1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef KEYSTORE_IKEYSTORESERVICE_H 18 #define KEYSTORE_IKEYSTORESERVICE_H 19 20 #include "keystore.h" 21 #include "keystore_return_types.h" 22 #include <binder/IInterface.h> 23 #include <binder/Parcel.h> 24 #include <keystore/keymaster_tags.h> 25 #include <utils/RefBase.h> 26 #include <vector> 27 28 namespace android { 29 30 class KeystoreArg : public RefBase { 31 public: 32 KeystoreArg(const void* data, size_t len); 33 ~KeystoreArg(); 34 35 const void* data() const; 36 size_t size() const; 37 38 private: 39 const void* mData; 40 size_t mSize; 41 }; 42 43 struct MallocDeleter { operatorMallocDeleter44 void operator()(uint8_t* p) { free(p); } 45 }; 46 47 // struct for serializing the results of begin/update/finish 48 struct OperationResult : public ::android::Parcelable { 49 OperationResult(); 50 ~OperationResult(); 51 status_t readFromParcel(const Parcel* in) override; 52 status_t writeToParcel(Parcel* out) const override; 53 54 ::keystore::KeyStoreServiceReturnCode resultCode; 55 sp<IBinder> token; 56 uint64_t handle; 57 int inputConsumed; 58 ::keystore::hidl_vec<uint8_t> data; 59 ::keystore::hidl_vec<::keystore::KeyParameter> outParams; 60 }; 61 62 // struct for serializing the results of export 63 struct ExportResult : public ::android::Parcelable { 64 ExportResult(); 65 ~ExportResult(); 66 status_t readFromParcel(const Parcel* in) override; 67 status_t writeToParcel(Parcel* out) const override; 68 69 ::keystore::KeyStoreServiceReturnCode resultCode; 70 ::keystore::hidl_vec<uint8_t> exportData; 71 }; 72 73 /* 74 * This must be kept manually in sync with frameworks/base's IKeystoreService.java 75 */ 76 class IKeystoreService : public IInterface { 77 public: 78 enum { 79 GET_STATE = IBinder::FIRST_CALL_TRANSACTION + 0, 80 GET = IBinder::FIRST_CALL_TRANSACTION + 1, 81 INSERT = IBinder::FIRST_CALL_TRANSACTION + 2, 82 DEL = IBinder::FIRST_CALL_TRANSACTION + 3, 83 EXIST = IBinder::FIRST_CALL_TRANSACTION + 4, 84 LIST = IBinder::FIRST_CALL_TRANSACTION + 5, 85 RESET = IBinder::FIRST_CALL_TRANSACTION + 6, 86 ON_USER_PASSWORD_CHANGED = IBinder::FIRST_CALL_TRANSACTION + 7, 87 LOCK = IBinder::FIRST_CALL_TRANSACTION + 8, 88 UNLOCK = IBinder::FIRST_CALL_TRANSACTION + 9, 89 IS_EMPTY = IBinder::FIRST_CALL_TRANSACTION + 10, 90 GENERATE = IBinder::FIRST_CALL_TRANSACTION + 11, 91 IMPORT = IBinder::FIRST_CALL_TRANSACTION + 12, 92 SIGN = IBinder::FIRST_CALL_TRANSACTION + 13, 93 VERIFY = IBinder::FIRST_CALL_TRANSACTION + 14, 94 GET_PUBKEY = IBinder::FIRST_CALL_TRANSACTION + 15, 95 GRANT = IBinder::FIRST_CALL_TRANSACTION + 16, 96 UNGRANT = IBinder::FIRST_CALL_TRANSACTION + 17, 97 GETMTIME = IBinder::FIRST_CALL_TRANSACTION + 18, 98 DUPLICATE = IBinder::FIRST_CALL_TRANSACTION + 19, 99 IS_HARDWARE_BACKED = IBinder::FIRST_CALL_TRANSACTION + 20, 100 CLEAR_UID = IBinder::FIRST_CALL_TRANSACTION + 21, 101 ADD_RNG_ENTROPY = IBinder::FIRST_CALL_TRANSACTION + 22, 102 GENERATE_KEY = IBinder::FIRST_CALL_TRANSACTION + 23, 103 GET_KEY_CHARACTERISTICS = IBinder::FIRST_CALL_TRANSACTION + 24, 104 IMPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 25, 105 EXPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 26, 106 BEGIN = IBinder::FIRST_CALL_TRANSACTION + 27, 107 UPDATE = IBinder::FIRST_CALL_TRANSACTION + 28, 108 FINISH = IBinder::FIRST_CALL_TRANSACTION + 29, 109 ABORT = IBinder::FIRST_CALL_TRANSACTION + 30, 110 IS_OPERATION_AUTHORIZED = IBinder::FIRST_CALL_TRANSACTION + 31, 111 ADD_AUTH_TOKEN = IBinder::FIRST_CALL_TRANSACTION + 32, 112 ON_USER_ADDED = IBinder::FIRST_CALL_TRANSACTION + 33, 113 ON_USER_REMOVED = IBinder::FIRST_CALL_TRANSACTION + 34, 114 ATTEST_KEY = IBinder::FIRST_CALL_TRANSACTION + 35, 115 ATTEST_DEVICE_IDS = IBinder::FIRST_CALL_TRANSACTION + 36, 116 ON_DEVICE_OFF_BODY = IBinder::FIRST_CALL_TRANSACTION + 37, 117 }; 118 119 DECLARE_META_INTERFACE(KeystoreService); 120 121 virtual ::keystore::KeyStoreServiceReturnCode getState(int32_t userId) = 0; 122 123 virtual ::keystore::KeyStoreServiceReturnCode get(const String16& name, int32_t uid, 124 ::keystore::hidl_vec<uint8_t>* item) = 0; 125 126 virtual ::keystore::KeyStoreServiceReturnCode insert(const String16& name, 127 const ::keystore::hidl_vec<uint8_t>& item, 128 int uid, int32_t flags) = 0; 129 130 virtual ::keystore::KeyStoreServiceReturnCode del(const String16& name, int uid) = 0; 131 132 virtual ::keystore::KeyStoreServiceReturnCode exist(const String16& name, int uid) = 0; 133 134 virtual ::keystore::KeyStoreServiceReturnCode list(const String16& prefix, int uid, 135 Vector<String16>* matches) = 0; 136 137 virtual ::keystore::KeyStoreServiceReturnCode reset() = 0; 138 139 virtual ::keystore::KeyStoreServiceReturnCode 140 onUserPasswordChanged(int32_t userId, const String16& newPassword) = 0; 141 142 virtual ::keystore::KeyStoreServiceReturnCode lock(int32_t userId) = 0; 143 144 virtual ::keystore::KeyStoreServiceReturnCode unlock(int32_t userId, 145 const String16& password) = 0; 146 147 virtual bool isEmpty(int32_t userId) = 0; 148 149 virtual ::keystore::KeyStoreServiceReturnCode generate(const String16& name, int32_t uid, 150 int32_t keyType, int32_t keySize, 151 int32_t flags, 152 Vector<sp<KeystoreArg>>* args) = 0; 153 154 virtual ::keystore::KeyStoreServiceReturnCode import(const String16& name, 155 const ::keystore::hidl_vec<uint8_t>& data, 156 int uid, int32_t flags) = 0; 157 158 virtual ::keystore::KeyStoreServiceReturnCode sign(const String16& name, 159 const ::keystore::hidl_vec<uint8_t>& data, 160 ::keystore::hidl_vec<uint8_t>* out) = 0; 161 162 virtual ::keystore::KeyStoreServiceReturnCode 163 verify(const String16& name, const ::keystore::hidl_vec<uint8_t>& data, 164 const ::keystore::hidl_vec<uint8_t>& signature) = 0; 165 166 virtual ::keystore::KeyStoreServiceReturnCode 167 get_pubkey(const String16& name, ::keystore::hidl_vec<uint8_t>* pubKey) = 0; 168 169 virtual ::keystore::KeyStoreServiceReturnCode grant(const String16& name, 170 int32_t granteeUid) = 0; 171 172 virtual ::keystore::KeyStoreServiceReturnCode ungrant(const String16& name, 173 int32_t granteeUid) = 0; 174 175 virtual int64_t getmtime(const String16& name, int32_t uid) = 0; 176 177 virtual ::keystore::KeyStoreServiceReturnCode 178 duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, int32_t destUid) = 0; 179 180 virtual int32_t is_hardware_backed(const String16& keyType) = 0; 181 182 virtual ::keystore::KeyStoreServiceReturnCode clear_uid(int64_t uid) = 0; 183 184 virtual ::keystore::KeyStoreServiceReturnCode 185 addRngEntropy(const ::keystore::hidl_vec<uint8_t>& entropy) = 0; 186 187 virtual ::keystore::KeyStoreServiceReturnCode 188 generateKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params, 189 const ::keystore::hidl_vec<uint8_t>& entropy, int uid, int flags, 190 ::keystore::KeyCharacteristics* outCharacteristics) = 0; 191 192 virtual ::keystore::KeyStoreServiceReturnCode 193 getKeyCharacteristics(const String16& name, const ::keystore::hidl_vec<uint8_t>& clientId, 194 const ::keystore::hidl_vec<uint8_t>& appData, int32_t uid, 195 ::keystore::KeyCharacteristics* outCharacteristics) = 0; 196 197 virtual ::keystore::KeyStoreServiceReturnCode 198 importKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params, 199 ::keystore::KeyFormat format, const ::keystore::hidl_vec<uint8_t>& key, int uid, 200 int flags, ::keystore::KeyCharacteristics* outCharacteristics) = 0; 201 202 virtual void exportKey(const String16& name, ::keystore::KeyFormat format, 203 const ::keystore::hidl_vec<uint8_t>& clientId, 204 const ::keystore::hidl_vec<uint8_t>& appData, int uid, 205 ExportResult* result) = 0; 206 207 virtual void begin(const sp<IBinder>& apptoken, const String16& name, 208 ::keystore::KeyPurpose purpose, bool pruneable, 209 const ::keystore::hidl_vec<::keystore::KeyParameter>& params, 210 const ::keystore::hidl_vec<uint8_t>& entropy, int32_t uid, 211 OperationResult* opResult) = 0; 212 213 virtual void update(const sp<IBinder>& token, 214 const ::keystore::hidl_vec<::keystore::KeyParameter>& params, 215 const ::keystore::hidl_vec<uint8_t>& data, OperationResult* opResult) = 0; 216 217 virtual void finish(const sp<IBinder>& token, 218 const ::keystore::hidl_vec<::keystore::KeyParameter>& params, 219 const ::keystore::hidl_vec<uint8_t>& signature, 220 const ::keystore::hidl_vec<uint8_t>& entropy, 221 OperationResult* opResult) = 0; 222 223 virtual ::keystore::KeyStoreServiceReturnCode abort(const sp<IBinder>& handle) = 0; 224 225 virtual bool isOperationAuthorized(const sp<IBinder>& handle) = 0; 226 227 virtual ::keystore::KeyStoreServiceReturnCode addAuthToken(const uint8_t* token, 228 size_t length) = 0; 229 230 virtual ::keystore::KeyStoreServiceReturnCode onUserAdded(int32_t userId, int32_t parentId) = 0; 231 232 virtual ::keystore::KeyStoreServiceReturnCode onUserRemoved(int32_t userId) = 0; 233 234 virtual ::keystore::KeyStoreServiceReturnCode 235 attestKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params, 236 ::keystore::hidl_vec<::keystore::hidl_vec<uint8_t>>* outChain) = 0; 237 238 virtual ::keystore::KeyStoreServiceReturnCode attestDeviceIds( 239 const ::keystore::hidl_vec<::keystore::KeyParameter>& params, 240 ::keystore::hidl_vec<::keystore::hidl_vec<uint8_t>>* outChain) = 0; 241 242 virtual ::keystore::KeyStoreServiceReturnCode onDeviceOffBody() = 0; 243 }; 244 245 // ---------------------------------------------------------------------------- 246 247 class BnKeystoreService : public BnInterface<IKeystoreService> { 248 public: 249 virtual status_t onTransact(uint32_t code, const Parcel& data, Parcel* reply, 250 uint32_t flags = 0); 251 }; 252 253 } // namespace android 254 255 #endif 256