1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef KEYSTORE_IKEYSTORESERVICE_H 18 #define KEYSTORE_IKEYSTORESERVICE_H 19 20 #include <hardware/keymaster_defs.h> 21 #include <utils/RefBase.h> 22 #include <binder/IInterface.h> 23 #include <binder/Parcel.h> 24 #include <vector> 25 26 namespace android { 27 28 class KeystoreArg : public RefBase { 29 public: 30 KeystoreArg(const void *data, size_t len); 31 ~KeystoreArg(); 32 33 const void* data() const; 34 size_t size() const; 35 36 private: 37 const void* mData; 38 size_t mSize; 39 }; 40 41 struct MallocDeleter { operatorMallocDeleter42 void operator()(uint8_t* p) { free(p); } 43 }; 44 45 // struct for serializing/deserializing a list of keymaster_key_param_t's 46 struct KeymasterArguments { 47 KeymasterArguments(); 48 ~KeymasterArguments(); 49 void readFromParcel(const Parcel& in); 50 void writeToParcel(Parcel* out) const; 51 52 std::vector<keymaster_key_param_t> params; 53 }; 54 55 // struct for serializing the results of begin/update/finish 56 struct OperationResult { 57 OperationResult(); 58 ~OperationResult(); 59 void readFromParcel(const Parcel& in); 60 void writeToParcel(Parcel* out) const; 61 62 int resultCode; 63 sp<IBinder> token; 64 keymaster_operation_handle_t handle; 65 int inputConsumed; 66 std::unique_ptr<uint8_t[], MallocDeleter> data; 67 size_t dataLength; 68 KeymasterArguments outParams; 69 }; 70 71 // struct for serializing the results of export 72 struct ExportResult { 73 ExportResult(); 74 ~ExportResult(); 75 void readFromParcel(const Parcel& in); 76 void writeToParcel(Parcel* out) const; 77 78 int resultCode; 79 std::unique_ptr<uint8_t[], MallocDeleter> exportData; 80 size_t dataLength; 81 }; 82 83 // struct for serializing keymaster_key_characteristics_t's 84 struct KeyCharacteristics { 85 KeyCharacteristics(); 86 ~KeyCharacteristics(); 87 void readFromParcel(const Parcel& in); 88 void writeToParcel(Parcel* out) const; 89 90 keymaster_key_characteristics_t characteristics; 91 }; 92 93 // struct for serializing keymaster_cert_chain_t's 94 struct KeymasterCertificateChain { 95 KeymasterCertificateChain(); 96 ~KeymasterCertificateChain(); 97 void readFromParcel(const Parcel& in); 98 void writeToParcel(Parcel* out) const; 99 100 void FreeChain(); 101 102 keymaster_cert_chain_t chain; 103 }; 104 105 bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out); 106 void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out); 107 108 /* 109 * This must be kept manually in sync with frameworks/base's IKeystoreService.java 110 */ 111 class IKeystoreService: public IInterface { 112 public: 113 enum { 114 GET_STATE = IBinder::FIRST_CALL_TRANSACTION + 0, 115 GET = IBinder::FIRST_CALL_TRANSACTION + 1, 116 INSERT = IBinder::FIRST_CALL_TRANSACTION + 2, 117 DEL = IBinder::FIRST_CALL_TRANSACTION + 3, 118 EXIST = IBinder::FIRST_CALL_TRANSACTION + 4, 119 LIST = IBinder::FIRST_CALL_TRANSACTION + 5, 120 RESET = IBinder::FIRST_CALL_TRANSACTION + 6, 121 ON_USER_PASSWORD_CHANGED = IBinder::FIRST_CALL_TRANSACTION + 7, 122 LOCK = IBinder::FIRST_CALL_TRANSACTION + 8, 123 UNLOCK = IBinder::FIRST_CALL_TRANSACTION + 9, 124 IS_EMPTY = IBinder::FIRST_CALL_TRANSACTION + 10, 125 GENERATE = IBinder::FIRST_CALL_TRANSACTION + 11, 126 IMPORT = IBinder::FIRST_CALL_TRANSACTION + 12, 127 SIGN = IBinder::FIRST_CALL_TRANSACTION + 13, 128 VERIFY = IBinder::FIRST_CALL_TRANSACTION + 14, 129 GET_PUBKEY = IBinder::FIRST_CALL_TRANSACTION + 15, 130 GRANT = IBinder::FIRST_CALL_TRANSACTION + 16, 131 UNGRANT = IBinder::FIRST_CALL_TRANSACTION + 17, 132 GETMTIME = IBinder::FIRST_CALL_TRANSACTION + 18, 133 DUPLICATE = IBinder::FIRST_CALL_TRANSACTION + 19, 134 IS_HARDWARE_BACKED = IBinder::FIRST_CALL_TRANSACTION + 20, 135 CLEAR_UID = IBinder::FIRST_CALL_TRANSACTION + 21, 136 ADD_RNG_ENTROPY = IBinder::FIRST_CALL_TRANSACTION + 22, 137 GENERATE_KEY = IBinder::FIRST_CALL_TRANSACTION + 23, 138 GET_KEY_CHARACTERISTICS = IBinder::FIRST_CALL_TRANSACTION + 24, 139 IMPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 25, 140 EXPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 26, 141 BEGIN = IBinder::FIRST_CALL_TRANSACTION + 27, 142 UPDATE = IBinder::FIRST_CALL_TRANSACTION + 28, 143 FINISH = IBinder::FIRST_CALL_TRANSACTION + 29, 144 ABORT = IBinder::FIRST_CALL_TRANSACTION + 30, 145 IS_OPERATION_AUTHORIZED = IBinder::FIRST_CALL_TRANSACTION + 31, 146 ADD_AUTH_TOKEN = IBinder::FIRST_CALL_TRANSACTION + 32, 147 ON_USER_ADDED = IBinder::FIRST_CALL_TRANSACTION + 33, 148 ON_USER_REMOVED = IBinder::FIRST_CALL_TRANSACTION + 34, 149 ATTEST_KEY = IBinder::FIRST_CALL_TRANSACTION + 35, 150 }; 151 152 DECLARE_META_INTERFACE(KeystoreService); 153 154 virtual int32_t getState(int32_t userId) = 0; 155 156 virtual int32_t get(const String16& name, int32_t uid, uint8_t** item, size_t* itemLength) = 0; 157 158 virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid, 159 int32_t flags) = 0; 160 161 virtual int32_t del(const String16& name, int uid) = 0; 162 163 virtual int32_t exist(const String16& name, int uid) = 0; 164 165 virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches) = 0; 166 167 virtual int32_t reset() = 0; 168 169 virtual int32_t onUserPasswordChanged(int32_t userId, const String16& newPassword) = 0; 170 171 virtual int32_t lock(int32_t userId) = 0; 172 173 virtual int32_t unlock(int32_t userId, const String16& password) = 0; 174 175 virtual bool isEmpty(int32_t userId) = 0; 176 177 virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize, 178 int32_t flags, Vector<sp<KeystoreArg> >* args) = 0; 179 180 virtual int32_t import(const String16& name, const uint8_t* data, size_t length, int uid, 181 int32_t flags) = 0; 182 183 virtual int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out, 184 size_t* outLength) = 0; 185 186 virtual int32_t verify(const String16& name, const uint8_t* data, size_t dataLength, 187 const uint8_t* signature, size_t signatureLength) = 0; 188 189 virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) = 0; 190 191 virtual int32_t grant(const String16& name, int32_t granteeUid) = 0; 192 193 virtual int32_t ungrant(const String16& name, int32_t granteeUid) = 0; 194 195 virtual int64_t getmtime(const String16& name, int32_t uid) = 0; 196 197 virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, 198 int32_t destUid) = 0; 199 200 virtual int32_t is_hardware_backed(const String16& keyType) = 0; 201 202 virtual int32_t clear_uid(int64_t uid) = 0; 203 204 virtual int32_t addRngEntropy(const uint8_t* data, size_t dataLength) = 0; 205 206 virtual int32_t generateKey(const String16& name, const KeymasterArguments& params, 207 const uint8_t* entropy, size_t entropyLength, int uid, int flags, 208 KeyCharacteristics* outCharacteristics) = 0; 209 210 virtual int32_t getKeyCharacteristics(const String16& name, 211 const keymaster_blob_t* clientId, 212 const keymaster_blob_t* appData, 213 int32_t uid, 214 KeyCharacteristics* outCharacteristics) = 0; 215 216 virtual int32_t importKey(const String16& name, const KeymasterArguments& params, 217 keymaster_key_format_t format, const uint8_t *keyData, 218 size_t keyLength, int uid, int flags, 219 KeyCharacteristics* outCharacteristics) = 0; 220 221 virtual void exportKey(const String16& name, keymaster_key_format_t format, 222 const keymaster_blob_t* clientId, 223 const keymaster_blob_t* appData, int32_t uid, ExportResult* result) = 0; 224 225 virtual void begin(const sp<IBinder>& apptoken, const String16& name, 226 keymaster_purpose_t purpose, bool pruneable, 227 const KeymasterArguments& params, const uint8_t* entropy, 228 size_t entropyLength, int32_t uid, OperationResult* result) = 0; 229 230 virtual void update(const sp<IBinder>& token, const KeymasterArguments& params, 231 const uint8_t* data, size_t dataLength, OperationResult* result) = 0; 232 233 virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params, 234 const uint8_t* signature, size_t signatureLength, 235 const uint8_t* entropy, size_t entropyLength, 236 OperationResult* result) = 0; 237 238 virtual int32_t abort(const sp<IBinder>& handle) = 0; 239 240 virtual bool isOperationAuthorized(const sp<IBinder>& handle) = 0; 241 242 virtual int32_t addAuthToken(const uint8_t* token, size_t length) = 0; 243 244 virtual int32_t onUserAdded(int32_t userId, int32_t parentId) = 0; 245 246 virtual int32_t onUserRemoved(int32_t userId) = 0; 247 248 virtual int32_t attestKey(const String16& name, const KeymasterArguments& params, 249 KeymasterCertificateChain* outChain) = 0; 250 251 }; 252 253 // ---------------------------------------------------------------------------- 254 255 class BnKeystoreService: public BnInterface<IKeystoreService> { 256 public: 257 virtual status_t onTransact(uint32_t code, const Parcel& data, Parcel* reply, 258 uint32_t flags = 0); 259 }; 260 261 } // namespace android 262 263 #endif 264