ret;
900 }
901
902 int64_t getmtime(const String16& name)
903 {
904 Parcel data, reply;
905 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
906 data.writeString16(name);
907 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
908 if (status != NO_ERROR) {
909 ALOGD("getmtime() could not contact remote: %d\n", status);
910 return -1;
911 }
912 int32_t err = reply.readExceptionCode();
913 int64_t ret = reply.readInt64();
914 if (err < 0) {
915 ALOGD("getmtime() caught exception %d\n", err);
916 return -1;
917 }
918 return ret;
919 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]920
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]921 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
922 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]923 {
924 Parcel data, reply;
925 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]926 data.writeString16(srcKey);
927 data.writeInt32(srcUid);
928 data.writeString16(destKey);
929 data.writeInt32(destUid);
930 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]931 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]932 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]933 return -1;
934 }
935 int32_t err = reply.readExceptionCode();
936 int32_t ret = reply.readInt32();
937 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]938 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]939 return -1;
940 }
941 return ret;
942 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]943
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]944 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]945 {
946 Parcel data, reply;
947 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]948 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]949 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
950 if (status != NO_ERROR) {
951 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
952 return -1;
953 }
954 int32_t err = reply.readExceptionCode();
955 int32_t ret = reply.readInt32();
956 if (err < 0) {
957 ALOGD("is_hardware_backed() caught exception %d\n", err);
958 return -1;
959 }
960 return ret;
961 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]962
963 virtual int32_t clear_uid(int64_t uid)
964 {
965 Parcel data, reply;
966 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
967 data.writeInt64(uid);
968 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
969 if (status != NO_ERROR) {
970 ALOGD("clear_uid() could not contact remote: %d\n", status);
971 return -1;
972 }
973 int32_t err = reply.readExceptionCode();
974 int32_t ret = reply.readInt32();
975 if (err < 0) {
976 ALOGD("clear_uid() caught exception %d\n", err);
977 return -1;
978 }
979 return ret;
980 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]981
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]982 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
983 {
984 Parcel data, reply;
985 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]986 data.writeByteArray(bufLength, buf);
987 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
988 if (status != NO_ERROR) {
989 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
990 return -1;
991 }
992 int32_t err = reply.readExceptionCode();
993 int32_t ret = reply.readInt32();
994 if (err < 0) {
995 ALOGD("addRngEntropy() caught exception %d\n", err);
996 return -1;
997 }
998 return ret;
999 };
1000
1001 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1002 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
1003 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1004 {
1005 Parcel data, reply;
1006 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1007 data.writeString16(name);
1008 data.writeInt32(1);
1009 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1010 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1011 data.writeInt32(uid);
1012 data.writeInt32(flags);
1013 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
1014 if (status != NO_ERROR) {
1015 ALOGD("generateKey() could not contact remote: %d\n", status);
1016 return KM_ERROR_UNKNOWN_ERROR;
1017 }
1018 int32_t err = reply.readExceptionCode();
1019 int32_t ret = reply.readInt32();
1020 if (err < 0) {
1021 ALOGD("generateKey() caught exception %d\n", err);
1022 return KM_ERROR_UNKNOWN_ERROR;
1023 }
1024 if (reply.readInt32() != 0 && outCharacteristics) {
1025 outCharacteristics->readFromParcel(reply);
1026 }
1027 return ret;
1028 }
1029 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1030 const keymaster_blob_t* clientId,
1031 const keymaster_blob_t* appData,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1032 KeyCharacteristics* outCharacteristics)
1033 {
1034 Parcel data, reply;
1035 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1036 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1037 if (clientId) {
1038 data.writeByteArray(clientId->data_length, clientId->data);
1039 } else {
1040 data.writeInt32(-1);
1041 }
1042 if (appData) {
1043 data.writeByteArray(appData->data_length, appData->data);
1044 } else {
1045 data.writeInt32(-1);
1046 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1047 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1048 data, &reply);
1049 if (status != NO_ERROR) {
1050 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1051 return KM_ERROR_UNKNOWN_ERROR;
1052 }
1053 int32_t err = reply.readExceptionCode();
1054 int32_t ret = reply.readInt32();
1055 if (err < 0) {
1056 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1057 return KM_ERROR_UNKNOWN_ERROR;
1058 }
1059 if (reply.readInt32() != 0 && outCharacteristics) {
1060 outCharacteristics->readFromParcel(reply);
1061 }
1062 return ret;
1063 }
1064 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1065 keymaster_key_format_t format, const uint8_t *keyData,
1066 size_t keyLength, int uid, int flags,
1067 KeyCharacteristics* outCharacteristics)
1068 {
1069 Parcel data, reply;
1070 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1071 data.writeString16(name);
1072 data.writeInt32(1);
1073 params.writeToParcel(&data);
1074 data.writeInt32(format);
1075 data.writeByteArray(keyLength, keyData);
1076 data.writeInt32(uid);
1077 data.writeInt32(flags);
1078 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1079 if (status != NO_ERROR) {
1080 ALOGD("importKey() could not contact remote: %d\n", status);
1081 return KM_ERROR_UNKNOWN_ERROR;
1082 }
1083 int32_t err = reply.readExceptionCode();
1084 int32_t ret = reply.readInt32();
1085 if (err < 0) {
1086 ALOGD("importKey() caught exception %d\n", err);
1087 return KM_ERROR_UNKNOWN_ERROR;
1088 }
1089 if (reply.readInt32() != 0 && outCharacteristics) {
1090 outCharacteristics->readFromParcel(reply);
1091 }
1092 return ret;
1093 }
1094
1095 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1096 const keymaster_blob_t* clientId,
1097 const keymaster_blob_t* appData, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1098 {
1099 if (!result) {
1100 return;
1101 }
1102
1103 Parcel data, reply;
1104 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1105 data.writeString16(name);
1106 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1107 if (clientId) {
1108 data.writeByteArray(clientId->data_length, clientId->data);
1109 } else {
1110 data.writeInt32(-1);
1111 }
1112 if (appData) {
1113 data.writeByteArray(appData->data_length, appData->data);
1114 } else {
1115 data.writeInt32(-1);
1116 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1117 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1118 if (status != NO_ERROR) {
1119 ALOGD("exportKey() could not contact remote: %d\n", status);
1120 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1121 return;
1122 }
1123 int32_t err = reply.readExceptionCode();
1124 if (err < 0) {
1125 ALOGD("exportKey() caught exception %d\n", err);
1126 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1127 return;
1128 }
1129 if (reply.readInt32() != 0) {
1130 result->readFromParcel(reply);
1131 }
1132 }
1133
1134 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1135 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1136 const KeymasterArguments& params, const uint8_t* entropy,
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1137 size_t entropyLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1138 {
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1139 if (!result) {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1140 return;
1141 }
1142 Parcel data, reply;
1143 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1144 data.writeStrongBinder(appToken);
1145 data.writeString16(name);
1146 data.writeInt32(purpose);
1147 data.writeInt32(pruneable ? 1 : 0);
1148 data.writeInt32(1);
1149 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1150 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1151 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1152 if (status != NO_ERROR) {
1153 ALOGD("begin() could not contact remote: %d\n", status);
1154 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1155 return;
1156 }
1157 int32_t err = reply.readExceptionCode();
1158 if (err < 0) {
1159 ALOGD("begin() caught exception %d\n", err);
1160 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1161 return;
1162 }
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame^]1163
1164 reply.readParcelable(result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1165 }
1166
1167 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1168 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1169 {
1170 if (!result) {
1171 return;
1172 }
1173 Parcel data, reply;
1174 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1175 data.writeStrongBinder(token);
1176 data.writeInt32(1);
1177 params.writeToParcel(&data);
1178 data.writeByteArray(dataLength, opData);
1179 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1180 if (status != NO_ERROR) {
1181 ALOGD("update() could not contact remote: %d\n", status);
1182 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1183 return;
1184 }
1185 int32_t err = reply.readExceptionCode();
1186 if (err < 0) {
1187 ALOGD("update() caught exception %d\n", err);
1188 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1189 return;
1190 }
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame^]1191
1192 reply.readParcelable(result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1193 }
1194
1195 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1196 const uint8_t* signature, size_t signatureLength,
1197 const uint8_t* entropy, size_t entropyLength,
1198 OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1199 {
1200 if (!result) {
1201 return;
1202 }
1203 Parcel data, reply;
1204 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1205 data.writeStrongBinder(token);
1206 data.writeInt32(1);
1207 params.writeToParcel(&data);
1208 data.writeByteArray(signatureLength, signature);
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1209 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1210 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1211 if (status != NO_ERROR) {
1212 ALOGD("finish() could not contact remote: %d\n", status);
1213 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1214 return;
1215 }
1216 int32_t err = reply.readExceptionCode();
1217 if (err < 0) {
1218 ALOGD("finish() caught exception %d\n", err);
1219 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1220 return;
1221 }
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame^]1222
1223 reply.readParcelable(result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1224 }
1225
1226 virtual int32_t abort(const sp<IBinder>& token)
1227 {
1228 Parcel data, reply;
1229 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1230 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1231 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1232 if (status != NO_ERROR) {
1233 ALOGD("abort() could not contact remote: %d\n", status);
1234 return KM_ERROR_UNKNOWN_ERROR;
1235 }
1236 int32_t err = reply.readExceptionCode();
1237 int32_t ret = reply.readInt32();
1238 if (err < 0) {
1239 ALOGD("abort() caught exception %d\n", err);
1240 return KM_ERROR_UNKNOWN_ERROR;
1241 }
1242 return ret;
1243 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1244
1245 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1246 {
1247 Parcel data, reply;
1248 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1249 data.writeStrongBinder(token);
1250 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1251 &reply);
1252 if (status != NO_ERROR) {
1253 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1254 return false;
1255 }
1256 int32_t err = reply.readExceptionCode();
1257 int32_t ret = reply.readInt32();
1258 if (err < 0) {
1259 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1260 return false;
1261 }
1262 return ret == 1;
1263 }
1264
1265 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1266 {
1267 Parcel data, reply;
1268 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1269 data.writeByteArray(length, token);
1270 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1271 if (status != NO_ERROR) {
1272 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1273 return -1;
1274 }
1275 int32_t err = reply.readExceptionCode();
1276 int32_t ret = reply.readInt32();
1277 if (err < 0) {
1278 ALOGD("addAuthToken() caught exception %d\n", err);
1279 return -1;
1280 }
1281 return ret;
1282 };
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1283
1284 virtual int32_t onUserAdded(int32_t userId, int32_t parentId)
1285 {
1286 Parcel data, reply;
1287 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1288 data.writeInt32(userId);
1289 data.writeInt32(parentId);
1290 status_t status = remote()->transact(BnKeystoreService::ON_USER_ADDED, data, &reply);
1291 if (status != NO_ERROR) {
1292 ALOGD("onUserAdded() could not contact remote: %d\n", status);
1293 return -1;
1294 }
1295 int32_t err = reply.readExceptionCode();
1296 int32_t ret = reply.readInt32();
1297 if (err < 0) {
1298 ALOGD("onUserAdded() caught exception %d\n", err);
1299 return -1;
1300 }
1301 return ret;
1302 }
1303
1304 virtual int32_t onUserRemoved(int32_t userId)
1305 {
1306 Parcel data, reply;
1307 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1308 data.writeInt32(userId);
1309 status_t status = remote()->transact(BnKeystoreService::ON_USER_REMOVED, data, &reply);
1310 if (status != NO_ERROR) {
1311 ALOGD("onUserRemoved() could not contact remote: %d\n", status);
1312 return -1;
1313 }
1314 int32_t err = reply.readExceptionCode();
1315 int32_t ret = reply.readInt32();
1316 if (err < 0) {
1317 ALOGD("onUserRemoved() caught exception %d\n", err);
1318 return -1;
1319 }
1320 return ret;
1321 }
1322
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]1323 virtual int32_t attestKey(const String16& name, const KeymasterArguments& params,
1324 KeymasterCertificateChain* outChain) {
1325 if (!outChain)
1326 return KM_ERROR_OUTPUT_PARAMETER_NULL;
1327
1328 Parcel data, reply;
1329 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1330 data.writeString16(name);
1331 data.writeInt32(1); // params is not NULL.
1332 params.writeToParcel(&data);
1333
1334 status_t status = remote()->transact(BnKeystoreService::ATTEST_KEY, data, &reply);
1335 if (status != NO_ERROR) {
1336 ALOGD("attestkey() count not contact remote: %d\n", status);
1337 return KM_ERROR_UNKNOWN_ERROR;
1338 }
1339 int32_t err = reply.readExceptionCode();
1340 int32_t ret = reply.readInt32();
1341 if (err < 0) {
1342 ALOGD("attestKey() caught exception %d\n", err);
1343 return KM_ERROR_UNKNOWN_ERROR;
1344 }
1345 if (reply.readInt32() != 0) {
1346 outChain->readFromParcel(reply);
1347 }
1348 return ret;
1349 }
1350
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1351};
1352
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1353IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1354
1355// ----------------------------------------------------------------------
1356
1357status_t BnKeystoreService::onTransact(
1358 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1359{
1360 switch(code) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1361 case GET_STATE: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1362 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1363 int32_t userId = data.readInt32();
1364 int32_t ret = getState(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1365 reply->writeNoException();
1366 reply->writeInt32(ret);
1367 return NO_ERROR;
1368 } break;
1369 case GET: {
1370 CHECK_INTERFACE(IKeystoreService, data, reply);
1371 String16 name = data.readString16();
1372 void* out = NULL;
1373 size_t outSize = 0;
1374 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1375 reply->writeNoException();
1376 if (ret == 1) {
1377 reply->writeInt32(outSize);
1378 void* buf = reply->writeInplace(outSize);
1379 memcpy(buf, out, outSize);
1380 free(out);
1381 } else {
1382 reply->writeInt32(-1);
1383 }
1384 return NO_ERROR;
1385 } break;
1386 case INSERT: {
1387 CHECK_INTERFACE(IKeystoreService, data, reply);
1388 String16 name = data.readString16();
1389 ssize_t inSize = data.readInt32();
1390 const void* in;
1391 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1392 in = data.readInplace(inSize);
1393 } else {
1394 in = NULL;
1395 inSize = 0;
1396 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1397 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1398 int32_t flags = data.readInt32();
1399 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1400 reply->writeNoException();
1401 reply->writeInt32(ret);
1402 return NO_ERROR;
1403 } break;
1404 case DEL: {
1405 CHECK_INTERFACE(IKeystoreService, data, reply);
1406 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1407 int uid = data.readInt32();
1408 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1409 reply->writeNoException();
1410 reply->writeInt32(ret);
1411 return NO_ERROR;
1412 } break;
1413 case EXIST: {
1414 CHECK_INTERFACE(IKeystoreService, data, reply);
1415 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1416 int uid = data.readInt32();
1417 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1418 reply->writeNoException();
1419 reply->writeInt32(ret);
1420 return NO_ERROR;
1421 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1422 case LIST: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1423 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1424 String16 prefix = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1425 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1426 Vector<String16> matches;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1427 int32_t ret = list(prefix, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1428 reply->writeNoException();
1429 reply->writeInt32(matches.size());
1430 Vector<String16>::const_iterator it = matches.begin();
1431 for (; it != matches.end(); ++it) {
1432 reply->writeString16(*it);
1433 }
1434 reply->writeInt32(ret);
1435 return NO_ERROR;
1436 } break;
1437 case RESET: {
1438 CHECK_INTERFACE(IKeystoreService, data, reply);
1439 int32_t ret = reset();
1440 reply->writeNoException();
1441 reply->writeInt32(ret);
1442 return NO_ERROR;
1443 } break;
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1444 case ON_USER_PASSWORD_CHANGED: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1445 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1446 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1447 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1448 int32_t ret = onUserPasswordChanged(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1449 reply->writeNoException();
1450 reply->writeInt32(ret);
1451 return NO_ERROR;
1452 } break;
1453 case LOCK: {
1454 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1455 int32_t userId = data.readInt32();
1456 int32_t ret = lock(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1457 reply->writeNoException();
1458 reply->writeInt32(ret);
1459 return NO_ERROR;
1460 } break;
1461 case UNLOCK: {
1462 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1463 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1464 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1465 int32_t ret = unlock(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1466 reply->writeNoException();
1467 reply->writeInt32(ret);
1468 return NO_ERROR;
1469 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1470 case IS_EMPTY: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1471 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1472 int32_t userId = data.readInt32();
1473 bool ret = isEmpty(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1474 reply->writeNoException();
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1475 reply->writeInt32(ret ? 1 : 0);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1476 return NO_ERROR;
1477 } break;
1478 case GENERATE: {
1479 CHECK_INTERFACE(IKeystoreService, data, reply);
1480 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1481 int32_t uid = data.readInt32();
1482 int32_t keyType = data.readInt32();
1483 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1484 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1485 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1486 int32_t argsPresent = data.readInt32();
1487 if (argsPresent == 1) {
1488 ssize_t numArgs = data.readInt32();
Chad Brubakered4f5662015-01-14 19:22:09 -0800[diff] [blame]1489 if (numArgs > MAX_GENERATE_ARGS) {
1490 return BAD_VALUE;
1491 }
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1492 if (numArgs > 0) {
1493 for (size_t i = 0; i < (size_t) numArgs; i++) {
1494 ssize_t inSize = data.readInt32();
1495 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1496 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1497 inSize);
1498 args.push_back(arg);
1499 } else {
1500 args.push_back(NULL);
1501 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1502 }
1503 }
1504 }
1505 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1506 reply->writeNoException();
1507 reply->writeInt32(ret);
1508 return NO_ERROR;
1509 } break;
1510 case IMPORT: {
1511 CHECK_INTERFACE(IKeystoreService, data, reply);
1512 String16 name = data.readString16();
1513 ssize_t inSize = data.readInt32();
1514 const void* in;
1515 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1516 in = data.readInplace(inSize);
1517 } else {
1518 in = NULL;
1519 inSize = 0;
1520 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1521 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1522 int32_t flags = data.readInt32();
1523 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1524 reply->writeNoException();
1525 reply->writeInt32(ret);
1526 return NO_ERROR;
1527 } break;
1528 case SIGN: {
1529 CHECK_INTERFACE(IKeystoreService, data, reply);
1530 String16 name = data.readString16();
1531 ssize_t inSize = data.readInt32();
1532 const void* in;
1533 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1534 in = data.readInplace(inSize);
1535 } else {
1536 in = NULL;
1537 inSize = 0;
1538 }
1539 void* out = NULL;
1540 size_t outSize = 0;
1541 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1542 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1543 if (outSize > 0 && out != NULL) {
1544 reply->writeInt32(outSize);
1545 void* buf = reply->writeInplace(outSize);
1546 memcpy(buf, out, outSize);
Chad Brubaker3a7d9e62015-06-04 15:01:46 -0700[diff] [blame]1547 delete[] reinterpret_cast<uint8_t*>(out);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1548 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1549 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1550 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1551 reply->writeInt32(ret);
1552 return NO_ERROR;
1553 } break;
1554 case VERIFY: {
1555 CHECK_INTERFACE(IKeystoreService, data, reply);
1556 String16 name = data.readString16();
1557 ssize_t inSize = data.readInt32();
1558 const void* in;
1559 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1560 in = data.readInplace(inSize);
1561 } else {
1562 in = NULL;
1563 inSize = 0;
1564 }
1565 ssize_t sigSize = data.readInt32();
1566 const void* sig;
1567 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1568 sig = data.readInplace(sigSize);
1569 } else {
1570 sig = NULL;
1571 sigSize = 0;
1572 }
1573 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1574 (size_t) sigSize);
1575 reply->writeNoException();
1576 reply->writeInt32(ret ? 1 : 0);
1577 return NO_ERROR;
1578 } break;
1579 case GET_PUBKEY: {
1580 CHECK_INTERFACE(IKeystoreService, data, reply);
1581 String16 name = data.readString16();
1582 void* out = NULL;
1583 size_t outSize = 0;
1584 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1585 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1586 if (outSize > 0 && out != NULL) {
1587 reply->writeInt32(outSize);
1588 void* buf = reply->writeInplace(outSize);
1589 memcpy(buf, out, outSize);
1590 free(out);
1591 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1592 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1593 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1594 reply->writeInt32(ret);
1595 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1596 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1597 case GRANT: {
1598 CHECK_INTERFACE(IKeystoreService, data, reply);
1599 String16 name = data.readString16();
1600 int32_t granteeUid = data.readInt32();
1601 int32_t ret = grant(name, granteeUid);
1602 reply->writeNoException();
1603 reply->writeInt32(ret);
1604 return NO_ERROR;
1605 } break;
1606 case UNGRANT: {
1607 CHECK_INTERFACE(IKeystoreService, data, reply);
1608 String16 name = data.readString16();
1609 int32_t granteeUid = data.readInt32();
1610 int32_t ret = ungrant(name, granteeUid);
1611 reply->writeNoException();
1612 reply->writeInt32(ret);
1613 return NO_ERROR;
1614 } break;
1615 case GETMTIME: {
1616 CHECK_INTERFACE(IKeystoreService, data, reply);
1617 String16 name = data.readString16();
1618 int64_t ret = getmtime(name);
1619 reply->writeNoException();
1620 reply->writeInt64(ret);
1621 return NO_ERROR;
1622 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1623 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1624 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1625 String16 srcKey = data.readString16();
1626 int32_t srcUid = data.readInt32();
1627 String16 destKey = data.readString16();
1628 int32_t destUid = data.readInt32();
1629 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1630 reply->writeNoException();
1631 reply->writeInt32(ret);
1632 return NO_ERROR;
1633 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1634 case IS_HARDWARE_BACKED: {
1635 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1636 String16 keyType = data.readString16();
1637 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1638 reply->writeNoException();
1639 reply->writeInt32(ret);
1640 return NO_ERROR;
1641 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1642 case CLEAR_UID: {
1643 CHECK_INTERFACE(IKeystoreService, data, reply);
1644 int64_t uid = data.readInt64();
1645 int32_t ret = clear_uid(uid);
1646 reply->writeNoException();
1647 reply->writeInt32(ret);
1648 return NO_ERROR;
1649 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1650 case ADD_RNG_ENTROPY: {
1651 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1652 const uint8_t* bytes = NULL;
1653 size_t size = 0;
1654 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1655 int32_t ret = addRngEntropy(bytes, size);
1656 reply->writeNoException();
1657 reply->writeInt32(ret);
1658 return NO_ERROR;
1659 }
1660 case GENERATE_KEY: {
1661 CHECK_INTERFACE(IKeystoreService, data, reply);
1662 String16 name = data.readString16();
1663 KeymasterArguments args;
1664 if (data.readInt32() != 0) {
1665 args.readFromParcel(data);
1666 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1667 const uint8_t* entropy = NULL;
1668 size_t entropyLength = 0;
1669 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1670 int32_t uid = data.readInt32();
1671 int32_t flags = data.readInt32();
1672 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1673 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1674 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1675 reply->writeNoException();
1676 reply->writeInt32(ret);
1677 reply->writeInt32(1);
1678 outCharacteristics.writeToParcel(reply);
1679 return NO_ERROR;
1680 }
1681 case GET_KEY_CHARACTERISTICS: {
1682 CHECK_INTERFACE(IKeystoreService, data, reply);
1683 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1684 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1685 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1686 KeyCharacteristics outCharacteristics;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1687 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(),
1688 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1689 reply->writeNoException();
1690 reply->writeInt32(ret);
1691 reply->writeInt32(1);
1692 outCharacteristics.writeToParcel(reply);
1693 return NO_ERROR;
1694 }
1695 case IMPORT_KEY: {
1696 CHECK_INTERFACE(IKeystoreService, data, reply);
1697 String16 name = data.readString16();
1698 KeymasterArguments args;
1699 if (data.readInt32() != 0) {
1700 args.readFromParcel(data);
1701 }
1702 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1703 const uint8_t* keyData = NULL;
1704 size_t keyLength = 0;
1705 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1706 int32_t uid = data.readInt32();
1707 int32_t flags = data.readInt32();
1708 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1709 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1710 &outCharacteristics);
1711 reply->writeNoException();
1712 reply->writeInt32(ret);
1713 reply->writeInt32(1);
1714 outCharacteristics.writeToParcel(reply);
1715
1716 return NO_ERROR;
1717 }
1718 case EXPORT_KEY: {
1719 CHECK_INTERFACE(IKeystoreService, data, reply);
1720 String16 name = data.readString16();
1721 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1722 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1723 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1724 ExportResult result;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1725 exportKey(name, format, clientId.get(), appData.get(), &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1726 reply->writeNoException();
1727 reply->writeInt32(1);
1728 result.writeToParcel(reply);
1729
1730 return NO_ERROR;
1731 }
1732 case BEGIN: {
1733 CHECK_INTERFACE(IKeystoreService, data, reply);
1734 sp<IBinder> token = data.readStrongBinder();
1735 String16 name = data.readString16();
1736 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1737 bool pruneable = data.readInt32() != 0;
1738 KeymasterArguments args;
1739 if (data.readInt32() != 0) {
1740 args.readFromParcel(data);
1741 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1742 const uint8_t* entropy = NULL;
1743 size_t entropyLength = 0;
1744 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1745 OperationResult result;
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1746 begin(token, name, purpose, pruneable, args, entropy, entropyLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1747 reply->writeNoException();
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame^]1748 reply->writeParcelable(result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1749
1750 return NO_ERROR;
1751 }
1752 case UPDATE: {
1753 CHECK_INTERFACE(IKeystoreService, data, reply);
1754 sp<IBinder> token = data.readStrongBinder();
1755 KeymasterArguments args;
1756 if (data.readInt32() != 0) {
1757 args.readFromParcel(data);
1758 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1759 const uint8_t* buf = NULL;
1760 size_t bufLength = 0;
1761 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1762 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1763 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1764 reply->writeNoException();
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame^]1765 reply->writeParcelable(result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1766
1767 return NO_ERROR;
1768 }
1769 case FINISH: {
1770 CHECK_INTERFACE(IKeystoreService, data, reply);
1771 sp<IBinder> token = data.readStrongBinder();
1772 KeymasterArguments args;
1773 if (data.readInt32() != 0) {
1774 args.readFromParcel(data);
1775 }
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1776 const uint8_t* signature = NULL;
1777 size_t signatureLength = 0;
1778 readByteArray(data, &signature, &signatureLength);
1779 const uint8_t* entropy = NULL;
1780 size_t entropyLength = 0;
1781 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1782 OperationResult result;
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1783 finish(token, args, signature, signatureLength, entropy, entropyLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1784 reply->writeNoException();
Bin Chen9ec92702016-08-25 14:25:05 +1000[diff] [blame^]1785 reply->writeParcelable(result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1786
1787 return NO_ERROR;
1788 }
1789 case ABORT: {
1790 CHECK_INTERFACE(IKeystoreService, data, reply);
1791 sp<IBinder> token = data.readStrongBinder();
1792 int32_t result = abort(token);
1793 reply->writeNoException();
1794 reply->writeInt32(result);
1795
1796 return NO_ERROR;
1797 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1798 case IS_OPERATION_AUTHORIZED: {
1799 CHECK_INTERFACE(IKeystoreService, data, reply);
1800 sp<IBinder> token = data.readStrongBinder();
1801 bool result = isOperationAuthorized(token);
1802 reply->writeNoException();
1803 reply->writeInt32(result ? 1 : 0);
1804
1805 return NO_ERROR;
1806 }
1807 case ADD_AUTH_TOKEN: {
1808 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1809 const uint8_t* token_bytes = NULL;
1810 size_t size = 0;
1811 readByteArray(data, &token_bytes, &size);
1812 int32_t result = addAuthToken(token_bytes, size);
1813 reply->writeNoException();
1814 reply->writeInt32(result);
1815
1816 return NO_ERROR;
1817 }
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1818 case ON_USER_ADDED: {
1819 CHECK_INTERFACE(IKeystoreService, data, reply);
1820 int32_t userId = data.readInt32();
1821 int32_t parentId = data.readInt32();
1822 int32_t result = onUserAdded(userId, parentId);
1823 reply->writeNoException();
1824 reply->writeInt32(result);
1825
1826 return NO_ERROR;
1827 }
1828 case ON_USER_REMOVED: {
1829 CHECK_INTERFACE(IKeystoreService, data, reply);
1830 int32_t userId = data.readInt32();
1831 int32_t result = onUserRemoved(userId);
1832 reply->writeNoException();
1833 reply->writeInt32(result);
1834
1835 return NO_ERROR;
1836 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1837 default:
1838 return BBinder::onTransact(code, data, reply, flags);
1839 }
1840}
1841
1842// ----------------------------------------------------------------------------
1843
1844}; // namespace android