Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 193059de3b68259ff0afdee96da14d6b8507dab6 / . / keystore / IKeystoreService.cpp
blob: 2753627fccc5a738fd6b9df70886f229d0a69c71 [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]33const ssize_t MAX_GENERATE_ARGS = 3;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]34static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
Shawn Willden77d71ca2014-11-12 16:45:12 -0700[diff] [blame]35
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]36KeystoreArg::KeystoreArg(const void* data, size_t len)
37 : mData(data), mSize(len) {
38}
39
40KeystoreArg::~KeystoreArg() {
41}
42
43const void *KeystoreArg::data() const {
44 return mData;
45}
46
47size_t KeystoreArg::size() const {
48 return mSize;
49}
50
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]51OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]52 data(NULL), dataLength(0) {
53}
54
55OperationResult::~OperationResult() {
56}
57
58void OperationResult::readFromParcel(const Parcel& in) {
59 resultCode = in.readInt32();
60 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]61 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]62 inputConsumed = in.readInt32();
63 ssize_t length = in.readInt32();
64 dataLength = 0;
65 if (length > 0) {
66 const void* buf = in.readInplace(length);
67 if (buf) {
68 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
69 if (data.get()) {
70 memcpy(data.get(), buf, length);
71 dataLength = (size_t) length;
72 } else {
73 ALOGE("Failed to allocate OperationResult buffer");
74 }
75 } else {
76 ALOGE("Failed to readInplace OperationResult data");
77 }
78 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]79 outParams.readFromParcel(in);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]80}
81
82void OperationResult::writeToParcel(Parcel* out) const {
83 out->writeInt32(resultCode);
84 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]85 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]86 out->writeInt32(inputConsumed);
87 out->writeInt32(dataLength);
88 if (dataLength && data) {
89 void* buf = out->writeInplace(dataLength);
90 if (buf) {
91 memcpy(buf, data.get(), dataLength);
92 } else {
93 ALOGE("Failed to writeInplace OperationResult data.");
94 }
95 }
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]96 outParams.writeToParcel(out);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]97}
98
99ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
100}
101
102ExportResult::~ExportResult() {
103}
104
105void ExportResult::readFromParcel(const Parcel& in) {
106 resultCode = in.readInt32();
107 ssize_t length = in.readInt32();
108 dataLength = 0;
109 if (length > 0) {
110 const void* buf = in.readInplace(length);
111 if (buf) {
112 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
113 if (exportData.get()) {
114 memcpy(exportData.get(), buf, length);
115 dataLength = (size_t) length;
116 } else {
117 ALOGE("Failed to allocate ExportData buffer");
118 }
119 } else {
120 ALOGE("Failed to readInplace ExportData data");
121 }
122 }
123}
124
125void ExportResult::writeToParcel(Parcel* out) const {
126 out->writeInt32(resultCode);
127 out->writeInt32(dataLength);
128 if (exportData && dataLength) {
129 void* buf = out->writeInplace(dataLength);
130 if (buf) {
131 memcpy(buf, exportData.get(), dataLength);
132 } else {
133 ALOGE("Failed to writeInplace ExportResult data.");
134 }
135 }
136}
137
138KeymasterArguments::KeymasterArguments() {
139}
140
141KeymasterArguments::~KeymasterArguments() {
142 keymaster_free_param_values(params.data(), params.size());
143}
144
145void KeymasterArguments::readFromParcel(const Parcel& in) {
146 ssize_t length = in.readInt32();
147 size_t ulength = (size_t) length;
148 if (length < 0) {
149 ulength = 0;
150 }
151 keymaster_free_param_values(params.data(), params.size());
152 params.clear();
153 for(size_t i = 0; i < ulength; i++) {
154 keymaster_key_param_t param;
155 if (!readKeymasterArgumentFromParcel(in, &param)) {
156 ALOGE("Error reading keymaster argument from parcel");
157 break;
158 }
159 params.push_back(param);
160 }
161}
162
163void KeymasterArguments::writeToParcel(Parcel* out) const {
164 out->writeInt32(params.size());
165 for (auto param : params) {
166 out->writeInt32(1);
167 writeKeymasterArgumentToParcel(param, out);
168 }
169}
170
171KeyCharacteristics::KeyCharacteristics() {
172 memset((void*) &characteristics, 0, sizeof(characteristics));
173}
174
175KeyCharacteristics::~KeyCharacteristics() {
176 keymaster_free_characteristics(&characteristics);
177}
178
179void KeyCharacteristics::readFromParcel(const Parcel& in) {
180 size_t length = 0;
181 keymaster_key_param_t* params = readParamList(in, &length);
182 characteristics.sw_enforced.params = params;
183 characteristics.sw_enforced.length = length;
184
185 params = readParamList(in, &length);
186 characteristics.hw_enforced.params = params;
187 characteristics.hw_enforced.length = length;
188}
189
190void KeyCharacteristics::writeToParcel(Parcel* out) const {
191 if (characteristics.sw_enforced.params) {
192 out->writeInt32(characteristics.sw_enforced.length);
193 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
194 out->writeInt32(1);
195 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
196 }
197 } else {
198 out->writeInt32(0);
199 }
200 if (characteristics.hw_enforced.params) {
201 out->writeInt32(characteristics.hw_enforced.length);
202 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
203 out->writeInt32(1);
204 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
205 }
206 } else {
207 out->writeInt32(0);
208 }
209}
210
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]211KeymasterCertificateChain::KeymasterCertificateChain() {
212 memset(&chain, 0, sizeof(chain));
213}
214
215KeymasterCertificateChain::~KeymasterCertificateChain() {
216 keymaster_free_cert_chain(&chain);
217}
218
219static bool readKeymasterBlob(const Parcel& in, keymaster_blob_t* blob) {
220 if (in.readInt32() != 1) {
221 return false;
222 }
223
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]224 ssize_t length = in.readInt32();
225 if (length <= 0) {
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]226 return false;
227 }
228
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]229 blob->data = reinterpret_cast<const uint8_t*>(malloc(length));
230 if (!blob->data)
231 return false;
232
233 const void* buf = in.readInplace(length);
234 if (!buf)
235 return false;
236
237 blob->data_length = static_cast<size_t>(length);
238 memcpy(const_cast<uint8_t*>(blob->data), buf, length);
239
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]240 return true;
241}
242
243void KeymasterCertificateChain::readFromParcel(const Parcel& in) {
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]244 keymaster_free_cert_chain(&chain);
245
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]246 ssize_t count = in.readInt32();
247 size_t ucount = count;
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]248 if (count <= 0) {
249 return;
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]250 }
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]251
252 chain.entries = reinterpret_cast<keymaster_blob_t*>(malloc(sizeof(keymaster_blob_t) * ucount));
253 if (!chain.entries) {
254 ALOGE("Error allocating memory for certificate chain");
255 return;
256 }
257
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]258 memset(chain.entries, 0, sizeof(keymaster_blob_t) * ucount);
259 for (size_t i = 0; i < ucount; ++i) {
260 if (!readKeymasterBlob(in, &chain.entries[i])) {
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]261 ALOGE("Error reading certificate from parcel");
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]262 keymaster_free_cert_chain(&chain);
263 return;
264 }
265 }
266}
267
268void KeymasterCertificateChain::writeToParcel(Parcel* out) const {
269 out->writeInt32(chain.entry_count);
270 for (size_t i = 0; i < chain.entry_count; ++i) {
271 if (chain.entries[i].data) {
272 out->writeInt32(1); // Tell Java side that object is not NULL
273 out->writeInt32(chain.entries[i].data_length);
274 void* buf = out->writeInplace(chain.entries[i].data_length);
275 if (buf) {
276 memcpy(buf, chain.entries[i].data, chain.entries[i].data_length);
277 } else {
278 ALOGE("Failed to writeInplace keymaster cert chain entry");
279 }
280 } else {
281 out->writeInt32(0); // Tell Java side this object is NULL.
282 ALOGE("Found NULL certificate chain entry");
283 }
284 }
285}
286
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]287void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
288 switch (keymaster_tag_get_type(param.tag)) {
289 case KM_ENUM:
290 case KM_ENUM_REP: {
291 out->writeInt32(param.tag);
292 out->writeInt32(param.enumerated);
293 break;
294 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]295 case KM_UINT:
296 case KM_UINT_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]297 out->writeInt32(param.tag);
298 out->writeInt32(param.integer);
299 break;
300 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]301 case KM_ULONG:
302 case KM_ULONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]303 out->writeInt32(param.tag);
304 out->writeInt64(param.long_integer);
305 break;
306 }
307 case KM_DATE: {
308 out->writeInt32(param.tag);
309 out->writeInt64(param.date_time);
310 break;
311 }
312 case KM_BOOL: {
313 out->writeInt32(param.tag);
314 break;
315 }
316 case KM_BIGNUM:
317 case KM_BYTES: {
318 out->writeInt32(param.tag);
319 out->writeInt32(param.blob.data_length);
320 void* buf = out->writeInplace(param.blob.data_length);
321 if (buf) {
322 memcpy(buf, param.blob.data, param.blob.data_length);
323 } else {
324 ALOGE("Failed to writeInplace keymaster blob param");
325 }
326 break;
327 }
328 default: {
329 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
330 }
331 }
332}
333
334
335bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
336 if (in.readInt32() == 0) {
337 return false;
338 }
339 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
340 switch (keymaster_tag_get_type(tag)) {
341 case KM_ENUM:
342 case KM_ENUM_REP: {
343 uint32_t value = in.readInt32();
344 *out = keymaster_param_enum(tag, value);
345 break;
346 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]347 case KM_UINT:
348 case KM_UINT_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]349 uint32_t value = in.readInt32();
350 *out = keymaster_param_int(tag, value);
351 break;
352 }
Shawn Willden0ebf13d2015-06-24 16:29:45 -0700[diff] [blame]353 case KM_ULONG:
354 case KM_ULONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]355 uint64_t value = in.readInt64();
356 *out = keymaster_param_long(tag, value);
357 break;
358 }
359 case KM_DATE: {
360 uint64_t value = in.readInt64();
361 *out = keymaster_param_date(tag, value);
362 break;
363 }
364 case KM_BOOL: {
365 *out = keymaster_param_bool(tag);
366 break;
367 }
368 case KM_BIGNUM:
369 case KM_BYTES: {
370 ssize_t length = in.readInt32();
371 uint8_t* data = NULL;
372 size_t ulength = 0;
373 if (length >= 0) {
374 ulength = (size_t) length;
375 // use malloc here so we can use keymaster_free_param_values
376 // consistently.
377 data = reinterpret_cast<uint8_t*>(malloc(ulength));
378 const void* buf = in.readInplace(ulength);
379 if (!buf || !data) {
380 ALOGE("Failed to allocate buffer for keymaster blob param");
Shawn Willdeneb1adaf2016-02-02 17:32:31 -0700[diff] [blame]381 free(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]382 return false;
383 }
384 memcpy(data, buf, ulength);
385 }
386 *out = keymaster_param_blob(tag, data, ulength);
387 break;
388 }
389 default: {
390 ALOGE("Unsupported keymaster_tag_t %d", tag);
391 return false;
392 }
393 }
394 return true;
395}
396
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]397/**
398 * Read a byte array from in. The data at *data is still owned by the parcel
399 */
400static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
401 ssize_t slength = in.readInt32();
402 if (slength > 0) {
403 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
404 if (*data) {
405 *length = static_cast<size_t>(slength);
406 } else {
407 *length = 0;
408 }
409 } else {
410 *data = NULL;
411 *length = 0;
412 }
413}
414
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]415// Read a keymaster_key_param_t* from a Parcel for use in a
416// keymaster_key_characteristics_t. This will be free'd by calling
417// keymaster_free_key_characteristics.
418static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
419 ssize_t slength = in.readInt32();
420 *length = 0;
421 if (slength < 0) {
422 return NULL;
423 }
424 *length = (size_t) slength;
425 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
426 return NULL;
427 }
428 keymaster_key_param_t* list =
429 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
430 sizeof(keymaster_key_param_t)));
431 if (!list) {
432 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
433 goto err;
434 }
435 for (size_t i = 0; i < *length ; i++) {
436 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
437 ALOGE("Failed to read keymaster argument");
438 keymaster_free_param_values(list, i);
439 goto err;
440 }
441 }
442 return list;
443err:
444 free(list);
445 return NULL;
446}
447
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]448static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]449 std::unique_ptr<keymaster_blob_t> blob (new keymaster_blob_t);
450 if (!readKeymasterBlob(in, blob.get())) {
451 blob.reset();
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]452 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]453 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]454}
455
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]456class BpKeystoreService: public BpInterface<IKeystoreService>
457{
458public:
459 BpKeystoreService(const sp<IBinder>& impl)
460 : BpInterface<IKeystoreService>(impl)
461 {
462 }
463
464 // test ping
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]465 virtual int32_t getState(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]466 {
467 Parcel data, reply;
468 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]469 data.writeInt32(userId);
470 status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]471 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]472 ALOGD("getState() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]473 return -1;
474 }
475 int32_t err = reply.readExceptionCode();
476 int32_t ret = reply.readInt32();
477 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]478 ALOGD("getState() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]479 return -1;
480 }
481 return ret;
482 }
483
484 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
485 {
486 Parcel data, reply;
487 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
488 data.writeString16(name);
489 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
490 if (status != NO_ERROR) {
491 ALOGD("get() could not contact remote: %d\n", status);
492 return -1;
493 }
494 int32_t err = reply.readExceptionCode();
495 ssize_t len = reply.readInt32();
496 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
497 size_t ulen = (size_t) len;
498 const void* buf = reply.readInplace(ulen);
499 *item = (uint8_t*) malloc(ulen);
500 if (*item != NULL) {
501 memcpy(*item, buf, ulen);
502 *itemLength = ulen;
503 } else {
504 ALOGE("out of memory allocating output array in get");
505 *itemLength = 0;
506 }
507 } else {
508 *itemLength = 0;
509 }
510 if (err < 0) {
511 ALOGD("get() caught exception %d\n", err);
512 return -1;
513 }
514 return 0;
515 }
516
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]517 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
518 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]519 {
520 Parcel data, reply;
521 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
522 data.writeString16(name);
523 data.writeInt32(itemLength);
524 void* buf = data.writeInplace(itemLength);
525 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]526 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]527 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]528 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
529 if (status != NO_ERROR) {
530 ALOGD("import() could not contact remote: %d\n", status);
531 return -1;
532 }
533 int32_t err = reply.readExceptionCode();
534 int32_t ret = reply.readInt32();
535 if (err < 0) {
536 ALOGD("import() caught exception %d\n", err);
537 return -1;
538 }
539 return ret;
540 }
541
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]542 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]543 {
544 Parcel data, reply;
545 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
546 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]547 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]548 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
549 if (status != NO_ERROR) {
550 ALOGD("del() could not contact remote: %d\n", status);
551 return -1;
552 }
553 int32_t err = reply.readExceptionCode();
554 int32_t ret = reply.readInt32();
555 if (err < 0) {
556 ALOGD("del() caught exception %d\n", err);
557 return -1;
558 }
559 return ret;
560 }
561
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]562 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]563 {
564 Parcel data, reply;
565 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
566 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]567 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]568 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
569 if (status != NO_ERROR) {
570 ALOGD("exist() could not contact remote: %d\n", status);
571 return -1;
572 }
573 int32_t err = reply.readExceptionCode();
574 int32_t ret = reply.readInt32();
575 if (err < 0) {
576 ALOGD("exist() caught exception %d\n", err);
577 return -1;
578 }
579 return ret;
580 }
581
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]582 virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]583 {
584 Parcel data, reply;
585 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]586 data.writeString16(prefix);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]587 data.writeInt32(uid);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]588 status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]589 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]590 ALOGD("list() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]591 return -1;
592 }
593 int32_t err = reply.readExceptionCode();
594 int32_t numMatches = reply.readInt32();
595 for (int32_t i = 0; i < numMatches; i++) {
596 matches->push(reply.readString16());
597 }
598 int32_t ret = reply.readInt32();
599 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]600 ALOGD("list() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]601 return -1;
602 }
603 return ret;
604 }
605
606 virtual int32_t reset()
607 {
608 Parcel data, reply;
609 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
610 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
611 if (status != NO_ERROR) {
612 ALOGD("reset() could not contact remote: %d\n", status);
613 return -1;
614 }
615 int32_t err = reply.readExceptionCode();
616 int32_t ret = reply.readInt32();
617 if (err < 0) {
618 ALOGD("reset() caught exception %d\n", err);
619 return -1;
620 }
621 return ret;
622 }
623
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]624 virtual int32_t onUserPasswordChanged(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]625 {
626 Parcel data, reply;
627 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]628 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]629 data.writeString16(password);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]630 status_t status = remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data,
631 &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]632 if (status != NO_ERROR) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]633 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]634 return -1;
635 }
636 int32_t err = reply.readExceptionCode();
637 int32_t ret = reply.readInt32();
638 if (err < 0) {
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]639 ALOGD("onUserPasswordChanged() caught exception %d\n", err);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]640 return -1;
641 }
642 return ret;
643 }
644
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]645 virtual int32_t lock(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]646 {
647 Parcel data, reply;
648 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]649 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]650 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
651 if (status != NO_ERROR) {
652 ALOGD("lock() could not contact remote: %d\n", status);
653 return -1;
654 }
655 int32_t err = reply.readExceptionCode();
656 int32_t ret = reply.readInt32();
657 if (err < 0) {
658 ALOGD("lock() caught exception %d\n", err);
659 return -1;
660 }
661 return ret;
662 }
663
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]664 virtual int32_t unlock(int32_t userId, const String16& password)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]665 {
666 Parcel data, reply;
667 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]668 data.writeInt32(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]669 data.writeString16(password);
670 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
671 if (status != NO_ERROR) {
672 ALOGD("unlock() could not contact remote: %d\n", status);
673 return -1;
674 }
675 int32_t err = reply.readExceptionCode();
676 int32_t ret = reply.readInt32();
677 if (err < 0) {
678 ALOGD("unlock() caught exception %d\n", err);
679 return -1;
680 }
681 return ret;
682 }
683
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]684 virtual bool isEmpty(int32_t userId)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]685 {
686 Parcel data, reply;
687 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]688 data.writeInt32(userId);
689 status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]690 if (status != NO_ERROR) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]691 ALOGD("isEmpty() could not contact remote: %d\n", status);
692 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]693 }
694 int32_t err = reply.readExceptionCode();
695 int32_t ret = reply.readInt32();
696 if (err < 0) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]697 ALOGD("isEmpty() caught exception %d\n", err);
698 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]699 }
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]700 return ret != 0;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]701 }
702
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]703 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
704 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]705 {
706 Parcel data, reply;
707 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
708 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]709 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]710 data.writeInt32(keyType);
711 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]712 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]713 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]714 data.writeInt32(args->size());
715 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
716 sp<KeystoreArg> item = *it;
717 size_t keyLength = item->size();
718 data.writeInt32(keyLength);
719 void* buf = data.writeInplace(keyLength);
720 memcpy(buf, item->data(), keyLength);
721 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]722 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
723 if (status != NO_ERROR) {
724 ALOGD("generate() could not contact remote: %d\n", status);
725 return -1;
726 }
727 int32_t err = reply.readExceptionCode();
728 int32_t ret = reply.readInt32();
729 if (err < 0) {
730 ALOGD("generate() caught exception %d\n", err);
731 return -1;
732 }
733 return ret;
734 }
735
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]736 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
737 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]738 {
739 Parcel data, reply;
740 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
741 data.writeString16(name);
742 data.writeInt32(keyLength);
743 void* buf = data.writeInplace(keyLength);
744 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]745 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]746 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]747 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
748 if (status != NO_ERROR) {
749 ALOGD("import() could not contact remote: %d\n", status);
750 return -1;
751 }
752 int32_t err = reply.readExceptionCode();
753 int32_t ret = reply.readInt32();
754 if (err < 0) {
755 ALOGD("import() caught exception %d\n", err);
756 return -1;
757 }
758 return ret;
759 }
760
761 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
762 size_t* outLength)
763 {
764 Parcel data, reply;
765 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
766 data.writeString16(name);
767 data.writeInt32(inLength);
768 void* buf = data.writeInplace(inLength);
769 memcpy(buf, in, inLength);
770 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
771 if (status != NO_ERROR) {
772 ALOGD("import() could not contact remote: %d\n", status);
773 return -1;
774 }
775 int32_t err = reply.readExceptionCode();
776 ssize_t len = reply.readInt32();
777 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
778 size_t ulen = (size_t) len;
779 const void* outBuf = reply.readInplace(ulen);
780 *out = (uint8_t*) malloc(ulen);
781 if (*out != NULL) {
782 memcpy((void*) *out, outBuf, ulen);
783 *outLength = ulen;
784 } else {
785 ALOGE("out of memory allocating output array in sign");
786 *outLength = 0;
787 }
788 } else {
789 *outLength = 0;
790 }
791 if (err < 0) {
792 ALOGD("import() caught exception %d\n", err);
793 return -1;
794 }
795 return 0;
796 }
797
798 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
799 const uint8_t* signature, size_t signatureLength)
800 {
801 Parcel data, reply;
802 void* buf;
803
804 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
805 data.writeString16(name);
806 data.writeInt32(inLength);
807 buf = data.writeInplace(inLength);
808 memcpy(buf, in, inLength);
809 data.writeInt32(signatureLength);
810 buf = data.writeInplace(signatureLength);
811 memcpy(buf, signature, signatureLength);
812 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
813 if (status != NO_ERROR) {
814 ALOGD("verify() could not contact remote: %d\n", status);
815 return -1;
816 }
817 int32_t err = reply.readExceptionCode();
818 int32_t ret = reply.readInt32();
819 if (err < 0) {
820 ALOGD("verify() caught exception %d\n", err);
821 return -1;
822 }
823 return ret;
824 }
825
826 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
827 {
828 Parcel data, reply;
829 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
830 data.writeString16(name);
831 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
832 if (status != NO_ERROR) {
833 ALOGD("get_pubkey() could not contact remote: %d\n", status);
834 return -1;
835 }
836 int32_t err = reply.readExceptionCode();
837 ssize_t len = reply.readInt32();
838 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
839 size_t ulen = (size_t) len;
840 const void* buf = reply.readInplace(ulen);
841 *pubkey = (uint8_t*) malloc(ulen);
842 if (*pubkey != NULL) {
843 memcpy(*pubkey, buf, ulen);
844 *pubkeyLength = ulen;
845 } else {
846 ALOGE("out of memory allocating output array in get_pubkey");
847 *pubkeyLength = 0;
848 }
849 } else {
850 *pubkeyLength = 0;
851 }
852 if (err < 0) {
853 ALOGD("get_pubkey() caught exception %d\n", err);
854 return -1;
855 }
856 return 0;
857 }
858
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]859 virtual int32_t grant(const String16& name, int32_t granteeUid)
860 {
861 Parcel data, reply;
862 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
863 data.writeString16(name);
864 data.writeInt32(granteeUid);
865 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
866 if (status != NO_ERROR) {
867 ALOGD("grant() could not contact remote: %d\n", status);
868 return -1;
869 }
870 int32_t err = reply.readExceptionCode();
871 int32_t ret = reply.readInt32();
872 if (err < 0) {
873 ALOGD("grant() caught exception %d\n", err);
874 return -1;
875 }
876 return ret;
877 }
878
879 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
880 {
881 Parcel data, reply;
882 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
883 data.writeString16(name);
884 data.writeInt32(granteeUid);
885 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
886 if (status != NO_ERROR) {
887 ALOGD("ungrant() could not contact remote: %d\n", status);
888 return -1;
889 }
890 int32_t err = reply.readExceptionCode();
891 int32_t ret = reply.readInt32();
892 if (err < 0) {
893 ALOGD("ungrant() caught exception %d\n", err);
894 return -1;
895 }
896 return ret;
897 }
898
899 int64_t getmtime(const String16& name)
900 {
901 Parcel data, reply;
902 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
903 data.writeString16(name);
904 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
905 if (status != NO_ERROR) {
906 ALOGD("getmtime() could not contact remote: %d\n", status);
907 return -1;
908 }
909 int32_t err = reply.readExceptionCode();
910 int64_t ret = reply.readInt64();
911 if (err < 0) {
912 ALOGD("getmtime() caught exception %d\n", err);
913 return -1;
914 }
915 return ret;
916 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]917
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]918 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
919 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]920 {
921 Parcel data, reply;
922 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]923 data.writeString16(srcKey);
924 data.writeInt32(srcUid);
925 data.writeString16(destKey);
926 data.writeInt32(destUid);
927 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]928 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]929 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]930 return -1;
931 }
932 int32_t err = reply.readExceptionCode();
933 int32_t ret = reply.readInt32();
934 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]935 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]936 return -1;
937 }
938 return ret;
939 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]940
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]941 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]942 {
943 Parcel data, reply;
944 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]945 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]946 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
947 if (status != NO_ERROR) {
948 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
949 return -1;
950 }
951 int32_t err = reply.readExceptionCode();
952 int32_t ret = reply.readInt32();
953 if (err < 0) {
954 ALOGD("is_hardware_backed() caught exception %d\n", err);
955 return -1;
956 }
957 return ret;
958 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]959
960 virtual int32_t clear_uid(int64_t uid)
961 {
962 Parcel data, reply;
963 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
964 data.writeInt64(uid);
965 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
966 if (status != NO_ERROR) {
967 ALOGD("clear_uid() could not contact remote: %d\n", status);
968 return -1;
969 }
970 int32_t err = reply.readExceptionCode();
971 int32_t ret = reply.readInt32();
972 if (err < 0) {
973 ALOGD("clear_uid() caught exception %d\n", err);
974 return -1;
975 }
976 return ret;
977 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]978
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]979 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
980 {
981 Parcel data, reply;
982 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]983 data.writeByteArray(bufLength, buf);
984 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
985 if (status != NO_ERROR) {
986 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
987 return -1;
988 }
989 int32_t err = reply.readExceptionCode();
990 int32_t ret = reply.readInt32();
991 if (err < 0) {
992 ALOGD("addRngEntropy() caught exception %d\n", err);
993 return -1;
994 }
995 return ret;
996 };
997
998 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]999 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
1000 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1001 {
1002 Parcel data, reply;
1003 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1004 data.writeString16(name);
1005 data.writeInt32(1);
1006 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1007 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1008 data.writeInt32(uid);
1009 data.writeInt32(flags);
1010 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
1011 if (status != NO_ERROR) {
1012 ALOGD("generateKey() could not contact remote: %d\n", status);
1013 return KM_ERROR_UNKNOWN_ERROR;
1014 }
1015 int32_t err = reply.readExceptionCode();
1016 int32_t ret = reply.readInt32();
1017 if (err < 0) {
1018 ALOGD("generateKey() caught exception %d\n", err);
1019 return KM_ERROR_UNKNOWN_ERROR;
1020 }
1021 if (reply.readInt32() != 0 && outCharacteristics) {
1022 outCharacteristics->readFromParcel(reply);
1023 }
1024 return ret;
1025 }
1026 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1027 const keymaster_blob_t* clientId,
1028 const keymaster_blob_t* appData,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1029 KeyCharacteristics* outCharacteristics)
1030 {
1031 Parcel data, reply;
1032 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1033 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1034 if (clientId) {
1035 data.writeByteArray(clientId->data_length, clientId->data);
1036 } else {
1037 data.writeInt32(-1);
1038 }
1039 if (appData) {
1040 data.writeByteArray(appData->data_length, appData->data);
1041 } else {
1042 data.writeInt32(-1);
1043 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1044 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1045 data, &reply);
1046 if (status != NO_ERROR) {
1047 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1048 return KM_ERROR_UNKNOWN_ERROR;
1049 }
1050 int32_t err = reply.readExceptionCode();
1051 int32_t ret = reply.readInt32();
1052 if (err < 0) {
1053 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1054 return KM_ERROR_UNKNOWN_ERROR;
1055 }
1056 if (reply.readInt32() != 0 && outCharacteristics) {
1057 outCharacteristics->readFromParcel(reply);
1058 }
1059 return ret;
1060 }
1061 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1062 keymaster_key_format_t format, const uint8_t *keyData,
1063 size_t keyLength, int uid, int flags,
1064 KeyCharacteristics* outCharacteristics)
1065 {
1066 Parcel data, reply;
1067 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1068 data.writeString16(name);
1069 data.writeInt32(1);
1070 params.writeToParcel(&data);
1071 data.writeInt32(format);
1072 data.writeByteArray(keyLength, keyData);
1073 data.writeInt32(uid);
1074 data.writeInt32(flags);
1075 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1076 if (status != NO_ERROR) {
1077 ALOGD("importKey() could not contact remote: %d\n", status);
1078 return KM_ERROR_UNKNOWN_ERROR;
1079 }
1080 int32_t err = reply.readExceptionCode();
1081 int32_t ret = reply.readInt32();
1082 if (err < 0) {
1083 ALOGD("importKey() caught exception %d\n", err);
1084 return KM_ERROR_UNKNOWN_ERROR;
1085 }
1086 if (reply.readInt32() != 0 && outCharacteristics) {
1087 outCharacteristics->readFromParcel(reply);
1088 }
1089 return ret;
1090 }
1091
1092 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1093 const keymaster_blob_t* clientId,
1094 const keymaster_blob_t* appData, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1095 {
1096 if (!result) {
1097 return;
1098 }
1099
1100 Parcel data, reply;
1101 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1102 data.writeString16(name);
1103 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1104 if (clientId) {
1105 data.writeByteArray(clientId->data_length, clientId->data);
1106 } else {
1107 data.writeInt32(-1);
1108 }
1109 if (appData) {
1110 data.writeByteArray(appData->data_length, appData->data);
1111 } else {
1112 data.writeInt32(-1);
1113 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1114 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1115 if (status != NO_ERROR) {
1116 ALOGD("exportKey() could not contact remote: %d\n", status);
1117 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1118 return;
1119 }
1120 int32_t err = reply.readExceptionCode();
1121 if (err < 0) {
1122 ALOGD("exportKey() caught exception %d\n", err);
1123 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1124 return;
1125 }
1126 if (reply.readInt32() != 0) {
1127 result->readFromParcel(reply);
1128 }
1129 }
1130
1131 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1132 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1133 const KeymasterArguments& params, const uint8_t* entropy,
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1134 size_t entropyLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1135 {
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1136 if (!result) {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1137 return;
1138 }
1139 Parcel data, reply;
1140 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1141 data.writeStrongBinder(appToken);
1142 data.writeString16(name);
1143 data.writeInt32(purpose);
1144 data.writeInt32(pruneable ? 1 : 0);
1145 data.writeInt32(1);
1146 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1147 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1148 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1149 if (status != NO_ERROR) {
1150 ALOGD("begin() could not contact remote: %d\n", status);
1151 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1152 return;
1153 }
1154 int32_t err = reply.readExceptionCode();
1155 if (err < 0) {
1156 ALOGD("begin() caught exception %d\n", err);
1157 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1158 return;
1159 }
1160 if (reply.readInt32() != 0) {
1161 result->readFromParcel(reply);
1162 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1163 }
1164
1165 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1166 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1167 {
1168 if (!result) {
1169 return;
1170 }
1171 Parcel data, reply;
1172 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1173 data.writeStrongBinder(token);
1174 data.writeInt32(1);
1175 params.writeToParcel(&data);
1176 data.writeByteArray(dataLength, opData);
1177 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1178 if (status != NO_ERROR) {
1179 ALOGD("update() could not contact remote: %d\n", status);
1180 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1181 return;
1182 }
1183 int32_t err = reply.readExceptionCode();
1184 if (err < 0) {
1185 ALOGD("update() caught exception %d\n", err);
1186 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1187 return;
1188 }
1189 if (reply.readInt32() != 0) {
1190 result->readFromParcel(reply);
1191 }
1192 }
1193
1194 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1195 const uint8_t* signature, size_t signatureLength,
1196 const uint8_t* entropy, size_t entropyLength,
1197 OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1198 {
1199 if (!result) {
1200 return;
1201 }
1202 Parcel data, reply;
1203 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1204 data.writeStrongBinder(token);
1205 data.writeInt32(1);
1206 params.writeToParcel(&data);
1207 data.writeByteArray(signatureLength, signature);
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1208 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1209 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1210 if (status != NO_ERROR) {
1211 ALOGD("finish() could not contact remote: %d\n", status);
1212 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1213 return;
1214 }
1215 int32_t err = reply.readExceptionCode();
1216 if (err < 0) {
1217 ALOGD("finish() caught exception %d\n", err);
1218 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1219 return;
1220 }
1221 if (reply.readInt32() != 0) {
1222 result->readFromParcel(reply);
1223 }
1224 }
1225
1226 virtual int32_t abort(const sp<IBinder>& token)
1227 {
1228 Parcel data, reply;
1229 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1230 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1231 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1232 if (status != NO_ERROR) {
1233 ALOGD("abort() could not contact remote: %d\n", status);
1234 return KM_ERROR_UNKNOWN_ERROR;
1235 }
1236 int32_t err = reply.readExceptionCode();
1237 int32_t ret = reply.readInt32();
1238 if (err < 0) {
1239 ALOGD("abort() caught exception %d\n", err);
1240 return KM_ERROR_UNKNOWN_ERROR;
1241 }
1242 return ret;
1243 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1244
1245 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1246 {
1247 Parcel data, reply;
1248 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1249 data.writeStrongBinder(token);
1250 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1251 &reply);
1252 if (status != NO_ERROR) {
1253 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1254 return false;
1255 }
1256 int32_t err = reply.readExceptionCode();
1257 int32_t ret = reply.readInt32();
1258 if (err < 0) {
1259 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1260 return false;
1261 }
1262 return ret == 1;
1263 }
1264
1265 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1266 {
1267 Parcel data, reply;
1268 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1269 data.writeByteArray(length, token);
1270 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1271 if (status != NO_ERROR) {
1272 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1273 return -1;
1274 }
1275 int32_t err = reply.readExceptionCode();
1276 int32_t ret = reply.readInt32();
1277 if (err < 0) {
1278 ALOGD("addAuthToken() caught exception %d\n", err);
1279 return -1;
1280 }
1281 return ret;
1282 };
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1283
1284 virtual int32_t onUserAdded(int32_t userId, int32_t parentId)
1285 {
1286 Parcel data, reply;
1287 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1288 data.writeInt32(userId);
1289 data.writeInt32(parentId);
1290 status_t status = remote()->transact(BnKeystoreService::ON_USER_ADDED, data, &reply);
1291 if (status != NO_ERROR) {
1292 ALOGD("onUserAdded() could not contact remote: %d\n", status);
1293 return -1;
1294 }
1295 int32_t err = reply.readExceptionCode();
1296 int32_t ret = reply.readInt32();
1297 if (err < 0) {
1298 ALOGD("onUserAdded() caught exception %d\n", err);
1299 return -1;
1300 }
1301 return ret;
1302 }
1303
1304 virtual int32_t onUserRemoved(int32_t userId)
1305 {
1306 Parcel data, reply;
1307 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1308 data.writeInt32(userId);
1309 status_t status = remote()->transact(BnKeystoreService::ON_USER_REMOVED, data, &reply);
1310 if (status != NO_ERROR) {
1311 ALOGD("onUserRemoved() could not contact remote: %d\n", status);
1312 return -1;
1313 }
1314 int32_t err = reply.readExceptionCode();
1315 int32_t ret = reply.readInt32();
1316 if (err < 0) {
1317 ALOGD("onUserRemoved() caught exception %d\n", err);
1318 return -1;
1319 }
1320 return ret;
1321 }
1322
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]1323 virtual int32_t attestKey(const String16& name, const KeymasterArguments& params,
1324 KeymasterCertificateChain* outChain) {
1325 if (!outChain)
1326 return KM_ERROR_OUTPUT_PARAMETER_NULL;
1327
1328 Parcel data, reply;
1329 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1330 data.writeString16(name);
1331 data.writeInt32(1); // params is not NULL.
1332 params.writeToParcel(&data);
1333
1334 status_t status = remote()->transact(BnKeystoreService::ATTEST_KEY, data, &reply);
1335 if (status != NO_ERROR) {
1336 ALOGD("attestkey() count not contact remote: %d\n", status);
1337 return KM_ERROR_UNKNOWN_ERROR;
1338 }
1339 int32_t err = reply.readExceptionCode();
1340 int32_t ret = reply.readInt32();
1341 if (err < 0) {
1342 ALOGD("attestKey() caught exception %d\n", err);
1343 return KM_ERROR_UNKNOWN_ERROR;
1344 }
1345 if (reply.readInt32() != 0) {
1346 outChain->readFromParcel(reply);
1347 }
1348 return ret;
1349 }
1350
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1351};
1352
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1353IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1354
1355// ----------------------------------------------------------------------
1356
1357status_t BnKeystoreService::onTransact(
1358 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1359{
1360 switch(code) {
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1361 case GET_STATE: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1362 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1363 int32_t userId = data.readInt32();
1364 int32_t ret = getState(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1365 reply->writeNoException();
1366 reply->writeInt32(ret);
1367 return NO_ERROR;
1368 } break;
1369 case GET: {
1370 CHECK_INTERFACE(IKeystoreService, data, reply);
1371 String16 name = data.readString16();
1372 void* out = NULL;
1373 size_t outSize = 0;
1374 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1375 reply->writeNoException();
1376 if (ret == 1) {
1377 reply->writeInt32(outSize);
1378 void* buf = reply->writeInplace(outSize);
1379 memcpy(buf, out, outSize);
1380 free(out);
1381 } else {
1382 reply->writeInt32(-1);
1383 }
1384 return NO_ERROR;
1385 } break;
1386 case INSERT: {
1387 CHECK_INTERFACE(IKeystoreService, data, reply);
1388 String16 name = data.readString16();
1389 ssize_t inSize = data.readInt32();
1390 const void* in;
1391 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1392 in = data.readInplace(inSize);
1393 } else {
1394 in = NULL;
1395 inSize = 0;
1396 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1397 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1398 int32_t flags = data.readInt32();
1399 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1400 reply->writeNoException();
1401 reply->writeInt32(ret);
1402 return NO_ERROR;
1403 } break;
1404 case DEL: {
1405 CHECK_INTERFACE(IKeystoreService, data, reply);
1406 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1407 int uid = data.readInt32();
1408 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1409 reply->writeNoException();
1410 reply->writeInt32(ret);
1411 return NO_ERROR;
1412 } break;
1413 case EXIST: {
1414 CHECK_INTERFACE(IKeystoreService, data, reply);
1415 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1416 int uid = data.readInt32();
1417 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1418 reply->writeNoException();
1419 reply->writeInt32(ret);
1420 return NO_ERROR;
1421 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1422 case LIST: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1423 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1424 String16 prefix = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1425 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1426 Vector<String16> matches;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1427 int32_t ret = list(prefix, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1428 reply->writeNoException();
1429 reply->writeInt32(matches.size());
1430 Vector<String16>::const_iterator it = matches.begin();
1431 for (; it != matches.end(); ++it) {
1432 reply->writeString16(*it);
1433 }
1434 reply->writeInt32(ret);
1435 return NO_ERROR;
1436 } break;
1437 case RESET: {
1438 CHECK_INTERFACE(IKeystoreService, data, reply);
1439 int32_t ret = reset();
1440 reply->writeNoException();
1441 reply->writeInt32(ret);
1442 return NO_ERROR;
1443 } break;
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1444 case ON_USER_PASSWORD_CHANGED: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1445 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1446 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1447 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1448 int32_t ret = onUserPasswordChanged(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1449 reply->writeNoException();
1450 reply->writeInt32(ret);
1451 return NO_ERROR;
1452 } break;
1453 case LOCK: {
1454 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1455 int32_t userId = data.readInt32();
1456 int32_t ret = lock(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1457 reply->writeNoException();
1458 reply->writeInt32(ret);
1459 return NO_ERROR;
1460 } break;
1461 case UNLOCK: {
1462 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1463 int32_t userId = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1464 String16 pass = data.readString16();
Chad Brubaker96d6d782015-05-07 10:19:40 -0700[diff] [blame]1465 int32_t ret = unlock(userId, pass);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1466 reply->writeNoException();
1467 reply->writeInt32(ret);
1468 return NO_ERROR;
1469 } break;
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1470 case IS_EMPTY: {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1471 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1472 int32_t userId = data.readInt32();
1473 bool ret = isEmpty(userId);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1474 reply->writeNoException();
Chad Brubakere6c3bfa2015-05-12 15:18:26 -0700[diff] [blame]1475 reply->writeInt32(ret ? 1 : 0);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1476 return NO_ERROR;
1477 } break;
1478 case GENERATE: {
1479 CHECK_INTERFACE(IKeystoreService, data, reply);
1480 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1481 int32_t uid = data.readInt32();
1482 int32_t keyType = data.readInt32();
1483 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1484 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1485 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1486 int32_t argsPresent = data.readInt32();
1487 if (argsPresent == 1) {
1488 ssize_t numArgs = data.readInt32();
Chad Brubakered4f5662015-01-14 19:22:09 -0800[diff] [blame]1489 if (numArgs > MAX_GENERATE_ARGS) {
1490 return BAD_VALUE;
1491 }
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1492 if (numArgs > 0) {
1493 for (size_t i = 0; i < (size_t) numArgs; i++) {
1494 ssize_t inSize = data.readInt32();
1495 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1496 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1497 inSize);
1498 args.push_back(arg);
1499 } else {
1500 args.push_back(NULL);
1501 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1502 }
1503 }
1504 }
1505 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1506 reply->writeNoException();
1507 reply->writeInt32(ret);
1508 return NO_ERROR;
1509 } break;
1510 case IMPORT: {
1511 CHECK_INTERFACE(IKeystoreService, data, reply);
1512 String16 name = data.readString16();
1513 ssize_t inSize = data.readInt32();
1514 const void* in;
1515 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1516 in = data.readInplace(inSize);
1517 } else {
1518 in = NULL;
1519 inSize = 0;
1520 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1521 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1522 int32_t flags = data.readInt32();
1523 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1524 reply->writeNoException();
1525 reply->writeInt32(ret);
1526 return NO_ERROR;
1527 } break;
1528 case SIGN: {
1529 CHECK_INTERFACE(IKeystoreService, data, reply);
1530 String16 name = data.readString16();
1531 ssize_t inSize = data.readInt32();
1532 const void* in;
1533 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1534 in = data.readInplace(inSize);
1535 } else {
1536 in = NULL;
1537 inSize = 0;
1538 }
1539 void* out = NULL;
1540 size_t outSize = 0;
1541 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1542 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1543 if (outSize > 0 && out != NULL) {
1544 reply->writeInt32(outSize);
1545 void* buf = reply->writeInplace(outSize);
1546 memcpy(buf, out, outSize);
Chad Brubaker3a7d9e62015-06-04 15:01:46 -0700[diff] [blame]1547 delete[] reinterpret_cast<uint8_t*>(out);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1548 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1549 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1550 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1551 reply->writeInt32(ret);
1552 return NO_ERROR;
1553 } break;
1554 case VERIFY: {
1555 CHECK_INTERFACE(IKeystoreService, data, reply);
1556 String16 name = data.readString16();
1557 ssize_t inSize = data.readInt32();
1558 const void* in;
1559 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1560 in = data.readInplace(inSize);
1561 } else {
1562 in = NULL;
1563 inSize = 0;
1564 }
1565 ssize_t sigSize = data.readInt32();
1566 const void* sig;
1567 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1568 sig = data.readInplace(sigSize);
1569 } else {
1570 sig = NULL;
1571 sigSize = 0;
1572 }
1573 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1574 (size_t) sigSize);
1575 reply->writeNoException();
1576 reply->writeInt32(ret ? 1 : 0);
1577 return NO_ERROR;
1578 } break;
1579 case GET_PUBKEY: {
1580 CHECK_INTERFACE(IKeystoreService, data, reply);
1581 String16 name = data.readString16();
1582 void* out = NULL;
1583 size_t outSize = 0;
1584 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1585 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1586 if (outSize > 0 && out != NULL) {
1587 reply->writeInt32(outSize);
1588 void* buf = reply->writeInplace(outSize);
1589 memcpy(buf, out, outSize);
1590 free(out);
1591 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1592 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1593 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1594 reply->writeInt32(ret);
1595 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1596 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1597 case GRANT: {
1598 CHECK_INTERFACE(IKeystoreService, data, reply);
1599 String16 name = data.readString16();
1600 int32_t granteeUid = data.readInt32();
1601 int32_t ret = grant(name, granteeUid);
1602 reply->writeNoException();
1603 reply->writeInt32(ret);
1604 return NO_ERROR;
1605 } break;
1606 case UNGRANT: {
1607 CHECK_INTERFACE(IKeystoreService, data, reply);
1608 String16 name = data.readString16();
1609 int32_t granteeUid = data.readInt32();
1610 int32_t ret = ungrant(name, granteeUid);
1611 reply->writeNoException();
1612 reply->writeInt32(ret);
1613 return NO_ERROR;
1614 } break;
1615 case GETMTIME: {
1616 CHECK_INTERFACE(IKeystoreService, data, reply);
1617 String16 name = data.readString16();
1618 int64_t ret = getmtime(name);
1619 reply->writeNoException();
1620 reply->writeInt64(ret);
1621 return NO_ERROR;
1622 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1623 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1624 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1625 String16 srcKey = data.readString16();
1626 int32_t srcUid = data.readInt32();
1627 String16 destKey = data.readString16();
1628 int32_t destUid = data.readInt32();
1629 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1630 reply->writeNoException();
1631 reply->writeInt32(ret);
1632 return NO_ERROR;
1633 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1634 case IS_HARDWARE_BACKED: {
1635 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1636 String16 keyType = data.readString16();
1637 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1638 reply->writeNoException();
1639 reply->writeInt32(ret);
1640 return NO_ERROR;
1641 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1642 case CLEAR_UID: {
1643 CHECK_INTERFACE(IKeystoreService, data, reply);
1644 int64_t uid = data.readInt64();
1645 int32_t ret = clear_uid(uid);
1646 reply->writeNoException();
1647 reply->writeInt32(ret);
1648 return NO_ERROR;
1649 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1650 case ADD_RNG_ENTROPY: {
1651 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1652 const uint8_t* bytes = NULL;
1653 size_t size = 0;
1654 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1655 int32_t ret = addRngEntropy(bytes, size);
1656 reply->writeNoException();
1657 reply->writeInt32(ret);
1658 return NO_ERROR;
1659 }
1660 case GENERATE_KEY: {
1661 CHECK_INTERFACE(IKeystoreService, data, reply);
1662 String16 name = data.readString16();
1663 KeymasterArguments args;
1664 if (data.readInt32() != 0) {
1665 args.readFromParcel(data);
1666 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1667 const uint8_t* entropy = NULL;
1668 size_t entropyLength = 0;
1669 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1670 int32_t uid = data.readInt32();
1671 int32_t flags = data.readInt32();
1672 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1673 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1674 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1675 reply->writeNoException();
1676 reply->writeInt32(ret);
1677 reply->writeInt32(1);
1678 outCharacteristics.writeToParcel(reply);
1679 return NO_ERROR;
1680 }
1681 case GET_KEY_CHARACTERISTICS: {
1682 CHECK_INTERFACE(IKeystoreService, data, reply);
1683 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1684 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1685 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1686 KeyCharacteristics outCharacteristics;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1687 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(),
1688 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1689 reply->writeNoException();
1690 reply->writeInt32(ret);
1691 reply->writeInt32(1);
1692 outCharacteristics.writeToParcel(reply);
1693 return NO_ERROR;
1694 }
1695 case IMPORT_KEY: {
1696 CHECK_INTERFACE(IKeystoreService, data, reply);
1697 String16 name = data.readString16();
1698 KeymasterArguments args;
1699 if (data.readInt32() != 0) {
1700 args.readFromParcel(data);
1701 }
1702 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1703 const uint8_t* keyData = NULL;
1704 size_t keyLength = 0;
1705 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1706 int32_t uid = data.readInt32();
1707 int32_t flags = data.readInt32();
1708 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1709 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1710 &outCharacteristics);
1711 reply->writeNoException();
1712 reply->writeInt32(ret);
1713 reply->writeInt32(1);
1714 outCharacteristics.writeToParcel(reply);
1715
1716 return NO_ERROR;
1717 }
1718 case EXPORT_KEY: {
1719 CHECK_INTERFACE(IKeystoreService, data, reply);
1720 String16 name = data.readString16();
1721 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1722 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1723 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1724 ExportResult result;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1725 exportKey(name, format, clientId.get(), appData.get(), &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1726 reply->writeNoException();
1727 reply->writeInt32(1);
1728 result.writeToParcel(reply);
1729
1730 return NO_ERROR;
1731 }
1732 case BEGIN: {
1733 CHECK_INTERFACE(IKeystoreService, data, reply);
1734 sp<IBinder> token = data.readStrongBinder();
1735 String16 name = data.readString16();
1736 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1737 bool pruneable = data.readInt32() != 0;
1738 KeymasterArguments args;
1739 if (data.readInt32() != 0) {
1740 args.readFromParcel(data);
1741 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1742 const uint8_t* entropy = NULL;
1743 size_t entropyLength = 0;
1744 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1745 OperationResult result;
Chad Brubaker57e106d2015-06-01 12:59:00 -0700[diff] [blame]1746 begin(token, name, purpose, pruneable, args, entropy, entropyLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1747 reply->writeNoException();
1748 reply->writeInt32(1);
1749 result.writeToParcel(reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1750
1751 return NO_ERROR;
1752 }
1753 case UPDATE: {
1754 CHECK_INTERFACE(IKeystoreService, data, reply);
1755 sp<IBinder> token = data.readStrongBinder();
1756 KeymasterArguments args;
1757 if (data.readInt32() != 0) {
1758 args.readFromParcel(data);
1759 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1760 const uint8_t* buf = NULL;
1761 size_t bufLength = 0;
1762 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1763 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1764 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1765 reply->writeNoException();
1766 reply->writeInt32(1);
1767 result.writeToParcel(reply);
1768
1769 return NO_ERROR;
1770 }
1771 case FINISH: {
1772 CHECK_INTERFACE(IKeystoreService, data, reply);
1773 sp<IBinder> token = data.readStrongBinder();
1774 KeymasterArguments args;
1775 if (data.readInt32() != 0) {
1776 args.readFromParcel(data);
1777 }
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1778 const uint8_t* signature = NULL;
1779 size_t signatureLength = 0;
1780 readByteArray(data, &signature, &signatureLength);
1781 const uint8_t* entropy = NULL;
1782 size_t entropyLength = 0;
1783 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1784 OperationResult result;
Chad Brubaker0d33e0b2015-05-29 12:30:19 -0700[diff] [blame]1785 finish(token, args, signature, signatureLength, entropy, entropyLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1786 reply->writeNoException();
1787 reply->writeInt32(1);
1788 result.writeToParcel(reply);
1789
1790 return NO_ERROR;
1791 }
1792 case ABORT: {
1793 CHECK_INTERFACE(IKeystoreService, data, reply);
1794 sp<IBinder> token = data.readStrongBinder();
1795 int32_t result = abort(token);
1796 reply->writeNoException();
1797 reply->writeInt32(result);
1798
1799 return NO_ERROR;
1800 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1801 case IS_OPERATION_AUTHORIZED: {
1802 CHECK_INTERFACE(IKeystoreService, data, reply);
1803 sp<IBinder> token = data.readStrongBinder();
1804 bool result = isOperationAuthorized(token);
1805 reply->writeNoException();
1806 reply->writeInt32(result ? 1 : 0);
1807
1808 return NO_ERROR;
1809 }
1810 case ADD_AUTH_TOKEN: {
1811 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1812 const uint8_t* token_bytes = NULL;
1813 size_t size = 0;
1814 readByteArray(data, &token_bytes, &size);
1815 int32_t result = addAuthToken(token_bytes, size);
1816 reply->writeNoException();
1817 reply->writeInt32(result);
1818
1819 return NO_ERROR;
1820 }
Chad Brubakerc0f031a2015-05-12 10:43:10 -0700[diff] [blame]1821 case ON_USER_ADDED: {
1822 CHECK_INTERFACE(IKeystoreService, data, reply);
1823 int32_t userId = data.readInt32();
1824 int32_t parentId = data.readInt32();
1825 int32_t result = onUserAdded(userId, parentId);
1826 reply->writeNoException();
1827 reply->writeInt32(result);
1828
1829 return NO_ERROR;
1830 }
1831 case ON_USER_REMOVED: {
1832 CHECK_INTERFACE(IKeystoreService, data, reply);
1833 int32_t userId = data.readInt32();
1834 int32_t result = onUserRemoved(userId);
1835 reply->writeNoException();
1836 reply->writeInt32(result);
1837
1838 return NO_ERROR;
1839 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1840 default:
1841 return BBinder::onTransact(code, data, reply, flags);
1842 }
1843}
1844
1845// ----------------------------------------------------------------------------
1846
1847}; // namespace android