Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / c0f031a867a6c3fa05732fcd72bd284d56073cf8 / . / keystore / IKeystoreService.cpp
blob: ab314186a3af82ede420a1b9d438ad33ed22bb9f [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]33const ssize_t MAX_GENERATE_ARGS = 3;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]34static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]35
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]36KeystoreArg::KeystoreArg(const void* data, size_t len)
37 : mData(data), mSize(len) {
38}
39
40KeystoreArg::~KeystoreArg() {
41}
42
43const void *KeystoreArg::data() const {
44 return mData;
45}
46
47size_t KeystoreArg::size() const {
48 return mSize;
49}
50
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]51OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]52 data(NULL), dataLength(0) {
53}
54
55OperationResult::~OperationResult() {
56}
57
58void OperationResult::readFromParcel(const Parcel& in) {
59 resultCode = in.readInt32();
60 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]61 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]62 inputConsumed = in.readInt32();
63 ssize_t length = in.readInt32();
64 dataLength = 0;
65 if (length > 0) {
66 const void* buf = in.readInplace(length);
67 if (buf) {
68 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
69 if (data.get()) {
70 memcpy(data.get(), buf, length);
71 dataLength = (size_t) length;
72 } else {
73 ALOGE("Failed to allocate OperationResult buffer");
74 }
75 } else {
76 ALOGE("Failed to readInplace OperationResult data");
77 }
78 }
79}
80
81void OperationResult::writeToParcel(Parcel* out) const {
82 out->writeInt32(resultCode);
83 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]84 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]85 out->writeInt32(inputConsumed);
86 out->writeInt32(dataLength);
87 if (dataLength && data) {
88 void* buf = out->writeInplace(dataLength);
89 if (buf) {
90 memcpy(buf, data.get(), dataLength);
91 } else {
92 ALOGE("Failed to writeInplace OperationResult data.");
93 }
94 }
95}
96
97ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
98}
99
100ExportResult::~ExportResult() {
101}
102
103void ExportResult::readFromParcel(const Parcel& in) {
104 resultCode = in.readInt32();
105 ssize_t length = in.readInt32();
106 dataLength = 0;
107 if (length > 0) {
108 const void* buf = in.readInplace(length);
109 if (buf) {
110 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
111 if (exportData.get()) {
112 memcpy(exportData.get(), buf, length);
113 dataLength = (size_t) length;
114 } else {
115 ALOGE("Failed to allocate ExportData buffer");
116 }
117 } else {
118 ALOGE("Failed to readInplace ExportData data");
119 }
120 }
121}
122
123void ExportResult::writeToParcel(Parcel* out) const {
124 out->writeInt32(resultCode);
125 out->writeInt32(dataLength);
126 if (exportData && dataLength) {
127 void* buf = out->writeInplace(dataLength);
128 if (buf) {
129 memcpy(buf, exportData.get(), dataLength);
130 } else {
131 ALOGE("Failed to writeInplace ExportResult data.");
132 }
133 }
134}
135
136KeymasterArguments::KeymasterArguments() {
137}
138
139KeymasterArguments::~KeymasterArguments() {
140 keymaster_free_param_values(params.data(), params.size());
141}
142
143void KeymasterArguments::readFromParcel(const Parcel& in) {
144 ssize_t length = in.readInt32();
145 size_t ulength = (size_t) length;
146 if (length < 0) {
147 ulength = 0;
148 }
149 keymaster_free_param_values(params.data(), params.size());
150 params.clear();
151 for(size_t i = 0; i < ulength; i++) {
152 keymaster_key_param_t param;
153 if (!readKeymasterArgumentFromParcel(in, &param)) {
154 ALOGE("Error reading keymaster argument from parcel");
155 break;
156 }
157 params.push_back(param);
158 }
159}
160
161void KeymasterArguments::writeToParcel(Parcel* out) const {
162 out->writeInt32(params.size());
163 for (auto param : params) {
164 out->writeInt32(1);
165 writeKeymasterArgumentToParcel(param, out);
166 }
167}
168
169KeyCharacteristics::KeyCharacteristics() {
170 memset((void*) &characteristics, 0, sizeof(characteristics));
171}
172
173KeyCharacteristics::~KeyCharacteristics() {
174 keymaster_free_characteristics(&characteristics);
175}
176
177void KeyCharacteristics::readFromParcel(const Parcel& in) {
178 size_t length = 0;
179 keymaster_key_param_t* params = readParamList(in, &length);
180 characteristics.sw_enforced.params = params;
181 characteristics.sw_enforced.length = length;
182
183 params = readParamList(in, &length);
184 characteristics.hw_enforced.params = params;
185 characteristics.hw_enforced.length = length;
186}
187
188void KeyCharacteristics::writeToParcel(Parcel* out) const {
189 if (characteristics.sw_enforced.params) {
190 out->writeInt32(characteristics.sw_enforced.length);
191 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
192 out->writeInt32(1);
193 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
194 }
195 } else {
196 out->writeInt32(0);
197 }
198 if (characteristics.hw_enforced.params) {
199 out->writeInt32(characteristics.hw_enforced.length);
200 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
201 out->writeInt32(1);
202 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
203 }
204 } else {
205 out->writeInt32(0);
206 }
207}
208
209void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
210 switch (keymaster_tag_get_type(param.tag)) {
211 case KM_ENUM:
212 case KM_ENUM_REP: {
213 out->writeInt32(param.tag);
214 out->writeInt32(param.enumerated);
215 break;
216 }
217 case KM_INT:
218 case KM_INT_REP: {
219 out->writeInt32(param.tag);
220 out->writeInt32(param.integer);
221 break;
222 }
Chad Brubaker686db062015-04-16 14:21:10 -0700[diff] [blame]223 case KM_LONG:
224 case KM_LONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]225 out->writeInt32(param.tag);
226 out->writeInt64(param.long_integer);
227 break;
228 }
229 case KM_DATE: {
230 out->writeInt32(param.tag);
231 out->writeInt64(param.date_time);
232 break;
233 }
234 case KM_BOOL: {
235 out->writeInt32(param.tag);
236 break;
237 }
238 case KM_BIGNUM:
239 case KM_BYTES: {
240 out->writeInt32(param.tag);
241 out->writeInt32(param.blob.data_length);
242 void* buf = out->writeInplace(param.blob.data_length);
243 if (buf) {
244 memcpy(buf, param.blob.data, param.blob.data_length);
245 } else {
246 ALOGE("Failed to writeInplace keymaster blob param");
247 }
248 break;
249 }
250 default: {
251 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
252 }
253 }
254}
255
256
257bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
258 if (in.readInt32() == 0) {
259 return false;
260 }
261 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
262 switch (keymaster_tag_get_type(tag)) {
263 case KM_ENUM:
264 case KM_ENUM_REP: {
265 uint32_t value = in.readInt32();
266 *out = keymaster_param_enum(tag, value);
267 break;
268 }
269 case KM_INT:
270 case KM_INT_REP: {
271 uint32_t value = in.readInt32();
272 *out = keymaster_param_int(tag, value);
273 break;
274 }
Chad Brubaker686db062015-04-16 14:21:10 -0700[diff] [blame]275 case KM_LONG:
276 case KM_LONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]277 uint64_t value = in.readInt64();
278 *out = keymaster_param_long(tag, value);
279 break;
280 }
281 case KM_DATE: {
282 uint64_t value = in.readInt64();
283 *out = keymaster_param_date(tag, value);
284 break;
285 }
286 case KM_BOOL: {
287 *out = keymaster_param_bool(tag);
288 break;
289 }
290 case KM_BIGNUM:
291 case KM_BYTES: {
292 ssize_t length = in.readInt32();
293 uint8_t* data = NULL;
294 size_t ulength = 0;
295 if (length >= 0) {
296 ulength = (size_t) length;
297 // use malloc here so we can use keymaster_free_param_values
298 // consistently.
299 data = reinterpret_cast<uint8_t*>(malloc(ulength));
300 const void* buf = in.readInplace(ulength);
301 if (!buf || !data) {
302 ALOGE("Failed to allocate buffer for keymaster blob param");
303 return false;
304 }
305 memcpy(data, buf, ulength);
306 }
307 *out = keymaster_param_blob(tag, data, ulength);
308 break;
309 }
310 default: {
311 ALOGE("Unsupported keymaster_tag_t %d", tag);
312 return false;
313 }
314 }
315 return true;
316}
317
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]318/**
319 * Read a byte array from in. The data at *data is still owned by the parcel
320 */
321static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
322 ssize_t slength = in.readInt32();
323 if (slength > 0) {
324 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
325 if (*data) {
326 *length = static_cast<size_t>(slength);
327 } else {
328 *length = 0;
329 }
330 } else {
331 *data = NULL;
332 *length = 0;
333 }
334}
335
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]336// Read a keymaster_key_param_t* from a Parcel for use in a
337// keymaster_key_characteristics_t. This will be free'd by calling
338// keymaster_free_key_characteristics.
339static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
340 ssize_t slength = in.readInt32();
341 *length = 0;
342 if (slength < 0) {
343 return NULL;
344 }
345 *length = (size_t) slength;
346 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
347 return NULL;
348 }
349 keymaster_key_param_t* list =
350 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
351 sizeof(keymaster_key_param_t)));
352 if (!list) {
353 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
354 goto err;
355 }
356 for (size_t i = 0; i < *length ; i++) {
357 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
358 ALOGE("Failed to read keymaster argument");
359 keymaster_free_param_values(list, i);
360 goto err;
361 }
362 }
363 return list;
364err:
365 free(list);
366 return NULL;
367}
368
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]369static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
370 std::unique_ptr<keymaster_blob_t> blob;
371 if (in.readInt32() != 1) {
372 blob.reset(NULL);
373 return blob;
374 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]375 ssize_t length = in.readInt32();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]376 blob.reset(new keymaster_blob_t);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]377 if (length > 0) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]378 blob->data = reinterpret_cast<const uint8_t*>(in.readInplace(length));
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]379 if (blob->data) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]380 blob->data_length = static_cast<size_t>(length);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]381 } else {
382 blob->data_length = 0;
383 }
384 } else {
385 blob->data = NULL;
386 blob->data_length = 0;
387 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]388 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]389}
390
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]391class BpKeystoreService: public BpInterface<IKeystoreService>
392{
393public:
394 BpKeystoreService(const sp<IBinder>& impl)
395 : BpInterface<IKeystoreService>(impl)
396 {
397 }
398
399 // test ping
400 virtual int32_t test()
401 {
402 Parcel data, reply;
403 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
404 status_t status = remote()->transact(BnKeystoreService::TEST, data, &reply);
405 if (status != NO_ERROR) {
406 ALOGD("test() could not contact remote: %d\n", status);
407 return -1;
408 }
409 int32_t err = reply.readExceptionCode();
410 int32_t ret = reply.readInt32();
411 if (err < 0) {
412 ALOGD("test() caught exception %d\n", err);
413 return -1;
414 }
415 return ret;
416 }
417
418 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
419 {
420 Parcel data, reply;
421 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
422 data.writeString16(name);
423 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
424 if (status != NO_ERROR) {
425 ALOGD("get() could not contact remote: %d\n", status);
426 return -1;
427 }
428 int32_t err = reply.readExceptionCode();
429 ssize_t len = reply.readInt32();
430 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
431 size_t ulen = (size_t) len;
432 const void* buf = reply.readInplace(ulen);
433 *item = (uint8_t*) malloc(ulen);
434 if (*item != NULL) {
435 memcpy(*item, buf, ulen);
436 *itemLength = ulen;
437 } else {
438 ALOGE("out of memory allocating output array in get");
439 *itemLength = 0;
440 }
441 } else {
442 *itemLength = 0;
443 }
444 if (err < 0) {
445 ALOGD("get() caught exception %d\n", err);
446 return -1;
447 }
448 return 0;
449 }
450
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]451 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
452 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]453 {
454 Parcel data, reply;
455 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
456 data.writeString16(name);
457 data.writeInt32(itemLength);
458 void* buf = data.writeInplace(itemLength);
459 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]460 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]461 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]462 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
463 if (status != NO_ERROR) {
464 ALOGD("import() could not contact remote: %d\n", status);
465 return -1;
466 }
467 int32_t err = reply.readExceptionCode();
468 int32_t ret = reply.readInt32();
469 if (err < 0) {
470 ALOGD("import() caught exception %d\n", err);
471 return -1;
472 }
473 return ret;
474 }
475
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]476 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]477 {
478 Parcel data, reply;
479 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
480 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]481 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]482 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
483 if (status != NO_ERROR) {
484 ALOGD("del() could not contact remote: %d\n", status);
485 return -1;
486 }
487 int32_t err = reply.readExceptionCode();
488 int32_t ret = reply.readInt32();
489 if (err < 0) {
490 ALOGD("del() caught exception %d\n", err);
491 return -1;
492 }
493 return ret;
494 }
495
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]496 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]497 {
498 Parcel data, reply;
499 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
500 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]501 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]502 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
503 if (status != NO_ERROR) {
504 ALOGD("exist() could not contact remote: %d\n", status);
505 return -1;
506 }
507 int32_t err = reply.readExceptionCode();
508 int32_t ret = reply.readInt32();
509 if (err < 0) {
510 ALOGD("exist() caught exception %d\n", err);
511 return -1;
512 }
513 return ret;
514 }
515
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]516 virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]517 {
518 Parcel data, reply;
519 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
520 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]521 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]522 status_t status = remote()->transact(BnKeystoreService::SAW, data, &reply);
523 if (status != NO_ERROR) {
524 ALOGD("saw() could not contact remote: %d\n", status);
525 return -1;
526 }
527 int32_t err = reply.readExceptionCode();
528 int32_t numMatches = reply.readInt32();
529 for (int32_t i = 0; i < numMatches; i++) {
530 matches->push(reply.readString16());
531 }
532 int32_t ret = reply.readInt32();
533 if (err < 0) {
534 ALOGD("saw() caught exception %d\n", err);
535 return -1;
536 }
537 return ret;
538 }
539
540 virtual int32_t reset()
541 {
542 Parcel data, reply;
543 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
544 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
545 if (status != NO_ERROR) {
546 ALOGD("reset() could not contact remote: %d\n", status);
547 return -1;
548 }
549 int32_t err = reply.readExceptionCode();
550 int32_t ret = reply.readInt32();
551 if (err < 0) {
552 ALOGD("reset() caught exception %d\n", err);
553 return -1;
554 }
555 return ret;
556 }
557
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]558 virtual int32_t onUserPasswordChanged(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]559 {
560 Parcel data, reply;
561 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]562 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]563 data.writeString16(password);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]564 status_t status = remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data,
565 &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]566 if (status != NO_ERROR) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]567 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]568 return -1;
569 }
570 int32_t err = reply.readExceptionCode();
571 int32_t ret = reply.readInt32();
572 if (err < 0) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]573 ALOGD("onUserPasswordChanged() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]574 return -1;
575 }
576 return ret;
577 }
578
579 virtual int32_t lock()
580 {
581 Parcel data, reply;
582 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
583 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
584 if (status != NO_ERROR) {
585 ALOGD("lock() could not contact remote: %d\n", status);
586 return -1;
587 }
588 int32_t err = reply.readExceptionCode();
589 int32_t ret = reply.readInt32();
590 if (err < 0) {
591 ALOGD("lock() caught exception %d\n", err);
592 return -1;
593 }
594 return ret;
595 }
596
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]597 virtual int32_t unlock(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]598 {
599 Parcel data, reply;
600 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]601 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]602 data.writeString16(password);
603 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
604 if (status != NO_ERROR) {
605 ALOGD("unlock() could not contact remote: %d\n", status);
606 return -1;
607 }
608 int32_t err = reply.readExceptionCode();
609 int32_t ret = reply.readInt32();
610 if (err < 0) {
611 ALOGD("unlock() caught exception %d\n", err);
612 return -1;
613 }
614 return ret;
615 }
616
617 virtual int32_t zero()
618 {
619 Parcel data, reply;
620 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
621 status_t status = remote()->transact(BnKeystoreService::ZERO, data, &reply);
622 if (status != NO_ERROR) {
623 ALOGD("zero() could not contact remote: %d\n", status);
624 return -1;
625 }
626 int32_t err = reply.readExceptionCode();
627 int32_t ret = reply.readInt32();
628 if (err < 0) {
629 ALOGD("zero() caught exception %d\n", err);
630 return -1;
631 }
632 return ret;
633 }
634
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]635 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
636 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]637 {
638 Parcel data, reply;
639 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
640 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]641 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]642 data.writeInt32(keyType);
643 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]644 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]645 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]646 data.writeInt32(args->size());
647 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
648 sp<KeystoreArg> item = *it;
649 size_t keyLength = item->size();
650 data.writeInt32(keyLength);
651 void* buf = data.writeInplace(keyLength);
652 memcpy(buf, item->data(), keyLength);
653 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]654 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
655 if (status != NO_ERROR) {
656 ALOGD("generate() could not contact remote: %d\n", status);
657 return -1;
658 }
659 int32_t err = reply.readExceptionCode();
660 int32_t ret = reply.readInt32();
661 if (err < 0) {
662 ALOGD("generate() caught exception %d\n", err);
663 return -1;
664 }
665 return ret;
666 }
667
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]668 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
669 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]670 {
671 Parcel data, reply;
672 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
673 data.writeString16(name);
674 data.writeInt32(keyLength);
675 void* buf = data.writeInplace(keyLength);
676 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]677 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]678 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]679 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
680 if (status != NO_ERROR) {
681 ALOGD("import() could not contact remote: %d\n", status);
682 return -1;
683 }
684 int32_t err = reply.readExceptionCode();
685 int32_t ret = reply.readInt32();
686 if (err < 0) {
687 ALOGD("import() caught exception %d\n", err);
688 return -1;
689 }
690 return ret;
691 }
692
693 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
694 size_t* outLength)
695 {
696 Parcel data, reply;
697 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
698 data.writeString16(name);
699 data.writeInt32(inLength);
700 void* buf = data.writeInplace(inLength);
701 memcpy(buf, in, inLength);
702 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
703 if (status != NO_ERROR) {
704 ALOGD("import() could not contact remote: %d\n", status);
705 return -1;
706 }
707 int32_t err = reply.readExceptionCode();
708 ssize_t len = reply.readInt32();
709 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
710 size_t ulen = (size_t) len;
711 const void* outBuf = reply.readInplace(ulen);
712 *out = (uint8_t*) malloc(ulen);
713 if (*out != NULL) {
714 memcpy((void*) *out, outBuf, ulen);
715 *outLength = ulen;
716 } else {
717 ALOGE("out of memory allocating output array in sign");
718 *outLength = 0;
719 }
720 } else {
721 *outLength = 0;
722 }
723 if (err < 0) {
724 ALOGD("import() caught exception %d\n", err);
725 return -1;
726 }
727 return 0;
728 }
729
730 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
731 const uint8_t* signature, size_t signatureLength)
732 {
733 Parcel data, reply;
734 void* buf;
735
736 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
737 data.writeString16(name);
738 data.writeInt32(inLength);
739 buf = data.writeInplace(inLength);
740 memcpy(buf, in, inLength);
741 data.writeInt32(signatureLength);
742 buf = data.writeInplace(signatureLength);
743 memcpy(buf, signature, signatureLength);
744 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
745 if (status != NO_ERROR) {
746 ALOGD("verify() could not contact remote: %d\n", status);
747 return -1;
748 }
749 int32_t err = reply.readExceptionCode();
750 int32_t ret = reply.readInt32();
751 if (err < 0) {
752 ALOGD("verify() caught exception %d\n", err);
753 return -1;
754 }
755 return ret;
756 }
757
758 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
759 {
760 Parcel data, reply;
761 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
762 data.writeString16(name);
763 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
764 if (status != NO_ERROR) {
765 ALOGD("get_pubkey() could not contact remote: %d\n", status);
766 return -1;
767 }
768 int32_t err = reply.readExceptionCode();
769 ssize_t len = reply.readInt32();
770 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
771 size_t ulen = (size_t) len;
772 const void* buf = reply.readInplace(ulen);
773 *pubkey = (uint8_t*) malloc(ulen);
774 if (*pubkey != NULL) {
775 memcpy(*pubkey, buf, ulen);
776 *pubkeyLength = ulen;
777 } else {
778 ALOGE("out of memory allocating output array in get_pubkey");
779 *pubkeyLength = 0;
780 }
781 } else {
782 *pubkeyLength = 0;
783 }
784 if (err < 0) {
785 ALOGD("get_pubkey() caught exception %d\n", err);
786 return -1;
787 }
788 return 0;
789 }
790
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]791 virtual int32_t del_key(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]792 {
793 Parcel data, reply;
794 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
795 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]796 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]797 status_t status = remote()->transact(BnKeystoreService::DEL_KEY, data, &reply);
798 if (status != NO_ERROR) {
799 ALOGD("del_key() could not contact remote: %d\n", status);
800 return -1;
801 }
802 int32_t err = reply.readExceptionCode();
803 int32_t ret = reply.readInt32();
804 if (err < 0) {
805 ALOGD("del_key() caught exception %d\n", err);
806 return -1;
807 }
808 return ret;
809 }
810
811 virtual int32_t grant(const String16& name, int32_t granteeUid)
812 {
813 Parcel data, reply;
814 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
815 data.writeString16(name);
816 data.writeInt32(granteeUid);
817 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
818 if (status != NO_ERROR) {
819 ALOGD("grant() could not contact remote: %d\n", status);
820 return -1;
821 }
822 int32_t err = reply.readExceptionCode();
823 int32_t ret = reply.readInt32();
824 if (err < 0) {
825 ALOGD("grant() caught exception %d\n", err);
826 return -1;
827 }
828 return ret;
829 }
830
831 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
832 {
833 Parcel data, reply;
834 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
835 data.writeString16(name);
836 data.writeInt32(granteeUid);
837 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
838 if (status != NO_ERROR) {
839 ALOGD("ungrant() could not contact remote: %d\n", status);
840 return -1;
841 }
842 int32_t err = reply.readExceptionCode();
843 int32_t ret = reply.readInt32();
844 if (err < 0) {
845 ALOGD("ungrant() caught exception %d\n", err);
846 return -1;
847 }
848 return ret;
849 }
850
851 int64_t getmtime(const String16& name)
852 {
853 Parcel data, reply;
854 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
855 data.writeString16(name);
856 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
857 if (status != NO_ERROR) {
858 ALOGD("getmtime() could not contact remote: %d\n", status);
859 return -1;
860 }
861 int32_t err = reply.readExceptionCode();
862 int64_t ret = reply.readInt64();
863 if (err < 0) {
864 ALOGD("getmtime() caught exception %d\n", err);
865 return -1;
866 }
867 return ret;
868 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]869
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]870 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
871 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]872 {
873 Parcel data, reply;
874 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]875 data.writeString16(srcKey);
876 data.writeInt32(srcUid);
877 data.writeString16(destKey);
878 data.writeInt32(destUid);
879 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]880 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]881 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]882 return -1;
883 }
884 int32_t err = reply.readExceptionCode();
885 int32_t ret = reply.readInt32();
886 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]887 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]888 return -1;
889 }
890 return ret;
891 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]892
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]893 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]894 {
895 Parcel data, reply;
896 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]897 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]898 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
899 if (status != NO_ERROR) {
900 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
901 return -1;
902 }
903 int32_t err = reply.readExceptionCode();
904 int32_t ret = reply.readInt32();
905 if (err < 0) {
906 ALOGD("is_hardware_backed() caught exception %d\n", err);
907 return -1;
908 }
909 return ret;
910 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]911
912 virtual int32_t clear_uid(int64_t uid)
913 {
914 Parcel data, reply;
915 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
916 data.writeInt64(uid);
917 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
918 if (status != NO_ERROR) {
919 ALOGD("clear_uid() could not contact remote: %d\n", status);
920 return -1;
921 }
922 int32_t err = reply.readExceptionCode();
923 int32_t ret = reply.readInt32();
924 if (err < 0) {
925 ALOGD("clear_uid() caught exception %d\n", err);
926 return -1;
927 }
928 return ret;
929 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]930
931 virtual int32_t reset_uid(int32_t uid) {
932 Parcel data, reply;
933 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
934 data.writeInt32(uid);
935 status_t status = remote()->transact(BnKeystoreService::RESET_UID, data, &reply);
936 if (status != NO_ERROR) {
937 ALOGD("reset_uid() could not contact remote: %d\n", status);
938 return -1;
939 }
940 int32_t err = reply.readExceptionCode();
941 int32_t ret = reply.readInt32();
942 if (err < 0) {
943 ALOGD("reset_uid() caught exception %d\n", err);
944 return -1;
945 }
946 return ret;
947
948 }
949
950 virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid)
951 {
952 Parcel data, reply;
953 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
954 data.writeInt32(sourceUid);
955 data.writeInt32(targetUid);
956 status_t status = remote()->transact(BnKeystoreService::SYNC_UID, data, &reply);
957 if (status != NO_ERROR) {
958 ALOGD("sync_uid() could not contact remote: %d\n", status);
959 return -1;
960 }
961 int32_t err = reply.readExceptionCode();
962 int32_t ret = reply.readInt32();
963 if (err < 0) {
964 ALOGD("sync_uid() caught exception %d\n", err);
965 return -1;
966 }
967 return ret;
968 }
969
970 virtual int32_t password_uid(const String16& password, int32_t uid)
971 {
972 Parcel data, reply;
973 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
974 data.writeString16(password);
975 data.writeInt32(uid);
976 status_t status = remote()->transact(BnKeystoreService::PASSWORD_UID, data, &reply);
977 if (status != NO_ERROR) {
978 ALOGD("password_uid() could not contact remote: %d\n", status);
979 return -1;
980 }
981 int32_t err = reply.readExceptionCode();
982 int32_t ret = reply.readInt32();
983 if (err < 0) {
984 ALOGD("password_uid() caught exception %d\n", err);
985 return -1;
986 }
987 return ret;
988 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]989 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
990 {
991 Parcel data, reply;
992 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]993 data.writeByteArray(bufLength, buf);
994 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
995 if (status != NO_ERROR) {
996 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
997 return -1;
998 }
999 int32_t err = reply.readExceptionCode();
1000 int32_t ret = reply.readInt32();
1001 if (err < 0) {
1002 ALOGD("addRngEntropy() caught exception %d\n", err);
1003 return -1;
1004 }
1005 return ret;
1006 };
1007
1008 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1009 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
1010 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1011 {
1012 Parcel data, reply;
1013 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1014 data.writeString16(name);
1015 data.writeInt32(1);
1016 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1017 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1018 data.writeInt32(uid);
1019 data.writeInt32(flags);
1020 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
1021 if (status != NO_ERROR) {
1022 ALOGD("generateKey() could not contact remote: %d\n", status);
1023 return KM_ERROR_UNKNOWN_ERROR;
1024 }
1025 int32_t err = reply.readExceptionCode();
1026 int32_t ret = reply.readInt32();
1027 if (err < 0) {
1028 ALOGD("generateKey() caught exception %d\n", err);
1029 return KM_ERROR_UNKNOWN_ERROR;
1030 }
1031 if (reply.readInt32() != 0 && outCharacteristics) {
1032 outCharacteristics->readFromParcel(reply);
1033 }
1034 return ret;
1035 }
1036 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1037 const keymaster_blob_t* clientId,
1038 const keymaster_blob_t* appData,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1039 KeyCharacteristics* outCharacteristics)
1040 {
1041 Parcel data, reply;
1042 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1043 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1044 if (clientId) {
1045 data.writeByteArray(clientId->data_length, clientId->data);
1046 } else {
1047 data.writeInt32(-1);
1048 }
1049 if (appData) {
1050 data.writeByteArray(appData->data_length, appData->data);
1051 } else {
1052 data.writeInt32(-1);
1053 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1054 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1055 data, &reply);
1056 if (status != NO_ERROR) {
1057 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1058 return KM_ERROR_UNKNOWN_ERROR;
1059 }
1060 int32_t err = reply.readExceptionCode();
1061 int32_t ret = reply.readInt32();
1062 if (err < 0) {
1063 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1064 return KM_ERROR_UNKNOWN_ERROR;
1065 }
1066 if (reply.readInt32() != 0 && outCharacteristics) {
1067 outCharacteristics->readFromParcel(reply);
1068 }
1069 return ret;
1070 }
1071 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1072 keymaster_key_format_t format, const uint8_t *keyData,
1073 size_t keyLength, int uid, int flags,
1074 KeyCharacteristics* outCharacteristics)
1075 {
1076 Parcel data, reply;
1077 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1078 data.writeString16(name);
1079 data.writeInt32(1);
1080 params.writeToParcel(&data);
1081 data.writeInt32(format);
1082 data.writeByteArray(keyLength, keyData);
1083 data.writeInt32(uid);
1084 data.writeInt32(flags);
1085 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1086 if (status != NO_ERROR) {
1087 ALOGD("importKey() could not contact remote: %d\n", status);
1088 return KM_ERROR_UNKNOWN_ERROR;
1089 }
1090 int32_t err = reply.readExceptionCode();
1091 int32_t ret = reply.readInt32();
1092 if (err < 0) {
1093 ALOGD("importKey() caught exception %d\n", err);
1094 return KM_ERROR_UNKNOWN_ERROR;
1095 }
1096 if (reply.readInt32() != 0 && outCharacteristics) {
1097 outCharacteristics->readFromParcel(reply);
1098 }
1099 return ret;
1100 }
1101
1102 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1103 const keymaster_blob_t* clientId,
1104 const keymaster_blob_t* appData, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1105 {
1106 if (!result) {
1107 return;
1108 }
1109
1110 Parcel data, reply;
1111 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1112 data.writeString16(name);
1113 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1114 if (clientId) {
1115 data.writeByteArray(clientId->data_length, clientId->data);
1116 } else {
1117 data.writeInt32(-1);
1118 }
1119 if (appData) {
1120 data.writeByteArray(appData->data_length, appData->data);
1121 } else {
1122 data.writeInt32(-1);
1123 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1124 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1125 if (status != NO_ERROR) {
1126 ALOGD("exportKey() could not contact remote: %d\n", status);
1127 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1128 return;
1129 }
1130 int32_t err = reply.readExceptionCode();
1131 if (err < 0) {
1132 ALOGD("exportKey() caught exception %d\n", err);
1133 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1134 return;
1135 }
1136 if (reply.readInt32() != 0) {
1137 result->readFromParcel(reply);
1138 }
1139 }
1140
1141 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1142 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1143 const KeymasterArguments& params, const uint8_t* entropy,
1144 size_t entropyLength, KeymasterArguments* outParams,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1145 OperationResult* result)
1146 {
1147 if (!result || !outParams) {
1148 return;
1149 }
1150 Parcel data, reply;
1151 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1152 data.writeStrongBinder(appToken);
1153 data.writeString16(name);
1154 data.writeInt32(purpose);
1155 data.writeInt32(pruneable ? 1 : 0);
1156 data.writeInt32(1);
1157 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1158 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1159 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1160 if (status != NO_ERROR) {
1161 ALOGD("begin() could not contact remote: %d\n", status);
1162 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1163 return;
1164 }
1165 int32_t err = reply.readExceptionCode();
1166 if (err < 0) {
1167 ALOGD("begin() caught exception %d\n", err);
1168 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1169 return;
1170 }
1171 if (reply.readInt32() != 0) {
1172 result->readFromParcel(reply);
1173 }
1174 if (reply.readInt32() != 0) {
1175 outParams->readFromParcel(reply);
1176 }
1177 }
1178
1179 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1180 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1181 {
1182 if (!result) {
1183 return;
1184 }
1185 Parcel data, reply;
1186 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1187 data.writeStrongBinder(token);
1188 data.writeInt32(1);
1189 params.writeToParcel(&data);
1190 data.writeByteArray(dataLength, opData);
1191 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1192 if (status != NO_ERROR) {
1193 ALOGD("update() could not contact remote: %d\n", status);
1194 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1195 return;
1196 }
1197 int32_t err = reply.readExceptionCode();
1198 if (err < 0) {
1199 ALOGD("update() caught exception %d\n", err);
1200 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1201 return;
1202 }
1203 if (reply.readInt32() != 0) {
1204 result->readFromParcel(reply);
1205 }
1206 }
1207
1208 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1209 const uint8_t* signature, size_t signatureLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1210 {
1211 if (!result) {
1212 return;
1213 }
1214 Parcel data, reply;
1215 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1216 data.writeStrongBinder(token);
1217 data.writeInt32(1);
1218 params.writeToParcel(&data);
1219 data.writeByteArray(signatureLength, signature);
1220 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1221 if (status != NO_ERROR) {
1222 ALOGD("finish() could not contact remote: %d\n", status);
1223 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1224 return;
1225 }
1226 int32_t err = reply.readExceptionCode();
1227 if (err < 0) {
1228 ALOGD("finish() caught exception %d\n", err);
1229 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1230 return;
1231 }
1232 if (reply.readInt32() != 0) {
1233 result->readFromParcel(reply);
1234 }
1235 }
1236
1237 virtual int32_t abort(const sp<IBinder>& token)
1238 {
1239 Parcel data, reply;
1240 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1241 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1242 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1243 if (status != NO_ERROR) {
1244 ALOGD("abort() could not contact remote: %d\n", status);
1245 return KM_ERROR_UNKNOWN_ERROR;
1246 }
1247 int32_t err = reply.readExceptionCode();
1248 int32_t ret = reply.readInt32();
1249 if (err < 0) {
1250 ALOGD("abort() caught exception %d\n", err);
1251 return KM_ERROR_UNKNOWN_ERROR;
1252 }
1253 return ret;
1254 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1255
1256 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1257 {
1258 Parcel data, reply;
1259 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1260 data.writeStrongBinder(token);
1261 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1262 &reply);
1263 if (status != NO_ERROR) {
1264 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1265 return false;
1266 }
1267 int32_t err = reply.readExceptionCode();
1268 int32_t ret = reply.readInt32();
1269 if (err < 0) {
1270 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1271 return false;
1272 }
1273 return ret == 1;
1274 }
1275
1276 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1277 {
1278 Parcel data, reply;
1279 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1280 data.writeByteArray(length, token);
1281 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1282 if (status != NO_ERROR) {
1283 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1284 return -1;
1285 }
1286 int32_t err = reply.readExceptionCode();
1287 int32_t ret = reply.readInt32();
1288 if (err < 0) {
1289 ALOGD("addAuthToken() caught exception %d\n", err);
1290 return -1;
1291 }
1292 return ret;
1293 };
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame^]1294
1295 virtual int32_t onUserAdded(int32_t userId, int32_t parentId)
1296 {
1297 Parcel data, reply;
1298 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1299 data.writeInt32(userId);
1300 data.writeInt32(parentId);
1301 status_t status = remote()->transact(BnKeystoreService::ON_USER_ADDED, data, &reply);
1302 if (status != NO_ERROR) {
1303 ALOGD("onUserAdded() could not contact remote: %d\n", status);
1304 return -1;
1305 }
1306 int32_t err = reply.readExceptionCode();
1307 int32_t ret = reply.readInt32();
1308 if (err < 0) {
1309 ALOGD("onUserAdded() caught exception %d\n", err);
1310 return -1;
1311 }
1312 return ret;
1313 }
1314
1315 virtual int32_t onUserRemoved(int32_t userId)
1316 {
1317 Parcel data, reply;
1318 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1319 data.writeInt32(userId);
1320 status_t status = remote()->transact(BnKeystoreService::ON_USER_REMOVED, data, &reply);
1321 if (status != NO_ERROR) {
1322 ALOGD("onUserRemoved() could not contact remote: %d\n", status);
1323 return -1;
1324 }
1325 int32_t err = reply.readExceptionCode();
1326 int32_t ret = reply.readInt32();
1327 if (err < 0) {
1328 ALOGD("onUserRemoved() caught exception %d\n", err);
1329 return -1;
1330 }
1331 return ret;
1332 }
1333
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1334};
1335
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1336IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1337
1338// ----------------------------------------------------------------------
1339
1340status_t BnKeystoreService::onTransact(
1341 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1342{
1343 switch(code) {
1344 case TEST: {
1345 CHECK_INTERFACE(IKeystoreService, data, reply);
1346 int32_t ret = test();
1347 reply->writeNoException();
1348 reply->writeInt32(ret);
1349 return NO_ERROR;
1350 } break;
1351 case GET: {
1352 CHECK_INTERFACE(IKeystoreService, data, reply);
1353 String16 name = data.readString16();
1354 void* out = NULL;
1355 size_t outSize = 0;
1356 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1357 reply->writeNoException();
1358 if (ret == 1) {
1359 reply->writeInt32(outSize);
1360 void* buf = reply->writeInplace(outSize);
1361 memcpy(buf, out, outSize);
1362 free(out);
1363 } else {
1364 reply->writeInt32(-1);
1365 }
1366 return NO_ERROR;
1367 } break;
1368 case INSERT: {
1369 CHECK_INTERFACE(IKeystoreService, data, reply);
1370 String16 name = data.readString16();
1371 ssize_t inSize = data.readInt32();
1372 const void* in;
1373 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1374 in = data.readInplace(inSize);
1375 } else {
1376 in = NULL;
1377 inSize = 0;
1378 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1379 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1380 int32_t flags = data.readInt32();
1381 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1382 reply->writeNoException();
1383 reply->writeInt32(ret);
1384 return NO_ERROR;
1385 } break;
1386 case DEL: {
1387 CHECK_INTERFACE(IKeystoreService, data, reply);
1388 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1389 int uid = data.readInt32();
1390 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1391 reply->writeNoException();
1392 reply->writeInt32(ret);
1393 return NO_ERROR;
1394 } break;
1395 case EXIST: {
1396 CHECK_INTERFACE(IKeystoreService, data, reply);
1397 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1398 int uid = data.readInt32();
1399 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1400 reply->writeNoException();
1401 reply->writeInt32(ret);
1402 return NO_ERROR;
1403 } break;
1404 case SAW: {
1405 CHECK_INTERFACE(IKeystoreService, data, reply);
1406 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1407 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1408 Vector<String16> matches;
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1409 int32_t ret = saw(name, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1410 reply->writeNoException();
1411 reply->writeInt32(matches.size());
1412 Vector<String16>::const_iterator it = matches.begin();
1413 for (; it != matches.end(); ++it) {
1414 reply->writeString16(*it);
1415 }
1416 reply->writeInt32(ret);
1417 return NO_ERROR;
1418 } break;
1419 case RESET: {
1420 CHECK_INTERFACE(IKeystoreService, data, reply);
1421 int32_t ret = reset();
1422 reply->writeNoException();
1423 reply->writeInt32(ret);
1424 return NO_ERROR;
1425 } break;
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1426 case ON_USER_PASSWORD_CHANGED: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1427 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1428 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1429 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1430 int32_t ret = onUserPasswordChanged(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1431 reply->writeNoException();
1432 reply->writeInt32(ret);
1433 return NO_ERROR;
1434 } break;
1435 case LOCK: {
1436 CHECK_INTERFACE(IKeystoreService, data, reply);
1437 int32_t ret = lock();
1438 reply->writeNoException();
1439 reply->writeInt32(ret);
1440 return NO_ERROR;
1441 } break;
1442 case UNLOCK: {
1443 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1444 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1445 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1446 int32_t ret = unlock(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1447 reply->writeNoException();
1448 reply->writeInt32(ret);
1449 return NO_ERROR;
1450 } break;
1451 case ZERO: {
1452 CHECK_INTERFACE(IKeystoreService, data, reply);
1453 int32_t ret = zero();
1454 reply->writeNoException();
1455 reply->writeInt32(ret);
1456 return NO_ERROR;
1457 } break;
1458 case GENERATE: {
1459 CHECK_INTERFACE(IKeystoreService, data, reply);
1460 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1461 int32_t uid = data.readInt32();
1462 int32_t keyType = data.readInt32();
1463 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1464 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1465 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1466 int32_t argsPresent = data.readInt32();
1467 if (argsPresent == 1) {
1468 ssize_t numArgs = data.readInt32();
Chad Brubakered4f5662015-01-14 19:22:09 -0800[diff] [blame]1469 if (numArgs > MAX_GENERATE_ARGS) {
1470 return BAD_VALUE;
1471 }
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1472 if (numArgs > 0) {
1473 for (size_t i = 0; i < (size_t) numArgs; i++) {
1474 ssize_t inSize = data.readInt32();
1475 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1476 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1477 inSize);
1478 args.push_back(arg);
1479 } else {
1480 args.push_back(NULL);
1481 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1482 }
1483 }
1484 }
1485 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1486 reply->writeNoException();
1487 reply->writeInt32(ret);
1488 return NO_ERROR;
1489 } break;
1490 case IMPORT: {
1491 CHECK_INTERFACE(IKeystoreService, data, reply);
1492 String16 name = data.readString16();
1493 ssize_t inSize = data.readInt32();
1494 const void* in;
1495 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1496 in = data.readInplace(inSize);
1497 } else {
1498 in = NULL;
1499 inSize = 0;
1500 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1501 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1502 int32_t flags = data.readInt32();
1503 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1504 reply->writeNoException();
1505 reply->writeInt32(ret);
1506 return NO_ERROR;
1507 } break;
1508 case SIGN: {
1509 CHECK_INTERFACE(IKeystoreService, data, reply);
1510 String16 name = data.readString16();
1511 ssize_t inSize = data.readInt32();
1512 const void* in;
1513 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1514 in = data.readInplace(inSize);
1515 } else {
1516 in = NULL;
1517 inSize = 0;
1518 }
1519 void* out = NULL;
1520 size_t outSize = 0;
1521 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1522 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1523 if (outSize > 0 && out != NULL) {
1524 reply->writeInt32(outSize);
1525 void* buf = reply->writeInplace(outSize);
1526 memcpy(buf, out, outSize);
1527 free(out);
1528 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1529 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1530 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1531 reply->writeInt32(ret);
1532 return NO_ERROR;
1533 } break;
1534 case VERIFY: {
1535 CHECK_INTERFACE(IKeystoreService, data, reply);
1536 String16 name = data.readString16();
1537 ssize_t inSize = data.readInt32();
1538 const void* in;
1539 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1540 in = data.readInplace(inSize);
1541 } else {
1542 in = NULL;
1543 inSize = 0;
1544 }
1545 ssize_t sigSize = data.readInt32();
1546 const void* sig;
1547 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1548 sig = data.readInplace(sigSize);
1549 } else {
1550 sig = NULL;
1551 sigSize = 0;
1552 }
1553 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1554 (size_t) sigSize);
1555 reply->writeNoException();
1556 reply->writeInt32(ret ? 1 : 0);
1557 return NO_ERROR;
1558 } break;
1559 case GET_PUBKEY: {
1560 CHECK_INTERFACE(IKeystoreService, data, reply);
1561 String16 name = data.readString16();
1562 void* out = NULL;
1563 size_t outSize = 0;
1564 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1565 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1566 if (outSize > 0 && out != NULL) {
1567 reply->writeInt32(outSize);
1568 void* buf = reply->writeInplace(outSize);
1569 memcpy(buf, out, outSize);
1570 free(out);
1571 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1572 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1573 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1574 reply->writeInt32(ret);
1575 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1576 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1577 case DEL_KEY: {
1578 CHECK_INTERFACE(IKeystoreService, data, reply);
1579 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1580 int uid = data.readInt32();
1581 int32_t ret = del_key(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1582 reply->writeNoException();
1583 reply->writeInt32(ret);
1584 return NO_ERROR;
1585 } break;
1586 case GRANT: {
1587 CHECK_INTERFACE(IKeystoreService, data, reply);
1588 String16 name = data.readString16();
1589 int32_t granteeUid = data.readInt32();
1590 int32_t ret = grant(name, granteeUid);
1591 reply->writeNoException();
1592 reply->writeInt32(ret);
1593 return NO_ERROR;
1594 } break;
1595 case UNGRANT: {
1596 CHECK_INTERFACE(IKeystoreService, data, reply);
1597 String16 name = data.readString16();
1598 int32_t granteeUid = data.readInt32();
1599 int32_t ret = ungrant(name, granteeUid);
1600 reply->writeNoException();
1601 reply->writeInt32(ret);
1602 return NO_ERROR;
1603 } break;
1604 case GETMTIME: {
1605 CHECK_INTERFACE(IKeystoreService, data, reply);
1606 String16 name = data.readString16();
1607 int64_t ret = getmtime(name);
1608 reply->writeNoException();
1609 reply->writeInt64(ret);
1610 return NO_ERROR;
1611 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1612 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1613 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1614 String16 srcKey = data.readString16();
1615 int32_t srcUid = data.readInt32();
1616 String16 destKey = data.readString16();
1617 int32_t destUid = data.readInt32();
1618 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1619 reply->writeNoException();
1620 reply->writeInt32(ret);
1621 return NO_ERROR;
1622 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1623 case IS_HARDWARE_BACKED: {
1624 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1625 String16 keyType = data.readString16();
1626 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1627 reply->writeNoException();
1628 reply->writeInt32(ret);
1629 return NO_ERROR;
1630 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1631 case CLEAR_UID: {
1632 CHECK_INTERFACE(IKeystoreService, data, reply);
1633 int64_t uid = data.readInt64();
1634 int32_t ret = clear_uid(uid);
1635 reply->writeNoException();
1636 reply->writeInt32(ret);
1637 return NO_ERROR;
1638 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]1639 case RESET_UID: {
1640 CHECK_INTERFACE(IKeystoreService, data, reply);
1641 int32_t uid = data.readInt32();
1642 int32_t ret = reset_uid(uid);
1643 reply->writeNoException();
1644 reply->writeInt32(ret);
1645 return NO_ERROR;
1646 }
1647 case SYNC_UID: {
1648 CHECK_INTERFACE(IKeystoreService, data, reply);
1649 int32_t sourceUid = data.readInt32();
1650 int32_t targetUid = data.readInt32();
1651 int32_t ret = sync_uid(sourceUid, targetUid);
1652 reply->writeNoException();
1653 reply->writeInt32(ret);
1654 return NO_ERROR;
1655 }
1656 case PASSWORD_UID: {
1657 CHECK_INTERFACE(IKeystoreService, data, reply);
1658 String16 password = data.readString16();
1659 int32_t uid = data.readInt32();
1660 int32_t ret = password_uid(password, uid);
1661 reply->writeNoException();
1662 reply->writeInt32(ret);
1663 return NO_ERROR;
1664 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1665 case ADD_RNG_ENTROPY: {
1666 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1667 const uint8_t* bytes = NULL;
1668 size_t size = 0;
1669 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1670 int32_t ret = addRngEntropy(bytes, size);
1671 reply->writeNoException();
1672 reply->writeInt32(ret);
1673 return NO_ERROR;
1674 }
1675 case GENERATE_KEY: {
1676 CHECK_INTERFACE(IKeystoreService, data, reply);
1677 String16 name = data.readString16();
1678 KeymasterArguments args;
1679 if (data.readInt32() != 0) {
1680 args.readFromParcel(data);
1681 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1682 const uint8_t* entropy = NULL;
1683 size_t entropyLength = 0;
1684 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1685 int32_t uid = data.readInt32();
1686 int32_t flags = data.readInt32();
1687 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1688 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1689 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1690 reply->writeNoException();
1691 reply->writeInt32(ret);
1692 reply->writeInt32(1);
1693 outCharacteristics.writeToParcel(reply);
1694 return NO_ERROR;
1695 }
1696 case GET_KEY_CHARACTERISTICS: {
1697 CHECK_INTERFACE(IKeystoreService, data, reply);
1698 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1699 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1700 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1701 KeyCharacteristics outCharacteristics;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1702 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(),
1703 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1704 reply->writeNoException();
1705 reply->writeInt32(ret);
1706 reply->writeInt32(1);
1707 outCharacteristics.writeToParcel(reply);
1708 return NO_ERROR;
1709 }
1710 case IMPORT_KEY: {
1711 CHECK_INTERFACE(IKeystoreService, data, reply);
1712 String16 name = data.readString16();
1713 KeymasterArguments args;
1714 if (data.readInt32() != 0) {
1715 args.readFromParcel(data);
1716 }
1717 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1718 const uint8_t* keyData = NULL;
1719 size_t keyLength = 0;
1720 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1721 int32_t uid = data.readInt32();
1722 int32_t flags = data.readInt32();
1723 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1724 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1725 &outCharacteristics);
1726 reply->writeNoException();
1727 reply->writeInt32(ret);
1728 reply->writeInt32(1);
1729 outCharacteristics.writeToParcel(reply);
1730
1731 return NO_ERROR;
1732 }
1733 case EXPORT_KEY: {
1734 CHECK_INTERFACE(IKeystoreService, data, reply);
1735 String16 name = data.readString16();
1736 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1737 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1738 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1739 ExportResult result;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1740 exportKey(name, format, clientId.get(), appData.get(), &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1741 reply->writeNoException();
1742 reply->writeInt32(1);
1743 result.writeToParcel(reply);
1744
1745 return NO_ERROR;
1746 }
1747 case BEGIN: {
1748 CHECK_INTERFACE(IKeystoreService, data, reply);
1749 sp<IBinder> token = data.readStrongBinder();
1750 String16 name = data.readString16();
1751 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1752 bool pruneable = data.readInt32() != 0;
1753 KeymasterArguments args;
1754 if (data.readInt32() != 0) {
1755 args.readFromParcel(data);
1756 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1757 const uint8_t* entropy = NULL;
1758 size_t entropyLength = 0;
1759 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1760 KeymasterArguments outArgs;
1761 OperationResult result;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1762 begin(token, name, purpose, pruneable, args, entropy, entropyLength, &outArgs,
1763 &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1764 reply->writeNoException();
1765 reply->writeInt32(1);
1766 result.writeToParcel(reply);
1767 reply->writeInt32(1);
1768 outArgs.writeToParcel(reply);
1769
1770 return NO_ERROR;
1771 }
1772 case UPDATE: {
1773 CHECK_INTERFACE(IKeystoreService, data, reply);
1774 sp<IBinder> token = data.readStrongBinder();
1775 KeymasterArguments args;
1776 if (data.readInt32() != 0) {
1777 args.readFromParcel(data);
1778 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1779 const uint8_t* buf = NULL;
1780 size_t bufLength = 0;
1781 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1782 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1783 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1784 reply->writeNoException();
1785 reply->writeInt32(1);
1786 result.writeToParcel(reply);
1787
1788 return NO_ERROR;
1789 }
1790 case FINISH: {
1791 CHECK_INTERFACE(IKeystoreService, data, reply);
1792 sp<IBinder> token = data.readStrongBinder();
1793 KeymasterArguments args;
1794 if (data.readInt32() != 0) {
1795 args.readFromParcel(data);
1796 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1797 const uint8_t* buf = NULL;
1798 size_t bufLength = 0;
1799 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1800 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1801 finish(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1802 reply->writeNoException();
1803 reply->writeInt32(1);
1804 result.writeToParcel(reply);
1805
1806 return NO_ERROR;
1807 }
1808 case ABORT: {
1809 CHECK_INTERFACE(IKeystoreService, data, reply);
1810 sp<IBinder> token = data.readStrongBinder();
1811 int32_t result = abort(token);
1812 reply->writeNoException();
1813 reply->writeInt32(result);
1814
1815 return NO_ERROR;
1816 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1817 case IS_OPERATION_AUTHORIZED: {
1818 CHECK_INTERFACE(IKeystoreService, data, reply);
1819 sp<IBinder> token = data.readStrongBinder();
1820 bool result = isOperationAuthorized(token);
1821 reply->writeNoException();
1822 reply->writeInt32(result ? 1 : 0);
1823
1824 return NO_ERROR;
1825 }
1826 case ADD_AUTH_TOKEN: {
1827 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1828 const uint8_t* token_bytes = NULL;
1829 size_t size = 0;
1830 readByteArray(data, &token_bytes, &size);
1831 int32_t result = addAuthToken(token_bytes, size);
1832 reply->writeNoException();
1833 reply->writeInt32(result);
1834
1835 return NO_ERROR;
1836 }
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame^]1837 case ON_USER_ADDED: {
1838 CHECK_INTERFACE(IKeystoreService, data, reply);
1839 int32_t userId = data.readInt32();
1840 int32_t parentId = data.readInt32();
1841 int32_t result = onUserAdded(userId, parentId);
1842 reply->writeNoException();
1843 reply->writeInt32(result);
1844
1845 return NO_ERROR;
1846 }
1847 case ON_USER_REMOVED: {
1848 CHECK_INTERFACE(IKeystoreService, data, reply);
1849 int32_t userId = data.readInt32();
1850 int32_t result = onUserRemoved(userId);
1851 reply->writeNoException();
1852 reply->writeInt32(result);
1853
1854 return NO_ERROR;
1855 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1856 default:
1857 return BBinder::onTransact(code, data, reply, flags);
1858 }
1859}
1860
1861// ----------------------------------------------------------------------------
1862
1863}; // namespace android