Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / dcca0516dd26d3f5668f4b9546acd65f52d1ca7a / . / keystore / IKeystoreService.cpp
blob: f920095f00954ebf60b95c9f92f2f9d42dc4e6de [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]33static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
34
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]35KeystoreArg::KeystoreArg(const void* data, size_t len)
36 : mData(data), mSize(len) {
37}
38
39KeystoreArg::~KeystoreArg() {
40}
41
42const void *KeystoreArg::data() const {
43 return mData;
44}
45
46size_t KeystoreArg::size() const {
47 return mSize;
48}
49
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]50OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]51 data(NULL), dataLength(0) {
52}
53
54OperationResult::~OperationResult() {
55}
56
57void OperationResult::readFromParcel(const Parcel& in) {
58 resultCode = in.readInt32();
59 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]60 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]61 inputConsumed = in.readInt32();
62 ssize_t length = in.readInt32();
63 dataLength = 0;
64 if (length > 0) {
65 const void* buf = in.readInplace(length);
66 if (buf) {
67 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
68 if (data.get()) {
69 memcpy(data.get(), buf, length);
70 dataLength = (size_t) length;
71 } else {
72 ALOGE("Failed to allocate OperationResult buffer");
73 }
74 } else {
75 ALOGE("Failed to readInplace OperationResult data");
76 }
77 }
78}
79
80void OperationResult::writeToParcel(Parcel* out) const {
81 out->writeInt32(resultCode);
82 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]83 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]84 out->writeInt32(inputConsumed);
85 out->writeInt32(dataLength);
86 if (dataLength && data) {
87 void* buf = out->writeInplace(dataLength);
88 if (buf) {
89 memcpy(buf, data.get(), dataLength);
90 } else {
91 ALOGE("Failed to writeInplace OperationResult data.");
92 }
93 }
94}
95
96ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
97}
98
99ExportResult::~ExportResult() {
100}
101
102void ExportResult::readFromParcel(const Parcel& in) {
103 resultCode = in.readInt32();
104 ssize_t length = in.readInt32();
105 dataLength = 0;
106 if (length > 0) {
107 const void* buf = in.readInplace(length);
108 if (buf) {
109 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
110 if (exportData.get()) {
111 memcpy(exportData.get(), buf, length);
112 dataLength = (size_t) length;
113 } else {
114 ALOGE("Failed to allocate ExportData buffer");
115 }
116 } else {
117 ALOGE("Failed to readInplace ExportData data");
118 }
119 }
120}
121
122void ExportResult::writeToParcel(Parcel* out) const {
123 out->writeInt32(resultCode);
124 out->writeInt32(dataLength);
125 if (exportData && dataLength) {
126 void* buf = out->writeInplace(dataLength);
127 if (buf) {
128 memcpy(buf, exportData.get(), dataLength);
129 } else {
130 ALOGE("Failed to writeInplace ExportResult data.");
131 }
132 }
133}
134
135KeymasterArguments::KeymasterArguments() {
136}
137
138KeymasterArguments::~KeymasterArguments() {
139 keymaster_free_param_values(params.data(), params.size());
140}
141
142void KeymasterArguments::readFromParcel(const Parcel& in) {
143 ssize_t length = in.readInt32();
144 size_t ulength = (size_t) length;
145 if (length < 0) {
146 ulength = 0;
147 }
148 keymaster_free_param_values(params.data(), params.size());
149 params.clear();
150 for(size_t i = 0; i < ulength; i++) {
151 keymaster_key_param_t param;
152 if (!readKeymasterArgumentFromParcel(in, &param)) {
153 ALOGE("Error reading keymaster argument from parcel");
154 break;
155 }
156 params.push_back(param);
157 }
158}
159
160void KeymasterArguments::writeToParcel(Parcel* out) const {
161 out->writeInt32(params.size());
162 for (auto param : params) {
163 out->writeInt32(1);
164 writeKeymasterArgumentToParcel(param, out);
165 }
166}
167
168KeyCharacteristics::KeyCharacteristics() {
169 memset((void*) &characteristics, 0, sizeof(characteristics));
170}
171
172KeyCharacteristics::~KeyCharacteristics() {
173 keymaster_free_characteristics(&characteristics);
174}
175
176void KeyCharacteristics::readFromParcel(const Parcel& in) {
177 size_t length = 0;
178 keymaster_key_param_t* params = readParamList(in, &length);
179 characteristics.sw_enforced.params = params;
180 characteristics.sw_enforced.length = length;
181
182 params = readParamList(in, &length);
183 characteristics.hw_enforced.params = params;
184 characteristics.hw_enforced.length = length;
185}
186
187void KeyCharacteristics::writeToParcel(Parcel* out) const {
188 if (characteristics.sw_enforced.params) {
189 out->writeInt32(characteristics.sw_enforced.length);
190 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
191 out->writeInt32(1);
192 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
193 }
194 } else {
195 out->writeInt32(0);
196 }
197 if (characteristics.hw_enforced.params) {
198 out->writeInt32(characteristics.hw_enforced.length);
199 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
200 out->writeInt32(1);
201 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
202 }
203 } else {
204 out->writeInt32(0);
205 }
206}
207
208void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
209 switch (keymaster_tag_get_type(param.tag)) {
210 case KM_ENUM:
211 case KM_ENUM_REP: {
212 out->writeInt32(param.tag);
213 out->writeInt32(param.enumerated);
214 break;
215 }
216 case KM_INT:
217 case KM_INT_REP: {
218 out->writeInt32(param.tag);
219 out->writeInt32(param.integer);
220 break;
221 }
Chad Brubaker686db062015-04-16 14:21:10 -0700[diff] [blame]222 case KM_LONG:
223 case KM_LONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]224 out->writeInt32(param.tag);
225 out->writeInt64(param.long_integer);
226 break;
227 }
228 case KM_DATE: {
229 out->writeInt32(param.tag);
230 out->writeInt64(param.date_time);
231 break;
232 }
233 case KM_BOOL: {
234 out->writeInt32(param.tag);
235 break;
236 }
237 case KM_BIGNUM:
238 case KM_BYTES: {
239 out->writeInt32(param.tag);
240 out->writeInt32(param.blob.data_length);
241 void* buf = out->writeInplace(param.blob.data_length);
242 if (buf) {
243 memcpy(buf, param.blob.data, param.blob.data_length);
244 } else {
245 ALOGE("Failed to writeInplace keymaster blob param");
246 }
247 break;
248 }
249 default: {
250 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
251 }
252 }
253}
254
255
256bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
257 if (in.readInt32() == 0) {
258 return false;
259 }
260 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
261 switch (keymaster_tag_get_type(tag)) {
262 case KM_ENUM:
263 case KM_ENUM_REP: {
264 uint32_t value = in.readInt32();
265 *out = keymaster_param_enum(tag, value);
266 break;
267 }
268 case KM_INT:
269 case KM_INT_REP: {
270 uint32_t value = in.readInt32();
271 *out = keymaster_param_int(tag, value);
272 break;
273 }
Chad Brubaker686db062015-04-16 14:21:10 -0700[diff] [blame]274 case KM_LONG:
275 case KM_LONG_REP: {
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]276 uint64_t value = in.readInt64();
277 *out = keymaster_param_long(tag, value);
278 break;
279 }
280 case KM_DATE: {
281 uint64_t value = in.readInt64();
282 *out = keymaster_param_date(tag, value);
283 break;
284 }
285 case KM_BOOL: {
286 *out = keymaster_param_bool(tag);
287 break;
288 }
289 case KM_BIGNUM:
290 case KM_BYTES: {
291 ssize_t length = in.readInt32();
292 uint8_t* data = NULL;
293 size_t ulength = 0;
294 if (length >= 0) {
295 ulength = (size_t) length;
296 // use malloc here so we can use keymaster_free_param_values
297 // consistently.
298 data = reinterpret_cast<uint8_t*>(malloc(ulength));
299 const void* buf = in.readInplace(ulength);
300 if (!buf || !data) {
301 ALOGE("Failed to allocate buffer for keymaster blob param");
302 return false;
303 }
304 memcpy(data, buf, ulength);
305 }
306 *out = keymaster_param_blob(tag, data, ulength);
307 break;
308 }
309 default: {
310 ALOGE("Unsupported keymaster_tag_t %d", tag);
311 return false;
312 }
313 }
314 return true;
315}
316
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]317/**
318 * Read a byte array from in. The data at *data is still owned by the parcel
319 */
320static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
321 ssize_t slength = in.readInt32();
322 if (slength > 0) {
323 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
324 if (*data) {
325 *length = static_cast<size_t>(slength);
326 } else {
327 *length = 0;
328 }
329 } else {
330 *data = NULL;
331 *length = 0;
332 }
333}
334
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]335// Read a keymaster_key_param_t* from a Parcel for use in a
336// keymaster_key_characteristics_t. This will be free'd by calling
337// keymaster_free_key_characteristics.
338static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
339 ssize_t slength = in.readInt32();
340 *length = 0;
341 if (slength < 0) {
342 return NULL;
343 }
344 *length = (size_t) slength;
345 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
346 return NULL;
347 }
348 keymaster_key_param_t* list =
349 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
350 sizeof(keymaster_key_param_t)));
351 if (!list) {
352 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
353 goto err;
354 }
355 for (size_t i = 0; i < *length ; i++) {
356 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
357 ALOGE("Failed to read keymaster argument");
358 keymaster_free_param_values(list, i);
359 goto err;
360 }
361 }
362 return list;
363err:
364 free(list);
365 return NULL;
366}
367
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]368static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
369 std::unique_ptr<keymaster_blob_t> blob;
370 if (in.readInt32() != 1) {
371 blob.reset(NULL);
372 return blob;
373 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]374 ssize_t length = in.readInt32();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]375 blob.reset(new keymaster_blob_t);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]376 if (length > 0) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]377 blob->data = reinterpret_cast<const uint8_t*>(in.readInplace(length));
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]378 if (blob->data) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]379 blob->data_length = static_cast<size_t>(length);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]380 } else {
381 blob->data_length = 0;
382 }
383 } else {
384 blob->data = NULL;
385 blob->data_length = 0;
386 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]387 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]388}
389
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]390class BpKeystoreService: public BpInterface<IKeystoreService>
391{
392public:
393 BpKeystoreService(const sp<IBinder>& impl)
394 : BpInterface<IKeystoreService>(impl)
395 {
396 }
397
398 // test ping
399 virtual int32_t test()
400 {
401 Parcel data, reply;
402 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
403 status_t status = remote()->transact(BnKeystoreService::TEST, data, &reply);
404 if (status != NO_ERROR) {
405 ALOGD("test() could not contact remote: %d\n", status);
406 return -1;
407 }
408 int32_t err = reply.readExceptionCode();
409 int32_t ret = reply.readInt32();
410 if (err < 0) {
411 ALOGD("test() caught exception %d\n", err);
412 return -1;
413 }
414 return ret;
415 }
416
417 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
418 {
419 Parcel data, reply;
420 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
421 data.writeString16(name);
422 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
423 if (status != NO_ERROR) {
424 ALOGD("get() could not contact remote: %d\n", status);
425 return -1;
426 }
427 int32_t err = reply.readExceptionCode();
428 ssize_t len = reply.readInt32();
429 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
430 size_t ulen = (size_t) len;
431 const void* buf = reply.readInplace(ulen);
432 *item = (uint8_t*) malloc(ulen);
433 if (*item != NULL) {
434 memcpy(*item, buf, ulen);
435 *itemLength = ulen;
436 } else {
437 ALOGE("out of memory allocating output array in get");
438 *itemLength = 0;
439 }
440 } else {
441 *itemLength = 0;
442 }
443 if (err < 0) {
444 ALOGD("get() caught exception %d\n", err);
445 return -1;
446 }
447 return 0;
448 }
449
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]450 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
451 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]452 {
453 Parcel data, reply;
454 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
455 data.writeString16(name);
456 data.writeInt32(itemLength);
457 void* buf = data.writeInplace(itemLength);
458 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]459 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]460 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]461 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
462 if (status != NO_ERROR) {
463 ALOGD("import() could not contact remote: %d\n", status);
464 return -1;
465 }
466 int32_t err = reply.readExceptionCode();
467 int32_t ret = reply.readInt32();
468 if (err < 0) {
469 ALOGD("import() caught exception %d\n", err);
470 return -1;
471 }
472 return ret;
473 }
474
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]475 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]476 {
477 Parcel data, reply;
478 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
479 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]480 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]481 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
482 if (status != NO_ERROR) {
483 ALOGD("del() could not contact remote: %d\n", status);
484 return -1;
485 }
486 int32_t err = reply.readExceptionCode();
487 int32_t ret = reply.readInt32();
488 if (err < 0) {
489 ALOGD("del() caught exception %d\n", err);
490 return -1;
491 }
492 return ret;
493 }
494
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]495 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]496 {
497 Parcel data, reply;
498 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
499 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]500 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]501 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
502 if (status != NO_ERROR) {
503 ALOGD("exist() could not contact remote: %d\n", status);
504 return -1;
505 }
506 int32_t err = reply.readExceptionCode();
507 int32_t ret = reply.readInt32();
508 if (err < 0) {
509 ALOGD("exist() caught exception %d\n", err);
510 return -1;
511 }
512 return ret;
513 }
514
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]515 virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]516 {
517 Parcel data, reply;
518 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
519 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]520 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]521 status_t status = remote()->transact(BnKeystoreService::SAW, data, &reply);
522 if (status != NO_ERROR) {
523 ALOGD("saw() could not contact remote: %d\n", status);
524 return -1;
525 }
526 int32_t err = reply.readExceptionCode();
527 int32_t numMatches = reply.readInt32();
528 for (int32_t i = 0; i < numMatches; i++) {
529 matches->push(reply.readString16());
530 }
531 int32_t ret = reply.readInt32();
532 if (err < 0) {
533 ALOGD("saw() caught exception %d\n", err);
534 return -1;
535 }
536 return ret;
537 }
538
539 virtual int32_t reset()
540 {
541 Parcel data, reply;
542 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
543 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
544 if (status != NO_ERROR) {
545 ALOGD("reset() could not contact remote: %d\n", status);
546 return -1;
547 }
548 int32_t err = reply.readExceptionCode();
549 int32_t ret = reply.readInt32();
550 if (err < 0) {
551 ALOGD("reset() caught exception %d\n", err);
552 return -1;
553 }
554 return ret;
555 }
556
557 virtual int32_t password(const String16& password)
558 {
559 Parcel data, reply;
560 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
561 data.writeString16(password);
562 status_t status = remote()->transact(BnKeystoreService::PASSWORD, data, &reply);
563 if (status != NO_ERROR) {
564 ALOGD("password() could not contact remote: %d\n", status);
565 return -1;
566 }
567 int32_t err = reply.readExceptionCode();
568 int32_t ret = reply.readInt32();
569 if (err < 0) {
570 ALOGD("password() caught exception %d\n", err);
571 return -1;
572 }
573 return ret;
574 }
575
576 virtual int32_t lock()
577 {
578 Parcel data, reply;
579 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
580 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
581 if (status != NO_ERROR) {
582 ALOGD("lock() could not contact remote: %d\n", status);
583 return -1;
584 }
585 int32_t err = reply.readExceptionCode();
586 int32_t ret = reply.readInt32();
587 if (err < 0) {
588 ALOGD("lock() caught exception %d\n", err);
589 return -1;
590 }
591 return ret;
592 }
593
594 virtual int32_t unlock(const String16& password)
595 {
596 Parcel data, reply;
597 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
598 data.writeString16(password);
599 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
600 if (status != NO_ERROR) {
601 ALOGD("unlock() could not contact remote: %d\n", status);
602 return -1;
603 }
604 int32_t err = reply.readExceptionCode();
605 int32_t ret = reply.readInt32();
606 if (err < 0) {
607 ALOGD("unlock() caught exception %d\n", err);
608 return -1;
609 }
610 return ret;
611 }
612
613 virtual int32_t zero()
614 {
615 Parcel data, reply;
616 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
617 status_t status = remote()->transact(BnKeystoreService::ZERO, data, &reply);
618 if (status != NO_ERROR) {
619 ALOGD("zero() could not contact remote: %d\n", status);
620 return -1;
621 }
622 int32_t err = reply.readExceptionCode();
623 int32_t ret = reply.readInt32();
624 if (err < 0) {
625 ALOGD("zero() caught exception %d\n", err);
626 return -1;
627 }
628 return ret;
629 }
630
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]631 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
632 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]633 {
634 Parcel data, reply;
635 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
636 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]637 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]638 data.writeInt32(keyType);
639 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]640 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]641 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]642 data.writeInt32(args->size());
643 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
644 sp<KeystoreArg> item = *it;
645 size_t keyLength = item->size();
646 data.writeInt32(keyLength);
647 void* buf = data.writeInplace(keyLength);
648 memcpy(buf, item->data(), keyLength);
649 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]650 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
651 if (status != NO_ERROR) {
652 ALOGD("generate() could not contact remote: %d\n", status);
653 return -1;
654 }
655 int32_t err = reply.readExceptionCode();
656 int32_t ret = reply.readInt32();
657 if (err < 0) {
658 ALOGD("generate() caught exception %d\n", err);
659 return -1;
660 }
661 return ret;
662 }
663
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]664 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
665 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]666 {
667 Parcel data, reply;
668 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
669 data.writeString16(name);
670 data.writeInt32(keyLength);
671 void* buf = data.writeInplace(keyLength);
672 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]673 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]674 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]675 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
676 if (status != NO_ERROR) {
677 ALOGD("import() could not contact remote: %d\n", status);
678 return -1;
679 }
680 int32_t err = reply.readExceptionCode();
681 int32_t ret = reply.readInt32();
682 if (err < 0) {
683 ALOGD("import() caught exception %d\n", err);
684 return -1;
685 }
686 return ret;
687 }
688
689 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
690 size_t* outLength)
691 {
692 Parcel data, reply;
693 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
694 data.writeString16(name);
695 data.writeInt32(inLength);
696 void* buf = data.writeInplace(inLength);
697 memcpy(buf, in, inLength);
698 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
699 if (status != NO_ERROR) {
700 ALOGD("import() could not contact remote: %d\n", status);
701 return -1;
702 }
703 int32_t err = reply.readExceptionCode();
704 ssize_t len = reply.readInt32();
705 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
706 size_t ulen = (size_t) len;
707 const void* outBuf = reply.readInplace(ulen);
708 *out = (uint8_t*) malloc(ulen);
709 if (*out != NULL) {
710 memcpy((void*) *out, outBuf, ulen);
711 *outLength = ulen;
712 } else {
713 ALOGE("out of memory allocating output array in sign");
714 *outLength = 0;
715 }
716 } else {
717 *outLength = 0;
718 }
719 if (err < 0) {
720 ALOGD("import() caught exception %d\n", err);
721 return -1;
722 }
723 return 0;
724 }
725
726 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
727 const uint8_t* signature, size_t signatureLength)
728 {
729 Parcel data, reply;
730 void* buf;
731
732 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
733 data.writeString16(name);
734 data.writeInt32(inLength);
735 buf = data.writeInplace(inLength);
736 memcpy(buf, in, inLength);
737 data.writeInt32(signatureLength);
738 buf = data.writeInplace(signatureLength);
739 memcpy(buf, signature, signatureLength);
740 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
741 if (status != NO_ERROR) {
742 ALOGD("verify() could not contact remote: %d\n", status);
743 return -1;
744 }
745 int32_t err = reply.readExceptionCode();
746 int32_t ret = reply.readInt32();
747 if (err < 0) {
748 ALOGD("verify() caught exception %d\n", err);
749 return -1;
750 }
751 return ret;
752 }
753
754 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
755 {
756 Parcel data, reply;
757 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
758 data.writeString16(name);
759 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
760 if (status != NO_ERROR) {
761 ALOGD("get_pubkey() could not contact remote: %d\n", status);
762 return -1;
763 }
764 int32_t err = reply.readExceptionCode();
765 ssize_t len = reply.readInt32();
766 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
767 size_t ulen = (size_t) len;
768 const void* buf = reply.readInplace(ulen);
769 *pubkey = (uint8_t*) malloc(ulen);
770 if (*pubkey != NULL) {
771 memcpy(*pubkey, buf, ulen);
772 *pubkeyLength = ulen;
773 } else {
774 ALOGE("out of memory allocating output array in get_pubkey");
775 *pubkeyLength = 0;
776 }
777 } else {
778 *pubkeyLength = 0;
779 }
780 if (err < 0) {
781 ALOGD("get_pubkey() caught exception %d\n", err);
782 return -1;
783 }
784 return 0;
785 }
786
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]787 virtual int32_t del_key(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]788 {
789 Parcel data, reply;
790 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
791 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]792 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]793 status_t status = remote()->transact(BnKeystoreService::DEL_KEY, data, &reply);
794 if (status != NO_ERROR) {
795 ALOGD("del_key() could not contact remote: %d\n", status);
796 return -1;
797 }
798 int32_t err = reply.readExceptionCode();
799 int32_t ret = reply.readInt32();
800 if (err < 0) {
801 ALOGD("del_key() caught exception %d\n", err);
802 return -1;
803 }
804 return ret;
805 }
806
807 virtual int32_t grant(const String16& name, int32_t granteeUid)
808 {
809 Parcel data, reply;
810 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
811 data.writeString16(name);
812 data.writeInt32(granteeUid);
813 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
814 if (status != NO_ERROR) {
815 ALOGD("grant() could not contact remote: %d\n", status);
816 return -1;
817 }
818 int32_t err = reply.readExceptionCode();
819 int32_t ret = reply.readInt32();
820 if (err < 0) {
821 ALOGD("grant() caught exception %d\n", err);
822 return -1;
823 }
824 return ret;
825 }
826
827 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
828 {
829 Parcel data, reply;
830 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
831 data.writeString16(name);
832 data.writeInt32(granteeUid);
833 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
834 if (status != NO_ERROR) {
835 ALOGD("ungrant() could not contact remote: %d\n", status);
836 return -1;
837 }
838 int32_t err = reply.readExceptionCode();
839 int32_t ret = reply.readInt32();
840 if (err < 0) {
841 ALOGD("ungrant() caught exception %d\n", err);
842 return -1;
843 }
844 return ret;
845 }
846
847 int64_t getmtime(const String16& name)
848 {
849 Parcel data, reply;
850 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
851 data.writeString16(name);
852 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
853 if (status != NO_ERROR) {
854 ALOGD("getmtime() could not contact remote: %d\n", status);
855 return -1;
856 }
857 int32_t err = reply.readExceptionCode();
858 int64_t ret = reply.readInt64();
859 if (err < 0) {
860 ALOGD("getmtime() caught exception %d\n", err);
861 return -1;
862 }
863 return ret;
864 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]865
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]866 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
867 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]868 {
869 Parcel data, reply;
870 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]871 data.writeString16(srcKey);
872 data.writeInt32(srcUid);
873 data.writeString16(destKey);
874 data.writeInt32(destUid);
875 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]876 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]877 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]878 return -1;
879 }
880 int32_t err = reply.readExceptionCode();
881 int32_t ret = reply.readInt32();
882 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]883 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]884 return -1;
885 }
886 return ret;
887 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]888
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]889 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]890 {
891 Parcel data, reply;
892 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]893 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]894 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
895 if (status != NO_ERROR) {
896 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
897 return -1;
898 }
899 int32_t err = reply.readExceptionCode();
900 int32_t ret = reply.readInt32();
901 if (err < 0) {
902 ALOGD("is_hardware_backed() caught exception %d\n", err);
903 return -1;
904 }
905 return ret;
906 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]907
908 virtual int32_t clear_uid(int64_t uid)
909 {
910 Parcel data, reply;
911 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
912 data.writeInt64(uid);
913 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
914 if (status != NO_ERROR) {
915 ALOGD("clear_uid() could not contact remote: %d\n", status);
916 return -1;
917 }
918 int32_t err = reply.readExceptionCode();
919 int32_t ret = reply.readInt32();
920 if (err < 0) {
921 ALOGD("clear_uid() caught exception %d\n", err);
922 return -1;
923 }
924 return ret;
925 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]926
927 virtual int32_t reset_uid(int32_t uid) {
928 Parcel data, reply;
929 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
930 data.writeInt32(uid);
931 status_t status = remote()->transact(BnKeystoreService::RESET_UID, data, &reply);
932 if (status != NO_ERROR) {
933 ALOGD("reset_uid() could not contact remote: %d\n", status);
934 return -1;
935 }
936 int32_t err = reply.readExceptionCode();
937 int32_t ret = reply.readInt32();
938 if (err < 0) {
939 ALOGD("reset_uid() caught exception %d\n", err);
940 return -1;
941 }
942 return ret;
943
944 }
945
946 virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid)
947 {
948 Parcel data, reply;
949 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
950 data.writeInt32(sourceUid);
951 data.writeInt32(targetUid);
952 status_t status = remote()->transact(BnKeystoreService::SYNC_UID, data, &reply);
953 if (status != NO_ERROR) {
954 ALOGD("sync_uid() could not contact remote: %d\n", status);
955 return -1;
956 }
957 int32_t err = reply.readExceptionCode();
958 int32_t ret = reply.readInt32();
959 if (err < 0) {
960 ALOGD("sync_uid() caught exception %d\n", err);
961 return -1;
962 }
963 return ret;
964 }
965
966 virtual int32_t password_uid(const String16& password, int32_t uid)
967 {
968 Parcel data, reply;
969 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
970 data.writeString16(password);
971 data.writeInt32(uid);
972 status_t status = remote()->transact(BnKeystoreService::PASSWORD_UID, data, &reply);
973 if (status != NO_ERROR) {
974 ALOGD("password_uid() could not contact remote: %d\n", status);
975 return -1;
976 }
977 int32_t err = reply.readExceptionCode();
978 int32_t ret = reply.readInt32();
979 if (err < 0) {
980 ALOGD("password_uid() caught exception %d\n", err);
981 return -1;
982 }
983 return ret;
984 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]985 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
986 {
987 Parcel data, reply;
988 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]989 data.writeByteArray(bufLength, buf);
990 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
991 if (status != NO_ERROR) {
992 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
993 return -1;
994 }
995 int32_t err = reply.readExceptionCode();
996 int32_t ret = reply.readInt32();
997 if (err < 0) {
998 ALOGD("addRngEntropy() caught exception %d\n", err);
999 return -1;
1000 }
1001 return ret;
1002 };
1003
1004 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1005 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
1006 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1007 {
1008 Parcel data, reply;
1009 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1010 data.writeString16(name);
1011 data.writeInt32(1);
1012 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1013 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1014 data.writeInt32(uid);
1015 data.writeInt32(flags);
1016 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
1017 if (status != NO_ERROR) {
1018 ALOGD("generateKey() could not contact remote: %d\n", status);
1019 return KM_ERROR_UNKNOWN_ERROR;
1020 }
1021 int32_t err = reply.readExceptionCode();
1022 int32_t ret = reply.readInt32();
1023 if (err < 0) {
1024 ALOGD("generateKey() caught exception %d\n", err);
1025 return KM_ERROR_UNKNOWN_ERROR;
1026 }
1027 if (reply.readInt32() != 0 && outCharacteristics) {
1028 outCharacteristics->readFromParcel(reply);
1029 }
1030 return ret;
1031 }
1032 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1033 const keymaster_blob_t* clientId,
1034 const keymaster_blob_t* appData,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1035 KeyCharacteristics* outCharacteristics)
1036 {
1037 Parcel data, reply;
1038 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1039 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1040 if (clientId) {
1041 data.writeByteArray(clientId->data_length, clientId->data);
1042 } else {
1043 data.writeInt32(-1);
1044 }
1045 if (appData) {
1046 data.writeByteArray(appData->data_length, appData->data);
1047 } else {
1048 data.writeInt32(-1);
1049 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1050 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1051 data, &reply);
1052 if (status != NO_ERROR) {
1053 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1054 return KM_ERROR_UNKNOWN_ERROR;
1055 }
1056 int32_t err = reply.readExceptionCode();
1057 int32_t ret = reply.readInt32();
1058 if (err < 0) {
1059 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1060 return KM_ERROR_UNKNOWN_ERROR;
1061 }
1062 if (reply.readInt32() != 0 && outCharacteristics) {
1063 outCharacteristics->readFromParcel(reply);
1064 }
1065 return ret;
1066 }
1067 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1068 keymaster_key_format_t format, const uint8_t *keyData,
1069 size_t keyLength, int uid, int flags,
1070 KeyCharacteristics* outCharacteristics)
1071 {
1072 Parcel data, reply;
1073 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1074 data.writeString16(name);
1075 data.writeInt32(1);
1076 params.writeToParcel(&data);
1077 data.writeInt32(format);
1078 data.writeByteArray(keyLength, keyData);
1079 data.writeInt32(uid);
1080 data.writeInt32(flags);
1081 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1082 if (status != NO_ERROR) {
1083 ALOGD("importKey() could not contact remote: %d\n", status);
1084 return KM_ERROR_UNKNOWN_ERROR;
1085 }
1086 int32_t err = reply.readExceptionCode();
1087 int32_t ret = reply.readInt32();
1088 if (err < 0) {
1089 ALOGD("importKey() caught exception %d\n", err);
1090 return KM_ERROR_UNKNOWN_ERROR;
1091 }
1092 if (reply.readInt32() != 0 && outCharacteristics) {
1093 outCharacteristics->readFromParcel(reply);
1094 }
1095 return ret;
1096 }
1097
1098 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1099 const keymaster_blob_t* clientId,
1100 const keymaster_blob_t* appData, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1101 {
1102 if (!result) {
1103 return;
1104 }
1105
1106 Parcel data, reply;
1107 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1108 data.writeString16(name);
1109 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1110 if (clientId) {
1111 data.writeByteArray(clientId->data_length, clientId->data);
1112 } else {
1113 data.writeInt32(-1);
1114 }
1115 if (appData) {
1116 data.writeByteArray(appData->data_length, appData->data);
1117 } else {
1118 data.writeInt32(-1);
1119 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1120 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1121 if (status != NO_ERROR) {
1122 ALOGD("exportKey() could not contact remote: %d\n", status);
1123 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1124 return;
1125 }
1126 int32_t err = reply.readExceptionCode();
1127 if (err < 0) {
1128 ALOGD("exportKey() caught exception %d\n", err);
1129 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1130 return;
1131 }
1132 if (reply.readInt32() != 0) {
1133 result->readFromParcel(reply);
1134 }
1135 }
1136
1137 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1138 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1139 const KeymasterArguments& params, const uint8_t* entropy,
1140 size_t entropyLength, KeymasterArguments* outParams,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1141 OperationResult* result)
1142 {
1143 if (!result || !outParams) {
1144 return;
1145 }
1146 Parcel data, reply;
1147 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1148 data.writeStrongBinder(appToken);
1149 data.writeString16(name);
1150 data.writeInt32(purpose);
1151 data.writeInt32(pruneable ? 1 : 0);
1152 data.writeInt32(1);
1153 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1154 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1155 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1156 if (status != NO_ERROR) {
1157 ALOGD("begin() could not contact remote: %d\n", status);
1158 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1159 return;
1160 }
1161 int32_t err = reply.readExceptionCode();
1162 if (err < 0) {
1163 ALOGD("begin() caught exception %d\n", err);
1164 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1165 return;
1166 }
1167 if (reply.readInt32() != 0) {
1168 result->readFromParcel(reply);
1169 }
1170 if (reply.readInt32() != 0) {
1171 outParams->readFromParcel(reply);
1172 }
1173 }
1174
1175 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1176 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1177 {
1178 if (!result) {
1179 return;
1180 }
1181 Parcel data, reply;
1182 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1183 data.writeStrongBinder(token);
1184 data.writeInt32(1);
1185 params.writeToParcel(&data);
1186 data.writeByteArray(dataLength, opData);
1187 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1188 if (status != NO_ERROR) {
1189 ALOGD("update() could not contact remote: %d\n", status);
1190 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1191 return;
1192 }
1193 int32_t err = reply.readExceptionCode();
1194 if (err < 0) {
1195 ALOGD("update() caught exception %d\n", err);
1196 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1197 return;
1198 }
1199 if (reply.readInt32() != 0) {
1200 result->readFromParcel(reply);
1201 }
1202 }
1203
1204 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1205 const uint8_t* signature, size_t signatureLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1206 {
1207 if (!result) {
1208 return;
1209 }
1210 Parcel data, reply;
1211 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1212 data.writeStrongBinder(token);
1213 data.writeInt32(1);
1214 params.writeToParcel(&data);
1215 data.writeByteArray(signatureLength, signature);
1216 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1217 if (status != NO_ERROR) {
1218 ALOGD("finish() could not contact remote: %d\n", status);
1219 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1220 return;
1221 }
1222 int32_t err = reply.readExceptionCode();
1223 if (err < 0) {
1224 ALOGD("finish() caught exception %d\n", err);
1225 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1226 return;
1227 }
1228 if (reply.readInt32() != 0) {
1229 result->readFromParcel(reply);
1230 }
1231 }
1232
1233 virtual int32_t abort(const sp<IBinder>& token)
1234 {
1235 Parcel data, reply;
1236 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1237 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1238 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1239 if (status != NO_ERROR) {
1240 ALOGD("abort() could not contact remote: %d\n", status);
1241 return KM_ERROR_UNKNOWN_ERROR;
1242 }
1243 int32_t err = reply.readExceptionCode();
1244 int32_t ret = reply.readInt32();
1245 if (err < 0) {
1246 ALOGD("abort() caught exception %d\n", err);
1247 return KM_ERROR_UNKNOWN_ERROR;
1248 }
1249 return ret;
1250 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1251
1252 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1253 {
1254 Parcel data, reply;
1255 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1256 data.writeStrongBinder(token);
1257 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1258 &reply);
1259 if (status != NO_ERROR) {
1260 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1261 return false;
1262 }
1263 int32_t err = reply.readExceptionCode();
1264 int32_t ret = reply.readInt32();
1265 if (err < 0) {
1266 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1267 return false;
1268 }
1269 return ret == 1;
1270 }
1271
1272 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1273 {
1274 Parcel data, reply;
1275 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1276 data.writeByteArray(length, token);
1277 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1278 if (status != NO_ERROR) {
1279 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1280 return -1;
1281 }
1282 int32_t err = reply.readExceptionCode();
1283 int32_t ret = reply.readInt32();
1284 if (err < 0) {
1285 ALOGD("addAuthToken() caught exception %d\n", err);
1286 return -1;
1287 }
1288 return ret;
1289 };
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1290};
1291
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1292IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1293
1294// ----------------------------------------------------------------------
1295
1296status_t BnKeystoreService::onTransact(
1297 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1298{
1299 switch(code) {
1300 case TEST: {
1301 CHECK_INTERFACE(IKeystoreService, data, reply);
1302 int32_t ret = test();
1303 reply->writeNoException();
1304 reply->writeInt32(ret);
1305 return NO_ERROR;
1306 } break;
1307 case GET: {
1308 CHECK_INTERFACE(IKeystoreService, data, reply);
1309 String16 name = data.readString16();
1310 void* out = NULL;
1311 size_t outSize = 0;
1312 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1313 reply->writeNoException();
1314 if (ret == 1) {
1315 reply->writeInt32(outSize);
1316 void* buf = reply->writeInplace(outSize);
1317 memcpy(buf, out, outSize);
1318 free(out);
1319 } else {
1320 reply->writeInt32(-1);
1321 }
1322 return NO_ERROR;
1323 } break;
1324 case INSERT: {
1325 CHECK_INTERFACE(IKeystoreService, data, reply);
1326 String16 name = data.readString16();
1327 ssize_t inSize = data.readInt32();
1328 const void* in;
1329 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1330 in = data.readInplace(inSize);
1331 } else {
1332 in = NULL;
1333 inSize = 0;
1334 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1335 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1336 int32_t flags = data.readInt32();
1337 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1338 reply->writeNoException();
1339 reply->writeInt32(ret);
1340 return NO_ERROR;
1341 } break;
1342 case DEL: {
1343 CHECK_INTERFACE(IKeystoreService, data, reply);
1344 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1345 int uid = data.readInt32();
1346 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1347 reply->writeNoException();
1348 reply->writeInt32(ret);
1349 return NO_ERROR;
1350 } break;
1351 case EXIST: {
1352 CHECK_INTERFACE(IKeystoreService, data, reply);
1353 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1354 int uid = data.readInt32();
1355 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1356 reply->writeNoException();
1357 reply->writeInt32(ret);
1358 return NO_ERROR;
1359 } break;
1360 case SAW: {
1361 CHECK_INTERFACE(IKeystoreService, data, reply);
1362 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1363 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1364 Vector<String16> matches;
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1365 int32_t ret = saw(name, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1366 reply->writeNoException();
1367 reply->writeInt32(matches.size());
1368 Vector<String16>::const_iterator it = matches.begin();
1369 for (; it != matches.end(); ++it) {
1370 reply->writeString16(*it);
1371 }
1372 reply->writeInt32(ret);
1373 return NO_ERROR;
1374 } break;
1375 case RESET: {
1376 CHECK_INTERFACE(IKeystoreService, data, reply);
1377 int32_t ret = reset();
1378 reply->writeNoException();
1379 reply->writeInt32(ret);
1380 return NO_ERROR;
1381 } break;
1382 case PASSWORD: {
1383 CHECK_INTERFACE(IKeystoreService, data, reply);
1384 String16 pass = data.readString16();
1385 int32_t ret = password(pass);
1386 reply->writeNoException();
1387 reply->writeInt32(ret);
1388 return NO_ERROR;
1389 } break;
1390 case LOCK: {
1391 CHECK_INTERFACE(IKeystoreService, data, reply);
1392 int32_t ret = lock();
1393 reply->writeNoException();
1394 reply->writeInt32(ret);
1395 return NO_ERROR;
1396 } break;
1397 case UNLOCK: {
1398 CHECK_INTERFACE(IKeystoreService, data, reply);
1399 String16 pass = data.readString16();
1400 int32_t ret = unlock(pass);
1401 reply->writeNoException();
1402 reply->writeInt32(ret);
1403 return NO_ERROR;
1404 } break;
1405 case ZERO: {
1406 CHECK_INTERFACE(IKeystoreService, data, reply);
1407 int32_t ret = zero();
1408 reply->writeNoException();
1409 reply->writeInt32(ret);
1410 return NO_ERROR;
1411 } break;
1412 case GENERATE: {
1413 CHECK_INTERFACE(IKeystoreService, data, reply);
1414 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1415 int32_t uid = data.readInt32();
1416 int32_t keyType = data.readInt32();
1417 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1418 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1419 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1420 int32_t argsPresent = data.readInt32();
1421 if (argsPresent == 1) {
1422 ssize_t numArgs = data.readInt32();
1423 if (numArgs > 0) {
1424 for (size_t i = 0; i < (size_t) numArgs; i++) {
1425 ssize_t inSize = data.readInt32();
1426 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1427 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1428 inSize);
1429 args.push_back(arg);
1430 } else {
1431 args.push_back(NULL);
1432 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1433 }
1434 }
1435 }
1436 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1437 reply->writeNoException();
1438 reply->writeInt32(ret);
1439 return NO_ERROR;
1440 } break;
1441 case IMPORT: {
1442 CHECK_INTERFACE(IKeystoreService, data, reply);
1443 String16 name = data.readString16();
1444 ssize_t inSize = data.readInt32();
1445 const void* in;
1446 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1447 in = data.readInplace(inSize);
1448 } else {
1449 in = NULL;
1450 inSize = 0;
1451 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1452 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1453 int32_t flags = data.readInt32();
1454 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1455 reply->writeNoException();
1456 reply->writeInt32(ret);
1457 return NO_ERROR;
1458 } break;
1459 case SIGN: {
1460 CHECK_INTERFACE(IKeystoreService, data, reply);
1461 String16 name = data.readString16();
1462 ssize_t inSize = data.readInt32();
1463 const void* in;
1464 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1465 in = data.readInplace(inSize);
1466 } else {
1467 in = NULL;
1468 inSize = 0;
1469 }
1470 void* out = NULL;
1471 size_t outSize = 0;
1472 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1473 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1474 if (outSize > 0 && out != NULL) {
1475 reply->writeInt32(outSize);
1476 void* buf = reply->writeInplace(outSize);
1477 memcpy(buf, out, outSize);
1478 free(out);
1479 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1480 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1481 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1482 reply->writeInt32(ret);
1483 return NO_ERROR;
1484 } break;
1485 case VERIFY: {
1486 CHECK_INTERFACE(IKeystoreService, data, reply);
1487 String16 name = data.readString16();
1488 ssize_t inSize = data.readInt32();
1489 const void* in;
1490 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1491 in = data.readInplace(inSize);
1492 } else {
1493 in = NULL;
1494 inSize = 0;
1495 }
1496 ssize_t sigSize = data.readInt32();
1497 const void* sig;
1498 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1499 sig = data.readInplace(sigSize);
1500 } else {
1501 sig = NULL;
1502 sigSize = 0;
1503 }
1504 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1505 (size_t) sigSize);
1506 reply->writeNoException();
1507 reply->writeInt32(ret ? 1 : 0);
1508 return NO_ERROR;
1509 } break;
1510 case GET_PUBKEY: {
1511 CHECK_INTERFACE(IKeystoreService, data, reply);
1512 String16 name = data.readString16();
1513 void* out = NULL;
1514 size_t outSize = 0;
1515 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1516 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1517 if (outSize > 0 && out != NULL) {
1518 reply->writeInt32(outSize);
1519 void* buf = reply->writeInplace(outSize);
1520 memcpy(buf, out, outSize);
1521 free(out);
1522 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1523 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1524 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1525 reply->writeInt32(ret);
1526 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1527 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1528 case DEL_KEY: {
1529 CHECK_INTERFACE(IKeystoreService, data, reply);
1530 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1531 int uid = data.readInt32();
1532 int32_t ret = del_key(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1533 reply->writeNoException();
1534 reply->writeInt32(ret);
1535 return NO_ERROR;
1536 } break;
1537 case GRANT: {
1538 CHECK_INTERFACE(IKeystoreService, data, reply);
1539 String16 name = data.readString16();
1540 int32_t granteeUid = data.readInt32();
1541 int32_t ret = grant(name, granteeUid);
1542 reply->writeNoException();
1543 reply->writeInt32(ret);
1544 return NO_ERROR;
1545 } break;
1546 case UNGRANT: {
1547 CHECK_INTERFACE(IKeystoreService, data, reply);
1548 String16 name = data.readString16();
1549 int32_t granteeUid = data.readInt32();
1550 int32_t ret = ungrant(name, granteeUid);
1551 reply->writeNoException();
1552 reply->writeInt32(ret);
1553 return NO_ERROR;
1554 } break;
1555 case GETMTIME: {
1556 CHECK_INTERFACE(IKeystoreService, data, reply);
1557 String16 name = data.readString16();
1558 int64_t ret = getmtime(name);
1559 reply->writeNoException();
1560 reply->writeInt64(ret);
1561 return NO_ERROR;
1562 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1563 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1564 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1565 String16 srcKey = data.readString16();
1566 int32_t srcUid = data.readInt32();
1567 String16 destKey = data.readString16();
1568 int32_t destUid = data.readInt32();
1569 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1570 reply->writeNoException();
1571 reply->writeInt32(ret);
1572 return NO_ERROR;
1573 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1574 case IS_HARDWARE_BACKED: {
1575 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1576 String16 keyType = data.readString16();
1577 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1578 reply->writeNoException();
1579 reply->writeInt32(ret);
1580 return NO_ERROR;
1581 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1582 case CLEAR_UID: {
1583 CHECK_INTERFACE(IKeystoreService, data, reply);
1584 int64_t uid = data.readInt64();
1585 int32_t ret = clear_uid(uid);
1586 reply->writeNoException();
1587 reply->writeInt32(ret);
1588 return NO_ERROR;
1589 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]1590 case RESET_UID: {
1591 CHECK_INTERFACE(IKeystoreService, data, reply);
1592 int32_t uid = data.readInt32();
1593 int32_t ret = reset_uid(uid);
1594 reply->writeNoException();
1595 reply->writeInt32(ret);
1596 return NO_ERROR;
1597 }
1598 case SYNC_UID: {
1599 CHECK_INTERFACE(IKeystoreService, data, reply);
1600 int32_t sourceUid = data.readInt32();
1601 int32_t targetUid = data.readInt32();
1602 int32_t ret = sync_uid(sourceUid, targetUid);
1603 reply->writeNoException();
1604 reply->writeInt32(ret);
1605 return NO_ERROR;
1606 }
1607 case PASSWORD_UID: {
1608 CHECK_INTERFACE(IKeystoreService, data, reply);
1609 String16 password = data.readString16();
1610 int32_t uid = data.readInt32();
1611 int32_t ret = password_uid(password, uid);
1612 reply->writeNoException();
1613 reply->writeInt32(ret);
1614 return NO_ERROR;
1615 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1616 case ADD_RNG_ENTROPY: {
1617 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1618 const uint8_t* bytes = NULL;
1619 size_t size = 0;
1620 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1621 int32_t ret = addRngEntropy(bytes, size);
1622 reply->writeNoException();
1623 reply->writeInt32(ret);
1624 return NO_ERROR;
1625 }
1626 case GENERATE_KEY: {
1627 CHECK_INTERFACE(IKeystoreService, data, reply);
1628 String16 name = data.readString16();
1629 KeymasterArguments args;
1630 if (data.readInt32() != 0) {
1631 args.readFromParcel(data);
1632 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1633 const uint8_t* entropy = NULL;
1634 size_t entropyLength = 0;
1635 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1636 int32_t uid = data.readInt32();
1637 int32_t flags = data.readInt32();
1638 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1639 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1640 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1641 reply->writeNoException();
1642 reply->writeInt32(ret);
1643 reply->writeInt32(1);
1644 outCharacteristics.writeToParcel(reply);
1645 return NO_ERROR;
1646 }
1647 case GET_KEY_CHARACTERISTICS: {
1648 CHECK_INTERFACE(IKeystoreService, data, reply);
1649 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1650 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1651 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1652 KeyCharacteristics outCharacteristics;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1653 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(),
1654 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1655 reply->writeNoException();
1656 reply->writeInt32(ret);
1657 reply->writeInt32(1);
1658 outCharacteristics.writeToParcel(reply);
1659 return NO_ERROR;
1660 }
1661 case IMPORT_KEY: {
1662 CHECK_INTERFACE(IKeystoreService, data, reply);
1663 String16 name = data.readString16();
1664 KeymasterArguments args;
1665 if (data.readInt32() != 0) {
1666 args.readFromParcel(data);
1667 }
1668 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1669 const uint8_t* keyData = NULL;
1670 size_t keyLength = 0;
1671 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1672 int32_t uid = data.readInt32();
1673 int32_t flags = data.readInt32();
1674 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1675 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1676 &outCharacteristics);
1677 reply->writeNoException();
1678 reply->writeInt32(ret);
1679 reply->writeInt32(1);
1680 outCharacteristics.writeToParcel(reply);
1681
1682 return NO_ERROR;
1683 }
1684 case EXPORT_KEY: {
1685 CHECK_INTERFACE(IKeystoreService, data, reply);
1686 String16 name = data.readString16();
1687 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1688 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1689 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1690 ExportResult result;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1691 exportKey(name, format, clientId.get(), appData.get(), &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1692 reply->writeNoException();
1693 reply->writeInt32(1);
1694 result.writeToParcel(reply);
1695
1696 return NO_ERROR;
1697 }
1698 case BEGIN: {
1699 CHECK_INTERFACE(IKeystoreService, data, reply);
1700 sp<IBinder> token = data.readStrongBinder();
1701 String16 name = data.readString16();
1702 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1703 bool pruneable = data.readInt32() != 0;
1704 KeymasterArguments args;
1705 if (data.readInt32() != 0) {
1706 args.readFromParcel(data);
1707 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1708 const uint8_t* entropy = NULL;
1709 size_t entropyLength = 0;
1710 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1711 KeymasterArguments outArgs;
1712 OperationResult result;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1713 begin(token, name, purpose, pruneable, args, entropy, entropyLength, &outArgs,
1714 &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1715 reply->writeNoException();
1716 reply->writeInt32(1);
1717 result.writeToParcel(reply);
1718 reply->writeInt32(1);
1719 outArgs.writeToParcel(reply);
1720
1721 return NO_ERROR;
1722 }
1723 case UPDATE: {
1724 CHECK_INTERFACE(IKeystoreService, data, reply);
1725 sp<IBinder> token = data.readStrongBinder();
1726 KeymasterArguments args;
1727 if (data.readInt32() != 0) {
1728 args.readFromParcel(data);
1729 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1730 const uint8_t* buf = NULL;
1731 size_t bufLength = 0;
1732 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1733 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1734 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1735 reply->writeNoException();
1736 reply->writeInt32(1);
1737 result.writeToParcel(reply);
1738
1739 return NO_ERROR;
1740 }
1741 case FINISH: {
1742 CHECK_INTERFACE(IKeystoreService, data, reply);
1743 sp<IBinder> token = data.readStrongBinder();
1744 KeymasterArguments args;
1745 if (data.readInt32() != 0) {
1746 args.readFromParcel(data);
1747 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1748 const uint8_t* buf = NULL;
1749 size_t bufLength = 0;
1750 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1751 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1752 finish(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1753 reply->writeNoException();
1754 reply->writeInt32(1);
1755 result.writeToParcel(reply);
1756
1757 return NO_ERROR;
1758 }
1759 case ABORT: {
1760 CHECK_INTERFACE(IKeystoreService, data, reply);
1761 sp<IBinder> token = data.readStrongBinder();
1762 int32_t result = abort(token);
1763 reply->writeNoException();
1764 reply->writeInt32(result);
1765
1766 return NO_ERROR;
1767 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1768 case IS_OPERATION_AUTHORIZED: {
1769 CHECK_INTERFACE(IKeystoreService, data, reply);
1770 sp<IBinder> token = data.readStrongBinder();
1771 bool result = isOperationAuthorized(token);
1772 reply->writeNoException();
1773 reply->writeInt32(result ? 1 : 0);
1774
1775 return NO_ERROR;
1776 }
1777 case ADD_AUTH_TOKEN: {
1778 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1779 const uint8_t* token_bytes = NULL;
1780 size_t size = 0;
1781 readByteArray(data, &token_bytes, &size);
1782 int32_t result = addAuthToken(token_bytes, size);
1783 reply->writeNoException();
1784 reply->writeInt32(result);
1785
1786 return NO_ERROR;
1787 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1788 default:
1789 return BBinder::onTransact(code, data, reply, flags);
1790 }
1791}
1792
1793// ----------------------------------------------------------------------------
1794
1795}; // namespace android