| /* |
| ** |
| ** Copyright 2016, The Android Open Source Project |
| ** |
| ** Licensed under the Apache License, Version 2.0 (the "License"); |
| ** you may not use this file except in compliance with the License. |
| ** You may obtain a copy of the License at |
| ** |
| ** http://www.apache.org/licenses/LICENSE-2.0 |
| ** |
| ** Unless required by applicable law or agreed to in writing, software |
| ** distributed under the License is distributed on an "AS IS" BASIS, |
| ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| ** See the License for the specific language governing permissions and |
| ** limitations under the License. |
| */ |
| |
| #include "keystore_aidl_hidl_marshalling_utils.h" |
| |
| #include <keystore/ExportResult.h> |
| #include <keystore/KeyCharacteristics.h> |
| #include <keystore/KeymasterBlob.h> |
| #include <keystore/KeymasterCertificateChain.h> |
| #include <keystore/KeystoreArg.h> |
| #include <keystore/keymaster_types.h> |
| #include <keystore/keystore_hidl_support.h> |
| |
| namespace keystore { |
| |
| // reads byte[] |
| hidl_vec<uint8_t> readKeymasterBlob(const android::Parcel& in, bool inPlace) { |
| |
| ssize_t length = in.readInt32(); |
| if (length <= 0) { |
| return {}; |
| } |
| |
| const void* buf = in.readInplace(length); |
| if (!buf) return {}; |
| |
| return blob2hidlVec(reinterpret_cast<const uint8_t*>(buf), size_t(length), inPlace); |
| } |
| |
| android::status_t writeKeymasterBlob(const hidl_vec<uint8_t>& blob, android::Parcel* out) { |
| int32_t size = int32_t(std::min<size_t>(blob.size(), std::numeric_limits<int32_t>::max())); |
| |
| auto rc = out->writeInt32(size); |
| if (rc != ::android::OK) return rc; |
| |
| if (!size) return ::android::OK; |
| |
| return out->write(blob.data(), size); |
| } |
| |
| android::status_t writeKeymasterBlob(const ::std::vector<int32_t>& blob, android::Parcel* out) { |
| |
| int32_t size = int32_t(std::min<size_t>(blob.size(), std::numeric_limits<int32_t>::max())); |
| |
| auto rc = out->writeInt32(size); |
| if (rc != ::android::OK) return rc; |
| |
| if (!size) return ::android::OK; |
| |
| return out->write(blob.data(), size); |
| } |
| |
| NullOr<KeyParameter> readKeyParameterFromParcel(const android::Parcel& in) { |
| // Method must be in sync with KeymasterArgument.java |
| if (in.readInt32() == 0) { |
| return {}; |
| } |
| KeyParameter result; |
| |
| Tag tag = static_cast<Tag>(in.readInt32()); |
| result.tag = tag; |
| switch (typeFromTag(tag)) { |
| case TagType::ENUM: |
| case TagType::ENUM_REP: |
| case TagType::UINT: |
| case TagType::UINT_REP: |
| result.f.integer = in.readInt32(); |
| break; |
| case TagType::ULONG: |
| case TagType::ULONG_REP: |
| case TagType::DATE: |
| result.f.longInteger = in.readInt64(); |
| break; |
| case TagType::BOOL: |
| result.f.boolValue = true; |
| break; |
| case TagType::BIGNUM: |
| case TagType::BYTES: |
| result.blob = readKeymasterBlob(in); // byte array |
| break; |
| default: |
| ALOGE("Unsupported KeyParameter tag %d", tag); |
| return {}; |
| } |
| return result; |
| } |
| |
| android::status_t writeKeyParameterToParcel(const KeyParameter& param, android::Parcel* out) { |
| // Method must be in sync with with KeymasterArgument.java |
| // Presence flag must be written by caller. |
| |
| auto tag = param.tag; |
| auto rc = out->writeInt32(uint32_t(tag)); |
| if (rc != ::android::OK) return rc; |
| switch (typeFromTag(param.tag)) { |
| case TagType::ENUM: |
| case TagType::ENUM_REP: |
| case TagType::UINT: |
| case TagType::UINT_REP: |
| rc = out->writeInt32(param.f.integer); |
| break; |
| case TagType::ULONG: |
| case TagType::ULONG_REP: |
| case TagType::DATE: |
| rc = out->writeInt64(param.f.longInteger); |
| break; |
| case TagType::BOOL: |
| // nothing to do here presence indicates true |
| break; |
| case TagType::BIGNUM: |
| case TagType::BYTES: |
| rc = writeKeymasterBlob(param.blob, out); |
| break; |
| default: |
| ALOGE("Failed to write KeyParameter: Unsupported tag %d", param.tag); |
| rc = android::BAD_VALUE; |
| break; |
| } |
| return rc; |
| } |
| |
| hidl_vec<KeyParameter> readParamSetFromParcel(const android::Parcel& in) { |
| |
| ssize_t length = in.readInt32(); // -1 for null |
| size_t ulength = (size_t)length; |
| if (length < 0) { |
| ulength = 0; |
| } |
| hidl_vec<KeyParameter> result; |
| result.resize(ulength); |
| for (size_t i = 0; i < ulength; ++i) { |
| auto param = readKeyParameterFromParcel(in); |
| if (!param.isOk()) { |
| ALOGE("Error reading KeyParameter from parcel"); |
| return {}; |
| } |
| result[i] = param.value(); |
| } |
| return result; |
| } |
| |
| android::status_t writeParamSetToParcel(const hidl_vec<KeyParameter>& params, |
| android::Parcel* out) { |
| int32_t size = int32_t(std::min<size_t>(params.size(), std::numeric_limits<int32_t>::max())); |
| |
| auto rc = out->writeInt32(size); |
| if (rc != ::android::OK) return rc; |
| for (int32_t i = 0; i < size; ++i) { |
| rc = out->writeInt32(1); // writeTypedObject presence flag. |
| if (rc != ::android::OK) return rc; |
| rc = writeKeyParameterToParcel(params[i], out); |
| if (rc != ::android::OK) return rc; |
| } |
| return rc; |
| } |
| |
| hidl_vec<hidl_vec<uint8_t>> readCertificateChainFromParcel(const android::Parcel& in) { |
| hidl_vec<hidl_vec<uint8_t>> result; |
| |
| ssize_t count = in.readInt32(); |
| size_t ucount = count; |
| if (count <= 0) { |
| return result; |
| } |
| |
| result.resize(ucount); |
| |
| for (size_t i = 0; i < ucount; ++i) { |
| result[i] = readKeymasterBlob(in); |
| } |
| return result; |
| }; |
| |
| android::status_t writeCertificateChainToParcel(const hidl_vec<hidl_vec<uint8_t>>& certs, |
| android::Parcel* out) { |
| int32_t count = int32_t(std::min<size_t>(certs.size(), std::numeric_limits<int32_t>::max())); |
| auto rc = out->writeInt32(count); |
| |
| for (int32_t i = 0; i < count; ++i) { |
| rc = writeKeymasterBlob(certs[i], out); |
| if (rc != ::android::OK) return rc; |
| } |
| return rc; |
| } |
| |
| }; // namespace keystore |
| |
| // Implementation for keystore parcelables. |
| // TODO: split implementation into separate classes |
| namespace android { |
| namespace security { |
| namespace keymaster { |
| |
| using ::android::status_t; |
| using ::keystore::keymaster::ErrorCode; |
| |
| ExportResult::ExportResult() : resultCode() {} |
| |
| ExportResult::~ExportResult() {} |
| |
| status_t ExportResult::readFromParcel(const Parcel* inn) { |
| const Parcel& in = *inn; |
| resultCode = ErrorCode(in.readInt32()); |
| exportData = keystore::readKeymasterBlob(in); |
| return OK; |
| } |
| |
| status_t ExportResult::writeToParcel(Parcel* out) const { |
| out->writeInt32(resultCode); |
| return keystore::writeKeymasterBlob(exportData, out); |
| } |
| |
| status_t KeyCharacteristics::readFromParcel(const Parcel* in) { |
| softwareEnforced.readFromParcel(in); |
| return hardwareEnforced.readFromParcel(in); |
| } |
| |
| status_t KeyCharacteristics::writeToParcel(Parcel* out) const { |
| softwareEnforced.writeToParcel(out); |
| return hardwareEnforced.writeToParcel(out); |
| } |
| |
| status_t KeymasterBlob::readFromParcel(const Parcel* in) { |
| data_ = keystore::readKeymasterBlob(*in, true /* in place */); |
| return OK; |
| } |
| |
| status_t KeymasterBlob::writeToParcel(Parcel* out) const { |
| return keystore::writeKeymasterBlob(data_, out); |
| } |
| |
| status_t KeymasterCertificateChain::readFromParcel(const Parcel* in) { |
| chain = keystore::readCertificateChainFromParcel(*in); |
| return OK; |
| } |
| |
| status_t KeymasterCertificateChain::writeToParcel(Parcel* out) const { |
| return keystore::writeCertificateChainToParcel(chain, out); |
| } |
| |
| } // namespace keymaster |
| } // namespace security |
| |
| } // namespace android |