Home | History | Annotate | Download | only in keystore
      1 /*
      2 **
      3 ** Copyright 2008, The Android Open Source Project
      4 **
      5 ** Licensed under the Apache License, Version 2.0 (the "License");
      6 ** you may not use this file except in compliance with the License.
      7 ** You may obtain a copy of the License at
      8 **
      9 **     http://www.apache.org/licenses/LICENSE-2.0
     10 **
     11 ** Unless required by applicable law or agreed to in writing, software
     12 ** distributed under the License is distributed on an "AS IS" BASIS,
     13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14 ** See the License for the specific language governing permissions and
     15 ** limitations under the License.
     16 */
     17 
     18 #include <stdint.h>
     19 #include <sys/types.h>
     20 
     21 #define LOG_TAG "KeystoreService"
     22 #include <utils/Log.h>
     23 
     24 #include <binder/Parcel.h>
     25 #include <binder/IPCThreadState.h>
     26 #include <binder/IServiceManager.h>
     27 
     28 #include <keystore/IKeystoreService.h>
     29 
     30 namespace android {
     31 
     32 KeystoreArg::KeystoreArg(const void* data, size_t len)
     33     : mData(data), mSize(len) {
     34 }
     35 
     36 KeystoreArg::~KeystoreArg() {
     37 }
     38 
     39 const void *KeystoreArg::data() const {
     40     return mData;
     41 }
     42 
     43 size_t KeystoreArg::size() const {
     44     return mSize;
     45 }
     46 
     47 class BpKeystoreService: public BpInterface<IKeystoreService>
     48 {
     49 public:
     50     BpKeystoreService(const sp<IBinder>& impl)
     51         : BpInterface<IKeystoreService>(impl)
     52     {
     53     }
     54 
     55     // test ping
     56     virtual int32_t test()
     57     {
     58         Parcel data, reply;
     59         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
     60         status_t status = remote()->transact(BnKeystoreService::TEST, data, &reply);
     61         if (status != NO_ERROR) {
     62             ALOGD("test() could not contact remote: %d\n", status);
     63             return -1;
     64         }
     65         int32_t err = reply.readExceptionCode();
     66         int32_t ret = reply.readInt32();
     67         if (err < 0) {
     68             ALOGD("test() caught exception %d\n", err);
     69             return -1;
     70         }
     71         return ret;
     72     }
     73 
     74     virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength)
     75     {
     76         Parcel data, reply;
     77         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
     78         data.writeString16(name);
     79         status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
     80         if (status != NO_ERROR) {
     81             ALOGD("get() could not contact remote: %d\n", status);
     82             return -1;
     83         }
     84         int32_t err = reply.readExceptionCode();
     85         ssize_t len = reply.readInt32();
     86         if (len >= 0 && (size_t) len <= reply.dataAvail()) {
     87             size_t ulen = (size_t) len;
     88             const void* buf = reply.readInplace(ulen);
     89             *item = (uint8_t*) malloc(ulen);
     90             if (*item != NULL) {
     91                 memcpy(*item, buf, ulen);
     92                 *itemLength = ulen;
     93             } else {
     94                 ALOGE("out of memory allocating output array in get");
     95                 *itemLength = 0;
     96             }
     97         } else {
     98             *itemLength = 0;
     99         }
    100         if (err < 0) {
    101             ALOGD("get() caught exception %d\n", err);
    102             return -1;
    103         }
    104         return 0;
    105     }
    106 
    107     virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
    108             int32_t flags)
    109     {
    110         Parcel data, reply;
    111         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    112         data.writeString16(name);
    113         data.writeInt32(itemLength);
    114         void* buf = data.writeInplace(itemLength);
    115         memcpy(buf, item, itemLength);
    116         data.writeInt32(uid);
    117         data.writeInt32(flags);
    118         status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
    119         if (status != NO_ERROR) {
    120             ALOGD("import() could not contact remote: %d\n", status);
    121             return -1;
    122         }
    123         int32_t err = reply.readExceptionCode();
    124         int32_t ret = reply.readInt32();
    125         if (err < 0) {
    126             ALOGD("import() caught exception %d\n", err);
    127             return -1;
    128         }
    129         return ret;
    130     }
    131 
    132     virtual int32_t del(const String16& name, int uid)
    133     {
    134         Parcel data, reply;
    135         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    136         data.writeString16(name);
    137         data.writeInt32(uid);
    138         status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
    139         if (status != NO_ERROR) {
    140             ALOGD("del() could not contact remote: %d\n", status);
    141             return -1;
    142         }
    143         int32_t err = reply.readExceptionCode();
    144         int32_t ret = reply.readInt32();
    145         if (err < 0) {
    146             ALOGD("del() caught exception %d\n", err);
    147             return -1;
    148         }
    149         return ret;
    150     }
    151 
    152     virtual int32_t exist(const String16& name, int uid)
    153     {
    154         Parcel data, reply;
    155         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    156         data.writeString16(name);
    157         data.writeInt32(uid);
    158         status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
    159         if (status != NO_ERROR) {
    160             ALOGD("exist() could not contact remote: %d\n", status);
    161             return -1;
    162         }
    163         int32_t err = reply.readExceptionCode();
    164         int32_t ret = reply.readInt32();
    165         if (err < 0) {
    166             ALOGD("exist() caught exception %d\n", err);
    167             return -1;
    168         }
    169         return ret;
    170     }
    171 
    172     virtual int32_t saw(const String16& name, int uid, Vector<String16>* matches)
    173     {
    174         Parcel data, reply;
    175         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    176         data.writeString16(name);
    177         data.writeInt32(uid);
    178         status_t status = remote()->transact(BnKeystoreService::SAW, data, &reply);
    179         if (status != NO_ERROR) {
    180             ALOGD("saw() could not contact remote: %d\n", status);
    181             return -1;
    182         }
    183         int32_t err = reply.readExceptionCode();
    184         int32_t numMatches = reply.readInt32();
    185         for (int32_t i = 0; i < numMatches; i++) {
    186             matches->push(reply.readString16());
    187         }
    188         int32_t ret = reply.readInt32();
    189         if (err < 0) {
    190             ALOGD("saw() caught exception %d\n", err);
    191             return -1;
    192         }
    193         return ret;
    194     }
    195 
    196     virtual int32_t reset()
    197     {
    198         Parcel data, reply;
    199         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    200         status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
    201         if (status != NO_ERROR) {
    202             ALOGD("reset() could not contact remote: %d\n", status);
    203             return -1;
    204         }
    205         int32_t err = reply.readExceptionCode();
    206         int32_t ret = reply.readInt32();
    207         if (err < 0) {
    208             ALOGD("reset() caught exception %d\n", err);
    209             return -1;
    210         }
    211         return ret;
    212     }
    213 
    214     virtual int32_t password(const String16& password)
    215     {
    216         Parcel data, reply;
    217         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    218         data.writeString16(password);
    219         status_t status = remote()->transact(BnKeystoreService::PASSWORD, data, &reply);
    220         if (status != NO_ERROR) {
    221             ALOGD("password() could not contact remote: %d\n", status);
    222             return -1;
    223         }
    224         int32_t err = reply.readExceptionCode();
    225         int32_t ret = reply.readInt32();
    226         if (err < 0) {
    227             ALOGD("password() caught exception %d\n", err);
    228             return -1;
    229         }
    230         return ret;
    231     }
    232 
    233     virtual int32_t lock()
    234     {
    235         Parcel data, reply;
    236         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    237         status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
    238         if (status != NO_ERROR) {
    239             ALOGD("lock() could not contact remote: %d\n", status);
    240             return -1;
    241         }
    242         int32_t err = reply.readExceptionCode();
    243         int32_t ret = reply.readInt32();
    244         if (err < 0) {
    245             ALOGD("lock() caught exception %d\n", err);
    246             return -1;
    247         }
    248         return ret;
    249     }
    250 
    251     virtual int32_t unlock(const String16& password)
    252     {
    253         Parcel data, reply;
    254         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    255         data.writeString16(password);
    256         status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
    257         if (status != NO_ERROR) {
    258             ALOGD("unlock() could not contact remote: %d\n", status);
    259             return -1;
    260         }
    261         int32_t err = reply.readExceptionCode();
    262         int32_t ret = reply.readInt32();
    263         if (err < 0) {
    264             ALOGD("unlock() caught exception %d\n", err);
    265             return -1;
    266         }
    267         return ret;
    268     }
    269 
    270     virtual int32_t zero()
    271     {
    272         Parcel data, reply;
    273         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    274         status_t status = remote()->transact(BnKeystoreService::ZERO, data, &reply);
    275         if (status != NO_ERROR) {
    276             ALOGD("zero() could not contact remote: %d\n", status);
    277             return -1;
    278         }
    279         int32_t err = reply.readExceptionCode();
    280         int32_t ret = reply.readInt32();
    281         if (err < 0) {
    282             ALOGD("zero() caught exception %d\n", err);
    283             return -1;
    284         }
    285         return ret;
    286     }
    287 
    288     virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
    289             int32_t flags, Vector<sp<KeystoreArg> >* args)
    290     {
    291         Parcel data, reply;
    292         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    293         data.writeString16(name);
    294         data.writeInt32(uid);
    295         data.writeInt32(keyType);
    296         data.writeInt32(keySize);
    297         data.writeInt32(flags);
    298         data.writeInt32(args->size());
    299         for (Vector<sp<KeystoreArg> >::iterator it = args->begin(); it != args->end(); ++it) {
    300             sp<KeystoreArg> item = *it;
    301             size_t keyLength = item->size();
    302             data.writeInt32(keyLength);
    303             void* buf = data.writeInplace(keyLength);
    304             memcpy(buf, item->data(), keyLength);
    305         }
    306         status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
    307         if (status != NO_ERROR) {
    308             ALOGD("generate() could not contact remote: %d\n", status);
    309             return -1;
    310         }
    311         int32_t err = reply.readExceptionCode();
    312         int32_t ret = reply.readInt32();
    313         if (err < 0) {
    314             ALOGD("generate() caught exception %d\n", err);
    315             return -1;
    316         }
    317         return ret;
    318     }
    319 
    320     virtual int32_t import(const String16& name, const uint8_t* key, size_t keyLength, int uid,
    321             int flags)
    322     {
    323         Parcel data, reply;
    324         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    325         data.writeString16(name);
    326         data.writeInt32(keyLength);
    327         void* buf = data.writeInplace(keyLength);
    328         memcpy(buf, key, keyLength);
    329         data.writeInt32(uid);
    330         data.writeInt32(flags);
    331         status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
    332         if (status != NO_ERROR) {
    333             ALOGD("import() could not contact remote: %d\n", status);
    334             return -1;
    335         }
    336         int32_t err = reply.readExceptionCode();
    337         int32_t ret = reply.readInt32();
    338         if (err < 0) {
    339             ALOGD("import() caught exception %d\n", err);
    340             return -1;
    341         }
    342         return ret;
    343     }
    344 
    345     virtual int32_t sign(const String16& name, const uint8_t* in, size_t inLength, uint8_t** out,
    346             size_t* outLength)
    347     {
    348         Parcel data, reply;
    349         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    350         data.writeString16(name);
    351         data.writeInt32(inLength);
    352         void* buf = data.writeInplace(inLength);
    353         memcpy(buf, in, inLength);
    354         status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
    355         if (status != NO_ERROR) {
    356             ALOGD("import() could not contact remote: %d\n", status);
    357             return -1;
    358         }
    359         int32_t err = reply.readExceptionCode();
    360         ssize_t len = reply.readInt32();
    361         if (len >= 0 && (size_t) len <= reply.dataAvail()) {
    362             size_t ulen = (size_t) len;
    363             const void* outBuf = reply.readInplace(ulen);
    364             *out = (uint8_t*) malloc(ulen);
    365             if (*out != NULL) {
    366                 memcpy((void*) *out, outBuf, ulen);
    367                 *outLength = ulen;
    368             } else {
    369                 ALOGE("out of memory allocating output array in sign");
    370                 *outLength = 0;
    371             }
    372         } else {
    373             *outLength = 0;
    374         }
    375         if (err < 0) {
    376             ALOGD("import() caught exception %d\n", err);
    377             return -1;
    378         }
    379         return 0;
    380     }
    381 
    382     virtual int32_t verify(const String16& name, const uint8_t* in, size_t inLength,
    383             const uint8_t* signature, size_t signatureLength)
    384     {
    385         Parcel data, reply;
    386         void* buf;
    387 
    388         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    389         data.writeString16(name);
    390         data.writeInt32(inLength);
    391         buf = data.writeInplace(inLength);
    392         memcpy(buf, in, inLength);
    393         data.writeInt32(signatureLength);
    394         buf = data.writeInplace(signatureLength);
    395         memcpy(buf, signature, signatureLength);
    396         status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
    397         if (status != NO_ERROR) {
    398             ALOGD("verify() could not contact remote: %d\n", status);
    399             return -1;
    400         }
    401         int32_t err = reply.readExceptionCode();
    402         int32_t ret = reply.readInt32();
    403         if (err < 0) {
    404             ALOGD("verify() caught exception %d\n", err);
    405             return -1;
    406         }
    407         return ret;
    408     }
    409 
    410     virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength)
    411     {
    412         Parcel data, reply;
    413         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    414         data.writeString16(name);
    415         status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
    416         if (status != NO_ERROR) {
    417             ALOGD("get_pubkey() could not contact remote: %d\n", status);
    418             return -1;
    419         }
    420         int32_t err = reply.readExceptionCode();
    421         ssize_t len = reply.readInt32();
    422         if (len >= 0 && (size_t) len <= reply.dataAvail()) {
    423             size_t ulen = (size_t) len;
    424             const void* buf = reply.readInplace(ulen);
    425             *pubkey = (uint8_t*) malloc(ulen);
    426             if (*pubkey != NULL) {
    427                 memcpy(*pubkey, buf, ulen);
    428                 *pubkeyLength = ulen;
    429             } else {
    430                 ALOGE("out of memory allocating output array in get_pubkey");
    431                 *pubkeyLength = 0;
    432             }
    433         } else {
    434             *pubkeyLength = 0;
    435         }
    436         if (err < 0) {
    437             ALOGD("get_pubkey() caught exception %d\n", err);
    438             return -1;
    439         }
    440         return 0;
    441      }
    442 
    443     virtual int32_t del_key(const String16& name, int uid)
    444     {
    445         Parcel data, reply;
    446         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    447         data.writeString16(name);
    448         data.writeInt32(uid);
    449         status_t status = remote()->transact(BnKeystoreService::DEL_KEY, data, &reply);
    450         if (status != NO_ERROR) {
    451             ALOGD("del_key() could not contact remote: %d\n", status);
    452             return -1;
    453         }
    454         int32_t err = reply.readExceptionCode();
    455         int32_t ret = reply.readInt32();
    456         if (err < 0) {
    457             ALOGD("del_key() caught exception %d\n", err);
    458             return -1;
    459         }
    460         return ret;
    461     }
    462 
    463     virtual int32_t grant(const String16& name, int32_t granteeUid)
    464     {
    465         Parcel data, reply;
    466         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    467         data.writeString16(name);
    468         data.writeInt32(granteeUid);
    469         status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
    470         if (status != NO_ERROR) {
    471             ALOGD("grant() could not contact remote: %d\n", status);
    472             return -1;
    473         }
    474         int32_t err = reply.readExceptionCode();
    475         int32_t ret = reply.readInt32();
    476         if (err < 0) {
    477             ALOGD("grant() caught exception %d\n", err);
    478             return -1;
    479         }
    480         return ret;
    481     }
    482 
    483     virtual int32_t ungrant(const String16& name, int32_t granteeUid)
    484     {
    485         Parcel data, reply;
    486         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    487         data.writeString16(name);
    488         data.writeInt32(granteeUid);
    489         status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
    490         if (status != NO_ERROR) {
    491             ALOGD("ungrant() could not contact remote: %d\n", status);
    492             return -1;
    493         }
    494         int32_t err = reply.readExceptionCode();
    495         int32_t ret = reply.readInt32();
    496         if (err < 0) {
    497             ALOGD("ungrant() caught exception %d\n", err);
    498             return -1;
    499         }
    500         return ret;
    501     }
    502 
    503     int64_t getmtime(const String16& name)
    504     {
    505         Parcel data, reply;
    506         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    507         data.writeString16(name);
    508         status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
    509         if (status != NO_ERROR) {
    510             ALOGD("getmtime() could not contact remote: %d\n", status);
    511             return -1;
    512         }
    513         int32_t err = reply.readExceptionCode();
    514         int64_t ret = reply.readInt64();
    515         if (err < 0) {
    516             ALOGD("getmtime() caught exception %d\n", err);
    517             return -1;
    518         }
    519         return ret;
    520     }
    521 
    522     virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
    523             int32_t destUid)
    524     {
    525         Parcel data, reply;
    526         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    527         data.writeString16(srcKey);
    528         data.writeInt32(srcUid);
    529         data.writeString16(destKey);
    530         data.writeInt32(destUid);
    531         status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
    532         if (status != NO_ERROR) {
    533             ALOGD("duplicate() could not contact remote: %d\n", status);
    534             return -1;
    535         }
    536         int32_t err = reply.readExceptionCode();
    537         int32_t ret = reply.readInt32();
    538         if (err < 0) {
    539             ALOGD("duplicate() caught exception %d\n", err);
    540             return -1;
    541         }
    542         return ret;
    543     }
    544 
    545     virtual int32_t is_hardware_backed(const String16& keyType)
    546     {
    547         Parcel data, reply;
    548         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    549         data.writeString16(keyType);
    550         status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
    551         if (status != NO_ERROR) {
    552             ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
    553             return -1;
    554         }
    555         int32_t err = reply.readExceptionCode();
    556         int32_t ret = reply.readInt32();
    557         if (err < 0) {
    558             ALOGD("is_hardware_backed() caught exception %d\n", err);
    559             return -1;
    560         }
    561         return ret;
    562     }
    563 
    564     virtual int32_t clear_uid(int64_t uid)
    565     {
    566         Parcel data, reply;
    567         data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
    568         data.writeInt64(uid);
    569         status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
    570         if (status != NO_ERROR) {
    571             ALOGD("clear_uid() could not contact remote: %d\n", status);
    572             return -1;
    573         }
    574         int32_t err = reply.readExceptionCode();
    575         int32_t ret = reply.readInt32();
    576         if (err < 0) {
    577             ALOGD("clear_uid() caught exception %d\n", err);
    578             return -1;
    579         }
    580         return ret;
    581     }
    582 };
    583 
    584 IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.keystore");
    585 
    586 // ----------------------------------------------------------------------
    587 
    588 status_t BnKeystoreService::onTransact(
    589     uint32_t code, const Parcel& data, Parcel* reply, uint32_t flags)
    590 {
    591     switch(code) {
    592         case TEST: {
    593             CHECK_INTERFACE(IKeystoreService, data, reply);
    594             int32_t ret = test();
    595             reply->writeNoException();
    596             reply->writeInt32(ret);
    597             return NO_ERROR;
    598         } break;
    599         case GET: {
    600             CHECK_INTERFACE(IKeystoreService, data, reply);
    601             String16 name = data.readString16();
    602             void* out = NULL;
    603             size_t outSize = 0;
    604             int32_t ret = get(name, (uint8_t**) &out, &outSize);
    605             reply->writeNoException();
    606             if (ret == 1) {
    607                 reply->writeInt32(outSize);
    608                 void* buf = reply->writeInplace(outSize);
    609                 memcpy(buf, out, outSize);
    610                 free(out);
    611             } else {
    612                 reply->writeInt32(-1);
    613             }
    614             return NO_ERROR;
    615         } break;
    616         case INSERT: {
    617             CHECK_INTERFACE(IKeystoreService, data, reply);
    618             String16 name = data.readString16();
    619             ssize_t inSize = data.readInt32();
    620             const void* in;
    621             if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
    622                 in = data.readInplace(inSize);
    623             } else {
    624                 in = NULL;
    625                 inSize = 0;
    626             }
    627             int uid = data.readInt32();
    628             int32_t flags = data.readInt32();
    629             int32_t ret = insert(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
    630             reply->writeNoException();
    631             reply->writeInt32(ret);
    632             return NO_ERROR;
    633         } break;
    634         case DEL: {
    635             CHECK_INTERFACE(IKeystoreService, data, reply);
    636             String16 name = data.readString16();
    637             int uid = data.readInt32();
    638             int32_t ret = del(name, uid);
    639             reply->writeNoException();
    640             reply->writeInt32(ret);
    641             return NO_ERROR;
    642         } break;
    643         case EXIST: {
    644             CHECK_INTERFACE(IKeystoreService, data, reply);
    645             String16 name = data.readString16();
    646             int uid = data.readInt32();
    647             int32_t ret = exist(name, uid);
    648             reply->writeNoException();
    649             reply->writeInt32(ret);
    650             return NO_ERROR;
    651         } break;
    652         case SAW: {
    653             CHECK_INTERFACE(IKeystoreService, data, reply);
    654             String16 name = data.readString16();
    655             int uid = data.readInt32();
    656             Vector<String16> matches;
    657             int32_t ret = saw(name, uid, &matches);
    658             reply->writeNoException();
    659             reply->writeInt32(matches.size());
    660             Vector<String16>::const_iterator it = matches.begin();
    661             for (; it != matches.end(); ++it) {
    662                 reply->writeString16(*it);
    663             }
    664             reply->writeInt32(ret);
    665             return NO_ERROR;
    666         } break;
    667         case RESET: {
    668             CHECK_INTERFACE(IKeystoreService, data, reply);
    669             int32_t ret = reset();
    670             reply->writeNoException();
    671             reply->writeInt32(ret);
    672             return NO_ERROR;
    673         } break;
    674         case PASSWORD: {
    675             CHECK_INTERFACE(IKeystoreService, data, reply);
    676             String16 pass = data.readString16();
    677             int32_t ret = password(pass);
    678             reply->writeNoException();
    679             reply->writeInt32(ret);
    680             return NO_ERROR;
    681         } break;
    682         case LOCK: {
    683             CHECK_INTERFACE(IKeystoreService, data, reply);
    684             int32_t ret = lock();
    685             reply->writeNoException();
    686             reply->writeInt32(ret);
    687             return NO_ERROR;
    688         } break;
    689         case UNLOCK: {
    690             CHECK_INTERFACE(IKeystoreService, data, reply);
    691             String16 pass = data.readString16();
    692             int32_t ret = unlock(pass);
    693             reply->writeNoException();
    694             reply->writeInt32(ret);
    695             return NO_ERROR;
    696         } break;
    697         case ZERO: {
    698             CHECK_INTERFACE(IKeystoreService, data, reply);
    699             int32_t ret = zero();
    700             reply->writeNoException();
    701             reply->writeInt32(ret);
    702             return NO_ERROR;
    703         } break;
    704         case GENERATE: {
    705             CHECK_INTERFACE(IKeystoreService, data, reply);
    706             String16 name = data.readString16();
    707             int32_t uid = data.readInt32();
    708             int32_t keyType = data.readInt32();
    709             int32_t keySize = data.readInt32();
    710             int32_t flags = data.readInt32();
    711             Vector<sp<KeystoreArg> > args;
    712             ssize_t numArgs = data.readInt32();
    713             if (numArgs > 0) {
    714                 for (size_t i = 0; i < (size_t) numArgs; i++) {
    715                     ssize_t inSize = data.readInt32();
    716                     if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
    717                         sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize), inSize);
    718                         args.push_back(arg);
    719                     } else {
    720                         args.push_back(NULL);
    721                     }
    722                 }
    723             }
    724             int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
    725             reply->writeNoException();
    726             reply->writeInt32(ret);
    727             return NO_ERROR;
    728         } break;
    729         case IMPORT: {
    730             CHECK_INTERFACE(IKeystoreService, data, reply);
    731             String16 name = data.readString16();
    732             ssize_t inSize = data.readInt32();
    733             const void* in;
    734             if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
    735                 in = data.readInplace(inSize);
    736             } else {
    737                 in = NULL;
    738                 inSize = 0;
    739             }
    740             int uid = data.readInt32();
    741             int32_t flags = data.readInt32();
    742             int32_t ret = import(name, (const uint8_t*) in, (size_t) inSize, uid, flags);
    743             reply->writeNoException();
    744             reply->writeInt32(ret);
    745             return NO_ERROR;
    746         } break;
    747         case SIGN: {
    748             CHECK_INTERFACE(IKeystoreService, data, reply);
    749             String16 name = data.readString16();
    750             ssize_t inSize = data.readInt32();
    751             const void* in;
    752             if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
    753                 in = data.readInplace(inSize);
    754             } else {
    755                 in = NULL;
    756                 inSize = 0;
    757             }
    758             void* out = NULL;
    759             size_t outSize = 0;
    760             int32_t ret = sign(name, (const uint8_t*) in, (size_t) inSize, (uint8_t**) &out, &outSize);
    761             reply->writeNoException();
    762             if (outSize > 0 && out != NULL) {
    763                 reply->writeInt32(outSize);
    764                 void* buf = reply->writeInplace(outSize);
    765                 memcpy(buf, out, outSize);
    766                 free(out);
    767             } else {
    768                 reply->writeInt32(-1);
    769             }
    770             reply->writeInt32(ret);
    771             return NO_ERROR;
    772         } break;
    773         case VERIFY: {
    774             CHECK_INTERFACE(IKeystoreService, data, reply);
    775             String16 name = data.readString16();
    776             ssize_t inSize = data.readInt32();
    777             const void* in;
    778             if (inSize >= 0 && (size_t) inSize <= data.dataAvail()) {
    779                 in = data.readInplace(inSize);
    780             } else {
    781                 in = NULL;
    782                 inSize = 0;
    783             }
    784             ssize_t sigSize = data.readInt32();
    785             const void* sig;
    786             if (sigSize >= 0 && (size_t) sigSize <= data.dataAvail()) {
    787                 sig = data.readInplace(sigSize);
    788             } else {
    789                 sig = NULL;
    790                 sigSize = 0;
    791             }
    792             bool ret = verify(name, (const uint8_t*) in, (size_t) inSize, (const uint8_t*) sig,
    793                     (size_t) sigSize);
    794             reply->writeNoException();
    795             reply->writeInt32(ret ? 1 : 0);
    796             return NO_ERROR;
    797         } break;
    798         case GET_PUBKEY: {
    799             CHECK_INTERFACE(IKeystoreService, data, reply);
    800             String16 name = data.readString16();
    801             void* out = NULL;
    802             size_t outSize = 0;
    803             int32_t ret = get_pubkey(name, (unsigned char**) &out, &outSize);
    804             reply->writeNoException();
    805             if (outSize > 0 && out != NULL) {
    806                 reply->writeInt32(outSize);
    807                 void* buf = reply->writeInplace(outSize);
    808                 memcpy(buf, out, outSize);
    809                 free(out);
    810             } else {
    811                 reply->writeInt32(-1);
    812             }
    813             reply->writeInt32(ret);
    814             return NO_ERROR;
    815         } break;
    816         case DEL_KEY: {
    817             CHECK_INTERFACE(IKeystoreService, data, reply);
    818             String16 name = data.readString16();
    819             int uid = data.readInt32();
    820             int32_t ret = del_key(name, uid);
    821             reply->writeNoException();
    822             reply->writeInt32(ret);
    823             return NO_ERROR;
    824         } break;
    825         case GRANT: {
    826             CHECK_INTERFACE(IKeystoreService, data, reply);
    827             String16 name = data.readString16();
    828             int32_t granteeUid = data.readInt32();
    829             int32_t ret = grant(name, granteeUid);
    830             reply->writeNoException();
    831             reply->writeInt32(ret);
    832             return NO_ERROR;
    833         } break;
    834         case UNGRANT: {
    835             CHECK_INTERFACE(IKeystoreService, data, reply);
    836             String16 name = data.readString16();
    837             int32_t granteeUid = data.readInt32();
    838             int32_t ret = ungrant(name, granteeUid);
    839             reply->writeNoException();
    840             reply->writeInt32(ret);
    841             return NO_ERROR;
    842         } break;
    843         case GETMTIME: {
    844             CHECK_INTERFACE(IKeystoreService, data, reply);
    845             String16 name = data.readString16();
    846             int64_t ret = getmtime(name);
    847             reply->writeNoException();
    848             reply->writeInt64(ret);
    849             return NO_ERROR;
    850         } break;
    851         case DUPLICATE: {
    852             CHECK_INTERFACE(IKeystoreService, data, reply);
    853             String16 srcKey = data.readString16();
    854             int32_t srcUid = data.readInt32();
    855             String16 destKey = data.readString16();
    856             int32_t destUid = data.readInt32();
    857             int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
    858             reply->writeNoException();
    859             reply->writeInt32(ret);
    860             return NO_ERROR;
    861         } break;
    862         case IS_HARDWARE_BACKED: {
    863             CHECK_INTERFACE(IKeystoreService, data, reply);
    864             String16 keyType = data.readString16();
    865             int32_t ret = is_hardware_backed(keyType);
    866             reply->writeNoException();
    867             reply->writeInt32(ret);
    868             return NO_ERROR;
    869         }
    870         case CLEAR_UID: {
    871             CHECK_INTERFACE(IKeystoreService, data, reply);
    872             int64_t uid = data.readInt64();
    873             int32_t ret = clear_uid(uid);
    874             reply->writeNoException();
    875             reply->writeInt32(ret);
    876             return NO_ERROR;
    877         }
    878         default:
    879             return BBinder::onTransact(code, data, reply, flags);
    880     }
    881 }
    882 
    883 // ----------------------------------------------------------------------------
    884 
    885 }; // namespace android
    886