Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / ad6a7f5f988d4c7d1ac66c46052f29bb74745a3e / . / keystore / IKeystoreService.cpp
blob: 6e20f9d1eef0495a0bdafa4599f4aa0f9f8e6a9d [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]33const ssize_t MAX_GENERATE_ARGS = 3;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]34static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]35
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]36KeystoreArg::KeystoreArg(const void* data, size_t len)
37 : mData(data), mSize(len) {
38}
39
40KeystoreArg::~KeystoreArg() {
41}
42
43const void *KeystoreArg::data() const {
44 return mData;
45}
46
47size_t KeystoreArg::size() const {
48 return mSize;
49}
50
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]51OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]52 data(NULL), dataLength(0) {
53}
54
55OperationResult::~OperationResult() {
56}
57
58void OperationResult::readFromParcel(const Parcel& in) {
59 resultCode = in.readInt32();
60 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]61 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]62 inputConsumed = in.readInt32();
63 ssize_t length = in.readInt32();
64 dataLength = 0;
65 if (length > 0) {
66 const void* buf = in.readInplace(length);
67 if (buf) {
68 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
69 if (data.get()) {
70 memcpy(data.get(), buf, length);
71 dataLength = (size_t) length;
72 } else {
73 ALOGE("Failed to allocate OperationResult buffer");
74 }
75 } else {
76 ALOGE("Failed to readInplace OperationResult data");
77 }
78 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]79 outParams.readFromParcel(in);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]80}
81
82void OperationResult::writeToParcel(Parcel* out) const {
83 out->writeInt32(resultCode);
84 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]85 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]86 out->writeInt32(inputConsumed);
87 out->writeInt32(dataLength);
88 if (dataLength && data) {
89 void* buf = out->writeInplace(dataLength);
90 if (buf) {
91 memcpy(buf, data.get(), dataLength);
92 } else {
93 ALOGE("Failed to writeInplace OperationResult data.");
94 }
95 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]96 outParams.writeToParcel(out);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]97}
98
99ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
100}
101
102ExportResult::~ExportResult() {
103}
104
105void ExportResult::readFromParcel(const Parcel& in) {
106 resultCode = in.readInt32();
107 ssize_t length = in.readInt32();
108 dataLength = 0;
109 if (length > 0) {
110 const void* buf = in.readInplace(length);
111 if (buf) {
112 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
113 if (exportData.get()) {
114 memcpy(exportData.get(), buf, length);
115 dataLength = (size_t) length;
116 } else {
117 ALOGE("Failed to allocate ExportData buffer");
118 }
119 } else {
120 ALOGE("Failed to readInplace ExportData data");
121 }
122 }
123}
124
125void ExportResult::writeToParcel(Parcel* out) const {
126 out->writeInt32(resultCode);
127 out->writeInt32(dataLength);
128 if (exportData && dataLength) {
129 void* buf = out->writeInplace(dataLength);
130 if (buf) {
131 memcpy(buf, exportData.get(), dataLength);
132 } else {
133 ALOGE("Failed to writeInplace ExportResult data.");
134 }
135 }
136}
137
138KeymasterArguments::KeymasterArguments() {
139}
140
141KeymasterArguments::~KeymasterArguments() {
142 keymaster_free_param_values(params.data(), params.size());
143}
144
145void KeymasterArguments::readFromParcel(const Parcel& in) {
146 ssize_t length = in.readInt32();
147 size_t ulength = (size_t) length;
148 if (length < 0) {
149 ulength = 0;
150 }
151 keymaster_free_param_values(params.data(), params.size());
152 params.clear();
153 for(size_t i = 0; i < ulength; i++) {
154 keymaster_key_param_t param;
155 if (!readKeymasterArgumentFromParcel(in, &param)) {
156 ALOGE("Error reading keymaster argument from parcel");
157 break;
158 }
159 params.push_back(param);
160 }
161}
162
163void KeymasterArguments::writeToParcel(Parcel* out) const {
164 out->writeInt32(params.size());
165 for (auto param : params) {
166 out->writeInt32(1);
167 writeKeymasterArgumentToParcel(param, out);
168 }
169}
170
171KeyCharacteristics::KeyCharacteristics() {
172 memset((void*) &characteristics, 0, sizeof(characteristics));
173}
174
175KeyCharacteristics::~KeyCharacteristics() {
176 keymaster_free_characteristics(&characteristics);
177}
178
179void KeyCharacteristics::readFromParcel(const Parcel& in) {
180 size_t length = 0;
181 keymaster_key_param_t* params = readParamList(in, &length);
182 characteristics.sw_enforced.params = params;
183 characteristics.sw_enforced.length = length;
184
185 params = readParamList(in, &length);
186 characteristics.hw_enforced.params = params;
187 characteristics.hw_enforced.length = length;
188}
189
190void KeyCharacteristics::writeToParcel(Parcel* out) const {
191 if (characteristics.sw_enforced.params) {
192 out->writeInt32(characteristics.sw_enforced.length);
193 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
194 out->writeInt32(1);
195 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
196 }
197 } else {
198 out->writeInt32(0);
199 }
200 if (characteristics.hw_enforced.params) {
201 out->writeInt32(characteristics.hw_enforced.length);
202 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
203 out->writeInt32(1);
204 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
205 }
206 } else {
207 out->writeInt32(0);
208 }
209}
210
211void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
212 switch (keymaster_tag_get_type(param.tag)) {
213 case KM_ENUM:
214 case KM_ENUM_REP: {
215 out->writeInt32(param.tag);
216 out->writeInt32(param.enumerated);
217 break;
218 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]219 case KM_UINT:
220 case KM_UINT_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]221 out->writeInt32(param.tag);
222 out->writeInt32(param.integer);
223 break;
224 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]225 case KM_ULONG:
226 case KM_ULONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]227 out->writeInt32(param.tag);
228 out->writeInt64(param.long_integer);
229 break;
230 }
231 case KM_DATE: {
232 out->writeInt32(param.tag);
233 out->writeInt64(param.date_time);
234 break;
235 }
236 case KM_BOOL: {
237 out->writeInt32(param.tag);
238 break;
239 }
240 case KM_BIGNUM:
241 case KM_BYTES: {
242 out->writeInt32(param.tag);
243 out->writeInt32(param.blob.data_length);
244 void* buf = out->writeInplace(param.blob.data_length);
245 if (buf) {
246 memcpy(buf, param.blob.data, param.blob.data_length);
247 } else {
248 ALOGE("Failed to writeInplace keymaster blob param");
249 }
250 break;
251 }
252 default: {
253 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
254 }
255 }
256}
257
258
259bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
260 if (in.readInt32() == 0) {
261 return false;
262 }
263 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
264 switch (keymaster_tag_get_type(tag)) {
265 case KM_ENUM:
266 case KM_ENUM_REP: {
267 uint32_t value = in.readInt32();
268 *out = keymaster_param_enum(tag, value);
269 break;
270 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]271 case KM_UINT:
272 case KM_UINT_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]273 uint32_t value = in.readInt32();
274 *out = keymaster_param_int(tag, value);
275 break;
276 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]277 case KM_ULONG:
278 case KM_ULONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]279 uint64_t value = in.readInt64();
280 *out = keymaster_param_long(tag, value);
281 break;
282 }
283 case KM_DATE: {
284 uint64_t value = in.readInt64();
285 *out = keymaster_param_date(tag, value);
286 break;
287 }
288 case KM_BOOL: {
289 *out = keymaster_param_bool(tag);
290 break;
291 }
292 case KM_BIGNUM:
293 case KM_BYTES: {
294 ssize_t length = in.readInt32();
295 uint8_t* data = NULL;
296 size_t ulength = 0;
297 if (length >= 0) {
298 ulength = (size_t) length;
299 // use malloc here so we can use keymaster_free_param_values
300 // consistently.
301 data = reinterpret_cast<uint8_t*>(malloc(ulength));
302 const void* buf = in.readInplace(ulength);
303 if (!buf || !data) {
304 ALOGE("Failed to allocate buffer for keymaster blob param");
305 return false;
306 }
307 memcpy(data, buf, ulength);
308 }
309 *out = keymaster_param_blob(tag, data, ulength);
310 break;
311 }
312 default: {
313 ALOGE("Unsupported keymaster_tag_t %d", tag);
314 return false;
315 }
316 }
317 return true;
318}
319
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]320/**
321 * Read a byte array from in. The data at *data is still owned by the parcel
322 */
323static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
324 ssize_t slength = in.readInt32();
325 if (slength > 0) {
326 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
327 if (*data) {
328 *length = static_cast<size_t>(slength);
329 } else {
330 *length = 0;
331 }
332 } else {
333 *data = NULL;
334 *length = 0;
335 }
336}
337
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]338// Read a keymaster_key_param_t* from a Parcel for use in a
339// keymaster_key_characteristics_t. This will be free'd by calling
340// keymaster_free_key_characteristics.
341static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
342 ssize_t slength = in.readInt32();
343 *length = 0;
344 if (slength < 0) {
345 return NULL;
346 }
347 *length = (size_t) slength;
348 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
349 return NULL;
350 }
351 keymaster_key_param_t* list =
352 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
353 sizeof(keymaster_key_param_t)));
354 if (!list) {
355 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
356 goto err;
357 }
358 for (size_t i = 0; i < *length ; i++) {
359 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
360 ALOGE("Failed to read keymaster argument");
361 keymaster_free_param_values(list, i);
362 goto err;
363 }
364 }
365 return list;
366err:
367 free(list);
368 return NULL;
369}
370
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]371static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
372 std::unique_ptr<keymaster_blob_t> blob;
373 if (in.readInt32() != 1) {
374 blob.reset(NULL);
375 return blob;
376 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]377 ssize_t length = in.readInt32();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]378 blob.reset(new keymaster_blob_t);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]379 if (length > 0) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]380 blob->data = reinterpret_cast<const uint8_t*>(in.readInplace(length));
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]381 if (blob->data) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]382 blob->data_length = static_cast<size_t>(length);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]383 } else {
384 blob->data_length = 0;
385 }
386 } else {
387 blob->data = NULL;
388 blob->data_length = 0;
389 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]390 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]391}
392
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]393class BpKeystoreService: public BpInterface<IKeystoreService>
394{
395public:
396 BpKeystoreService(const sp<IBinder>& impl)
397 : BpInterface<IKeystoreService>(impl)
398 {
399 }
400
401 // test ping
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]402 virtual int32_t getState(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]403 {
404 Parcel data, reply;
405 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]406 data.writeInt32(userId);
407 status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]408 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]409 ALOGD("getState() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]410 return -1;
411 }
412 int32_t err = reply.readExceptionCode();
413 int32_t ret = reply.readInt32();
414 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]415 ALOGD("getState() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]416 return -1;
417 }
418 return ret;
419 }
420
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]421 virtual int32_t get(const String16& name, int32_t uid, uint8_t** item, size_t* itemLength)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]422 {
423 Parcel data, reply;
424 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
425 data.writeString16(name);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]426 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]427 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
428 if (status != NO_ERROR) {
429 ALOGD("get() could not contact remote: %d\n", status);
430 return -1;
431 }
432 int32_t err = reply.readExceptionCode();
433 ssize_t len = reply.readInt32();
434 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
435 size_t ulen = (size_t) len;
436 const void* buf = reply.readInplace(ulen);
437 *item = (uint8_t*) malloc(ulen);
438 if (*item != NULL) {
439 memcpy(*item, buf, ulen);
440 *itemLength = ulen;
441 } else {
442 ALOGE("out of memory allocating output array in get");
443 *itemLength = 0;
444 }
445 } else {
446 *itemLength = 0;
447 }
448 if (err < 0) {
449 ALOGD("get() caught exception %d\n", err);
450 return -1;
451 }
452 return 0;
453 }
454
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]455 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
456 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]457 {
458 Parcel data, reply;
459 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
460 data.writeString16(name);
461 data.writeInt32(itemLength);
462 void* buf = data.writeInplace(itemLength);
463 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]464 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]465 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]466 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
467 if (status != NO_ERROR) {
468 ALOGD("import() could not contact remote: %d\n", status);
469 return -1;
470 }
471 int32_t err = reply.readExceptionCode();
472 int32_t ret = reply.readInt32();
473 if (err < 0) {
474 ALOGD("import() caught exception %d\n", err);
475 return -1;
476 }
477 return ret;
478 }
479
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]480 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]481 {
482 Parcel data, reply;
483 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
484 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]485 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]486 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
487 if (status != NO_ERROR) {
488 ALOGD("del() could not contact remote: %d\n", status);
489 return -1;
490 }
491 int32_t err = reply.readExceptionCode();
492 int32_t ret = reply.readInt32();
493 if (err < 0) {
494 ALOGD("del() caught exception %d\n", err);
495 return -1;
496 }
497 return ret;
498 }
499
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]500 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]501 {
502 Parcel data, reply;
503 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
504 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]505 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]506 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
507 if (status != NO_ERROR) {
508 ALOGD("exist() could not contact remote: %d\n", status);
509 return -1;
510 }
511 int32_t err = reply.readExceptionCode();
512 int32_t ret = reply.readInt32();
513 if (err < 0) {
514 ALOGD("exist() caught exception %d\n", err);
515 return -1;
516 }
517 return ret;
518 }
519
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]520 virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]521 {
522 Parcel data, reply;
523 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]524 data.writeString16(prefix);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]525 data.writeInt32(uid);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]526 status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]527 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]528 ALOGD("list() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]529 return -1;
530 }
531 int32_t err = reply.readExceptionCode();
532 int32_t numMatches = reply.readInt32();
533 for (int32_t i = 0; i < numMatches; i++) {
534 matches->push(reply.readString16());
535 }
536 int32_t ret = reply.readInt32();
537 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]538 ALOGD("list() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]539 return -1;
540 }
541 return ret;
542 }
543
544 virtual int32_t reset()
545 {
546 Parcel data, reply;
547 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
548 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
549 if (status != NO_ERROR) {
550 ALOGD("reset() could not contact remote: %d\n", status);
551 return -1;
552 }
553 int32_t err = reply.readExceptionCode();
554 int32_t ret = reply.readInt32();
555 if (err < 0) {
556 ALOGD("reset() caught exception %d\n", err);
557 return -1;
558 }
559 return ret;
560 }
561
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]562 virtual int32_t onUserPasswordChanged(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]563 {
564 Parcel data, reply;
565 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]566 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]567 data.writeString16(password);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]568 status_t status = remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data,
569 &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]570 if (status != NO_ERROR) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]571 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]572 return -1;
573 }
574 int32_t err = reply.readExceptionCode();
575 int32_t ret = reply.readInt32();
576 if (err < 0) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]577 ALOGD("onUserPasswordChanged() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]578 return -1;
579 }
580 return ret;
581 }
582
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]583 virtual int32_t lock(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]584 {
585 Parcel data, reply;
586 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]587 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]588 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
589 if (status != NO_ERROR) {
590 ALOGD("lock() could not contact remote: %d\n", status);
591 return -1;
592 }
593 int32_t err = reply.readExceptionCode();
594 int32_t ret = reply.readInt32();
595 if (err < 0) {
596 ALOGD("lock() caught exception %d\n", err);
597 return -1;
598 }
599 return ret;
600 }
601
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]602 virtual int32_t unlock(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]603 {
604 Parcel data, reply;
605 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]606 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]607 data.writeString16(password);
608 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
609 if (status != NO_ERROR) {
610 ALOGD("unlock() could not contact remote: %d\n", status);
611 return -1;
612 }
613 int32_t err = reply.readExceptionCode();
614 int32_t ret = reply.readInt32();
615 if (err < 0) {
616 ALOGD("unlock() caught exception %d\n", err);
617 return -1;
618 }
619 return ret;
620 }
621
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]622 virtual bool isEmpty(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]623 {
624 Parcel data, reply;
625 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]626 data.writeInt32(userId);
627 status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]628 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]629 ALOGD("isEmpty() could not contact remote: %d\n", status);
630 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]631 }
632 int32_t err = reply.readExceptionCode();
633 int32_t ret = reply.readInt32();
634 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]635 ALOGD("isEmpty() caught exception %d\n", err);
636 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]637 }
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]638 return ret != 0;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]639 }
640
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]641 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
642 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]643 {
644 Parcel data, reply;
645 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
646 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]647 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]648 data.writeInt32(keyType);
649 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]650 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]651 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]652 data.writeInt32(args->size());
653 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
654 sp<KeystoreArg> item = *it;
655 size_t keyLength = item->size();
656 data.writeInt32(keyLength);
657 void* buf = data.writeInplace(keyLength);
658 memcpy(buf, item->data(), keyLength);
659 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]660 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
661 if (status != NO_ERROR) {
662 ALOGD("generate() could not contact remote: %d\n", status);
663 return -1;
664 }
665 int32_t err = reply.readExceptionCode();
666 int32_t ret = reply.readInt32();
667 if (err < 0) {
668 ALOGD("generate() caught exception %d\n", err);
669 return -1;
670 }
671 return ret;
672 }
673
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]674 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
675 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]676 {
677 Parcel data, reply;
678 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
679 data.writeString16(name);
680 data.writeInt32(keyLength);
681 void* buf = data.writeInplace(keyLength);
682 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]683 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]684 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]685 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
686 if (status != NO_ERROR) {
687 ALOGD("import() could not contact remote: %d\n", status);
688 return -1;
689 }
690 int32_t err = reply.readExceptionCode();
691 int32_t ret = reply.readInt32();
692 if (err < 0) {
693 ALOGD("import() caught exception %d\n", err);
694 return -1;
695 }
696 return ret;
697 }
698
699 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
700 size_t* outLength)
701 {
702 Parcel data, reply;
703 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
704 data.writeString16(name);
705 data.writeInt32(inLength);
706 void* buf = data.writeInplace(inLength);
707 memcpy(buf, in, inLength);
708 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
709 if (status != NO_ERROR) {
710 ALOGD("import() could not contact remote: %d\n", status);
711 return -1;
712 }
713 int32_t err = reply.readExceptionCode();
714 ssize_t len = reply.readInt32();
715 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
716 size_t ulen = (size_t) len;
717 const void* outBuf = reply.readInplace(ulen);
718 *out = (uint8_t*) malloc(ulen);
719 if (*out != NULL) {
720 memcpy((void*) *out, outBuf, ulen);
721 *outLength = ulen;
722 } else {
723 ALOGE("out of memory allocating output array in sign");
724 *outLength = 0;
725 }
726 } else {
727 *outLength = 0;
728 }
729 if (err < 0) {
730 ALOGD("import() caught exception %d\n", err);
731 return -1;
732 }
733 return 0;
734 }
735
736 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
737 const uint8_t* signature, size_t signatureLength)
738 {
739 Parcel data, reply;
740 void* buf;
741
742 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
743 data.writeString16(name);
744 data.writeInt32(inLength);
745 buf = data.writeInplace(inLength);
746 memcpy(buf, in, inLength);
747 data.writeInt32(signatureLength);
748 buf = data.writeInplace(signatureLength);
749 memcpy(buf, signature, signatureLength);
750 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
751 if (status != NO_ERROR) {
752 ALOGD("verify() could not contact remote: %d\n", status);
753 return -1;
754 }
755 int32_t err = reply.readExceptionCode();
756 int32_t ret = reply.readInt32();
757 if (err < 0) {
758 ALOGD("verify() caught exception %d\n", err);
759 return -1;
760 }
761 return ret;
762 }
763
764 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
765 {
766 Parcel data, reply;
767 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
768 data.writeString16(name);
769 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
770 if (status != NO_ERROR) {
771 ALOGD("get_pubkey() could not contact remote: %d\n", status);
772 return -1;
773 }
774 int32_t err = reply.readExceptionCode();
775 ssize_t len = reply.readInt32();
776 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
777 size_t ulen = (size_t) len;
778 const void* buf = reply.readInplace(ulen);
779 *pubkey = (uint8_t*) malloc(ulen);
780 if (*pubkey != NULL) {
781 memcpy(*pubkey, buf, ulen);
782 *pubkeyLength = ulen;
783 } else {
784 ALOGE("out of memory allocating output array in get_pubkey");
785 *pubkeyLength = 0;
786 }
787 } else {
788 *pubkeyLength = 0;
789 }
790 if (err < 0) {
791 ALOGD("get_pubkey() caught exception %d\n", err);
792 return -1;
793 }
794 return 0;
795 }
796
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]797 virtual int32_t grant(const String16& name, int32_t granteeUid)
798 {
799 Parcel data, reply;
800 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
801 data.writeString16(name);
802 data.writeInt32(granteeUid);
803 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
804 if (status != NO_ERROR) {
805 ALOGD("grant() could not contact remote: %d\n", status);
806 return -1;
807 }
808 int32_t err = reply.readExceptionCode();
809 int32_t ret = reply.readInt32();
810 if (err < 0) {
811 ALOGD("grant() caught exception %d\n", err);
812 return -1;
813 }
814 return ret;
815 }
816
817 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
818 {
819 Parcel data, reply;
820 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
821 data.writeString16(name);
822 data.writeInt32(granteeUid);
823 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
824 if (status != NO_ERROR) {
825 ALOGD("ungrant() could not contact remote: %d\n", status);
826 return -1;
827 }
828 int32_t err = reply.readExceptionCode();
829 int32_t ret = reply.readInt32();
830 if (err < 0) {
831 ALOGD("ungrant() caught exception %d\n", err);
832 return -1;
833 }
834 return ret;
835 }
836
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]837 int64_t getmtime(const String16& name, int32_t uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]838 {
839 Parcel data, reply;
840 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
841 data.writeString16(name);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]842 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]843 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
844 if (status != NO_ERROR) {
845 ALOGD("getmtime() could not contact remote: %d\n", status);
846 return -1;
847 }
848 int32_t err = reply.readExceptionCode();
849 int64_t ret = reply.readInt64();
850 if (err < 0) {
851 ALOGD("getmtime() caught exception %d\n", err);
852 return -1;
853 }
854 return ret;
855 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]856
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]857 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
858 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]859 {
860 Parcel data, reply;
861 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]862 data.writeString16(srcKey);
863 data.writeInt32(srcUid);
864 data.writeString16(destKey);
865 data.writeInt32(destUid);
866 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]867 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]868 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]869 return -1;
870 }
871 int32_t err = reply.readExceptionCode();
872 int32_t ret = reply.readInt32();
873 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]874 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]875 return -1;
876 }
877 return ret;
878 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]879
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]880 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]881 {
882 Parcel data, reply;
883 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]884 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]885 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
886 if (status != NO_ERROR) {
887 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
888 return -1;
889 }
890 int32_t err = reply.readExceptionCode();
891 int32_t ret = reply.readInt32();
892 if (err < 0) {
893 ALOGD("is_hardware_backed() caught exception %d\n", err);
894 return -1;
895 }
896 return ret;
897 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]898
899 virtual int32_t clear_uid(int64_t uid)
900 {
901 Parcel data, reply;
902 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
903 data.writeInt64(uid);
904 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
905 if (status != NO_ERROR) {
906 ALOGD("clear_uid() could not contact remote: %d\n", status);
907 return -1;
908 }
909 int32_t err = reply.readExceptionCode();
910 int32_t ret = reply.readInt32();
911 if (err < 0) {
912 ALOGD("clear_uid() caught exception %d\n", err);
913 return -1;
914 }
915 return ret;
916 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]917
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]918 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
919 {
920 Parcel data, reply;
921 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]922 data.writeByteArray(bufLength, buf);
923 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
924 if (status != NO_ERROR) {
925 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
926 return -1;
927 }
928 int32_t err = reply.readExceptionCode();
929 int32_t ret = reply.readInt32();
930 if (err < 0) {
931 ALOGD("addRngEntropy() caught exception %d\n", err);
932 return -1;
933 }
934 return ret;
935 };
936
937 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]938 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
939 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]940 {
941 Parcel data, reply;
942 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
943 data.writeString16(name);
944 data.writeInt32(1);
945 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]946 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]947 data.writeInt32(uid);
948 data.writeInt32(flags);
949 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
950 if (status != NO_ERROR) {
951 ALOGD("generateKey() could not contact remote: %d\n", status);
952 return KM_ERROR_UNKNOWN_ERROR;
953 }
954 int32_t err = reply.readExceptionCode();
955 int32_t ret = reply.readInt32();
956 if (err < 0) {
957 ALOGD("generateKey() caught exception %d\n", err);
958 return KM_ERROR_UNKNOWN_ERROR;
959 }
960 if (reply.readInt32() != 0 && outCharacteristics) {
961 outCharacteristics->readFromParcel(reply);
962 }
963 return ret;
964 }
965 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]966 const keymaster_blob_t* clientId,
967 const keymaster_blob_t* appData,
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]968 int32_t uid, KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]969 {
970 Parcel data, reply;
971 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
972 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]973 if (clientId) {
974 data.writeByteArray(clientId->data_length, clientId->data);
975 } else {
976 data.writeInt32(-1);
977 }
978 if (appData) {
979 data.writeByteArray(appData->data_length, appData->data);
980 } else {
981 data.writeInt32(-1);
982 }
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]983 data.writeInt32(uid);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]984 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
985 data, &reply);
986 if (status != NO_ERROR) {
987 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
988 return KM_ERROR_UNKNOWN_ERROR;
989 }
990 int32_t err = reply.readExceptionCode();
991 int32_t ret = reply.readInt32();
992 if (err < 0) {
993 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
994 return KM_ERROR_UNKNOWN_ERROR;
995 }
996 if (reply.readInt32() != 0 && outCharacteristics) {
997 outCharacteristics->readFromParcel(reply);
998 }
999 return ret;
1000 }
1001 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1002 keymaster_key_format_t format, const uint8_t *keyData,
1003 size_t keyLength, int uid, int flags,
1004 KeyCharacteristics* outCharacteristics)
1005 {
1006 Parcel data, reply;
1007 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1008 data.writeString16(name);
1009 data.writeInt32(1);
1010 params.writeToParcel(&data);
1011 data.writeInt32(format);
1012 data.writeByteArray(keyLength, keyData);
1013 data.writeInt32(uid);
1014 data.writeInt32(flags);
1015 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1016 if (status != NO_ERROR) {
1017 ALOGD("importKey() could not contact remote: %d\n", status);
1018 return KM_ERROR_UNKNOWN_ERROR;
1019 }
1020 int32_t err = reply.readExceptionCode();
1021 int32_t ret = reply.readInt32();
1022 if (err < 0) {
1023 ALOGD("importKey() caught exception %d\n", err);
1024 return KM_ERROR_UNKNOWN_ERROR;
1025 }
1026 if (reply.readInt32() != 0 && outCharacteristics) {
1027 outCharacteristics->readFromParcel(reply);
1028 }
1029 return ret;
1030 }
1031
1032 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1033 const keymaster_blob_t* clientId,
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]1034 const keymaster_blob_t* appData, int32_t uid, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1035 {
1036 if (!result) {
1037 return;
1038 }
1039
1040 Parcel data, reply;
1041 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1042 data.writeString16(name);
1043 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1044 if (clientId) {
1045 data.writeByteArray(clientId->data_length, clientId->data);
1046 } else {
1047 data.writeInt32(-1);
1048 }
1049 if (appData) {
1050 data.writeByteArray(appData->data_length, appData->data);
1051 } else {
1052 data.writeInt32(-1);
1053 }
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]1054 data.writeInt32(uid);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1055 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1056 if (status != NO_ERROR) {
1057 ALOGD("exportKey() could not contact remote: %d\n", status);
1058 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1059 return;
1060 }
1061 int32_t err = reply.readExceptionCode();
1062 if (err < 0) {
1063 ALOGD("exportKey() caught exception %d\n", err);
1064 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1065 return;
1066 }
1067 if (reply.readInt32() != 0) {
1068 result->readFromParcel(reply);
1069 }
1070 }
1071
1072 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1073 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1074 const KeymasterArguments& params, const uint8_t* entropy,
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]1075 size_t entropyLength, int32_t uid, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1076 {
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1077 if (!result) {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1078 return;
1079 }
1080 Parcel data, reply;
1081 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1082 data.writeStrongBinder(appToken);
1083 data.writeString16(name);
1084 data.writeInt32(purpose);
1085 data.writeInt32(pruneable ? 1 : 0);
1086 data.writeInt32(1);
1087 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1088 data.writeByteArray(entropyLength, entropy);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]1089 data.writeInt32(uid);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1090 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1091 if (status != NO_ERROR) {
1092 ALOGD("begin() could not contact remote: %d\n", status);
1093 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1094 return;
1095 }
1096 int32_t err = reply.readExceptionCode();
1097 if (err < 0) {
1098 ALOGD("begin() caught exception %d\n", err);
1099 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1100 return;
1101 }
1102 if (reply.readInt32() != 0) {
1103 result->readFromParcel(reply);
1104 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1105 }
1106
1107 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1108 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1109 {
1110 if (!result) {
1111 return;
1112 }
1113 Parcel data, reply;
1114 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1115 data.writeStrongBinder(token);
1116 data.writeInt32(1);
1117 params.writeToParcel(&data);
1118 data.writeByteArray(dataLength, opData);
1119 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1120 if (status != NO_ERROR) {
1121 ALOGD("update() could not contact remote: %d\n", status);
1122 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1123 return;
1124 }
1125 int32_t err = reply.readExceptionCode();
1126 if (err < 0) {
1127 ALOGD("update() caught exception %d\n", err);
1128 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1129 return;
1130 }
1131 if (reply.readInt32() != 0) {
1132 result->readFromParcel(reply);
1133 }
1134 }
1135
1136 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1137 const uint8_t* signature, size_t signatureLength,
1138 const uint8_t* entropy, size_t entropyLength,
1139 OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1140 {
1141 if (!result) {
1142 return;
1143 }
1144 Parcel data, reply;
1145 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1146 data.writeStrongBinder(token);
1147 data.writeInt32(1);
1148 params.writeToParcel(&data);
1149 data.writeByteArray(signatureLength, signature);
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1150 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1151 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1152 if (status != NO_ERROR) {
1153 ALOGD("finish() could not contact remote: %d\n", status);
1154 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1155 return;
1156 }
1157 int32_t err = reply.readExceptionCode();
1158 if (err < 0) {
1159 ALOGD("finish() caught exception %d\n", err);
1160 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1161 return;
1162 }
1163 if (reply.readInt32() != 0) {
1164 result->readFromParcel(reply);
1165 }
1166 }
1167
1168 virtual int32_t abort(const sp<IBinder>& token)
1169 {
1170 Parcel data, reply;
1171 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1172 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1173 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1174 if (status != NO_ERROR) {
1175 ALOGD("abort() could not contact remote: %d\n", status);
1176 return KM_ERROR_UNKNOWN_ERROR;
1177 }
1178 int32_t err = reply.readExceptionCode();
1179 int32_t ret = reply.readInt32();
1180 if (err < 0) {
1181 ALOGD("abort() caught exception %d\n", err);
1182 return KM_ERROR_UNKNOWN_ERROR;
1183 }
1184 return ret;
1185 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1186
1187 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1188 {
1189 Parcel data, reply;
1190 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1191 data.writeStrongBinder(token);
1192 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1193 &reply);
1194 if (status != NO_ERROR) {
1195 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1196 return false;
1197 }
1198 int32_t err = reply.readExceptionCode();
1199 int32_t ret = reply.readInt32();
1200 if (err < 0) {
1201 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1202 return false;
1203 }
1204 return ret == 1;
1205 }
1206
1207 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1208 {
1209 Parcel data, reply;
1210 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1211 data.writeByteArray(length, token);
1212 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1213 if (status != NO_ERROR) {
1214 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1215 return -1;
1216 }
1217 int32_t err = reply.readExceptionCode();
1218 int32_t ret = reply.readInt32();
1219 if (err < 0) {
1220 ALOGD("addAuthToken() caught exception %d\n", err);
1221 return -1;
1222 }
1223 return ret;
1224 };
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1225
1226 virtual int32_t onUserAdded(int32_t userId, int32_t parentId)
1227 {
1228 Parcel data, reply;
1229 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1230 data.writeInt32(userId);
1231 data.writeInt32(parentId);
1232 status_t status = remote()->transact(BnKeystoreService::ON_USER_ADDED, data, &reply);
1233 if (status != NO_ERROR) {
1234 ALOGD("onUserAdded() could not contact remote: %d\n", status);
1235 return -1;
1236 }
1237 int32_t err = reply.readExceptionCode();
1238 int32_t ret = reply.readInt32();
1239 if (err < 0) {
1240 ALOGD("onUserAdded() caught exception %d\n", err);
1241 return -1;
1242 }
1243 return ret;
1244 }
1245
1246 virtual int32_t onUserRemoved(int32_t userId)
1247 {
1248 Parcel data, reply;
1249 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1250 data.writeInt32(userId);
1251 status_t status = remote()->transact(BnKeystoreService::ON_USER_REMOVED, data, &reply);
1252 if (status != NO_ERROR) {
1253 ALOGD("onUserRemoved() could not contact remote: %d\n", status);
1254 return -1;
1255 }
1256 int32_t err = reply.readExceptionCode();
1257 int32_t ret = reply.readInt32();
1258 if (err < 0) {
1259 ALOGD("onUserRemoved() caught exception %d\n", err);
1260 return -1;
1261 }
1262 return ret;
1263 }
1264
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1265};
1266
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1267IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1268
1269// ----------------------------------------------------------------------
1270
1271status_t BnKeystoreService::onTransact(
1272 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1273{
1274 switch(code) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1275 case GET_STATE: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1276 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1277 int32_t userId = data.readInt32();
1278 int32_t ret = getState(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1279 reply->writeNoException();
1280 reply->writeInt32(ret);
1281 return NO_ERROR;
1282 } break;
1283 case GET: {
1284 CHECK_INTERFACE(IKeystoreService, data, reply);
1285 String16 name = data.readString16();
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]1286 int32_t uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1287 void* out = NULL;
1288 size_t outSize = 0;
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]1289 int32_t ret = get(name, uid, (uint8_t**) &out, &outSize);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1290 reply->writeNoException();
1291 if (ret == 1) {
1292 reply->writeInt32(outSize);
1293 void* buf = reply->writeInplace(outSize);
1294 memcpy(buf, out, outSize);
1295 free(out);
1296 } else {
1297 reply->writeInt32(-1);
1298 }
1299 return NO_ERROR;
1300 } break;
1301 case INSERT: {
1302 CHECK_INTERFACE(IKeystoreService, data, reply);
1303 String16 name = data.readString16();
1304 ssize_t inSize = data.readInt32();
1305 const void* in;
1306 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1307 in = data.readInplace(inSize);
1308 } else {
1309 in = NULL;
1310 inSize = 0;
1311 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1312 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1313 int32_t flags = data.readInt32();
1314 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1315 reply->writeNoException();
1316 reply->writeInt32(ret);
1317 return NO_ERROR;
1318 } break;
1319 case DEL: {
1320 CHECK_INTERFACE(IKeystoreService, data, reply);
1321 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1322 int uid = data.readInt32();
1323 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1324 reply->writeNoException();
1325 reply->writeInt32(ret);
1326 return NO_ERROR;
1327 } break;
1328 case EXIST: {
1329 CHECK_INTERFACE(IKeystoreService, data, reply);
1330 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1331 int uid = data.readInt32();
1332 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1333 reply->writeNoException();
1334 reply->writeInt32(ret);
1335 return NO_ERROR;
1336 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1337 case LIST: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1338 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1339 String16 prefix = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1340 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1341 Vector<String16> matches;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1342 int32_t ret = list(prefix, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1343 reply->writeNoException();
1344 reply->writeInt32(matches.size());
1345 Vector<String16>::const_iterator it = matches.begin();
1346 for (; it != matches.end(); ++it) {
1347 reply->writeString16(*it);
1348 }
1349 reply->writeInt32(ret);
1350 return NO_ERROR;
1351 } break;
1352 case RESET: {
1353 CHECK_INTERFACE(IKeystoreService, data, reply);
1354 int32_t ret = reset();
1355 reply->writeNoException();
1356 reply->writeInt32(ret);
1357 return NO_ERROR;
1358 } break;
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1359 case ON_USER_PASSWORD_CHANGED: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1360 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1361 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1362 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1363 int32_t ret = onUserPasswordChanged(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1364 reply->writeNoException();
1365 reply->writeInt32(ret);
1366 return NO_ERROR;
1367 } break;
1368 case LOCK: {
1369 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1370 int32_t userId = data.readInt32();
1371 int32_t ret = lock(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1372 reply->writeNoException();
1373 reply->writeInt32(ret);
1374 return NO_ERROR;
1375 } break;
1376 case UNLOCK: {
1377 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1378 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1379 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1380 int32_t ret = unlock(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1381 reply->writeNoException();
1382 reply->writeInt32(ret);
1383 return NO_ERROR;
1384 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1385 case IS_EMPTY: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1386 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1387 int32_t userId = data.readInt32();
1388 bool ret = isEmpty(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1389 reply->writeNoException();
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1390 reply->writeInt32(ret ? 1 : 0);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1391 return NO_ERROR;
1392 } break;
1393 case GENERATE: {
1394 CHECK_INTERFACE(IKeystoreService, data, reply);
1395 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1396 int32_t uid = data.readInt32();
1397 int32_t keyType = data.readInt32();
1398 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1399 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1400 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1401 int32_t argsPresent = data.readInt32();
1402 if (argsPresent == 1) {
1403 ssize_t numArgs = data.readInt32();
Chad Brubakered4f5662015-01-14 19:22:09 -0800[diff] [blame]1404 if (numArgs > MAX_GENERATE_ARGS) {
1405 return BAD_VALUE;
1406 }
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1407 if (numArgs > 0) {
1408 for (size_t i = 0; i < (size_t) numArgs; i++) {
1409 ssize_t inSize = data.readInt32();
1410 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1411 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1412 inSize);
1413 args.push_back(arg);
1414 } else {
1415 args.push_back(NULL);
1416 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1417 }
1418 }
1419 }
1420 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1421 reply->writeNoException();
1422 reply->writeInt32(ret);
1423 return NO_ERROR;
1424 } break;
1425 case IMPORT: {
1426 CHECK_INTERFACE(IKeystoreService, data, reply);
1427 String16 name = data.readString16();
1428 ssize_t inSize = data.readInt32();
1429 const void* in;
1430 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1431 in = data.readInplace(inSize);
1432 } else {
1433 in = NULL;
1434 inSize = 0;
1435 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1436 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1437 int32_t flags = data.readInt32();
1438 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1439 reply->writeNoException();
1440 reply->writeInt32(ret);
1441 return NO_ERROR;
1442 } break;
1443 case SIGN: {
1444 CHECK_INTERFACE(IKeystoreService, data, reply);
1445 String16 name = data.readString16();
1446 ssize_t inSize = data.readInt32();
1447 const void* in;
1448 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1449 in = data.readInplace(inSize);
1450 } else {
1451 in = NULL;
1452 inSize = 0;
1453 }
1454 void* out = NULL;
1455 size_t outSize = 0;
1456 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1457 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1458 if (outSize > 0 && out != NULL) {
1459 reply->writeInt32(outSize);
1460 void* buf = reply->writeInplace(outSize);
1461 memcpy(buf, out, outSize);
Chad Brubaker3a7d9e62015-06-04 15:01:46 -0700[diff] [blame]1462 delete[] reinterpret_cast<uint8_t*>(out);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1463 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1464 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1465 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1466 reply->writeInt32(ret);
1467 return NO_ERROR;
1468 } break;
1469 case VERIFY: {
1470 CHECK_INTERFACE(IKeystoreService, data, reply);
1471 String16 name = data.readString16();
1472 ssize_t inSize = data.readInt32();
1473 const void* in;
1474 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1475 in = data.readInplace(inSize);
1476 } else {
1477 in = NULL;
1478 inSize = 0;
1479 }
1480 ssize_t sigSize = data.readInt32();
1481 const void* sig;
1482 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1483 sig = data.readInplace(sigSize);
1484 } else {
1485 sig = NULL;
1486 sigSize = 0;
1487 }
1488 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1489 (size_t) sigSize);
1490 reply->writeNoException();
1491 reply->writeInt32(ret ? 1 : 0);
1492 return NO_ERROR;
1493 } break;
1494 case GET_PUBKEY: {
1495 CHECK_INTERFACE(IKeystoreService, data, reply);
1496 String16 name = data.readString16();
1497 void* out = NULL;
1498 size_t outSize = 0;
1499 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1500 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1501 if (outSize > 0 && out != NULL) {
1502 reply->writeInt32(outSize);
1503 void* buf = reply->writeInplace(outSize);
1504 memcpy(buf, out, outSize);
1505 free(out);
1506 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1507 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1508 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1509 reply->writeInt32(ret);
1510 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1511 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1512 case GRANT: {
1513 CHECK_INTERFACE(IKeystoreService, data, reply);
1514 String16 name = data.readString16();
1515 int32_t granteeUid = data.readInt32();
1516 int32_t ret = grant(name, granteeUid);
1517 reply->writeNoException();
1518 reply->writeInt32(ret);
1519 return NO_ERROR;
1520 } break;
1521 case UNGRANT: {
1522 CHECK_INTERFACE(IKeystoreService, data, reply);
1523 String16 name = data.readString16();
1524 int32_t granteeUid = data.readInt32();
1525 int32_t ret = ungrant(name, granteeUid);
1526 reply->writeNoException();
1527 reply->writeInt32(ret);
1528 return NO_ERROR;
1529 } break;
1530 case GETMTIME: {
1531 CHECK_INTERFACE(IKeystoreService, data, reply);
1532 String16 name = data.readString16();
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]1533 int32_t uid = data.readInt32();
1534 int64_t ret = getmtime(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1535 reply->writeNoException();
1536 reply->writeInt64(ret);
1537 return NO_ERROR;
1538 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1539 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1540 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1541 String16 srcKey = data.readString16();
1542 int32_t srcUid = data.readInt32();
1543 String16 destKey = data.readString16();
1544 int32_t destUid = data.readInt32();
1545 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1546 reply->writeNoException();
1547 reply->writeInt32(ret);
1548 return NO_ERROR;
1549 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1550 case IS_HARDWARE_BACKED: {
1551 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1552 String16 keyType = data.readString16();
1553 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1554 reply->writeNoException();
1555 reply->writeInt32(ret);
1556 return NO_ERROR;
1557 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1558 case CLEAR_UID: {
1559 CHECK_INTERFACE(IKeystoreService, data, reply);
1560 int64_t uid = data.readInt64();
1561 int32_t ret = clear_uid(uid);
1562 reply->writeNoException();
1563 reply->writeInt32(ret);
1564 return NO_ERROR;
1565 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1566 case ADD_RNG_ENTROPY: {
1567 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1568 const uint8_t* bytes = NULL;
1569 size_t size = 0;
1570 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1571 int32_t ret = addRngEntropy(bytes, size);
1572 reply->writeNoException();
1573 reply->writeInt32(ret);
1574 return NO_ERROR;
1575 }
1576 case GENERATE_KEY: {
1577 CHECK_INTERFACE(IKeystoreService, data, reply);
1578 String16 name = data.readString16();
1579 KeymasterArguments args;
1580 if (data.readInt32() != 0) {
1581 args.readFromParcel(data);
1582 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1583 const uint8_t* entropy = NULL;
1584 size_t entropyLength = 0;
1585 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1586 int32_t uid = data.readInt32();
1587 int32_t flags = data.readInt32();
1588 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1589 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1590 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1591 reply->writeNoException();
1592 reply->writeInt32(ret);
1593 reply->writeInt32(1);
1594 outCharacteristics.writeToParcel(reply);
1595 return NO_ERROR;
1596 }
1597 case GET_KEY_CHARACTERISTICS: {
1598 CHECK_INTERFACE(IKeystoreService, data, reply);
1599 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1600 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1601 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]1602 int32_t uid = data.readInt32();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1603 KeyCharacteristics outCharacteristics;
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]1604 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(), uid,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1605 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1606 reply->writeNoException();
1607 reply->writeInt32(ret);
1608 reply->writeInt32(1);
1609 outCharacteristics.writeToParcel(reply);
1610 return NO_ERROR;
1611 }
1612 case IMPORT_KEY: {
1613 CHECK_INTERFACE(IKeystoreService, data, reply);
1614 String16 name = data.readString16();
1615 KeymasterArguments args;
1616 if (data.readInt32() != 0) {
1617 args.readFromParcel(data);
1618 }
1619 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1620 const uint8_t* keyData = NULL;
1621 size_t keyLength = 0;
1622 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1623 int32_t uid = data.readInt32();
1624 int32_t flags = data.readInt32();
1625 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1626 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1627 &outCharacteristics);
1628 reply->writeNoException();
1629 reply->writeInt32(ret);
1630 reply->writeInt32(1);
1631 outCharacteristics.writeToParcel(reply);
1632
1633 return NO_ERROR;
1634 }
1635 case EXPORT_KEY: {
1636 CHECK_INTERFACE(IKeystoreService, data, reply);
1637 String16 name = data.readString16();
1638 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1639 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1640 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]1641 int32_t uid = data.readInt32();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1642 ExportResult result;
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]1643 exportKey(name, format, clientId.get(), appData.get(), uid, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1644 reply->writeNoException();
1645 reply->writeInt32(1);
1646 result.writeToParcel(reply);
1647
1648 return NO_ERROR;
1649 }
1650 case BEGIN: {
1651 CHECK_INTERFACE(IKeystoreService, data, reply);
1652 sp<IBinder> token = data.readStrongBinder();
1653 String16 name = data.readString16();
1654 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1655 bool pruneable = data.readInt32() != 0;
1656 KeymasterArguments args;
1657 if (data.readInt32() != 0) {
1658 args.readFromParcel(data);
1659 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1660 const uint8_t* entropy = NULL;
1661 size_t entropyLength = 0;
1662 readByteArray(data, &entropy, &entropyLength);
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]1663 int32_t uid = data.readInt32();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1664 OperationResult result;
Chad Brubakerad6a7f52015-09-09 14:55:22 -0700[diff] [blame^]1665 begin(token, name, purpose, pruneable, args, entropy, entropyLength, uid, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1666 reply->writeNoException();
1667 reply->writeInt32(1);
1668 result.writeToParcel(reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1669
1670 return NO_ERROR;
1671 }
1672 case UPDATE: {
1673 CHECK_INTERFACE(IKeystoreService, data, reply);
1674 sp<IBinder> token = data.readStrongBinder();
1675 KeymasterArguments args;
1676 if (data.readInt32() != 0) {
1677 args.readFromParcel(data);
1678 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1679 const uint8_t* buf = NULL;
1680 size_t bufLength = 0;
1681 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1682 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1683 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1684 reply->writeNoException();
1685 reply->writeInt32(1);
1686 result.writeToParcel(reply);
1687
1688 return NO_ERROR;
1689 }
1690 case FINISH: {
1691 CHECK_INTERFACE(IKeystoreService, data, reply);
1692 sp<IBinder> token = data.readStrongBinder();
1693 KeymasterArguments args;
1694 if (data.readInt32() != 0) {
1695 args.readFromParcel(data);
1696 }
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1697 const uint8_t* signature = NULL;
1698 size_t signatureLength = 0;
1699 readByteArray(data, &signature, &signatureLength);
1700 const uint8_t* entropy = NULL;
1701 size_t entropyLength = 0;
1702 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1703 OperationResult result;
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1704 finish(token, args, signature, signatureLength, entropy, entropyLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1705 reply->writeNoException();
1706 reply->writeInt32(1);
1707 result.writeToParcel(reply);
1708
1709 return NO_ERROR;
1710 }
1711 case ABORT: {
1712 CHECK_INTERFACE(IKeystoreService, data, reply);
1713 sp<IBinder> token = data.readStrongBinder();
1714 int32_t result = abort(token);
1715 reply->writeNoException();
1716 reply->writeInt32(result);
1717
1718 return NO_ERROR;
1719 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1720 case IS_OPERATION_AUTHORIZED: {
1721 CHECK_INTERFACE(IKeystoreService, data, reply);
1722 sp<IBinder> token = data.readStrongBinder();
1723 bool result = isOperationAuthorized(token);
1724 reply->writeNoException();
1725 reply->writeInt32(result ? 1 : 0);
1726
1727 return NO_ERROR;
1728 }
1729 case ADD_AUTH_TOKEN: {
1730 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1731 const uint8_t* token_bytes = NULL;
1732 size_t size = 0;
1733 readByteArray(data, &token_bytes, &size);
1734 int32_t result = addAuthToken(token_bytes, size);
1735 reply->writeNoException();
1736 reply->writeInt32(result);
1737
1738 return NO_ERROR;
1739 }
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1740 case ON_USER_ADDED: {
1741 CHECK_INTERFACE(IKeystoreService, data, reply);
1742 int32_t userId = data.readInt32();
1743 int32_t parentId = data.readInt32();
1744 int32_t result = onUserAdded(userId, parentId);
1745 reply->writeNoException();
1746 reply->writeInt32(result);
1747
1748 return NO_ERROR;
1749 }
1750 case ON_USER_REMOVED: {
1751 CHECK_INTERFACE(IKeystoreService, data, reply);
1752 int32_t userId = data.readInt32();
1753 int32_t result = onUserRemoved(userId);
1754 reply->writeNoException();
1755 reply->writeInt32(result);
1756
1757 return NO_ERROR;
1758 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1759 default:
1760 return BBinder::onTransact(code, data, reply, flags);
1761 }
1762}
1763
1764// ----------------------------------------------------------------------------
1765
1766}; // namespace android