1 /* 2 * Copyright (C) 2012 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef KEYSTORE_IKEYSTORESERVICE_H 18 #define KEYSTORE_IKEYSTORESERVICE_H 19 20 #include "keystore.h" 21 #include "keystore_return_types.h" 22 #include <binder/IInterface.h> 23 #include <binder/Parcel.h> 24 #include <keystore/keymaster_tags.h> 25 #include <utils/RefBase.h> 26 #include <vector> 27 28 namespace android { 29 30 class KeystoreArg : public RefBase { 31 public: 32 KeystoreArg(const void* data, size_t len); 33 ~KeystoreArg(); 34 35 const void* data() const; 36 size_t size() const; 37 38 private: 39 const void* mData; 40 size_t mSize; 41 }; 42 43 struct MallocDeleter { operatorMallocDeleter44 void operator()(uint8_t* p) { free(p); } 45 }; 46 47 // struct for serializing the results of begin/update/finish 48 struct OperationResult : public ::android::Parcelable { 49 OperationResult(); 50 ~OperationResult(); 51 status_t readFromParcel(const Parcel* in) override; 52 status_t writeToParcel(Parcel* out) const override; 53 54 ::keystore::KeyStoreServiceReturnCode resultCode; 55 sp<IBinder> token; 56 uint64_t handle; 57 int inputConsumed; 58 ::keystore::hidl_vec<uint8_t> data; 59 ::keystore::hidl_vec<::keystore::KeyParameter> outParams; 60 }; 61 62 // struct for serializing the results of export 63 struct ExportResult : public ::android::Parcelable { 64 ExportResult(); 65 ~ExportResult(); 66 status_t readFromParcel(const Parcel* in) override; 67 status_t writeToParcel(Parcel* out) const override; 68 69 ::keystore::KeyStoreServiceReturnCode resultCode; 70 ::keystore::hidl_vec<uint8_t> exportData; 71 }; 72 73 /* 74 * This must be kept manually in sync with frameworks/base's IKeystoreService.java 75 */ 76 class IKeystoreService : public IInterface { 77 public: 78 enum { 79 GET_STATE = IBinder::FIRST_CALL_TRANSACTION + 0, 80 GET = IBinder::FIRST_CALL_TRANSACTION + 1, 81 INSERT = IBinder::FIRST_CALL_TRANSACTION + 2, 82 DEL = IBinder::FIRST_CALL_TRANSACTION + 3, 83 EXIST = IBinder::FIRST_CALL_TRANSACTION + 4, 84 LIST = IBinder::FIRST_CALL_TRANSACTION + 5, 85 RESET = IBinder::FIRST_CALL_TRANSACTION + 6, 86 ON_USER_PASSWORD_CHANGED = IBinder::FIRST_CALL_TRANSACTION + 7, 87 LOCK = IBinder::FIRST_CALL_TRANSACTION + 8, 88 UNLOCK = IBinder::FIRST_CALL_TRANSACTION + 9, 89 IS_EMPTY = IBinder::FIRST_CALL_TRANSACTION + 10, 90 GENERATE = IBinder::FIRST_CALL_TRANSACTION + 11, 91 IMPORT = IBinder::FIRST_CALL_TRANSACTION + 12, 92 SIGN = IBinder::FIRST_CALL_TRANSACTION + 13, 93 VERIFY = IBinder::FIRST_CALL_TRANSACTION + 14, 94 GET_PUBKEY = IBinder::FIRST_CALL_TRANSACTION + 15, 95 GRANT = IBinder::FIRST_CALL_TRANSACTION + 16, 96 UNGRANT = IBinder::FIRST_CALL_TRANSACTION + 17, 97 GETMTIME = IBinder::FIRST_CALL_TRANSACTION + 18, 98 DUPLICATE = IBinder::FIRST_CALL_TRANSACTION + 19, 99 IS_HARDWARE_BACKED = IBinder::FIRST_CALL_TRANSACTION + 20, 100 CLEAR_UID = IBinder::FIRST_CALL_TRANSACTION + 21, 101 ADD_RNG_ENTROPY = IBinder::FIRST_CALL_TRANSACTION + 22, 102 GENERATE_KEY = IBinder::FIRST_CALL_TRANSACTION + 23, 103 GET_KEY_CHARACTERISTICS = IBinder::FIRST_CALL_TRANSACTION + 24, 104 IMPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 25, 105 EXPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 26, 106 BEGIN = IBinder::FIRST_CALL_TRANSACTION + 27, 107 UPDATE = IBinder::FIRST_CALL_TRANSACTION + 28, 108 FINISH = IBinder::FIRST_CALL_TRANSACTION + 29, 109 ABORT = IBinder::FIRST_CALL_TRANSACTION + 30, 110 IS_OPERATION_AUTHORIZED = IBinder::FIRST_CALL_TRANSACTION + 31, 111 ADD_AUTH_TOKEN = IBinder::FIRST_CALL_TRANSACTION + 32, 112 ON_USER_ADDED = IBinder::FIRST_CALL_TRANSACTION + 33, 113 ON_USER_REMOVED = IBinder::FIRST_CALL_TRANSACTION + 34, 114 ATTEST_KEY = IBinder::FIRST_CALL_TRANSACTION + 35, 115 ATTEST_DEVICE_IDS = IBinder::FIRST_CALL_TRANSACTION + 36, 116 ON_DEVICE_OFF_BODY = IBinder::FIRST_CALL_TRANSACTION + 37, 117 }; 118 119 DECLARE_META_INTERFACE(KeystoreService); 120 121 virtual ::keystore::KeyStoreServiceReturnCode getState(int32_t userId) = 0; 122 123 virtual ::keystore::KeyStoreServiceReturnCode get(const String16& name, int32_t uid, 124 ::keystore::hidl_vec<uint8_t>* item) = 0; 125 126 virtual ::keystore::KeyStoreServiceReturnCode insert(const String16& name, 127 const ::keystore::hidl_vec<uint8_t>& item, 128 int uid, int32_t flags) = 0; 129 130 virtual ::keystore::KeyStoreServiceReturnCode del(const String16& name, int uid) = 0; 131 132 virtual ::keystore::KeyStoreServiceReturnCode exist(const String16& name, int uid) = 0; 133 134 virtual ::keystore::KeyStoreServiceReturnCode list(const String16& prefix, int uid, 135 Vector<String16>* matches) = 0; 136 137 virtual ::keystore::KeyStoreServiceReturnCode reset() = 0; 138 139 virtual ::keystore::KeyStoreServiceReturnCode 140 onUserPasswordChanged(int32_t userId, const String16& newPassword) = 0; 141 142 virtual ::keystore::KeyStoreServiceReturnCode lock(int32_t userId) = 0; 143 144 virtual ::keystore::KeyStoreServiceReturnCode unlock(int32_t userId, 145 const String16& password) = 0; 146 147 virtual bool isEmpty(int32_t userId) = 0; 148 149 virtual ::keystore::KeyStoreServiceReturnCode generate(const String16& name, int32_t uid, 150 int32_t keyType, int32_t keySize, 151 int32_t flags, 152 Vector<sp<KeystoreArg>>* args) = 0; 153 154 virtual ::keystore::KeyStoreServiceReturnCode import(const String16& name, 155 const ::keystore::hidl_vec<uint8_t>& data, 156 int uid, int32_t flags) = 0; 157 158 virtual ::keystore::KeyStoreServiceReturnCode sign(const String16& name, 159 const ::keystore::hidl_vec<uint8_t>& data, 160 ::keystore::hidl_vec<uint8_t>* out) = 0; 161 162 virtual ::keystore::KeyStoreServiceReturnCode 163 verify(const String16& name, const ::keystore::hidl_vec<uint8_t>& data, 164 const ::keystore::hidl_vec<uint8_t>& signature) = 0; 165 166 virtual ::keystore::KeyStoreServiceReturnCode 167 get_pubkey(const String16& name, ::keystore::hidl_vec<uint8_t>* pubKey) = 0; 168 169 virtual String16 grant(const String16& name, int32_t granteeUid) = 0; 170 171 virtual ::keystore::KeyStoreServiceReturnCode ungrant(const String16& name, 172 int32_t granteeUid) = 0; 173 174 virtual int64_t getmtime(const String16& name, int32_t uid) = 0; 175 176 virtual ::keystore::KeyStoreServiceReturnCode 177 duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, int32_t destUid) = 0; 178 179 virtual int32_t is_hardware_backed(const String16& keyType) = 0; 180 181 virtual ::keystore::KeyStoreServiceReturnCode clear_uid(int64_t uid) = 0; 182 183 virtual ::keystore::KeyStoreServiceReturnCode 184 addRngEntropy(const ::keystore::hidl_vec<uint8_t>& entropy) = 0; 185 186 virtual ::keystore::KeyStoreServiceReturnCode 187 generateKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params, 188 const ::keystore::hidl_vec<uint8_t>& entropy, int uid, int flags, 189 ::keystore::KeyCharacteristics* outCharacteristics) = 0; 190 191 virtual ::keystore::KeyStoreServiceReturnCode 192 getKeyCharacteristics(const String16& name, const ::keystore::hidl_vec<uint8_t>& clientId, 193 const ::keystore::hidl_vec<uint8_t>& appData, int32_t uid, 194 ::keystore::KeyCharacteristics* outCharacteristics) = 0; 195 196 virtual ::keystore::KeyStoreServiceReturnCode 197 importKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params, 198 ::keystore::KeyFormat format, const ::keystore::hidl_vec<uint8_t>& key, int uid, 199 int flags, ::keystore::KeyCharacteristics* outCharacteristics) = 0; 200 201 virtual void exportKey(const String16& name, ::keystore::KeyFormat format, 202 const ::keystore::hidl_vec<uint8_t>& clientId, 203 const ::keystore::hidl_vec<uint8_t>& appData, int uid, 204 ExportResult* result) = 0; 205 206 virtual void begin(const sp<IBinder>& apptoken, const String16& name, 207 ::keystore::KeyPurpose purpose, bool pruneable, 208 const ::keystore::hidl_vec<::keystore::KeyParameter>& params, 209 const ::keystore::hidl_vec<uint8_t>& entropy, int32_t uid, 210 OperationResult* opResult) = 0; 211 212 virtual void update(const sp<IBinder>& token, 213 const ::keystore::hidl_vec<::keystore::KeyParameter>& params, 214 const ::keystore::hidl_vec<uint8_t>& data, OperationResult* opResult) = 0; 215 216 virtual void finish(const sp<IBinder>& token, 217 const ::keystore::hidl_vec<::keystore::KeyParameter>& params, 218 const ::keystore::hidl_vec<uint8_t>& signature, 219 const ::keystore::hidl_vec<uint8_t>& entropy, 220 OperationResult* opResult) = 0; 221 222 virtual ::keystore::KeyStoreServiceReturnCode abort(const sp<IBinder>& handle) = 0; 223 224 virtual bool isOperationAuthorized(const sp<IBinder>& handle) = 0; 225 226 virtual ::keystore::KeyStoreServiceReturnCode addAuthToken(const uint8_t* token, 227 size_t length) = 0; 228 229 virtual ::keystore::KeyStoreServiceReturnCode onUserAdded(int32_t userId, int32_t parentId) = 0; 230 231 virtual ::keystore::KeyStoreServiceReturnCode onUserRemoved(int32_t userId) = 0; 232 233 virtual ::keystore::KeyStoreServiceReturnCode 234 attestKey(const String16& name, const ::keystore::hidl_vec<::keystore::KeyParameter>& params, 235 ::keystore::hidl_vec<::keystore::hidl_vec<uint8_t>>* outChain) = 0; 236 237 virtual ::keystore::KeyStoreServiceReturnCode attestDeviceIds( 238 const ::keystore::hidl_vec<::keystore::KeyParameter>& params, 239 ::keystore::hidl_vec<::keystore::hidl_vec<uint8_t>>* outChain) = 0; 240 241 virtual ::keystore::KeyStoreServiceReturnCode onDeviceOffBody() = 0; 242 }; 243 244 // ---------------------------------------------------------------------------- 245 246 class BnKeystoreService : public BnInterface<IKeystoreService> { 247 public: 248 virtual status_t onTransact(uint32_t code, const Parcel& data, Parcel* reply, 249 uint32_t flags = 0); 250 }; 251 252 } // namespace android 253 254 #endif 255