IKeystoreService.cpp revision 6432df7173778954f3e2dfe7d495ab5daa6983ab
1/* 2** 3** Copyright 2008, The Android Open Source Project 4** 5** Licensed under the Apache License, Version 2.0 (the "License"); 6** you may not use this file except in compliance with the License. 7** You may obtain a copy of the License at 8** 9** http://www.apache.org/licenses/LICENSE-2.0 10** 11** Unless required by applicable law or agreed to in writing, software 12** distributed under the License is distributed on an "AS IS" BASIS, 13** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14** See the License for the specific language governing permissions and 15** limitations under the License. 16*/ 17 18#include <stdint.h> 19#include <sys/limits.h> 20#include <sys/types.h> 21 22#define LOG_TAG "KeystoreService" 23#include <utils/Log.h> 24 25#include <binder/Parcel.h> 26#include <binder/IPCThreadState.h> 27#include <binder/IServiceManager.h> 28 29#include <keystore/IKeystoreService.h> 30 31namespace android { 32 33static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length); 34 35KeystoreArg::KeystoreArg(const void* data, size_t len) 36 : mData(data), mSize(len) { 37} 38 39KeystoreArg::~KeystoreArg() { 40} 41 42const void *KeystoreArg::data() const { 43 return mData; 44} 45 46size_t KeystoreArg::size() const { 47 return mSize; 48} 49 50OperationResult::OperationResult() : resultCode(0), token(), inputConsumed(0), 51 data(NULL), dataLength(0) { 52} 53 54OperationResult::~OperationResult() { 55} 56 57void OperationResult::readFromParcel(const Parcel& in) { 58 resultCode = in.readInt32(); 59 token = in.readStrongBinder(); 60 inputConsumed = in.readInt32(); 61 ssize_t length = in.readInt32(); 62 dataLength = 0; 63 if (length > 0) { 64 const void* buf = in.readInplace(length); 65 if (buf) { 66 data.reset(reinterpret_cast<uint8_t*>(malloc(length))); 67 if (data.get()) { 68 memcpy(data.get(), buf, length); 69 dataLength = (size_t) length; 70 } else { 71 ALOGE("Failed to allocate OperationResult buffer"); 72 } 73 } else { 74 ALOGE("Failed to readInplace OperationResult data"); 75 } 76 } 77} 78 79void OperationResult::writeToParcel(Parcel* out) const { 80 out->writeInt32(resultCode); 81 out->writeStrongBinder(token); 82 out->writeInt32(inputConsumed); 83 out->writeInt32(dataLength); 84 if (dataLength && data) { 85 void* buf = out->writeInplace(dataLength); 86 if (buf) { 87 memcpy(buf, data.get(), dataLength); 88 } else { 89 ALOGE("Failed to writeInplace OperationResult data."); 90 } 91 } 92} 93 94ExportResult::ExportResult() : resultCode(0), exportData(NULL), dataLength(0) { 95} 96 97ExportResult::~ExportResult() { 98} 99 100void ExportResult::readFromParcel(const Parcel& in) { 101 resultCode = in.readInt32(); 102 ssize_t length = in.readInt32(); 103 dataLength = 0; 104 if (length > 0) { 105 const void* buf = in.readInplace(length); 106 if (buf) { 107 exportData.reset(reinterpret_cast<uint8_t*>(malloc(length))); 108 if (exportData.get()) { 109 memcpy(exportData.get(), buf, length); 110 dataLength = (size_t) length; 111 } else { 112 ALOGE("Failed to allocate ExportData buffer"); 113 } 114 } else { 115 ALOGE("Failed to readInplace ExportData data"); 116 } 117 } 118} 119 120void ExportResult::writeToParcel(Parcel* out) const { 121 out->writeInt32(resultCode); 122 out->writeInt32(dataLength); 123 if (exportData && dataLength) { 124 void* buf = out->writeInplace(dataLength); 125 if (buf) { 126 memcpy(buf, exportData.get(), dataLength); 127 } else { 128 ALOGE("Failed to writeInplace ExportResult data."); 129 } 130 } 131} 132 133KeymasterArguments::KeymasterArguments() { 134} 135 136KeymasterArguments::~KeymasterArguments() { 137 keymaster_free_param_values(params.data(), params.size()); 138} 139 140void KeymasterArguments::readFromParcel(const Parcel& in) { 141 ssize_t length = in.readInt32(); 142 size_t ulength = (size_t) length; 143 if (length < 0) { 144 ulength = 0; 145 } 146 keymaster_free_param_values(params.data(), params.size()); 147 params.clear(); 148 for(size_t i = 0; i < ulength; i++) { 149 keymaster_key_param_t param; 150 if (!readKeymasterArgumentFromParcel(in, ¶m)) { 151 ALOGE("Error reading keymaster argument from parcel"); 152 break; 153 } 154 params.push_back(param); 155 } 156} 157 158void KeymasterArguments::writeToParcel(Parcel* out) const { 159 out->writeInt32(params.size()); 160 for (auto param : params) { 161 out->writeInt32(1); 162 writeKeymasterArgumentToParcel(param, out); 163 } 164} 165 166KeyCharacteristics::KeyCharacteristics() { 167 memset((void*) &characteristics, 0, sizeof(characteristics)); 168} 169 170KeyCharacteristics::~KeyCharacteristics() { 171 keymaster_free_characteristics(&characteristics); 172} 173 174void KeyCharacteristics::readFromParcel(const Parcel& in) { 175 size_t length = 0; 176 keymaster_key_param_t* params = readParamList(in, &length); 177 characteristics.sw_enforced.params = params; 178 characteristics.sw_enforced.length = length; 179 180 params = readParamList(in, &length); 181 characteristics.hw_enforced.params = params; 182 characteristics.hw_enforced.length = length; 183} 184 185void KeyCharacteristics::writeToParcel(Parcel* out) const { 186 if (characteristics.sw_enforced.params) { 187 out->writeInt32(characteristics.sw_enforced.length); 188 for (size_t i = 0; i < characteristics.sw_enforced.length; i++) { 189 out->writeInt32(1); 190 writeKeymasterArgumentToParcel(characteristics.sw_enforced.params[i], out); 191 } 192 } else { 193 out->writeInt32(0); 194 } 195 if (characteristics.hw_enforced.params) { 196 out->writeInt32(characteristics.hw_enforced.length); 197 for (size_t i = 0; i < characteristics.hw_enforced.length; i++) { 198 out->writeInt32(1); 199 writeKeymasterArgumentToParcel(characteristics.hw_enforced.params[i], out); 200 } 201 } else { 202 out->writeInt32(0); 203 } 204} 205 206void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out) { 207 switch (keymaster_tag_get_type(param.tag)) { 208 case KM_ENUM: 209 case KM_ENUM_REP: { 210 out->writeInt32(param.tag); 211 out->writeInt32(param.enumerated); 212 break; 213 } 214 case KM_INT: 215 case KM_INT_REP: { 216 out->writeInt32(param.tag); 217 out->writeInt32(param.integer); 218 break; 219 } 220 case KM_LONG: { 221 out->writeInt32(param.tag); 222 out->writeInt64(param.long_integer); 223 break; 224 } 225 case KM_DATE: { 226 out->writeInt32(param.tag); 227 out->writeInt64(param.date_time); 228 break; 229 } 230 case KM_BOOL: { 231 out->writeInt32(param.tag); 232 break; 233 } 234 case KM_BIGNUM: 235 case KM_BYTES: { 236 out->writeInt32(param.tag); 237 out->writeInt32(param.blob.data_length); 238 void* buf = out->writeInplace(param.blob.data_length); 239 if (buf) { 240 memcpy(buf, param.blob.data, param.blob.data_length); 241 } else { 242 ALOGE("Failed to writeInplace keymaster blob param"); 243 } 244 break; 245 } 246 default: { 247 ALOGE("Failed to write argument: Unsupported keymaster_tag_t %d", param.tag); 248 } 249 } 250} 251 252 253bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out) { 254 if (in.readInt32() == 0) { 255 return false; 256 } 257 keymaster_tag_t tag = static_cast<keymaster_tag_t>(in.readInt32()); 258 switch (keymaster_tag_get_type(tag)) { 259 case KM_ENUM: 260 case KM_ENUM_REP: { 261 uint32_t value = in.readInt32(); 262 *out = keymaster_param_enum(tag, value); 263 break; 264 } 265 case KM_INT: 266 case KM_INT_REP: { 267 uint32_t value = in.readInt32(); 268 *out = keymaster_param_int(tag, value); 269 break; 270 } 271 case KM_LONG: { 272 uint64_t value = in.readInt64(); 273 *out = keymaster_param_long(tag, value); 274 break; 275 } 276 case KM_DATE: { 277 uint64_t value = in.readInt64(); 278 *out = keymaster_param_date(tag, value); 279 break; 280 } 281 case KM_BOOL: { 282 *out = keymaster_param_bool(tag); 283 break; 284 } 285 case KM_BIGNUM: 286 case KM_BYTES: { 287 ssize_t length = in.readInt32(); 288 uint8_t* data = NULL; 289 size_t ulength = 0; 290 if (length >= 0) { 291 ulength = (size_t) length; 292 // use malloc here so we can use keymaster_free_param_values 293 // consistently. 294 data = reinterpret_cast<uint8_t*>(malloc(ulength)); 295 const void* buf = in.readInplace(ulength); 296 if (!buf || !data) { 297 ALOGE("Failed to allocate buffer for keymaster blob param"); 298 return false; 299 } 300 memcpy(data, buf, ulength); 301 } 302 *out = keymaster_param_blob(tag, data, ulength); 303 break; 304 } 305 default: { 306 ALOGE("Unsupported keymaster_tag_t %d", tag); 307 return false; 308 } 309 } 310 return true; 311} 312 313/** 314 * Read a byte array from in. The data at *data is still owned by the parcel 315 */ 316static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) { 317 ssize_t slength = in.readInt32(); 318 if (slength > 0) { 319 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength)); 320 if (*data) { 321 *length = static_cast<size_t>(slength); 322 } else { 323 *length = 0; 324 } 325 } else { 326 *data = NULL; 327 *length = 0; 328 } 329} 330 331// Read a keymaster_key_param_t* from a Parcel for use in a 332// keymaster_key_characteristics_t. This will be free'd by calling 333// keymaster_free_key_characteristics. 334static keymaster_key_param_t* readParamList(const Parcel& in, size_t* length) { 335 ssize_t slength = in.readInt32(); 336 *length = 0; 337 if (slength < 0) { 338 return NULL; 339 } 340 *length = (size_t) slength; 341 if (*length >= UINT_MAX / sizeof(keymaster_key_param_t)) { 342 return NULL; 343 } 344 keymaster_key_param_t* list = 345 reinterpret_cast<keymaster_key_param_t*>(malloc(*length * 346 sizeof(keymaster_key_param_t))); 347 if (!list) { 348 ALOGD("Failed to allocate buffer for generateKey outCharacteristics"); 349 goto err; 350 } 351 for (size_t i = 0; i < *length ; i++) { 352 if (!readKeymasterArgumentFromParcel(in, &list[i])) { 353 ALOGE("Failed to read keymaster argument"); 354 keymaster_free_param_values(list, i); 355 goto err; 356 } 357 } 358 return list; 359err: 360 free(list); 361 return NULL; 362} 363 364static void readKeymasterBlob(const Parcel& in, keymaster_blob_t* blob) { 365 ssize_t length = in.readInt32(); 366 if (length > 0) { 367 blob->data = (uint8_t*) in.readInplace(length); 368 if (blob->data) { 369 blob->data_length = (size_t) length; 370 } else { 371 blob->data_length = 0; 372 } 373 } else { 374 blob->data = NULL; 375 blob->data_length = 0; 376 } 377} 378 379class BpKeystoreService: public BpInterface<IKeystoreService> 380{ 381public: 382 BpKeystoreService(const sp<IBinder>& impl) 383 : BpInterface<IKeystoreService>(impl) 384 { 385 } 386 387 // test ping 388 virtual int32_t test() 389 { 390 Parcel data, reply; 391 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 392 status_t status = remote()->transact(BnKeystoreService::TEST, data, &reply); 393 if (status != NO_ERROR) { 394 ALOGD("test() could not contact remote: %d\n", status); 395 return -1; 396 } 397 int32_t err = reply.readExceptionCode(); 398 int32_t ret = reply.readInt32(); 399 if (err < 0) { 400 ALOGD("test() caught exception %d\n", err); 401 return -1; 402 } 403 return ret; 404 } 405 406 virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength) 407 { 408 Parcel data, reply; 409 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 410 data.writeString16(name); 411 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply); 412 if (status != NO_ERROR) { 413 ALOGD("get() could not contact remote: %d\n", status); 414 return -1; 415 } 416 int32_t err = reply.readExceptionCode(); 417 ssize_t len = reply.readInt32(); 418 if (len >= 0 && (size_t) len <= reply.dataAvail()) { 419 size_t ulen = (size_t) len; 420 const void* buf = reply.readInplace(ulen); 421 *item = (uint8_t*) malloc(ulen); 422 if (*item != NULL) { 423 memcpy(*item, buf, ulen); 424 *itemLength = ulen; 425 } else { 426 ALOGE("out of memory allocating output array in get"); 427 *itemLength = 0; 428 } 429 } else { 430 *itemLength = 0; 431 } 432 if (err < 0) { 433 ALOGD("get() caught exception %d\n", err); 434 return -1; 435 } 436 return 0; 437 } 438 439 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid, 440 int32_t flags) 441 { 442 Parcel data, reply; 443 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 444 data.writeString16(name); 445 data.writeInt32(itemLength); 446 void* buf = data.writeInplace(itemLength); 447 memcpy(buf, item, itemLength); 448 data.writeInt32(uid); 449 data.writeInt32(flags); 450 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply); 451 if (status != NO_ERROR) { 452 ALOGD("import() could not contact remote: %d\n", status); 453 return -1; 454 } 455 int32_t err = reply.readExceptionCode(); 456 int32_t ret = reply.readInt32(); 457 if (err < 0) { 458 ALOGD("import() caught exception %d\n", err); 459 return -1; 460 } 461 return ret; 462 } 463 464 virtual int32_t del(const String16& name, int uid) 465 { 466 Parcel data, reply; 467 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 468 data.writeString16(name); 469 data.writeInt32(uid); 470 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply); 471 if (status != NO_ERROR) { 472 ALOGD("del() could not contact remote: %d\n", status); 473 return -1; 474 } 475 int32_t err = reply.readExceptionCode(); 476 int32_t ret = reply.readInt32(); 477 if (err < 0) { 478 ALOGD("del() caught exception %d\n", err); 479 return -1; 480 } 481 return ret; 482 } 483 484 virtual int32_t exist(const String16& name, int uid) 485 { 486 Parcel data, reply; 487 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 488 data.writeString16(name); 489 data.writeInt32(uid); 490 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply); 491 if (status != NO_ERROR) { 492 ALOGD("exist() could not contact remote: %d\n", status); 493 return -1; 494 } 495 int32_t err = reply.readExceptionCode(); 496 int32_t ret = reply.readInt32(); 497 if (err < 0) { 498 ALOGD("exist() caught exception %d\n", err); 499 return -1; 500 } 501 return ret; 502 } 503 504 virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches) 505 { 506 Parcel data, reply; 507 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 508 data.writeString16(name); 509 data.writeInt32(uid); 510 status_t status = remote()->transact(BnKeystoreService::SAW, data, &reply); 511 if (status != NO_ERROR) { 512 ALOGD("saw() could not contact remote: %d\n", status); 513 return -1; 514 } 515 int32_t err = reply.readExceptionCode(); 516 int32_t numMatches = reply.readInt32(); 517 for (int32_t i = 0; i < numMatches; i++) { 518 matches->push(reply.readString16()); 519 } 520 int32_t ret = reply.readInt32(); 521 if (err < 0) { 522 ALOGD("saw() caught exception %d\n", err); 523 return -1; 524 } 525 return ret; 526 } 527 528 virtual int32_t reset() 529 { 530 Parcel data, reply; 531 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 532 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply); 533 if (status != NO_ERROR) { 534 ALOGD("reset() could not contact remote: %d\n", status); 535 return -1; 536 } 537 int32_t err = reply.readExceptionCode(); 538 int32_t ret = reply.readInt32(); 539 if (err < 0) { 540 ALOGD("reset() caught exception %d\n", err); 541 return -1; 542 } 543 return ret; 544 } 545 546 virtual int32_t password(const String16& password) 547 { 548 Parcel data, reply; 549 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 550 data.writeString16(password); 551 status_t status = remote()->transact(BnKeystoreService::PASSWORD, data, &reply); 552 if (status != NO_ERROR) { 553 ALOGD("password() could not contact remote: %d\n", status); 554 return -1; 555 } 556 int32_t err = reply.readExceptionCode(); 557 int32_t ret = reply.readInt32(); 558 if (err < 0) { 559 ALOGD("password() caught exception %d\n", err); 560 return -1; 561 } 562 return ret; 563 } 564 565 virtual int32_t lock() 566 { 567 Parcel data, reply; 568 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 569 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply); 570 if (status != NO_ERROR) { 571 ALOGD("lock() could not contact remote: %d\n", status); 572 return -1; 573 } 574 int32_t err = reply.readExceptionCode(); 575 int32_t ret = reply.readInt32(); 576 if (err < 0) { 577 ALOGD("lock() caught exception %d\n", err); 578 return -1; 579 } 580 return ret; 581 } 582 583 virtual int32_t unlock(const String16& password) 584 { 585 Parcel data, reply; 586 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 587 data.writeString16(password); 588 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply); 589 if (status != NO_ERROR) { 590 ALOGD("unlock() could not contact remote: %d\n", status); 591 return -1; 592 } 593 int32_t err = reply.readExceptionCode(); 594 int32_t ret = reply.readInt32(); 595 if (err < 0) { 596 ALOGD("unlock() caught exception %d\n", err); 597 return -1; 598 } 599 return ret; 600 } 601 602 virtual int32_t zero() 603 { 604 Parcel data, reply; 605 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 606 status_t status = remote()->transact(BnKeystoreService::ZERO, data, &reply); 607 if (status != NO_ERROR) { 608 ALOGD("zero() could not contact remote: %d\n", status); 609 return -1; 610 } 611 int32_t err = reply.readExceptionCode(); 612 int32_t ret = reply.readInt32(); 613 if (err < 0) { 614 ALOGD("zero() caught exception %d\n", err); 615 return -1; 616 } 617 return ret; 618 } 619 620 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize, 621 int32_t flags, Vector<sp<KeystoreArg> >* args) 622 { 623 Parcel data, reply; 624 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 625 data.writeString16(name); 626 data.writeInt32(uid); 627 data.writeInt32(keyType); 628 data.writeInt32(keySize); 629 data.writeInt32(flags); 630 data.writeInt32(1); 631 data.writeInt32(args->size()); 632 for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) { 633 sp<KeystoreArg> item = *it; 634 size_t keyLength = item->size(); 635 data.writeInt32(keyLength); 636 void* buf = data.writeInplace(keyLength); 637 memcpy(buf, item->data(), keyLength); 638 } 639 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply); 640 if (status != NO_ERROR) { 641 ALOGD("generate() could not contact remote: %d\n", status); 642 return -1; 643 } 644 int32_t err = reply.readExceptionCode(); 645 int32_t ret = reply.readInt32(); 646 if (err < 0) { 647 ALOGD("generate() caught exception %d\n", err); 648 return -1; 649 } 650 return ret; 651 } 652 653 virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid, 654 int flags) 655 { 656 Parcel data, reply; 657 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 658 data.writeString16(name); 659 data.writeInt32(keyLength); 660 void* buf = data.writeInplace(keyLength); 661 memcpy(buf, key, keyLength); 662 data.writeInt32(uid); 663 data.writeInt32(flags); 664 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply); 665 if (status != NO_ERROR) { 666 ALOGD("import() could not contact remote: %d\n", status); 667 return -1; 668 } 669 int32_t err = reply.readExceptionCode(); 670 int32_t ret = reply.readInt32(); 671 if (err < 0) { 672 ALOGD("import() caught exception %d\n", err); 673 return -1; 674 } 675 return ret; 676 } 677 678 virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out, 679 size_t* outLength) 680 { 681 Parcel data, reply; 682 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 683 data.writeString16(name); 684 data.writeInt32(inLength); 685 void* buf = data.writeInplace(inLength); 686 memcpy(buf, in, inLength); 687 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply); 688 if (status != NO_ERROR) { 689 ALOGD("import() could not contact remote: %d\n", status); 690 return -1; 691 } 692 int32_t err = reply.readExceptionCode(); 693 ssize_t len = reply.readInt32(); 694 if (len >= 0 && (size_t) len <= reply.dataAvail()) { 695 size_t ulen = (size_t) len; 696 const void* outBuf = reply.readInplace(ulen); 697 *out = (uint8_t*) malloc(ulen); 698 if (*out != NULL) { 699 memcpy((void*) *out, outBuf, ulen); 700 *outLength = ulen; 701 } else { 702 ALOGE("out of memory allocating output array in sign"); 703 *outLength = 0; 704 } 705 } else { 706 *outLength = 0; 707 } 708 if (err < 0) { 709 ALOGD("import() caught exception %d\n", err); 710 return -1; 711 } 712 return 0; 713 } 714 715 virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength, 716 const uint8_t* signature, size_t signatureLength) 717 { 718 Parcel data, reply; 719 void* buf; 720 721 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 722 data.writeString16(name); 723 data.writeInt32(inLength); 724 buf = data.writeInplace(inLength); 725 memcpy(buf, in, inLength); 726 data.writeInt32(signatureLength); 727 buf = data.writeInplace(signatureLength); 728 memcpy(buf, signature, signatureLength); 729 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply); 730 if (status != NO_ERROR) { 731 ALOGD("verify() could not contact remote: %d\n", status); 732 return -1; 733 } 734 int32_t err = reply.readExceptionCode(); 735 int32_t ret = reply.readInt32(); 736 if (err < 0) { 737 ALOGD("verify() caught exception %d\n", err); 738 return -1; 739 } 740 return ret; 741 } 742 743 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) 744 { 745 Parcel data, reply; 746 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 747 data.writeString16(name); 748 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply); 749 if (status != NO_ERROR) { 750 ALOGD("get_pubkey() could not contact remote: %d\n", status); 751 return -1; 752 } 753 int32_t err = reply.readExceptionCode(); 754 ssize_t len = reply.readInt32(); 755 if (len >= 0 && (size_t) len <= reply.dataAvail()) { 756 size_t ulen = (size_t) len; 757 const void* buf = reply.readInplace(ulen); 758 *pubkey = (uint8_t*) malloc(ulen); 759 if (*pubkey != NULL) { 760 memcpy(*pubkey, buf, ulen); 761 *pubkeyLength = ulen; 762 } else { 763 ALOGE("out of memory allocating output array in get_pubkey"); 764 *pubkeyLength = 0; 765 } 766 } else { 767 *pubkeyLength = 0; 768 } 769 if (err < 0) { 770 ALOGD("get_pubkey() caught exception %d\n", err); 771 return -1; 772 } 773 return 0; 774 } 775 776 virtual int32_t del_key(const String16& name, int uid) 777 { 778 Parcel data, reply; 779 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 780 data.writeString16(name); 781 data.writeInt32(uid); 782 status_t status = remote()->transact(BnKeystoreService::DEL_KEY, data, &reply); 783 if (status != NO_ERROR) { 784 ALOGD("del_key() could not contact remote: %d\n", status); 785 return -1; 786 } 787 int32_t err = reply.readExceptionCode(); 788 int32_t ret = reply.readInt32(); 789 if (err < 0) { 790 ALOGD("del_key() caught exception %d\n", err); 791 return -1; 792 } 793 return ret; 794 } 795 796 virtual int32_t grant(const String16& name, int32_t granteeUid) 797 { 798 Parcel data, reply; 799 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 800 data.writeString16(name); 801 data.writeInt32(granteeUid); 802 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply); 803 if (status != NO_ERROR) { 804 ALOGD("grant() could not contact remote: %d\n", status); 805 return -1; 806 } 807 int32_t err = reply.readExceptionCode(); 808 int32_t ret = reply.readInt32(); 809 if (err < 0) { 810 ALOGD("grant() caught exception %d\n", err); 811 return -1; 812 } 813 return ret; 814 } 815 816 virtual int32_t ungrant(const String16& name, int32_t granteeUid) 817 { 818 Parcel data, reply; 819 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 820 data.writeString16(name); 821 data.writeInt32(granteeUid); 822 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply); 823 if (status != NO_ERROR) { 824 ALOGD("ungrant() could not contact remote: %d\n", status); 825 return -1; 826 } 827 int32_t err = reply.readExceptionCode(); 828 int32_t ret = reply.readInt32(); 829 if (err < 0) { 830 ALOGD("ungrant() caught exception %d\n", err); 831 return -1; 832 } 833 return ret; 834 } 835 836 int64_t getmtime(const String16& name) 837 { 838 Parcel data, reply; 839 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 840 data.writeString16(name); 841 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply); 842 if (status != NO_ERROR) { 843 ALOGD("getmtime() could not contact remote: %d\n", status); 844 return -1; 845 } 846 int32_t err = reply.readExceptionCode(); 847 int64_t ret = reply.readInt64(); 848 if (err < 0) { 849 ALOGD("getmtime() caught exception %d\n", err); 850 return -1; 851 } 852 return ret; 853 } 854 855 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, 856 int32_t destUid) 857 { 858 Parcel data, reply; 859 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 860 data.writeString16(srcKey); 861 data.writeInt32(srcUid); 862 data.writeString16(destKey); 863 data.writeInt32(destUid); 864 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply); 865 if (status != NO_ERROR) { 866 ALOGD("duplicate() could not contact remote: %d\n", status); 867 return -1; 868 } 869 int32_t err = reply.readExceptionCode(); 870 int32_t ret = reply.readInt32(); 871 if (err < 0) { 872 ALOGD("duplicate() caught exception %d\n", err); 873 return -1; 874 } 875 return ret; 876 } 877 878 virtual int32_t is_hardware_backed(const String16& keyType) 879 { 880 Parcel data, reply; 881 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 882 data.writeString16(keyType); 883 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply); 884 if (status != NO_ERROR) { 885 ALOGD("is_hardware_backed() could not contact remote: %d\n", status); 886 return -1; 887 } 888 int32_t err = reply.readExceptionCode(); 889 int32_t ret = reply.readInt32(); 890 if (err < 0) { 891 ALOGD("is_hardware_backed() caught exception %d\n", err); 892 return -1; 893 } 894 return ret; 895 } 896 897 virtual int32_t clear_uid(int64_t uid) 898 { 899 Parcel data, reply; 900 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 901 data.writeInt64(uid); 902 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply); 903 if (status != NO_ERROR) { 904 ALOGD("clear_uid() could not contact remote: %d\n", status); 905 return -1; 906 } 907 int32_t err = reply.readExceptionCode(); 908 int32_t ret = reply.readInt32(); 909 if (err < 0) { 910 ALOGD("clear_uid() caught exception %d\n", err); 911 return -1; 912 } 913 return ret; 914 } 915 916 virtual int32_t reset_uid(int32_t uid) { 917 Parcel data, reply; 918 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 919 data.writeInt32(uid); 920 status_t status = remote()->transact(BnKeystoreService::RESET_UID, data, &reply); 921 if (status != NO_ERROR) { 922 ALOGD("reset_uid() could not contact remote: %d\n", status); 923 return -1; 924 } 925 int32_t err = reply.readExceptionCode(); 926 int32_t ret = reply.readInt32(); 927 if (err < 0) { 928 ALOGD("reset_uid() caught exception %d\n", err); 929 return -1; 930 } 931 return ret; 932 933 } 934 935 virtual int32_t sync_uid(int32_t sourceUid, int32_t targetUid) 936 { 937 Parcel data, reply; 938 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 939 data.writeInt32(sourceUid); 940 data.writeInt32(targetUid); 941 status_t status = remote()->transact(BnKeystoreService::SYNC_UID, data, &reply); 942 if (status != NO_ERROR) { 943 ALOGD("sync_uid() could not contact remote: %d\n", status); 944 return -1; 945 } 946 int32_t err = reply.readExceptionCode(); 947 int32_t ret = reply.readInt32(); 948 if (err < 0) { 949 ALOGD("sync_uid() caught exception %d\n", err); 950 return -1; 951 } 952 return ret; 953 } 954 955 virtual int32_t password_uid(const String16& password, int32_t uid) 956 { 957 Parcel data, reply; 958 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 959 data.writeString16(password); 960 data.writeInt32(uid); 961 status_t status = remote()->transact(BnKeystoreService::PASSWORD_UID, data, &reply); 962 if (status != NO_ERROR) { 963 ALOGD("password_uid() could not contact remote: %d\n", status); 964 return -1; 965 } 966 int32_t err = reply.readExceptionCode(); 967 int32_t ret = reply.readInt32(); 968 if (err < 0) { 969 ALOGD("password_uid() caught exception %d\n", err); 970 return -1; 971 } 972 return ret; 973 } 974 virtual int32_t addRngEntropy(const uint8_t* buf, size_t bufLength) 975 { 976 Parcel data, reply; 977 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 978 data.writeInt32(bufLength); 979 data.writeByteArray(bufLength, buf); 980 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply); 981 if (status != NO_ERROR) { 982 ALOGD("addRngEntropy() could not contact remote: %d\n", status); 983 return -1; 984 } 985 int32_t err = reply.readExceptionCode(); 986 int32_t ret = reply.readInt32(); 987 if (err < 0) { 988 ALOGD("addRngEntropy() caught exception %d\n", err); 989 return -1; 990 } 991 return ret; 992 }; 993 994 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params, 995 int uid, int flags, KeyCharacteristics* outCharacteristics) 996 { 997 Parcel data, reply; 998 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 999 data.writeString16(name); 1000 data.writeInt32(1); 1001 params.writeToParcel(&data); 1002 data.writeInt32(uid); 1003 data.writeInt32(flags); 1004 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply); 1005 if (status != NO_ERROR) { 1006 ALOGD("generateKey() could not contact remote: %d\n", status); 1007 return KM_ERROR_UNKNOWN_ERROR; 1008 } 1009 int32_t err = reply.readExceptionCode(); 1010 int32_t ret = reply.readInt32(); 1011 if (err < 0) { 1012 ALOGD("generateKey() caught exception %d\n", err); 1013 return KM_ERROR_UNKNOWN_ERROR; 1014 } 1015 if (reply.readInt32() != 0 && outCharacteristics) { 1016 outCharacteristics->readFromParcel(reply); 1017 } 1018 return ret; 1019 } 1020 virtual int32_t getKeyCharacteristics(const String16& name, 1021 const keymaster_blob_t& clientId, 1022 const keymaster_blob_t& appData, 1023 KeyCharacteristics* outCharacteristics) 1024 { 1025 Parcel data, reply; 1026 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 1027 data.writeString16(name); 1028 data.writeByteArray(clientId.data_length, clientId.data); 1029 data.writeByteArray(appData.data_length, appData.data); 1030 status_t status = remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS, 1031 data, &reply); 1032 if (status != NO_ERROR) { 1033 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status); 1034 return KM_ERROR_UNKNOWN_ERROR; 1035 } 1036 int32_t err = reply.readExceptionCode(); 1037 int32_t ret = reply.readInt32(); 1038 if (err < 0) { 1039 ALOGD("getKeyCharacteristics() caught exception %d\n", err); 1040 return KM_ERROR_UNKNOWN_ERROR; 1041 } 1042 if (reply.readInt32() != 0 && outCharacteristics) { 1043 outCharacteristics->readFromParcel(reply); 1044 } 1045 return ret; 1046 } 1047 virtual int32_t importKey(const String16& name, const KeymasterArguments& params, 1048 keymaster_key_format_t format, const uint8_t *keyData, 1049 size_t keyLength, int uid, int flags, 1050 KeyCharacteristics* outCharacteristics) 1051 { 1052 Parcel data, reply; 1053 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 1054 data.writeString16(name); 1055 data.writeInt32(1); 1056 params.writeToParcel(&data); 1057 data.writeInt32(format); 1058 data.writeByteArray(keyLength, keyData); 1059 data.writeInt32(uid); 1060 data.writeInt32(flags); 1061 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply); 1062 if (status != NO_ERROR) { 1063 ALOGD("importKey() could not contact remote: %d\n", status); 1064 return KM_ERROR_UNKNOWN_ERROR; 1065 } 1066 int32_t err = reply.readExceptionCode(); 1067 int32_t ret = reply.readInt32(); 1068 if (err < 0) { 1069 ALOGD("importKey() caught exception %d\n", err); 1070 return KM_ERROR_UNKNOWN_ERROR; 1071 } 1072 if (reply.readInt32() != 0 && outCharacteristics) { 1073 outCharacteristics->readFromParcel(reply); 1074 } 1075 return ret; 1076 } 1077 1078 virtual void exportKey(const String16& name, keymaster_key_format_t format, 1079 const keymaster_blob_t& clientId, 1080 const keymaster_blob_t& appData, ExportResult* result) 1081 { 1082 if (!result) { 1083 return; 1084 } 1085 1086 Parcel data, reply; 1087 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 1088 data.writeString16(name); 1089 data.writeInt32(format); 1090 data.writeByteArray(clientId.data_length, clientId.data); 1091 data.writeByteArray(appData.data_length, appData.data); 1092 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply); 1093 if (status != NO_ERROR) { 1094 ALOGD("exportKey() could not contact remote: %d\n", status); 1095 result->resultCode = KM_ERROR_UNKNOWN_ERROR; 1096 return; 1097 } 1098 int32_t err = reply.readExceptionCode(); 1099 if (err < 0) { 1100 ALOGD("exportKey() caught exception %d\n", err); 1101 result->resultCode = KM_ERROR_UNKNOWN_ERROR; 1102 return; 1103 } 1104 if (reply.readInt32() != 0) { 1105 result->readFromParcel(reply); 1106 } 1107 } 1108 1109 virtual void begin(const sp<IBinder>& appToken, const String16& name, 1110 keymaster_purpose_t purpose, bool pruneable, 1111 const KeymasterArguments& params, KeymasterArguments* outParams, 1112 OperationResult* result) 1113 { 1114 if (!result || !outParams) { 1115 return; 1116 } 1117 Parcel data, reply; 1118 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 1119 data.writeStrongBinder(appToken); 1120 data.writeString16(name); 1121 data.writeInt32(purpose); 1122 data.writeInt32(pruneable ? 1 : 0); 1123 data.writeInt32(1); 1124 params.writeToParcel(&data); 1125 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply); 1126 if (status != NO_ERROR) { 1127 ALOGD("begin() could not contact remote: %d\n", status); 1128 result->resultCode = KM_ERROR_UNKNOWN_ERROR; 1129 return; 1130 } 1131 int32_t err = reply.readExceptionCode(); 1132 if (err < 0) { 1133 ALOGD("begin() caught exception %d\n", err); 1134 result->resultCode = KM_ERROR_UNKNOWN_ERROR; 1135 return; 1136 } 1137 if (reply.readInt32() != 0) { 1138 result->readFromParcel(reply); 1139 } 1140 if (reply.readInt32() != 0) { 1141 outParams->readFromParcel(reply); 1142 } 1143 } 1144 1145 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params, 1146 const uint8_t* opData, size_t dataLength, OperationResult* result) 1147 { 1148 if (!result) { 1149 return; 1150 } 1151 Parcel data, reply; 1152 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 1153 data.writeStrongBinder(token); 1154 data.writeInt32(1); 1155 params.writeToParcel(&data); 1156 data.writeByteArray(dataLength, opData); 1157 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply); 1158 if (status != NO_ERROR) { 1159 ALOGD("update() could not contact remote: %d\n", status); 1160 result->resultCode = KM_ERROR_UNKNOWN_ERROR; 1161 return; 1162 } 1163 int32_t err = reply.readExceptionCode(); 1164 if (err < 0) { 1165 ALOGD("update() caught exception %d\n", err); 1166 result->resultCode = KM_ERROR_UNKNOWN_ERROR; 1167 return; 1168 } 1169 if (reply.readInt32() != 0) { 1170 result->readFromParcel(reply); 1171 } 1172 } 1173 1174 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params, 1175 const uint8_t* signature, size_t signatureLength, OperationResult* result) 1176 { 1177 if (!result) { 1178 return; 1179 } 1180 Parcel data, reply; 1181 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 1182 data.writeStrongBinder(token); 1183 data.writeInt32(1); 1184 params.writeToParcel(&data); 1185 data.writeByteArray(signatureLength, signature); 1186 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply); 1187 if (status != NO_ERROR) { 1188 ALOGD("finish() could not contact remote: %d\n", status); 1189 result->resultCode = KM_ERROR_UNKNOWN_ERROR; 1190 return; 1191 } 1192 int32_t err = reply.readExceptionCode(); 1193 if (err < 0) { 1194 ALOGD("finish() caught exception %d\n", err); 1195 result->resultCode = KM_ERROR_UNKNOWN_ERROR; 1196 return; 1197 } 1198 if (reply.readInt32() != 0) { 1199 result->readFromParcel(reply); 1200 } 1201 } 1202 1203 virtual int32_t abort(const sp<IBinder>& token) 1204 { 1205 Parcel data, reply; 1206 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 1207 data.writeStrongBinder(token); 1208 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply); 1209 if (status != NO_ERROR) { 1210 ALOGD("abort() could not contact remote: %d\n", status); 1211 return KM_ERROR_UNKNOWN_ERROR; 1212 } 1213 int32_t err = reply.readExceptionCode(); 1214 int32_t ret = reply.readInt32(); 1215 if (err < 0) { 1216 ALOGD("abort() caught exception %d\n", err); 1217 return KM_ERROR_UNKNOWN_ERROR; 1218 } 1219 return ret; 1220 } 1221}; 1222 1223IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService"); 1224 1225// ---------------------------------------------------------------------- 1226 1227status_t BnKeystoreService::onTransact( 1228 uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags) 1229{ 1230 switch(code) { 1231 case TEST: { 1232 CHECK_INTERFACE(IKeystoreService, data, reply); 1233 int32_t ret = test(); 1234 reply->writeNoException(); 1235 reply->writeInt32(ret); 1236 return NO_ERROR; 1237 } break; 1238 case GET: { 1239 CHECK_INTERFACE(IKeystoreService, data, reply); 1240 String16 name = data.readString16(); 1241 void* out = NULL; 1242 size_t outSize = 0; 1243 int32_t ret = get(name, (uint8_t**) &out, &outSize); 1244 reply->writeNoException(); 1245 if (ret == 1) { 1246 reply->writeInt32(outSize); 1247 void* buf = reply->writeInplace(outSize); 1248 memcpy(buf, out, outSize); 1249 free(out); 1250 } else { 1251 reply->writeInt32(-1); 1252 } 1253 return NO_ERROR; 1254 } break; 1255 case INSERT: { 1256 CHECK_INTERFACE(IKeystoreService, data, reply); 1257 String16 name = data.readString16(); 1258 ssize_t inSize = data.readInt32(); 1259 const void* in; 1260 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) { 1261 in = data.readInplace(inSize); 1262 } else { 1263 in = NULL; 1264 inSize = 0; 1265 } 1266 int uid = data.readInt32(); 1267 int32_t flags = data.readInt32(); 1268 int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags); 1269 reply->writeNoException(); 1270 reply->writeInt32(ret); 1271 return NO_ERROR; 1272 } break; 1273 case DEL: { 1274 CHECK_INTERFACE(IKeystoreService, data, reply); 1275 String16 name = data.readString16(); 1276 int uid = data.readInt32(); 1277 int32_t ret = del(name, uid); 1278 reply->writeNoException(); 1279 reply->writeInt32(ret); 1280 return NO_ERROR; 1281 } break; 1282 case EXIST: { 1283 CHECK_INTERFACE(IKeystoreService, data, reply); 1284 String16 name = data.readString16(); 1285 int uid = data.readInt32(); 1286 int32_t ret = exist(name, uid); 1287 reply->writeNoException(); 1288 reply->writeInt32(ret); 1289 return NO_ERROR; 1290 } break; 1291 case SAW: { 1292 CHECK_INTERFACE(IKeystoreService, data, reply); 1293 String16 name = data.readString16(); 1294 int uid = data.readInt32(); 1295 Vector<String16> matches; 1296 int32_t ret = saw(name, uid, &matches); 1297 reply->writeNoException(); 1298 reply->writeInt32(matches.size()); 1299 Vector<String16>::const_iterator it = matches.begin(); 1300 for (; it != matches.end(); ++it) { 1301 reply->writeString16(*it); 1302 } 1303 reply->writeInt32(ret); 1304 return NO_ERROR; 1305 } break; 1306 case RESET: { 1307 CHECK_INTERFACE(IKeystoreService, data, reply); 1308 int32_t ret = reset(); 1309 reply->writeNoException(); 1310 reply->writeInt32(ret); 1311 return NO_ERROR; 1312 } break; 1313 case PASSWORD: { 1314 CHECK_INTERFACE(IKeystoreService, data, reply); 1315 String16 pass = data.readString16(); 1316 int32_t ret = password(pass); 1317 reply->writeNoException(); 1318 reply->writeInt32(ret); 1319 return NO_ERROR; 1320 } break; 1321 case LOCK: { 1322 CHECK_INTERFACE(IKeystoreService, data, reply); 1323 int32_t ret = lock(); 1324 reply->writeNoException(); 1325 reply->writeInt32(ret); 1326 return NO_ERROR; 1327 } break; 1328 case UNLOCK: { 1329 CHECK_INTERFACE(IKeystoreService, data, reply); 1330 String16 pass = data.readString16(); 1331 int32_t ret = unlock(pass); 1332 reply->writeNoException(); 1333 reply->writeInt32(ret); 1334 return NO_ERROR; 1335 } break; 1336 case ZERO: { 1337 CHECK_INTERFACE(IKeystoreService, data, reply); 1338 int32_t ret = zero(); 1339 reply->writeNoException(); 1340 reply->writeInt32(ret); 1341 return NO_ERROR; 1342 } break; 1343 case GENERATE: { 1344 CHECK_INTERFACE(IKeystoreService, data, reply); 1345 String16 name = data.readString16(); 1346 int32_t uid = data.readInt32(); 1347 int32_t keyType = data.readInt32(); 1348 int32_t keySize = data.readInt32(); 1349 int32_t flags = data.readInt32(); 1350 Vector<sp<KeystoreArg> > args; 1351 int32_t argsPresent = data.readInt32(); 1352 if (argsPresent == 1) { 1353 ssize_t numArgs = data.readInt32(); 1354 if (numArgs > 0) { 1355 for (size_t i = 0; i < (size_t) numArgs; i++) { 1356 ssize_t inSize = data.readInt32(); 1357 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) { 1358 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize), 1359 inSize); 1360 args.push_back(arg); 1361 } else { 1362 args.push_back(NULL); 1363 } 1364 } 1365 } 1366 } 1367 int32_t ret = generate(name, uid, keyType, keySize, flags, &args); 1368 reply->writeNoException(); 1369 reply->writeInt32(ret); 1370 return NO_ERROR; 1371 } break; 1372 case IMPORT: { 1373 CHECK_INTERFACE(IKeystoreService, data, reply); 1374 String16 name = data.readString16(); 1375 ssize_t inSize = data.readInt32(); 1376 const void* in; 1377 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) { 1378 in = data.readInplace(inSize); 1379 } else { 1380 in = NULL; 1381 inSize = 0; 1382 } 1383 int uid = data.readInt32(); 1384 int32_t flags = data.readInt32(); 1385 int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags); 1386 reply->writeNoException(); 1387 reply->writeInt32(ret); 1388 return NO_ERROR; 1389 } break; 1390 case SIGN: { 1391 CHECK_INTERFACE(IKeystoreService, data, reply); 1392 String16 name = data.readString16(); 1393 ssize_t inSize = data.readInt32(); 1394 const void* in; 1395 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) { 1396 in = data.readInplace(inSize); 1397 } else { 1398 in = NULL; 1399 inSize = 0; 1400 } 1401 void* out = NULL; 1402 size_t outSize = 0; 1403 int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize); 1404 reply->writeNoException(); 1405 if (outSize > 0 && out != NULL) { 1406 reply->writeInt32(outSize); 1407 void* buf = reply->writeInplace(outSize); 1408 memcpy(buf, out, outSize); 1409 free(out); 1410 } else { 1411 reply->writeInt32(-1); 1412 } 1413 reply->writeInt32(ret); 1414 return NO_ERROR; 1415 } break; 1416 case VERIFY: { 1417 CHECK_INTERFACE(IKeystoreService, data, reply); 1418 String16 name = data.readString16(); 1419 ssize_t inSize = data.readInt32(); 1420 const void* in; 1421 if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) { 1422 in = data.readInplace(inSize); 1423 } else { 1424 in = NULL; 1425 inSize = 0; 1426 } 1427 ssize_t sigSize = data.readInt32(); 1428 const void* sig; 1429 if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) { 1430 sig = data.readInplace(sigSize); 1431 } else { 1432 sig = NULL; 1433 sigSize = 0; 1434 } 1435 bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig, 1436 (size_t) sigSize); 1437 reply->writeNoException(); 1438 reply->writeInt32(ret ? 1 : 0); 1439 return NO_ERROR; 1440 } break; 1441 case GET_PUBKEY: { 1442 CHECK_INTERFACE(IKeystoreService, data, reply); 1443 String16 name = data.readString16(); 1444 void* out = NULL; 1445 size_t outSize = 0; 1446 int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize); 1447 reply->writeNoException(); 1448 if (outSize > 0 && out != NULL) { 1449 reply->writeInt32(outSize); 1450 void* buf = reply->writeInplace(outSize); 1451 memcpy(buf, out, outSize); 1452 free(out); 1453 } else { 1454 reply->writeInt32(-1); 1455 } 1456 reply->writeInt32(ret); 1457 return NO_ERROR; 1458 } break; 1459 case DEL_KEY: { 1460 CHECK_INTERFACE(IKeystoreService, data, reply); 1461 String16 name = data.readString16(); 1462 int uid = data.readInt32(); 1463 int32_t ret = del_key(name, uid); 1464 reply->writeNoException(); 1465 reply->writeInt32(ret); 1466 return NO_ERROR; 1467 } break; 1468 case GRANT: { 1469 CHECK_INTERFACE(IKeystoreService, data, reply); 1470 String16 name = data.readString16(); 1471 int32_t granteeUid = data.readInt32(); 1472 int32_t ret = grant(name, granteeUid); 1473 reply->writeNoException(); 1474 reply->writeInt32(ret); 1475 return NO_ERROR; 1476 } break; 1477 case UNGRANT: { 1478 CHECK_INTERFACE(IKeystoreService, data, reply); 1479 String16 name = data.readString16(); 1480 int32_t granteeUid = data.readInt32(); 1481 int32_t ret = ungrant(name, granteeUid); 1482 reply->writeNoException(); 1483 reply->writeInt32(ret); 1484 return NO_ERROR; 1485 } break; 1486 case GETMTIME: { 1487 CHECK_INTERFACE(IKeystoreService, data, reply); 1488 String16 name = data.readString16(); 1489 int64_t ret = getmtime(name); 1490 reply->writeNoException(); 1491 reply->writeInt64(ret); 1492 return NO_ERROR; 1493 } break; 1494 case DUPLICATE: { 1495 CHECK_INTERFACE(IKeystoreService, data, reply); 1496 String16 srcKey = data.readString16(); 1497 int32_t srcUid = data.readInt32(); 1498 String16 destKey = data.readString16(); 1499 int32_t destUid = data.readInt32(); 1500 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid); 1501 reply->writeNoException(); 1502 reply->writeInt32(ret); 1503 return NO_ERROR; 1504 } break; 1505 case IS_HARDWARE_BACKED: { 1506 CHECK_INTERFACE(IKeystoreService, data, reply); 1507 String16 keyType = data.readString16(); 1508 int32_t ret = is_hardware_backed(keyType); 1509 reply->writeNoException(); 1510 reply->writeInt32(ret); 1511 return NO_ERROR; 1512 } 1513 case CLEAR_UID: { 1514 CHECK_INTERFACE(IKeystoreService, data, reply); 1515 int64_t uid = data.readInt64(); 1516 int32_t ret = clear_uid(uid); 1517 reply->writeNoException(); 1518 reply->writeInt32(ret); 1519 return NO_ERROR; 1520 } 1521 case RESET_UID: { 1522 CHECK_INTERFACE(IKeystoreService, data, reply); 1523 int32_t uid = data.readInt32(); 1524 int32_t ret = reset_uid(uid); 1525 reply->writeNoException(); 1526 reply->writeInt32(ret); 1527 return NO_ERROR; 1528 } 1529 case SYNC_UID: { 1530 CHECK_INTERFACE(IKeystoreService, data, reply); 1531 int32_t sourceUid = data.readInt32(); 1532 int32_t targetUid = data.readInt32(); 1533 int32_t ret = sync_uid(sourceUid, targetUid); 1534 reply->writeNoException(); 1535 reply->writeInt32(ret); 1536 return NO_ERROR; 1537 } 1538 case PASSWORD_UID: { 1539 CHECK_INTERFACE(IKeystoreService, data, reply); 1540 String16 password = data.readString16(); 1541 int32_t uid = data.readInt32(); 1542 int32_t ret = password_uid(password, uid); 1543 reply->writeNoException(); 1544 reply->writeInt32(ret); 1545 return NO_ERROR; 1546 } 1547 case ADD_RNG_ENTROPY: { 1548 CHECK_INTERFACE(IKeystoreService, data, reply); 1549 const uint8_t* bytes = NULL; 1550 size_t size = 0; 1551 readByteArray(data, &bytes, &size); 1552 int32_t ret = addRngEntropy(bytes, size); 1553 reply->writeNoException(); 1554 reply->writeInt32(ret); 1555 return NO_ERROR; 1556 } 1557 case GENERATE_KEY: { 1558 CHECK_INTERFACE(IKeystoreService, data, reply); 1559 String16 name = data.readString16(); 1560 KeymasterArguments args; 1561 if (data.readInt32() != 0) { 1562 args.readFromParcel(data); 1563 } 1564 int32_t uid = data.readInt32(); 1565 int32_t flags = data.readInt32(); 1566 KeyCharacteristics outCharacteristics; 1567 int32_t ret = generateKey(name, args, uid, flags, &outCharacteristics); 1568 reply->writeNoException(); 1569 reply->writeInt32(ret); 1570 reply->writeInt32(1); 1571 outCharacteristics.writeToParcel(reply); 1572 return NO_ERROR; 1573 } 1574 case GET_KEY_CHARACTERISTICS: { 1575 CHECK_INTERFACE(IKeystoreService, data, reply); 1576 String16 name = data.readString16(); 1577 keymaster_blob_t clientId, appData; 1578 readKeymasterBlob(data, &clientId); 1579 readKeymasterBlob(data, &appData); 1580 KeyCharacteristics outCharacteristics; 1581 int ret = getKeyCharacteristics(name, clientId, appData, &outCharacteristics); 1582 reply->writeNoException(); 1583 reply->writeInt32(ret); 1584 reply->writeInt32(1); 1585 outCharacteristics.writeToParcel(reply); 1586 return NO_ERROR; 1587 } 1588 case IMPORT_KEY: { 1589 CHECK_INTERFACE(IKeystoreService, data, reply); 1590 String16 name = data.readString16(); 1591 KeymasterArguments args; 1592 if (data.readInt32() != 0) { 1593 args.readFromParcel(data); 1594 } 1595 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32()); 1596 const uint8_t* keyData = NULL; 1597 size_t keyLength = 0; 1598 readByteArray(data, &keyData, &keyLength); 1599 int32_t uid = data.readInt32(); 1600 int32_t flags = data.readInt32(); 1601 KeyCharacteristics outCharacteristics; 1602 int32_t ret = importKey(name, args, format, keyData, keyLength, uid, flags, 1603 &outCharacteristics); 1604 reply->writeNoException(); 1605 reply->writeInt32(ret); 1606 reply->writeInt32(1); 1607 outCharacteristics.writeToParcel(reply); 1608 1609 return NO_ERROR; 1610 } 1611 case EXPORT_KEY: { 1612 CHECK_INTERFACE(IKeystoreService, data, reply); 1613 String16 name = data.readString16(); 1614 keymaster_key_format_t format = static_cast<keymaster_key_format_t>(data.readInt32()); 1615 keymaster_blob_t clientId, appData; 1616 readKeymasterBlob(data, &clientId); 1617 readKeymasterBlob(data, &appData); 1618 ExportResult result; 1619 exportKey(name, format, clientId, appData, &result); 1620 reply->writeNoException(); 1621 reply->writeInt32(1); 1622 result.writeToParcel(reply); 1623 1624 return NO_ERROR; 1625 } 1626 case BEGIN: { 1627 CHECK_INTERFACE(IKeystoreService, data, reply); 1628 sp<IBinder> token = data.readStrongBinder(); 1629 String16 name = data.readString16(); 1630 keymaster_purpose_t purpose = static_cast<keymaster_purpose_t>(data.readInt32()); 1631 bool pruneable = data.readInt32() != 0; 1632 KeymasterArguments args; 1633 if (data.readInt32() != 0) { 1634 args.readFromParcel(data); 1635 } 1636 KeymasterArguments outArgs; 1637 OperationResult result; 1638 begin(token, name, purpose, pruneable, args, &outArgs, &result); 1639 reply->writeNoException(); 1640 reply->writeInt32(1); 1641 result.writeToParcel(reply); 1642 reply->writeInt32(1); 1643 outArgs.writeToParcel(reply); 1644 1645 return NO_ERROR; 1646 } 1647 case UPDATE: { 1648 CHECK_INTERFACE(IKeystoreService, data, reply); 1649 sp<IBinder> token = data.readStrongBinder(); 1650 KeymasterArguments args; 1651 if (data.readInt32() != 0) { 1652 args.readFromParcel(data); 1653 } 1654 const uint8_t* buf = NULL; 1655 size_t bufLength = 0; 1656 readByteArray(data, &buf, &bufLength); 1657 OperationResult result; 1658 update(token, args, buf, bufLength, &result); 1659 reply->writeNoException(); 1660 reply->writeInt32(1); 1661 result.writeToParcel(reply); 1662 1663 return NO_ERROR; 1664 } 1665 case FINISH: { 1666 CHECK_INTERFACE(IKeystoreService, data, reply); 1667 sp<IBinder> token = data.readStrongBinder(); 1668 KeymasterArguments args; 1669 if (data.readInt32() != 0) { 1670 args.readFromParcel(data); 1671 } 1672 const uint8_t* buf = NULL; 1673 size_t bufLength = 0; 1674 readByteArray(data, &buf, &bufLength); 1675 OperationResult result; 1676 finish(token, args, buf, bufLength, &result); 1677 reply->writeNoException(); 1678 reply->writeInt32(1); 1679 result.writeToParcel(reply); 1680 1681 return NO_ERROR; 1682 } 1683 case ABORT: { 1684 CHECK_INTERFACE(IKeystoreService, data, reply); 1685 sp<IBinder> token = data.readStrongBinder(); 1686 int32_t result = abort(token); 1687 reply->writeNoException(); 1688 reply->writeInt32(result); 1689 1690 return NO_ERROR; 1691 } 1692 default: 1693 return BBinder::onTransact(code, data, reply, flags); 1694 } 1695} 1696 1697// ---------------------------------------------------------------------------- 1698 1699}; // namespace android 1700