1 /*
2 **
3 ** Copyright 2008, The Android Open Source Project
4 **
5 ** Licensed under the Apache License, Version 2.0 (the "License");
6 ** you may not use this file except in compliance with the License.
7 ** You may obtain a copy of the License at
8 **
9 ** http://www.apache.org/licenses/LICENSE-2.0
10 **
11 ** Unless required by applicable law or agreed to in writing, software
12 ** distributed under the License is distributed on an "AS IS" BASIS,
13 ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 ** See the License for the specific language governing permissions and
15 ** limitations under the License.
16 */
17
18 #include <stdint.h>
19 #include <sys/limits.h>
20 #include <sys/types.h>
21
22 #include <algorithm>
23 #include <limits>
24
25 #define LOG_TAG "KeystoreService"
26 #include <utils/Log.h>
27
28 #include <binder/IPCThreadState.h>
29 #include <binder/IServiceManager.h>
30 #include <binder/Parcel.h>
31
32 #include <keystore/IKeystoreService.h>
33 #include <keystore/keystore_hidl_support.h>
34
35 #include "keystore_aidl_hidl_marshalling_utils.h"
36
37 namespace android {
38 using namespace ::keystore;
39
40 const ssize_t MAX_GENERATE_ARGS = 3;
41
KeystoreArg(const void * data,size_t len)42 KeystoreArg::KeystoreArg(const void* data, size_t len) : mData(data), mSize(len) {}
43
~KeystoreArg()44 KeystoreArg::~KeystoreArg() {}
45
data() const46 const void* KeystoreArg::data() const {
47 return mData;
48 }
49
size() const50 size_t KeystoreArg::size() const {
51 return mSize;
52 }
53
OperationResult()54 OperationResult::OperationResult() : resultCode(), token(), handle(0), inputConsumed(0), data() {}
55
~OperationResult()56 OperationResult::~OperationResult() {}
57
readFromParcel(const Parcel * inn)58 status_t OperationResult::readFromParcel(const Parcel* inn) {
59 const Parcel& in = *inn;
60 resultCode = ErrorCode(in.readInt32());
61 token = in.readStrongBinder();
62 handle = static_cast<uint64_t>(in.readInt64());
63 inputConsumed = in.readInt32();
64 data = readKeymasterBlob(in);
65 outParams = readParamSetFromParcel(in);
66 return OK;
67 }
68
writeToParcel(Parcel * out) const69 status_t OperationResult::writeToParcel(Parcel* out) const {
70 out->writeInt32(resultCode);
71 out->writeStrongBinder(token);
72 out->writeInt64(handle);
73 out->writeInt32(inputConsumed);
74 writeKeymasterBlob(data, out);
75 writeParamSetToParcel(outParams, out);
76 return OK;
77 }
78
ExportResult()79 ExportResult::ExportResult() : resultCode() {}
80
~ExportResult()81 ExportResult::~ExportResult() {}
82
readFromParcel(const Parcel * inn)83 status_t ExportResult::readFromParcel(const Parcel* inn) {
84 const Parcel& in = *inn;
85 resultCode = ErrorCode(in.readInt32());
86 exportData = readKeymasterBlob(in);
87 return OK;
88 }
89
writeToParcel(Parcel * out) const90 status_t ExportResult::writeToParcel(Parcel* out) const {
91 out->writeInt32(resultCode);
92 writeKeymasterBlob(exportData, out);
93 return OK;
94 }
95
96 /**
97 * Read a byte array from in. The data at *data is still owned by the parcel
98 */
readByteArray(const Parcel & in,const uint8_t ** data,size_t * length)99 static void readByteArray(const Parcel& in, const uint8_t** data, size_t* length) {
100 ssize_t slength = in.readInt32();
101 if (slength > 0) {
102 *data = reinterpret_cast<const uint8_t*>(in.readInplace(slength));
103 if (*data) {
104 *length = static_cast<size_t>(slength);
105 } else {
106 *length = 0;
107 }
108 } else {
109 *data = NULL;
110 *length = 0;
111 }
112 }
113
114 class BpKeystoreService : public BpInterface<IKeystoreService> {
115 public:
BpKeystoreService(const sp<IBinder> & impl)116 explicit BpKeystoreService(const sp<IBinder>& impl) : BpInterface<IKeystoreService>(impl) {}
117
118 // test ping
getState(int32_t userId)119 KeyStoreServiceReturnCode getState(int32_t userId) override {
120 Parcel data, reply;
121 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
122 data.writeInt32(userId);
123 status_t status = remote()->transact(BnKeystoreService::GET_STATE, data, &reply);
124 if (status != NO_ERROR) {
125 ALOGD("getState() could not contact remote: %d\n", status);
126 return ResponseCode::SYSTEM_ERROR;
127 }
128 int32_t err = reply.readExceptionCode();
129 ResponseCode ret = ResponseCode(reply.readInt32());
130 if (err < 0) {
131 ALOGD("getState() caught exception %d\n", err);
132 return ResponseCode::SYSTEM_ERROR;
133 }
134 return ret;
135 }
136
get(const String16 & name,int32_t uid,hidl_vec<uint8_t> * item)137 KeyStoreServiceReturnCode get(const String16& name, int32_t uid,
138 hidl_vec<uint8_t>* item) override {
139 Parcel data, reply;
140 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
141 data.writeString16(name);
142 data.writeInt32(uid);
143 status_t status = remote()->transact(BnKeystoreService::GET, data, &reply);
144 if (status != NO_ERROR) {
145 ALOGD("get() could not contact remote: %d\n", status);
146 return ResponseCode::SYSTEM_ERROR;
147 }
148 int32_t err = reply.readExceptionCode();
149 if (err < 0) {
150 ALOGD("get() caught exception %d\n", err);
151 return ResponseCode::SYSTEM_ERROR;
152 }
153 auto resultItem = readBlobAsByteArray(reply);
154 if (item) *item = resultItem.value();
155 return ResponseCode(reply.readInt32());
156 }
157
insert(const String16 & name,const hidl_vec<uint8_t> & item,int uid,int32_t flags)158 KeyStoreServiceReturnCode insert(const String16& name, const hidl_vec<uint8_t>& item, int uid,
159 int32_t flags) override {
160 Parcel data, reply;
161 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
162 data.writeString16(name);
163 writeBlobAsByteArray(item, &data);
164 data.writeInt32(uid);
165 data.writeInt32(flags);
166 status_t status = remote()->transact(BnKeystoreService::INSERT, data, &reply);
167 if (status != NO_ERROR) {
168 ALOGD("import() could not contact remote: %d\n", status);
169 return ResponseCode::SYSTEM_ERROR;
170 }
171 int32_t err = reply.readExceptionCode();
172 if (err < 0) {
173 ALOGD("import() caught exception %d\n", err);
174 return ResponseCode::SYSTEM_ERROR;
175 }
176 return ResponseCode(reply.readInt32());
177 }
178
del(const String16 & name,int uid)179 KeyStoreServiceReturnCode del(const String16& name, int uid) override {
180 Parcel data, reply;
181 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
182 data.writeString16(name);
183 data.writeInt32(uid);
184 status_t status = remote()->transact(BnKeystoreService::DEL, data, &reply);
185 if (status != NO_ERROR) {
186 ALOGD("del() could not contact remote: %d\n", status);
187 return ResponseCode::SYSTEM_ERROR;
188 }
189 int32_t err = reply.readExceptionCode();
190 if (err < 0) {
191 ALOGD("del() caught exception %d\n", err);
192 return ResponseCode::SYSTEM_ERROR;
193 }
194 return ResponseCode(reply.readInt32());
195 }
196
exist(const String16 & name,int uid)197 KeyStoreServiceReturnCode exist(const String16& name, int uid) override {
198 Parcel data, reply;
199 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
200 data.writeString16(name);
201 data.writeInt32(uid);
202 status_t status = remote()->transact(BnKeystoreService::EXIST, data, &reply);
203 if (status != NO_ERROR) {
204 ALOGD("exist() could not contact remote: %d\n", status);
205 return ResponseCode::SYSTEM_ERROR;
206 }
207 int32_t err = reply.readExceptionCode();
208 if (err < 0) {
209 ALOGD("exist() caught exception %d\n", err);
210 return ResponseCode::SYSTEM_ERROR;
211 }
212 return ResponseCode(reply.readInt32());
213 }
214
list(const String16 & prefix,int uid,Vector<String16> * matches)215 KeyStoreServiceReturnCode list(const String16& prefix, int uid,
216 Vector<String16>* matches) override {
217 Parcel data, reply;
218 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
219 data.writeString16(prefix);
220 data.writeInt32(uid);
221 status_t status = remote()->transact(BnKeystoreService::LIST, data, &reply);
222 if (status != NO_ERROR) {
223 ALOGD("list() could not contact remote: %d\n", status);
224 return ResponseCode::SYSTEM_ERROR;
225 }
226 int32_t err = reply.readExceptionCode();
227 int32_t numMatches = reply.readInt32();
228 for (int32_t i = 0; i < numMatches; i++) {
229 matches->push(reply.readString16());
230 }
231 if (err < 0) {
232 ALOGD("list() caught exception %d\n", err);
233 return ResponseCode::SYSTEM_ERROR;
234 }
235 return ResponseCode(reply.readInt32());
236 }
237
reset()238 KeyStoreServiceReturnCode reset() override {
239 Parcel data, reply;
240 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
241 status_t status = remote()->transact(BnKeystoreService::RESET, data, &reply);
242 if (status != NO_ERROR) {
243 ALOGD("reset() could not contact remote: %d\n", status);
244 return ResponseCode::SYSTEM_ERROR;
245 }
246 int32_t err = reply.readExceptionCode();
247 if (err < 0) {
248 ALOGD("reset() caught exception %d\n", err);
249 return ResponseCode::SYSTEM_ERROR;
250 }
251 return ResponseCode(reply.readInt32());
252 }
253
onUserPasswordChanged(int32_t userId,const String16 & password)254 KeyStoreServiceReturnCode onUserPasswordChanged(int32_t userId,
255 const String16& password) override {
256 Parcel data, reply;
257 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
258 data.writeInt32(userId);
259 data.writeString16(password);
260 status_t status =
261 remote()->transact(BnKeystoreService::ON_USER_PASSWORD_CHANGED, data, &reply);
262 if (status != NO_ERROR) {
263 ALOGD("onUserPasswordChanged() could not contact remote: %d\n", status);
264 return ResponseCode::SYSTEM_ERROR;
265 }
266 int32_t err = reply.readExceptionCode();
267 if (err < 0) {
268 ALOGD("onUserPasswordChanged() caught exception %d\n", err);
269 return ResponseCode::SYSTEM_ERROR;
270 }
271 return ResponseCode(reply.readInt32());
272 }
273
lock(int32_t userId)274 KeyStoreServiceReturnCode lock(int32_t userId) override {
275 Parcel data, reply;
276 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
277 data.writeInt32(userId);
278 status_t status = remote()->transact(BnKeystoreService::LOCK, data, &reply);
279 if (status != NO_ERROR) {
280 ALOGD("lock() could not contact remote: %d\n", status);
281 return ResponseCode::SYSTEM_ERROR;
282 }
283 int32_t err = reply.readExceptionCode();
284 if (err < 0) {
285 ALOGD("lock() caught exception %d\n", err);
286 return ResponseCode::SYSTEM_ERROR;
287 }
288 return ResponseCode(reply.readInt32());
289 }
290
unlock(int32_t userId,const String16 & password)291 KeyStoreServiceReturnCode unlock(int32_t userId, const String16& password) override {
292 Parcel data, reply;
293 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
294 data.writeInt32(userId);
295 data.writeString16(password);
296 status_t status = remote()->transact(BnKeystoreService::UNLOCK, data, &reply);
297 if (status != NO_ERROR) {
298 ALOGD("unlock() could not contact remote: %d\n", status);
299 return ResponseCode::SYSTEM_ERROR;
300 }
301 int32_t err = reply.readExceptionCode();
302 if (err < 0) {
303 ALOGD("unlock() caught exception %d\n", err);
304 return ResponseCode::SYSTEM_ERROR;
305 }
306 return ResponseCode(reply.readInt32());
307 }
308
isEmpty(int32_t userId)309 bool isEmpty(int32_t userId) override {
310 Parcel data, reply;
311 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
312 data.writeInt32(userId);
313 status_t status = remote()->transact(BnKeystoreService::IS_EMPTY, data, &reply);
314 if (status != NO_ERROR) {
315 ALOGD("isEmpty() could not contact remote: %d\n", status);
316 return false;
317 }
318 int32_t err = reply.readExceptionCode();
319 if (err < 0) {
320 ALOGD("isEmpty() caught exception %d\n", err);
321 return false;
322 }
323 return reply.readInt32() != 0;
324 }
325
generate(const String16 & name,int32_t uid,int32_t keyType,int32_t keySize,int32_t flags,Vector<sp<KeystoreArg>> * args)326 KeyStoreServiceReturnCode generate(const String16& name, int32_t uid, int32_t keyType,
327 int32_t keySize, int32_t flags,
328 Vector<sp<KeystoreArg>>* args) override {
329 Parcel data, reply;
330 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
331 data.writeString16(name);
332 data.writeInt32(uid);
333 data.writeInt32(keyType);
334 data.writeInt32(keySize);
335 data.writeInt32(flags);
336 data.writeInt32(1);
337 data.writeInt32(args->size());
338 for (Vector<sp<KeystoreArg>>::iterator it = args->begin(); it != args->end(); ++it) {
339 sp<KeystoreArg> item = *it;
340 size_t keyLength = item->size();
341 data.writeInt32(keyLength);
342 void* buf = data.writeInplace(keyLength);
343 memcpy(buf, item->data(), keyLength);
344 }
345 status_t status = remote()->transact(BnKeystoreService::GENERATE, data, &reply);
346 if (status != NO_ERROR) {
347 ALOGD("generate() could not contact remote: %d\n", status);
348 return ResponseCode::SYSTEM_ERROR;
349 }
350 int32_t err = reply.readExceptionCode();
351 if (err < 0) {
352 ALOGD("generate() caught exception %d\n", err);
353 return ResponseCode::SYSTEM_ERROR;
354 }
355 return ResponseCode(reply.readInt32());
356 }
357
import(const String16 & name,const hidl_vec<uint8_t> & key,int uid,int flags)358 KeyStoreServiceReturnCode import(const String16& name, const hidl_vec<uint8_t>& key, int uid,
359 int flags) override {
360 Parcel data, reply;
361 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
362 data.writeString16(name);
363 writeBlobAsByteArray(key, &data);
364 data.writeInt32(uid);
365 data.writeInt32(flags);
366 status_t status = remote()->transact(BnKeystoreService::IMPORT, data, &reply);
367 if (status != NO_ERROR) {
368 ALOGD("import() could not contact remote: %d\n", status);
369 return ResponseCode::SYSTEM_ERROR;
370 }
371 int32_t err = reply.readExceptionCode();
372 if (err < 0) {
373 ALOGD("import() caught exception %d\n", err);
374 return ResponseCode::SYSTEM_ERROR;
375 }
376 return ResponseCode(reply.readInt32());
377 }
378
sign(const String16 & name,const hidl_vec<uint8_t> & in,hidl_vec<uint8_t> * out)379 KeyStoreServiceReturnCode sign(const String16& name, const hidl_vec<uint8_t>& in,
380 hidl_vec<uint8_t>* out) override {
381 Parcel data, reply;
382 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
383 data.writeString16(name);
384 writeBlobAsByteArray(in, &data);
385 status_t status = remote()->transact(BnKeystoreService::SIGN, data, &reply);
386 if (status != NO_ERROR) {
387 ALOGD("import() could not contact remote: %d\n", status);
388 return ResponseCode::SYSTEM_ERROR;
389 }
390 int32_t err = reply.readExceptionCode();
391 if (err < 0) {
392 ALOGD("import() caught exception %d\n", err);
393 return ResponseCode::SYSTEM_ERROR;
394 }
395 auto outBlob = readBlobAsByteArray(reply);
396 if (out) {
397 // don't need to check outBlob.isOk()
398 // if !outBlob.isOk() the wrapped value is default constructed and therefore empty,
399 // as expected.
400 *out = outBlob.value();
401 }
402 return ResponseCode(reply.readInt32());
403 }
404
verify(const String16 & name,const hidl_vec<uint8_t> & in,const hidl_vec<uint8_t> & signature)405 KeyStoreServiceReturnCode verify(const String16& name, const hidl_vec<uint8_t>& in,
406 const hidl_vec<uint8_t>& signature) override {
407 Parcel data, reply;
408
409 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
410 data.writeString16(name);
411 writeBlobAsByteArray(in, &data);
412 writeBlobAsByteArray(signature, &data);
413 status_t status = remote()->transact(BnKeystoreService::VERIFY, data, &reply);
414 if (status != NO_ERROR) {
415 ALOGD("verify() could not contact remote: %d\n", status);
416 return ResponseCode::SYSTEM_ERROR;
417 }
418 int32_t err = reply.readExceptionCode();
419 if (err < 0) {
420 ALOGD("verify() caught exception %d\n", err);
421 return ResponseCode::SYSTEM_ERROR;
422 }
423 return ResponseCode(reply.readInt32());
424 }
425
get_pubkey(const String16 & name,hidl_vec<uint8_t> * pubkey)426 KeyStoreServiceReturnCode get_pubkey(const String16& name, hidl_vec<uint8_t>* pubkey) override {
427 Parcel data, reply;
428 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
429 data.writeString16(name);
430 status_t status = remote()->transact(BnKeystoreService::GET_PUBKEY, data, &reply);
431 if (status != NO_ERROR) {
432 ALOGD("get_pubkey() could not contact remote: %d\n", status);
433 return ResponseCode::SYSTEM_ERROR;
434 }
435 int32_t err = reply.readExceptionCode();
436 if (err < 0) {
437 ALOGD("get_pubkey() caught exception %d\n", err);
438 return ResponseCode::SYSTEM_ERROR;
439 }
440 auto resultKey = readBlobAsByteArray(reply);
441 if (pubkey) *pubkey = resultKey.value();
442 return ResponseCode(reply.readInt32());
443 }
444
grant(const String16 & name,int32_t granteeUid)445 KeyStoreServiceReturnCode grant(const String16& name, int32_t granteeUid) override {
446 Parcel data, reply;
447 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
448 data.writeString16(name);
449 data.writeInt32(granteeUid);
450 status_t status = remote()->transact(BnKeystoreService::GRANT, data, &reply);
451 if (status != NO_ERROR) {
452 ALOGD("grant() could not contact remote: %d\n", status);
453 return ResponseCode::SYSTEM_ERROR;
454 }
455 int32_t err = reply.readExceptionCode();
456 if (err < 0) {
457 ALOGD("grant() caught exception %d\n", err);
458 return ResponseCode::SYSTEM_ERROR;
459 }
460 return ResponseCode(reply.readInt32());
461 }
462
ungrant(const String16 & name,int32_t granteeUid)463 KeyStoreServiceReturnCode ungrant(const String16& name, int32_t granteeUid) override {
464 Parcel data, reply;
465 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
466 data.writeString16(name);
467 data.writeInt32(granteeUid);
468 status_t status = remote()->transact(BnKeystoreService::UNGRANT, data, &reply);
469 if (status != NO_ERROR) {
470 ALOGD("ungrant() could not contact remote: %d\n", status);
471 return ResponseCode::SYSTEM_ERROR;
472 }
473 int32_t err = reply.readExceptionCode();
474 if (err < 0) {
475 ALOGD("ungrant() caught exception %d\n", err);
476 return ResponseCode::SYSTEM_ERROR;
477 }
478 return ResponseCode(reply.readInt32());
479 }
480
getmtime(const String16 & name,int32_t uid)481 int64_t getmtime(const String16& name, int32_t uid) override {
482 Parcel data, reply;
483 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
484 data.writeString16(name);
485 data.writeInt32(uid);
486 status_t status = remote()->transact(BnKeystoreService::GETMTIME, data, &reply);
487 if (status != NO_ERROR) {
488 ALOGD("getmtime() could not contact remote: %d\n", status);
489 return -1;
490 }
491 int32_t err = reply.readExceptionCode();
492 if (err < 0) {
493 ALOGD("getmtime() caught exception %d\n", err);
494 return -1;
495 }
496 return reply.readInt64();
497 }
498
duplicate(const String16 & srcKey,int32_t srcUid,const String16 & destKey,int32_t destUid)499 KeyStoreServiceReturnCode duplicate(const String16& srcKey, int32_t srcUid,
500 const String16& destKey, int32_t destUid) override {
501 Parcel data, reply;
502 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
503 data.writeString16(srcKey);
504 data.writeInt32(srcUid);
505 data.writeString16(destKey);
506 data.writeInt32(destUid);
507 status_t status = remote()->transact(BnKeystoreService::DUPLICATE, data, &reply);
508 if (status != NO_ERROR) {
509 ALOGD("duplicate() could not contact remote: %d\n", status);
510 return ResponseCode::SYSTEM_ERROR;
511 }
512 int32_t err = reply.readExceptionCode();
513 if (err < 0) {
514 ALOGD("duplicate() caught exception %d\n", err);
515 return ResponseCode::SYSTEM_ERROR;
516 }
517 return ResponseCode(reply.readInt32());
518 }
519
is_hardware_backed(const String16 & keyType)520 int32_t is_hardware_backed(const String16& keyType) override {
521 Parcel data, reply;
522 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
523 data.writeString16(keyType);
524 status_t status = remote()->transact(BnKeystoreService::IS_HARDWARE_BACKED, data, &reply);
525 if (status != NO_ERROR) {
526 ALOGD("is_hardware_backed() could not contact remote: %d\n", status);
527 return -1;
528 }
529 int32_t err = reply.readExceptionCode();
530 if (err < 0) {
531 ALOGD("is_hardware_backed() caught exception %d\n", err);
532 return -1;
533 }
534 return reply.readInt32();
535 }
536
clear_uid(int64_t uid)537 KeyStoreServiceReturnCode clear_uid(int64_t uid) override {
538 Parcel data, reply;
539 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
540 data.writeInt64(uid);
541 status_t status = remote()->transact(BnKeystoreService::CLEAR_UID, data, &reply);
542 if (status != NO_ERROR) {
543 ALOGD("clear_uid() could not contact remote: %d\n", status);
544 return ResponseCode::SYSTEM_ERROR;
545 }
546 int32_t err = reply.readExceptionCode();
547 if (err < 0) {
548 ALOGD("clear_uid() caught exception %d\n", err);
549 return ResponseCode::SYSTEM_ERROR;
550 }
551 return ResponseCode(reply.readInt32());
552 }
553
addRngEntropy(const hidl_vec<uint8_t> & entropy)554 KeyStoreServiceReturnCode addRngEntropy(const hidl_vec<uint8_t>& entropy) override {
555 Parcel data, reply;
556 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
557 writeBlobAsByteArray(entropy, &data);
558 status_t status = remote()->transact(BnKeystoreService::ADD_RNG_ENTROPY, data, &reply);
559 if (status != NO_ERROR) {
560 ALOGD("addRngEntropy() could not contact remote: %d\n", status);
561 return ResponseCode::SYSTEM_ERROR;
562 }
563 int32_t err = reply.readExceptionCode();
564 if (err < 0) {
565 ALOGD("addRngEntropy() caught exception %d\n", err);
566 return ResponseCode::SYSTEM_ERROR;
567 }
568 return ResponseCode(reply.readInt32());
569 };
570
generateKey(const String16 & name,const hidl_vec<KeyParameter> & params,const hidl_vec<uint8_t> & entropy,int uid,int flags,KeyCharacteristics * outCharacteristics)571 KeyStoreServiceReturnCode generateKey(const String16& name,
572 const hidl_vec<KeyParameter>& params,
573 const hidl_vec<uint8_t>& entropy, int uid, int flags,
574 KeyCharacteristics* outCharacteristics) override {
575 Parcel data, reply;
576 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
577 data.writeString16(name);
578 nullable(writeParamSetToParcel, params, &data);
579 writeBlobAsByteArray(entropy, &data);
580 data.writeInt32(uid);
581 data.writeInt32(flags);
582 status_t status = remote()->transact(BnKeystoreService::GENERATE_KEY, data, &reply);
583 if (status != NO_ERROR) {
584 ALOGD("generateKey() could not contact remote: %d\n", status);
585 return ResponseCode::SYSTEM_ERROR;
586 }
587 int32_t err = reply.readExceptionCode();
588 ResponseCode ret = ResponseCode(reply.readInt32());
589 if (err < 0) {
590 ALOGD("generateKey() caught exception %d\n", err);
591 return ResponseCode::SYSTEM_ERROR;
592 }
593 if (outCharacteristics) {
594 *outCharacteristics = nullable(readKeyCharacteristicsFromParcel, reply).value();
595 }
596 return ret;
597 }
598 KeyStoreServiceReturnCode
getKeyCharacteristics(const String16 & name,const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,int32_t uid,KeyCharacteristics * outCharacteristics)599 getKeyCharacteristics(const String16& name, const hidl_vec<uint8_t>& clientId,
600 const hidl_vec<uint8_t>& appData, int32_t uid,
601 KeyCharacteristics* outCharacteristics) override {
602 Parcel data, reply;
603 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
604 data.writeString16(name);
605 writeBlobAsByteArray(clientId, &data);
606 writeBlobAsByteArray(appData, &data);
607 data.writeInt32(uid);
608 status_t status =
609 remote()->transact(BnKeystoreService::GET_KEY_CHARACTERISTICS, data, &reply);
610 if (status != NO_ERROR) {
611 ALOGD("getKeyCharacteristics() could not contact remote: %d\n", status);
612 return ResponseCode::SYSTEM_ERROR;
613 }
614 int32_t err = reply.readExceptionCode();
615 ResponseCode ret = ResponseCode(reply.readInt32());
616 if (err < 0) {
617 ALOGD("getKeyCharacteristics() caught exception %d\n", err);
618 return ResponseCode::SYSTEM_ERROR;
619 }
620 if (outCharacteristics) {
621 *outCharacteristics = nullable(readKeyCharacteristicsFromParcel, reply).value();
622 }
623 return ret;
624 }
importKey(const String16 & name,const hidl_vec<KeyParameter> & params,KeyFormat format,const hidl_vec<uint8_t> & keyData,int uid,int flags,KeyCharacteristics * outCharacteristics)625 KeyStoreServiceReturnCode importKey(const String16& name, const hidl_vec<KeyParameter>& params,
626 KeyFormat format, const hidl_vec<uint8_t>& keyData, int uid,
627 int flags,
628 KeyCharacteristics* outCharacteristics) override {
629 Parcel data, reply;
630 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
631 data.writeString16(name);
632 nullable(writeParamSetToParcel, params, &data);
633 data.writeInt32(uint32_t(format));
634 writeBlobAsByteArray(keyData, &data);
635 data.writeInt32(uid);
636 data.writeInt32(flags);
637 status_t status = remote()->transact(BnKeystoreService::IMPORT_KEY, data, &reply);
638 if (status != NO_ERROR) {
639 ALOGD("importKey() could not contact remote: %d\n", status);
640 return ResponseCode::SYSTEM_ERROR;
641 }
642 int32_t err = reply.readExceptionCode();
643 ResponseCode ret = ResponseCode(reply.readInt32());
644 if (err < 0) {
645 ALOGD("importKey() caught exception %d\n", err);
646 return ResponseCode::SYSTEM_ERROR;
647 }
648 if (outCharacteristics) {
649 *outCharacteristics = nullable(readKeyCharacteristicsFromParcel, reply).value();
650 }
651 return ret;
652 }
653
exportKey(const String16 & name,KeyFormat format,const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,int32_t uid,ExportResult * result)654 void exportKey(const String16& name, KeyFormat format, const hidl_vec<uint8_t>& clientId,
655 const hidl_vec<uint8_t>& appData, int32_t uid, ExportResult* result) override {
656 if (!result) {
657 return;
658 }
659
660 Parcel data, reply;
661 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
662 data.writeString16(name);
663 data.writeInt32(int32_t(format));
664 writeBlobAsByteArray(clientId, &data);
665 writeBlobAsByteArray(appData, &data);
666 data.writeInt32(uid);
667 status_t status = remote()->transact(BnKeystoreService::EXPORT_KEY, data, &reply);
668 if (status != NO_ERROR) {
669 ALOGD("exportKey() could not contact remote: %d\n", status);
670 result->resultCode = ResponseCode::SYSTEM_ERROR;
671 return;
672 }
673 int32_t err = reply.readExceptionCode();
674 if (err < 0) {
675 ALOGD("exportKey() caught exception %d\n", err);
676 result->resultCode = ResponseCode::SYSTEM_ERROR;
677 return;
678 }
679
680 reply.readParcelable(result);
681 }
682
begin(const sp<IBinder> & appToken,const String16 & name,KeyPurpose purpose,bool pruneable,const hidl_vec<KeyParameter> & params,const hidl_vec<uint8_t> & entropy,int32_t uid,OperationResult * result)683 void begin(const sp<IBinder>& appToken, const String16& name, KeyPurpose purpose,
684 bool pruneable, const hidl_vec<KeyParameter>& params,
685 const hidl_vec<uint8_t>& entropy, int32_t uid, OperationResult* result) override {
686 if (!result) {
687 return;
688 }
689 Parcel data, reply;
690 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
691 data.writeStrongBinder(appToken);
692 data.writeString16(name);
693 data.writeInt32(int32_t(purpose));
694 data.writeInt32(pruneable ? 1 : 0);
695 nullable(writeParamSetToParcel, params, &data);
696 writeBlobAsByteArray(entropy, &data);
697 data.writeInt32(uid);
698 status_t status = remote()->transact(BnKeystoreService::BEGIN, data, &reply);
699 if (status != NO_ERROR) {
700 ALOGD("begin() could not contact remote: %d\n", status);
701 result->resultCode = ResponseCode::SYSTEM_ERROR;
702 return;
703 }
704 int32_t err = reply.readExceptionCode();
705 if (err < 0) {
706 ALOGD("begin() caught exception %d\n", err);
707 result->resultCode = ResponseCode::SYSTEM_ERROR;
708 return;
709 }
710
711 reply.readParcelable(result);
712 }
713
update(const sp<IBinder> & token,const hidl_vec<KeyParameter> & params,const hidl_vec<uint8_t> & opData,OperationResult * result)714 void update(const sp<IBinder>& token, const hidl_vec<KeyParameter>& params,
715 const hidl_vec<uint8_t>& opData, OperationResult* result) override {
716 if (!result) {
717 return;
718 }
719 Parcel data, reply;
720 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
721 data.writeStrongBinder(token);
722 nullable(writeParamSetToParcel, params, &data);
723 writeBlobAsByteArray(opData, &data);
724 status_t status = remote()->transact(BnKeystoreService::UPDATE, data, &reply);
725 if (status != NO_ERROR) {
726 ALOGD("update() could not contact remote: %d\n", status);
727 result->resultCode = ResponseCode::SYSTEM_ERROR;
728 return;
729 }
730 int32_t err = reply.readExceptionCode();
731 if (err < 0) {
732 ALOGD("update() caught exception %d\n", err);
733 result->resultCode = ResponseCode::SYSTEM_ERROR;
734 return;
735 }
736
737 reply.readParcelable(result);
738 }
739
finish(const sp<IBinder> & token,const hidl_vec<KeyParameter> & params,const hidl_vec<uint8_t> & signature,const hidl_vec<uint8_t> & entropy,OperationResult * result)740 void finish(const sp<IBinder>& token, const hidl_vec<KeyParameter>& params,
741 const hidl_vec<uint8_t>& signature, const hidl_vec<uint8_t>& entropy,
742 OperationResult* result) override {
743 if (!result) {
744 return;
745 }
746 Parcel data, reply;
747 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
748 data.writeStrongBinder(token);
749 nullable(writeParamSetToParcel, params, &data);
750 writeBlobAsByteArray(signature, &data);
751 writeBlobAsByteArray(entropy, &data);
752 status_t status = remote()->transact(BnKeystoreService::FINISH, data, &reply);
753 if (status != NO_ERROR) {
754 ALOGD("finish() could not contact remote: %d\n", status);
755 result->resultCode = ResponseCode::SYSTEM_ERROR;
756 return;
757 }
758 int32_t err = reply.readExceptionCode();
759 if (err < 0) {
760 ALOGD("finish() caught exception %d\n", err);
761 result->resultCode = ResponseCode::SYSTEM_ERROR;
762 return;
763 }
764
765 reply.readParcelable(result);
766 }
767
abort(const sp<IBinder> & token)768 KeyStoreServiceReturnCode abort(const sp<IBinder>& token) override {
769 Parcel data, reply;
770 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
771 data.writeStrongBinder(token);
772 status_t status = remote()->transact(BnKeystoreService::ABORT, data, &reply);
773 if (status != NO_ERROR) {
774 ALOGD("abort() could not contact remote: %d\n", status);
775 return ResponseCode::SYSTEM_ERROR;
776 }
777 int32_t err = reply.readExceptionCode();
778 if (err < 0) {
779 ALOGD("abort() caught exception %d\n", err);
780 return ResponseCode::SYSTEM_ERROR;
781 }
782 return ResponseCode(reply.readInt32());
783 }
784
isOperationAuthorized(const sp<IBinder> & token)785 bool isOperationAuthorized(const sp<IBinder>& token) override {
786 Parcel data, reply;
787 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
788 data.writeStrongBinder(token);
789 status_t status =
790 remote()->transact(BnKeystoreService::IS_OPERATION_AUTHORIZED, data, &reply);
791 if (status != NO_ERROR) {
792 ALOGD("isOperationAuthorized() could not contact remote: %d\n", status);
793 return false;
794 }
795 int32_t err = reply.readExceptionCode();
796 if (err < 0) {
797 ALOGD("isOperationAuthorized() caught exception %d\n", err);
798 return false;
799 }
800 return reply.readInt32() == 1;
801 }
802
addAuthToken(const uint8_t * token,size_t length)803 KeyStoreServiceReturnCode addAuthToken(const uint8_t* token, size_t length) override {
804 Parcel data, reply;
805 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
806 data.writeByteArray(length, token);
807 status_t status = remote()->transact(BnKeystoreService::ADD_AUTH_TOKEN, data, &reply);
808 if (status != NO_ERROR) {
809 ALOGD("addAuthToken() could not contact remote: %d\n", status);
810 return ResponseCode::SYSTEM_ERROR;
811 }
812 int32_t err = reply.readExceptionCode();
813 if (err < 0) {
814 ALOGD("addAuthToken() caught exception %d\n", err);
815 return ResponseCode::SYSTEM_ERROR;
816 }
817 return ResponseCode(reply.readInt32());
818 };
819
onUserAdded(int32_t userId,int32_t parentId)820 KeyStoreServiceReturnCode onUserAdded(int32_t userId, int32_t parentId) override {
821 Parcel data, reply;
822 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
823 data.writeInt32(userId);
824 data.writeInt32(parentId);
825 status_t status = remote()->transact(BnKeystoreService::ON_USER_ADDED, data, &reply);
826 if (status != NO_ERROR) {
827 ALOGD("onUserAdded() could not contact remote: %d\n", status);
828 return ResponseCode::SYSTEM_ERROR;
829 }
830 int32_t err = reply.readExceptionCode();
831 if (err < 0) {
832 ALOGD("onUserAdded() caught exception %d\n", err);
833 return ResponseCode::SYSTEM_ERROR;
834 }
835 return ResponseCode(reply.readInt32());
836 }
837
onUserRemoved(int32_t userId)838 KeyStoreServiceReturnCode onUserRemoved(int32_t userId) override {
839 Parcel data, reply;
840 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
841 data.writeInt32(userId);
842 status_t status = remote()->transact(BnKeystoreService::ON_USER_REMOVED, data, &reply);
843 if (status != NO_ERROR) {
844 ALOGD("onUserRemoved() could not contact remote: %d\n", status);
845 return ResponseCode::SYSTEM_ERROR;
846 }
847 int32_t err = reply.readExceptionCode();
848 if (err < 0) {
849 ALOGD("onUserRemoved() caught exception %d\n", err);
850 return ResponseCode::SYSTEM_ERROR;
851 }
852 return ResponseCode(reply.readInt32());
853 }
854
attestKey(const String16 & name,const hidl_vec<KeyParameter> & params,hidl_vec<hidl_vec<uint8_t>> * outChain)855 KeyStoreServiceReturnCode attestKey(const String16& name, const hidl_vec<KeyParameter>& params,
856 hidl_vec<hidl_vec<uint8_t>>* outChain) override {
857 if (!outChain) return ErrorCode::OUTPUT_PARAMETER_NULL;
858
859 Parcel data, reply;
860 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
861 data.writeString16(name);
862 nullable(writeParamSetToParcel, params, &data);
863
864 status_t status = remote()->transact(BnKeystoreService::ATTEST_KEY, data, &reply);
865 if (status != NO_ERROR) {
866 ALOGD("attestkey() count not contact remote: %d\n", status);
867 return ResponseCode::SYSTEM_ERROR;
868 }
869 int32_t err = reply.readExceptionCode();
870 ResponseCode ret = ResponseCode(reply.readInt32());
871 if (err < 0) {
872 ALOGD("attestKey() caught exception %d\n", err);
873 return ResponseCode::SYSTEM_ERROR;
874 }
875 if (reply.readInt32() != 0) {
876 *outChain = readCertificateChainFromParcel(reply);
877 }
878 return ret;
879 }
880
attestDeviceIds(const hidl_vec<KeyParameter> & params,hidl_vec<hidl_vec<uint8_t>> * outChain)881 KeyStoreServiceReturnCode attestDeviceIds(const hidl_vec<KeyParameter>& params,
882 hidl_vec<hidl_vec<uint8_t>>* outChain) override {
883 if (!outChain) return ErrorCode::OUTPUT_PARAMETER_NULL;
884
885 Parcel data, reply;
886 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
887 nullable(writeParamSetToParcel, params, &data);
888
889 status_t status = remote()->transact(BnKeystoreService::ATTEST_DEVICE_IDS, data, &reply);
890 if (status != NO_ERROR) {
891 ALOGD("attestDeviceIds() count not contact remote: %d\n", status);
892 return ResponseCode::SYSTEM_ERROR;
893 }
894 int32_t err = reply.readExceptionCode();
895 ResponseCode ret = ResponseCode(reply.readInt32());
896 if (err < 0) {
897 ALOGD("attestDeviceIds() caught exception %d\n", err);
898 return ResponseCode::SYSTEM_ERROR;
899 }
900 if (reply.readInt32() != 0) {
901 *outChain = readCertificateChainFromParcel(reply);
902 }
903 return ret;
904 }
905
onDeviceOffBody()906 KeyStoreServiceReturnCode onDeviceOffBody() override {
907 Parcel data, reply;
908 data.writeInterfaceToken(IKeystoreService::getInterfaceDescriptor());
909 status_t status = remote()->transact(BnKeystoreService::ON_DEVICE_OFF_BODY, data, &reply);
910 if (status != NO_ERROR) {
911 ALOGD("onDeviceOffBody() could not contact remote: %d\n", status);
912 return ResponseCode::SYSTEM_ERROR;
913 }
914 int32_t err = reply.readExceptionCode();
915 if (err < 0) {
916 ALOGD("onDeviceOffBody() caught exception %d\n", err);
917 return ResponseCode::SYSTEM_ERROR;
918 }
919 return ResponseCode(reply.readInt32());
920 }
921 };
922
923 IMPLEMENT_META_INTERFACE(KeystoreService, "android.security.IKeystoreService");
924
925 // ----------------------------------------------------------------------
926
onTransact(uint32_t code,const Parcel & data,Parcel * reply,uint32_t flags)927 status_t BnKeystoreService::onTransact(uint32_t code, const Parcel& data, Parcel* reply,
928 uint32_t flags) {
929 switch (code) {
930 case GET_STATE: {
931 CHECK_INTERFACE(IKeystoreService, data, reply);
932 int32_t userId = data.readInt32();
933 int32_t ret = getState(userId);
934 reply->writeNoException();
935 reply->writeInt32(ret);
936 return NO_ERROR;
937 } break;
938 case GET: {
939 CHECK_INTERFACE(IKeystoreService, data, reply);
940 String16 name = data.readString16();
941 int32_t uid = data.readInt32();
942 hidl_vec<uint8_t> out;
943 auto ret = get(name, uid, &out);
944 reply->writeNoException();
945 if (ret.isOk()) {
946 writeBlobAsByteArray(out, reply);
947 } else {
948 reply->writeInt32(-1);
949 }
950 reply->writeInt32(ret);
951 return NO_ERROR;
952 } break;
953 case INSERT: {
954 CHECK_INTERFACE(IKeystoreService, data, reply);
955 String16 name = data.readString16();
956 auto in = readBlobAsByteArray(data);
957 int uid = data.readInt32();
958 int32_t flags = data.readInt32();
959 int32_t ret = insert(name, in.value(), uid, flags);
960 reply->writeNoException();
961 reply->writeInt32(ret);
962 return NO_ERROR;
963 } break;
964 case DEL: {
965 CHECK_INTERFACE(IKeystoreService, data, reply);
966 String16 name = data.readString16();
967 int uid = data.readInt32();
968 int32_t ret = del(name, uid);
969 reply->writeNoException();
970 reply->writeInt32(ret);
971 return NO_ERROR;
972 } break;
973 case EXIST: {
974 CHECK_INTERFACE(IKeystoreService, data, reply);
975 String16 name = data.readString16();
976 int uid = data.readInt32();
977 int32_t ret = exist(name, uid);
978 reply->writeNoException();
979 reply->writeInt32(ret);
980 return NO_ERROR;
981 } break;
982 case LIST: {
983 CHECK_INTERFACE(IKeystoreService, data, reply);
984 String16 prefix = data.readString16();
985 int uid = data.readInt32();
986 Vector<String16> matches;
987 int32_t ret = list(prefix, uid, &matches);
988 reply->writeNoException();
989 reply->writeInt32(matches.size());
990 Vector<String16>::const_iterator it = matches.begin();
991 for (; it != matches.end(); ++it) {
992 reply->writeString16(*it);
993 }
994 reply->writeInt32(ret);
995 return NO_ERROR;
996 } break;
997 case RESET: {
998 CHECK_INTERFACE(IKeystoreService, data, reply);
999 int32_t ret = reset();
1000 reply->writeNoException();
1001 reply->writeInt32(ret);
1002 return NO_ERROR;
1003 } break;
1004 case ON_USER_PASSWORD_CHANGED: {
1005 CHECK_INTERFACE(IKeystoreService, data, reply);
1006 int32_t userId = data.readInt32();
1007 String16 pass = data.readString16();
1008 int32_t ret = onUserPasswordChanged(userId, pass);
1009 reply->writeNoException();
1010 reply->writeInt32(ret);
1011 return NO_ERROR;
1012 } break;
1013 case LOCK: {
1014 CHECK_INTERFACE(IKeystoreService, data, reply);
1015 int32_t userId = data.readInt32();
1016 int32_t ret = lock(userId);
1017 reply->writeNoException();
1018 reply->writeInt32(ret);
1019 return NO_ERROR;
1020 } break;
1021 case UNLOCK: {
1022 CHECK_INTERFACE(IKeystoreService, data, reply);
1023 int32_t userId = data.readInt32();
1024 String16 pass = data.readString16();
1025 int32_t ret = unlock(userId, pass);
1026 reply->writeNoException();
1027 reply->writeInt32(ret);
1028 return NO_ERROR;
1029 } break;
1030 case IS_EMPTY: {
1031 CHECK_INTERFACE(IKeystoreService, data, reply);
1032 int32_t userId = data.readInt32();
1033 bool ret = isEmpty(userId);
1034 reply->writeNoException();
1035 reply->writeInt32(ret ? 1 : 0);
1036 return NO_ERROR;
1037 } break;
1038 case GENERATE: {
1039 CHECK_INTERFACE(IKeystoreService, data, reply);
1040 String16 name = data.readString16();
1041 int32_t uid = data.readInt32();
1042 int32_t keyType = data.readInt32();
1043 int32_t keySize = data.readInt32();
1044 int32_t flags = data.readInt32();
1045 Vector<sp<KeystoreArg>> args;
1046 int32_t argsPresent = data.readInt32();
1047 if (argsPresent == 1) {
1048 ssize_t numArgs = data.readInt32();
1049 if (numArgs > MAX_GENERATE_ARGS) {
1050 return BAD_VALUE;
1051 }
1052 if (numArgs > 0) {
1053 for (size_t i = 0; i < (size_t)numArgs; i++) {
1054 ssize_t inSize = data.readInt32();
1055 if (inSize >= 0 && (size_t)inSize <= data.dataAvail()) {
1056 sp<KeystoreArg> arg = new KeystoreArg(data.readInplace(inSize), inSize);
1057 args.push_back(arg);
1058 } else {
1059 args.push_back(NULL);
1060 }
1061 }
1062 }
1063 }
1064 int32_t ret = generate(name, uid, keyType, keySize, flags, &args);
1065 reply->writeNoException();
1066 reply->writeInt32(ret);
1067 return NO_ERROR;
1068 } break;
1069 case IMPORT: {
1070 CHECK_INTERFACE(IKeystoreService, data, reply);
1071 String16 name = data.readString16();
1072 auto in = readBlobAsByteArray(data);
1073 int uid = data.readInt32();
1074 int32_t flags = data.readInt32();
1075 auto ret = import(name, in.value(), uid, flags);
1076 reply->writeNoException();
1077 reply->writeInt32(ret);
1078 return NO_ERROR;
1079 } break;
1080 case SIGN: {
1081 CHECK_INTERFACE(IKeystoreService, data, reply);
1082 String16 name = data.readString16();
1083 auto in = readBlobAsByteArray(data);
1084 hidl_vec<uint8_t> out;
1085 auto ret = sign(name, in.value(), &out);
1086 reply->writeNoException();
1087 writeBlobAsByteArray(out, reply);
1088 reply->writeInt32(ret);
1089 return NO_ERROR;
1090 } break;
1091 case VERIFY: {
1092 CHECK_INTERFACE(IKeystoreService, data, reply);
1093 String16 name = data.readString16();
1094 auto in = readBlobAsByteArray(data);
1095 auto signature = readBlobAsByteArray(data);
1096 auto ret = verify(name, in.value(), signature.value());
1097 reply->writeNoException();
1098 reply->writeInt32(ret);
1099 return NO_ERROR;
1100 } break;
1101 case GET_PUBKEY: {
1102 CHECK_INTERFACE(IKeystoreService, data, reply);
1103 String16 name = data.readString16();
1104 hidl_vec<uint8_t> out;
1105 auto ret = get_pubkey(name, &out);
1106 reply->writeNoException();
1107 writeBlobAsByteArray(out, reply);
1108 reply->writeInt32(ret);
1109 return NO_ERROR;
1110 } break;
1111 case GRANT: {
1112 CHECK_INTERFACE(IKeystoreService, data, reply);
1113 String16 name = data.readString16();
1114 int32_t granteeUid = data.readInt32();
1115 int32_t ret = grant(name, granteeUid);
1116 reply->writeNoException();
1117 reply->writeInt32(ret);
1118 return NO_ERROR;
1119 } break;
1120 case UNGRANT: {
1121 CHECK_INTERFACE(IKeystoreService, data, reply);
1122 String16 name = data.readString16();
1123 int32_t granteeUid = data.readInt32();
1124 int32_t ret = ungrant(name, granteeUid);
1125 reply->writeNoException();
1126 reply->writeInt32(ret);
1127 return NO_ERROR;
1128 } break;
1129 case GETMTIME: {
1130 CHECK_INTERFACE(IKeystoreService, data, reply);
1131 String16 name = data.readString16();
1132 int32_t uid = data.readInt32();
1133 int64_t ret = getmtime(name, uid);
1134 reply->writeNoException();
1135 reply->writeInt64(ret);
1136 return NO_ERROR;
1137 } break;
1138 case DUPLICATE: {
1139 CHECK_INTERFACE(IKeystoreService, data, reply);
1140 String16 srcKey = data.readString16();
1141 int32_t srcUid = data.readInt32();
1142 String16 destKey = data.readString16();
1143 int32_t destUid = data.readInt32();
1144 int32_t ret = duplicate(srcKey, srcUid, destKey, destUid);
1145 reply->writeNoException();
1146 reply->writeInt32(ret);
1147 return NO_ERROR;
1148 } break;
1149 case IS_HARDWARE_BACKED: {
1150 CHECK_INTERFACE(IKeystoreService, data, reply);
1151 String16 keyType = data.readString16();
1152 int32_t ret = is_hardware_backed(keyType);
1153 reply->writeNoException();
1154 reply->writeInt32(ret);
1155 return NO_ERROR;
1156 }
1157 case CLEAR_UID: {
1158 CHECK_INTERFACE(IKeystoreService, data, reply);
1159 int64_t uid = data.readInt64();
1160 int32_t ret = clear_uid(uid);
1161 reply->writeNoException();
1162 reply->writeInt32(ret);
1163 return NO_ERROR;
1164 }
1165 case ADD_RNG_ENTROPY: {
1166 CHECK_INTERFACE(IKeystoreService, data, reply);
1167 auto entropy = readBlobAsByteArray(data);
1168 auto ret = addRngEntropy(entropy.value());
1169 reply->writeNoException();
1170 reply->writeInt32(ret);
1171 return NO_ERROR;
1172 }
1173 case GENERATE_KEY: {
1174 CHECK_INTERFACE(IKeystoreService, data, reply);
1175 String16 name = data.readString16();
1176 auto params = nullable(readParamSetFromParcel, data);
1177 auto entropy = readBlobAsByteArray(data);
1178 int32_t uid = data.readInt32();
1179 int32_t flags = data.readInt32();
1180 KeyCharacteristics outCharacteristics;
1181 int32_t ret =
1182 generateKey(name, params.value(), entropy.value(), uid, flags, &outCharacteristics);
1183 reply->writeNoException();
1184 reply->writeInt32(ret);
1185 nullable(writeKeyCharacteristicsToParcel, outCharacteristics, reply);
1186 return NO_ERROR;
1187 }
1188 case GET_KEY_CHARACTERISTICS: {
1189 CHECK_INTERFACE(IKeystoreService, data, reply);
1190 String16 name = data.readString16();
1191 auto clientId = nullable(readKeymasterBlob, data, true);
1192 auto appData = nullable(readKeymasterBlob, data, true);
1193 int32_t uid = data.readInt32();
1194 KeyCharacteristics outCharacteristics;
1195 int ret = getKeyCharacteristics(name, clientId.value(), appData.value(), uid,
1196 &outCharacteristics);
1197 reply->writeNoException();
1198 reply->writeInt32(ret);
1199 nullable(writeKeyCharacteristicsToParcel, outCharacteristics, reply);
1200 return NO_ERROR;
1201 }
1202 case IMPORT_KEY: {
1203 CHECK_INTERFACE(IKeystoreService, data, reply);
1204 String16 name = data.readString16();
1205 auto args = nullable(readParamSetFromParcel, data);
1206 KeyFormat format = static_cast<KeyFormat>(data.readInt32());
1207 auto keyData = readBlobAsByteArray(data);
1208 int32_t uid = data.readInt32();
1209 int32_t flags = data.readInt32();
1210 KeyCharacteristics outCharacteristics;
1211 int32_t ret =
1212 importKey(name, args.value(), format, keyData.value(), uid, flags, &outCharacteristics);
1213 reply->writeNoException();
1214 reply->writeInt32(ret);
1215 nullable(writeKeyCharacteristicsToParcel, outCharacteristics, reply);
1216 return NO_ERROR;
1217 }
1218 case EXPORT_KEY: {
1219 CHECK_INTERFACE(IKeystoreService, data, reply);
1220 String16 name = data.readString16();
1221 KeyFormat format = static_cast<KeyFormat>(data.readInt32());
1222 auto clientId = nullable(readKeymasterBlob, data, true);
1223 auto appData = nullable(readKeymasterBlob, data, true);
1224 int32_t uid = data.readInt32();
1225 ExportResult result;
1226 exportKey(name, format, clientId.value(), appData.value(), uid, &result);
1227 reply->writeNoException();
1228 reply->writeParcelable(result);
1229
1230 return NO_ERROR;
1231 }
1232 case BEGIN: {
1233 CHECK_INTERFACE(IKeystoreService, data, reply);
1234 sp<IBinder> token = data.readStrongBinder();
1235 String16 name = data.readString16();
1236 KeyPurpose purpose = static_cast<KeyPurpose>(data.readInt32());
1237 bool pruneable = data.readInt32() != 0;
1238 auto args = nullable(readParamSetFromParcel, data);
1239 auto entropy = readBlobAsByteArray(data);
1240 int32_t uid = data.readInt32();
1241 OperationResult result;
1242 begin(token, name, purpose, pruneable, args.value(), entropy.value(), uid, &result);
1243 reply->writeNoException();
1244 reply->writeParcelable(result);
1245
1246 return NO_ERROR;
1247 }
1248 case UPDATE: {
1249 CHECK_INTERFACE(IKeystoreService, data, reply);
1250 sp<IBinder> token = data.readStrongBinder();
1251 auto args = nullable(readParamSetFromParcel, data);
1252 auto buf = readBlobAsByteArray(data);
1253 OperationResult result;
1254 update(token, args.value(), buf.value(), &result);
1255 reply->writeNoException();
1256 reply->writeParcelable(result);
1257
1258 return NO_ERROR;
1259 }
1260 case FINISH: {
1261 CHECK_INTERFACE(IKeystoreService, data, reply);
1262 sp<IBinder> token = data.readStrongBinder();
1263 auto args = nullable(readParamSetFromParcel, data);
1264 auto signature = readBlobAsByteArray(data);
1265 auto entropy = readBlobAsByteArray(data);
1266 OperationResult result;
1267 finish(token, args.value(), signature.value(), entropy.value(), &result);
1268 reply->writeNoException();
1269 reply->writeParcelable(result);
1270
1271 return NO_ERROR;
1272 }
1273 case ABORT: {
1274 CHECK_INTERFACE(IKeystoreService, data, reply);
1275 sp<IBinder> token = data.readStrongBinder();
1276 int32_t result = abort(token);
1277 reply->writeNoException();
1278 reply->writeInt32(result);
1279
1280 return NO_ERROR;
1281 }
1282 case IS_OPERATION_AUTHORIZED: {
1283 CHECK_INTERFACE(IKeystoreService, data, reply);
1284 sp<IBinder> token = data.readStrongBinder();
1285 bool result = isOperationAuthorized(token);
1286 reply->writeNoException();
1287 reply->writeInt32(result ? 1 : 0);
1288
1289 return NO_ERROR;
1290 }
1291 case ADD_AUTH_TOKEN: {
1292 CHECK_INTERFACE(IKeystoreService, data, reply);
1293 const uint8_t* token_bytes = NULL;
1294 size_t size = 0;
1295 readByteArray(data, &token_bytes, &size);
1296 int32_t result = addAuthToken(token_bytes, size);
1297 reply->writeNoException();
1298 reply->writeInt32(result);
1299
1300 return NO_ERROR;
1301 }
1302 case ON_USER_ADDED: {
1303 CHECK_INTERFACE(IKeystoreService, data, reply);
1304 int32_t userId = data.readInt32();
1305 int32_t parentId = data.readInt32();
1306 int32_t result = onUserAdded(userId, parentId);
1307 reply->writeNoException();
1308 reply->writeInt32(result);
1309
1310 return NO_ERROR;
1311 }
1312 case ON_USER_REMOVED: {
1313 CHECK_INTERFACE(IKeystoreService, data, reply);
1314 int32_t userId = data.readInt32();
1315 int32_t result = onUserRemoved(userId);
1316 reply->writeNoException();
1317 reply->writeInt32(result);
1318
1319 return NO_ERROR;
1320 }
1321 case ATTEST_KEY: {
1322 CHECK_INTERFACE(IKeystoreService, data, reply);
1323 String16 name = data.readString16();
1324 auto params = nullable(readParamSetFromParcel, data);
1325 hidl_vec<hidl_vec<uint8_t>> chain;
1326 int ret = attestKey(name, params.value(), &chain);
1327 reply->writeNoException();
1328 reply->writeInt32(ret);
1329 nullable(writeCertificateChainToParcel, chain, reply);
1330
1331 return NO_ERROR;
1332 }
1333
1334 case ATTEST_DEVICE_IDS: {
1335 CHECK_INTERFACE(IKeystoreService, data, reply);
1336 auto params = nullable(readParamSetFromParcel, data);
1337 hidl_vec<hidl_vec<uint8_t>> chain;
1338 int ret = attestDeviceIds(params.value(), &chain);
1339 reply->writeNoException();
1340 reply->writeInt32(ret);
1341 nullable(writeCertificateChainToParcel, chain, reply);
1342
1343 return NO_ERROR;
1344 }
1345
1346 case ON_DEVICE_OFF_BODY: {
1347 CHECK_INTERFACE(IKeystoreService, data, reply);
1348 int32_t ret = onDeviceOffBody();
1349 reply->writeNoException();
1350 reply->writeInt32(ret);
1351
1352 return NO_ERROR;
1353 }
1354 default:
1355 return BBinder::onTransact(code, data, reply, flags);
1356 }
1357 }
1358
1359 // ----------------------------------------------------------------------------
1360
1361 }; // namespace android
1362