Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / cef39477f9d5f52f716165be8fadcf94cab19b1e^! / . / keystore / KeyStore.cpp
commitcef39477f9d5f52f716165be8fadcf94cab19b1e[log] [tgz]
authorPavel Grafov <pgrafov@google.com>Mon Feb 12 18:45:02 2018 +0000
committerPavel Grafov <pgrafov@google.com>Thu Feb 15 18:20:28 2018 +0000
treeb157374fb2b68cb0028d05bb176063c692bf0e64
parent3bd6a51a6d49e465bcb03a43998f5bd9367fb59c [diff] [blame]
NIAP: Log key integrity failure to audit log.

Logs key integrity violation in two cases:
1. software-detected corruption of key blob.
2. keymaster operation returning INVALID_KEY_BLOB

Changed AES_gcm_decrypt to return VALUE_CORRUPTED on decryption errors
to be consistent with digest check for older version blob.

Bug: 70886042
Test: manual, by patching some bytes in the blob.
Test: cts-tradefed run cts -m CtsKeystoreTestCases
Change-Id: Ic8f6b7a2a49aee01253b429644af409e568d7deb

diff --git a/keystore/KeyStore.cpp b/keystore/KeyStore.cpp
index 0efc4a3..f197d91 100644
--- a/keystore/KeyStore.cpp
+++ b/keystore/KeyStore.cpp

@@ -26,6 +26,7 @@
 #include <utils/String16.h>
 #include <utils/String8.h>
 
+#include <android-base/scopeguard.h>
 #include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
 #include <android/security/IKeystoreService.h>
 #include <log/log_event_list.h>
@@ -36,14 +37,6 @@
 #include "permissions.h"
 #include <keystore/keystore_hidl_support.h>
 
-namespace {
-
-// Tags for audit logging. Be careful and don't log sensitive data.
-// Should be in sync with frameworks/base/core/java/android/app/admin/SecurityLogTags.logtags
-constexpr int SEC_TAG_KEY_DESTROYED = 210026;
-
-}  // anonymous namespace
-
 namespace keystore {
 
 const char* KeyStore::kOldMasterKey = ".masterkey";
@@ -305,10 +298,19 @@
     userState->setState(STATE_LOCKED);
 }
 
+static void maybeLogKeyIntegrityViolation(const char* filename, const BlobType type);
+
 ResponseCode KeyStore::get(const char* filename, Blob* keyBlob, const BlobType type, uid_t userId) {
     UserState* userState = getUserState(userId);
-    ResponseCode rc =
-        keyBlob->readBlob(filename, userState->getEncryptionKey(), userState->getState());
+    ResponseCode rc;
+
+    auto logOnScopeExit = android::base::make_scope_guard([&] {
+        if (rc == ResponseCode::VALUE_CORRUPTED) {
+            maybeLogKeyIntegrityViolation(filename, type);
+        }
+    });
+
+    rc = keyBlob->readBlob(filename, userState->getEncryptionKey(), userState->getState());
     if (rc != ResponseCode::NO_ERROR) {
         return rc;
     }
@@ -837,4 +839,16 @@
     return upgraded;
 }
 
+static void maybeLogKeyIntegrityViolation(const char* filename, const BlobType type) {
+    if (!__android_log_security() || (type != TYPE_KEY_PAIR && type != TYPE_KEYMASTER_10)) return;
+
+    auto uidAlias = filename2UidAlias(filename);
+    uid_t uid = -1;
+    std::string alias;
+
+    if (uidAlias.isOk()) std::tie(uid, alias) = std::move(uidAlias).value();
+
+    log_key_integrity_violation(alias.c_str(), uid);
+}
+
 }  // namespace keystore