Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / f1b8f6bf93eaf677268342eccc1a1caf830d9fe9 / . / keystore / IKeystoreService.cpp
blob: d58f5ecd3c89948fa4e6a3b7d1c546dd6374ceba [file] [log] [blame]
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1/*
2**
3** Copyright 2008, The Android Open Source Project
4**
5** Licensed under the Apache License, Version 2.0 (the "License");
6** you may not use this file except in compliance with the License.
7** You may obtain a copy of the License at
8**
9** http://www.apache.org/licenses/LICENSE-2.0
10**
11** Unless required by applicable law or agreed to in writing, software
12** distributed under the License is distributed on an "AS IS" BASIS,
13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14** See the License for the specific language governing permissions and
15** limitations under the License.
16*/
17
18#include <stdint.h>
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]19#include <sys/limits.h>
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]20#include <sys/types.h>
21
22#define LOG_TAG "KeystoreService"
23#include <utils/Log.h>
24
25#include <binder/Parcel.h>
26#include <binder/IPCThreadState.h>
27#include <binder/IServiceManager.h>
28
29#include <keystore/IKeystoreService.h>
30
31namespace android {
32
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]33static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length);
34
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]35KeystoreArg::KeystoreArg(const void* data, size_t len)
36 : mData(data), mSize(len) {
37}
38
39KeystoreArg::~KeystoreArg() {
40}
41
42const void *KeystoreArg::data() const {
43 return mData;
44}
45
46size_t KeystoreArg::size() const {
47 return mSize;
48}
49
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]50OperationResult::OperationResult() : resultCode(0), token(), handle(0), inputConsumed(0),
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]51 data(NULL), dataLength(0) {
52}
53
54OperationResult::~OperationResult() {
55}
56
57void OperationResult::readFromParcel(const Parcel& in) {
58 resultCode = in.readInt32();
59 token = in.readStrongBinder();
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]60 handle = static_cast<keymaster_operation_handle_t>(in.readInt64());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]61 inputConsumed = in.readInt32();
62 ssize_t length = in.readInt32();
63 dataLength = 0;
64 if (length > 0) {
65 const void* buf = in.readInplace(length);
66 if (buf) {
67 data.reset(reinterpret_cast<uint8_t*>(malloc(length)));
68 if (data.get()) {
69 memcpy(data.get(), buf, length);
70 dataLength = (size_t) length;
71 } else {
72 ALOGE("Failed to allocate OperationResult buffer");
73 }
74 } else {
75 ALOGE("Failed to readInplace OperationResult data");
76 }
77 }
78}
79
80void OperationResult::writeToParcel(Parcel* out) const {
81 out->writeInt32(resultCode);
82 out->writeStrongBinder(token);
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]83 out->writeInt64(handle);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]84 out->writeInt32(inputConsumed);
85 out->writeInt32(dataLength);
86 if (dataLength && data) {
87 void* buf = out->writeInplace(dataLength);
88 if (buf) {
89 memcpy(buf, data.get(), dataLength);
90 } else {
91 ALOGE("Failed to writeInplace OperationResult data.");
92 }
93 }
94}
95
96ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) {
97}
98
99ExportResult::~ExportResult() {
100}
101
102void ExportResult::readFromParcel(const Parcel& in) {
103 resultCode = in.readInt32();
104 ssize_t length = in.readInt32();
105 dataLength = 0;
106 if (length > 0) {
107 const void* buf = in.readInplace(length);
108 if (buf) {
109 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length)));
110 if (exportData.get()) {
111 memcpy(exportData.get(), buf, length);
112 dataLength = (size_t) length;
113 } else {
114 ALOGE("Failed to allocate ExportData buffer");
115 }
116 } else {
117 ALOGE("Failed to readInplace ExportData data");
118 }
119 }
120}
121
122void ExportResult::writeToParcel(Parcel* out) const {
123 out->writeInt32(resultCode);
124 out->writeInt32(dataLength);
125 if (exportData && dataLength) {
126 void* buf = out->writeInplace(dataLength);
127 if (buf) {
128 memcpy(buf, exportData.get(), dataLength);
129 } else {
130 ALOGE("Failed to writeInplace ExportResult data.");
131 }
132 }
133}
134
135KeymasterArguments::KeymasterArguments() {
136}
137
138KeymasterArguments::~KeymasterArguments() {
139 keymaster_free_param_values(params.data(), params.size());
140}
141
142void KeymasterArguments::readFromParcel(const Parcel& in) {
143 ssize_t length = in.readInt32();
144 size_t ulength = (size_t) length;
145 if (length < 0) {
146 ulength = 0;
147 }
148 keymaster_free_param_values(params.data(), params.size());
149 params.clear();
150 for(size_t i = 0; i < ulength; i++) {
151 keymaster_key_param_t param;
152 if (!readKeymasterArgumentFromParcel(in, &param)) {
153 ALOGE("Error reading keymaster argument from parcel");
154 break;
155 }
156 params.push_back(param);
157 }
158}
159
160void KeymasterArguments::writeToParcel(Parcel* out) const {
161 out->writeInt32(params.size());
162 for (auto param : params) {
163 out->writeInt32(1);
164 writeKeymasterArgumentToParcel(param, out);
165 }
166}
167
168KeyCharacteristics::KeyCharacteristics() {
169 memset((void*) &characteristics, 0, sizeof(characteristics));
170}
171
172KeyCharacteristics::~KeyCharacteristics() {
173 keymaster_free_characteristics(&characteristics);
174}
175
176void KeyCharacteristics::readFromParcel(const Parcel& in) {
177 size_t length = 0;
178 keymaster_key_param_t* params = readParamList(in, &length);
179 characteristics.sw_enforced.params = params;
180 characteristics.sw_enforced.length = length;
181
182 params = readParamList(in, &length);
183 characteristics.hw_enforced.params = params;
184 characteristics.hw_enforced.length = length;
185}
186
187void KeyCharacteristics::writeToParcel(Parcel* out) const {
188 if (characteristics.sw_enforced.params) {
189 out->writeInt32(characteristics.sw_enforced.length);
190 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) {
191 out->writeInt32(1);
192 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out);
193 }
194 } else {
195 out->writeInt32(0);
196 }
197 if (characteristics.hw_enforced.params) {
198 out->writeInt32(characteristics.hw_enforced.length);
199 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) {
200 out->writeInt32(1);
201 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out);
202 }
203 } else {
204 out->writeInt32(0);
205 }
206}
207
208void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) {
209 switch (keymaster_tag_get_type(param.tag)) {
210 case KM_ENUM:
211 case KM_ENUM_REP: {
212 out->writeInt32(param.tag);
213 out->writeInt32(param.enumerated);
214 break;
215 }
216 case KM_INT:
217 case KM_INT_REP: {
218 out->writeInt32(param.tag);
219 out->writeInt32(param.integer);
220 break;
221 }
222 case KM_LONG: {
223 out->writeInt32(param.tag);
224 out->writeInt64(param.long_integer);
225 break;
226 }
227 case KM_DATE: {
228 out->writeInt32(param.tag);
229 out->writeInt64(param.date_time);
230 break;
231 }
232 case KM_BOOL: {
233 out->writeInt32(param.tag);
234 break;
235 }
236 case KM_BIGNUM:
237 case KM_BYTES: {
238 out->writeInt32(param.tag);
239 out->writeInt32(param.blob.data_length);
240 void* buf = out->writeInplace(param.blob.data_length);
241 if (buf) {
242 memcpy(buf, param.blob.data, param.blob.data_length);
243 } else {
244 ALOGE("Failed to writeInplace keymaster blob param");
245 }
246 break;
247 }
248 default: {
249 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag);
250 }
251 }
252}
253
254
255bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) {
256 if (in.readInt32() == 0) {
257 return false;
258 }
259 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32());
260 switch (keymaster_tag_get_type(tag)) {
261 case KM_ENUM:
262 case KM_ENUM_REP: {
263 uint32_t value = in.readInt32();
264 *out = keymaster_param_enum(tag, value);
265 break;
266 }
267 case KM_INT:
268 case KM_INT_REP: {
269 uint32_t value = in.readInt32();
270 *out = keymaster_param_int(tag, value);
271 break;
272 }
273 case KM_LONG: {
274 uint64_t value = in.readInt64();
275 *out = keymaster_param_long(tag, value);
276 break;
277 }
278 case KM_DATE: {
279 uint64_t value = in.readInt64();
280 *out = keymaster_param_date(tag, value);
281 break;
282 }
283 case KM_BOOL: {
284 *out = keymaster_param_bool(tag);
285 break;
286 }
287 case KM_BIGNUM:
288 case KM_BYTES: {
289 ssize_t length = in.readInt32();
290 uint8_t* data = NULL;
291 size_t ulength = 0;
292 if (length >= 0) {
293 ulength = (size_t) length;
294 // use malloc here so we can use keymaster_free_param_values
295 // consistently.
296 data = reinterpret_cast<uint8_t*>(malloc(ulength));
297 const void* buf = in.readInplace(ulength);
298 if (!buf || !data) {
299 ALOGE("Failed to allocate buffer for keymaster blob param");
300 return false;
301 }
302 memcpy(data, buf, ulength);
303 }
304 *out = keymaster_param_blob(tag, data, ulength);
305 break;
306 }
307 default: {
308 ALOGE("Unsupported keymaster_tag_t %d", tag);
309 return false;
310 }
311 }
312 return true;
313}
314
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]315/**
316 * Read a byte array from in. The data at *data is still owned by the parcel
317 */
318static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
319 ssize_t slength = in.readInt32();
320 if (slength > 0) {
321 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
322 if (*data) {
323 *length = static_cast<size_t>(slength);
324 } else {
325 *length = 0;
326 }
327 } else {
328 *data = NULL;
329 *length = 0;
330 }
331}
332
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]333// Read a keymaster_key_param_t* from a Parcel for use in a
334// keymaster_key_characteristics_t. This will be free'd by calling
335// keymaster_free_key_characteristics.
336static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) {
337 ssize_t slength = in.readInt32();
338 *length = 0;
339 if (slength < 0) {
340 return NULL;
341 }
342 *length = (size_t) slength;
343 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) {
344 return NULL;
345 }
346 keymaster_key_param_t* list =
347 reinterpret_cast<keymaster_key_param_t*>(malloc(*length *
348 sizeof(keymaster_key_param_t)));
349 if (!list) {
350 ALOGD("Failed to allocate buffer for generateKey outCharacteristics");
351 goto err;
352 }
353 for (size_t i = 0; i < *length ; i++) {
354 if (!readKeymasterArgumentFromParcel(in, &list[i])) {
355 ALOGE("Failed to read keymaster argument");
356 keymaster_free_param_values(list, i);
357 goto err;
358 }
359 }
360 return list;
361err:
362 free(list);
363 return NULL;
364}
365
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]366static std::unique_ptr<keymaster_blob_t> readKeymasterBlob(const Parcel& in) {
367 std::unique_ptr<keymaster_blob_t> blob;
368 if (in.readInt32() != 1) {
369 blob.reset(NULL);
370 return blob;
371 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]372 ssize_t length = in.readInt32();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]373 blob.reset(new keymaster_blob_t);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]374 if (length > 0) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]375 blob->data = reinterpret_cast<const uint8_t*>(in.readInplace(length));
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]376 if (blob->data) {
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]377 blob->data_length = static_cast<size_t>(length);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]378 } else {
379 blob->data_length = 0;
380 }
381 } else {
382 blob->data = NULL;
383 blob->data_length = 0;
384 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]385 return blob;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]386}
387
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]388class BpKeystoreService: public BpInterface<IKeystoreService>
389{
390public:
391 BpKeystoreService(const sp<IBinder>& impl)
392 : BpInterface<IKeystoreService>(impl)
393 {
394 }
395
396 // test ping
397 virtual int32_t test()
398 {
399 Parcel data, reply;
400 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
401 status_t status = remote()->transact(BnKeystoreService::TEST, data, &reply);
402 if (status != NO_ERROR) {
403 ALOGD("test() could not contact remote: %d\n", status);
404 return -1;
405 }
406 int32_t err = reply.readExceptionCode();
407 int32_t ret = reply.readInt32();
408 if (err < 0) {
409 ALOGD("test() caught exception %d\n", err);
410 return -1;
411 }
412 return ret;
413 }
414
415 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
416 {
417 Parcel data, reply;
418 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
419 data.writeString16(name);
420 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
421 if (status != NO_ERROR) {
422 ALOGD("get() could not contact remote: %d\n", status);
423 return -1;
424 }
425 int32_t err = reply.readExceptionCode();
426 ssize_t len = reply.readInt32();
427 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
428 size_t ulen = (size_t) len;
429 const void* buf = reply.readInplace(ulen);
430 *item = (uint8_t*) malloc(ulen);
431 if (*item != NULL) {
432 memcpy(*item, buf, ulen);
433 *itemLength = ulen;
434 } else {
435 ALOGE("out of memory allocating output array in get");
436 *itemLength = 0;
437 }
438 } else {
439 *itemLength = 0;
440 }
441 if (err < 0) {
442 ALOGD("get() caught exception %d\n", err);
443 return -1;
444 }
445 return 0;
446 }
447
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]448 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
449 int32_t flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]450 {
451 Parcel data, reply;
452 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
453 data.writeString16(name);
454 data.writeInt32(itemLength);
455 void* buf = data.writeInplace(itemLength);
456 memcpy(buf, item, itemLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]457 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]458 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]459 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
460 if (status != NO_ERROR) {
461 ALOGD("import() could not contact remote: %d\n", status);
462 return -1;
463 }
464 int32_t err = reply.readExceptionCode();
465 int32_t ret = reply.readInt32();
466 if (err < 0) {
467 ALOGD("import() caught exception %d\n", err);
468 return -1;
469 }
470 return ret;
471 }
472
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]473 virtual int32_t del(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]474 {
475 Parcel data, reply;
476 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
477 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]478 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]479 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
480 if (status != NO_ERROR) {
481 ALOGD("del() could not contact remote: %d\n", status);
482 return -1;
483 }
484 int32_t err = reply.readExceptionCode();
485 int32_t ret = reply.readInt32();
486 if (err < 0) {
487 ALOGD("del() caught exception %d\n", err);
488 return -1;
489 }
490 return ret;
491 }
492
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]493 virtual int32_t exist(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]494 {
495 Parcel data, reply;
496 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
497 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]498 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]499 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
500 if (status != NO_ERROR) {
501 ALOGD("exist() could not contact remote: %d\n", status);
502 return -1;
503 }
504 int32_t err = reply.readExceptionCode();
505 int32_t ret = reply.readInt32();
506 if (err < 0) {
507 ALOGD("exist() caught exception %d\n", err);
508 return -1;
509 }
510 return ret;
511 }
512
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]513 virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]514 {
515 Parcel data, reply;
516 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
517 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]518 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]519 status_t status = remote()->transact(BnKeystoreService::SAW, data, &reply);
520 if (status != NO_ERROR) {
521 ALOGD("saw() could not contact remote: %d\n", status);
522 return -1;
523 }
524 int32_t err = reply.readExceptionCode();
525 int32_t numMatches = reply.readInt32();
526 for (int32_t i = 0; i < numMatches; i++) {
527 matches->push(reply.readString16());
528 }
529 int32_t ret = reply.readInt32();
530 if (err < 0) {
531 ALOGD("saw() caught exception %d\n", err);
532 return -1;
533 }
534 return ret;
535 }
536
537 virtual int32_t reset()
538 {
539 Parcel data, reply;
540 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
541 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
542 if (status != NO_ERROR) {
543 ALOGD("reset() could not contact remote: %d\n", status);
544 return -1;
545 }
546 int32_t err = reply.readExceptionCode();
547 int32_t ret = reply.readInt32();
548 if (err < 0) {
549 ALOGD("reset() caught exception %d\n", err);
550 return -1;
551 }
552 return ret;
553 }
554
555 virtual int32_t password(const String16& password)
556 {
557 Parcel data, reply;
558 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
559 data.writeString16(password);
560 status_t status = remote()->transact(BnKeystoreService::PASSWORD, data, &reply);
561 if (status != NO_ERROR) {
562 ALOGD("password() could not contact remote: %d\n", status);
563 return -1;
564 }
565 int32_t err = reply.readExceptionCode();
566 int32_t ret = reply.readInt32();
567 if (err < 0) {
568 ALOGD("password() caught exception %d\n", err);
569 return -1;
570 }
571 return ret;
572 }
573
574 virtual int32_t lock()
575 {
576 Parcel data, reply;
577 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
578 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
579 if (status != NO_ERROR) {
580 ALOGD("lock() could not contact remote: %d\n", status);
581 return -1;
582 }
583 int32_t err = reply.readExceptionCode();
584 int32_t ret = reply.readInt32();
585 if (err < 0) {
586 ALOGD("lock() caught exception %d\n", err);
587 return -1;
588 }
589 return ret;
590 }
591
592 virtual int32_t unlock(const String16& password)
593 {
594 Parcel data, reply;
595 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
596 data.writeString16(password);
597 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
598 if (status != NO_ERROR) {
599 ALOGD("unlock() could not contact remote: %d\n", status);
600 return -1;
601 }
602 int32_t err = reply.readExceptionCode();
603 int32_t ret = reply.readInt32();
604 if (err < 0) {
605 ALOGD("unlock() caught exception %d\n", err);
606 return -1;
607 }
608 return ret;
609 }
610
611 virtual int32_t zero()
612 {
613 Parcel data, reply;
614 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
615 status_t status = remote()->transact(BnKeystoreService::ZERO, data, &reply);
616 if (status != NO_ERROR) {
617 ALOGD("zero() could not contact remote: %d\n", status);
618 return -1;
619 }
620 int32_t err = reply.readExceptionCode();
621 int32_t ret = reply.readInt32();
622 if (err < 0) {
623 ALOGD("zero() caught exception %d\n", err);
624 return -1;
625 }
626 return ret;
627 }
628
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]629 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
630 int32_t flags, Vector<sp<KeystoreArg> >* args)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]631 {
632 Parcel data, reply;
633 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
634 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]635 data.writeInt32(uid);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]636 data.writeInt32(keyType);
637 data.writeInt32(keySize);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]638 data.writeInt32(flags);
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]639 data.writeInt32(1);
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]640 data.writeInt32(args->size());
641 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
642 sp<KeystoreArg> item = *it;
643 size_t keyLength = item->size();
644 data.writeInt32(keyLength);
645 void* buf = data.writeInplace(keyLength);
646 memcpy(buf, item->data(), keyLength);
647 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]648 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
649 if (status != NO_ERROR) {
650 ALOGD("generate() could not contact remote: %d\n", status);
651 return -1;
652 }
653 int32_t err = reply.readExceptionCode();
654 int32_t ret = reply.readInt32();
655 if (err < 0) {
656 ALOGD("generate() caught exception %d\n", err);
657 return -1;
658 }
659 return ret;
660 }
661
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]662 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
663 int flags)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]664 {
665 Parcel data, reply;
666 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
667 data.writeString16(name);
668 data.writeInt32(keyLength);
669 void* buf = data.writeInplace(keyLength);
670 memcpy(buf, key, keyLength);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]671 data.writeInt32(uid);
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]672 data.writeInt32(flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]673 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
674 if (status != NO_ERROR) {
675 ALOGD("import() could not contact remote: %d\n", status);
676 return -1;
677 }
678 int32_t err = reply.readExceptionCode();
679 int32_t ret = reply.readInt32();
680 if (err < 0) {
681 ALOGD("import() caught exception %d\n", err);
682 return -1;
683 }
684 return ret;
685 }
686
687 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
688 size_t* outLength)
689 {
690 Parcel data, reply;
691 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
692 data.writeString16(name);
693 data.writeInt32(inLength);
694 void* buf = data.writeInplace(inLength);
695 memcpy(buf, in, inLength);
696 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
697 if (status != NO_ERROR) {
698 ALOGD("import() could not contact remote: %d\n", status);
699 return -1;
700 }
701 int32_t err = reply.readExceptionCode();
702 ssize_t len = reply.readInt32();
703 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
704 size_t ulen = (size_t) len;
705 const void* outBuf = reply.readInplace(ulen);
706 *out = (uint8_t*) malloc(ulen);
707 if (*out != NULL) {
708 memcpy((void*) *out, outBuf, ulen);
709 *outLength = ulen;
710 } else {
711 ALOGE("out of memory allocating output array in sign");
712 *outLength = 0;
713 }
714 } else {
715 *outLength = 0;
716 }
717 if (err < 0) {
718 ALOGD("import() caught exception %d\n", err);
719 return -1;
720 }
721 return 0;
722 }
723
724 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
725 const uint8_t* signature, size_t signatureLength)
726 {
727 Parcel data, reply;
728 void* buf;
729
730 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
731 data.writeString16(name);
732 data.writeInt32(inLength);
733 buf = data.writeInplace(inLength);
734 memcpy(buf, in, inLength);
735 data.writeInt32(signatureLength);
736 buf = data.writeInplace(signatureLength);
737 memcpy(buf, signature, signatureLength);
738 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
739 if (status != NO_ERROR) {
740 ALOGD("verify() could not contact remote: %d\n", status);
741 return -1;
742 }
743 int32_t err = reply.readExceptionCode();
744 int32_t ret = reply.readInt32();
745 if (err < 0) {
746 ALOGD("verify() caught exception %d\n", err);
747 return -1;
748 }
749 return ret;
750 }
751
752 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
753 {
754 Parcel data, reply;
755 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
756 data.writeString16(name);
757 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
758 if (status != NO_ERROR) {
759 ALOGD("get_pubkey() could not contact remote: %d\n", status);
760 return -1;
761 }
762 int32_t err = reply.readExceptionCode();
763 ssize_t len = reply.readInt32();
764 if (len >= 0 && (size_t) len <= reply.dataAvail()) {
765 size_t ulen = (size_t) len;
766 const void* buf = reply.readInplace(ulen);
767 *pubkey = (uint8_t*) malloc(ulen);
768 if (*pubkey != NULL) {
769 memcpy(*pubkey, buf, ulen);
770 *pubkeyLength = ulen;
771 } else {
772 ALOGE("out of memory allocating output array in get_pubkey");
773 *pubkeyLength = 0;
774 }
775 } else {
776 *pubkeyLength = 0;
777 }
778 if (err < 0) {
779 ALOGD("get_pubkey() caught exception %d\n", err);
780 return -1;
781 }
782 return 0;
783 }
784
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]785 virtual int32_t del_key(const String16& name, int uid)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]786 {
787 Parcel data, reply;
788 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
789 data.writeString16(name);
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]790 data.writeInt32(uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]791 status_t status = remote()->transact(BnKeystoreService::DEL_KEY, data, &reply);
792 if (status != NO_ERROR) {
793 ALOGD("del_key() could not contact remote: %d\n", status);
794 return -1;
795 }
796 int32_t err = reply.readExceptionCode();
797 int32_t ret = reply.readInt32();
798 if (err < 0) {
799 ALOGD("del_key() caught exception %d\n", err);
800 return -1;
801 }
802 return ret;
803 }
804
805 virtual int32_t grant(const String16& name, int32_t granteeUid)
806 {
807 Parcel data, reply;
808 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
809 data.writeString16(name);
810 data.writeInt32(granteeUid);
811 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
812 if (status != NO_ERROR) {
813 ALOGD("grant() could not contact remote: %d\n", status);
814 return -1;
815 }
816 int32_t err = reply.readExceptionCode();
817 int32_t ret = reply.readInt32();
818 if (err < 0) {
819 ALOGD("grant() caught exception %d\n", err);
820 return -1;
821 }
822 return ret;
823 }
824
825 virtual int32_t ungrant(const String16& name, int32_t granteeUid)
826 {
827 Parcel data, reply;
828 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
829 data.writeString16(name);
830 data.writeInt32(granteeUid);
831 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
832 if (status != NO_ERROR) {
833 ALOGD("ungrant() could not contact remote: %d\n", status);
834 return -1;
835 }
836 int32_t err = reply.readExceptionCode();
837 int32_t ret = reply.readInt32();
838 if (err < 0) {
839 ALOGD("ungrant() caught exception %d\n", err);
840 return -1;
841 }
842 return ret;
843 }
844
845 int64_t getmtime(const String16& name)
846 {
847 Parcel data, reply;
848 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
849 data.writeString16(name);
850 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
851 if (status != NO_ERROR) {
852 ALOGD("getmtime() could not contact remote: %d\n", status);
853 return -1;
854 }
855 int32_t err = reply.readExceptionCode();
856 int64_t ret = reply.readInt64();
857 if (err < 0) {
858 ALOGD("getmtime() caught exception %d\n", err);
859 return -1;
860 }
861 return ret;
862 }
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]863
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]864 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
865 int32_t destUid)
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]866 {
867 Parcel data, reply;
868 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]869 data.writeString16(srcKey);
870 data.writeInt32(srcUid);
871 data.writeString16(destKey);
872 data.writeInt32(destUid);
873 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]874 if (status != NO_ERROR) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]875 ALOGD("duplicate() could not contact remote: %d\n", status);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]876 return -1;
877 }
878 int32_t err = reply.readExceptionCode();
879 int32_t ret = reply.readInt32();
880 if (err < 0) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]881 ALOGD("duplicate() caught exception %d\n", err);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]882 return -1;
883 }
884 return ret;
885 }
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]886
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]887 virtual int32_t is_hardware_backed(const String16& keyType)
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]888 {
889 Parcel data, reply;
890 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]891 data.writeString16(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]892 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
893 if (status != NO_ERROR) {
894 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
895 return -1;
896 }
897 int32_t err = reply.readExceptionCode();
898 int32_t ret = reply.readInt32();
899 if (err < 0) {
900 ALOGD("is_hardware_backed() caught exception %d\n", err);
901 return -1;
902 }
903 return ret;
904 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]905
906 virtual int32_t clear_uid(int64_t uid)
907 {
908 Parcel data, reply;
909 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
910 data.writeInt64(uid);
911 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
912 if (status != NO_ERROR) {
913 ALOGD("clear_uid() could not contact remote: %d\n", status);
914 return -1;
915 }
916 int32_t err = reply.readExceptionCode();
917 int32_t ret = reply.readInt32();
918 if (err < 0) {
919 ALOGD("clear_uid() caught exception %d\n", err);
920 return -1;
921 }
922 return ret;
923 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]924
925 virtual int32_t reset_uid(int32_t uid) {
926 Parcel data, reply;
927 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
928 data.writeInt32(uid);
929 status_t status = remote()->transact(BnKeystoreService::RESET_UID, data, &reply);
930 if (status != NO_ERROR) {
931 ALOGD("reset_uid() could not contact remote: %d\n", status);
932 return -1;
933 }
934 int32_t err = reply.readExceptionCode();
935 int32_t ret = reply.readInt32();
936 if (err < 0) {
937 ALOGD("reset_uid() caught exception %d\n", err);
938 return -1;
939 }
940 return ret;
941
942 }
943
944 virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid)
945 {
946 Parcel data, reply;
947 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
948 data.writeInt32(sourceUid);
949 data.writeInt32(targetUid);
950 status_t status = remote()->transact(BnKeystoreService::SYNC_UID, data, &reply);
951 if (status != NO_ERROR) {
952 ALOGD("sync_uid() could not contact remote: %d\n", status);
953 return -1;
954 }
955 int32_t err = reply.readExceptionCode();
956 int32_t ret = reply.readInt32();
957 if (err < 0) {
958 ALOGD("sync_uid() caught exception %d\n", err);
959 return -1;
960 }
961 return ret;
962 }
963
964 virtual int32_t password_uid(const String16& password, int32_t uid)
965 {
966 Parcel data, reply;
967 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
968 data.writeString16(password);
969 data.writeInt32(uid);
970 status_t status = remote()->transact(BnKeystoreService::PASSWORD_UID, data, &reply);
971 if (status != NO_ERROR) {
972 ALOGD("password_uid() could not contact remote: %d\n", status);
973 return -1;
974 }
975 int32_t err = reply.readExceptionCode();
976 int32_t ret = reply.readInt32();
977 if (err < 0) {
978 ALOGD("password_uid() caught exception %d\n", err);
979 return -1;
980 }
981 return ret;
982 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]983 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength)
984 {
985 Parcel data, reply;
986 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]987 data.writeByteArray(bufLength, buf);
988 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
989 if (status != NO_ERROR) {
990 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
991 return -1;
992 }
993 int32_t err = reply.readExceptionCode();
994 int32_t ret = reply.readInt32();
995 if (err < 0) {
996 ALOGD("addRngEntropy() caught exception %d\n", err);
997 return -1;
998 }
999 return ret;
1000 };
1001
1002 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1003 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
1004 KeyCharacteristics* outCharacteristics)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1005 {
1006 Parcel data, reply;
1007 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1008 data.writeString16(name);
1009 data.writeInt32(1);
1010 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1011 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1012 data.writeInt32(uid);
1013 data.writeInt32(flags);
1014 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
1015 if (status != NO_ERROR) {
1016 ALOGD("generateKey() could not contact remote: %d\n", status);
1017 return KM_ERROR_UNKNOWN_ERROR;
1018 }
1019 int32_t err = reply.readExceptionCode();
1020 int32_t ret = reply.readInt32();
1021 if (err < 0) {
1022 ALOGD("generateKey() caught exception %d\n", err);
1023 return KM_ERROR_UNKNOWN_ERROR;
1024 }
1025 if (reply.readInt32() != 0 && outCharacteristics) {
1026 outCharacteristics->readFromParcel(reply);
1027 }
1028 return ret;
1029 }
1030 virtual int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1031 const keymaster_blob_t* clientId,
1032 const keymaster_blob_t* appData,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1033 KeyCharacteristics* outCharacteristics)
1034 {
1035 Parcel data, reply;
1036 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1037 data.writeString16(name);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1038 if (clientId) {
1039 data.writeByteArray(clientId->data_length, clientId->data);
1040 } else {
1041 data.writeInt32(-1);
1042 }
1043 if (appData) {
1044 data.writeByteArray(appData->data_length, appData->data);
1045 } else {
1046 data.writeInt32(-1);
1047 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1048 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS,
1049 data, &reply);
1050 if (status != NO_ERROR) {
1051 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
1052 return KM_ERROR_UNKNOWN_ERROR;
1053 }
1054 int32_t err = reply.readExceptionCode();
1055 int32_t ret = reply.readInt32();
1056 if (err < 0) {
1057 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
1058 return KM_ERROR_UNKNOWN_ERROR;
1059 }
1060 if (reply.readInt32() != 0 && outCharacteristics) {
1061 outCharacteristics->readFromParcel(reply);
1062 }
1063 return ret;
1064 }
1065 virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
1066 keymaster_key_format_t format, const uint8_t *keyData,
1067 size_t keyLength, int uid, int flags,
1068 KeyCharacteristics* outCharacteristics)
1069 {
1070 Parcel data, reply;
1071 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1072 data.writeString16(name);
1073 data.writeInt32(1);
1074 params.writeToParcel(&data);
1075 data.writeInt32(format);
1076 data.writeByteArray(keyLength, keyData);
1077 data.writeInt32(uid);
1078 data.writeInt32(flags);
1079 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
1080 if (status != NO_ERROR) {
1081 ALOGD("importKey() could not contact remote: %d\n", status);
1082 return KM_ERROR_UNKNOWN_ERROR;
1083 }
1084 int32_t err = reply.readExceptionCode();
1085 int32_t ret = reply.readInt32();
1086 if (err < 0) {
1087 ALOGD("importKey() caught exception %d\n", err);
1088 return KM_ERROR_UNKNOWN_ERROR;
1089 }
1090 if (reply.readInt32() != 0 && outCharacteristics) {
1091 outCharacteristics->readFromParcel(reply);
1092 }
1093 return ret;
1094 }
1095
1096 virtual void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1097 const keymaster_blob_t* clientId,
1098 const keymaster_blob_t* appData, ExportResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1099 {
1100 if (!result) {
1101 return;
1102 }
1103
1104 Parcel data, reply;
1105 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1106 data.writeString16(name);
1107 data.writeInt32(format);
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1108 if (clientId) {
1109 data.writeByteArray(clientId->data_length, clientId->data);
1110 } else {
1111 data.writeInt32(-1);
1112 }
1113 if (appData) {
1114 data.writeByteArray(appData->data_length, appData->data);
1115 } else {
1116 data.writeInt32(-1);
1117 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1118 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
1119 if (status != NO_ERROR) {
1120 ALOGD("exportKey() could not contact remote: %d\n", status);
1121 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1122 return;
1123 }
1124 int32_t err = reply.readExceptionCode();
1125 if (err < 0) {
1126 ALOGD("exportKey() caught exception %d\n", err);
1127 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1128 return;
1129 }
1130 if (reply.readInt32() != 0) {
1131 result->readFromParcel(reply);
1132 }
1133 }
1134
1135 virtual void begin(const sp<IBinder>& appToken, const String16& name,
1136 keymaster_purpose_t purpose, bool pruneable,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1137 const KeymasterArguments& params, const uint8_t* entropy,
1138 size_t entropyLength, KeymasterArguments* outParams,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1139 OperationResult* result)
1140 {
1141 if (!result || !outParams) {
1142 return;
1143 }
1144 Parcel data, reply;
1145 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1146 data.writeStrongBinder(appToken);
1147 data.writeString16(name);
1148 data.writeInt32(purpose);
1149 data.writeInt32(pruneable ? 1 : 0);
1150 data.writeInt32(1);
1151 params.writeToParcel(&data);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1152 data.writeByteArray(entropyLength, entropy);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1153 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
1154 if (status != NO_ERROR) {
1155 ALOGD("begin() could not contact remote: %d\n", status);
1156 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1157 return;
1158 }
1159 int32_t err = reply.readExceptionCode();
1160 if (err < 0) {
1161 ALOGD("begin() caught exception %d\n", err);
1162 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1163 return;
1164 }
1165 if (reply.readInt32() != 0) {
1166 result->readFromParcel(reply);
1167 }
1168 if (reply.readInt32() != 0) {
1169 outParams->readFromParcel(reply);
1170 }
1171 }
1172
1173 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1174 const uint8_t* opData, size_t dataLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1175 {
1176 if (!result) {
1177 return;
1178 }
1179 Parcel data, reply;
1180 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1181 data.writeStrongBinder(token);
1182 data.writeInt32(1);
1183 params.writeToParcel(&data);
1184 data.writeByteArray(dataLength, opData);
1185 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
1186 if (status != NO_ERROR) {
1187 ALOGD("update() could not contact remote: %d\n", status);
1188 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1189 return;
1190 }
1191 int32_t err = reply.readExceptionCode();
1192 if (err < 0) {
1193 ALOGD("update() caught exception %d\n", err);
1194 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1195 return;
1196 }
1197 if (reply.readInt32() != 0) {
1198 result->readFromParcel(reply);
1199 }
1200 }
1201
1202 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1203 const uint8_t* signature, size_t signatureLength, OperationResult* result)
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1204 {
1205 if (!result) {
1206 return;
1207 }
1208 Parcel data, reply;
1209 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1210 data.writeStrongBinder(token);
1211 data.writeInt32(1);
1212 params.writeToParcel(&data);
1213 data.writeByteArray(signatureLength, signature);
1214 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
1215 if (status != NO_ERROR) {
1216 ALOGD("finish() could not contact remote: %d\n", status);
1217 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1218 return;
1219 }
1220 int32_t err = reply.readExceptionCode();
1221 if (err < 0) {
1222 ALOGD("finish() caught exception %d\n", err);
1223 result->resultCode = KM_ERROR_UNKNOWN_ERROR;
1224 return;
1225 }
1226 if (reply.readInt32() != 0) {
1227 result->readFromParcel(reply);
1228 }
1229 }
1230
1231 virtual int32_t abort(const sp<IBinder>& token)
1232 {
1233 Parcel data, reply;
1234 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1235 data.writeStrongBinder(token);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1236 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1237 if (status != NO_ERROR) {
1238 ALOGD("abort() could not contact remote: %d\n", status);
1239 return KM_ERROR_UNKNOWN_ERROR;
1240 }
1241 int32_t err = reply.readExceptionCode();
1242 int32_t ret = reply.readInt32();
1243 if (err < 0) {
1244 ALOGD("abort() caught exception %d\n", err);
1245 return KM_ERROR_UNKNOWN_ERROR;
1246 }
1247 return ret;
1248 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1249
1250 virtual bool isOperationAuthorized(const sp<IBinder>& token)
1251 {
1252 Parcel data, reply;
1253 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1254 data.writeStrongBinder(token);
1255 status_t status = remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data,
1256 &reply);
1257 if (status != NO_ERROR) {
1258 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
1259 return false;
1260 }
1261 int32_t err = reply.readExceptionCode();
1262 int32_t ret = reply.readInt32();
1263 if (err < 0) {
1264 ALOGD("isOperationAuthorized() caught exception %d\n", err);
1265 return false;
1266 }
1267 return ret == 1;
1268 }
1269
1270 virtual int32_t addAuthToken(const uint8_t* token, size_t length)
1271 {
1272 Parcel data, reply;
1273 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
1274 data.writeByteArray(length, token);
1275 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
1276 if (status != NO_ERROR) {
1277 ALOGD("addAuthToken() could not contact remote: %d\n", status);
1278 return -1;
1279 }
1280 int32_t err = reply.readExceptionCode();
1281 int32_t ret = reply.readInt32();
1282 if (err < 0) {
1283 ALOGD("addAuthToken() caught exception %d\n", err);
1284 return -1;
1285 }
1286 return ret;
1287 };
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1288};
1289
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1290IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1291
1292// ----------------------------------------------------------------------
1293
1294status_t BnKeystoreService::onTransact(
1295 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
1296{
1297 switch(code) {
1298 case TEST: {
1299 CHECK_INTERFACE(IKeystoreService, data, reply);
1300 int32_t ret = test();
1301 reply->writeNoException();
1302 reply->writeInt32(ret);
1303 return NO_ERROR;
1304 } break;
1305 case GET: {
1306 CHECK_INTERFACE(IKeystoreService, data, reply);
1307 String16 name = data.readString16();
1308 void* out = NULL;
1309 size_t outSize = 0;
1310 int32_t ret = get(name, (uint8_t**) &out, &outSize);
1311 reply->writeNoException();
1312 if (ret == 1) {
1313 reply->writeInt32(outSize);
1314 void* buf = reply->writeInplace(outSize);
1315 memcpy(buf, out, outSize);
1316 free(out);
1317 } else {
1318 reply->writeInt32(-1);
1319 }
1320 return NO_ERROR;
1321 } break;
1322 case INSERT: {
1323 CHECK_INTERFACE(IKeystoreService, data, reply);
1324 String16 name = data.readString16();
1325 ssize_t inSize = data.readInt32();
1326 const void* in;
1327 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1328 in = data.readInplace(inSize);
1329 } else {
1330 in = NULL;
1331 inSize = 0;
1332 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1333 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1334 int32_t flags = data.readInt32();
1335 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1336 reply->writeNoException();
1337 reply->writeInt32(ret);
1338 return NO_ERROR;
1339 } break;
1340 case DEL: {
1341 CHECK_INTERFACE(IKeystoreService, data, reply);
1342 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1343 int uid = data.readInt32();
1344 int32_t ret = del(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1345 reply->writeNoException();
1346 reply->writeInt32(ret);
1347 return NO_ERROR;
1348 } break;
1349 case EXIST: {
1350 CHECK_INTERFACE(IKeystoreService, data, reply);
1351 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1352 int uid = data.readInt32();
1353 int32_t ret = exist(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1354 reply->writeNoException();
1355 reply->writeInt32(ret);
1356 return NO_ERROR;
1357 } break;
1358 case SAW: {
1359 CHECK_INTERFACE(IKeystoreService, data, reply);
1360 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1361 int uid = data.readInt32();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1362 Vector<String16> matches;
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1363 int32_t ret = saw(name, uid, &matches);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1364 reply->writeNoException();
1365 reply->writeInt32(matches.size());
1366 Vector<String16>::const_iterator it = matches.begin();
1367 for (; it != matches.end(); ++it) {
1368 reply->writeString16(*it);
1369 }
1370 reply->writeInt32(ret);
1371 return NO_ERROR;
1372 } break;
1373 case RESET: {
1374 CHECK_INTERFACE(IKeystoreService, data, reply);
1375 int32_t ret = reset();
1376 reply->writeNoException();
1377 reply->writeInt32(ret);
1378 return NO_ERROR;
1379 } break;
1380 case PASSWORD: {
1381 CHECK_INTERFACE(IKeystoreService, data, reply);
1382 String16 pass = data.readString16();
1383 int32_t ret = password(pass);
1384 reply->writeNoException();
1385 reply->writeInt32(ret);
1386 return NO_ERROR;
1387 } break;
1388 case LOCK: {
1389 CHECK_INTERFACE(IKeystoreService, data, reply);
1390 int32_t ret = lock();
1391 reply->writeNoException();
1392 reply->writeInt32(ret);
1393 return NO_ERROR;
1394 } break;
1395 case UNLOCK: {
1396 CHECK_INTERFACE(IKeystoreService, data, reply);
1397 String16 pass = data.readString16();
1398 int32_t ret = unlock(pass);
1399 reply->writeNoException();
1400 reply->writeInt32(ret);
1401 return NO_ERROR;
1402 } break;
1403 case ZERO: {
1404 CHECK_INTERFACE(IKeystoreService, data, reply);
1405 int32_t ret = zero();
1406 reply->writeNoException();
1407 reply->writeInt32(ret);
1408 return NO_ERROR;
1409 } break;
1410 case GENERATE: {
1411 CHECK_INTERFACE(IKeystoreService, data, reply);
1412 String16 name = data.readString16();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1413 int32_t uid = data.readInt32();
1414 int32_t keyType = data.readInt32();
1415 int32_t keySize = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1416 int32_t flags = data.readInt32();
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1417 Vector<sp<KeystoreArg> > args;
Chad Brubaker468fc692015-01-13 17:33:14 -0800[diff] [blame]1418 int32_t argsPresent = data.readInt32();
1419 if (argsPresent == 1) {
1420 ssize_t numArgs = data.readInt32();
1421 if (numArgs > 0) {
1422 for (size_t i = 0; i < (size_t) numArgs; i++) {
1423 ssize_t inSize = data.readInt32();
1424 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1425 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize),
1426 inSize);
1427 args.push_back(arg);
1428 } else {
1429 args.push_back(NULL);
1430 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1431 }
1432 }
1433 }
1434 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1435 reply->writeNoException();
1436 reply->writeInt32(ret);
1437 return NO_ERROR;
1438 } break;
1439 case IMPORT: {
1440 CHECK_INTERFACE(IKeystoreService, data, reply);
1441 String16 name = data.readString16();
1442 ssize_t inSize = data.readInt32();
1443 const void* in;
1444 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1445 in = data.readInplace(inSize);
1446 } else {
1447 in = NULL;
1448 inSize = 0;
1449 }
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1450 int uid = data.readInt32();
Kenny Root0c540aa2013-04-03 09:22:15 -0700[diff] [blame]1451 int32_t flags = data.readInt32();
1452 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1453 reply->writeNoException();
1454 reply->writeInt32(ret);
1455 return NO_ERROR;
1456 } break;
1457 case SIGN: {
1458 CHECK_INTERFACE(IKeystoreService, data, reply);
1459 String16 name = data.readString16();
1460 ssize_t inSize = data.readInt32();
1461 const void* in;
1462 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1463 in = data.readInplace(inSize);
1464 } else {
1465 in = NULL;
1466 inSize = 0;
1467 }
1468 void* out = NULL;
1469 size_t outSize = 0;
1470 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
1471 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1472 if (outSize > 0 && out != NULL) {
1473 reply->writeInt32(outSize);
1474 void* buf = reply->writeInplace(outSize);
1475 memcpy(buf, out, outSize);
1476 free(out);
1477 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1478 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1479 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1480 reply->writeInt32(ret);
1481 return NO_ERROR;
1482 } break;
1483 case VERIFY: {
1484 CHECK_INTERFACE(IKeystoreService, data, reply);
1485 String16 name = data.readString16();
1486 ssize_t inSize = data.readInt32();
1487 const void* in;
1488 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
1489 in = data.readInplace(inSize);
1490 } else {
1491 in = NULL;
1492 inSize = 0;
1493 }
1494 ssize_t sigSize = data.readInt32();
1495 const void* sig;
1496 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
1497 sig = data.readInplace(sigSize);
1498 } else {
1499 sig = NULL;
1500 sigSize = 0;
1501 }
1502 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
1503 (size_t) sigSize);
1504 reply->writeNoException();
1505 reply->writeInt32(ret ? 1 : 0);
1506 return NO_ERROR;
1507 } break;
1508 case GET_PUBKEY: {
1509 CHECK_INTERFACE(IKeystoreService, data, reply);
1510 String16 name = data.readString16();
1511 void* out = NULL;
1512 size_t outSize = 0;
1513 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
1514 reply->writeNoException();
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1515 if (outSize > 0 && out != NULL) {
1516 reply->writeInt32(outSize);
1517 void* buf = reply->writeInplace(outSize);
1518 memcpy(buf, out, outSize);
1519 free(out);
1520 } else {
Kenny Roote289c402013-02-14 11:31:53 -0800[diff] [blame]1521 reply->writeInt32(-1);
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1522 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1523 reply->writeInt32(ret);
1524 return NO_ERROR;
Kenny Rootb03c9fb2013-02-04 16:42:51 -0800[diff] [blame]1525 } break;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1526 case DEL_KEY: {
1527 CHECK_INTERFACE(IKeystoreService, data, reply);
1528 String16 name = data.readString16();
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1529 int uid = data.readInt32();
1530 int32_t ret = del_key(name, uid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1531 reply->writeNoException();
1532 reply->writeInt32(ret);
1533 return NO_ERROR;
1534 } break;
1535 case GRANT: {
1536 CHECK_INTERFACE(IKeystoreService, data, reply);
1537 String16 name = data.readString16();
1538 int32_t granteeUid = data.readInt32();
1539 int32_t ret = grant(name, granteeUid);
1540 reply->writeNoException();
1541 reply->writeInt32(ret);
1542 return NO_ERROR;
1543 } break;
1544 case UNGRANT: {
1545 CHECK_INTERFACE(IKeystoreService, data, reply);
1546 String16 name = data.readString16();
1547 int32_t granteeUid = data.readInt32();
1548 int32_t ret = ungrant(name, granteeUid);
1549 reply->writeNoException();
1550 reply->writeInt32(ret);
1551 return NO_ERROR;
1552 } break;
1553 case GETMTIME: {
1554 CHECK_INTERFACE(IKeystoreService, data, reply);
1555 String16 name = data.readString16();
1556 int64_t ret = getmtime(name);
1557 reply->writeNoException();
1558 reply->writeInt64(ret);
1559 return NO_ERROR;
1560 } break;
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1561 case DUPLICATE: {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1562 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1563 String16 srcKey = data.readString16();
1564 int32_t srcUid = data.readInt32();
1565 String16 destKey = data.readString16();
1566 int32_t destUid = data.readInt32();
1567 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]1568 reply->writeNoException();
1569 reply->writeInt32(ret);
1570 return NO_ERROR;
1571 } break;
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1572 case IS_HARDWARE_BACKED: {
1573 CHECK_INTERFACE(IKeystoreService, data, reply);
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1574 String16 keyType = data.readString16();
1575 int32_t ret = is_hardware_backed(keyType);
Kenny Root43061232013-03-29 11:15:50 -0700[diff] [blame]1576 reply->writeNoException();
1577 reply->writeInt32(ret);
1578 return NO_ERROR;
1579 }
Kenny Root2ecc7a12013-04-01 16:29:11 -0700[diff] [blame]1580 case CLEAR_UID: {
1581 CHECK_INTERFACE(IKeystoreService, data, reply);
1582 int64_t uid = data.readInt64();
1583 int32_t ret = clear_uid(uid);
1584 reply->writeNoException();
1585 reply->writeInt32(ret);
1586 return NO_ERROR;
1587 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]1588 case RESET_UID: {
1589 CHECK_INTERFACE(IKeystoreService, data, reply);
1590 int32_t uid = data.readInt32();
1591 int32_t ret = reset_uid(uid);
1592 reply->writeNoException();
1593 reply->writeInt32(ret);
1594 return NO_ERROR;
1595 }
1596 case SYNC_UID: {
1597 CHECK_INTERFACE(IKeystoreService, data, reply);
1598 int32_t sourceUid = data.readInt32();
1599 int32_t targetUid = data.readInt32();
1600 int32_t ret = sync_uid(sourceUid, targetUid);
1601 reply->writeNoException();
1602 reply->writeInt32(ret);
1603 return NO_ERROR;
1604 }
1605 case PASSWORD_UID: {
1606 CHECK_INTERFACE(IKeystoreService, data, reply);
1607 String16 password = data.readString16();
1608 int32_t uid = data.readInt32();
1609 int32_t ret = password_uid(password, uid);
1610 reply->writeNoException();
1611 reply->writeInt32(ret);
1612 return NO_ERROR;
1613 }
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1614 case ADD_RNG_ENTROPY: {
1615 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1616 const uint8_t* bytes = NULL;
1617 size_t size = 0;
1618 readByteArray(data, &bytes, &size);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1619 int32_t ret = addRngEntropy(bytes, size);
1620 reply->writeNoException();
1621 reply->writeInt32(ret);
1622 return NO_ERROR;
1623 }
1624 case GENERATE_KEY: {
1625 CHECK_INTERFACE(IKeystoreService, data, reply);
1626 String16 name = data.readString16();
1627 KeymasterArguments args;
1628 if (data.readInt32() != 0) {
1629 args.readFromParcel(data);
1630 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1631 const uint8_t* entropy = NULL;
1632 size_t entropyLength = 0;
1633 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1634 int32_t uid = data.readInt32();
1635 int32_t flags = data.readInt32();
1636 KeyCharacteristics outCharacteristics;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1637 int32_t ret = generateKey(name, args, entropy, entropyLength, uid, flags,
1638 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1639 reply->writeNoException();
1640 reply->writeInt32(ret);
1641 reply->writeInt32(1);
1642 outCharacteristics.writeToParcel(reply);
1643 return NO_ERROR;
1644 }
1645 case GET_KEY_CHARACTERISTICS: {
1646 CHECK_INTERFACE(IKeystoreService, data, reply);
1647 String16 name = data.readString16();
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1648 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1649 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1650 KeyCharacteristics outCharacteristics;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1651 int ret = getKeyCharacteristics(name, clientId.get(), appData.get(),
1652 &outCharacteristics);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1653 reply->writeNoException();
1654 reply->writeInt32(ret);
1655 reply->writeInt32(1);
1656 outCharacteristics.writeToParcel(reply);
1657 return NO_ERROR;
1658 }
1659 case IMPORT_KEY: {
1660 CHECK_INTERFACE(IKeystoreService, data, reply);
1661 String16 name = data.readString16();
1662 KeymasterArguments args;
1663 if (data.readInt32() != 0) {
1664 args.readFromParcel(data);
1665 }
1666 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1667 const uint8_t* keyData = NULL;
1668 size_t keyLength = 0;
1669 readByteArray(data, &keyData, &keyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1670 int32_t uid = data.readInt32();
1671 int32_t flags = data.readInt32();
1672 KeyCharacteristics outCharacteristics;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1673 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags,
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1674 &outCharacteristics);
1675 reply->writeNoException();
1676 reply->writeInt32(ret);
1677 reply->writeInt32(1);
1678 outCharacteristics.writeToParcel(reply);
1679
1680 return NO_ERROR;
1681 }
1682 case EXPORT_KEY: {
1683 CHECK_INTERFACE(IKeystoreService, data, reply);
1684 String16 name = data.readString16();
1685 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32());
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1686 std::unique_ptr<keymaster_blob_t> clientId = readKeymasterBlob(data);
1687 std::unique_ptr<keymaster_blob_t> appData = readKeymasterBlob(data);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1688 ExportResult result;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]1689 exportKey(name, format, clientId.get(), appData.get(), &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1690 reply->writeNoException();
1691 reply->writeInt32(1);
1692 result.writeToParcel(reply);
1693
1694 return NO_ERROR;
1695 }
1696 case BEGIN: {
1697 CHECK_INTERFACE(IKeystoreService, data, reply);
1698 sp<IBinder> token = data.readStrongBinder();
1699 String16 name = data.readString16();
1700 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32());
1701 bool pruneable = data.readInt32() != 0;
1702 KeymasterArguments args;
1703 if (data.readInt32() != 0) {
1704 args.readFromParcel(data);
1705 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1706 const uint8_t* entropy = NULL;
1707 size_t entropyLength = 0;
1708 readByteArray(data, &entropy, &entropyLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1709 KeymasterArguments outArgs;
1710 OperationResult result;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]1711 begin(token, name, purpose, pruneable, args, entropy, entropyLength, &outArgs,
1712 &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1713 reply->writeNoException();
1714 reply->writeInt32(1);
1715 result.writeToParcel(reply);
1716 reply->writeInt32(1);
1717 outArgs.writeToParcel(reply);
1718
1719 return NO_ERROR;
1720 }
1721 case UPDATE: {
1722 CHECK_INTERFACE(IKeystoreService, data, reply);
1723 sp<IBinder> token = data.readStrongBinder();
1724 KeymasterArguments args;
1725 if (data.readInt32() != 0) {
1726 args.readFromParcel(data);
1727 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1728 const uint8_t* buf = NULL;
1729 size_t bufLength = 0;
1730 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1731 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1732 update(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1733 reply->writeNoException();
1734 reply->writeInt32(1);
1735 result.writeToParcel(reply);
1736
1737 return NO_ERROR;
1738 }
1739 case FINISH: {
1740 CHECK_INTERFACE(IKeystoreService, data, reply);
1741 sp<IBinder> token = data.readStrongBinder();
1742 KeymasterArguments args;
1743 if (data.readInt32() != 0) {
1744 args.readFromParcel(data);
1745 }
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1746 const uint8_t* buf = NULL;
1747 size_t bufLength = 0;
1748 readByteArray(data, &buf, &bufLength);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1749 OperationResult result;
Chad Brubaker6432df72015-03-20 16:23:04 -0700[diff] [blame]1750 finish(token, args, buf, bufLength, &result);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]1751 reply->writeNoException();
1752 reply->writeInt32(1);
1753 result.writeToParcel(reply);
1754
1755 return NO_ERROR;
1756 }
1757 case ABORT: {
1758 CHECK_INTERFACE(IKeystoreService, data, reply);
1759 sp<IBinder> token = data.readStrongBinder();
1760 int32_t result = abort(token);
1761 reply->writeNoException();
1762 reply->writeInt32(result);
1763
1764 return NO_ERROR;
1765 }
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1766 case IS_OPERATION_AUTHORIZED: {
1767 CHECK_INTERFACE(IKeystoreService, data, reply);
1768 sp<IBinder> token = data.readStrongBinder();
1769 bool result = isOperationAuthorized(token);
1770 reply->writeNoException();
1771 reply->writeInt32(result ? 1 : 0);
1772
1773 return NO_ERROR;
1774 }
1775 case ADD_AUTH_TOKEN: {
1776 CHECK_INTERFACE(IKeystoreService, data, reply);
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]1777 const uint8_t* token_bytes = NULL;
1778 size_t size = 0;
1779 readByteArray(data, &token_bytes, &size);
1780 int32_t result = addAuthToken(token_bytes, size);
1781 reply->writeNoException();
1782 reply->writeInt32(result);
1783
1784 return NO_ERROR;
1785 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1786 default:
1787 return BBinder::onTransact(code, data, reply, flags);
1788 }
1789}
1790
1791// ----------------------------------------------------------------------------
1792
1793}; // namespace android