Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1 | /* |
| 2 | ** |
| 3 | ** Copyright 2016, The Android Open Source Project |
| 4 | ** |
| 5 | ** Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | ** you may not use this file except in compliance with the License. |
| 7 | ** You may obtain a copy of the License at |
| 8 | ** |
| 9 | ** http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | ** |
| 11 | ** Unless required by applicable law or agreed to in writing, software |
| 12 | ** distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | ** See the License for the specific language governing permissions and |
| 15 | ** limitations under the License. |
| 16 | */ |
| 17 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 18 | #include "keystore_aidl_hidl_marshalling_utils.h" |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 19 | |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 20 | #include <keystore/ExportResult.h> |
| 21 | #include <keystore/KeyCharacteristics.h> |
| 22 | #include <keystore/KeymasterBlob.h> |
| 23 | #include <keystore/KeymasterCertificateChain.h> |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 24 | #include <keystore/keymaster_types.h> |
| 25 | #include <keystore/keystore_hidl_support.h> |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 26 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 27 | namespace keystore { |
| 28 | |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 29 | // reads byte[] |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 30 | hidl_vec<uint8_t> readKeymasterBlob(const android::Parcel& in) { |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 31 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 32 | ssize_t length = in.readInt32(); |
| 33 | if (length <= 0) { |
| 34 | return {}; |
| 35 | } |
| 36 | |
| 37 | const void* buf = in.readInplace(length); |
| 38 | if (!buf) return {}; |
| 39 | |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 40 | return blob2hidlVec(reinterpret_cast<const uint8_t*>(buf), size_t(length)); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 41 | } |
| 42 | |
| 43 | android::status_t writeKeymasterBlob(const hidl_vec<uint8_t>& blob, android::Parcel* out) { |
| 44 | int32_t size = int32_t(std::min<size_t>(blob.size(), std::numeric_limits<int32_t>::max())); |
| 45 | |
| 46 | auto rc = out->writeInt32(size); |
| 47 | if (rc != ::android::OK) return rc; |
| 48 | |
| 49 | if (!size) return ::android::OK; |
| 50 | |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 51 | return out->write(blob.data(), size); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 52 | } |
| 53 | |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 54 | android::status_t writeKeymasterBlob(const ::std::vector<int32_t>& blob, android::Parcel* out) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 55 | |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 56 | int32_t size = int32_t(std::min<size_t>(blob.size(), std::numeric_limits<int32_t>::max())); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 57 | |
| 58 | auto rc = out->writeInt32(size); |
| 59 | if (rc != ::android::OK) return rc; |
| 60 | |
| 61 | if (!size) return ::android::OK; |
| 62 | |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 63 | return out->write(blob.data(), size); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 64 | } |
| 65 | |
| 66 | NullOr<KeyParameter> readKeyParameterFromParcel(const android::Parcel& in) { |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 67 | // Method must be in sync with KeymasterArgument.java |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 68 | if (in.readInt32() == 0) { |
| 69 | return {}; |
| 70 | } |
| 71 | KeyParameter result; |
| 72 | |
| 73 | Tag tag = static_cast<Tag>(in.readInt32()); |
| 74 | result.tag = tag; |
| 75 | switch (typeFromTag(tag)) { |
| 76 | case TagType::ENUM: |
| 77 | case TagType::ENUM_REP: |
| 78 | case TagType::UINT: |
| 79 | case TagType::UINT_REP: |
| 80 | result.f.integer = in.readInt32(); |
| 81 | break; |
| 82 | case TagType::ULONG: |
| 83 | case TagType::ULONG_REP: |
| 84 | case TagType::DATE: |
| 85 | result.f.longInteger = in.readInt64(); |
| 86 | break; |
| 87 | case TagType::BOOL: |
| 88 | result.f.boolValue = true; |
| 89 | break; |
| 90 | case TagType::BIGNUM: |
| 91 | case TagType::BYTES: |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 92 | result.blob = readKeymasterBlob(in); // byte array |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 93 | break; |
| 94 | default: |
| 95 | ALOGE("Unsupported KeyParameter tag %d", tag); |
| 96 | return {}; |
| 97 | } |
| 98 | return result; |
| 99 | } |
| 100 | |
| 101 | android::status_t writeKeyParameterToParcel(const KeyParameter& param, android::Parcel* out) { |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 102 | // Method must be in sync with with KeymasterArgument.java |
| 103 | // Presence flag must be written by caller. |
| 104 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 105 | auto tag = param.tag; |
| 106 | auto rc = out->writeInt32(uint32_t(tag)); |
| 107 | if (rc != ::android::OK) return rc; |
| 108 | switch (typeFromTag(param.tag)) { |
| 109 | case TagType::ENUM: |
| 110 | case TagType::ENUM_REP: |
| 111 | case TagType::UINT: |
| 112 | case TagType::UINT_REP: |
| 113 | rc = out->writeInt32(param.f.integer); |
| 114 | break; |
| 115 | case TagType::ULONG: |
| 116 | case TagType::ULONG_REP: |
| 117 | case TagType::DATE: |
| 118 | rc = out->writeInt64(param.f.longInteger); |
| 119 | break; |
| 120 | case TagType::BOOL: |
| 121 | // nothing to do here presence indicates true |
| 122 | break; |
| 123 | case TagType::BIGNUM: |
| 124 | case TagType::BYTES: |
| 125 | rc = writeKeymasterBlob(param.blob, out); |
| 126 | break; |
| 127 | default: |
| 128 | ALOGE("Failed to write KeyParameter: Unsupported tag %d", param.tag); |
| 129 | rc = android::BAD_VALUE; |
| 130 | break; |
| 131 | } |
| 132 | return rc; |
| 133 | } |
| 134 | |
| 135 | hidl_vec<KeyParameter> readParamSetFromParcel(const android::Parcel& in) { |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 136 | |
| 137 | ssize_t length = in.readInt32(); // -1 for null |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 138 | size_t ulength = (size_t)length; |
| 139 | if (length < 0) { |
| 140 | ulength = 0; |
| 141 | } |
| 142 | hidl_vec<KeyParameter> result; |
| 143 | result.resize(ulength); |
| 144 | for (size_t i = 0; i < ulength; ++i) { |
| 145 | auto param = readKeyParameterFromParcel(in); |
| 146 | if (!param.isOk()) { |
| 147 | ALOGE("Error reading KeyParameter from parcel"); |
| 148 | return {}; |
| 149 | } |
| 150 | result[i] = param.value(); |
| 151 | } |
| 152 | return result; |
| 153 | } |
| 154 | |
| 155 | android::status_t writeParamSetToParcel(const hidl_vec<KeyParameter>& params, |
| 156 | android::Parcel* out) { |
| 157 | int32_t size = int32_t(std::min<size_t>(params.size(), std::numeric_limits<int32_t>::max())); |
| 158 | |
| 159 | auto rc = out->writeInt32(size); |
| 160 | if (rc != ::android::OK) return rc; |
| 161 | for (int32_t i = 0; i < size; ++i) { |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 162 | rc = out->writeInt32(1); // writeTypedObject presence flag. |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 163 | if (rc != ::android::OK) return rc; |
| 164 | rc = writeKeyParameterToParcel(params[i], out); |
| 165 | if (rc != ::android::OK) return rc; |
| 166 | } |
| 167 | return rc; |
| 168 | } |
| 169 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 170 | hidl_vec<hidl_vec<uint8_t>> readCertificateChainFromParcel(const android::Parcel& in) { |
| 171 | hidl_vec<hidl_vec<uint8_t>> result; |
| 172 | |
| 173 | ssize_t count = in.readInt32(); |
| 174 | size_t ucount = count; |
| 175 | if (count <= 0) { |
| 176 | return result; |
| 177 | } |
| 178 | |
| 179 | result.resize(ucount); |
| 180 | |
| 181 | for (size_t i = 0; i < ucount; ++i) { |
| 182 | result[i] = readKeymasterBlob(in); |
| 183 | } |
| 184 | return result; |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 185 | }; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 186 | |
| 187 | android::status_t writeCertificateChainToParcel(const hidl_vec<hidl_vec<uint8_t>>& certs, |
| 188 | android::Parcel* out) { |
| 189 | int32_t count = int32_t(std::min<size_t>(certs.size(), std::numeric_limits<int32_t>::max())); |
| 190 | auto rc = out->writeInt32(count); |
| 191 | |
| 192 | for (int32_t i = 0; i < count; ++i) { |
| 193 | rc = writeKeymasterBlob(certs[i], out); |
| 194 | if (rc != ::android::OK) return rc; |
| 195 | } |
| 196 | return rc; |
| 197 | } |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 198 | |
| 199 | }; // namespace keystore |
| 200 | |
| 201 | // Implementation for keystore parcelables. |
| 202 | // TODO: split implementation into separate classes |
| 203 | namespace android { |
| 204 | namespace security { |
| 205 | namespace keymaster { |
| 206 | |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 207 | using ::android::status_t; |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 208 | using ::keystore::keymaster::ErrorCode; |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 209 | |
| 210 | ExportResult::ExportResult() : resultCode() {} |
| 211 | |
| 212 | ExportResult::~ExportResult() {} |
| 213 | |
| 214 | status_t ExportResult::readFromParcel(const Parcel* inn) { |
| 215 | const Parcel& in = *inn; |
| 216 | resultCode = ErrorCode(in.readInt32()); |
| 217 | exportData = keystore::readKeymasterBlob(in); |
| 218 | return OK; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 219 | } |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 220 | |
| 221 | status_t ExportResult::writeToParcel(Parcel* out) const { |
Branden Archer | 7008074 | 2018-11-20 11:04:11 -0800 | [diff] [blame] | 222 | out->writeInt32(resultCode.getErrorCode()); |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 223 | return keystore::writeKeymasterBlob(exportData, out); |
| 224 | } |
| 225 | |
| 226 | status_t KeyCharacteristics::readFromParcel(const Parcel* in) { |
| 227 | softwareEnforced.readFromParcel(in); |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 228 | return hardwareEnforced.readFromParcel(in); |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 229 | } |
| 230 | |
| 231 | status_t KeyCharacteristics::writeToParcel(Parcel* out) const { |
| 232 | softwareEnforced.writeToParcel(out); |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 233 | return hardwareEnforced.writeToParcel(out); |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 234 | } |
| 235 | |
| 236 | status_t KeymasterBlob::readFromParcel(const Parcel* in) { |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 237 | data_ = keystore::readKeymasterBlob(*in); |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 238 | return OK; |
| 239 | } |
| 240 | |
| 241 | status_t KeymasterBlob::writeToParcel(Parcel* out) const { |
| 242 | return keystore::writeKeymasterBlob(data_, out); |
| 243 | } |
| 244 | |
| 245 | status_t KeymasterCertificateChain::readFromParcel(const Parcel* in) { |
| 246 | chain = keystore::readCertificateChainFromParcel(*in); |
| 247 | return OK; |
| 248 | } |
| 249 | |
| 250 | status_t KeymasterCertificateChain::writeToParcel(Parcel* out) const { |
| 251 | return keystore::writeCertificateChainToParcel(chain, out); |
| 252 | } |
| 253 | |
| 254 | } // namespace keymaster |
| 255 | } // namespace security |
| 256 | |
| 257 | } // namespace android |