keystore/include/keystore/IKeystoreService.h - platform/system/security - Git at Google

 /*
  * Copyright (C) 2012 The Android Open Source Project
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */

 #ifndef KEYSTORE_IKEYSTORESERVICE_H
 #define KEYSTORE_IKEYSTORESERVICE_H

 #include <hardware/keymaster_defs.h>
 #include <utils/RefBase.h>
 #include <binder/IInterface.h>
 #include <binder/Parcel.h>
 #include <vector>

 namespace android {

 class KeystoreArg : public RefBase {
 public:
     KeystoreArg(const void *data, size_t len);
     ~KeystoreArg();

     const void* data() const;
     size_t size() const;

 private:
     const void* mData;
     size_t mSize;
 };

 struct MallocDeleter {
     void operator()(uint8_t* p) { free(p); }
 };

 // struct for serializing/deserializing a list of keymaster_key_param_t's
 struct KeymasterArguments {
     KeymasterArguments();
     ~KeymasterArguments();
     void readFromParcel(const Parcel& in);
     void writeToParcel(Parcel* out) const;

     std::vector<keymaster_key_param_t> params;
 };

 // struct for serializing the results of begin/update/finish
 struct OperationResult {
     OperationResult();
     ~OperationResult();
     void readFromParcel(const Parcel& in);
     void writeToParcel(Parcel* out) const;

     int resultCode;
     sp<IBinder> token;
     keymaster_operation_handle_t handle;
     int inputConsumed;
     std::unique_ptr<uint8_t[], MallocDeleter> data;
     size_t dataLength;
     KeymasterArguments outParams;
 };

 // struct for serializing the results of export
 struct ExportResult {
     ExportResult();
     ~ExportResult();
     void readFromParcel(const Parcel& in);
     void writeToParcel(Parcel* out) const;

     int resultCode;
     std::unique_ptr<uint8_t[], MallocDeleter> exportData;
     size_t dataLength;
 };

 // struct for serializing keymaster_key_characteristics_t's
 struct KeyCharacteristics {
     KeyCharacteristics();
     ~KeyCharacteristics();
     void readFromParcel(const Parcel& in);
     void writeToParcel(Parcel* out) const;

     keymaster_key_characteristics_t characteristics;
 };

 bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out);
 void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out);

 /*
  * This must be kept manually in sync with frameworks/base's IKeystoreService.java
  */
 class IKeystoreService: public IInterface {
 public:
     enum {
         GET_STATE = IBinder::FIRST_CALL_TRANSACTION + 0,
         GET = IBinder::FIRST_CALL_TRANSACTION + 1,
         INSERT = IBinder::FIRST_CALL_TRANSACTION + 2,
         DEL = IBinder::FIRST_CALL_TRANSACTION + 3,
         EXIST = IBinder::FIRST_CALL_TRANSACTION + 4,
         LIST = IBinder::FIRST_CALL_TRANSACTION + 5,
         RESET = IBinder::FIRST_CALL_TRANSACTION + 6,
         ON_USER_PASSWORD_CHANGED = IBinder::FIRST_CALL_TRANSACTION + 7,
         LOCK = IBinder::FIRST_CALL_TRANSACTION + 8,
         UNLOCK = IBinder::FIRST_CALL_TRANSACTION + 9,
         IS_EMPTY = IBinder::FIRST_CALL_TRANSACTION + 10,
         GENERATE = IBinder::FIRST_CALL_TRANSACTION + 11,
         IMPORT = IBinder::FIRST_CALL_TRANSACTION + 12,
         SIGN = IBinder::FIRST_CALL_TRANSACTION + 13,
         VERIFY = IBinder::FIRST_CALL_TRANSACTION + 14,
         GET_PUBKEY = IBinder::FIRST_CALL_TRANSACTION + 15,
         GRANT = IBinder::FIRST_CALL_TRANSACTION + 16,
         UNGRANT = IBinder::FIRST_CALL_TRANSACTION + 17,
         GETMTIME = IBinder::FIRST_CALL_TRANSACTION + 18,
         DUPLICATE = IBinder::FIRST_CALL_TRANSACTION + 19,
         IS_HARDWARE_BACKED = IBinder::FIRST_CALL_TRANSACTION + 20,
         CLEAR_UID = IBinder::FIRST_CALL_TRANSACTION + 21,
         ADD_RNG_ENTROPY = IBinder::FIRST_CALL_TRANSACTION + 22,
         GENERATE_KEY = IBinder::FIRST_CALL_TRANSACTION + 23,
         GET_KEY_CHARACTERISTICS = IBinder::FIRST_CALL_TRANSACTION + 24,
         IMPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 25,
         EXPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 26,
         BEGIN = IBinder::FIRST_CALL_TRANSACTION + 27,
         UPDATE = IBinder::FIRST_CALL_TRANSACTION + 28,
         FINISH = IBinder::FIRST_CALL_TRANSACTION + 29,
         ABORT = IBinder::FIRST_CALL_TRANSACTION + 30,
         IS_OPERATION_AUTHORIZED = IBinder::FIRST_CALL_TRANSACTION + 31,
         ADD_AUTH_TOKEN = IBinder::FIRST_CALL_TRANSACTION + 32,
         ON_USER_ADDED = IBinder::FIRST_CALL_TRANSACTION + 33,
         ON_USER_REMOVED = IBinder::FIRST_CALL_TRANSACTION + 34,
     };

     DECLARE_META_INTERFACE(KeystoreService);

     virtual int32_t getState(int32_t userId) = 0;

     virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength) = 0;

     virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
             int32_t flags) = 0;

     virtual int32_t del(const String16& name, int uid) = 0;

     virtual int32_t exist(const String16& name, int uid) = 0;

     virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches) = 0;

     virtual int32_t reset() = 0;

     virtual int32_t onUserPasswordChanged(int32_t userId, const String16& newPassword) = 0;

     virtual int32_t lock(int32_t userId) = 0;

     virtual int32_t unlock(int32_t userId, const String16& password) = 0;

     virtual bool isEmpty(int32_t userId) = 0;

     virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
             int32_t flags, Vector<sp<KeystoreArg> >* args) = 0;

     virtual int32_t import(const String16& name, const uint8_t* data, size_t length, int uid,
             int32_t flags) = 0;

     virtual int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out,
             size_t* outLength) = 0;

     virtual int32_t verify(const String16& name, const uint8_t* data, size_t dataLength,
             const uint8_t* signature, size_t signatureLength) = 0;

     virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) = 0;

     virtual int32_t grant(const String16& name, int32_t granteeUid) = 0;

     virtual int32_t ungrant(const String16& name, int32_t granteeUid) = 0;

     virtual int64_t getmtime(const String16& name) = 0;

     virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
             int32_t destUid) = 0;

     virtual int32_t is_hardware_backed(const String16& keyType) = 0;

     virtual int32_t clear_uid(int64_t uid) = 0;

     virtual int32_t addRngEntropy(const uint8_t* data, size_t dataLength) = 0;

     virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
                                 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
                                 KeyCharacteristics* outCharacteristics) = 0;

     virtual int32_t getKeyCharacteristics(const String16& name,
                                           const keymaster_blob_t* clientId,
                                           const keymaster_blob_t* appData,
                                           KeyCharacteristics* outCharacteristics) = 0;

     virtual int32_t importKey(const String16& name, const KeymasterArguments&  params,
                               keymaster_key_format_t format, const uint8_t *keyData,
                               size_t keyLength, int uid, int flags,
                               KeyCharacteristics* outCharacteristics) = 0;

     virtual void exportKey(const String16& name, keymaster_key_format_t format,
                            const keymaster_blob_t* clientId,
                            const keymaster_blob_t* appData, ExportResult* result) = 0;

     virtual void begin(const sp<IBinder>& apptoken, const String16& name,
                        keymaster_purpose_t purpose, bool pruneable,
                        const KeymasterArguments& params, const uint8_t* entropy,
                        size_t entropyLength, OperationResult* result) = 0;

     virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
                         const uint8_t* data, size_t dataLength, OperationResult* result) = 0;

     virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
                         const uint8_t* signature, size_t signatureLength,
                         const uint8_t* entropy, size_t entropyLength,
                         OperationResult* result) = 0;

     virtual int32_t abort(const sp<IBinder>& handle) = 0;

     virtual bool isOperationAuthorized(const sp<IBinder>& handle) = 0;

     virtual int32_t addAuthToken(const uint8_t* token, size_t length) = 0;

     virtual int32_t onUserAdded(int32_t userId, int32_t parentId) = 0;

     virtual int32_t onUserRemoved(int32_t userId) = 0;

 };

 // ----------------------------------------------------------------------------

 class BnKeystoreService: public BnInterface<IKeystoreService> {
 public:
     virtual status_t onTransact(uint32_t code, const Parcel& data, Parcel* reply,
             uint32_t flags = 0);
 };

 } // namespace android

 #endif
	/*
	* Copyright (C) 2012 The Android Open Source Project
	*
	* Licensed under the Apache License, Version 2.0 (the "License");
	* you may not use this file except in compliance with the License.
	* You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/

	#ifndef KEYSTORE_IKEYSTORESERVICE_H
	#define KEYSTORE_IKEYSTORESERVICE_H

	#include <hardware/keymaster_defs.h>
	#include <utils/RefBase.h>
	#include <binder/IInterface.h>
	#include <binder/Parcel.h>
	#include <vector>

	namespace android {

	class KeystoreArg : public RefBase {
	public:
	KeystoreArg(const void *data, size_t len);
	~KeystoreArg();

	const void* data() const;
	size_t size() const;

	private:
	const void* mData;
	size_t mSize;
	};

	struct MallocDeleter {
	void operator()(uint8_t* p) { free(p); }
	};

	// struct for serializing/deserializing a list of keymaster_key_param_t's
	struct KeymasterArguments {
	KeymasterArguments();
	~KeymasterArguments();
	void readFromParcel(const Parcel& in);
	void writeToParcel(Parcel* out) const;

	std::vector<keymaster_key_param_t> params;
	};

	// struct for serializing the results of begin/update/finish
	struct OperationResult {
	OperationResult();
	~OperationResult();
	void readFromParcel(const Parcel& in);
	void writeToParcel(Parcel* out) const;

	int resultCode;
	sp<IBinder> token;
	keymaster_operation_handle_t handle;
	int inputConsumed;
	std::unique_ptr<uint8_t[], MallocDeleter> data;
	size_t dataLength;
	KeymasterArguments outParams;
	};

	// struct for serializing the results of export
	struct ExportResult {
	ExportResult();
	~ExportResult();
	void readFromParcel(const Parcel& in);
	void writeToParcel(Parcel* out) const;

	int resultCode;
	std::unique_ptr<uint8_t[], MallocDeleter> exportData;
	size_t dataLength;
	};

	// struct for serializing keymaster_key_characteristics_t's
	struct KeyCharacteristics {
	KeyCharacteristics();
	~KeyCharacteristics();
	void readFromParcel(const Parcel& in);
	void writeToParcel(Parcel* out) const;

	keymaster_key_characteristics_t characteristics;
	};

	bool readKeymasterArgumentFromParcel(const Parcel& in, keymaster_key_param_t* out);
	void writeKeymasterArgumentToParcel(const keymaster_key_param_t& param, Parcel* out);

	/*
	* This must be kept manually in sync with frameworks/base's IKeystoreService.java
	*/
	class IKeystoreService: public IInterface {
	public:
	enum {
	GET_STATE = IBinder::FIRST_CALL_TRANSACTION + 0,
	GET = IBinder::FIRST_CALL_TRANSACTION + 1,
	INSERT = IBinder::FIRST_CALL_TRANSACTION + 2,
	DEL = IBinder::FIRST_CALL_TRANSACTION + 3,
	EXIST = IBinder::FIRST_CALL_TRANSACTION + 4,
	LIST = IBinder::FIRST_CALL_TRANSACTION + 5,
	RESET = IBinder::FIRST_CALL_TRANSACTION + 6,
	ON_USER_PASSWORD_CHANGED = IBinder::FIRST_CALL_TRANSACTION + 7,
	LOCK = IBinder::FIRST_CALL_TRANSACTION + 8,
	UNLOCK = IBinder::FIRST_CALL_TRANSACTION + 9,
	IS_EMPTY = IBinder::FIRST_CALL_TRANSACTION + 10,
	GENERATE = IBinder::FIRST_CALL_TRANSACTION + 11,
	IMPORT = IBinder::FIRST_CALL_TRANSACTION + 12,
	SIGN = IBinder::FIRST_CALL_TRANSACTION + 13,
	VERIFY = IBinder::FIRST_CALL_TRANSACTION + 14,
	GET_PUBKEY = IBinder::FIRST_CALL_TRANSACTION + 15,
	GRANT = IBinder::FIRST_CALL_TRANSACTION + 16,
	UNGRANT = IBinder::FIRST_CALL_TRANSACTION + 17,
	GETMTIME = IBinder::FIRST_CALL_TRANSACTION + 18,
	DUPLICATE = IBinder::FIRST_CALL_TRANSACTION + 19,
	IS_HARDWARE_BACKED = IBinder::FIRST_CALL_TRANSACTION + 20,
	CLEAR_UID = IBinder::FIRST_CALL_TRANSACTION + 21,
	ADD_RNG_ENTROPY = IBinder::FIRST_CALL_TRANSACTION + 22,
	GENERATE_KEY = IBinder::FIRST_CALL_TRANSACTION + 23,
	GET_KEY_CHARACTERISTICS = IBinder::FIRST_CALL_TRANSACTION + 24,
	IMPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 25,
	EXPORT_KEY = IBinder::FIRST_CALL_TRANSACTION + 26,
	BEGIN = IBinder::FIRST_CALL_TRANSACTION + 27,
	UPDATE = IBinder::FIRST_CALL_TRANSACTION + 28,
	FINISH = IBinder::FIRST_CALL_TRANSACTION + 29,
	ABORT = IBinder::FIRST_CALL_TRANSACTION + 30,
	IS_OPERATION_AUTHORIZED = IBinder::FIRST_CALL_TRANSACTION + 31,
	ADD_AUTH_TOKEN = IBinder::FIRST_CALL_TRANSACTION + 32,
	ON_USER_ADDED = IBinder::FIRST_CALL_TRANSACTION + 33,
	ON_USER_REMOVED = IBinder::FIRST_CALL_TRANSACTION + 34,
	};

	DECLARE_META_INTERFACE(KeystoreService);

	virtual int32_t getState(int32_t userId) = 0;

	virtual int32_t get(const String16& name, uint8_t** item, size_t* itemLength) = 0;

	virtual int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int uid,
	int32_t flags) = 0;

	virtual int32_t del(const String16& name, int uid) = 0;

	virtual int32_t exist(const String16& name, int uid) = 0;

	virtual int32_t list(const String16& prefix, int uid, Vector<String16>* matches) = 0;

	virtual int32_t reset() = 0;

	virtual int32_t onUserPasswordChanged(int32_t userId, const String16& newPassword) = 0;

	virtual int32_t lock(int32_t userId) = 0;

	virtual int32_t unlock(int32_t userId, const String16& password) = 0;

	virtual bool isEmpty(int32_t userId) = 0;

	virtual int32_t generate(const String16& name, int32_t uid, int32_t keyType, int32_t keySize,
	int32_t flags, Vector<sp<KeystoreArg> >* args) = 0;

	virtual int32_t import(const String16& name, const uint8_t* data, size_t length, int uid,
	int32_t flags) = 0;

	virtual int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out,
	size_t* outLength) = 0;

	virtual int32_t verify(const String16& name, const uint8_t* data, size_t dataLength,
	const uint8_t* signature, size_t signatureLength) = 0;

	virtual int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) = 0;

	virtual int32_t grant(const String16& name, int32_t granteeUid) = 0;

	virtual int32_t ungrant(const String16& name, int32_t granteeUid) = 0;

	virtual int64_t getmtime(const String16& name) = 0;

	virtual int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
	int32_t destUid) = 0;

	virtual int32_t is_hardware_backed(const String16& keyType) = 0;

	virtual int32_t clear_uid(int64_t uid) = 0;

	virtual int32_t addRngEntropy(const uint8_t* data, size_t dataLength) = 0;

	virtual int32_t generateKey(const String16& name, const KeymasterArguments& params,
	const uint8_t* entropy, size_t entropyLength, int uid, int flags,
	KeyCharacteristics* outCharacteristics) = 0;

	virtual int32_t getKeyCharacteristics(const String16& name,
	const keymaster_blob_t* clientId,
	const keymaster_blob_t* appData,
	KeyCharacteristics* outCharacteristics) = 0;

	virtual int32_t importKey(const String16& name, const KeymasterArguments& params,
	keymaster_key_format_t format, const uint8_t *keyData,
	size_t keyLength, int uid, int flags,
	KeyCharacteristics* outCharacteristics) = 0;

	virtual void exportKey(const String16& name, keymaster_key_format_t format,
	const keymaster_blob_t* clientId,
	const keymaster_blob_t* appData, ExportResult* result) = 0;

	virtual void begin(const sp<IBinder>& apptoken, const String16& name,
	keymaster_purpose_t purpose, bool pruneable,
	const KeymasterArguments& params, const uint8_t* entropy,
	size_t entropyLength, OperationResult* result) = 0;

	virtual void update(const sp<IBinder>& token, const KeymasterArguments& params,
	const uint8_t* data, size_t dataLength, OperationResult* result) = 0;

	virtual void finish(const sp<IBinder>& token, const KeymasterArguments& params,
	const uint8_t* signature, size_t signatureLength,
	const uint8_t* entropy, size_t entropyLength,
	OperationResult* result) = 0;

	virtual int32_t abort(const sp<IBinder>& handle) = 0;

	virtual bool isOperationAuthorized(const sp<IBinder>& handle) = 0;

	virtual int32_t addAuthToken(const uint8_t* token, size_t length) = 0;

	virtual int32_t onUserAdded(int32_t userId, int32_t parentId) = 0;

	virtual int32_t onUserRemoved(int32_t userId) = 0;

	};

	// ----------------------------------------------------------------------------

	class BnKeystoreService: public BnInterface<IKeystoreService> {
	public:
	virtual status_t onTransact(uint32_t code, const Parcel& data, Parcel* reply,
	uint32_t flags = 0);
	};

	} // namespace android

	#endif