1 /*
2  * Copyright (C) 2012 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #ifndef KEYSTORE_IKEYSTORESERVICE_H
18 #define KEYSTORE_IKEYSTORESERVICE_H
19 
20 #include "keystore.h"
21 #include "keystore_return_types.h"
22 #include <binder/IInterface.h>
23 #include <binder/Parcel.h>
24 #include <keystore/keymaster_tags.h>
25 #include <utils/RefBase.h>
26 #include <vector>
27 
28 namespace android {
29 
30 class KeystoreArg : public RefBase {
31   public:
32     KeystoreArg(const void* data, size_t len);
33     ~KeystoreArg();
34 
35     const void* data() const;
36     size_t size() const;
37 
38   private:
39     const void* mData;
40     size_t mSize;
41 };
42 
43 struct MallocDeleter {
operatorMallocDeleter44     void operator()(uint8_t* p) { free(p); }
45 };
46 
47 // struct for serializing the results of begin/update/finish
48 struct OperationResult : public ::android::Parcelable {
49     OperationResult();
50     ~OperationResult();
51     status_t readFromParcel(const Parcel* in) override;
52     status_t writeToParcel(Parcel* out) const override;
53 
54     ::keystore::KeyStoreServiceReturnCode resultCode;
55     sp<IBinder> token;
56     uint64_t handle;
57     int inputConsumed;
58     ::keystore::hidl_vec<uint8_t> data;
59     ::keystore::hidl_vec<::keystore::KeyParameter> outParams;
60 };
61 
62 // struct for serializing the results of export
63 struct ExportResult : public ::android::Parcelable {
64     ExportResult();
65     ~ExportResult();
66     status_t readFromParcel(const Parcel* in) override;
67     status_t writeToParcel(Parcel* out) const override;
68 
69     ::keystore::KeyStoreServiceReturnCode resultCode;
70     ::keystore::hidl_vec<uint8_t> exportData;
71 };
72 
73 /*
74  * This must be kept manually in sync with frameworks/base's IKeystoreService.java
75  */
76 class IKeystoreService : public IInterface {
77   public:
78     enum {
79         GET_STATE = IBinder::FIRST_CALL_TRANSACTION + 0,
80         GET = IBinder::FIRST_CALL_TRANSACTION + 1,
81         INSERT = IBinder::FIRST_CALL_TRANSACTION + 2,
82         DEL = IBinder::FIRST_CALL_TRANSACTION + 3,
83         EXIST = IBinder::FIRST_CALL_TRANSACTION + 4,
84         LIST = IBinder::FIRST_CALL_TRANSACTION + 5,
85         RESET = IBinder::FIRST_CALL_TRANSACTION + 6,
86         ON_USER_PASSWORD_CHANGED = IBinder::FIRST_CALL_TRANSACTION + 7,
87         LOCK = IBinder::FIRST_CALL_TRANSACTION + 8,
88         UNLOCK = IBinder::FIRST_CALL_TRANSACTION + 9,
89         IS_EMPTY = IBinder::FIRST_CALL_TRANSACTION + 10,
90         GENERATE = IBinder::FIRST_CALL_TRANSACTION + 11,
91         IMPORT = IBinder::FIRST_CALL_TRANSACTION + 12,
92         SIGN = IBinder::FIRST_CALL_TRANSACTION + 13,
93         VERIFY = IBinder::FIRST_CALL_TRANSACTION + 14,
94         GET_PUBKEY = IBinder::FIRST_CALL_TRANSACTION + 15,
95         GRANT = IBinder::FIRST_CALL_TRANSACTION + 16,
96         UNGRANT = IBinder::FIRST_CALL_TRANSACTION + 17,
97         GETMTIME = IBinder::FIRST_CALL_TRANSACTION + 18,
98         DUPLICATE = IBinder::FIRST_CALL_TRANSACTION + 19,
99         IS_HARDWARE_BACKED = IBinder::FIRST_CALL_TRANSACTION + 20,
100         CLEAR_UID = IBinder::FIRST_CALL_TRANSACTION + 21,
101         ADD_RNG_ENTROPY = IBinder::FIRST_CALL_TRANSACTION + 22,
102         GENERATE_KEY = IBinder::FIRST_CALL_TRANSACTION + 23,
103         GET_KEY_CHARACTERISTICS = IBinder::FIRST_CALL_TRANSACTION + 24,
104         IMPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 25,
105         EXPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 26,
106         BEGIN = IBinder::FIRST_CALL_TRANSACTION + 27,
107         UPDATE = IBinder::FIRST_CALL_TRANSACTION + 28,
108         FINISH = IBinder::FIRST_CALL_TRANSACTION + 29,
109         ABORT = IBinder::FIRST_CALL_TRANSACTION + 30,
110         IS_OPERATION_AUTHORIZED = IBinder::FIRST_CALL_TRANSACTION + 31,
111         ADD_AUTH_TOKEN = IBinder::FIRST_CALL_TRANSACTION + 32,
112         ON_USER_ADDED = IBinder::FIRST_CALL_TRANSACTION + 33,
113         ON_USER_REMOVED = IBinder::FIRST_CALL_TRANSACTION + 34,
114         ATTEST_KEY = IBinder::FIRST_CALL_TRANSACTION + 35,
115         ATTEST_DEVICE_IDS = IBinder::FIRST_CALL_TRANSACTION + 36,
116         ON_DEVICE_OFF_BODY = IBinder::FIRST_CALL_TRANSACTION + 37,
117     };
118 
119     DECLARE_META_INTERFACE(KeystoreService);
120 
121     virtual ::keystore::KeyStoreServiceReturnCode getState(int32_t userId) = 0;
122 
123     virtual ::keystore::KeyStoreServiceReturnCode get(const String16& name, int32_t uid,
124                                                       ::keystore::hidl_vec<uint8_t>* item) = 0;
125 
126     virtual ::keystore::KeyStoreServiceReturnCode insert(const String16& name,
127                                                          const ::keystore::hidl_vec<uint8_t>& item,
128                                                          int uid, int32_t flags) = 0;
129 
130     virtual ::keystore::KeyStoreServiceReturnCode del(const String16& name, int uid) = 0;
131 
132     virtual ::keystore::KeyStoreServiceReturnCode exist(const String16& name, int uid) = 0;
133 
134     virtual ::keystore::KeyStoreServiceReturnCode list(const String16& prefix, int uid,
135                                                        Vector<String16>* matches) = 0;
136 
137     virtual ::keystore::KeyStoreServiceReturnCode reset() = 0;
138 
139     virtual ::keystore::KeyStoreServiceReturnCode
140     onUserPasswordChanged(int32_t userId, const String16& newPassword) = 0;
141 
142     virtual ::keystore::KeyStoreServiceReturnCode lock(int32_t userId) = 0;
143 
144     virtual ::keystore::KeyStoreServiceReturnCode unlock(int32_t userId,
145                                                          const String16& password) = 0;
146 
147     virtual bool isEmpty(int32_t userId) = 0;
148 
149     virtual ::keystore::KeyStoreServiceReturnCode generate(const String16& name, int32_t uid,
150                                                            int32_t keyType, int32_t keySize,
151                                                            int32_t flags,
152                                                            Vector<sp<KeystoreArg>>* args) = 0;
153 
154     virtual ::keystore::KeyStoreServiceReturnCode import(const String16& name,
155                                                          const ::keystore::hidl_vec<uint8_t>& data,
156                                                          int uid, int32_t flags) = 0;
157 
158     virtual ::keystore::KeyStoreServiceReturnCode sign(const String16& name,
159                                                        const ::keystore::hidl_vec<uint8_t>& data,
160                                                        ::keystore::hidl_vec<uint8_t>* out) = 0;
161 
162     virtual ::keystore::KeyStoreServiceReturnCode
163     verify(const String16& name, const ::keystore::hidl_vec<uint8_t>& data,
164            const ::keystore::hidl_vec<uint8_t>& signature) = 0;
165 
166     virtual ::keystore::KeyStoreServiceReturnCode
167     get_pubkey(const String16& name, ::keystore::hidl_vec<uint8_t>* pubKey) = 0;
168 
169     virtual ::keystore::KeyStoreServiceReturnCode grant(const String16& name,
170                                                         int32_t granteeUid) = 0;
171 
172     virtual ::keystore::KeyStoreServiceReturnCode ungrant(const String16& name,
173                                                           int32_t granteeUid) = 0;
174 
175     virtual int64_t getmtime(const String16& name, int32_t uid) = 0;
176 
177     virtual ::keystore::KeyStoreServiceReturnCode
178     duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, int32_t destUid) = 0;
179 
180     virtual int32_t is_hardware_backed(const String16& keyType) = 0;
181 
182     virtual ::keystore::KeyStoreServiceReturnCode clear_uid(int64_t uid) = 0;
183 
184     virtual ::keystore::KeyStoreServiceReturnCode
185     addRngEntropy(const ::keystore::hidl_vec<uint8_t>& entropy) = 0;
186 
187     virtual ::keystore::KeyStoreServiceReturnCode
188     generateKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params,
189                 const ::keystore::hidl_vec<uint8_t>& entropy, int uid, int flags,
190                 ::keystore::KeyCharacteristics* outCharacteristics) = 0;
191 
192     virtual ::keystore::KeyStoreServiceReturnCode
193     getKeyCharacteristics(const String16& name, const ::keystore::hidl_vec<uint8_t>& clientId,
194                           const ::keystore::hidl_vec<uint8_t>& appData, int32_t uid,
195                           ::keystore::KeyCharacteristics* outCharacteristics) = 0;
196 
197     virtual ::keystore::KeyStoreServiceReturnCode
198     importKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params,
199               ::keystore::KeyFormat format, const ::keystore::hidl_vec<uint8_t>& key, int uid,
200               int flags, ::keystore::KeyCharacteristics* outCharacteristics) = 0;
201 
202     virtual void exportKey(const String16& name, ::keystore::KeyFormat format,
203                            const ::keystore::hidl_vec<uint8_t>& clientId,
204                            const ::keystore::hidl_vec<uint8_t>& appData, int uid,
205                            ExportResult* result) = 0;
206 
207     virtual void begin(const sp<IBinder>& apptoken, const String16& name,
208                        ::keystore::KeyPurpose purpose, bool pruneable,
209                        const ::keystore::hidl_vec<::keystore::KeyParameter>& params,
210                        const ::keystore::hidl_vec<uint8_t>& entropy, int32_t uid,
211                        OperationResult* opResult) = 0;
212 
213     virtual void update(const sp<IBinder>& token,
214                         const ::keystore::hidl_vec<::keystore::KeyParameter>& params,
215                         const ::keystore::hidl_vec<uint8_t>& data, OperationResult* opResult) = 0;
216 
217     virtual void finish(const sp<IBinder>& token,
218                         const ::keystore::hidl_vec<::keystore::KeyParameter>& params,
219                         const ::keystore::hidl_vec<uint8_t>& signature,
220                         const ::keystore::hidl_vec<uint8_t>& entropy,
221                         OperationResult* opResult) = 0;
222 
223     virtual ::keystore::KeyStoreServiceReturnCode abort(const sp<IBinder>& handle) = 0;
224 
225     virtual bool isOperationAuthorized(const sp<IBinder>& handle) = 0;
226 
227     virtual ::keystore::KeyStoreServiceReturnCode addAuthToken(const uint8_t* token,
228                                                                size_t length) = 0;
229 
230     virtual ::keystore::KeyStoreServiceReturnCode onUserAdded(int32_t userId, int32_t parentId) = 0;
231 
232     virtual ::keystore::KeyStoreServiceReturnCode onUserRemoved(int32_t userId) = 0;
233 
234     virtual ::keystore::KeyStoreServiceReturnCode
235     attestKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params,
236               ::keystore::hidl_vec<::keystore::hidl_vec<uint8_t>>* outChain) = 0;
237 
238     virtual ::keystore::KeyStoreServiceReturnCode attestDeviceIds(
239             const ::keystore::hidl_vec<::keystore::KeyParameter>& params,
240             ::keystore::hidl_vec<::keystore::hidl_vec<uint8_t>>* outChain) = 0;
241 
242     virtual ::keystore::KeyStoreServiceReturnCode onDeviceOffBody() = 0;
243 };
244 
245 // ----------------------------------------------------------------------------
246 
247 class BnKeystoreService : public BnInterface<IKeystoreService> {
248   public:
249     virtual status_t onTransact(uint32_t code, const Parcel& data, Parcel* reply,
250                                 uint32_t flags = 0);
251 };
252 
253 }  // namespace android
254 
255 #endif
256