xref: /system/security/keystore/include/keystore/IKeystoreService.h

/*
 * Copyright (C) 2012 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef KEYSTORE_IKEYSTORESERVICE_H
#define KEYSTORE_IKEYSTORESERVICE_H

#include <hardware/keymaster_defs.h>
#include <utils/RefBase.h>
#include <binder/IInterface.h>
#include <binder/Parcel.h>
#include <vector>

namespace android {

class KeystoreArg : public RefBase {
public:
    KeystoreArg(const void *data, size_t len);
    ~KeystoreArg();

    const void* data() const;
    size_t size() const;

private:
    const void* mData;
    size_t mSize;
};

struct MallocDeleter {
    void operator()(uint8_t* p) { free(p); }
};

// struct for serializing/deserializing a list of keymaster_key_param_t's
struct KeymasterArguments {
    KeymasterArguments();
    ~KeymasterArguments();
    void readFromParcel(const Parcel& in);
    void writeToParcel(Parcel* out) const;

    std::vector<keymaster_key_param_t> params;
};

// struct for serializing the results of begin/update/finish
struct OperationResult {
    OperationResult();
    ~OperationResult();
    void readFromParcel(const Parcel& in);
    void writeToParcel(Parcel* out) const;

    int resultCode;
    sp<IBinder> token;
    keymaster_operation_handle_t handle;
    int inputConsumed;
    std::unique_ptr<uint8_t[], MallocDeleter> data;
    size_t dataLength;
    KeymasterArguments outParams;
};

// struct for serializing the results of export
struct ExportResult {
    ExportResult();
    ~ExportResult();
    void readFromParcel(const Parcel& in);
    void writeToParcel(Parcel* out) const;

    int resultCode;
    std::unique_ptr<uint8_t[], MallocDeleter> exportData;
    size_t dataLength;
};

// struct for serializing keymaster_key_characteristics_t's
struct KeyCharacteristics {
    KeyCharacteristics();
    ~KeyCharacteristics();
    void readFromParcel(const Parcel& in);
    void writeToParcel(Parcel* out) const;

    keymaster_key_characteristics_t characteristics;
};

bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out);
void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out);

/*
 * This must be kept manually in sync with frameworks/base's IKeystoreService.java
 */
class IKeystoreService: public IInterface {
public:
    enum {
        GET_STATE = IBinder::FIRST_CALL_TRANSACTION + 0,
        GET = IBinder::FIRST_CALL_TRANSACTION + 1,
        INSERT = IBinder::FIRST_CALL_TRANSACTION + 2,
        DEL = IBinder::FIRST_CALL_TRANSACTION + 3,
        EXIST = IBinder::FIRST_CALL_TRANSACTION + 4,
        LIST = IBinder::FIRST_CALL_TRANSACTION + 5,
        RESET = IBinder::FIRST_CALL_TRANSACTION + 6,
        ON_USER_PASSWORD_CHANGED = IBinder::FIRST_CALL_TRANSACTION + 7,
        LOCK = IBinder::FIRST_CALL_TRANSACTION + 8,
        UNLOCK = IBinder::FIRST_CALL_TRANSACTION + 9,
        IS_EMPTY = IBinder::FIRST_CALL_TRANSACTION + 10,
        GENERATE = IBinder::FIRST_CALL_TRANSACTION + 11,
        IMPORT = IBinder::FIRST_CALL_TRANSACTION + 12,
        SIGN = IBinder::FIRST_CALL_TRANSACTION + 13,
        VERIFY = IBinder::FIRST_CALL_TRANSACTION + 14,
        GET_PUBKEY = IBinder::FIRST_CALL_TRANSACTION + 15,
        GRANT = IBinder::FIRST_CALL_TRANSACTION + 16,
        UNGRANT = IBinder::FIRST_CALL_TRANSACTION + 17,
        GETMTIME = IBinder::FIRST_CALL_TRANSACTION + 18,
        DUPLICATE = IBinder::FIRST_CALL_TRANSACTION + 19,
        IS_HARDWARE_BACKED = IBinder::FIRST_CALL_TRANSACTION + 20,
        CLEAR_UID = IBinder::FIRST_CALL_TRANSACTION + 21,
        ADD_RNG_ENTROPY = IBinder::FIRST_CALL_TRANSACTION + 22,
        GENERATE_KEY = IBinder::FIRST_CALL_TRANSACTION + 23,
        GET_KEY_CHARACTERISTICS = IBinder::FIRST_CALL_TRANSACTION + 24,
        IMPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 25,
        EXPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 26,
        BEGIN = IBinder::FIRST_CALL_TRANSACTION + 27,
        UPDATE = IBinder::FIRST_CALL_TRANSACTION + 28,
        FINISH = IBinder::FIRST_CALL_TRANSACTION + 29,
        ABORT = IBinder::FIRST_CALL_TRANSACTION + 30,
        IS_OPERATION_AUTHORIZED = IBinder::FIRST_CALL_TRANSACTION + 31,
        ADD_AUTH_TOKEN = IBinder::FIRST_CALL_TRANSACTION + 32,
        ON_USER_ADDED = IBinder::FIRST_CALL_TRANSACTION + 33,
        ON_USER_REMOVED = IBinder::FIRST_CALL_TRANSACTION + 34,
    };

    DECLARE_META_INTERFACE(KeystoreService);

    virtual int32_t getState(int32_t userId) = 0;

    virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength) = 0;

    virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
            int32_t flags) = 0;

    virtual int32_t del(const String16& name, int uid) = 0;

    virtual int32_t exist(const String16& name, int uid) = 0;

    virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches) = 0;

    virtual int32_t reset() = 0;

    virtual int32_t onUserPasswordChanged(int32_t userId, const String16& newPassword) = 0;

    virtual int32_t lock(int32_t userId) = 0;

    virtual int32_t unlock(int32_t userId, const String16& password) = 0;

    virtual bool isEmpty(int32_t userId) = 0;

    virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
            int32_t flags, Vector<sp<KeystoreArg> >* args) = 0;

    virtual int32_t import(const String16& name, const uint8_t* data, size_t length, int uid,
            int32_t flags) = 0;

    virtual int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out,
            size_t* outLength) = 0;

    virtual int32_t verify(const String16& name, const uint8_t* data, size_t dataLength,
            const uint8_t* signature, size_t signatureLength) = 0;

    virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) = 0;

    virtual int32_t grant(const String16& name, int32_t granteeUid) = 0;

    virtual int32_t ungrant(const String16& name, int32_t granteeUid) = 0;

    virtual int64_t getmtime(const String16& name) = 0;

    virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
            int32_t destUid) = 0;

    virtual int32_t is_hardware_backed(const String16& keyType) = 0;

    virtual int32_t clear_uid(int64_t uid) = 0;

    virtual int32_t addRngEntropy(const uint8_t* data, size_t dataLength) = 0;

    virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
                                const uint8_t* entropy, size_t entropyLength, int uid, int flags,
                                KeyCharacteristics* outCharacteristics) = 0;

    virtual int32_t getKeyCharacteristics(const String16& name,
                                          const keymaster_blob_t* clientId,
                                          const keymaster_blob_t* appData,
                                          KeyCharacteristics* outCharacteristics) = 0;

    virtual int32_t importKey(const String16& name, const KeymasterArguments&  params,
                              keymaster_key_format_t format, const uint8_t *keyData,
                              size_t keyLength, int uid, int flags,
                              KeyCharacteristics* outCharacteristics) = 0;

    virtual void exportKey(const String16& name, keymaster_key_format_t format,
                           const keymaster_blob_t* clientId,
                           const keymaster_blob_t* appData, ExportResult* result) = 0;

    virtual void begin(const sp<IBinder>& apptoken, const String16& name,
                       keymaster_purpose_t purpose, bool pruneable,
                       const KeymasterArguments& params, const uint8_t* entropy,
                       size_t entropyLength, OperationResult* result) = 0;

    virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
                        const uint8_t* data, size_t dataLength, OperationResult* result) = 0;

    virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
                        const uint8_t* signature, size_t signatureLength,
                        const uint8_t* entropy, size_t entropyLength,
                        OperationResult* result) = 0;

    virtual int32_t abort(const sp<IBinder>& handle) = 0;

    virtual bool isOperationAuthorized(const sp<IBinder>& handle) = 0;

    virtual int32_t addAuthToken(const uint8_t* token, size_t length) = 0;

    virtual int32_t onUserAdded(int32_t userId, int32_t parentId) = 0;

    virtual int32_t onUserRemoved(int32_t userId) = 0;

};

// ----------------------------------------------------------------------------

class BnKeystoreService: public BnInterface<IKeystoreService> {
public:
    virtual status_t onTransact(uint32_t code, const Parcel& data, Parcel* reply,
            uint32_t flags = 0);
};

} // namespace android

#endif