Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / c3a1856bbe2e39d5b3430f5f088b12fd710a159f / . / keystore / IKeystoreService.cpp
blob: adde6b287c3826a3ad9270765b5b65656bc65e0d [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]33static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
34
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]35KeystoreArg::KeystoreArg(const void* data, size_t len)
36 : mData(data), mSize(len) {
37}
38
39KeystoreArg::~KeystoreArg() {
40}
41
42const void *KeystoreArg::data() const {
43 return mData;
44}
45
46size_t KeystoreArg::size() const {
47 return mSize;
48}
49
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame^]50OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]51 data(NULL), dataLength(0) {
52}
53
54OperationResult::~OperationResult() {
55}
56
57void OperationResult::readFromParcel(const Parcel& in) {
58 resultCode = in.readInt32();
59 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame^]60 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]61 inputConsumed = in.readInt32();
62 ssize_t length = in.readInt32();
63 dataLength = 0;
64 if (length > 0) {
65 const void* buf = in.readInplace(length);
66 if (buf) {
67 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
68 if (data.get()) {
69 memcpy(data.get(), buf, length);
70 dataLength = (size_t) length;
71 } else {
72 ALOGE("Failed to allocate OperationResult buffer");
73 }
74 } else {
75 ALOGE("Failed to readInplace OperationResult data");
76 }
77 }
78}
79
80void OperationResult::writeToParcel(Parcel* out) const {
81 out->writeInt32(resultCode);
82 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame^]83 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]84 out->writeInt32(inputConsumed);
85 out->writeInt32(dataLength);
86 if (dataLength && data) {
87 void* buf = out->writeInplace(dataLength);
88 if (buf) {
89 memcpy(buf, data.get(), dataLength);
90 } else {
91 ALOGE("Failed to writeInplace OperationResult data.");
92 }
93 }
94}
95
96ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
97}
98
99ExportResult::~ExportResult() {
100}
101
102void ExportResult::readFromParcel(const Parcel& in) {
103 resultCode = in.readInt32();
104 ssize_t length = in.readInt32();
105 dataLength = 0;
106 if (length > 0) {
107 const void* buf = in.readInplace(length);
108 if (buf) {
109 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
110 if (exportData.get()) {
111 memcpy(exportData.get(), buf, length);
112 dataLength = (size_t) length;
113 } else {
114 ALOGE("Failed to allocate ExportData buffer");
115 }
116 } else {
117 ALOGE("Failed to readInplace ExportData data");
118 }
119 }
120}
121
122void ExportResult::writeToParcel(Parcel* out) const {
123 out->writeInt32(resultCode);
124 out->writeInt32(dataLength);
125 if (exportData && dataLength) {
126 void* buf = out->writeInplace(dataLength);
127 if (buf) {
128 memcpy(buf, exportData.get(), dataLength);
129 } else {
130 ALOGE("Failed to writeInplace ExportResult data.");
131 }
132 }
133}
134
135KeymasterArguments::KeymasterArguments() {
136}
137
138KeymasterArguments::~KeymasterArguments() {
139 keymaster_free_param_values(params.data(), params.size());
140}
141
142void KeymasterArguments::readFromParcel(const Parcel& in) {
143 ssize_t length = in.readInt32();
144 size_t ulength = (size_t) length;
145 if (length < 0) {
146 ulength = 0;
147 }
148 keymaster_free_param_values(params.data(), params.size());
149 params.clear();
150 for(size_t i = 0; i < ulength; i++) {
151 keymaster_key_param_t param;
152 if (!readKeymasterArgumentFromParcel(in, &param)) {
153 ALOGE("Error reading keymaster argument from parcel");
154 break;
155 }
156 params.push_back(param);
157 }
158}
159
160void KeymasterArguments::writeToParcel(Parcel* out) const {
161 out->writeInt32(params.size());
162 for (auto param : params) {
163 out->writeInt32(1);
164 writeKeymasterArgumentToParcel(param, out);
165 }
166}
167
168KeyCharacteristics::KeyCharacteristics() {
169 memset((void*) &characteristics, 0, sizeof(characteristics));
170}
171
172KeyCharacteristics::~KeyCharacteristics() {
173 keymaster_free_characteristics(&characteristics);
174}
175
176void KeyCharacteristics::readFromParcel(const Parcel& in) {
177 size_t length = 0;
178 keymaster_key_param_t* params = readParamList(in, &length);
179 characteristics.sw_enforced.params = params;
180 characteristics.sw_enforced.length = length;
181
182 params = readParamList(in, &length);
183 characteristics.hw_enforced.params = params;
184 characteristics.hw_enforced.length = length;
185}
186
187void KeyCharacteristics::writeToParcel(Parcel* out) const {
188 if (characteristics.sw_enforced.params) {
189 out->writeInt32(characteristics.sw_enforced.length);
190 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
191 out->writeInt32(1);
192 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
193 }
194 } else {
195 out->writeInt32(0);
196 }
197 if (characteristics.hw_enforced.params) {
198 out->writeInt32(characteristics.hw_enforced.length);
199 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
200 out->writeInt32(1);
201 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
202 }
203 } else {
204 out->writeInt32(0);
205 }
206}
207
208void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
209 switch (keymaster_tag_get_type(param.tag)) {
210 case KM_ENUM:
211 case KM_ENUM_REP: {
212 out->writeInt32(param.tag);
213 out->writeInt32(param.enumerated);
214 break;
215 }
216 case KM_INT:
217 case KM_INT_REP: {
218 out->writeInt32(param.tag);
219 out->writeInt32(param.integer);
220 break;
221 }
222 case KM_LONG: {
223 out->writeInt32(param.tag);
224 out->writeInt64(param.long_integer);
225 break;
226 }
227 case KM_DATE: {
228 out->writeInt32(param.tag);
229 out->writeInt64(param.date_time);
230 break;
231 }
232 case KM_BOOL: {
233 out->writeInt32(param.tag);
234 break;
235 }
236 case KM_BIGNUM:
237 case KM_BYTES: {
238 out->writeInt32(param.tag);
239 out->writeInt32(param.blob.data_length);
240 void* buf = out->writeInplace(param.blob.data_length);
241 if (buf) {
242 memcpy(buf, param.blob.data, param.blob.data_length);
243 } else {
244 ALOGE("Failed to writeInplace keymaster blob param");
245 }
246 break;
247 }
248 default: {
249 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
250 }
251 }
252}
253
254
255bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
256 if (in.readInt32() == 0) {
257 return false;
258 }
259 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
260 switch (keymaster_tag_get_type(tag)) {
261 case KM_ENUM:
262 case KM_ENUM_REP: {
263 uint32_t value = in.readInt32();
264 *out = keymaster_param_enum(tag, value);
265 break;
266 }
267 case KM_INT:
268 case KM_INT_REP: {
269 uint32_t value = in.readInt32();
270 *out = keymaster_param_int(tag, value);
271 break;
272 }
273 case KM_LONG: {
274 uint64_t value = in.readInt64();
275 *out = keymaster_param_long(tag, value);
276 break;
277 }
278 case KM_DATE: {
279 uint64_t value = in.readInt64();
280 *out = keymaster_param_date(tag, value);
281 break;
282 }
283 case KM_BOOL: {
284 *out = keymaster_param_bool(tag);
285 break;
286 }
287 case KM_BIGNUM:
288 case KM_BYTES: {
289 ssize_t length = in.readInt32();
290 uint8_t* data = NULL;
291 size_t ulength = 0;
292 if (length >= 0) {
293 ulength = (size_t) length;
294 // use malloc here so we can use keymaster_free_param_values
295 // consistently.
296 data = reinterpret_cast<uint8_t*>(malloc(ulength));
297 const void* buf = in.readInplace(ulength);
298 if (!buf || !data) {
299 ALOGE("Failed to allocate buffer for keymaster blob param");
300 return false;
301 }
302 memcpy(data, buf, ulength);
303 }
304 *out = keymaster_param_blob(tag, data, ulength);
305 break;
306 }
307 default: {
308 ALOGE("Unsupported keymaster_tag_t %d", tag);
309 return false;
310 }
311 }
312 return true;
313}
314
315// Read a keymaster_key_param_t* from a Parcel for use in a
316// keymaster_key_characteristics_t. This will be free'd by calling
317// keymaster_free_key_characteristics.
318static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
319 ssize_t slength = in.readInt32();
320 *length = 0;
321 if (slength < 0) {
322 return NULL;
323 }
324 *length = (size_t) slength;
325 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
326 return NULL;
327 }
328 keymaster_key_param_t* list =
329 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
330 sizeof(keymaster_key_param_t)));
331 if (!list) {
332 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
333 goto err;
334 }
335 for (size_t i = 0; i < *length ; i++) {
336 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
337 ALOGE("Failed to read keymaster argument");
338 keymaster_free_param_values(list, i);
339 goto err;
340 }
341 }
342 return list;
343err:
344 free(list);
345 return NULL;
346}
347
348static void readKeymasterBlob(const Parcel& in, keymaster_blob_t* blob) {
349 ssize_t length = in.readInt32();
350 if (length > 0) {
351 blob->data = (uint8_t*) in.readInplace(length);
352 if (blob->data) {
353 blob->data_length = (size_t) length;
354 } else {
355 blob->data_length = 0;
356 }
357 } else {
358 blob->data = NULL;
359 blob->data_length = 0;
360 }
361}
362
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]363class BpKeystoreService: public BpInterface<IKeystoreService>
364{
365public:
366 BpKeystoreService(const sp<IBinder>& impl)
367 : BpInterface<IKeystoreService>(impl)
368 {
369 }
370
371 // test ping
372 virtual int32_t test()
373 {
374 Parcel data, reply;
375 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
376 status_t status = remote()->transact(BnKeystoreService::TEST, data, &reply);
377 if (status != NO_ERROR) {
378 ALOGD("test() could not contact remote: %d\n", status);
379 return -1;
380 }
381 int32_t err = reply.readExceptionCode();
382 int32_t ret = reply.readInt32();
383 if (err < 0) {
384 ALOGD("test() caught exception %d\n", err);
385 return -1;
386 }
387 return ret;
388 }
389
390 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
391 {
392 Parcel data, reply;
393 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
394 data.writeString16(name);
395 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
396 if (status != NO_ERROR) {
397 ALOGD("get() could not contact remote: %d\n", status);
398 return -1;
399 }
400 int32_t err = reply.readExceptionCode();
401 ssize_t len = reply.readInt32();
402 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
403 size_t ulen = (size_t) len;
404 const void* buf = reply.readInplace(ulen);
405 *item = (uint8_t*) malloc(ulen);
406 if (*item != NULL) {
407 memcpy(*item, buf, ulen);
408 *itemLength = ulen;
409 } else {
410 ALOGE("out of memory allocating output array in get");
411 *itemLength = 0;
412 }
413 } else {
414 *itemLength = 0;
415 }
416 if (err < 0) {
417 ALOGD("get() caught exception %d\n", err);
418 return -1;
419 }
420 return 0;
421 }
422
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]423 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
424 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]425 {
426 Parcel data, reply;
427 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
428 data.writeString16(name);
429 data.writeInt32(itemLength);
430 void* buf = data.writeInplace(itemLength);
431 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]432 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]433 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]434 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
435 if (status != NO_ERROR) {
436 ALOGD("import() could not contact remote: %d\n", status);
437 return -1;
438 }
439 int32_t err = reply.readExceptionCode();
440 int32_t ret = reply.readInt32();
441 if (err < 0) {
442 ALOGD("import() caught exception %d\n", err);
443 return -1;
444 }
445 return ret;
446 }
447
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]448 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]449 {
450 Parcel data, reply;
451 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
452 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]453 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]454 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
455 if (status != NO_ERROR) {
456 ALOGD("del() could not contact remote: %d\n", status);
457 return -1;
458 }
459 int32_t err = reply.readExceptionCode();
460 int32_t ret = reply.readInt32();
461 if (err < 0) {
462 ALOGD("del() caught exception %d\n", err);
463 return -1;
464 }
465 return ret;
466 }
467
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]468 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]469 {
470 Parcel data, reply;
471 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
472 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]473 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]474 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
475 if (status != NO_ERROR) {
476 ALOGD("exist() could not contact remote: %d\n", status);
477 return -1;
478 }
479 int32_t err = reply.readExceptionCode();
480 int32_t ret = reply.readInt32();
481 if (err < 0) {
482 ALOGD("exist() caught exception %d\n", err);
483 return -1;
484 }
485 return ret;
486 }
487
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]488 virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]489 {
490 Parcel data, reply;
491 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
492 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]493 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]494 status_t status = remote()->transact(BnKeystoreService::SAW, data, &reply);
495 if (status != NO_ERROR) {
496 ALOGD("saw() could not contact remote: %d\n", status);
497 return -1;
498 }
499 int32_t err = reply.readExceptionCode();
500 int32_t numMatches = reply.readInt32();
501 for (int32_t i = 0; i < numMatches; i++) {
502 matches->push(reply.readString16());
503 }
504 int32_t ret = reply.readInt32();
505 if (err < 0) {
506 ALOGD("saw() caught exception %d\n", err);
507 return -1;
508 }
509 return ret;
510 }
511
512 virtual int32_t reset()
513 {
514 Parcel data, reply;
515 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
516 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
517 if (status != NO_ERROR) {
518 ALOGD("reset() could not contact remote: %d\n", status);
519 return -1;
520 }
521 int32_t err = reply.readExceptionCode();
522 int32_t ret = reply.readInt32();
523 if (err < 0) {
524 ALOGD("reset() caught exception %d\n", err);
525 return -1;
526 }
527 return ret;
528 }
529
530 virtual int32_t password(const String16& password)
531 {
532 Parcel data, reply;
533 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
534 data.writeString16(password);
535 status_t status = remote()->transact(BnKeystoreService::PASSWORD, data, &reply);
536 if (status != NO_ERROR) {
537 ALOGD("password() could not contact remote: %d\n", status);
538 return -1;
539 }
540 int32_t err = reply.readExceptionCode();
541 int32_t ret = reply.readInt32();
542 if (err < 0) {
543 ALOGD("password() caught exception %d\n", err);
544 return -1;
545 }
546 return ret;
547 }
548
549 virtual int32_t lock()
550 {
551 Parcel data, reply;
552 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
553 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
554 if (status != NO_ERROR) {
555 ALOGD("lock() could not contact remote: %d\n", status);
556 return -1;
557 }
558 int32_t err = reply.readExceptionCode();
559 int32_t ret = reply.readInt32();
560 if (err < 0) {
561 ALOGD("lock() caught exception %d\n", err);
562 return -1;
563 }
564 return ret;
565 }
566
567 virtual int32_t unlock(const String16& password)
568 {
569 Parcel data, reply;
570 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
571 data.writeString16(password);
572 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
573 if (status != NO_ERROR) {
574 ALOGD("unlock() could not contact remote: %d\n", status);
575 return -1;
576 }
577 int32_t err = reply.readExceptionCode();
578 int32_t ret = reply.readInt32();
579 if (err < 0) {
580 ALOGD("unlock() caught exception %d\n", err);
581 return -1;
582 }
583 return ret;
584 }
585
586 virtual int32_t zero()
587 {
588 Parcel data, reply;
589 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
590 status_t status = remote()->transact(BnKeystoreService::ZERO, data, &reply);
591 if (status != NO_ERROR) {
592 ALOGD("zero() could not contact remote: %d\n", status);
593 return -1;
594 }
595 int32_t err = reply.readExceptionCode();
596 int32_t ret = reply.readInt32();
597 if (err < 0) {
598 ALOGD("zero() caught exception %d\n", err);
599 return -1;
600 }
601 return ret;
602 }
603
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]604 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
605 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]606 {
607 Parcel data, reply;
608 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
609 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]610 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]611 data.writeInt32(keyType);
612 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]613 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]614 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]615 data.writeInt32(args->size());
616 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
617 sp<KeystoreArg> item = *it;
618 size_t keyLength = item->size();
619 data.writeInt32(keyLength);
620 void* buf = data.writeInplace(keyLength);
621 memcpy(buf, item->data(), keyLength);
622 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]623 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
624 if (status != NO_ERROR) {
625 ALOGD("generate() could not contact remote: %d\n", status);
626 return -1;
627 }
628 int32_t err = reply.readExceptionCode();
629 int32_t ret = reply.readInt32();
630 if (err < 0) {
631 ALOGD("generate() caught exception %d\n", err);
632 return -1;
633 }
634 return ret;
635 }
636
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]637 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
638 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]639 {
640 Parcel data, reply;
641 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
642 data.writeString16(name);
643 data.writeInt32(keyLength);
644 void* buf = data.writeInplace(keyLength);
645 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]646 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]647 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]648 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
649 if (status != NO_ERROR) {
650 ALOGD("import() could not contact remote: %d\n", status);
651 return -1;
652 }
653 int32_t err = reply.readExceptionCode();
654 int32_t ret = reply.readInt32();
655 if (err < 0) {
656 ALOGD("import() caught exception %d\n", err);
657 return -1;
658 }
659 return ret;
660 }
661
662 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
663 size_t* outLength)
664 {
665 Parcel data, reply;
666 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
667 data.writeString16(name);
668 data.writeInt32(inLength);
669 void* buf = data.writeInplace(inLength);
670 memcpy(buf, in, inLength);
671 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
672 if (status != NO_ERROR) {
673 ALOGD("import() could not contact remote: %d\n", status);
674 return -1;
675 }
676 int32_t err = reply.readExceptionCode();
677 ssize_t len = reply.readInt32();
678 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
679 size_t ulen = (size_t) len;
680 const void* outBuf = reply.readInplace(ulen);
681 *out = (uint8_t*) malloc(ulen);
682 if (*out != NULL) {
683 memcpy((void*) *out, outBuf, ulen);
684 *outLength = ulen;
685 } else {
686 ALOGE("out of memory allocating output array in sign");
687 *outLength = 0;
688 }
689 } else {
690 *outLength = 0;
691 }
692 if (err < 0) {
693 ALOGD("import() caught exception %d\n", err);
694 return -1;
695 }
696 return 0;
697 }
698
699 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
700 const uint8_t* signature, size_t signatureLength)
701 {
702 Parcel data, reply;
703 void* buf;
704
705 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
706 data.writeString16(name);
707 data.writeInt32(inLength);
708 buf = data.writeInplace(inLength);
709 memcpy(buf, in, inLength);
710 data.writeInt32(signatureLength);
711 buf = data.writeInplace(signatureLength);
712 memcpy(buf, signature, signatureLength);
713 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
714 if (status != NO_ERROR) {
715 ALOGD("verify() could not contact remote: %d\n", status);
716 return -1;
717 }
718 int32_t err = reply.readExceptionCode();
719 int32_t ret = reply.readInt32();
720 if (err < 0) {
721 ALOGD("verify() caught exception %d\n", err);
722 return -1;
723 }
724 return ret;
725 }
726
727 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
728 {
729 Parcel data, reply;
730 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
731 data.writeString16(name);
732 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
733 if (status != NO_ERROR) {
734 ALOGD("get_pubkey() could not contact remote: %d\n", status);
735 return -1;
736 }
737 int32_t err = reply.readExceptionCode();
738 ssize_t len = reply.readInt32();
739 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
740 size_t ulen = (size_t) len;
741 const void* buf = reply.readInplace(ulen);
742 *pubkey = (uint8_t*) malloc(ulen);
743 if (*pubkey != NULL) {
744 memcpy(*pubkey, buf, ulen);
745 *pubkeyLength = ulen;
746 } else {
747 ALOGE("out of memory allocating output array in get_pubkey");
748 *pubkeyLength = 0;
749 }
750 } else {
751 *pubkeyLength = 0;
752 }
753 if (err < 0) {
754 ALOGD("get_pubkey() caught exception %d\n", err);
755 return -1;
756 }
757 return 0;
758 }
759
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]760 virtual int32_t del_key(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]761 {
762 Parcel data, reply;
763 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
764 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]765 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]766 status_t status = remote()->transact(BnKeystoreService::DEL_KEY, data, &reply);
767 if (status != NO_ERROR) {
768 ALOGD("del_key() could not contact remote: %d\n", status);
769 return -1;
770 }
771 int32_t err = reply.readExceptionCode();
772 int32_t ret = reply.readInt32();
773 if (err < 0) {
774 ALOGD("del_key() caught exception %d\n", err);
775 return -1;
776 }
777 return ret;
778 }
779
780 virtual int32_t grant(const String16& name, int32_t granteeUid)
781 {
782 Parcel data, reply;
783 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
784 data.writeString16(name);
785 data.writeInt32(granteeUid);
786 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
787 if (status != NO_ERROR) {
788 ALOGD("grant() could not contact remote: %d\n", status);
789 return -1;
790 }
791 int32_t err = reply.readExceptionCode();
792 int32_t ret = reply.readInt32();
793 if (err < 0) {
794 ALOGD("grant() caught exception %d\n", err);
795 return -1;
796 }
797 return ret;
798 }
799
800 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
801 {
802 Parcel data, reply;
803 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
804 data.writeString16(name);
805 data.writeInt32(granteeUid);
806 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
807 if (status != NO_ERROR) {
808 ALOGD("ungrant() could not contact remote: %d\n", status);
809 return -1;
810 }
811 int32_t err = reply.readExceptionCode();
812 int32_t ret = reply.readInt32();
813 if (err < 0) {
814 ALOGD("ungrant() caught exception %d\n", err);
815 return -1;
816 }
817 return ret;
818 }
819
820 int64_t getmtime(const String16& name)
821 {
822 Parcel data, reply;
823 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
824 data.writeString16(name);
825 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
826 if (status != NO_ERROR) {
827 ALOGD("getmtime() could not contact remote: %d\n", status);
828 return -1;
829 }
830 int32_t err = reply.readExceptionCode();
831 int64_t ret = reply.readInt64();
832 if (err < 0) {
833 ALOGD("getmtime() caught exception %d\n", err);
834 return -1;
835 }
836 return ret;
837 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]838
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]839 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
840 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]841 {
842 Parcel data, reply;
843 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]844 data.writeString16(srcKey);
845 data.writeInt32(srcUid);
846 data.writeString16(destKey);
847 data.writeInt32(destUid);
848 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]849 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]850 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]851 return -1;
852 }
853 int32_t err = reply.readExceptionCode();
854 int32_t ret = reply.readInt32();
855 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]856 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]857 return -1;
858 }
859 return ret;
860 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]861
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]862 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]863 {
864 Parcel data, reply;
865 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]866 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]867 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
868 if (status != NO_ERROR) {
869 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
870 return -1;
871 }
872 int32_t err = reply.readExceptionCode();
873 int32_t ret = reply.readInt32();
874 if (err < 0) {
875 ALOGD("is_hardware_backed() caught exception %d\n", err);
876 return -1;
877 }
878 return ret;
879 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]880
881 virtual int32_t clear_uid(int64_t uid)
882 {
883 Parcel data, reply;
884 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
885 data.writeInt64(uid);
886 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
887 if (status != NO_ERROR) {
888 ALOGD("clear_uid() could not contact remote: %d\n", status);
889 return -1;
890 }
891 int32_t err = reply.readExceptionCode();
892 int32_t ret = reply.readInt32();
893 if (err < 0) {
894 ALOGD("clear_uid() caught exception %d\n", err);
895 return -1;
896 }
897 return ret;
898 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]899
900 virtual int32_t reset_uid(int32_t uid) {
901 Parcel data, reply;
902 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
903 data.writeInt32(uid);
904 status_t status = remote()->transact(BnKeystoreService::RESET_UID, data, &reply);
905 if (status != NO_ERROR) {
906 ALOGD("reset_uid() could not contact remote: %d\n", status);
907 return -1;
908 }
909 int32_t err = reply.readExceptionCode();
910 int32_t ret = reply.readInt32();
911 if (err < 0) {
912 ALOGD("reset_uid() caught exception %d\n", err);
913 return -1;
914 }
915 return ret;
916
917 }
918
919 virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid)
920 {
921 Parcel data, reply;
922 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
923 data.writeInt32(sourceUid);
924 data.writeInt32(targetUid);
925 status_t status = remote()->transact(BnKeystoreService::SYNC_UID, data, &reply);
926 if (status != NO_ERROR) {
927 ALOGD("sync_uid() could not contact remote: %d\n", status);
928 return -1;
929 }
930 int32_t err = reply.readExceptionCode();
931 int32_t ret = reply.readInt32();
932 if (err < 0) {
933 ALOGD("sync_uid() caught exception %d\n", err);
934 return -1;
935 }
936 return ret;
937 }
938
939 virtual int32_t password_uid(const String16& password, int32_t uid)
940 {
941 Parcel data, reply;
942 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
943 data.writeString16(password);
944 data.writeInt32(uid);
945 status_t status = remote()->transact(BnKeystoreService::PASSWORD_UID, data, &reply);
946 if (status != NO_ERROR) {
947 ALOGD("password_uid() could not contact remote: %d\n", status);
948 return -1;
949 }
950 int32_t err = reply.readExceptionCode();
951 int32_t ret = reply.readInt32();
952 if (err < 0) {
953 ALOGD("password_uid() caught exception %d\n", err);
954 return -1;
955 }
956 return ret;
957 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]958 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
959 {
960 Parcel data, reply;
961 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
962 data.writeInt32(bufLength);
963 data.writeByteArray(bufLength, buf);
964 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
965 if (status != NO_ERROR) {
966 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
967 return -1;
968 }
969 int32_t err = reply.readExceptionCode();
970 int32_t ret = reply.readInt32();
971 if (err < 0) {
972 ALOGD("addRngEntropy() caught exception %d\n", err);
973 return -1;
974 }
975 return ret;
976 };
977
978 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
979 int uid, int flags, KeyCharacteristics* outCharacteristics)
980 {
981 Parcel data, reply;
982 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
983 data.writeString16(name);
984 data.writeInt32(1);
985 params.writeToParcel(&data);
986 data.writeInt32(uid);
987 data.writeInt32(flags);
988 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
989 if (status != NO_ERROR) {
990 ALOGD("generateKey() could not contact remote: %d\n", status);
991 return KM_ERROR_UNKNOWN_ERROR;
992 }
993 int32_t err = reply.readExceptionCode();
994 int32_t ret = reply.readInt32();
995 if (err < 0) {
996 ALOGD("generateKey() caught exception %d\n", err);
997 return KM_ERROR_UNKNOWN_ERROR;
998 }
999 if (reply.readInt32() != 0 && outCharacteristics) {
1000 outCharacteristics->readFromParcel(reply);
1001 }
1002 return ret;
1003 }
1004 virtual int32_t getKeyCharacteristics(const String16& name,
1005 const keymaster_blob_t& clientId,
1006 const keymaster_blob_t& appData,
1007 KeyCharacteristics* outCharacteristics)
1008 {
1009 Parcel data, reply;
1010 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1011 data.writeString16(name);
1012 data.writeByteArray(clientId.data_length, clientId.data);
1013 data.writeByteArray(appData.data_length, appData.data);
1014 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1015 data, &reply);
1016 if (status != NO_ERROR) {
1017 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1018 return KM_ERROR_UNKNOWN_ERROR;
1019 }
1020 int32_t err = reply.readExceptionCode();
1021 int32_t ret = reply.readInt32();
1022 if (err < 0) {
1023 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1024 return KM_ERROR_UNKNOWN_ERROR;
1025 }
1026 if (reply.readInt32() != 0 && outCharacteristics) {
1027 outCharacteristics->readFromParcel(reply);
1028 }
1029 return ret;
1030 }
1031 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1032 keymaster_key_format_t format, const uint8_t *keyData,
1033 size_t keyLength, int uid, int flags,
1034 KeyCharacteristics* outCharacteristics)
1035 {
1036 Parcel data, reply;
1037 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1038 data.writeString16(name);
1039 data.writeInt32(1);
1040 params.writeToParcel(&data);
1041 data.writeInt32(format);
1042 data.writeByteArray(keyLength, keyData);
1043 data.writeInt32(uid);
1044 data.writeInt32(flags);
1045 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1046 if (status != NO_ERROR) {
1047 ALOGD("importKey() could not contact remote: %d\n", status);
1048 return KM_ERROR_UNKNOWN_ERROR;
1049 }
1050 int32_t err = reply.readExceptionCode();
1051 int32_t ret = reply.readInt32();
1052 if (err < 0) {
1053 ALOGD("importKey() caught exception %d\n", err);
1054 return KM_ERROR_UNKNOWN_ERROR;
1055 }
1056 if (reply.readInt32() != 0 && outCharacteristics) {
1057 outCharacteristics->readFromParcel(reply);
1058 }
1059 return ret;
1060 }
1061
1062 virtual void exportKey(const String16& name, keymaster_key_format_t format,
1063 const keymaster_blob_t& clientId,
1064 const keymaster_blob_t& appData, ExportResult* result)
1065 {
1066 if (!result) {
1067 return;
1068 }
1069
1070 Parcel data, reply;
1071 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1072 data.writeString16(name);
1073 data.writeInt32(format);
1074 data.writeByteArray(clientId.data_length, clientId.data);
1075 data.writeByteArray(appData.data_length, appData.data);
1076 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1077 if (status != NO_ERROR) {
1078 ALOGD("exportKey() could not contact remote: %d\n", status);
1079 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1080 return;
1081 }
1082 int32_t err = reply.readExceptionCode();
1083 if (err < 0) {
1084 ALOGD("exportKey() caught exception %d\n", err);
1085 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1086 return;
1087 }
1088 if (reply.readInt32() != 0) {
1089 result->readFromParcel(reply);
1090 }
1091 }
1092
1093 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1094 keymaster_purpose_t purpose, bool pruneable,
1095 const KeymasterArguments& params, KeymasterArguments* outParams,
1096 OperationResult* result)
1097 {
1098 if (!result || !outParams) {
1099 return;
1100 }
1101 Parcel data, reply;
1102 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1103 data.writeStrongBinder(appToken);
1104 data.writeString16(name);
1105 data.writeInt32(purpose);
1106 data.writeInt32(pruneable ? 1 : 0);
1107 data.writeInt32(1);
1108 params.writeToParcel(&data);
1109 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1110 if (status != NO_ERROR) {
1111 ALOGD("begin() could not contact remote: %d\n", status);
1112 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1113 return;
1114 }
1115 int32_t err = reply.readExceptionCode();
1116 if (err < 0) {
1117 ALOGD("begin() caught exception %d\n", err);
1118 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1119 return;
1120 }
1121 if (reply.readInt32() != 0) {
1122 result->readFromParcel(reply);
1123 }
1124 if (reply.readInt32() != 0) {
1125 outParams->readFromParcel(reply);
1126 }
1127 }
1128
1129 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1130 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1131 {
1132 if (!result) {
1133 return;
1134 }
1135 Parcel data, reply;
1136 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1137 data.writeStrongBinder(token);
1138 data.writeInt32(1);
1139 params.writeToParcel(&data);
1140 data.writeByteArray(dataLength, opData);
1141 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1142 if (status != NO_ERROR) {
1143 ALOGD("update() could not contact remote: %d\n", status);
1144 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1145 return;
1146 }
1147 int32_t err = reply.readExceptionCode();
1148 if (err < 0) {
1149 ALOGD("update() caught exception %d\n", err);
1150 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1151 return;
1152 }
1153 if (reply.readInt32() != 0) {
1154 result->readFromParcel(reply);
1155 }
1156 }
1157
1158 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1159 const uint8_t* signature, size_t signatureLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1160 {
1161 if (!result) {
1162 return;
1163 }
1164 Parcel data, reply;
1165 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1166 data.writeStrongBinder(token);
1167 data.writeInt32(1);
1168 params.writeToParcel(&data);
1169 data.writeByteArray(signatureLength, signature);
1170 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1171 if (status != NO_ERROR) {
1172 ALOGD("finish() could not contact remote: %d\n", status);
1173 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1174 return;
1175 }
1176 int32_t err = reply.readExceptionCode();
1177 if (err < 0) {
1178 ALOGD("finish() caught exception %d\n", err);
1179 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1180 return;
1181 }
1182 if (reply.readInt32() != 0) {
1183 result->readFromParcel(reply);
1184 }
1185 }
1186
1187 virtual int32_t abort(const sp<IBinder>& token)
1188 {
1189 Parcel data, reply;
1190 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1191 data.writeStrongBinder(token);
1192 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1193 if (status != NO_ERROR) {
1194 ALOGD("abort() could not contact remote: %d\n", status);
1195 return KM_ERROR_UNKNOWN_ERROR;
1196 }
1197 int32_t err = reply.readExceptionCode();
1198 int32_t ret = reply.readInt32();
1199 if (err < 0) {
1200 ALOGD("abort() caught exception %d\n", err);
1201 return KM_ERROR_UNKNOWN_ERROR;
1202 }
1203 return ret;
1204 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1205};
1206
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1207IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1208
1209// ----------------------------------------------------------------------
1210
1211status_t BnKeystoreService::onTransact(
1212 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1213{
1214 switch(code) {
1215 case TEST: {
1216 CHECK_INTERFACE(IKeystoreService, data, reply);
1217 int32_t ret = test();
1218 reply->writeNoException();
1219 reply->writeInt32(ret);
1220 return NO_ERROR;
1221 } break;
1222 case GET: {
1223 CHECK_INTERFACE(IKeystoreService, data, reply);
1224 String16 name = data.readString16();
1225 void* out = NULL;
1226 size_t outSize = 0;
1227 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1228 reply->writeNoException();
1229 if (ret == 1) {
1230 reply->writeInt32(outSize);
1231 void* buf = reply->writeInplace(outSize);
1232 memcpy(buf, out, outSize);
1233 free(out);
1234 } else {
1235 reply->writeInt32(-1);
1236 }
1237 return NO_ERROR;
1238 } break;
1239 case INSERT: {
1240 CHECK_INTERFACE(IKeystoreService, data, reply);
1241 String16 name = data.readString16();
1242 ssize_t inSize = data.readInt32();
1243 const void* in;
1244 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1245 in = data.readInplace(inSize);
1246 } else {
1247 in = NULL;
1248 inSize = 0;
1249 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1250 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1251 int32_t flags = data.readInt32();
1252 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1253 reply->writeNoException();
1254 reply->writeInt32(ret);
1255 return NO_ERROR;
1256 } break;
1257 case DEL: {
1258 CHECK_INTERFACE(IKeystoreService, data, reply);
1259 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1260 int uid = data.readInt32();
1261 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1262 reply->writeNoException();
1263 reply->writeInt32(ret);
1264 return NO_ERROR;
1265 } break;
1266 case EXIST: {
1267 CHECK_INTERFACE(IKeystoreService, data, reply);
1268 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1269 int uid = data.readInt32();
1270 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1271 reply->writeNoException();
1272 reply->writeInt32(ret);
1273 return NO_ERROR;
1274 } break;
1275 case SAW: {
1276 CHECK_INTERFACE(IKeystoreService, data, reply);
1277 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1278 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1279 Vector<String16> matches;
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1280 int32_t ret = saw(name, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1281 reply->writeNoException();
1282 reply->writeInt32(matches.size());
1283 Vector<String16>::const_iterator it = matches.begin();
1284 for (; it != matches.end(); ++it) {
1285 reply->writeString16(*it);
1286 }
1287 reply->writeInt32(ret);
1288 return NO_ERROR;
1289 } break;
1290 case RESET: {
1291 CHECK_INTERFACE(IKeystoreService, data, reply);
1292 int32_t ret = reset();
1293 reply->writeNoException();
1294 reply->writeInt32(ret);
1295 return NO_ERROR;
1296 } break;
1297 case PASSWORD: {
1298 CHECK_INTERFACE(IKeystoreService, data, reply);
1299 String16 pass = data.readString16();
1300 int32_t ret = password(pass);
1301 reply->writeNoException();
1302 reply->writeInt32(ret);
1303 return NO_ERROR;
1304 } break;
1305 case LOCK: {
1306 CHECK_INTERFACE(IKeystoreService, data, reply);
1307 int32_t ret = lock();
1308 reply->writeNoException();
1309 reply->writeInt32(ret);
1310 return NO_ERROR;
1311 } break;
1312 case UNLOCK: {
1313 CHECK_INTERFACE(IKeystoreService, data, reply);
1314 String16 pass = data.readString16();
1315 int32_t ret = unlock(pass);
1316 reply->writeNoException();
1317 reply->writeInt32(ret);
1318 return NO_ERROR;
1319 } break;
1320 case ZERO: {
1321 CHECK_INTERFACE(IKeystoreService, data, reply);
1322 int32_t ret = zero();
1323 reply->writeNoException();
1324 reply->writeInt32(ret);
1325 return NO_ERROR;
1326 } break;
1327 case GENERATE: {
1328 CHECK_INTERFACE(IKeystoreService, data, reply);
1329 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1330 int32_t uid = data.readInt32();
1331 int32_t keyType = data.readInt32();
1332 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1333 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1334 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1335 int32_t argsPresent = data.readInt32();
1336 if (argsPresent == 1) {
1337 ssize_t numArgs = data.readInt32();
1338 if (numArgs > 0) {
1339 for (size_t i = 0; i < (size_t) numArgs; i++) {
1340 ssize_t inSize = data.readInt32();
1341 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1342 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1343 inSize);
1344 args.push_back(arg);
1345 } else {
1346 args.push_back(NULL);
1347 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1348 }
1349 }
1350 }
1351 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1352 reply->writeNoException();
1353 reply->writeInt32(ret);
1354 return NO_ERROR;
1355 } break;
1356 case IMPORT: {
1357 CHECK_INTERFACE(IKeystoreService, data, reply);
1358 String16 name = data.readString16();
1359 ssize_t inSize = data.readInt32();
1360 const void* in;
1361 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1362 in = data.readInplace(inSize);
1363 } else {
1364 in = NULL;
1365 inSize = 0;
1366 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1367 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1368 int32_t flags = data.readInt32();
1369 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1370 reply->writeNoException();
1371 reply->writeInt32(ret);
1372 return NO_ERROR;
1373 } break;
1374 case SIGN: {
1375 CHECK_INTERFACE(IKeystoreService, data, reply);
1376 String16 name = data.readString16();
1377 ssize_t inSize = data.readInt32();
1378 const void* in;
1379 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1380 in = data.readInplace(inSize);
1381 } else {
1382 in = NULL;
1383 inSize = 0;
1384 }
1385 void* out = NULL;
1386 size_t outSize = 0;
1387 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1388 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1389 if (outSize > 0 && out != NULL) {
1390 reply->writeInt32(outSize);
1391 void* buf = reply->writeInplace(outSize);
1392 memcpy(buf, out, outSize);
1393 free(out);
1394 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1395 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1396 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1397 reply->writeInt32(ret);
1398 return NO_ERROR;
1399 } break;
1400 case VERIFY: {
1401 CHECK_INTERFACE(IKeystoreService, data, reply);
1402 String16 name = data.readString16();
1403 ssize_t inSize = data.readInt32();
1404 const void* in;
1405 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1406 in = data.readInplace(inSize);
1407 } else {
1408 in = NULL;
1409 inSize = 0;
1410 }
1411 ssize_t sigSize = data.readInt32();
1412 const void* sig;
1413 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1414 sig = data.readInplace(sigSize);
1415 } else {
1416 sig = NULL;
1417 sigSize = 0;
1418 }
1419 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1420 (size_t) sigSize);
1421 reply->writeNoException();
1422 reply->writeInt32(ret ? 1 : 0);
1423 return NO_ERROR;
1424 } break;
1425 case GET_PUBKEY: {
1426 CHECK_INTERFACE(IKeystoreService, data, reply);
1427 String16 name = data.readString16();
1428 void* out = NULL;
1429 size_t outSize = 0;
1430 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1431 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1432 if (outSize > 0 && out != NULL) {
1433 reply->writeInt32(outSize);
1434 void* buf = reply->writeInplace(outSize);
1435 memcpy(buf, out, outSize);
1436 free(out);
1437 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1438 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1439 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1440 reply->writeInt32(ret);
1441 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1442 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1443 case DEL_KEY: {
1444 CHECK_INTERFACE(IKeystoreService, data, reply);
1445 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1446 int uid = data.readInt32();
1447 int32_t ret = del_key(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1448 reply->writeNoException();
1449 reply->writeInt32(ret);
1450 return NO_ERROR;
1451 } break;
1452 case GRANT: {
1453 CHECK_INTERFACE(IKeystoreService, data, reply);
1454 String16 name = data.readString16();
1455 int32_t granteeUid = data.readInt32();
1456 int32_t ret = grant(name, granteeUid);
1457 reply->writeNoException();
1458 reply->writeInt32(ret);
1459 return NO_ERROR;
1460 } break;
1461 case UNGRANT: {
1462 CHECK_INTERFACE(IKeystoreService, data, reply);
1463 String16 name = data.readString16();
1464 int32_t granteeUid = data.readInt32();
1465 int32_t ret = ungrant(name, granteeUid);
1466 reply->writeNoException();
1467 reply->writeInt32(ret);
1468 return NO_ERROR;
1469 } break;
1470 case GETMTIME: {
1471 CHECK_INTERFACE(IKeystoreService, data, reply);
1472 String16 name = data.readString16();
1473 int64_t ret = getmtime(name);
1474 reply->writeNoException();
1475 reply->writeInt64(ret);
1476 return NO_ERROR;
1477 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1478 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1479 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1480 String16 srcKey = data.readString16();
1481 int32_t srcUid = data.readInt32();
1482 String16 destKey = data.readString16();
1483 int32_t destUid = data.readInt32();
1484 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1485 reply->writeNoException();
1486 reply->writeInt32(ret);
1487 return NO_ERROR;
1488 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1489 case IS_HARDWARE_BACKED: {
1490 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1491 String16 keyType = data.readString16();
1492 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1493 reply->writeNoException();
1494 reply->writeInt32(ret);
1495 return NO_ERROR;
1496 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1497 case CLEAR_UID: {
1498 CHECK_INTERFACE(IKeystoreService, data, reply);
1499 int64_t uid = data.readInt64();
1500 int32_t ret = clear_uid(uid);
1501 reply->writeNoException();
1502 reply->writeInt32(ret);
1503 return NO_ERROR;
1504 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]1505 case RESET_UID: {
1506 CHECK_INTERFACE(IKeystoreService, data, reply);
1507 int32_t uid = data.readInt32();
1508 int32_t ret = reset_uid(uid);
1509 reply->writeNoException();
1510 reply->writeInt32(ret);
1511 return NO_ERROR;
1512 }
1513 case SYNC_UID: {
1514 CHECK_INTERFACE(IKeystoreService, data, reply);
1515 int32_t sourceUid = data.readInt32();
1516 int32_t targetUid = data.readInt32();
1517 int32_t ret = sync_uid(sourceUid, targetUid);
1518 reply->writeNoException();
1519 reply->writeInt32(ret);
1520 return NO_ERROR;
1521 }
1522 case PASSWORD_UID: {
1523 CHECK_INTERFACE(IKeystoreService, data, reply);
1524 String16 password = data.readString16();
1525 int32_t uid = data.readInt32();
1526 int32_t ret = password_uid(password, uid);
1527 reply->writeNoException();
1528 reply->writeInt32(ret);
1529 return NO_ERROR;
1530 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1531 case ADD_RNG_ENTROPY: {
1532 CHECK_INTERFACE(IKeystoreService, data, reply);
1533 size_t size = data.readInt32();
1534 uint8_t* bytes;
1535 if (size > 0) {
1536 bytes = (uint8_t*) data.readInplace(size);
1537 } else {
1538 bytes = NULL;
1539 }
1540 int32_t ret = addRngEntropy(bytes, size);
1541 reply->writeNoException();
1542 reply->writeInt32(ret);
1543 return NO_ERROR;
1544 }
1545 case GENERATE_KEY: {
1546 CHECK_INTERFACE(IKeystoreService, data, reply);
1547 String16 name = data.readString16();
1548 KeymasterArguments args;
1549 if (data.readInt32() != 0) {
1550 args.readFromParcel(data);
1551 }
1552 int32_t uid = data.readInt32();
1553 int32_t flags = data.readInt32();
1554 KeyCharacteristics outCharacteristics;
1555 int32_t ret = generateKey(name, args, uid, flags, &outCharacteristics);
1556 reply->writeNoException();
1557 reply->writeInt32(ret);
1558 reply->writeInt32(1);
1559 outCharacteristics.writeToParcel(reply);
1560 return NO_ERROR;
1561 }
1562 case GET_KEY_CHARACTERISTICS: {
1563 CHECK_INTERFACE(IKeystoreService, data, reply);
1564 String16 name = data.readString16();
1565 keymaster_blob_t clientId, appData;
1566 readKeymasterBlob(data, &clientId);
1567 readKeymasterBlob(data, &appData);
1568 KeyCharacteristics outCharacteristics;
1569 int ret = getKeyCharacteristics(name, clientId, appData, &outCharacteristics);
1570 reply->writeNoException();
1571 reply->writeInt32(ret);
1572 reply->writeInt32(1);
1573 outCharacteristics.writeToParcel(reply);
1574 return NO_ERROR;
1575 }
1576 case IMPORT_KEY: {
1577 CHECK_INTERFACE(IKeystoreService, data, reply);
1578 String16 name = data.readString16();
1579 KeymasterArguments args;
1580 if (data.readInt32() != 0) {
1581 args.readFromParcel(data);
1582 }
1583 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
1584 uint8_t* keyData = NULL;
1585 ssize_t keyLength = data.readInt32();
1586 size_t ukeyLength = (size_t) keyLength;
1587 if (keyLength >= 0) {
1588 keyData = (uint8_t*) data.readInplace(keyLength);
1589 } else {
1590 ukeyLength = 0;
1591 }
1592 int32_t uid = data.readInt32();
1593 int32_t flags = data.readInt32();
1594 KeyCharacteristics outCharacteristics;
1595 int32_t ret = importKey(name, args, format, keyData, ukeyLength, uid, flags,
1596 &outCharacteristics);
1597 reply->writeNoException();
1598 reply->writeInt32(ret);
1599 reply->writeInt32(1);
1600 outCharacteristics.writeToParcel(reply);
1601
1602 return NO_ERROR;
1603 }
1604 case EXPORT_KEY: {
1605 CHECK_INTERFACE(IKeystoreService, data, reply);
1606 String16 name = data.readString16();
1607 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
1608 keymaster_blob_t clientId, appData;
1609 readKeymasterBlob(data, &clientId);
1610 readKeymasterBlob(data, &appData);
1611 ExportResult result;
1612 exportKey(name, format, clientId, appData, &result);
1613 reply->writeNoException();
1614 reply->writeInt32(1);
1615 result.writeToParcel(reply);
1616
1617 return NO_ERROR;
1618 }
1619 case BEGIN: {
1620 CHECK_INTERFACE(IKeystoreService, data, reply);
1621 sp<IBinder> token = data.readStrongBinder();
1622 String16 name = data.readString16();
1623 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1624 bool pruneable = data.readInt32() != 0;
1625 KeymasterArguments args;
1626 if (data.readInt32() != 0) {
1627 args.readFromParcel(data);
1628 }
1629 KeymasterArguments outArgs;
1630 OperationResult result;
1631 begin(token, name, purpose, pruneable, args, &outArgs, &result);
1632 reply->writeNoException();
1633 reply->writeInt32(1);
1634 result.writeToParcel(reply);
1635 reply->writeInt32(1);
1636 outArgs.writeToParcel(reply);
1637
1638 return NO_ERROR;
1639 }
1640 case UPDATE: {
1641 CHECK_INTERFACE(IKeystoreService, data, reply);
1642 sp<IBinder> token = data.readStrongBinder();
1643 KeymasterArguments args;
1644 if (data.readInt32() != 0) {
1645 args.readFromParcel(data);
1646 }
1647 uint8_t* buf = NULL;
1648 ssize_t bufLength = data.readInt32();
1649 size_t ubufLength = (size_t) bufLength;
1650 if (bufLength > 0) {
1651 buf = (uint8_t*) data.readInplace(ubufLength);
1652 } else {
1653 ubufLength = 0;
1654 }
1655 OperationResult result;
1656 update(token, args, buf, ubufLength, &result);
1657 reply->writeNoException();
1658 reply->writeInt32(1);
1659 result.writeToParcel(reply);
1660
1661 return NO_ERROR;
1662 }
1663 case FINISH: {
1664 CHECK_INTERFACE(IKeystoreService, data, reply);
1665 sp<IBinder> token = data.readStrongBinder();
1666 KeymasterArguments args;
1667 if (data.readInt32() != 0) {
1668 args.readFromParcel(data);
1669 }
1670 uint8_t* buf = NULL;
1671 ssize_t bufLength = data.readInt32();
1672 size_t ubufLength = (size_t) bufLength;
1673 if (bufLength > 0) {
1674 buf = (uint8_t*) data.readInplace(ubufLength);
1675 } else {
1676 ubufLength = 0;
1677 }
1678 OperationResult result;
1679 finish(token, args, buf, ubufLength, &result);
1680 reply->writeNoException();
1681 reply->writeInt32(1);
1682 result.writeToParcel(reply);
1683
1684 return NO_ERROR;
1685 }
1686 case ABORT: {
1687 CHECK_INTERFACE(IKeystoreService, data, reply);
1688 sp<IBinder> token = data.readStrongBinder();
1689 int32_t result = abort(token);
1690 reply->writeNoException();
1691 reply->writeInt32(result);
1692
1693 return NO_ERROR;
1694 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1695 default:
1696 return BBinder::onTransact(code, data, reply, flags);
1697 }
1698}
1699
1700// ----------------------------------------------------------------------------
1701
1702}; // namespace android