1 /* 2 ** 3 ** Copyright 2008, The Android Open Source Project 4 ** 5 ** Licensed under the Apache License, Version 2.0 (the "License"); 6 ** you may not use this file except in compliance with the License. 7 ** You may obtain a copy of the License at 8 ** 9 ** http://www.apache.org/licenses/LICENSE-2.0 10 ** 11 ** Unless required by applicable law or agreed to in writing, software 12 ** distributed under the License is distributed on an "AS IS" BASIS, 13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 ** See the License for the specific language governing permissions and 15 ** limitations under the License. 16 */ 17 18 #include <stdint.h> 19 #include <sys/limits.h> 20 #include <sys/types.h> 21 22 #include <algorithm> 23 #include <limits> 24 25 #define LOG_TAG "KeystoreService" 26 #include <utils/Log.h> 27 28 #include <binder/IPCThreadState.h> 29 #include <binder/IServiceManager.h> 30 #include <binder/Parcel.h> 31 32 #include <keystore/IKeystoreService.h> 33 #include <keystore/keystore_hidl_support.h> 34 35 #include "keystore_aidl_hidl_marshalling_utils.h" 36 37 namespace android { 38 using namespace ::keystore; 39 40 const ssize_t MAX_GENERATE_ARGS = 3; 41 42 KeystoreArg::KeystoreArg(const void* data, size_t len) : mData(data), mSize(len) {} 43 44 KeystoreArg::~KeystoreArg() {} 45 46 const void* KeystoreArg::data() const { 47 return mData; 48 } 49 50 size_t KeystoreArg::size() const { 51 return mSize; 52 } 53 54 OperationResult::OperationResult() : resultCode(), token(), handle(0), inputConsumed(0), data() {} 55 56 OperationResult::~OperationResult() {} 57 58 status_t OperationResult::readFromParcel(const Parcel* inn) { 59 const Parcel& in = *inn; 60 resultCode = ErrorCode(in.readInt32()); 61 token = in.readStrongBinder(); 62 handle = static_cast<uint64_t>(in.readInt64()); 63 inputConsumed = in.readInt32(); 64 data = readKeymasterBlob(in); 65 outParams = readParamSetFromParcel(in); 66 return OK; 67 } 68 69 status_t OperationResult::writeToParcel(Parcel* out) const { 70 out->writeInt32(resultCode); 71 out->writeStrongBinder(token); 72 out->writeInt64(handle); 73 out->writeInt32(inputConsumed); 74 writeKeymasterBlob(data, out); 75 writeParamSetToParcel(outParams, out); 76 return OK; 77 } 78 79 ExportResult::ExportResult() : resultCode() {} 80 81 ExportResult::~ExportResult() {} 82 83 status_t ExportResult::readFromParcel(const Parcel* inn) { 84 const Parcel& in = *inn; 85 resultCode = ErrorCode(in.readInt32()); 86 exportData = readKeymasterBlob(in); 87 return OK; 88 } 89 90 status_t ExportResult::writeToParcel(Parcel* out) const { 91 out->writeInt32(resultCode); 92 writeKeymasterBlob(exportData, out); 93 return OK; 94 } 95 96 /** 97 * Read a byte array from in. The data at *data is still owned by the parcel 98 */ 99 static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) { 100 ssize_t slength = in.readInt32(); 101 if (slength > 0) { 102 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength)); 103 if (*data) { 104 *length = static_cast<size_t>(slength); 105 } else { 106 *length = 0; 107 } 108 } else { 109 *data = NULL; 110 *length = 0; 111 } 112 } 113 114 class BpKeystoreService : public BpInterface<IKeystoreService> { 115 public: 116 explicit BpKeystoreService(const sp<IBinder>& impl) : BpInterface<IKeystoreService>(impl) {} 117 118 // test ping 119 KeyStoreServiceReturnCode getState(int32_t userId) override { 120 Parcel data, reply; 121 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 122 data.writeInt32(userId); 123 status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply); 124 if (status != NO_ERROR) { 125 ALOGD("getState() could not contact remote: %d\n", status); 126 return ResponseCode::SYSTEM_ERROR; 127 } 128 int32_t err = reply.readExceptionCode(); 129 ResponseCode ret = ResponseCode(reply.readInt32()); 130 if (err < 0) { 131 ALOGD("getState() caught exception %d\n", err); 132 return ResponseCode::SYSTEM_ERROR; 133 } 134 return ret; 135 } 136 137 KeyStoreServiceReturnCode get(const String16& name, int32_t uid, 138 hidl_vec<uint8_t>* item) override { 139 Parcel data, reply; 140 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 141 data.writeString16(name); 142 data.writeInt32(uid); 143 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply); 144 if (status != NO_ERROR) { 145 ALOGD("get() could not contact remote: %d\n", status); 146 return ResponseCode::SYSTEM_ERROR; 147 } 148 int32_t err = reply.readExceptionCode(); 149 if (err < 0) { 150 ALOGD("get() caught exception %d\n", err); 151 return ResponseCode::SYSTEM_ERROR; 152 } 153 auto resultItem = readBlobAsByteArray(reply); 154 if (item) *item = resultItem.value(); 155 return ResponseCode(reply.readInt32()); 156 } 157 158 KeyStoreServiceReturnCode insert(const String16& name, const hidl_vec<uint8_t>& item, int uid, 159 int32_t flags) override { 160 Parcel data, reply; 161 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 162 data.writeString16(name); 163 writeBlobAsByteArray(item, &data); 164 data.writeInt32(uid); 165 data.writeInt32(flags); 166 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply); 167 if (status != NO_ERROR) { 168 ALOGD("import() could not contact remote: %d\n", status); 169 return ResponseCode::SYSTEM_ERROR; 170 } 171 int32_t err = reply.readExceptionCode(); 172 if (err < 0) { 173 ALOGD("import() caught exception %d\n", err); 174 return ResponseCode::SYSTEM_ERROR; 175 } 176 return ResponseCode(reply.readInt32()); 177 } 178 179 KeyStoreServiceReturnCode del(const String16& name, int uid) override { 180 Parcel data, reply; 181 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 182 data.writeString16(name); 183 data.writeInt32(uid); 184 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply); 185 if (status != NO_ERROR) { 186 ALOGD("del() could not contact remote: %d\n", status); 187 return ResponseCode::SYSTEM_ERROR; 188 } 189 int32_t err = reply.readExceptionCode(); 190 if (err < 0) { 191 ALOGD("del() caught exception %d\n", err); 192 return ResponseCode::SYSTEM_ERROR; 193 } 194 return ResponseCode(reply.readInt32()); 195 } 196 197 KeyStoreServiceReturnCode exist(const String16& name, int uid) override { 198 Parcel data, reply; 199 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 200 data.writeString16(name); 201 data.writeInt32(uid); 202 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply); 203 if (status != NO_ERROR) { 204 ALOGD("exist() could not contact remote: %d\n", status); 205 return ResponseCode::SYSTEM_ERROR; 206 } 207 int32_t err = reply.readExceptionCode(); 208 if (err < 0) { 209 ALOGD("exist() caught exception %d\n", err); 210 return ResponseCode::SYSTEM_ERROR; 211 } 212 return ResponseCode(reply.readInt32()); 213 } 214 215 KeyStoreServiceReturnCode list(const String16& prefix, int uid, 216 Vector<String16>* matches) override { 217 Parcel data, reply; 218 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 219 data.writeString16(prefix); 220 data.writeInt32(uid); 221 status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply); 222 if (status != NO_ERROR) { 223 ALOGD("list() could not contact remote: %d\n", status); 224 return ResponseCode::SYSTEM_ERROR; 225 } 226 int32_t err = reply.readExceptionCode(); 227 int32_t numMatches = reply.readInt32(); 228 for (int32_t i = 0; i < numMatches; i++) { 229 matches->push(reply.readString16()); 230 } 231 if (err < 0) { 232 ALOGD("list() caught exception %d\n", err); 233 return ResponseCode::SYSTEM_ERROR; 234 } 235 return ResponseCode(reply.readInt32()); 236 } 237 238 KeyStoreServiceReturnCode reset() override { 239 Parcel data, reply; 240 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 241 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply); 242 if (status != NO_ERROR) { 243 ALOGD("reset() could not contact remote: %d\n", status); 244 return ResponseCode::SYSTEM_ERROR; 245 } 246 int32_t err = reply.readExceptionCode(); 247 if (err < 0) { 248 ALOGD("reset() caught exception %d\n", err); 249 return ResponseCode::SYSTEM_ERROR; 250 } 251 return ResponseCode(reply.readInt32()); 252 } 253 254 KeyStoreServiceReturnCode onUserPasswordChanged(int32_t userId, 255 const String16& password) override { 256 Parcel data, reply; 257 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 258 data.writeInt32(userId); 259 data.writeString16(password); 260 status_t status = 261 remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data, &reply); 262 if (status != NO_ERROR) { 263 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status); 264 return ResponseCode::SYSTEM_ERROR; 265 } 266 int32_t err = reply.readExceptionCode(); 267 if (err < 0) { 268 ALOGD("onUserPasswordChanged() caught exception %d\n", err); 269 return ResponseCode::SYSTEM_ERROR; 270 } 271 return ResponseCode(reply.readInt32()); 272 } 273 274 KeyStoreServiceReturnCode lock(int32_t userId) override { 275 Parcel data, reply; 276 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 277 data.writeInt32(userId); 278 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply); 279 if (status != NO_ERROR) { 280 ALOGD("lock() could not contact remote: %d\n", status); 281 return ResponseCode::SYSTEM_ERROR; 282 } 283 int32_t err = reply.readExceptionCode(); 284 if (err < 0) { 285 ALOGD("lock() caught exception %d\n", err); 286 return ResponseCode::SYSTEM_ERROR; 287 } 288 return ResponseCode(reply.readInt32()); 289 } 290 291 KeyStoreServiceReturnCode unlock(int32_t userId, const String16& password) override { 292 Parcel data, reply; 293 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 294 data.writeInt32(userId); 295 data.writeString16(password); 296 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply); 297 if (status != NO_ERROR) { 298 ALOGD("unlock() could not contact remote: %d\n", status); 299 return ResponseCode::SYSTEM_ERROR; 300 } 301 int32_t err = reply.readExceptionCode(); 302 if (err < 0) { 303 ALOGD("unlock() caught exception %d\n", err); 304 return ResponseCode::SYSTEM_ERROR; 305 } 306 return ResponseCode(reply.readInt32()); 307 } 308 309 bool isEmpty(int32_t userId) override { 310 Parcel data, reply; 311 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 312 data.writeInt32(userId); 313 status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply); 314 if (status != NO_ERROR) { 315 ALOGD("isEmpty() could not contact remote: %d\n", status); 316 return false; 317 } 318 int32_t err = reply.readExceptionCode(); 319 if (err < 0) { 320 ALOGD("isEmpty() caught exception %d\n", err); 321 return false; 322 } 323 return reply.readInt32() != 0; 324 } 325 326 KeyStoreServiceReturnCode generate(const String16& name, int32_t uid, int32_t keyType, 327 int32_t keySize, int32_t flags, 328 Vector<sp<KeystoreArg>>* args) override { 329 Parcel data, reply; 330 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 331 data.writeString16(name); 332 data.writeInt32(uid); 333 data.writeInt32(keyType); 334 data.writeInt32(keySize); 335 data.writeInt32(flags); 336 data.writeInt32(1); 337 data.writeInt32(args->size()); 338 for (Vector<sp<KeystoreArg>>::iterator it = args->begin(); it != args->end(); ++it) { 339 sp<KeystoreArg> item = *it; 340 size_t keyLength = item->size(); 341 data.writeInt32(keyLength); 342 void* buf = data.writeInplace(keyLength); 343 memcpy(buf, item->data(), keyLength); 344 } 345 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply); 346 if (status != NO_ERROR) { 347 ALOGD("generate() could not contact remote: %d\n", status); 348 return ResponseCode::SYSTEM_ERROR; 349 } 350 int32_t err = reply.readExceptionCode(); 351 if (err < 0) { 352 ALOGD("generate() caught exception %d\n", err); 353 return ResponseCode::SYSTEM_ERROR; 354 } 355 return ResponseCode(reply.readInt32()); 356 } 357 358 KeyStoreServiceReturnCode import(const String16& name, const hidl_vec<uint8_t>& key, int uid, 359 int flags) override { 360 Parcel data, reply; 361 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 362 data.writeString16(name); 363 writeBlobAsByteArray(key, &data); 364 data.writeInt32(uid); 365 data.writeInt32(flags); 366 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply); 367 if (status != NO_ERROR) { 368 ALOGD("import() could not contact remote: %d\n", status); 369 return ResponseCode::SYSTEM_ERROR; 370 } 371 int32_t err = reply.readExceptionCode(); 372 if (err < 0) { 373 ALOGD("import() caught exception %d\n", err); 374 return ResponseCode::SYSTEM_ERROR; 375 } 376 return ResponseCode(reply.readInt32()); 377 } 378 379 KeyStoreServiceReturnCode sign(const String16& name, const hidl_vec<uint8_t>& in, 380 hidl_vec<uint8_t>* out) override { 381 Parcel data, reply; 382 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 383 data.writeString16(name); 384 writeBlobAsByteArray(in, &data); 385 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply); 386 if (status != NO_ERROR) { 387 ALOGD("import() could not contact remote: %d\n", status); 388 return ResponseCode::SYSTEM_ERROR; 389 } 390 int32_t err = reply.readExceptionCode(); 391 if (err < 0) { 392 ALOGD("import() caught exception %d\n", err); 393 return ResponseCode::SYSTEM_ERROR; 394 } 395 auto outBlob = readBlobAsByteArray(reply); 396 if (out) { 397 // don't need to check outBlob.isOk() 398 // if !outBlob.isOk() the wrapped value is default constructed and therefore empty, 399 // as expected. 400 *out = outBlob.value(); 401 } 402 return ResponseCode(reply.readInt32()); 403 } 404 405 KeyStoreServiceReturnCode verify(const String16& name, const hidl_vec<uint8_t>& in, 406 const hidl_vec<uint8_t>& signature) override { 407 Parcel data, reply; 408 409 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 410 data.writeString16(name); 411 writeBlobAsByteArray(in, &data); 412 writeBlobAsByteArray(signature, &data); 413 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply); 414 if (status != NO_ERROR) { 415 ALOGD("verify() could not contact remote: %d\n", status); 416 return ResponseCode::SYSTEM_ERROR; 417 } 418 int32_t err = reply.readExceptionCode(); 419 if (err < 0) { 420 ALOGD("verify() caught exception %d\n", err); 421 return ResponseCode::SYSTEM_ERROR; 422 } 423 return ResponseCode(reply.readInt32()); 424 } 425 426 KeyStoreServiceReturnCode get_pubkey(const String16& name, hidl_vec<uint8_t>* pubkey) override { 427 Parcel data, reply; 428 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 429 data.writeString16(name); 430 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply); 431 if (status != NO_ERROR) { 432 ALOGD("get_pubkey() could not contact remote: %d\n", status); 433 return ResponseCode::SYSTEM_ERROR; 434 } 435 int32_t err = reply.readExceptionCode(); 436 if (err < 0) { 437 ALOGD("get_pubkey() caught exception %d\n", err); 438 return ResponseCode::SYSTEM_ERROR; 439 } 440 auto resultKey = readBlobAsByteArray(reply); 441 if (pubkey) *pubkey = resultKey.value(); 442 return ResponseCode(reply.readInt32()); 443 } 444 445 String16 grant(const String16& name, int32_t granteeUid) override { 446 Parcel data, reply; 447 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 448 data.writeString16(name); 449 data.writeInt32(granteeUid); 450 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply); 451 if (status != NO_ERROR) { 452 ALOGD("grant() could not contact remote: %d\n", status); 453 return String16(); 454 } 455 int32_t err = reply.readExceptionCode(); 456 if (err < 0) { 457 ALOGD("grant() caught exception %d\n", err); 458 return String16(); 459 } 460 return reply.readString16(); 461 } 462 463 KeyStoreServiceReturnCode ungrant(const String16& name, int32_t granteeUid) override { 464 Parcel data, reply; 465 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 466 data.writeString16(name); 467 data.writeInt32(granteeUid); 468 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply); 469 if (status != NO_ERROR) { 470 ALOGD("ungrant() could not contact remote: %d\n", status); 471 return ResponseCode::SYSTEM_ERROR; 472 } 473 int32_t err = reply.readExceptionCode(); 474 if (err < 0) { 475 ALOGD("ungrant() caught exception %d\n", err); 476 return ResponseCode::SYSTEM_ERROR; 477 } 478 return ResponseCode(reply.readInt32()); 479 } 480 481 int64_t getmtime(const String16& name, int32_t uid) override { 482 Parcel data, reply; 483 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 484 data.writeString16(name); 485 data.writeInt32(uid); 486 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply); 487 if (status != NO_ERROR) { 488 ALOGD("getmtime() could not contact remote: %d\n", status); 489 return -1; 490 } 491 int32_t err = reply.readExceptionCode(); 492 if (err < 0) { 493 ALOGD("getmtime() caught exception %d\n", err); 494 return -1; 495 } 496 return reply.readInt64(); 497 } 498 499 KeyStoreServiceReturnCode duplicate(const String16& srcKey, int32_t srcUid, 500 const String16& destKey, int32_t destUid) override { 501 Parcel data, reply; 502 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 503 data.writeString16(srcKey); 504 data.writeInt32(srcUid); 505 data.writeString16(destKey); 506 data.writeInt32(destUid); 507 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply); 508 if (status != NO_ERROR) { 509 ALOGD("duplicate() could not contact remote: %d\n", status); 510 return ResponseCode::SYSTEM_ERROR; 511 } 512 int32_t err = reply.readExceptionCode(); 513 if (err < 0) { 514 ALOGD("duplicate() caught exception %d\n", err); 515 return ResponseCode::SYSTEM_ERROR; 516 } 517 return ResponseCode(reply.readInt32()); 518 } 519 520 int32_t is_hardware_backed(const String16& keyType) override { 521 Parcel data, reply; 522 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 523 data.writeString16(keyType); 524 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply); 525 if (status != NO_ERROR) { 526 ALOGD("is_hardware_backed() could not contact remote: %d\n", status); 527 return -1; 528 } 529 int32_t err = reply.readExceptionCode(); 530 if (err < 0) { 531 ALOGD("is_hardware_backed() caught exception %d\n", err); 532 return -1; 533 } 534 return reply.readInt32(); 535 } 536 537 KeyStoreServiceReturnCode clear_uid(int64_t uid) override { 538 Parcel data, reply; 539 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 540 data.writeInt64(uid); 541 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply); 542 if (status != NO_ERROR) { 543 ALOGD("clear_uid() could not contact remote: %d\n", status); 544 return ResponseCode::SYSTEM_ERROR; 545 } 546 int32_t err = reply.readExceptionCode(); 547 if (err < 0) { 548 ALOGD("clear_uid() caught exception %d\n", err); 549 return ResponseCode::SYSTEM_ERROR; 550 } 551 return ResponseCode(reply.readInt32()); 552 } 553 554 KeyStoreServiceReturnCode addRngEntropy(const hidl_vec<uint8_t>& entropy) override { 555 Parcel data, reply; 556 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 557 writeBlobAsByteArray(entropy, &data); 558 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply); 559 if (status != NO_ERROR) { 560 ALOGD("addRngEntropy() could not contact remote: %d\n", status); 561 return ResponseCode::SYSTEM_ERROR; 562 } 563 int32_t err = reply.readExceptionCode(); 564 if (err < 0) { 565 ALOGD("addRngEntropy() caught exception %d\n", err); 566 return ResponseCode::SYSTEM_ERROR; 567 } 568 return ResponseCode(reply.readInt32()); 569 }; 570 571 KeyStoreServiceReturnCode generateKey(const String16& name, 572 const hidl_vec<KeyParameter>& params, 573 const hidl_vec<uint8_t>& entropy, int uid, int flags, 574 KeyCharacteristics* outCharacteristics) override { 575 Parcel data, reply; 576 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 577 data.writeString16(name); 578 nullable(writeParamSetToParcel, params, &data); 579 writeBlobAsByteArray(entropy, &data); 580 data.writeInt32(uid); 581 data.writeInt32(flags); 582 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply); 583 if (status != NO_ERROR) { 584 ALOGD("generateKey() could not contact remote: %d\n", status); 585 return ResponseCode::SYSTEM_ERROR; 586 } 587 int32_t err = reply.readExceptionCode(); 588 ResponseCode ret = ResponseCode(reply.readInt32()); 589 if (err < 0) { 590 ALOGD("generateKey() caught exception %d\n", err); 591 return ResponseCode::SYSTEM_ERROR; 592 } 593 if (outCharacteristics) { 594 *outCharacteristics = nullable(readKeyCharacteristicsFromParcel, reply).value(); 595 } 596 return ret; 597 } 598 KeyStoreServiceReturnCode 599 getKeyCharacteristics(const String16& name, const hidl_vec<uint8_t>& clientId, 600 const hidl_vec<uint8_t>& appData, int32_t uid, 601 KeyCharacteristics* outCharacteristics) override { 602 Parcel data, reply; 603 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 604 data.writeString16(name); 605 writeBlobAsByteArray(clientId, &data); 606 writeBlobAsByteArray(appData, &data); 607 data.writeInt32(uid); 608 status_t status = 609 remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS, data, &reply); 610 if (status != NO_ERROR) { 611 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status); 612 return ResponseCode::SYSTEM_ERROR; 613 } 614 int32_t err = reply.readExceptionCode(); 615 ResponseCode ret = ResponseCode(reply.readInt32()); 616 if (err < 0) { 617 ALOGD("getKeyCharacteristics() caught exception %d\n", err); 618 return ResponseCode::SYSTEM_ERROR; 619 } 620 if (outCharacteristics) { 621 *outCharacteristics = nullable(readKeyCharacteristicsFromParcel, reply).value(); 622 } 623 return ret; 624 } 625 KeyStoreServiceReturnCode importKey(const String16& name, const hidl_vec<KeyParameter>& params, 626 KeyFormat format, const hidl_vec<uint8_t>& keyData, int uid, 627 int flags, 628 KeyCharacteristics* outCharacteristics) override { 629 Parcel data, reply; 630 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 631 data.writeString16(name); 632 nullable(writeParamSetToParcel, params, &data); 633 data.writeInt32(uint32_t(format)); 634 writeBlobAsByteArray(keyData, &data); 635 data.writeInt32(uid); 636 data.writeInt32(flags); 637 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply); 638 if (status != NO_ERROR) { 639 ALOGD("importKey() could not contact remote: %d\n", status); 640 return ResponseCode::SYSTEM_ERROR; 641 } 642 int32_t err = reply.readExceptionCode(); 643 ResponseCode ret = ResponseCode(reply.readInt32()); 644 if (err < 0) { 645 ALOGD("importKey() caught exception %d\n", err); 646 return ResponseCode::SYSTEM_ERROR; 647 } 648 if (outCharacteristics) { 649 *outCharacteristics = nullable(readKeyCharacteristicsFromParcel, reply).value(); 650 } 651 return ret; 652 } 653 654 void exportKey(const String16& name, KeyFormat format, const hidl_vec<uint8_t>& clientId, 655 const hidl_vec<uint8_t>& appData, int32_t uid, ExportResult* result) override { 656 if (!result) { 657 return; 658 } 659 660 Parcel data, reply; 661 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 662 data.writeString16(name); 663 data.writeInt32(int32_t(format)); 664 writeBlobAsByteArray(clientId, &data); 665 writeBlobAsByteArray(appData, &data); 666 data.writeInt32(uid); 667 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply); 668 if (status != NO_ERROR) { 669 ALOGD("exportKey() could not contact remote: %d\n", status); 670 result->resultCode = ResponseCode::SYSTEM_ERROR; 671 return; 672 } 673 int32_t err = reply.readExceptionCode(); 674 if (err < 0) { 675 ALOGD("exportKey() caught exception %d\n", err); 676 result->resultCode = ResponseCode::SYSTEM_ERROR; 677 return; 678 } 679 680 reply.readParcelable(result); 681 } 682 683 void begin(const sp<IBinder>& appToken, const String16& name, KeyPurpose purpose, 684 bool pruneable, const hidl_vec<KeyParameter>& params, 685 const hidl_vec<uint8_t>& entropy, int32_t uid, OperationResult* result) override { 686 if (!result) { 687 return; 688 } 689 Parcel data, reply; 690 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 691 data.writeStrongBinder(appToken); 692 data.writeString16(name); 693 data.writeInt32(int32_t(purpose)); 694 data.writeInt32(pruneable ? 1 : 0); 695 nullable(writeParamSetToParcel, params, &data); 696 writeBlobAsByteArray(entropy, &data); 697 data.writeInt32(uid); 698 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply); 699 if (status != NO_ERROR) { 700 ALOGD("begin() could not contact remote: %d\n", status); 701 result->resultCode = ResponseCode::SYSTEM_ERROR; 702 return; 703 } 704 int32_t err = reply.readExceptionCode(); 705 if (err < 0) { 706 ALOGD("begin() caught exception %d\n", err); 707 result->resultCode = ResponseCode::SYSTEM_ERROR; 708 return; 709 } 710 711 reply.readParcelable(result); 712 } 713 714 void update(const sp<IBinder>& token, const hidl_vec<KeyParameter>& params, 715 const hidl_vec<uint8_t>& opData, OperationResult* result) override { 716 if (!result) { 717 return; 718 } 719 Parcel data, reply; 720 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 721 data.writeStrongBinder(token); 722 nullable(writeParamSetToParcel, params, &data); 723 writeBlobAsByteArray(opData, &data); 724 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply); 725 if (status != NO_ERROR) { 726 ALOGD("update() could not contact remote: %d\n", status); 727 result->resultCode = ResponseCode::SYSTEM_ERROR; 728 return; 729 } 730 int32_t err = reply.readExceptionCode(); 731 if (err < 0) { 732 ALOGD("update() caught exception %d\n", err); 733 result->resultCode = ResponseCode::SYSTEM_ERROR; 734 return; 735 } 736 737 reply.readParcelable(result); 738 } 739 740 void finish(const sp<IBinder>& token, const hidl_vec<KeyParameter>& params, 741 const hidl_vec<uint8_t>& signature, const hidl_vec<uint8_t>& entropy, 742 OperationResult* result) override { 743 if (!result) { 744 return; 745 } 746 Parcel data, reply; 747 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 748 data.writeStrongBinder(token); 749 nullable(writeParamSetToParcel, params, &data); 750 writeBlobAsByteArray(signature, &data); 751 writeBlobAsByteArray(entropy, &data); 752 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply); 753 if (status != NO_ERROR) { 754 ALOGD("finish() could not contact remote: %d\n", status); 755 result->resultCode = ResponseCode::SYSTEM_ERROR; 756 return; 757 } 758 int32_t err = reply.readExceptionCode(); 759 if (err < 0) { 760 ALOGD("finish() caught exception %d\n", err); 761 result->resultCode = ResponseCode::SYSTEM_ERROR; 762 return; 763 } 764 765 reply.readParcelable(result); 766 } 767 768 KeyStoreServiceReturnCode abort(const sp<IBinder>& token) override { 769 Parcel data, reply; 770 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 771 data.writeStrongBinder(token); 772 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply); 773 if (status != NO_ERROR) { 774 ALOGD("abort() could not contact remote: %d\n", status); 775 return ResponseCode::SYSTEM_ERROR; 776 } 777 int32_t err = reply.readExceptionCode(); 778 if (err < 0) { 779 ALOGD("abort() caught exception %d\n", err); 780 return ResponseCode::SYSTEM_ERROR; 781 } 782 return ResponseCode(reply.readInt32()); 783 } 784 785 bool isOperationAuthorized(const sp<IBinder>& token) override { 786 Parcel data, reply; 787 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 788 data.writeStrongBinder(token); 789 status_t status = 790 remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data, &reply); 791 if (status != NO_ERROR) { 792 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status); 793 return false; 794 } 795 int32_t err = reply.readExceptionCode(); 796 if (err < 0) { 797 ALOGD("isOperationAuthorized() caught exception %d\n", err); 798 return false; 799 } 800 return reply.readInt32() == 1; 801 } 802 803 KeyStoreServiceReturnCode addAuthToken(const uint8_t* token, size_t length) override { 804 Parcel data, reply; 805 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 806 data.writeByteArray(length, token); 807 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply); 808 if (status != NO_ERROR) { 809 ALOGD("addAuthToken() could not contact remote: %d\n", status); 810 return ResponseCode::SYSTEM_ERROR; 811 } 812 int32_t err = reply.readExceptionCode(); 813 if (err < 0) { 814 ALOGD("addAuthToken() caught exception %d\n", err); 815 return ResponseCode::SYSTEM_ERROR; 816 } 817 return ResponseCode(reply.readInt32()); 818 }; 819 820 KeyStoreServiceReturnCode onUserAdded(int32_t userId, int32_t parentId) override { 821 Parcel data, reply; 822 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 823 data.writeInt32(userId); 824 data.writeInt32(parentId); 825 status_t status = remote()->transact(BnKeystoreService::ON_USER_ADDED, data, &reply); 826 if (status != NO_ERROR) { 827 ALOGD("onUserAdded() could not contact remote: %d\n", status); 828 return ResponseCode::SYSTEM_ERROR; 829 } 830 int32_t err = reply.readExceptionCode(); 831 if (err < 0) { 832 ALOGD("onUserAdded() caught exception %d\n", err); 833 return ResponseCode::SYSTEM_ERROR; 834 } 835 return ResponseCode(reply.readInt32()); 836 } 837 838 KeyStoreServiceReturnCode onUserRemoved(int32_t userId) override { 839 Parcel data, reply; 840 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 841 data.writeInt32(userId); 842 status_t status = remote()->transact(BnKeystoreService::ON_USER_REMOVED, data, &reply); 843 if (status != NO_ERROR) { 844 ALOGD("onUserRemoved() could not contact remote: %d\n", status); 845 return ResponseCode::SYSTEM_ERROR; 846 } 847 int32_t err = reply.readExceptionCode(); 848 if (err < 0) { 849 ALOGD("onUserRemoved() caught exception %d\n", err); 850 return ResponseCode::SYSTEM_ERROR; 851 } 852 return ResponseCode(reply.readInt32()); 853 } 854 855 KeyStoreServiceReturnCode attestKey(const String16& name, const hidl_vec<KeyParameter>& params, 856 hidl_vec<hidl_vec<uint8_t>>* outChain) override { 857 if (!outChain) return ErrorCode::OUTPUT_PARAMETER_NULL; 858 859 Parcel data, reply; 860 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 861 data.writeString16(name); 862 nullable(writeParamSetToParcel, params, &data); 863 864 status_t status = remote()->transact(BnKeystoreService::ATTEST_KEY, data, &reply); 865 if (status != NO_ERROR) { 866 ALOGD("attestkey() count not contact remote: %d\n", status); 867 return ResponseCode::SYSTEM_ERROR; 868 } 869 int32_t err = reply.readExceptionCode(); 870 ResponseCode ret = ResponseCode(reply.readInt32()); 871 if (err < 0) { 872 ALOGD("attestKey() caught exception %d\n", err); 873 return ResponseCode::SYSTEM_ERROR; 874 } 875 if (reply.readInt32() != 0) { 876 *outChain = readCertificateChainFromParcel(reply); 877 } 878 return ret; 879 } 880 881 KeyStoreServiceReturnCode attestDeviceIds(const hidl_vec<KeyParameter>& params, 882 hidl_vec<hidl_vec<uint8_t>>* outChain) override { 883 if (!outChain) return ErrorCode::OUTPUT_PARAMETER_NULL; 884 885 Parcel data, reply; 886 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 887 nullable(writeParamSetToParcel, params, &data); 888 889 status_t status = remote()->transact(BnKeystoreService::ATTEST_DEVICE_IDS, data, &reply); 890 if (status != NO_ERROR) { 891 ALOGD("attestDeviceIds() count not contact remote: %d\n", status); 892 return ResponseCode::SYSTEM_ERROR; 893 } 894 int32_t err = reply.readExceptionCode(); 895 ResponseCode ret = ResponseCode(reply.readInt32()); 896 if (err < 0) { 897 ALOGD("attestDeviceIds() caught exception %d\n", err); 898 return ResponseCode::SYSTEM_ERROR; 899 } 900 if (reply.readInt32() != 0) { 901 *outChain = readCertificateChainFromParcel(reply); 902 } 903 return ret; 904 } 905 906 KeyStoreServiceReturnCode onDeviceOffBody() override { 907 Parcel data, reply; 908 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor()); 909 status_t status = remote()->transact(BnKeystoreService::ON_DEVICE_OFF_BODY, data, &reply); 910 if (status != NO_ERROR) { 911 ALOGD("onDeviceOffBody() could not contact remote: %d\n", status); 912 return ResponseCode::SYSTEM_ERROR; 913 } 914 int32_t err = reply.readExceptionCode(); 915 if (err < 0) { 916 ALOGD("onDeviceOffBody() caught exception %d\n", err); 917 return ResponseCode::SYSTEM_ERROR; 918 } 919 return ResponseCode(reply.readInt32()); 920 } 921 }; 922 923 IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService"); 924 925 // ---------------------------------------------------------------------- 926 927 status_t BnKeystoreService::onTransact(uint32_t code, const Parcel& data, Parcel* reply, 928 uint32_t flags) { 929 switch (code) { 930 case GET_STATE: { 931 CHECK_INTERFACE(IKeystoreService, data, reply); 932 int32_t userId = data.readInt32(); 933 int32_t ret = getState(userId); 934 reply->writeNoException(); 935 reply->writeInt32(ret); 936 return NO_ERROR; 937 } break; 938 case GET: { 939 CHECK_INTERFACE(IKeystoreService, data, reply); 940 String16 name = data.readString16(); 941 int32_t uid = data.readInt32(); 942 hidl_vec<uint8_t> out; 943 auto ret = get(name, uid, &out); 944 reply->writeNoException(); 945 if (ret.isOk()) { 946 writeBlobAsByteArray(out, reply); 947 } else { 948 reply->writeInt32(-1); 949 } 950 reply->writeInt32(ret); 951 return NO_ERROR; 952 } break; 953 case INSERT: { 954 CHECK_INTERFACE(IKeystoreService, data, reply); 955 String16 name = data.readString16(); 956 auto in = readBlobAsByteArray(data); 957 int uid = data.readInt32(); 958 int32_t flags = data.readInt32(); 959 int32_t ret = insert(name, in.value(), uid, flags); 960 reply->writeNoException(); 961 reply->writeInt32(ret); 962 return NO_ERROR; 963 } break; 964 case DEL: { 965 CHECK_INTERFACE(IKeystoreService, data, reply); 966 String16 name = data.readString16(); 967 int uid = data.readInt32(); 968 int32_t ret = del(name, uid); 969 reply->writeNoException(); 970 reply->writeInt32(ret); 971 return NO_ERROR; 972 } break; 973 case EXIST: { 974 CHECK_INTERFACE(IKeystoreService, data, reply); 975 String16 name = data.readString16(); 976 int uid = data.readInt32(); 977 int32_t ret = exist(name, uid); 978 reply->writeNoException(); 979 reply->writeInt32(ret); 980 return NO_ERROR; 981 } break; 982 case LIST: { 983 CHECK_INTERFACE(IKeystoreService, data, reply); 984 String16 prefix = data.readString16(); 985 int uid = data.readInt32(); 986 Vector<String16> matches; 987 int32_t ret = list(prefix, uid, &matches); 988 reply->writeNoException(); 989 reply->writeInt32(matches.size()); 990 Vector<String16>::const_iterator it = matches.begin(); 991 for (; it != matches.end(); ++it) { 992 reply->writeString16(*it); 993 } 994 reply->writeInt32(ret); 995 return NO_ERROR; 996 } break; 997 case RESET: { 998 CHECK_INTERFACE(IKeystoreService, data, reply); 999 int32_t ret = reset(); 1000 reply->writeNoException(); 1001 reply->writeInt32(ret); 1002 return NO_ERROR; 1003 } break; 1004 case ON_USER_PASSWORD_CHANGED: { 1005 CHECK_INTERFACE(IKeystoreService, data, reply); 1006 int32_t userId = data.readInt32(); 1007 String16 pass = data.readString16(); 1008 int32_t ret = onUserPasswordChanged(userId, pass); 1009 reply->writeNoException(); 1010 reply->writeInt32(ret); 1011 return NO_ERROR; 1012 } break; 1013 case LOCK: { 1014 CHECK_INTERFACE(IKeystoreService, data, reply); 1015 int32_t userId = data.readInt32(); 1016 int32_t ret = lock(userId); 1017 reply->writeNoException(); 1018 reply->writeInt32(ret); 1019 return NO_ERROR; 1020 } break; 1021 case UNLOCK: { 1022 CHECK_INTERFACE(IKeystoreService, data, reply); 1023 int32_t userId = data.readInt32(); 1024 String16 pass = data.readString16(); 1025 int32_t ret = unlock(userId, pass); 1026 reply->writeNoException(); 1027 reply->writeInt32(ret); 1028 return NO_ERROR; 1029 } break; 1030 case IS_EMPTY: { 1031 CHECK_INTERFACE(IKeystoreService, data, reply); 1032 int32_t userId = data.readInt32(); 1033 bool ret = isEmpty(userId); 1034 reply->writeNoException(); 1035 reply->writeInt32(ret ? 1 : 0); 1036 return NO_ERROR; 1037 } break; 1038 case GENERATE: { 1039 CHECK_INTERFACE(IKeystoreService, data, reply); 1040 String16 name = data.readString16(); 1041 int32_t uid = data.readInt32(); 1042 int32_t keyType = data.readInt32(); 1043 int32_t keySize = data.readInt32(); 1044 int32_t flags = data.readInt32(); 1045 Vector<sp<KeystoreArg>> args; 1046 int32_t argsPresent = data.readInt32(); 1047 if (argsPresent == 1) { 1048 ssize_t numArgs = data.readInt32(); 1049 if (numArgs > MAX_GENERATE_ARGS) { 1050 return BAD_VALUE; 1051 } 1052 if (numArgs > 0) { 1053 for (size_t i = 0; i < (size_t)numArgs; i++) { 1054 ssize_t inSize = data.readInt32(); 1055 if (inSize >= 0 && (size_t)inSize <= data.dataAvail()) { 1056 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize), inSize); 1057 args.push_back(arg); 1058 } else { 1059 args.push_back(NULL); 1060 } 1061 } 1062 } 1063 } 1064 int32_t ret = generate(name, uid, keyType, keySize, flags, &args); 1065 reply->writeNoException(); 1066 reply->writeInt32(ret); 1067 return NO_ERROR; 1068 } break; 1069 case IMPORT: { 1070 CHECK_INTERFACE(IKeystoreService, data, reply); 1071 String16 name = data.readString16(); 1072 auto in = readBlobAsByteArray(data); 1073 int uid = data.readInt32(); 1074 int32_t flags = data.readInt32(); 1075 auto ret = import(name, in.value(), uid, flags); 1076 reply->writeNoException(); 1077 reply->writeInt32(ret); 1078 return NO_ERROR; 1079 } break; 1080 case SIGN: { 1081 CHECK_INTERFACE(IKeystoreService, data, reply); 1082 String16 name = data.readString16(); 1083 auto in = readBlobAsByteArray(data); 1084 hidl_vec<uint8_t> out; 1085 auto ret = sign(name, in.value(), &out); 1086 reply->writeNoException(); 1087 writeBlobAsByteArray(out, reply); 1088 reply->writeInt32(ret); 1089 return NO_ERROR; 1090 } break; 1091 case VERIFY: { 1092 CHECK_INTERFACE(IKeystoreService, data, reply); 1093 String16 name = data.readString16(); 1094 auto in = readBlobAsByteArray(data); 1095 auto signature = readBlobAsByteArray(data); 1096 auto ret = verify(name, in.value(), signature.value()); 1097 reply->writeNoException(); 1098 reply->writeInt32(ret); 1099 return NO_ERROR; 1100 } break; 1101 case GET_PUBKEY: { 1102 CHECK_INTERFACE(IKeystoreService, data, reply); 1103 String16 name = data.readString16(); 1104 hidl_vec<uint8_t> out; 1105 auto ret = get_pubkey(name, &out); 1106 reply->writeNoException(); 1107 writeBlobAsByteArray(out, reply); 1108 reply->writeInt32(ret); 1109 return NO_ERROR; 1110 } break; 1111 case GRANT: { 1112 CHECK_INTERFACE(IKeystoreService, data, reply); 1113 String16 name = data.readString16(); 1114 int32_t granteeUid = data.readInt32(); 1115 String16 ret = grant(name, granteeUid); 1116 reply->writeNoException(); 1117 reply->writeString16(ret); 1118 return NO_ERROR; 1119 } break; 1120 case UNGRANT: { 1121 CHECK_INTERFACE(IKeystoreService, data, reply); 1122 String16 name = data.readString16(); 1123 int32_t granteeUid = data.readInt32(); 1124 int32_t ret = ungrant(name, granteeUid); 1125 reply->writeNoException(); 1126 reply->writeInt32(ret); 1127 return NO_ERROR; 1128 } break; 1129 case GETMTIME: { 1130 CHECK_INTERFACE(IKeystoreService, data, reply); 1131 String16 name = data.readString16(); 1132 int32_t uid = data.readInt32(); 1133 int64_t ret = getmtime(name, uid); 1134 reply->writeNoException(); 1135 reply->writeInt64(ret); 1136 return NO_ERROR; 1137 } break; 1138 case DUPLICATE: { 1139 CHECK_INTERFACE(IKeystoreService, data, reply); 1140 String16 srcKey = data.readString16(); 1141 int32_t srcUid = data.readInt32(); 1142 String16 destKey = data.readString16(); 1143 int32_t destUid = data.readInt32(); 1144 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid); 1145 reply->writeNoException(); 1146 reply->writeInt32(ret); 1147 return NO_ERROR; 1148 } break; 1149 case IS_HARDWARE_BACKED: { 1150 CHECK_INTERFACE(IKeystoreService, data, reply); 1151 String16 keyType = data.readString16(); 1152 int32_t ret = is_hardware_backed(keyType); 1153 reply->writeNoException(); 1154 reply->writeInt32(ret); 1155 return NO_ERROR; 1156 } 1157 case CLEAR_UID: { 1158 CHECK_INTERFACE(IKeystoreService, data, reply); 1159 int64_t uid = data.readInt64(); 1160 int32_t ret = clear_uid(uid); 1161 reply->writeNoException(); 1162 reply->writeInt32(ret); 1163 return NO_ERROR; 1164 } 1165 case ADD_RNG_ENTROPY: { 1166 CHECK_INTERFACE(IKeystoreService, data, reply); 1167 auto entropy = readBlobAsByteArray(data); 1168 auto ret = addRngEntropy(entropy.value()); 1169 reply->writeNoException(); 1170 reply->writeInt32(ret); 1171 return NO_ERROR; 1172 } 1173 case GENERATE_KEY: { 1174 CHECK_INTERFACE(IKeystoreService, data, reply); 1175 String16 name = data.readString16(); 1176 auto params = nullable(readParamSetFromParcel, data); 1177 auto entropy = readBlobAsByteArray(data); 1178 int32_t uid = data.readInt32(); 1179 int32_t flags = data.readInt32(); 1180 KeyCharacteristics outCharacteristics; 1181 int32_t ret = 1182 generateKey(name, params.value(), entropy.value(), uid, flags, &outCharacteristics); 1183 reply->writeNoException(); 1184 reply->writeInt32(ret); 1185 nullable(writeKeyCharacteristicsToParcel, outCharacteristics, reply); 1186 return NO_ERROR; 1187 } 1188 case GET_KEY_CHARACTERISTICS: { 1189 CHECK_INTERFACE(IKeystoreService, data, reply); 1190 String16 name = data.readString16(); 1191 auto clientId = nullable(readKeymasterBlob, data, true); 1192 auto appData = nullable(readKeymasterBlob, data, true); 1193 int32_t uid = data.readInt32(); 1194 KeyCharacteristics outCharacteristics; 1195 int ret = getKeyCharacteristics(name, clientId.value(), appData.value(), uid, 1196 &outCharacteristics); 1197 reply->writeNoException(); 1198 reply->writeInt32(ret); 1199 nullable(writeKeyCharacteristicsToParcel, outCharacteristics, reply); 1200 return NO_ERROR; 1201 } 1202 case IMPORT_KEY: { 1203 CHECK_INTERFACE(IKeystoreService, data, reply); 1204 String16 name = data.readString16(); 1205 auto args = nullable(readParamSetFromParcel, data); 1206 KeyFormat format = static_cast<KeyFormat>(data.readInt32()); 1207 auto keyData = readBlobAsByteArray(data); 1208 int32_t uid = data.readInt32(); 1209 int32_t flags = data.readInt32(); 1210 KeyCharacteristics outCharacteristics; 1211 int32_t ret = 1212 importKey(name, args.value(), format, keyData.value(), uid, flags, &outCharacteristics); 1213 reply->writeNoException(); 1214 reply->writeInt32(ret); 1215 nullable(writeKeyCharacteristicsToParcel, outCharacteristics, reply); 1216 return NO_ERROR; 1217 } 1218 case EXPORT_KEY: { 1219 CHECK_INTERFACE(IKeystoreService, data, reply); 1220 String16 name = data.readString16(); 1221 KeyFormat format = static_cast<KeyFormat>(data.readInt32()); 1222 auto clientId = nullable(readKeymasterBlob, data, true); 1223 auto appData = nullable(readKeymasterBlob, data, true); 1224 int32_t uid = data.readInt32(); 1225 ExportResult result; 1226 exportKey(name, format, clientId.value(), appData.value(), uid, &result); 1227 reply->writeNoException(); 1228 reply->writeParcelable(result); 1229 1230 return NO_ERROR; 1231 } 1232 case BEGIN: { 1233 CHECK_INTERFACE(IKeystoreService, data, reply); 1234 sp<IBinder> token = data.readStrongBinder(); 1235 String16 name = data.readString16(); 1236 KeyPurpose purpose = static_cast<KeyPurpose>(data.readInt32()); 1237 bool pruneable = data.readInt32() != 0; 1238 auto args = nullable(readParamSetFromParcel, data); 1239 auto entropy = readBlobAsByteArray(data); 1240 int32_t uid = data.readInt32(); 1241 OperationResult result; 1242 begin(token, name, purpose, pruneable, args.value(), entropy.value(), uid, &result); 1243 reply->writeNoException(); 1244 reply->writeParcelable(result); 1245 1246 return NO_ERROR; 1247 } 1248 case UPDATE: { 1249 CHECK_INTERFACE(IKeystoreService, data, reply); 1250 sp<IBinder> token = data.readStrongBinder(); 1251 auto args = nullable(readParamSetFromParcel, data); 1252 auto buf = readBlobAsByteArray(data); 1253 OperationResult result; 1254 update(token, args.value(), buf.value(), &result); 1255 reply->writeNoException(); 1256 reply->writeParcelable(result); 1257 1258 return NO_ERROR; 1259 } 1260 case FINISH: { 1261 CHECK_INTERFACE(IKeystoreService, data, reply); 1262 sp<IBinder> token = data.readStrongBinder(); 1263 auto args = nullable(readParamSetFromParcel, data); 1264 auto signature = readBlobAsByteArray(data); 1265 auto entropy = readBlobAsByteArray(data); 1266 OperationResult result; 1267 finish(token, args.value(), signature.value(), entropy.value(), &result); 1268 reply->writeNoException(); 1269 reply->writeParcelable(result); 1270 1271 return NO_ERROR; 1272 } 1273 case ABORT: { 1274 CHECK_INTERFACE(IKeystoreService, data, reply); 1275 sp<IBinder> token = data.readStrongBinder(); 1276 int32_t result = abort(token); 1277 reply->writeNoException(); 1278 reply->writeInt32(result); 1279 1280 return NO_ERROR; 1281 } 1282 case IS_OPERATION_AUTHORIZED: { 1283 CHECK_INTERFACE(IKeystoreService, data, reply); 1284 sp<IBinder> token = data.readStrongBinder(); 1285 bool result = isOperationAuthorized(token); 1286 reply->writeNoException(); 1287 reply->writeInt32(result ? 1 : 0); 1288 1289 return NO_ERROR; 1290 } 1291 case ADD_AUTH_TOKEN: { 1292 CHECK_INTERFACE(IKeystoreService, data, reply); 1293 const uint8_t* token_bytes = NULL; 1294 size_t size = 0; 1295 readByteArray(data, &token_bytes, &size); 1296 int32_t result = addAuthToken(token_bytes, size); 1297 reply->writeNoException(); 1298 reply->writeInt32(result); 1299 1300 return NO_ERROR; 1301 } 1302 case ON_USER_ADDED: { 1303 CHECK_INTERFACE(IKeystoreService, data, reply); 1304 int32_t userId = data.readInt32(); 1305 int32_t parentId = data.readInt32(); 1306 int32_t result = onUserAdded(userId, parentId); 1307 reply->writeNoException(); 1308 reply->writeInt32(result); 1309 1310 return NO_ERROR; 1311 } 1312 case ON_USER_REMOVED: { 1313 CHECK_INTERFACE(IKeystoreService, data, reply); 1314 int32_t userId = data.readInt32(); 1315 int32_t result = onUserRemoved(userId); 1316 reply->writeNoException(); 1317 reply->writeInt32(result); 1318 1319 return NO_ERROR; 1320 } 1321 case ATTEST_KEY: { 1322 CHECK_INTERFACE(IKeystoreService, data, reply); 1323 String16 name = data.readString16(); 1324 auto params = nullable(readParamSetFromParcel, data); 1325 hidl_vec<hidl_vec<uint8_t>> chain; 1326 int ret = attestKey(name, params.value(), &chain); 1327 reply->writeNoException(); 1328 reply->writeInt32(ret); 1329 nullable(writeCertificateChainToParcel, chain, reply); 1330 1331 return NO_ERROR; 1332 } 1333 1334 case ATTEST_DEVICE_IDS: { 1335 CHECK_INTERFACE(IKeystoreService, data, reply); 1336 auto params = nullable(readParamSetFromParcel, data); 1337 hidl_vec<hidl_vec<uint8_t>> chain; 1338 int ret = attestDeviceIds(params.value(), &chain); 1339 reply->writeNoException(); 1340 reply->writeInt32(ret); 1341 nullable(writeCertificateChainToParcel, chain, reply); 1342 1343 return NO_ERROR; 1344 } 1345 1346 case ON_DEVICE_OFF_BODY: { 1347 CHECK_INTERFACE(IKeystoreService, data, reply); 1348 int32_t ret = onDeviceOffBody(); 1349 reply->writeNoException(); 1350 reply->writeInt32(ret); 1351 1352 return NO_ERROR; 1353 } 1354 default: 1355 return BBinder::onTransact(code, data, reply, flags); 1356 } 1357 } 1358 1359 // ---------------------------------------------------------------------------- 1360 1361 }; // namespace android 1362
