Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / d7d51a60e389c250b717227fee5b97350c92426d / . / keystore / IKeystoreService.cpp
blob: b4e35abd16e756b227fa494d4f4b797769309e04 [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubakerc5b1ae12015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Chad Brubakerc5b1ae12015-02-03 13:03:00 -0800[diff] [blame]33static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
34
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]35KeystoreArg::KeystoreArg(const void* data, size_t len)
36 : mData(data), mSize(len) {
37}
38
39KeystoreArg::~KeystoreArg() {
40}
41
42const void *KeystoreArg::data() const {
43 return mData;
44}
45
46size_t KeystoreArg::size() const {
47 return mSize;
48}
49
Chad Brubakerc5b1ae12015-02-03 13:03:00 -0800[diff] [blame]50OperationResult::OperationResult() : resultCode(0), token(), inputConsumed(0),
51 data(NULL), dataLength(0) {
52}
53
54OperationResult::~OperationResult() {
55}
56
57void OperationResult::readFromParcel(const Parcel& in) {
58 resultCode = in.readInt32();
59 token = in.readStrongBinder();
60 inputConsumed = in.readInt32();
61 ssize_t length = in.readInt32();
62 dataLength = 0;
63 if (length > 0) {
64 const void* buf = in.readInplace(length);
65 if (buf) {
66 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
67 if (data.get()) {
68 memcpy(data.get(), buf, length);
69 dataLength = (size_t) length;
70 } else {
71 ALOGE("Failed to allocate OperationResult buffer");
72 }
73 } else {
74 ALOGE("Failed to readInplace OperationResult data");
75 }
76 }
77}
78
79void OperationResult::writeToParcel(Parcel* out) const {
80 out->writeInt32(resultCode);
81 out->writeStrongBinder(token);
82 out->writeInt32(inputConsumed);
83 out->writeInt32(dataLength);
84 if (dataLength && data) {
85 void* buf = out->writeInplace(dataLength);
86 if (buf) {
87 memcpy(buf, data.get(), dataLength);
88 } else {
89 ALOGE("Failed to writeInplace OperationResult data.");
90 }
91 }
92}
93
94ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
95}
96
97ExportResult::~ExportResult() {
98}
99
100void ExportResult::readFromParcel(const Parcel& in) {
101 resultCode = in.readInt32();
102 ssize_t length = in.readInt32();
103 dataLength = 0;
104 if (length > 0) {
105 const void* buf = in.readInplace(length);
106 if (buf) {
107 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
108 if (exportData.get()) {
109 memcpy(exportData.get(), buf, length);
110 dataLength = (size_t) length;
111 } else {
112 ALOGE("Failed to allocate ExportData buffer");
113 }
114 } else {
115 ALOGE("Failed to readInplace ExportData data");
116 }
117 }
118}
119
120void ExportResult::writeToParcel(Parcel* out) const {
121 out->writeInt32(resultCode);
122 out->writeInt32(dataLength);
123 if (exportData && dataLength) {
124 void* buf = out->writeInplace(dataLength);
125 if (buf) {
126 memcpy(buf, exportData.get(), dataLength);
127 } else {
128 ALOGE("Failed to writeInplace ExportResult data.");
129 }
130 }
131}
132
133KeymasterArguments::KeymasterArguments() {
134}
135
136KeymasterArguments::~KeymasterArguments() {
137 keymaster_free_param_values(params.data(), params.size());
138}
139
140void KeymasterArguments::readFromParcel(const Parcel& in) {
141 ssize_t length = in.readInt32();
142 size_t ulength = (size_t) length;
143 if (length < 0) {
144 ulength = 0;
145 }
146 keymaster_free_param_values(params.data(), params.size());
147 params.clear();
148 for(size_t i = 0; i < ulength; i++) {
149 keymaster_key_param_t param;
150 if (!readKeymasterArgumentFromParcel(in, &param)) {
151 ALOGE("Error reading keymaster argument from parcel");
152 break;
153 }
154 params.push_back(param);
155 }
156}
157
158void KeymasterArguments::writeToParcel(Parcel* out) const {
159 out->writeInt32(params.size());
160 for (auto param : params) {
161 out->writeInt32(1);
162 writeKeymasterArgumentToParcel(param, out);
163 }
164}
165
166KeyCharacteristics::KeyCharacteristics() {
167 memset((void*) &characteristics, 0, sizeof(characteristics));
168}
169
170KeyCharacteristics::~KeyCharacteristics() {
171 keymaster_free_characteristics(&characteristics);
172}
173
174void KeyCharacteristics::readFromParcel(const Parcel& in) {
175 size_t length;
176 keymaster_key_param_t* params = readParamList(in, &length);
177 characteristics.sw_enforced.params = params;
178 characteristics.sw_enforced.length = length;
179
180 params = readParamList(in, &length);
181 characteristics.hw_enforced.params = params;
182 characteristics.hw_enforced.length = length;
183}
184
185void KeyCharacteristics::writeToParcel(Parcel* out) const {
186 if (characteristics.sw_enforced.params) {
187 out->writeInt32(characteristics.sw_enforced.length);
188 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
189 out->writeInt32(1);
190 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
191 }
192 } else {
193 out->writeInt32(0);
194 }
195 if (characteristics.hw_enforced.params) {
196 out->writeInt32(characteristics.hw_enforced.length);
197 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
198 out->writeInt32(1);
199 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
200 }
201 } else {
202 out->writeInt32(0);
203 }
204}
205
206void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
207 switch (keymaster_tag_get_type(param.tag)) {
208 case KM_ENUM:
209 case KM_ENUM_REP: {
210 out->writeInt32(param.tag);
211 out->writeInt32(param.enumerated);
212 break;
213 }
214 case KM_INT:
215 case KM_INT_REP: {
216 out->writeInt32(param.tag);
217 out->writeInt32(param.integer);
218 break;
219 }
220 case KM_LONG: {
221 out->writeInt32(param.tag);
222 out->writeInt64(param.long_integer);
223 break;
224 }
225 case KM_DATE: {
226 out->writeInt32(param.tag);
227 out->writeInt64(param.date_time);
228 break;
229 }
230 case KM_BOOL: {
231 out->writeInt32(param.tag);
232 break;
233 }
234 case KM_BIGNUM:
235 case KM_BYTES: {
236 out->writeInt32(param.tag);
237 out->writeInt32(param.blob.data_length);
238 void* buf = out->writeInplace(param.blob.data_length);
239 if (buf) {
240 memcpy(buf, param.blob.data, param.blob.data_length);
241 } else {
242 ALOGE("Failed to writeInplace keymaster blob param");
243 }
244 break;
245 }
246 default: {
247 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
248 }
249 }
250}
251
252
253bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
254 if (in.readInt32() == 0) {
255 return false;
256 }
257 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
258 switch (keymaster_tag_get_type(tag)) {
259 case KM_ENUM:
260 case KM_ENUM_REP: {
261 uint32_t value = in.readInt32();
262 *out = keymaster_param_enum(tag, value);
263 break;
264 }
265 case KM_INT:
266 case KM_INT_REP: {
267 uint32_t value = in.readInt32();
268 *out = keymaster_param_int(tag, value);
269 break;
270 }
271 case KM_LONG: {
272 uint64_t value = in.readInt64();
273 *out = keymaster_param_long(tag, value);
274 break;
275 }
276 case KM_DATE: {
277 uint64_t value = in.readInt64();
278 *out = keymaster_param_date(tag, value);
279 break;
280 }
281 case KM_BOOL: {
282 *out = keymaster_param_bool(tag);
283 break;
284 }
285 case KM_BIGNUM:
286 case KM_BYTES: {
287 ssize_t length = in.readInt32();
288 uint8_t* data = NULL;
289 size_t ulength = 0;
290 if (length >= 0) {
291 ulength = (size_t) length;
292 // use malloc here so we can use keymaster_free_param_values
293 // consistently.
294 data = reinterpret_cast<uint8_t*>(malloc(ulength));
295 const void* buf = in.readInplace(ulength);
296 if (!buf || !data) {
297 ALOGE("Failed to allocate buffer for keymaster blob param");
298 return false;
299 }
300 memcpy(data, buf, ulength);
301 }
302 *out = keymaster_param_blob(tag, data, ulength);
303 break;
304 }
305 default: {
306 ALOGE("Unsupported keymaster_tag_t %d", tag);
307 return false;
308 }
309 }
310 return true;
311}
312
313// Read a keymaster_key_param_t* from a Parcel for use in a
314// keymaster_key_characteristics_t. This will be free'd by calling
315// keymaster_free_key_characteristics.
316static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
317 ssize_t slength = in.readInt32();
318 if (slength < 0) {
319 return NULL;
320 }
321 *length = (size_t) slength;
322 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
323 return NULL;
324 }
325 keymaster_key_param_t* list =
326 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
327 sizeof(keymaster_key_param_t)));
328 if (!list) {
329 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
330 goto err;
331 }
332 for (size_t i = 0; i < *length ; i++) {
333 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
334 ALOGE("Failed to read keymaster argument");
335 keymaster_free_param_values(list, i);
336 goto err;
337 }
338 }
339 return list;
340err:
341 free(list);
342 return NULL;
343}
344
345static void readKeymasterBlob(const Parcel& in, keymaster_blob_t* blob) {
346 ssize_t length = in.readInt32();
347 if (length > 0) {
348 blob->data = (uint8_t*) in.readInplace(length);
349 if (blob->data) {
350 blob->data_length = (size_t) length;
351 } else {
352 blob->data_length = 0;
353 }
354 } else {
355 blob->data = NULL;
356 blob->data_length = 0;
357 }
358}
359
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]360class BpKeystoreService: public BpInterface<IKeystoreService>
361{
362public:
363 BpKeystoreService(const sp<IBinder>& impl)
364 : BpInterface<IKeystoreService>(impl)
365 {
366 }
367
368 // test ping
369 virtual int32_t test()
370 {
371 Parcel data, reply;
372 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
373 status_t status = remote()->transact(BnKeystoreService::TEST, data, &reply);
374 if (status != NO_ERROR) {
375 ALOGD("test() could not contact remote: %d\n", status);
376 return -1;
377 }
378 int32_t err = reply.readExceptionCode();
379 int32_t ret = reply.readInt32();
380 if (err < 0) {
381 ALOGD("test() caught exception %d\n", err);
382 return -1;
383 }
384 return ret;
385 }
386
387 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
388 {
389 Parcel data, reply;
390 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
391 data.writeString16(name);
392 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
393 if (status != NO_ERROR) {
394 ALOGD("get() could not contact remote: %d\n", status);
395 return -1;
396 }
397 int32_t err = reply.readExceptionCode();
398 ssize_t len = reply.readInt32();
399 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
400 size_t ulen = (size_t) len;
401 const void* buf = reply.readInplace(ulen);
402 *item = (uint8_t*) malloc(ulen);
403 if (*item != NULL) {
404 memcpy(*item, buf, ulen);
405 *itemLength = ulen;
406 } else {
407 ALOGE("out of memory allocating output array in get");
408 *itemLength = 0;
409 }
410 } else {
411 *itemLength = 0;
412 }
413 if (err < 0) {
414 ALOGD("get() caught exception %d\n", err);
415 return -1;
416 }
417 return 0;
418 }
419
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]420 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
421 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]422 {
423 Parcel data, reply;
424 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
425 data.writeString16(name);
426 data.writeInt32(itemLength);
427 void* buf = data.writeInplace(itemLength);
428 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]429 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]430 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]431 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
432 if (status != NO_ERROR) {
433 ALOGD("import() could not contact remote: %d\n", status);
434 return -1;
435 }
436 int32_t err = reply.readExceptionCode();
437 int32_t ret = reply.readInt32();
438 if (err < 0) {
439 ALOGD("import() caught exception %d\n", err);
440 return -1;
441 }
442 return ret;
443 }
444
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]445 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]446 {
447 Parcel data, reply;
448 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
449 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]450 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]451 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
452 if (status != NO_ERROR) {
453 ALOGD("del() could not contact remote: %d\n", status);
454 return -1;
455 }
456 int32_t err = reply.readExceptionCode();
457 int32_t ret = reply.readInt32();
458 if (err < 0) {
459 ALOGD("del() caught exception %d\n", err);
460 return -1;
461 }
462 return ret;
463 }
464
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]465 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]466 {
467 Parcel data, reply;
468 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
469 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]470 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]471 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
472 if (status != NO_ERROR) {
473 ALOGD("exist() could not contact remote: %d\n", status);
474 return -1;
475 }
476 int32_t err = reply.readExceptionCode();
477 int32_t ret = reply.readInt32();
478 if (err < 0) {
479 ALOGD("exist() caught exception %d\n", err);
480 return -1;
481 }
482 return ret;
483 }
484
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]485 virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]486 {
487 Parcel data, reply;
488 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
489 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]490 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]491 status_t status = remote()->transact(BnKeystoreService::SAW, data, &reply);
492 if (status != NO_ERROR) {
493 ALOGD("saw() could not contact remote: %d\n", status);
494 return -1;
495 }
496 int32_t err = reply.readExceptionCode();
497 int32_t numMatches = reply.readInt32();
498 for (int32_t i = 0; i < numMatches; i++) {
499 matches->push(reply.readString16());
500 }
501 int32_t ret = reply.readInt32();
502 if (err < 0) {
503 ALOGD("saw() caught exception %d\n", err);
504 return -1;
505 }
506 return ret;
507 }
508
509 virtual int32_t reset()
510 {
511 Parcel data, reply;
512 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
513 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
514 if (status != NO_ERROR) {
515 ALOGD("reset() could not contact remote: %d\n", status);
516 return -1;
517 }
518 int32_t err = reply.readExceptionCode();
519 int32_t ret = reply.readInt32();
520 if (err < 0) {
521 ALOGD("reset() caught exception %d\n", err);
522 return -1;
523 }
524 return ret;
525 }
526
527 virtual int32_t password(const String16& password)
528 {
529 Parcel data, reply;
530 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
531 data.writeString16(password);
532 status_t status = remote()->transact(BnKeystoreService::PASSWORD, data, &reply);
533 if (status != NO_ERROR) {
534 ALOGD("password() could not contact remote: %d\n", status);
535 return -1;
536 }
537 int32_t err = reply.readExceptionCode();
538 int32_t ret = reply.readInt32();
539 if (err < 0) {
540 ALOGD("password() caught exception %d\n", err);
541 return -1;
542 }
543 return ret;
544 }
545
546 virtual int32_t lock()
547 {
548 Parcel data, reply;
549 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
550 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
551 if (status != NO_ERROR) {
552 ALOGD("lock() could not contact remote: %d\n", status);
553 return -1;
554 }
555 int32_t err = reply.readExceptionCode();
556 int32_t ret = reply.readInt32();
557 if (err < 0) {
558 ALOGD("lock() caught exception %d\n", err);
559 return -1;
560 }
561 return ret;
562 }
563
564 virtual int32_t unlock(const String16& password)
565 {
566 Parcel data, reply;
567 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
568 data.writeString16(password);
569 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
570 if (status != NO_ERROR) {
571 ALOGD("unlock() could not contact remote: %d\n", status);
572 return -1;
573 }
574 int32_t err = reply.readExceptionCode();
575 int32_t ret = reply.readInt32();
576 if (err < 0) {
577 ALOGD("unlock() caught exception %d\n", err);
578 return -1;
579 }
580 return ret;
581 }
582
583 virtual int32_t zero()
584 {
585 Parcel data, reply;
586 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
587 status_t status = remote()->transact(BnKeystoreService::ZERO, data, &reply);
588 if (status != NO_ERROR) {
589 ALOGD("zero() could not contact remote: %d\n", status);
590 return -1;
591 }
592 int32_t err = reply.readExceptionCode();
593 int32_t ret = reply.readInt32();
594 if (err < 0) {
595 ALOGD("zero() caught exception %d\n", err);
596 return -1;
597 }
598 return ret;
599 }
600
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]601 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
602 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]603 {
604 Parcel data, reply;
605 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
606 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]607 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]608 data.writeInt32(keyType);
609 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]610 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]611 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]612 data.writeInt32(args->size());
613 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
614 sp<KeystoreArg> item = *it;
615 size_t keyLength = item->size();
616 data.writeInt32(keyLength);
617 void* buf = data.writeInplace(keyLength);
618 memcpy(buf, item->data(), keyLength);
619 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]620 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
621 if (status != NO_ERROR) {
622 ALOGD("generate() could not contact remote: %d\n", status);
623 return -1;
624 }
625 int32_t err = reply.readExceptionCode();
626 int32_t ret = reply.readInt32();
627 if (err < 0) {
628 ALOGD("generate() caught exception %d\n", err);
629 return -1;
630 }
631 return ret;
632 }
633
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]634 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
635 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]636 {
637 Parcel data, reply;
638 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
639 data.writeString16(name);
640 data.writeInt32(keyLength);
641 void* buf = data.writeInplace(keyLength);
642 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]643 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]644 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]645 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
646 if (status != NO_ERROR) {
647 ALOGD("import() could not contact remote: %d\n", status);
648 return -1;
649 }
650 int32_t err = reply.readExceptionCode();
651 int32_t ret = reply.readInt32();
652 if (err < 0) {
653 ALOGD("import() caught exception %d\n", err);
654 return -1;
655 }
656 return ret;
657 }
658
659 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
660 size_t* outLength)
661 {
662 Parcel data, reply;
663 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
664 data.writeString16(name);
665 data.writeInt32(inLength);
666 void* buf = data.writeInplace(inLength);
667 memcpy(buf, in, inLength);
668 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
669 if (status != NO_ERROR) {
670 ALOGD("import() could not contact remote: %d\n", status);
671 return -1;
672 }
673 int32_t err = reply.readExceptionCode();
674 ssize_t len = reply.readInt32();
675 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
676 size_t ulen = (size_t) len;
677 const void* outBuf = reply.readInplace(ulen);
678 *out = (uint8_t*) malloc(ulen);
679 if (*out != NULL) {
680 memcpy((void*) *out, outBuf, ulen);
681 *outLength = ulen;
682 } else {
683 ALOGE("out of memory allocating output array in sign");
684 *outLength = 0;
685 }
686 } else {
687 *outLength = 0;
688 }
689 if (err < 0) {
690 ALOGD("import() caught exception %d\n", err);
691 return -1;
692 }
693 return 0;
694 }
695
696 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
697 const uint8_t* signature, size_t signatureLength)
698 {
699 Parcel data, reply;
700 void* buf;
701
702 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
703 data.writeString16(name);
704 data.writeInt32(inLength);
705 buf = data.writeInplace(inLength);
706 memcpy(buf, in, inLength);
707 data.writeInt32(signatureLength);
708 buf = data.writeInplace(signatureLength);
709 memcpy(buf, signature, signatureLength);
710 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
711 if (status != NO_ERROR) {
712 ALOGD("verify() could not contact remote: %d\n", status);
713 return -1;
714 }
715 int32_t err = reply.readExceptionCode();
716 int32_t ret = reply.readInt32();
717 if (err < 0) {
718 ALOGD("verify() caught exception %d\n", err);
719 return -1;
720 }
721 return ret;
722 }
723
724 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
725 {
726 Parcel data, reply;
727 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
728 data.writeString16(name);
729 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
730 if (status != NO_ERROR) {
731 ALOGD("get_pubkey() could not contact remote: %d\n", status);
732 return -1;
733 }
734 int32_t err = reply.readExceptionCode();
735 ssize_t len = reply.readInt32();
736 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
737 size_t ulen = (size_t) len;
738 const void* buf = reply.readInplace(ulen);
739 *pubkey = (uint8_t*) malloc(ulen);
740 if (*pubkey != NULL) {
741 memcpy(*pubkey, buf, ulen);
742 *pubkeyLength = ulen;
743 } else {
744 ALOGE("out of memory allocating output array in get_pubkey");
745 *pubkeyLength = 0;
746 }
747 } else {
748 *pubkeyLength = 0;
749 }
750 if (err < 0) {
751 ALOGD("get_pubkey() caught exception %d\n", err);
752 return -1;
753 }
754 return 0;
755 }
756
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]757 virtual int32_t del_key(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]758 {
759 Parcel data, reply;
760 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
761 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]762 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]763 status_t status = remote()->transact(BnKeystoreService::DEL_KEY, data, &reply);
764 if (status != NO_ERROR) {
765 ALOGD("del_key() could not contact remote: %d\n", status);
766 return -1;
767 }
768 int32_t err = reply.readExceptionCode();
769 int32_t ret = reply.readInt32();
770 if (err < 0) {
771 ALOGD("del_key() caught exception %d\n", err);
772 return -1;
773 }
774 return ret;
775 }
776
777 virtual int32_t grant(const String16& name, int32_t granteeUid)
778 {
779 Parcel data, reply;
780 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
781 data.writeString16(name);
782 data.writeInt32(granteeUid);
783 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
784 if (status != NO_ERROR) {
785 ALOGD("grant() could not contact remote: %d\n", status);
786 return -1;
787 }
788 int32_t err = reply.readExceptionCode();
789 int32_t ret = reply.readInt32();
790 if (err < 0) {
791 ALOGD("grant() caught exception %d\n", err);
792 return -1;
793 }
794 return ret;
795 }
796
797 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
798 {
799 Parcel data, reply;
800 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
801 data.writeString16(name);
802 data.writeInt32(granteeUid);
803 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
804 if (status != NO_ERROR) {
805 ALOGD("ungrant() could not contact remote: %d\n", status);
806 return -1;
807 }
808 int32_t err = reply.readExceptionCode();
809 int32_t ret = reply.readInt32();
810 if (err < 0) {
811 ALOGD("ungrant() caught exception %d\n", err);
812 return -1;
813 }
814 return ret;
815 }
816
817 int64_t getmtime(const String16& name)
818 {
819 Parcel data, reply;
820 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
821 data.writeString16(name);
822 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
823 if (status != NO_ERROR) {
824 ALOGD("getmtime() could not contact remote: %d\n", status);
825 return -1;
826 }
827 int32_t err = reply.readExceptionCode();
828 int64_t ret = reply.readInt64();
829 if (err < 0) {
830 ALOGD("getmtime() caught exception %d\n", err);
831 return -1;
832 }
833 return ret;
834 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]835
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]836 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
837 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]838 {
839 Parcel data, reply;
840 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]841 data.writeString16(srcKey);
842 data.writeInt32(srcUid);
843 data.writeString16(destKey);
844 data.writeInt32(destUid);
845 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]846 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]847 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]848 return -1;
849 }
850 int32_t err = reply.readExceptionCode();
851 int32_t ret = reply.readInt32();
852 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]853 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]854 return -1;
855 }
856 return ret;
857 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]858
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]859 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]860 {
861 Parcel data, reply;
862 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]863 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]864 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
865 if (status != NO_ERROR) {
866 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
867 return -1;
868 }
869 int32_t err = reply.readExceptionCode();
870 int32_t ret = reply.readInt32();
871 if (err < 0) {
872 ALOGD("is_hardware_backed() caught exception %d\n", err);
873 return -1;
874 }
875 return ret;
876 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]877
878 virtual int32_t clear_uid(int64_t uid)
879 {
880 Parcel data, reply;
881 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
882 data.writeInt64(uid);
883 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
884 if (status != NO_ERROR) {
885 ALOGD("clear_uid() could not contact remote: %d\n", status);
886 return -1;
887 }
888 int32_t err = reply.readExceptionCode();
889 int32_t ret = reply.readInt32();
890 if (err < 0) {
891 ALOGD("clear_uid() caught exception %d\n", err);
892 return -1;
893 }
894 return ret;
895 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]896
897 virtual int32_t reset_uid(int32_t uid) {
898 Parcel data, reply;
899 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
900 data.writeInt32(uid);
901 status_t status = remote()->transact(BnKeystoreService::RESET_UID, data, &reply);
902 if (status != NO_ERROR) {
903 ALOGD("reset_uid() could not contact remote: %d\n", status);
904 return -1;
905 }
906 int32_t err = reply.readExceptionCode();
907 int32_t ret = reply.readInt32();
908 if (err < 0) {
909 ALOGD("reset_uid() caught exception %d\n", err);
910 return -1;
911 }
912 return ret;
913
914 }
915
916 virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid)
917 {
918 Parcel data, reply;
919 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
920 data.writeInt32(sourceUid);
921 data.writeInt32(targetUid);
922 status_t status = remote()->transact(BnKeystoreService::SYNC_UID, data, &reply);
923 if (status != NO_ERROR) {
924 ALOGD("sync_uid() could not contact remote: %d\n", status);
925 return -1;
926 }
927 int32_t err = reply.readExceptionCode();
928 int32_t ret = reply.readInt32();
929 if (err < 0) {
930 ALOGD("sync_uid() caught exception %d\n", err);
931 return -1;
932 }
933 return ret;
934 }
935
936 virtual int32_t password_uid(const String16& password, int32_t uid)
937 {
938 Parcel data, reply;
939 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
940 data.writeString16(password);
941 data.writeInt32(uid);
942 status_t status = remote()->transact(BnKeystoreService::PASSWORD_UID, data, &reply);
943 if (status != NO_ERROR) {
944 ALOGD("password_uid() could not contact remote: %d\n", status);
945 return -1;
946 }
947 int32_t err = reply.readExceptionCode();
948 int32_t ret = reply.readInt32();
949 if (err < 0) {
950 ALOGD("password_uid() caught exception %d\n", err);
951 return -1;
952 }
953 return ret;
954 }
Chad Brubakerc5b1ae12015-02-03 13:03:00 -0800[diff] [blame]955 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
956 {
957 Parcel data, reply;
958 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
959 data.writeInt32(bufLength);
960 data.writeByteArray(bufLength, buf);
961 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
962 if (status != NO_ERROR) {
963 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
964 return -1;
965 }
966 int32_t err = reply.readExceptionCode();
967 int32_t ret = reply.readInt32();
968 if (err < 0) {
969 ALOGD("addRngEntropy() caught exception %d\n", err);
970 return -1;
971 }
972 return ret;
973 };
974
975 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
976 int uid, int flags, KeyCharacteristics* outCharacteristics)
977 {
978 Parcel data, reply;
979 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
980 data.writeString16(name);
981 data.writeInt32(1);
982 params.writeToParcel(&data);
983 data.writeInt32(uid);
984 data.writeInt32(flags);
985 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
986 if (status != NO_ERROR) {
987 ALOGD("generateKey() could not contact remote: %d\n", status);
988 return KM_ERROR_UNKNOWN_ERROR;
989 }
990 int32_t err = reply.readExceptionCode();
991 int32_t ret = reply.readInt32();
992 if (err < 0) {
993 ALOGD("generateKey() caught exception %d\n", err);
994 return KM_ERROR_UNKNOWN_ERROR;
995 }
996 if (reply.readInt32() != 0 && outCharacteristics) {
997 outCharacteristics->readFromParcel(reply);
998 }
999 return ret;
1000 }
1001 virtual int32_t getKeyCharacteristics(const String16& name,
1002 const keymaster_blob_t& clientId,
1003 const keymaster_blob_t& appData,
1004 KeyCharacteristics* outCharacteristics)
1005 {
1006 Parcel data, reply;
1007 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1008 data.writeString16(name);
1009 data.writeByteArray(clientId.data_length, clientId.data);
1010 data.writeByteArray(appData.data_length, appData.data);
1011 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1012 data, &reply);
1013 if (status != NO_ERROR) {
1014 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1015 return KM_ERROR_UNKNOWN_ERROR;
1016 }
1017 int32_t err = reply.readExceptionCode();
1018 int32_t ret = reply.readInt32();
1019 if (err < 0) {
1020 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1021 return KM_ERROR_UNKNOWN_ERROR;
1022 }
1023 if (reply.readInt32() != 0 && outCharacteristics) {
1024 outCharacteristics->readFromParcel(reply);
1025 }
1026 return ret;
1027 }
1028 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1029 keymaster_key_format_t format, const uint8_t *keyData,
1030 size_t keyLength, int uid, int flags,
1031 KeyCharacteristics* outCharacteristics)
1032 {
1033 Parcel data, reply;
1034 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1035 data.writeString16(name);
1036 data.writeInt32(1);
1037 params.writeToParcel(&data);
1038 data.writeInt32(format);
1039 data.writeByteArray(keyLength, keyData);
1040 data.writeInt32(uid);
1041 data.writeInt32(flags);
1042 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1043 if (status != NO_ERROR) {
1044 ALOGD("importKey() could not contact remote: %d\n", status);
1045 return KM_ERROR_UNKNOWN_ERROR;
1046 }
1047 int32_t err = reply.readExceptionCode();
1048 int32_t ret = reply.readInt32();
1049 if (err < 0) {
1050 ALOGD("importKey() caught exception %d\n", err);
1051 return KM_ERROR_UNKNOWN_ERROR;
1052 }
1053 if (reply.readInt32() != 0 && outCharacteristics) {
1054 outCharacteristics->readFromParcel(reply);
1055 }
1056 return ret;
1057 }
1058
1059 virtual void exportKey(const String16& name, keymaster_key_format_t format,
1060 const keymaster_blob_t& clientId,
1061 const keymaster_blob_t& appData, ExportResult* result)
1062 {
1063 if (!result) {
1064 return;
1065 }
1066
1067 Parcel data, reply;
1068 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1069 data.writeString16(name);
1070 data.writeInt32(format);
1071 data.writeByteArray(clientId.data_length, clientId.data);
1072 data.writeByteArray(appData.data_length, appData.data);
1073 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1074 if (status != NO_ERROR) {
1075 ALOGD("exportKey() could not contact remote: %d\n", status);
1076 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1077 return;
1078 }
1079 int32_t err = reply.readExceptionCode();
Chad Brubaker2cc316d2015-03-05 19:20:13 +0000[diff] [blame]1080 int32_t ret = reply.readInt32();
Chad Brubakerc5b1ae12015-02-03 13:03:00 -0800[diff] [blame]1081 if (err < 0) {
1082 ALOGD("exportKey() caught exception %d\n", err);
1083 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1084 return;
1085 }
1086 if (reply.readInt32() != 0) {
1087 result->readFromParcel(reply);
1088 }
1089 }
1090
1091 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1092 keymaster_purpose_t purpose, bool pruneable,
1093 const KeymasterArguments& params, KeymasterArguments* outParams,
1094 OperationResult* result)
1095 {
1096 if (!result || !outParams) {
1097 return;
1098 }
1099 Parcel data, reply;
1100 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1101 data.writeStrongBinder(appToken);
1102 data.writeString16(name);
1103 data.writeInt32(purpose);
1104 data.writeInt32(pruneable ? 1 : 0);
1105 data.writeInt32(1);
1106 params.writeToParcel(&data);
1107 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1108 if (status != NO_ERROR) {
1109 ALOGD("begin() could not contact remote: %d\n", status);
1110 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1111 return;
1112 }
1113 int32_t err = reply.readExceptionCode();
1114 if (err < 0) {
1115 ALOGD("begin() caught exception %d\n", err);
1116 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1117 return;
1118 }
1119 if (reply.readInt32() != 0) {
1120 result->readFromParcel(reply);
1121 }
1122 if (reply.readInt32() != 0) {
1123 outParams->readFromParcel(reply);
1124 }
1125 }
1126
1127 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
1128 uint8_t* opData, size_t dataLength, OperationResult* result)
1129 {
1130 if (!result) {
1131 return;
1132 }
1133 Parcel data, reply;
1134 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1135 data.writeStrongBinder(token);
1136 data.writeInt32(1);
1137 params.writeToParcel(&data);
1138 data.writeByteArray(dataLength, opData);
1139 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1140 if (status != NO_ERROR) {
1141 ALOGD("update() could not contact remote: %d\n", status);
1142 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1143 return;
1144 }
1145 int32_t err = reply.readExceptionCode();
1146 if (err < 0) {
1147 ALOGD("update() caught exception %d\n", err);
1148 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1149 return;
1150 }
1151 if (reply.readInt32() != 0) {
1152 result->readFromParcel(reply);
1153 }
1154 }
1155
1156 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
1157 uint8_t* signature, size_t signatureLength, OperationResult* result)
1158 {
1159 if (!result) {
1160 return;
1161 }
1162 Parcel data, reply;
1163 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1164 data.writeStrongBinder(token);
1165 data.writeInt32(1);
1166 params.writeToParcel(&data);
1167 data.writeByteArray(signatureLength, signature);
1168 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1169 if (status != NO_ERROR) {
1170 ALOGD("finish() could not contact remote: %d\n", status);
1171 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1172 return;
1173 }
1174 int32_t err = reply.readExceptionCode();
1175 if (err < 0) {
1176 ALOGD("finish() caught exception %d\n", err);
1177 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1178 return;
1179 }
1180 if (reply.readInt32() != 0) {
1181 result->readFromParcel(reply);
1182 }
1183 }
1184
1185 virtual int32_t abort(const sp<IBinder>& token)
1186 {
1187 Parcel data, reply;
1188 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1189 data.writeStrongBinder(token);
1190 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1191 if (status != NO_ERROR) {
1192 ALOGD("abort() could not contact remote: %d\n", status);
1193 return KM_ERROR_UNKNOWN_ERROR;
1194 }
1195 int32_t err = reply.readExceptionCode();
1196 int32_t ret = reply.readInt32();
1197 if (err < 0) {
1198 ALOGD("abort() caught exception %d\n", err);
1199 return KM_ERROR_UNKNOWN_ERROR;
1200 }
1201 return ret;
1202 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1203};
1204
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1205IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1206
1207// ----------------------------------------------------------------------
1208
1209status_t BnKeystoreService::onTransact(
1210 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1211{
1212 switch(code) {
1213 case TEST: {
1214 CHECK_INTERFACE(IKeystoreService, data, reply);
1215 int32_t ret = test();
1216 reply->writeNoException();
1217 reply->writeInt32(ret);
1218 return NO_ERROR;
1219 } break;
1220 case GET: {
1221 CHECK_INTERFACE(IKeystoreService, data, reply);
1222 String16 name = data.readString16();
1223 void* out = NULL;
1224 size_t outSize = 0;
1225 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1226 reply->writeNoException();
1227 if (ret == 1) {
1228 reply->writeInt32(outSize);
1229 void* buf = reply->writeInplace(outSize);
1230 memcpy(buf, out, outSize);
1231 free(out);
1232 } else {
1233 reply->writeInt32(-1);
1234 }
1235 return NO_ERROR;
1236 } break;
1237 case INSERT: {
1238 CHECK_INTERFACE(IKeystoreService, data, reply);
1239 String16 name = data.readString16();
1240 ssize_t inSize = data.readInt32();
1241 const void* in;
1242 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1243 in = data.readInplace(inSize);
1244 } else {
1245 in = NULL;
1246 inSize = 0;
1247 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1248 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1249 int32_t flags = data.readInt32();
1250 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1251 reply->writeNoException();
1252 reply->writeInt32(ret);
1253 return NO_ERROR;
1254 } break;
1255 case DEL: {
1256 CHECK_INTERFACE(IKeystoreService, data, reply);
1257 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1258 int uid = data.readInt32();
1259 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1260 reply->writeNoException();
1261 reply->writeInt32(ret);
1262 return NO_ERROR;
1263 } break;
1264 case EXIST: {
1265 CHECK_INTERFACE(IKeystoreService, data, reply);
1266 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1267 int uid = data.readInt32();
1268 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1269 reply->writeNoException();
1270 reply->writeInt32(ret);
1271 return NO_ERROR;
1272 } break;
1273 case SAW: {
1274 CHECK_INTERFACE(IKeystoreService, data, reply);
1275 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1276 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1277 Vector<String16> matches;
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1278 int32_t ret = saw(name, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1279 reply->writeNoException();
1280 reply->writeInt32(matches.size());
1281 Vector<String16>::const_iterator it = matches.begin();
1282 for (; it != matches.end(); ++it) {
1283 reply->writeString16(*it);
1284 }
1285 reply->writeInt32(ret);
1286 return NO_ERROR;
1287 } break;
1288 case RESET: {
1289 CHECK_INTERFACE(IKeystoreService, data, reply);
1290 int32_t ret = reset();
1291 reply->writeNoException();
1292 reply->writeInt32(ret);
1293 return NO_ERROR;
1294 } break;
1295 case PASSWORD: {
1296 CHECK_INTERFACE(IKeystoreService, data, reply);
1297 String16 pass = data.readString16();
1298 int32_t ret = password(pass);
1299 reply->writeNoException();
1300 reply->writeInt32(ret);
1301 return NO_ERROR;
1302 } break;
1303 case LOCK: {
1304 CHECK_INTERFACE(IKeystoreService, data, reply);
1305 int32_t ret = lock();
1306 reply->writeNoException();
1307 reply->writeInt32(ret);
1308 return NO_ERROR;
1309 } break;
1310 case UNLOCK: {
1311 CHECK_INTERFACE(IKeystoreService, data, reply);
1312 String16 pass = data.readString16();
1313 int32_t ret = unlock(pass);
1314 reply->writeNoException();
1315 reply->writeInt32(ret);
1316 return NO_ERROR;
1317 } break;
1318 case ZERO: {
1319 CHECK_INTERFACE(IKeystoreService, data, reply);
1320 int32_t ret = zero();
1321 reply->writeNoException();
1322 reply->writeInt32(ret);
1323 return NO_ERROR;
1324 } break;
1325 case GENERATE: {
1326 CHECK_INTERFACE(IKeystoreService, data, reply);
1327 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1328 int32_t uid = data.readInt32();
1329 int32_t keyType = data.readInt32();
1330 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1331 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1332 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1333 int32_t argsPresent = data.readInt32();
1334 if (argsPresent == 1) {
1335 ssize_t numArgs = data.readInt32();
1336 if (numArgs > 0) {
1337 for (size_t i = 0; i < (size_t) numArgs; i++) {
1338 ssize_t inSize = data.readInt32();
1339 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1340 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1341 inSize);
1342 args.push_back(arg);
1343 } else {
1344 args.push_back(NULL);
1345 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1346 }
1347 }
1348 }
1349 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1350 reply->writeNoException();
1351 reply->writeInt32(ret);
1352 return NO_ERROR;
1353 } break;
1354 case IMPORT: {
1355 CHECK_INTERFACE(IKeystoreService, data, reply);
1356 String16 name = data.readString16();
1357 ssize_t inSize = data.readInt32();
1358 const void* in;
1359 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1360 in = data.readInplace(inSize);
1361 } else {
1362 in = NULL;
1363 inSize = 0;
1364 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1365 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1366 int32_t flags = data.readInt32();
1367 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1368 reply->writeNoException();
1369 reply->writeInt32(ret);
1370 return NO_ERROR;
1371 } break;
1372 case SIGN: {
1373 CHECK_INTERFACE(IKeystoreService, data, reply);
1374 String16 name = data.readString16();
1375 ssize_t inSize = data.readInt32();
1376 const void* in;
1377 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1378 in = data.readInplace(inSize);
1379 } else {
1380 in = NULL;
1381 inSize = 0;
1382 }
1383 void* out = NULL;
1384 size_t outSize = 0;
1385 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1386 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1387 if (outSize > 0 && out != NULL) {
1388 reply->writeInt32(outSize);
1389 void* buf = reply->writeInplace(outSize);
1390 memcpy(buf, out, outSize);
1391 free(out);
1392 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1393 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1394 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1395 reply->writeInt32(ret);
1396 return NO_ERROR;
1397 } break;
1398 case VERIFY: {
1399 CHECK_INTERFACE(IKeystoreService, data, reply);
1400 String16 name = data.readString16();
1401 ssize_t inSize = data.readInt32();
1402 const void* in;
1403 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1404 in = data.readInplace(inSize);
1405 } else {
1406 in = NULL;
1407 inSize = 0;
1408 }
1409 ssize_t sigSize = data.readInt32();
1410 const void* sig;
1411 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1412 sig = data.readInplace(sigSize);
1413 } else {
1414 sig = NULL;
1415 sigSize = 0;
1416 }
1417 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1418 (size_t) sigSize);
1419 reply->writeNoException();
1420 reply->writeInt32(ret ? 1 : 0);
1421 return NO_ERROR;
1422 } break;
1423 case GET_PUBKEY: {
1424 CHECK_INTERFACE(IKeystoreService, data, reply);
1425 String16 name = data.readString16();
1426 void* out = NULL;
1427 size_t outSize = 0;
1428 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1429 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1430 if (outSize > 0 && out != NULL) {
1431 reply->writeInt32(outSize);
1432 void* buf = reply->writeInplace(outSize);
1433 memcpy(buf, out, outSize);
1434 free(out);
1435 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1436 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1437 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1438 reply->writeInt32(ret);
1439 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1440 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1441 case DEL_KEY: {
1442 CHECK_INTERFACE(IKeystoreService, data, reply);
1443 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1444 int uid = data.readInt32();
1445 int32_t ret = del_key(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1446 reply->writeNoException();
1447 reply->writeInt32(ret);
1448 return NO_ERROR;
1449 } break;
1450 case GRANT: {
1451 CHECK_INTERFACE(IKeystoreService, data, reply);
1452 String16 name = data.readString16();
1453 int32_t granteeUid = data.readInt32();
1454 int32_t ret = grant(name, granteeUid);
1455 reply->writeNoException();
1456 reply->writeInt32(ret);
1457 return NO_ERROR;
1458 } break;
1459 case UNGRANT: {
1460 CHECK_INTERFACE(IKeystoreService, data, reply);
1461 String16 name = data.readString16();
1462 int32_t granteeUid = data.readInt32();
1463 int32_t ret = ungrant(name, granteeUid);
1464 reply->writeNoException();
1465 reply->writeInt32(ret);
1466 return NO_ERROR;
1467 } break;
1468 case GETMTIME: {
1469 CHECK_INTERFACE(IKeystoreService, data, reply);
1470 String16 name = data.readString16();
1471 int64_t ret = getmtime(name);
1472 reply->writeNoException();
1473 reply->writeInt64(ret);
1474 return NO_ERROR;
1475 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1476 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1477 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1478 String16 srcKey = data.readString16();
1479 int32_t srcUid = data.readInt32();
1480 String16 destKey = data.readString16();
1481 int32_t destUid = data.readInt32();
1482 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1483 reply->writeNoException();
1484 reply->writeInt32(ret);
1485 return NO_ERROR;
1486 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1487 case IS_HARDWARE_BACKED: {
1488 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1489 String16 keyType = data.readString16();
1490 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1491 reply->writeNoException();
1492 reply->writeInt32(ret);
1493 return NO_ERROR;
1494 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1495 case CLEAR_UID: {
1496 CHECK_INTERFACE(IKeystoreService, data, reply);
1497 int64_t uid = data.readInt64();
1498 int32_t ret = clear_uid(uid);
1499 reply->writeNoException();
1500 reply->writeInt32(ret);
1501 return NO_ERROR;
1502 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]1503 case RESET_UID: {
1504 CHECK_INTERFACE(IKeystoreService, data, reply);
1505 int32_t uid = data.readInt32();
1506 int32_t ret = reset_uid(uid);
1507 reply->writeNoException();
1508 reply->writeInt32(ret);
1509 return NO_ERROR;
1510 }
1511 case SYNC_UID: {
1512 CHECK_INTERFACE(IKeystoreService, data, reply);
1513 int32_t sourceUid = data.readInt32();
1514 int32_t targetUid = data.readInt32();
1515 int32_t ret = sync_uid(sourceUid, targetUid);
1516 reply->writeNoException();
1517 reply->writeInt32(ret);
1518 return NO_ERROR;
1519 }
1520 case PASSWORD_UID: {
1521 CHECK_INTERFACE(IKeystoreService, data, reply);
1522 String16 password = data.readString16();
1523 int32_t uid = data.readInt32();
1524 int32_t ret = password_uid(password, uid);
1525 reply->writeNoException();
1526 reply->writeInt32(ret);
1527 return NO_ERROR;
1528 }
Chad Brubakerc5b1ae12015-02-03 13:03:00 -0800[diff] [blame]1529 case ADD_RNG_ENTROPY: {
1530 CHECK_INTERFACE(IKeystoreService, data, reply);
1531 size_t size = data.readInt32();
1532 uint8_t* bytes;
1533 if (size > 0) {
1534 bytes = (uint8_t*) data.readInplace(size);
1535 } else {
1536 bytes = NULL;
1537 }
1538 int32_t ret = addRngEntropy(bytes, size);
1539 reply->writeNoException();
1540 reply->writeInt32(ret);
1541 return NO_ERROR;
1542 }
1543 case GENERATE_KEY: {
1544 CHECK_INTERFACE(IKeystoreService, data, reply);
1545 String16 name = data.readString16();
1546 KeymasterArguments args;
1547 if (data.readInt32() != 0) {
1548 args.readFromParcel(data);
1549 }
1550 int32_t uid = data.readInt32();
1551 int32_t flags = data.readInt32();
1552 KeyCharacteristics outCharacteristics;
1553 int32_t ret = generateKey(name, args, uid, flags, &outCharacteristics);
1554 reply->writeNoException();
1555 reply->writeInt32(ret);
1556 reply->writeInt32(1);
1557 outCharacteristics.writeToParcel(reply);
1558 return NO_ERROR;
1559 }
1560 case GET_KEY_CHARACTERISTICS: {
1561 CHECK_INTERFACE(IKeystoreService, data, reply);
1562 String16 name = data.readString16();
1563 keymaster_blob_t clientId, appData;
1564 readKeymasterBlob(data, &clientId);
1565 readKeymasterBlob(data, &appData);
1566 KeyCharacteristics outCharacteristics;
1567 int ret = getKeyCharacteristics(name, clientId, appData, &outCharacteristics);
1568 reply->writeNoException();
1569 reply->writeInt32(ret);
1570 reply->writeInt32(1);
1571 outCharacteristics.writeToParcel(reply);
1572 return NO_ERROR;
1573 }
1574 case IMPORT_KEY: {
1575 CHECK_INTERFACE(IKeystoreService, data, reply);
1576 String16 name = data.readString16();
1577 KeymasterArguments args;
1578 if (data.readInt32() != 0) {
1579 args.readFromParcel(data);
1580 }
1581 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
1582 uint8_t* keyData = NULL;
1583 ssize_t keyLength = data.readInt32();
1584 size_t ukeyLength = (size_t) keyLength;
1585 if (keyLength >= 0) {
1586 keyData = (uint8_t*) data.readInplace(keyLength);
1587 } else {
1588 ukeyLength = 0;
1589 }
1590 int32_t uid = data.readInt32();
1591 int32_t flags = data.readInt32();
1592 KeyCharacteristics outCharacteristics;
1593 int32_t ret = importKey(name, args, format, keyData, ukeyLength, uid, flags,
1594 &outCharacteristics);
1595 reply->writeNoException();
1596 reply->writeInt32(ret);
1597 reply->writeInt32(1);
1598 outCharacteristics.writeToParcel(reply);
1599
1600 return NO_ERROR;
1601 }
1602 case EXPORT_KEY: {
1603 CHECK_INTERFACE(IKeystoreService, data, reply);
1604 String16 name = data.readString16();
1605 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
1606 keymaster_blob_t clientId, appData;
1607 readKeymasterBlob(data, &clientId);
1608 readKeymasterBlob(data, &appData);
1609 ExportResult result;
1610 exportKey(name, format, clientId, appData, &result);
1611 reply->writeNoException();
1612 reply->writeInt32(1);
1613 result.writeToParcel(reply);
1614
1615 return NO_ERROR;
1616 }
1617 case BEGIN: {
1618 CHECK_INTERFACE(IKeystoreService, data, reply);
1619 sp<IBinder> token = data.readStrongBinder();
1620 String16 name = data.readString16();
1621 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1622 bool pruneable = data.readInt32() != 0;
1623 KeymasterArguments args;
1624 if (data.readInt32() != 0) {
1625 args.readFromParcel(data);
1626 }
1627 KeymasterArguments outArgs;
1628 OperationResult result;
1629 begin(token, name, purpose, pruneable, args, &outArgs, &result);
1630 reply->writeNoException();
1631 reply->writeInt32(1);
1632 result.writeToParcel(reply);
1633 reply->writeInt32(1);
1634 outArgs.writeToParcel(reply);
1635
1636 return NO_ERROR;
1637 }
1638 case UPDATE: {
1639 CHECK_INTERFACE(IKeystoreService, data, reply);
1640 sp<IBinder> token = data.readStrongBinder();
1641 KeymasterArguments args;
1642 if (data.readInt32() != 0) {
1643 args.readFromParcel(data);
1644 }
1645 uint8_t* buf = NULL;
1646 ssize_t bufLength = data.readInt32();
1647 size_t ubufLength = (size_t) bufLength;
1648 if (bufLength > 0) {
1649 buf = (uint8_t*) data.readInplace(ubufLength);
1650 } else {
1651 ubufLength = 0;
1652 }
1653 OperationResult result;
1654 update(token, args, buf, ubufLength, &result);
1655 reply->writeNoException();
1656 reply->writeInt32(1);
1657 result.writeToParcel(reply);
1658
1659 return NO_ERROR;
1660 }
1661 case FINISH: {
1662 CHECK_INTERFACE(IKeystoreService, data, reply);
1663 sp<IBinder> token = data.readStrongBinder();
1664 KeymasterArguments args;
1665 if (data.readInt32() != 0) {
1666 args.readFromParcel(data);
1667 }
1668 uint8_t* buf = NULL;
1669 ssize_t bufLength = data.readInt32();
1670 size_t ubufLength = (size_t) bufLength;
1671 if (bufLength > 0) {
1672 buf = (uint8_t*) data.readInplace(ubufLength);
1673 } else {
1674 ubufLength = 0;
1675 }
1676 OperationResult result;
1677 finish(token, args, buf, ubufLength, &result);
1678 reply->writeNoException();
1679 reply->writeInt32(1);
1680 result.writeToParcel(reply);
1681
1682 return NO_ERROR;
1683 }
1684 case ABORT: {
1685 CHECK_INTERFACE(IKeystoreService, data, reply);
1686 sp<IBinder> token = data.readStrongBinder();
1687 int32_t result = abort(token);
1688 reply->writeNoException();
1689 reply->writeInt32(result);
1690
1691 return NO_ERROR;
1692 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1693 default:
1694 return BBinder::onTransact(code, data, reply, flags);
1695 }
1696}
1697
1698// ----------------------------------------------------------------------------
1699
1700}; // namespace android