Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / 9fd05a9a6299e9688c8fcf755516ea254868d187 / . / keystore / keystore.cpp
blob: 24c137aae920cc3bdba9ed96f32c98ab95fd05bb [file] [log] [blame]
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1/*
2 * Copyright (C) 2009 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]17//#define LOG_NDEBUG 0
18#define LOG_TAG "keystore"
19
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]20#include <stdio.h>
21#include <stdint.h>
22#include <string.h>
Elliott Hughesaaf98022015-01-25 08:40:44 -0800[diff] [blame]23#include <strings.h>
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]24#include <unistd.h>
25#include <signal.h>
26#include <errno.h>
27#include <dirent.h>
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]28#include <errno.h>
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]29#include <fcntl.h>
30#include <limits.h>
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]31#include <assert.h>
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]32#include <sys/types.h>
33#include <sys/socket.h>
34#include <sys/stat.h>
35#include <sys/time.h>
36#include <arpa/inet.h>
37
38#include <openssl/aes.h>
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]39#include <openssl/bio.h>
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]40#include <openssl/evp.h>
41#include <openssl/md5.h>
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]42#include <openssl/pem.h>
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]43
Shawn Willden80843db2015-02-24 09:31:25 -0700[diff] [blame]44#include <hardware/keymaster0.h>
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]45
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]46#include <keymaster/softkeymaster.h>
Chad Brubaker67d2a502015-03-11 17:21:18 +0000[diff] [blame]47#include <keymaster/soft_keymaster_device.h>
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]48
Kenny Root26cfc082013-09-11 14:38:56 -0700[diff] [blame]49#include <UniquePtr.h>
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]50#include <utils/String8.h>
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]51#include <utils/Vector.h>
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]52
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]53#include <keystore/IKeystoreService.h>
54#include <binder/IPCThreadState.h>
55#include <binder/IServiceManager.h>
56
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]57#include <cutils/log.h>
58#include <cutils/sockets.h>
59#include <private/android_filesystem_config.h>
60
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]61#include <keystore/keystore.h>
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]62
Riley Spahneaabae92014-06-30 12:39:52 -0700[diff] [blame]63#include <selinux/android.h>
64
Chad Brubakerd80c7b42015-03-31 11:04:28 -0700[diff] [blame]65#include "auth_token_table.h"
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]66#include "defaults.h"
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]67#include "operation.h"
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]68
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]69/* KeyStore is a secured storage for key-value pairs. In this implementation,
70 * each file stores one key-value pair. Keys are encoded in file names, and
71 * values are encrypted with checksums. The encryption key is protected by a
72 * user-defined password. To keep things simple, buffers are always larger than
73 * the maximum space we needed, so boundary checks on buffers are omitted. */
74
75#define KEY_SIZE ((NAME_MAX - 15) / 2)
76#define VALUE_SIZE 32768
77#define PASSWORD_SIZE VALUE_SIZE
78
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]79
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]80struct BIGNUM_Delete {
81 void operator()(BIGNUM* p) const {
82 BN_free(p);
83 }
84};
85typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
86
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]87struct BIO_Delete {
88 void operator()(BIO* p) const {
89 BIO_free(p);
90 }
91};
92typedef UniquePtr<BIO, BIO_Delete> Unique_BIO;
93
94struct EVP_PKEY_Delete {
95 void operator()(EVP_PKEY* p) const {
96 EVP_PKEY_free(p);
97 }
98};
99typedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY;
100
101struct PKCS8_PRIV_KEY_INFO_Delete {
102 void operator()(PKCS8_PRIV_KEY_INFO* p) const {
103 PKCS8_PRIV_KEY_INFO_free(p);
104 }
105};
106typedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO;
107
Shawn Willden80843db2015-02-24 09:31:25 -0700[diff] [blame]108static int keymaster_device_initialize(keymaster0_device_t** dev) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]109 int rc;
110
111 const hw_module_t* mod;
112 rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod);
113 if (rc) {
114 ALOGE("could not find any keystore module");
115 goto out;
116 }
117
Shawn Willden80843db2015-02-24 09:31:25 -0700[diff] [blame]118 rc = keymaster0_open(mod, dev);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]119 if (rc) {
120 ALOGE("could not open keymaster device in %s (%s)",
121 KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc));
122 goto out;
123 }
124
125 return 0;
126
127out:
128 *dev = NULL;
129 return rc;
130}
131
Chad Brubaker67d2a502015-03-11 17:21:18 +0000[diff] [blame]132static int fallback_keymaster_device_initialize(keymaster1_device_t** dev) {
133 keymaster::SoftKeymasterDevice* softkeymaster =
134 new keymaster::SoftKeymasterDevice();
Shawn Willden9fd05a92015-04-30 11:01:19 -0600[diff] [blame^]135 *dev = softkeymaster->keymaster_device();
136 // softkeymaster will be freed by *dev->close_device; don't delete here.
Chad Brubakerfc18edc2015-01-12 15:17:18 -0800[diff] [blame]137 return 0;
Chad Brubakerfc18edc2015-01-12 15:17:18 -0800[diff] [blame]138}
139
Shawn Willden80843db2015-02-24 09:31:25 -0700[diff] [blame]140static void keymaster_device_release(keymaster0_device_t* dev) {
141 keymaster0_close(dev);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]142}
143
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]144/***************
145 * PERMISSIONS *
146 ***************/
147
148/* Here are the permissions, actions, users, and the main function. */
149typedef enum {
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]150 P_TEST = 1 << 0,
151 P_GET = 1 << 1,
152 P_INSERT = 1 << 2,
153 P_DELETE = 1 << 3,
154 P_EXIST = 1 << 4,
155 P_SAW = 1 << 5,
156 P_RESET = 1 << 6,
157 P_PASSWORD = 1 << 7,
158 P_LOCK = 1 << 8,
159 P_UNLOCK = 1 << 9,
160 P_ZERO = 1 << 10,
161 P_SIGN = 1 << 11,
162 P_VERIFY = 1 << 12,
163 P_GRANT = 1 << 13,
164 P_DUPLICATE = 1 << 14,
165 P_CLEAR_UID = 1 << 15,
166 P_RESET_UID = 1 << 16,
167 P_SYNC_UID = 1 << 17,
168 P_PASSWORD_UID = 1 << 18,
Chad Brubakerd80c7b42015-03-31 11:04:28 -0700[diff] [blame]169 P_ADD_AUTH = 1 << 19,
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]170} perm_t;
171
172static struct user_euid {
173 uid_t uid;
174 uid_t euid;
175} user_euids[] = {
176 {AID_VPN, AID_SYSTEM},
177 {AID_WIFI, AID_SYSTEM},
178 {AID_ROOT, AID_SYSTEM},
179};
180
Riley Spahneaabae92014-06-30 12:39:52 -0700[diff] [blame]181/* perm_labels associcated with keystore_key SELinux class verbs. */
182const char *perm_labels[] = {
183 "test",
184 "get",
185 "insert",
186 "delete",
187 "exist",
188 "saw",
189 "reset",
190 "password",
191 "lock",
192 "unlock",
193 "zero",
194 "sign",
195 "verify",
196 "grant",
197 "duplicate",
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]198 "clear_uid",
199 "reset_uid",
200 "sync_uid",
201 "password_uid",
Chad Brubakerd80c7b42015-03-31 11:04:28 -0700[diff] [blame]202 "add_auth",
Riley Spahneaabae92014-06-30 12:39:52 -0700[diff] [blame]203};
204
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]205static struct user_perm {
206 uid_t uid;
207 perm_t perms;
208} user_perms[] = {
209 {AID_SYSTEM, static_cast<perm_t>((uint32_t)(~0)) },
210 {AID_VPN, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY) },
211 {AID_WIFI, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY) },
212 {AID_ROOT, static_cast<perm_t>(P_GET) },
213};
214
215static const perm_t DEFAULT_PERMS = static_cast<perm_t>(P_TEST | P_GET | P_INSERT | P_DELETE | P_EXIST | P_SAW | P_SIGN
216 | P_VERIFY);
217
Riley Spahneaabae92014-06-30 12:39:52 -0700[diff] [blame]218static char *tctx;
219static int ks_is_selinux_enabled;
220
221static const char *get_perm_label(perm_t perm) {
222 unsigned int index = ffs(perm);
223 if (index > 0 && index <= (sizeof(perm_labels) / sizeof(perm_labels[0]))) {
224 return perm_labels[index - 1];
225 } else {
226 ALOGE("Keystore: Failed to retrieve permission label.\n");
227 abort();
228 }
229}
230
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]231/**
232 * Returns the app ID (in the Android multi-user sense) for the current
233 * UNIX UID.
234 */
235static uid_t get_app_id(uid_t uid) {
236 return uid % AID_USER;
237}
238
239/**
240 * Returns the user ID (in the Android multi-user sense) for the current
241 * UNIX UID.
242 */
243static uid_t get_user_id(uid_t uid) {
244 return uid / AID_USER;
245}
246
Chih-Hung Hsieha25b2a32014-09-03 12:14:45 -0700[diff] [blame]247static bool keystore_selinux_check_access(uid_t /*uid*/, perm_t perm, pid_t spid) {
Riley Spahneaabae92014-06-30 12:39:52 -0700[diff] [blame]248 if (!ks_is_selinux_enabled) {
249 return true;
250 }
Nick Kralevich66dbf672014-06-30 17:09:14 +0000[diff] [blame]251
Riley Spahneaabae92014-06-30 12:39:52 -0700[diff] [blame]252 char *sctx = NULL;
253 const char *selinux_class = "keystore_key";
254 const char *str_perm = get_perm_label(perm);
255
256 if (!str_perm) {
257 return false;
258 }
259
260 if (getpidcon(spid, &sctx) != 0) {
261 ALOGE("SELinux: Failed to get source pid context.\n");
262 return false;
263 }
264
265 bool allowed = selinux_check_access(sctx, tctx, selinux_class, str_perm,
266 NULL) == 0;
267 freecon(sctx);
268 return allowed;
269}
270
271static bool has_permission(uid_t uid, perm_t perm, pid_t spid) {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]272 // All system users are equivalent for multi-user support.
273 if (get_app_id(uid) == AID_SYSTEM) {
274 uid = AID_SYSTEM;
275 }
276
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]277 for (size_t i = 0; i < sizeof(user_perms)/sizeof(user_perms[0]); i++) {
278 struct user_perm user = user_perms[i];
279 if (user.uid == uid) {
Riley Spahneaabae92014-06-30 12:39:52 -0700[diff] [blame]280 return (user.perms & perm) &&
281 keystore_selinux_check_access(uid, perm, spid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]282 }
283 }
284
Riley Spahneaabae92014-06-30 12:39:52 -0700[diff] [blame]285 return (DEFAULT_PERMS & perm) &&
286 keystore_selinux_check_access(uid, perm, spid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]287}
288
Kenny Root49468902013-03-19 13:41:33 -0700[diff] [blame]289/**
290 * Returns the UID that the callingUid should act as. This is here for
291 * legacy support of the WiFi and VPN systems and should be removed
292 * when WiFi can operate in its own namespace.
293 */
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]294static uid_t get_keystore_euid(uid_t uid) {
295 for (size_t i = 0; i < sizeof(user_euids)/sizeof(user_euids[0]); i++) {
296 struct user_euid user = user_euids[i];
297 if (user.uid == uid) {
298 return user.euid;
299 }
300 }
301
302 return uid;
303}
304
Kenny Root49468902013-03-19 13:41:33 -0700[diff] [blame]305/**
306 * Returns true if the callingUid is allowed to interact in the targetUid's
307 * namespace.
308 */
309static bool is_granted_to(uid_t callingUid, uid_t targetUid) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]310 if (callingUid == targetUid) {
311 return true;
312 }
Kenny Root49468902013-03-19 13:41:33 -0700[diff] [blame]313 for (size_t i = 0; i < sizeof(user_euids)/sizeof(user_euids[0]); i++) {
314 struct user_euid user = user_euids[i];
315 if (user.euid == callingUid && user.uid == targetUid) {
316 return true;
317 }
318 }
319
320 return false;
321}
322
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]323/* Here is the encoding of keys. This is necessary in order to allow arbitrary
324 * characters in keys. Characters in [0-~] are not encoded. Others are encoded
325 * into two bytes. The first byte is one of [+-.] which represents the first
326 * two bits of the character. The second byte encodes the rest of the bits into
327 * [0-o]. Therefore in the worst case the length of a key gets doubled. Note
328 * that Base64 cannot be used here due to the need of prefix match on keys. */
329
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]330static size_t encode_key_length(const android::String8& keyName) {
331 const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string());
332 size_t length = keyName.length();
333 for (int i = length; i > 0; --i, ++in) {
334 if (*in < '0' || *in > '~') {
335 ++length;
336 }
337 }
338 return length;
339}
340
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]341static int encode_key(char* out, const android::String8& keyName) {
342 const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string());
343 size_t length = keyName.length();
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]344 for (int i = length; i > 0; --i, ++in, ++out) {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]345 if (*in < '0' || *in > '~') {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]346 *out = '+' + (*in >> 6);
347 *++out = '0' + (*in & 0x3F);
348 ++length;
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]349 } else {
350 *out = *in;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]351 }
352 }
353 *out = '\0';
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]354 return length;
355}
356
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]357/*
358 * Converts from the "escaped" format on disk to actual name.
359 * This will be smaller than the input string.
360 *
361 * Characters that should combine with the next at the end will be truncated.
362 */
363static size_t decode_key_length(const char* in, size_t length) {
364 size_t outLength = 0;
365
366 for (const char* end = in + length; in < end; in++) {
367 /* This combines with the next character. */
368 if (*in < '0' || *in > '~') {
369 continue;
370 }
371
372 outLength++;
373 }
374 return outLength;
375}
376
377static void decode_key(char* out, const char* in, size_t length) {
378 for (const char* end = in + length; in < end; in++) {
379 if (*in < '0' || *in > '~') {
380 /* Truncate combining characters at the end. */
381 if (in + 1 >= end) {
382 break;
383 }
384
385 *out = (*in++ - '+') << 6;
386 *out++ |= (*in - '0') & 0x3F;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]387 } else {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]388 *out++ = *in;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]389 }
390 }
391 *out = '\0';
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]392}
393
394static size_t readFully(int fd, uint8_t* data, size_t size) {
395 size_t remaining = size;
396 while (remaining > 0) {
Kenny Root150ca932012-11-14 14:29:02 -0800[diff] [blame]397 ssize_t n = TEMP_FAILURE_RETRY(read(fd, data, remaining));
Kenny Root5281edb2012-11-21 15:14:04 -0800[diff] [blame]398 if (n <= 0) {
Kenny Root150ca932012-11-14 14:29:02 -0800[diff] [blame]399 return size - remaining;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]400 }
401 data += n;
402 remaining -= n;
403 }
404 return size;
405}
406
407static size_t writeFully(int fd, uint8_t* data, size_t size) {
408 size_t remaining = size;
409 while (remaining > 0) {
Kenny Root150ca932012-11-14 14:29:02 -0800[diff] [blame]410 ssize_t n = TEMP_FAILURE_RETRY(write(fd, data, remaining));
411 if (n < 0) {
412 ALOGW("write failed: %s", strerror(errno));
413 return size - remaining;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]414 }
415 data += n;
416 remaining -= n;
417 }
418 return size;
419}
420
421class Entropy {
422public:
423 Entropy() : mRandom(-1) {}
424 ~Entropy() {
Kenny Root150ca932012-11-14 14:29:02 -0800[diff] [blame]425 if (mRandom >= 0) {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]426 close(mRandom);
427 }
428 }
429
430 bool open() {
431 const char* randomDevice = "/dev/urandom";
Kenny Root150ca932012-11-14 14:29:02 -0800[diff] [blame]432 mRandom = TEMP_FAILURE_RETRY(::open(randomDevice, O_RDONLY));
433 if (mRandom < 0) {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]434 ALOGE("open: %s: %s", randomDevice, strerror(errno));
435 return false;
436 }
437 return true;
438 }
439
Kenny Root51878182012-03-13 12:53:19 -0700[diff] [blame]440 bool generate_random_data(uint8_t* data, size_t size) const {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]441 return (readFully(mRandom, data, size) == size);
442 }
443
444private:
445 int mRandom;
446};
447
448/* Here is the file format. There are two parts in blob.value, the secret and
449 * the description. The secret is stored in ciphertext, and its original size
450 * can be found in blob.length. The description is stored after the secret in
451 * plaintext, and its size is specified in blob.info. The total size of the two
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]452 * parts must be no more than VALUE_SIZE bytes. The first field is the version,
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]453 * the second is the blob's type, and the third byte is flags. Fields other
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]454 * than blob.info, blob.length, and blob.value are modified by encryptBlob()
455 * and decryptBlob(). Thus they should not be accessed from outside. */
456
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]457/* ** Note to future implementors of encryption: **
458 * Currently this is the construction:
459 * metadata || Enc(MD5(data) || data)
460 *
461 * This should be the construction used for encrypting if re-implementing:
462 *
463 * Derive independent keys for encryption and MAC:
464 * Kenc = AES_encrypt(masterKey, "Encrypt")
465 * Kmac = AES_encrypt(masterKey, "MAC")
466 *
467 * Store this:
468 * metadata || AES_CTR_encrypt(Kenc, rand_IV, data) ||
469 * HMAC(Kmac, metadata || Enc(data))
470 */
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]471struct __attribute__((packed)) blob {
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]472 uint8_t version;
473 uint8_t type;
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]474 uint8_t flags;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]475 uint8_t info;
476 uint8_t vector[AES_BLOCK_SIZE];
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]477 uint8_t encrypted[0]; // Marks offset to encrypted data.
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]478 uint8_t digest[MD5_DIGEST_LENGTH];
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]479 uint8_t digested[0]; // Marks offset to digested data.
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]480 int32_t length; // in network byte order when encrypted
481 uint8_t value[VALUE_SIZE + AES_BLOCK_SIZE];
482};
483
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]484typedef enum {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]485 TYPE_ANY = 0, // meta type that matches anything
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]486 TYPE_GENERIC = 1,
487 TYPE_MASTER_KEY = 2,
488 TYPE_KEY_PAIR = 3,
Chad Brubaker17d68b92015-02-05 22:04:16 -0800[diff] [blame]489 TYPE_KEYMASTER_10 = 4,
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]490} BlobType;
491
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]492static const uint8_t CURRENT_BLOB_VERSION = 2;
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]493
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]494class Blob {
495public:
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]496 Blob(const uint8_t* value, int32_t valueLength, const uint8_t* info, uint8_t infoLength,
497 BlobType type) {
Alex Klyubin1773b442015-02-20 12:33:33 -0800[diff] [blame]498 memset(&mBlob, 0, sizeof(mBlob));
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]499 mBlob.length = valueLength;
500 memcpy(mBlob.value, value, valueLength);
501
502 mBlob.info = infoLength;
503 memcpy(mBlob.value + valueLength, info, infoLength);
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]504
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]505 mBlob.version = CURRENT_BLOB_VERSION;
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]506 mBlob.type = uint8_t(type);
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]507
Kenny Rootee8068b2013-10-07 09:49:15 -0700[diff] [blame]508 if (type == TYPE_MASTER_KEY) {
509 mBlob.flags = KEYSTORE_FLAG_ENCRYPTED;
510 } else {
511 mBlob.flags = KEYSTORE_FLAG_NONE;
512 }
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]513 }
514
515 Blob(blob b) {
516 mBlob = b;
517 }
518
Alex Klyubin1773b442015-02-20 12:33:33 -0800[diff] [blame]519 Blob() {
520 memset(&mBlob, 0, sizeof(mBlob));
521 }
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]522
Kenny Root51878182012-03-13 12:53:19 -0700[diff] [blame]523 const uint8_t* getValue() const {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]524 return mBlob.value;
525 }
526
Kenny Root51878182012-03-13 12:53:19 -0700[diff] [blame]527 int32_t getLength() const {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]528 return mBlob.length;
529 }
530
Kenny Root51878182012-03-13 12:53:19 -0700[diff] [blame]531 const uint8_t* getInfo() const {
532 return mBlob.value + mBlob.length;
533 }
534
535 uint8_t getInfoLength() const {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]536 return mBlob.info;
537 }
538
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]539 uint8_t getVersion() const {
540 return mBlob.version;
541 }
542
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]543 bool isEncrypted() const {
544 if (mBlob.version < 2) {
545 return true;
546 }
547
548 return mBlob.flags & KEYSTORE_FLAG_ENCRYPTED;
549 }
550
551 void setEncrypted(bool encrypted) {
552 if (encrypted) {
553 mBlob.flags |= KEYSTORE_FLAG_ENCRYPTED;
554 } else {
555 mBlob.flags &= ~KEYSTORE_FLAG_ENCRYPTED;
556 }
557 }
558
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]559 bool isFallback() const {
560 return mBlob.flags & KEYSTORE_FLAG_FALLBACK;
561 }
562
563 void setFallback(bool fallback) {
564 if (fallback) {
565 mBlob.flags |= KEYSTORE_FLAG_FALLBACK;
566 } else {
567 mBlob.flags &= ~KEYSTORE_FLAG_FALLBACK;
568 }
569 }
570
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]571 void setVersion(uint8_t version) {
572 mBlob.version = version;
573 }
574
575 BlobType getType() const {
576 return BlobType(mBlob.type);
577 }
578
579 void setType(BlobType type) {
580 mBlob.type = uint8_t(type);
581 }
582
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]583 ResponseCode writeBlob(const char* filename, AES_KEY *aes_key, State state, Entropy* entropy) {
584 ALOGV("writing blob %s", filename);
585 if (isEncrypted()) {
586 if (state != STATE_NO_ERROR) {
587 ALOGD("couldn't insert encrypted blob while not unlocked");
588 return LOCKED;
589 }
590
591 if (!entropy->generate_random_data(mBlob.vector, AES_BLOCK_SIZE)) {
592 ALOGW("Could not read random data for: %s", filename);
593 return SYSTEM_ERROR;
594 }
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]595 }
596
597 // data includes the value and the value's length
598 size_t dataLength = mBlob.length + sizeof(mBlob.length);
599 // pad data to the AES_BLOCK_SIZE
600 size_t digestedLength = ((dataLength + AES_BLOCK_SIZE - 1)
601 / AES_BLOCK_SIZE * AES_BLOCK_SIZE);
602 // encrypted data includes the digest value
603 size_t encryptedLength = digestedLength + MD5_DIGEST_LENGTH;
604 // move info after space for padding
605 memmove(&mBlob.encrypted[encryptedLength], &mBlob.value[mBlob.length], mBlob.info);
606 // zero padding area
607 memset(mBlob.value + mBlob.length, 0, digestedLength - dataLength);
608
609 mBlob.length = htonl(mBlob.length);
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]610
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]611 if (isEncrypted()) {
612 MD5(mBlob.digested, digestedLength, mBlob.digest);
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]613
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]614 uint8_t vector[AES_BLOCK_SIZE];
615 memcpy(vector, mBlob.vector, AES_BLOCK_SIZE);
616 AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength,
617 aes_key, vector, AES_ENCRYPT);
618 }
619
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]620 size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob);
621 size_t fileLength = encryptedLength + headerLength + mBlob.info;
622
623 const char* tmpFileName = ".tmp";
Kenny Root150ca932012-11-14 14:29:02 -0800[diff] [blame]624 int out = TEMP_FAILURE_RETRY(open(tmpFileName,
625 O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR));
626 if (out < 0) {
627 ALOGW("could not open file: %s: %s", tmpFileName, strerror(errno));
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]628 return SYSTEM_ERROR;
629 }
630 size_t writtenBytes = writeFully(out, (uint8_t*) &mBlob, fileLength);
631 if (close(out) != 0) {
632 return SYSTEM_ERROR;
633 }
634 if (writtenBytes != fileLength) {
Kenny Root150ca932012-11-14 14:29:02 -0800[diff] [blame]635 ALOGW("blob not fully written %zu != %zu", writtenBytes, fileLength);
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]636 unlink(tmpFileName);
637 return SYSTEM_ERROR;
638 }
Kenny Root150ca932012-11-14 14:29:02 -0800[diff] [blame]639 if (rename(tmpFileName, filename) == -1) {
640 ALOGW("could not rename blob to %s: %s", filename, strerror(errno));
641 return SYSTEM_ERROR;
642 }
643 return NO_ERROR;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]644 }
645
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]646 ResponseCode readBlob(const char* filename, AES_KEY *aes_key, State state) {
647 ALOGV("reading blob %s", filename);
Kenny Root150ca932012-11-14 14:29:02 -0800[diff] [blame]648 int in = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
649 if (in < 0) {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]650 return (errno == ENOENT) ? KEY_NOT_FOUND : SYSTEM_ERROR;
651 }
652 // fileLength may be less than sizeof(mBlob) since the in
653 // memory version has extra padding to tolerate rounding up to
654 // the AES_BLOCK_SIZE
655 size_t fileLength = readFully(in, (uint8_t*) &mBlob, sizeof(mBlob));
656 if (close(in) != 0) {
657 return SYSTEM_ERROR;
658 }
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]659
660 if (isEncrypted() && (state != STATE_NO_ERROR)) {
661 return LOCKED;
662 }
663
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]664 size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob);
665 if (fileLength < headerLength) {
666 return VALUE_CORRUPTED;
667 }
668
669 ssize_t encryptedLength = fileLength - (headerLength + mBlob.info);
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]670 if (encryptedLength < 0) {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]671 return VALUE_CORRUPTED;
672 }
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]673
674 ssize_t digestedLength;
675 if (isEncrypted()) {
676 if (encryptedLength % AES_BLOCK_SIZE != 0) {
677 return VALUE_CORRUPTED;
678 }
679
680 AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, aes_key,
681 mBlob.vector, AES_DECRYPT);
682 digestedLength = encryptedLength - MD5_DIGEST_LENGTH;
683 uint8_t computedDigest[MD5_DIGEST_LENGTH];
684 MD5(mBlob.digested, digestedLength, computedDigest);
685 if (memcmp(mBlob.digest, computedDigest, MD5_DIGEST_LENGTH) != 0) {
686 return VALUE_CORRUPTED;
687 }
688 } else {
689 digestedLength = encryptedLength;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]690 }
691
692 ssize_t maxValueLength = digestedLength - sizeof(mBlob.length);
693 mBlob.length = ntohl(mBlob.length);
694 if (mBlob.length < 0 || mBlob.length > maxValueLength) {
695 return VALUE_CORRUPTED;
696 }
697 if (mBlob.info != 0) {
698 // move info from after padding to after data
699 memmove(&mBlob.value[mBlob.length], &mBlob.value[maxValueLength], mBlob.info);
700 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]701 return ::NO_ERROR;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]702 }
703
704private:
705 struct blob mBlob;
706};
707
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]708class UserState {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]709public:
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]710 UserState(uid_t userId) : mUserId(userId), mRetry(MAX_RETRY) {
711 asprintf(&mUserDir, "user_%u", mUserId);
712 asprintf(&mMasterKeyFile, "%s/.masterkey", mUserDir);
713 }
714
715 ~UserState() {
716 free(mUserDir);
717 free(mMasterKeyFile);
718 }
719
720 bool initialize() {
721 if ((mkdir(mUserDir, S_IRUSR | S_IWUSR | S_IXUSR) < 0) && (errno != EEXIST)) {
722 ALOGE("Could not create directory '%s'", mUserDir);
723 return false;
724 }
725
726 if (access(mMasterKeyFile, R_OK) == 0) {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]727 setState(STATE_LOCKED);
728 } else {
729 setState(STATE_UNINITIALIZED);
730 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]731
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]732 return true;
733 }
734
735 uid_t getUserId() const {
736 return mUserId;
737 }
738
739 const char* getUserDirName() const {
740 return mUserDir;
741 }
742
743 const char* getMasterKeyFileName() const {
744 return mMasterKeyFile;
745 }
746
747 void setState(State state) {
748 mState = state;
749 if (mState == STATE_NO_ERROR || mState == STATE_UNINITIALIZED) {
750 mRetry = MAX_RETRY;
751 }
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]752 }
753
Kenny Root51878182012-03-13 12:53:19 -0700[diff] [blame]754 State getState() const {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]755 return mState;
756 }
757
Kenny Root51878182012-03-13 12:53:19 -0700[diff] [blame]758 int8_t getRetry() const {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]759 return mRetry;
760 }
761
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]762 void zeroizeMasterKeysInMemory() {
763 memset(mMasterKey, 0, sizeof(mMasterKey));
764 memset(mSalt, 0, sizeof(mSalt));
765 memset(&mMasterKeyEncryption, 0, sizeof(mMasterKeyEncryption));
766 memset(&mMasterKeyDecryption, 0, sizeof(mMasterKeyDecryption));
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]767 }
768
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]769 ResponseCode initialize(const android::String8& pw, Entropy* entropy) {
770 if (!generateMasterKey(entropy)) {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]771 return SYSTEM_ERROR;
772 }
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]773 ResponseCode response = writeMasterKey(pw, entropy);
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]774 if (response != NO_ERROR) {
775 return response;
776 }
777 setupMasterKeys();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]778 return ::NO_ERROR;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]779 }
780
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]781 ResponseCode copyMasterKey(UserState* src) {
782 if (mState != STATE_UNINITIALIZED) {
783 return ::SYSTEM_ERROR;
784 }
785 if (src->getState() != STATE_NO_ERROR) {
786 return ::SYSTEM_ERROR;
787 }
788 memcpy(mMasterKey, src->mMasterKey, MASTER_KEY_SIZE_BYTES);
789 setupMasterKeys();
790 return ::NO_ERROR;
791 }
792
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]793 ResponseCode writeMasterKey(const android::String8& pw, Entropy* entropy) {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]794 uint8_t passwordKey[MASTER_KEY_SIZE_BYTES];
795 generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, mSalt);
796 AES_KEY passwordAesKey;
797 AES_set_encrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey);
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]798 Blob masterKeyBlob(mMasterKey, sizeof(mMasterKey), mSalt, sizeof(mSalt), TYPE_MASTER_KEY);
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]799 return masterKeyBlob.writeBlob(mMasterKeyFile, &passwordAesKey, STATE_NO_ERROR, entropy);
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]800 }
801
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]802 ResponseCode readMasterKey(const android::String8& pw, Entropy* entropy) {
803 int in = TEMP_FAILURE_RETRY(open(mMasterKeyFile, O_RDONLY));
Kenny Root150ca932012-11-14 14:29:02 -0800[diff] [blame]804 if (in < 0) {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]805 return SYSTEM_ERROR;
806 }
807
808 // we read the raw blob to just to get the salt to generate
809 // the AES key, then we create the Blob to use with decryptBlob
810 blob rawBlob;
811 size_t length = readFully(in, (uint8_t*) &rawBlob, sizeof(rawBlob));
812 if (close(in) != 0) {
813 return SYSTEM_ERROR;
814 }
815 // find salt at EOF if present, otherwise we have an old file
816 uint8_t* salt;
817 if (length > SALT_SIZE && rawBlob.info == SALT_SIZE) {
818 salt = (uint8_t*) &rawBlob + length - SALT_SIZE;
819 } else {
820 salt = NULL;
821 }
822 uint8_t passwordKey[MASTER_KEY_SIZE_BYTES];
823 generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, salt);
824 AES_KEY passwordAesKey;
825 AES_set_decrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey);
826 Blob masterKeyBlob(rawBlob);
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]827 ResponseCode response = masterKeyBlob.readBlob(mMasterKeyFile, &passwordAesKey,
828 STATE_NO_ERROR);
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]829 if (response == SYSTEM_ERROR) {
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]830 return response;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]831 }
832 if (response == NO_ERROR && masterKeyBlob.getLength() == MASTER_KEY_SIZE_BYTES) {
833 // if salt was missing, generate one and write a new master key file with the salt.
834 if (salt == NULL) {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]835 if (!generateSalt(entropy)) {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]836 return SYSTEM_ERROR;
837 }
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]838 response = writeMasterKey(pw, entropy);
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]839 }
840 if (response == NO_ERROR) {
841 memcpy(mMasterKey, masterKeyBlob.getValue(), MASTER_KEY_SIZE_BYTES);
842 setupMasterKeys();
843 }
844 return response;
845 }
846 if (mRetry <= 0) {
847 reset();
848 return UNINITIALIZED;
849 }
850 --mRetry;
851 switch (mRetry) {
852 case 0: return WRONG_PASSWORD_0;
853 case 1: return WRONG_PASSWORD_1;
854 case 2: return WRONG_PASSWORD_2;
855 case 3: return WRONG_PASSWORD_3;
856 default: return WRONG_PASSWORD_3;
857 }
858 }
859
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]860 AES_KEY* getEncryptionKey() {
861 return &mMasterKeyEncryption;
862 }
863
864 AES_KEY* getDecryptionKey() {
865 return &mMasterKeyDecryption;
866 }
867
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]868 bool reset() {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]869 DIR* dir = opendir(getUserDirName());
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]870 if (!dir) {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]871 ALOGW("couldn't open user directory: %s", strerror(errno));
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]872 return false;
873 }
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]874
875 struct dirent* file;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]876 while ((file = readdir(dir)) != NULL) {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]877 // We only care about files.
878 if (file->d_type != DT_REG) {
879 continue;
880 }
881
882 // Skip anything that starts with a "."
Kenny Root931fac02014-07-30 16:39:40 -0700[diff] [blame]883 if (file->d_name[0] == '.' && strcmp(".masterkey", file->d_name)) {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]884 continue;
885 }
886
887 unlinkat(dirfd(dir), file->d_name, 0);
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]888 }
889 closedir(dir);
890 return true;
891 }
892
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]893private:
894 static const int MASTER_KEY_SIZE_BYTES = 16;
895 static const int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8;
896
897 static const int MAX_RETRY = 4;
898 static const size_t SALT_SIZE = 16;
899
900 void generateKeyFromPassword(uint8_t* key, ssize_t keySize, const android::String8& pw,
901 uint8_t* salt) {
902 size_t saltSize;
903 if (salt != NULL) {
904 saltSize = SALT_SIZE;
905 } else {
906 // pre-gingerbread used this hardwired salt, readMasterKey will rewrite these when found
907 salt = (uint8_t*) "keystore";
908 // sizeof = 9, not strlen = 8
909 saltSize = sizeof("keystore");
910 }
911
912 PKCS5_PBKDF2_HMAC_SHA1(reinterpret_cast<const char*>(pw.string()), pw.length(), salt,
913 saltSize, 8192, keySize, key);
914 }
915
916 bool generateSalt(Entropy* entropy) {
917 return entropy->generate_random_data(mSalt, sizeof(mSalt));
918 }
919
920 bool generateMasterKey(Entropy* entropy) {
921 if (!entropy->generate_random_data(mMasterKey, sizeof(mMasterKey))) {
922 return false;
923 }
924 if (!generateSalt(entropy)) {
925 return false;
926 }
927 return true;
928 }
929
930 void setupMasterKeys() {
931 AES_set_encrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyEncryption);
932 AES_set_decrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyDecryption);
933 setState(STATE_NO_ERROR);
934 }
935
936 uid_t mUserId;
937
938 char* mUserDir;
939 char* mMasterKeyFile;
940
941 State mState;
942 int8_t mRetry;
943
944 uint8_t mMasterKey[MASTER_KEY_SIZE_BYTES];
945 uint8_t mSalt[SALT_SIZE];
946
947 AES_KEY mMasterKeyEncryption;
948 AES_KEY mMasterKeyDecryption;
949};
950
951typedef struct {
952 uint32_t uid;
953 const uint8_t* filename;
954} grant_t;
955
956class KeyStore {
957public:
Chad Brubaker67d2a502015-03-11 17:21:18 +0000[diff] [blame]958 KeyStore(Entropy* entropy, keymaster1_device_t* device, keymaster1_device_t* fallback)
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]959 : mEntropy(entropy)
960 , mDevice(device)
Chad Brubakerfc18edc2015-01-12 15:17:18 -0800[diff] [blame]961 , mFallbackDevice(fallback)
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]962 {
963 memset(&mMetaData, '\0', sizeof(mMetaData));
964 }
965
966 ~KeyStore() {
967 for (android::Vector<grant_t*>::iterator it(mGrants.begin());
968 it != mGrants.end(); it++) {
969 delete *it;
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]970 }
haitao fangc35d4eb2013-12-06 11:34:49 +0800[diff] [blame]971 mGrants.clear();
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]972
973 for (android::Vector<UserState*>::iterator it(mMasterKeys.begin());
974 it != mMasterKeys.end(); it++) {
975 delete *it;
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]976 }
haitao fangc35d4eb2013-12-06 11:34:49 +0800[diff] [blame]977 mMasterKeys.clear();
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]978 }
979
Chad Brubaker67d2a502015-03-11 17:21:18 +0000[diff] [blame]980 /**
981 * Depending on the hardware keymaster version is this may return a
982 * keymaster0_device_t* cast to a keymaster1_device_t*. All methods from
983 * keymaster0 are safe to call, calls to keymaster1_device_t methods should
984 * be guarded by a check on the device's version.
985 */
986 keymaster1_device_t *getDevice() const {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]987 return mDevice;
988 }
989
Chad Brubaker67d2a502015-03-11 17:21:18 +0000[diff] [blame]990 keymaster1_device_t *getFallbackDevice() const {
Chad Brubakerfc18edc2015-01-12 15:17:18 -0800[diff] [blame]991 return mFallbackDevice;
992 }
993
Chad Brubaker67d2a502015-03-11 17:21:18 +0000[diff] [blame]994 keymaster1_device_t *getDeviceForBlob(const Blob& blob) const {
Chad Brubakerfc18edc2015-01-12 15:17:18 -0800[diff] [blame]995 return blob.isFallback() ? mFallbackDevice: mDevice;
996 }
997
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]998 ResponseCode initialize() {
999 readMetaData();
1000 if (upgradeKeystore()) {
1001 writeMetaData();
1002 }
1003
1004 return ::NO_ERROR;
1005 }
1006
1007 State getState(uid_t uid) {
1008 return getUserState(uid)->getState();
1009 }
1010
1011 ResponseCode initializeUser(const android::String8& pw, uid_t uid) {
1012 UserState* userState = getUserState(uid);
1013 return userState->initialize(pw, mEntropy);
1014 }
1015
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]1016 ResponseCode copyMasterKey(uid_t src, uid_t uid) {
1017 UserState *userState = getUserState(uid);
1018 UserState *initState = getUserState(src);
1019 return userState->copyMasterKey(initState);
1020 }
1021
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1022 ResponseCode writeMasterKey(const android::String8& pw, uid_t uid) {
Robin Lee50122db2014-08-12 17:31:40 +0100[diff] [blame]1023 UserState* userState = getUserState(uid);
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1024 return userState->writeMasterKey(pw, mEntropy);
1025 }
1026
1027 ResponseCode readMasterKey(const android::String8& pw, uid_t uid) {
Robin Lee50122db2014-08-12 17:31:40 +0100[diff] [blame]1028 UserState* userState = getUserState(uid);
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1029 return userState->readMasterKey(pw, mEntropy);
1030 }
1031
1032 android::String8 getKeyName(const android::String8& keyName) {
Douglas Leunga77e8092013-06-13 16:34:43 -0700[diff] [blame]1033 char encoded[encode_key_length(keyName) + 1]; // add 1 for null char
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1034 encode_key(encoded, keyName);
1035 return android::String8(encoded);
1036 }
1037
1038 android::String8 getKeyNameForUid(const android::String8& keyName, uid_t uid) {
Douglas Leunga77e8092013-06-13 16:34:43 -0700[diff] [blame]1039 char encoded[encode_key_length(keyName) + 1]; // add 1 for null char
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1040 encode_key(encoded, keyName);
1041 return android::String8::format("%u_%s", uid, encoded);
1042 }
1043
1044 android::String8 getKeyNameForUidWithDir(const android::String8& keyName, uid_t uid) {
Douglas Leunga77e8092013-06-13 16:34:43 -0700[diff] [blame]1045 char encoded[encode_key_length(keyName) + 1]; // add 1 for null char
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1046 encode_key(encoded, keyName);
1047 return android::String8::format("%s/%u_%s", getUserState(uid)->getUserDirName(), uid,
1048 encoded);
1049 }
1050
1051 bool reset(uid_t uid) {
Robin Lee4b84fdc2014-09-24 11:56:57 +0100[diff] [blame]1052 android::String8 prefix("");
1053 android::Vector<android::String16> aliases;
1054 if (saw(prefix, &aliases, uid) != ::NO_ERROR) {
1055 return ::SYSTEM_ERROR;
1056 }
1057
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1058 UserState* userState = getUserState(uid);
Robin Lee4b84fdc2014-09-24 11:56:57 +0100[diff] [blame]1059 for (uint32_t i = 0; i < aliases.size(); i++) {
1060 android::String8 filename(aliases[i]);
1061 filename = android::String8::format("%s/%s", userState->getUserDirName(),
1062 getKeyName(filename).string());
1063 del(filename, ::TYPE_ANY, uid);
1064 }
1065
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1066 userState->zeroizeMasterKeysInMemory();
1067 userState->setState(STATE_UNINITIALIZED);
1068 return userState->reset();
1069 }
1070
1071 bool isEmpty(uid_t uid) const {
1072 const UserState* userState = getUserState(uid);
Kenny Root31e27462014-09-10 11:28:03 -0700[diff] [blame]1073 if (userState == NULL || userState->getState() == STATE_UNINITIALIZED) {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1074 return true;
1075 }
1076
1077 DIR* dir = opendir(userState->getUserDirName());
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1078 if (!dir) {
1079 return true;
1080 }
Kenny Root31e27462014-09-10 11:28:03 -0700[diff] [blame]1081
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1082 bool result = true;
Kenny Root31e27462014-09-10 11:28:03 -0700[diff] [blame]1083 struct dirent* file;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1084 while ((file = readdir(dir)) != NULL) {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1085 // We only care about files.
1086 if (file->d_type != DT_REG) {
1087 continue;
1088 }
1089
1090 // Skip anything that starts with a "."
1091 if (file->d_name[0] == '.') {
1092 continue;
1093 }
1094
Kenny Root31e27462014-09-10 11:28:03 -0700[diff] [blame]1095 result = false;
1096 break;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1097 }
1098 closedir(dir);
1099 return result;
1100 }
1101
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1102 void lock(uid_t uid) {
1103 UserState* userState = getUserState(uid);
1104 userState->zeroizeMasterKeysInMemory();
1105 userState->setState(STATE_LOCKED);
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1106 }
1107
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1108 ResponseCode get(const char* filename, Blob* keyBlob, const BlobType type, uid_t uid) {
1109 UserState* userState = getUserState(uid);
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]1110 ResponseCode rc = keyBlob->readBlob(filename, userState->getDecryptionKey(),
1111 userState->getState());
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1112 if (rc != NO_ERROR) {
1113 return rc;
1114 }
1115
1116 const uint8_t version = keyBlob->getVersion();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1117 if (version < CURRENT_BLOB_VERSION) {
Kenny Rootcfeae072013-04-04 08:39:57 -0700[diff] [blame]1118 /* If we upgrade the key, we need to write it to disk again. Then
1119 * it must be read it again since the blob is encrypted each time
1120 * it's written.
1121 */
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1122 if (upgradeBlob(filename, keyBlob, version, type, uid)) {
1123 if ((rc = this->put(filename, keyBlob, uid)) != NO_ERROR
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]1124 || (rc = keyBlob->readBlob(filename, userState->getDecryptionKey(),
1125 userState->getState())) != NO_ERROR) {
Kenny Rootcfeae072013-04-04 08:39:57 -0700[diff] [blame]1126 return rc;
1127 }
1128 }
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1129 }
1130
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]1131 /*
1132 * This will upgrade software-backed keys to hardware-backed keys when
1133 * the HAL for the device supports the newer key types.
1134 */
1135 if (rc == NO_ERROR && type == TYPE_KEY_PAIR
1136 && mDevice->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_0_2
1137 && keyBlob->isFallback()) {
1138 ResponseCode imported = importKey(keyBlob->getValue(), keyBlob->getLength(), filename,
1139 uid, keyBlob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE);
1140
1141 // The HAL allowed the import, reget the key to have the "fresh"
1142 // version.
1143 if (imported == NO_ERROR) {
1144 rc = get(filename, keyBlob, TYPE_KEY_PAIR, uid);
1145 }
1146 }
1147
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]1148 if (type != TYPE_ANY && keyBlob->getType() != type) {
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1149 ALOGW("key found but type doesn't match: %d vs %d", keyBlob->getType(), type);
1150 return KEY_NOT_FOUND;
1151 }
1152
1153 return rc;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1154 }
1155
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1156 ResponseCode put(const char* filename, Blob* keyBlob, uid_t uid) {
1157 UserState* userState = getUserState(uid);
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]1158 return keyBlob->writeBlob(filename, userState->getEncryptionKey(), userState->getState(),
1159 mEntropy);
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1160 }
1161
Robin Lee4b84fdc2014-09-24 11:56:57 +0100[diff] [blame]1162 ResponseCode del(const char *filename, const BlobType type, uid_t uid) {
1163 Blob keyBlob;
1164 ResponseCode rc = get(filename, &keyBlob, type, uid);
1165 if (rc != ::NO_ERROR) {
1166 return rc;
1167 }
1168
1169 if (keyBlob.getType() == ::TYPE_KEY_PAIR) {
1170 // A device doesn't have to implement delete_keypair.
1171 if (mDevice->delete_keypair != NULL && !keyBlob.isFallback()) {
1172 if (mDevice->delete_keypair(mDevice, keyBlob.getValue(), keyBlob.getLength())) {
1173 rc = ::SYSTEM_ERROR;
1174 }
1175 }
1176 }
Chad Brubaker17d68b92015-02-05 22:04:16 -0800[diff] [blame]1177 if (keyBlob.getType() == ::TYPE_KEYMASTER_10) {
1178 keymaster1_device_t* dev = getDeviceForBlob(keyBlob);
1179 if (dev->delete_key) {
1180 keymaster_key_blob_t blob;
1181 blob.key_material = keyBlob.getValue();
1182 blob.key_material_size = keyBlob.getLength();
1183 dev->delete_key(dev, &blob);
1184 }
1185 }
Robin Lee4b84fdc2014-09-24 11:56:57 +0100[diff] [blame]1186 if (rc != ::NO_ERROR) {
1187 return rc;
1188 }
1189
1190 return (unlink(filename) && errno != ENOENT) ? ::SYSTEM_ERROR : ::NO_ERROR;
1191 }
1192
1193 ResponseCode saw(const android::String8& prefix, android::Vector<android::String16> *matches,
1194 uid_t uid) {
1195
1196 UserState* userState = getUserState(uid);
1197 size_t n = prefix.length();
1198
1199 DIR* dir = opendir(userState->getUserDirName());
1200 if (!dir) {
1201 ALOGW("can't open directory for user: %s", strerror(errno));
1202 return ::SYSTEM_ERROR;
1203 }
1204
1205 struct dirent* file;
1206 while ((file = readdir(dir)) != NULL) {
1207 // We only care about files.
1208 if (file->d_type != DT_REG) {
1209 continue;
1210 }
1211
1212 // Skip anything that starts with a "."
1213 if (file->d_name[0] == '.') {
1214 continue;
1215 }
1216
1217 if (!strncmp(prefix.string(), file->d_name, n)) {
1218 const char* p = &file->d_name[n];
1219 size_t plen = strlen(p);
1220
1221 size_t extra = decode_key_length(p, plen);
1222 char *match = (char*) malloc(extra + 1);
1223 if (match != NULL) {
1224 decode_key(match, p, plen);
1225 matches->push(android::String16(match, extra));
1226 free(match);
1227 } else {
1228 ALOGW("could not allocate match of size %zd", extra);
1229 }
1230 }
1231 }
1232 closedir(dir);
1233 return ::NO_ERROR;
1234 }
1235
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1236 void addGrant(const char* filename, uid_t granteeUid) {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1237 const grant_t* existing = getGrant(filename, granteeUid);
1238 if (existing == NULL) {
1239 grant_t* grant = new grant_t;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1240 grant->uid = granteeUid;
Brian Carlstroma8c703d2012-07-17 14:43:46 -0700[diff] [blame]1241 grant->filename = reinterpret_cast<const uint8_t*>(strdup(filename));
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1242 mGrants.add(grant);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1243 }
1244 }
1245
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1246 bool removeGrant(const char* filename, uid_t granteeUid) {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1247 for (android::Vector<grant_t*>::iterator it(mGrants.begin());
1248 it != mGrants.end(); it++) {
1249 grant_t* grant = *it;
1250 if (grant->uid == granteeUid
1251 && !strcmp(reinterpret_cast<const char*>(grant->filename), filename)) {
1252 mGrants.erase(it);
1253 return true;
1254 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1255 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1256 return false;
1257 }
1258
Brian Carlstroma8c703d2012-07-17 14:43:46 -0700[diff] [blame]1259 bool hasGrant(const char* filename, const uid_t uid) const {
1260 return getGrant(filename, uid) != NULL;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1261 }
1262
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]1263 ResponseCode importKey(const uint8_t* key, size_t keyLen, const char* filename, uid_t uid,
1264 int32_t flags) {
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1265 uint8_t* data;
1266 size_t dataLength;
1267 int rc;
1268
1269 if (mDevice->import_keypair == NULL) {
1270 ALOGE("Keymaster doesn't support import!");
1271 return SYSTEM_ERROR;
1272 }
1273
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]1274 bool isFallback = false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1275 rc = mDevice->import_keypair(mDevice, key, keyLen, &data, &dataLength);
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1276 if (rc) {
Kenny Roota39da5a2014-09-25 13:07:24 -0700[diff] [blame]1277 /*
1278 * Maybe the device doesn't support this type of key. Try to use the
1279 * software fallback keymaster implementation. This is a little bit
1280 * lazier than checking the PKCS#8 key type, but the software
1281 * implementation will do that anyway.
1282 */
Chad Brubaker7c1eb752015-02-20 14:08:59 -0800[diff] [blame]1283 rc = mFallbackDevice->import_keypair(mFallbackDevice, key, keyLen, &data, &dataLength);
Kenny Roota39da5a2014-09-25 13:07:24 -0700[diff] [blame]1284 isFallback = true;
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]1285
1286 if (rc) {
1287 ALOGE("Error while importing keypair: %d", rc);
1288 return SYSTEM_ERROR;
1289 }
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1290 }
1291
1292 Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR);
1293 free(data);
1294
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]1295 keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]1296 keyBlob.setFallback(isFallback);
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]1297
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1298 return put(filename, &keyBlob, uid);
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1299 }
1300
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1301 bool isHardwareBacked(const android::String16& keyType) const {
1302 if (mDevice == NULL) {
1303 ALOGW("can't get keymaster device");
1304 return false;
1305 }
1306
1307 if (sRSAKeyType == keyType) {
1308 return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0;
1309 } else {
1310 return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0
1311 && (mDevice->common.module->module_api_version
1312 >= KEYMASTER_MODULE_API_VERSION_0_2);
1313 }
Kenny Root8ddf35a2013-03-29 11:15:50 -0700[diff] [blame]1314 }
1315
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1316 ResponseCode getKeyForName(Blob* keyBlob, const android::String8& keyName, const uid_t uid,
1317 const BlobType type) {
Kenny Root86b16e82013-09-09 11:15:54 -0700[diff] [blame]1318 android::String8 filepath8(getKeyNameForUidWithDir(keyName, uid));
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1319
1320 ResponseCode responseCode = get(filepath8.string(), keyBlob, type, uid);
1321 if (responseCode == NO_ERROR) {
1322 return responseCode;
1323 }
1324
1325 // If this is one of the legacy UID->UID mappings, use it.
1326 uid_t euid = get_keystore_euid(uid);
1327 if (euid != uid) {
Kenny Root86b16e82013-09-09 11:15:54 -0700[diff] [blame]1328 filepath8 = getKeyNameForUidWithDir(keyName, euid);
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1329 responseCode = get(filepath8.string(), keyBlob, type, uid);
1330 if (responseCode == NO_ERROR) {
1331 return responseCode;
1332 }
1333 }
1334
1335 // They might be using a granted key.
Kenny Root86b16e82013-09-09 11:15:54 -0700[diff] [blame]1336 android::String8 filename8 = getKeyName(keyName);
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1337 char* end;
Kenny Root86b16e82013-09-09 11:15:54 -0700[diff] [blame]1338 strtoul(filename8.string(), &end, 10);
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1339 if (end[0] != '_' || end[1] == 0) {
1340 return KEY_NOT_FOUND;
1341 }
Kenny Root86b16e82013-09-09 11:15:54 -0700[diff] [blame]1342 filepath8 = android::String8::format("%s/%s", getUserState(uid)->getUserDirName(),
1343 filename8.string());
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1344 if (!hasGrant(filepath8.string(), uid)) {
1345 return responseCode;
1346 }
1347
1348 // It is a granted key. Try to load it.
1349 return get(filepath8.string(), keyBlob, type, uid);
1350 }
1351
1352 /**
1353 * Returns any existing UserState or creates it if it doesn't exist.
1354 */
1355 UserState* getUserState(uid_t uid) {
1356 uid_t userId = get_user_id(uid);
1357
1358 for (android::Vector<UserState*>::iterator it(mMasterKeys.begin());
1359 it != mMasterKeys.end(); it++) {
1360 UserState* state = *it;
1361 if (state->getUserId() == userId) {
1362 return state;
1363 }
1364 }
1365
1366 UserState* userState = new UserState(userId);
1367 if (!userState->initialize()) {
1368 /* There's not much we can do if initialization fails. Trying to
1369 * unlock the keystore for that user will fail as well, so any
1370 * subsequent request for this user will just return SYSTEM_ERROR.
1371 */
1372 ALOGE("User initialization failed for %u; subsuquent operations will fail", userId);
1373 }
1374 mMasterKeys.add(userState);
1375 return userState;
1376 }
1377
1378 /**
1379 * Returns NULL if the UserState doesn't already exist.
1380 */
1381 const UserState* getUserState(uid_t uid) const {
1382 uid_t userId = get_user_id(uid);
1383
1384 for (android::Vector<UserState*>::const_iterator it(mMasterKeys.begin());
1385 it != mMasterKeys.end(); it++) {
1386 UserState* state = *it;
1387 if (state->getUserId() == userId) {
1388 return state;
1389 }
1390 }
1391
1392 return NULL;
1393 }
1394
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1395private:
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1396 static const char* sOldMasterKey;
1397 static const char* sMetaDataFile;
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1398 static const android::String16 sRSAKeyType;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1399 Entropy* mEntropy;
1400
Chad Brubaker67d2a502015-03-11 17:21:18 +0000[diff] [blame]1401 keymaster1_device_t* mDevice;
1402 keymaster1_device_t* mFallbackDevice;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1403
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1404 android::Vector<UserState*> mMasterKeys;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1405
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1406 android::Vector<grant_t*> mGrants;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1407
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1408 typedef struct {
1409 uint32_t version;
1410 } keystore_metadata_t;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1411
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1412 keystore_metadata_t mMetaData;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1413
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1414 const grant_t* getGrant(const char* filename, uid_t uid) const {
1415 for (android::Vector<grant_t*>::const_iterator it(mGrants.begin());
1416 it != mGrants.end(); it++) {
1417 grant_t* grant = *it;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1418 if (grant->uid == uid
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1419 && !strcmp(reinterpret_cast<const char*>(grant->filename), filename)) {
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1420 return grant;
1421 }
1422 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1423 return NULL;
1424 }
1425
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1426 /**
1427 * Upgrade code. This will upgrade the key from the current version
1428 * to whatever is newest.
1429 */
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1430 bool upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVersion,
1431 const BlobType type, uid_t uid) {
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1432 bool updated = false;
1433 uint8_t version = oldVersion;
1434
1435 /* From V0 -> V1: All old types were unknown */
1436 if (version == 0) {
1437 ALOGV("upgrading to version 1 and setting type %d", type);
1438
1439 blob->setType(type);
1440 if (type == TYPE_KEY_PAIR) {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1441 importBlobAsKey(blob, filename, uid);
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1442 }
1443 version = 1;
1444 updated = true;
1445 }
1446
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]1447 /* From V1 -> V2: All old keys were encrypted */
1448 if (version == 1) {
1449 ALOGV("upgrading to version 2");
1450
1451 blob->setEncrypted(true);
1452 version = 2;
1453 updated = true;
1454 }
1455
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1456 /*
1457 * If we've updated, set the key blob to the right version
1458 * and write it.
Kenny Rootcfeae072013-04-04 08:39:57 -0700[diff] [blame]1459 */
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1460 if (updated) {
1461 ALOGV("updated and writing file %s", filename);
1462 blob->setVersion(version);
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1463 }
Kenny Rootcfeae072013-04-04 08:39:57 -0700[diff] [blame]1464
1465 return updated;
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1466 }
1467
1468 /**
1469 * Takes a blob that is an PEM-encoded RSA key as a byte array and
1470 * converts it to a DER-encoded PKCS#8 for import into a keymaster.
1471 * Then it overwrites the original blob with the new blob
1472 * format that is returned from the keymaster.
1473 */
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1474 ResponseCode importBlobAsKey(Blob* blob, const char* filename, uid_t uid) {
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1475 // We won't even write to the blob directly with this BIO, so const_cast is okay.
1476 Unique_BIO b(BIO_new_mem_buf(const_cast<uint8_t*>(blob->getValue()), blob->getLength()));
1477 if (b.get() == NULL) {
1478 ALOGE("Problem instantiating BIO");
1479 return SYSTEM_ERROR;
1480 }
1481
1482 Unique_EVP_PKEY pkey(PEM_read_bio_PrivateKey(b.get(), NULL, NULL, NULL));
1483 if (pkey.get() == NULL) {
1484 ALOGE("Couldn't read old PEM file");
1485 return SYSTEM_ERROR;
1486 }
1487
1488 Unique_PKCS8_PRIV_KEY_INFO pkcs8(EVP_PKEY2PKCS8(pkey.get()));
1489 int len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), NULL);
1490 if (len < 0) {
1491 ALOGE("Couldn't measure PKCS#8 length");
1492 return SYSTEM_ERROR;
1493 }
1494
Kenny Root70c98892013-02-07 09:10:36 -0800[diff] [blame]1495 UniquePtr<unsigned char[]> pkcs8key(new unsigned char[len]);
1496 uint8_t* tmp = pkcs8key.get();
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1497 if (i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &tmp) != len) {
1498 ALOGE("Couldn't convert to PKCS#8");
1499 return SYSTEM_ERROR;
1500 }
1501
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]1502 ResponseCode rc = importKey(pkcs8key.get(), len, filename, uid,
1503 blob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE);
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1504 if (rc != NO_ERROR) {
1505 return rc;
1506 }
1507
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1508 return get(filename, blob, TYPE_KEY_PAIR, uid);
1509 }
1510
1511 void readMetaData() {
1512 int in = TEMP_FAILURE_RETRY(open(sMetaDataFile, O_RDONLY));
1513 if (in < 0) {
1514 return;
1515 }
1516 size_t fileLength = readFully(in, (uint8_t*) &mMetaData, sizeof(mMetaData));
1517 if (fileLength != sizeof(mMetaData)) {
1518 ALOGI("Metadata file is %zd bytes (%zd experted); upgrade?", fileLength,
1519 sizeof(mMetaData));
1520 }
1521 close(in);
1522 }
1523
1524 void writeMetaData() {
1525 const char* tmpFileName = ".metadata.tmp";
1526 int out = TEMP_FAILURE_RETRY(open(tmpFileName,
1527 O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR));
1528 if (out < 0) {
1529 ALOGE("couldn't write metadata file: %s", strerror(errno));
1530 return;
1531 }
1532 size_t fileLength = writeFully(out, (uint8_t*) &mMetaData, sizeof(mMetaData));
1533 if (fileLength != sizeof(mMetaData)) {
1534 ALOGI("Could only write %zd bytes to metadata file (%zd expected)", fileLength,
1535 sizeof(mMetaData));
1536 }
1537 close(out);
1538 rename(tmpFileName, sMetaDataFile);
1539 }
1540
1541 bool upgradeKeystore() {
1542 bool upgraded = false;
1543
1544 if (mMetaData.version == 0) {
1545 UserState* userState = getUserState(0);
1546
1547 // Initialize first so the directory is made.
1548 userState->initialize();
1549
1550 // Migrate the old .masterkey file to user 0.
1551 if (access(sOldMasterKey, R_OK) == 0) {
1552 if (rename(sOldMasterKey, userState->getMasterKeyFileName()) < 0) {
1553 ALOGE("couldn't migrate old masterkey: %s", strerror(errno));
1554 return false;
1555 }
1556 }
1557
1558 // Initialize again in case we had a key.
1559 userState->initialize();
1560
1561 // Try to migrate existing keys.
1562 DIR* dir = opendir(".");
1563 if (!dir) {
1564 // Give up now; maybe we can upgrade later.
1565 ALOGE("couldn't open keystore's directory; something is wrong");
1566 return false;
1567 }
1568
1569 struct dirent* file;
1570 while ((file = readdir(dir)) != NULL) {
1571 // We only care about files.
1572 if (file->d_type != DT_REG) {
1573 continue;
1574 }
1575
1576 // Skip anything that starts with a "."
1577 if (file->d_name[0] == '.') {
1578 continue;
1579 }
1580
1581 // Find the current file's user.
1582 char* end;
1583 unsigned long thisUid = strtoul(file->d_name, &end, 10);
1584 if (end[0] != '_' || end[1] == 0) {
1585 continue;
1586 }
1587 UserState* otherUser = getUserState(thisUid);
1588 if (otherUser->getUserId() != 0) {
1589 unlinkat(dirfd(dir), file->d_name, 0);
1590 }
1591
1592 // Rename the file into user directory.
1593 DIR* otherdir = opendir(otherUser->getUserDirName());
1594 if (otherdir == NULL) {
1595 ALOGW("couldn't open user directory for rename");
1596 continue;
1597 }
1598 if (renameat(dirfd(dir), file->d_name, dirfd(otherdir), file->d_name) < 0) {
1599 ALOGW("couldn't rename blob: %s: %s", file->d_name, strerror(errno));
1600 }
1601 closedir(otherdir);
1602 }
1603 closedir(dir);
1604
1605 mMetaData.version = 1;
1606 upgraded = true;
1607 }
1608
1609 return upgraded;
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1610 }
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1611};
1612
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1613const char* KeyStore::sOldMasterKey = ".masterkey";
1614const char* KeyStore::sMetaDataFile = ".metadata";
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1615
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]1616const android::String16 KeyStore::sRSAKeyType("RSA");
1617
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1618namespace android {
1619class KeyStoreProxy : public BnKeystoreService, public IBinder::DeathRecipient {
1620public:
1621 KeyStoreProxy(KeyStore* keyStore)
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1622 : mKeyStore(keyStore),
1623 mOperationMap(this)
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1624 {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1625 }
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1626
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]1627 void binderDied(const wp<IBinder>& who) {
1628 auto operations = mOperationMap.getOperationsForToken(who.unsafe_get());
1629 for (auto token: operations) {
1630 abort(token);
1631 }
Kenny Root822c3a92012-03-23 16:34:39 -0700[diff] [blame]1632 }
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1633
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1634 int32_t test() {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1635 if (!checkBinderPermission(P_TEST)) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1636 return ::PERMISSION_DENIED;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1637 }
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1638
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1639 return mKeyStore->getState(IPCThreadState::self()->getCallingUid());
Kenny Root298e7b12012-03-26 13:54:44 -0700[diff] [blame]1640 }
1641
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1642 int32_t get(const String16& name, uint8_t** item, size_t* itemLength) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1643 if (!checkBinderPermission(P_GET)) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1644 return ::PERMISSION_DENIED;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1645 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1646
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1647 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1648 String8 name8(name);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1649 Blob keyBlob;
Nick Kralevich66dbf672014-06-30 17:09:14 +0000[diff] [blame]1650
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1651 ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid,
Kenny Root49468902013-03-19 13:41:33 -0700[diff] [blame]1652 TYPE_GENERIC);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1653 if (responseCode != ::NO_ERROR) {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1654 ALOGW("Could not read %s", name8.string());
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1655 *item = NULL;
1656 *itemLength = 0;
1657 return responseCode;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1658 }
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1659
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1660 *item = (uint8_t*) malloc(keyBlob.getLength());
1661 memcpy(*item, keyBlob.getValue(), keyBlob.getLength());
1662 *itemLength = keyBlob.getLength();
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]1663
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1664 return ::NO_ERROR;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1665 }
1666
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]1667 int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int targetUid,
1668 int32_t flags) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1669 targetUid = getEffectiveUid(targetUid);
1670 int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid,
1671 flags & KEYSTORE_FLAG_ENCRYPTED);
1672 if (result != ::NO_ERROR) {
1673 return result;
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1674 }
1675
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1676 String8 name8(name);
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1677 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid));
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1678
1679 Blob keyBlob(item, itemLength, NULL, 0, ::TYPE_GENERIC);
Kenny Rootee8068b2013-10-07 09:49:15 -0700[diff] [blame]1680 keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
1681
Kenny Rootfa27d5b2013-10-15 09:01:08 -0700[diff] [blame]1682 return mKeyStore->put(filename.string(), &keyBlob, targetUid);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1683 }
1684
Kenny Root49468902013-03-19 13:41:33 -0700[diff] [blame]1685 int32_t del(const String16& name, int targetUid) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1686 targetUid = getEffectiveUid(targetUid);
1687 if (!checkBinderPermission(P_DELETE, targetUid)) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1688 return ::PERMISSION_DENIED;
1689 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1690 String8 name8(name);
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1691 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid));
Chad Brubaker17d68b92015-02-05 22:04:16 -0800[diff] [blame]1692 return mKeyStore->del(filename.string(), ::TYPE_ANY, targetUid);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1693 }
1694
Kenny Root49468902013-03-19 13:41:33 -0700[diff] [blame]1695 int32_t exist(const String16& name, int targetUid) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1696 targetUid = getEffectiveUid(targetUid);
1697 if (!checkBinderPermission(P_EXIST, targetUid)) {
Kenny Rootb88c3eb2013-02-13 14:43:43 -0800[diff] [blame]1698 return ::PERMISSION_DENIED;
1699 }
1700
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1701 String8 name8(name);
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1702 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid));
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1703
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1704 if (access(filename.string(), R_OK) == -1) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1705 return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND;
1706 }
1707 return ::NO_ERROR;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1708 }
1709
Kenny Root49468902013-03-19 13:41:33 -0700[diff] [blame]1710 int32_t saw(const String16& prefix, int targetUid, Vector<String16>* matches) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1711 targetUid = getEffectiveUid(targetUid);
1712 if (!checkBinderPermission(P_SAW, targetUid)) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1713 return ::PERMISSION_DENIED;
1714 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1715 const String8 prefix8(prefix);
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1716 String8 filename(mKeyStore->getKeyNameForUid(prefix8, targetUid));
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1717
Robin Lee4b84fdc2014-09-24 11:56:57 +0100[diff] [blame]1718 if (mKeyStore->saw(filename, matches, targetUid) != ::NO_ERROR) {
1719 return ::SYSTEM_ERROR;
Kenny Root9a53d3e2012-08-14 10:47:54 -0700[diff] [blame]1720 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1721 return ::NO_ERROR;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1722 }
1723
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1724 int32_t reset() {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1725 if (!checkBinderPermission(P_RESET)) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1726 return ::PERMISSION_DENIED;
1727 }
1728
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1729 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Robin Lee4b84fdc2014-09-24 11:56:57 +0100[diff] [blame]1730 return mKeyStore->reset(callingUid) ? ::NO_ERROR : ::SYSTEM_ERROR;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1731 }
1732
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1733 /*
1734 * Here is the history. To improve the security, the parameters to generate the
1735 * master key has been changed. To make a seamless transition, we update the
1736 * file using the same password when the user unlock it for the first time. If
1737 * any thing goes wrong during the transition, the new file will not overwrite
1738 * the old one. This avoids permanent damages of the existing data.
1739 */
1740 int32_t password(const String16& password) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1741 if (!checkBinderPermission(P_PASSWORD)) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1742 return ::PERMISSION_DENIED;
1743 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1744
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1745 const String8 password8(password);
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1746 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1747
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1748 switch (mKeyStore->getState(callingUid)) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1749 case ::STATE_UNINITIALIZED: {
1750 // generate master key, encrypt with password, write to file, initialize mMasterKey*.
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1751 return mKeyStore->initializeUser(password8, callingUid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1752 }
1753 case ::STATE_NO_ERROR: {
1754 // rewrite master key with new password.
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1755 return mKeyStore->writeMasterKey(password8, callingUid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1756 }
1757 case ::STATE_LOCKED: {
1758 // read master key, decrypt with password, initialize mMasterKey*.
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1759 return mKeyStore->readMasterKey(password8, callingUid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1760 }
1761 }
1762 return ::SYSTEM_ERROR;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1763 }
1764
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1765 int32_t lock() {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1766 if (!checkBinderPermission(P_LOCK)) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1767 return ::PERMISSION_DENIED;
1768 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1769
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1770 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1771 State state = mKeyStore->getState(callingUid);
Kenny Root9d45d1c2013-02-14 10:32:30 -0800[diff] [blame]1772 if (state != ::STATE_NO_ERROR) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1773 ALOGD("calling lock in state: %d", state);
1774 return state;
1775 }
1776
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1777 mKeyStore->lock(callingUid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1778 return ::NO_ERROR;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1779 }
1780
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1781 int32_t unlock(const String16& pw) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1782 if (!checkBinderPermission(P_UNLOCK)) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1783 return ::PERMISSION_DENIED;
1784 }
1785
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1786 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1787 State state = mKeyStore->getState(callingUid);
Kenny Root9d45d1c2013-02-14 10:32:30 -0800[diff] [blame]1788 if (state != ::STATE_LOCKED) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1789 ALOGD("calling unlock when not locked");
1790 return state;
1791 }
1792
1793 const String8 password8(pw);
1794 return password(pw);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1795 }
1796
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1797 int32_t zero() {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1798 if (!checkBinderPermission(P_ZERO)) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1799 return -1;
1800 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1801
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1802 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1803 return mKeyStore->isEmpty(callingUid) ? ::KEY_NOT_FOUND : ::NO_ERROR;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1804 }
1805
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1806 int32_t generate(const String16& name, int32_t targetUid, int32_t keyType, int32_t keySize,
1807 int32_t flags, Vector<sp<KeystoreArg> >* args) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1808 targetUid = getEffectiveUid(targetUid);
1809 int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid,
1810 flags & KEYSTORE_FLAG_ENCRYPTED);
1811 if (result != ::NO_ERROR) {
1812 return result;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1813 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1814 uint8_t* data;
1815 size_t dataLength;
1816 int rc;
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]1817 bool isFallback = false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1818
Chad Brubaker67d2a502015-03-11 17:21:18 +0000[diff] [blame]1819 const keymaster1_device_t* device = mKeyStore->getDevice();
1820 const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1821 if (device == NULL) {
1822 return ::SYSTEM_ERROR;
1823 }
1824
1825 if (device->generate_keypair == NULL) {
1826 return ::SYSTEM_ERROR;
1827 }
1828
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]1829 if (keyType == EVP_PKEY_DSA) {
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1830 keymaster_dsa_keygen_params_t dsa_params;
1831 memset(&dsa_params, '\0', sizeof(dsa_params));
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1832
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1833 if (keySize == -1) {
1834 keySize = DSA_DEFAULT_KEY_SIZE;
1835 } else if ((keySize % 64) != 0 || keySize < DSA_MIN_KEY_SIZE
1836 || keySize > DSA_MAX_KEY_SIZE) {
1837 ALOGI("invalid key size %d", keySize);
1838 return ::SYSTEM_ERROR;
1839 }
1840 dsa_params.key_size = keySize;
1841
1842 if (args->size() == 3) {
1843 sp<KeystoreArg> gArg = args->itemAt(0);
1844 sp<KeystoreArg> pArg = args->itemAt(1);
1845 sp<KeystoreArg> qArg = args->itemAt(2);
1846
1847 if (gArg != NULL && pArg != NULL && qArg != NULL) {
1848 dsa_params.generator = reinterpret_cast<const uint8_t*>(gArg->data());
1849 dsa_params.generator_len = gArg->size();
1850
1851 dsa_params.prime_p = reinterpret_cast<const uint8_t*>(pArg->data());
1852 dsa_params.prime_p_len = pArg->size();
1853
1854 dsa_params.prime_q = reinterpret_cast<const uint8_t*>(qArg->data());
1855 dsa_params.prime_q_len = qArg->size();
1856 } else {
1857 ALOGI("not all DSA parameters were read");
1858 return ::SYSTEM_ERROR;
1859 }
1860 } else if (args->size() != 0) {
1861 ALOGI("DSA args must be 3");
1862 return ::SYSTEM_ERROR;
1863 }
1864
Kenny Root1d448c02013-11-21 10:36:53 -0800[diff] [blame]1865 if (isKeyTypeSupported(device, TYPE_DSA)) {
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]1866 rc = device->generate_keypair(device, TYPE_DSA, &dsa_params, &data, &dataLength);
1867 } else {
1868 isFallback = true;
Chad Brubakerfc18edc2015-01-12 15:17:18 -0800[diff] [blame]1869 rc = fallback->generate_keypair(fallback, TYPE_DSA, &dsa_params, &data,
1870 &dataLength);
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]1871 }
1872 } else if (keyType == EVP_PKEY_EC) {
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1873 keymaster_ec_keygen_params_t ec_params;
1874 memset(&ec_params, '\0', sizeof(ec_params));
1875
1876 if (keySize == -1) {
1877 keySize = EC_DEFAULT_KEY_SIZE;
1878 } else if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) {
1879 ALOGI("invalid key size %d", keySize);
1880 return ::SYSTEM_ERROR;
1881 }
1882 ec_params.field_size = keySize;
1883
Kenny Root1d448c02013-11-21 10:36:53 -0800[diff] [blame]1884 if (isKeyTypeSupported(device, TYPE_EC)) {
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]1885 rc = device->generate_keypair(device, TYPE_EC, &ec_params, &data, &dataLength);
1886 } else {
1887 isFallback = true;
Chad Brubakerfc18edc2015-01-12 15:17:18 -0800[diff] [blame]1888 rc = fallback->generate_keypair(fallback, TYPE_EC, &ec_params, &data, &dataLength);
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]1889 }
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1890 } else if (keyType == EVP_PKEY_RSA) {
1891 keymaster_rsa_keygen_params_t rsa_params;
1892 memset(&rsa_params, '\0', sizeof(rsa_params));
1893 rsa_params.public_exponent = RSA_DEFAULT_EXPONENT;
1894
1895 if (keySize == -1) {
1896 keySize = RSA_DEFAULT_KEY_SIZE;
1897 } else if (keySize < RSA_MIN_KEY_SIZE || keySize > RSA_MAX_KEY_SIZE) {
1898 ALOGI("invalid key size %d", keySize);
1899 return ::SYSTEM_ERROR;
1900 }
1901 rsa_params.modulus_size = keySize;
1902
1903 if (args->size() > 1) {
Matteo Franchin6489e022013-12-02 14:46:29 +0000[diff] [blame]1904 ALOGI("invalid number of arguments: %zu", args->size());
Kenny Root96427ba2013-08-16 14:02:41 -0700[diff] [blame]1905 return ::SYSTEM_ERROR;
1906 } else if (args->size() == 1) {
1907 sp<KeystoreArg> pubExpBlob = args->itemAt(0);
1908 if (pubExpBlob != NULL) {
1909 Unique_BIGNUM pubExpBn(
1910 BN_bin2bn(reinterpret_cast<const unsigned char*>(pubExpBlob->data()),
1911 pubExpBlob->size(), NULL));
1912 if (pubExpBn.get() == NULL) {
1913 ALOGI("Could not convert public exponent to BN");
1914 return ::SYSTEM_ERROR;
1915 }
1916 unsigned long pubExp = BN_get_word(pubExpBn.get());
1917 if (pubExp == 0xFFFFFFFFL) {
1918 ALOGI("cannot represent public exponent as a long value");
1919 return ::SYSTEM_ERROR;
1920 }
1921 rsa_params.public_exponent = pubExp;
1922 }
1923 }
1924
1925 rc = device->generate_keypair(device, TYPE_RSA, &rsa_params, &data, &dataLength);
1926 } else {
1927 ALOGW("Unsupported key type %d", keyType);
1928 rc = -1;
1929 }
1930
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1931 if (rc) {
1932 return ::SYSTEM_ERROR;
1933 }
1934
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1935 String8 name8(name);
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1936 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid));
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1937
1938 Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR);
1939 free(data);
1940
Kenny Rootee8068b2013-10-07 09:49:15 -0700[diff] [blame]1941 keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]1942 keyBlob.setFallback(isFallback);
1943
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1944 return mKeyStore->put(filename.string(), &keyBlob, targetUid);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1945 }
1946
Kenny Rootf9119d62013-04-03 09:22:15 -0700[diff] [blame]1947 int32_t import(const String16& name, const uint8_t* data, size_t length, int targetUid,
1948 int32_t flags) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1949 targetUid = getEffectiveUid(targetUid);
1950 int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid,
1951 flags & KEYSTORE_FLAG_ENCRYPTED);
1952 if (result != ::NO_ERROR) {
1953 return result;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1954 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1955 String8 name8(name);
Kenny Root60898892013-04-16 18:08:03 -0700[diff] [blame]1956 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid));
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1957
Kenny Rootfa27d5b2013-10-15 09:01:08 -0700[diff] [blame]1958 return mKeyStore->importKey(data, length, filename.string(), targetUid, flags);
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]1959 }
1960
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1961 int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out,
1962 size_t* outLength) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1963 if (!checkBinderPermission(P_SIGN)) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1964 return ::PERMISSION_DENIED;
1965 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1966
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1967 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1968 Blob keyBlob;
1969 String8 name8(name);
1970
Kenny Rootd38a0b02013-02-13 12:59:14 -0800[diff] [blame]1971 ALOGV("sign %s from uid %d", name8.string(), callingUid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1972
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]1973 ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid,
Kenny Rootd38a0b02013-02-13 12:59:14 -0800[diff] [blame]1974 ::TYPE_KEY_PAIR);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1975 if (responseCode != ::NO_ERROR) {
1976 return responseCode;
1977 }
1978
Chad Brubaker67d2a502015-03-11 17:21:18 +0000[diff] [blame]1979 const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1980 if (device == NULL) {
1981 ALOGE("no keymaster device; cannot sign");
1982 return ::SYSTEM_ERROR;
1983 }
1984
1985 if (device->sign_data == NULL) {
1986 ALOGE("device doesn't implement signing");
1987 return ::SYSTEM_ERROR;
1988 }
1989
1990 keymaster_rsa_sign_params_t params;
1991 params.digest_type = DIGEST_NONE;
1992 params.padding_type = PADDING_NONE;
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]1993 int rc = device->sign_data(device, &params, keyBlob.getValue(), keyBlob.getLength(), data,
Chad Brubakerfc18edc2015-01-12 15:17:18 -0800[diff] [blame]1994 length, out, outLength);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]1995 if (rc) {
1996 ALOGW("device couldn't sign data");
1997 return ::SYSTEM_ERROR;
1998 }
1999
2000 return ::NO_ERROR;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]2001 }
2002
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2003 int32_t verify(const String16& name, const uint8_t* data, size_t dataLength,
2004 const uint8_t* signature, size_t signatureLength) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2005 if (!checkBinderPermission(P_VERIFY)) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2006 return ::PERMISSION_DENIED;
2007 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]2008
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2009 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2010 Blob keyBlob;
2011 String8 name8(name);
2012 int rc;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]2013
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2014 ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid,
Kenny Root49468902013-03-19 13:41:33 -0700[diff] [blame]2015 TYPE_KEY_PAIR);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2016 if (responseCode != ::NO_ERROR) {
2017 return responseCode;
2018 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]2019
Chad Brubaker67d2a502015-03-11 17:21:18 +0000[diff] [blame]2020 const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2021 if (device == NULL) {
2022 return ::SYSTEM_ERROR;
2023 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]2024
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2025 if (device->verify_data == NULL) {
2026 return ::SYSTEM_ERROR;
2027 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]2028
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2029 keymaster_rsa_sign_params_t params;
2030 params.digest_type = DIGEST_NONE;
2031 params.padding_type = PADDING_NONE;
Kenny Root344e0bc2012-08-15 10:44:03 -0700[diff] [blame]2032
Chad Brubakerfc18edc2015-01-12 15:17:18 -0800[diff] [blame]2033 rc = device->verify_data(device, &params, keyBlob.getValue(), keyBlob.getLength(), data,
2034 dataLength, signature, signatureLength);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2035 if (rc) {
2036 return ::SYSTEM_ERROR;
2037 } else {
2038 return ::NO_ERROR;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]2039 }
2040 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2041
2042 /*
2043 * TODO: The abstraction between things stored in hardware and regular blobs
2044 * of data stored on the filesystem should be moved down to keystore itself.
2045 * Unfortunately the Java code that calls this has naming conventions that it
2046 * knows about. Ideally keystore shouldn't be used to store random blobs of
2047 * data.
2048 *
2049 * Until that happens, it's necessary to have a separate "get_pubkey" and
2050 * "del_key" since the Java code doesn't really communicate what it's
2051 * intentions are.
2052 */
2053 int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) {
Kenny Rootd38a0b02013-02-13 12:59:14 -0800[diff] [blame]2054 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2055 if (!checkBinderPermission(P_GET)) {
Kenny Rootd38a0b02013-02-13 12:59:14 -0800[diff] [blame]2056 ALOGW("permission denied for %d: get_pubkey", callingUid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2057 return ::PERMISSION_DENIED;
2058 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2059
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2060 Blob keyBlob;
2061 String8 name8(name);
2062
Kenny Rootd38a0b02013-02-13 12:59:14 -0800[diff] [blame]2063 ALOGV("get_pubkey '%s' from uid %d", name8.string(), callingUid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2064
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2065 ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid,
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2066 TYPE_KEY_PAIR);
2067 if (responseCode != ::NO_ERROR) {
2068 return responseCode;
2069 }
2070
Chad Brubaker67d2a502015-03-11 17:21:18 +0000[diff] [blame]2071 const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2072 if (device == NULL) {
2073 return ::SYSTEM_ERROR;
2074 }
2075
2076 if (device->get_keypair_public == NULL) {
2077 ALOGE("device has no get_keypair_public implementation!");
2078 return ::SYSTEM_ERROR;
2079 }
2080
Kenny Root17208e02013-09-04 13:56:03 -0700[diff] [blame]2081 int rc;
Chad Brubakerfc18edc2015-01-12 15:17:18 -0800[diff] [blame]2082 rc = device->get_keypair_public(device, keyBlob.getValue(), keyBlob.getLength(), pubkey,
2083 pubkeyLength);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2084 if (rc) {
2085 return ::SYSTEM_ERROR;
2086 }
2087
2088 return ::NO_ERROR;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]2089 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2090
Kenny Root49468902013-03-19 13:41:33 -0700[diff] [blame]2091 int32_t del_key(const String16& name, int targetUid) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2092 return del(name, targetUid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2093 }
2094
2095 int32_t grant(const String16& name, int32_t granteeUid) {
Kenny Rootd38a0b02013-02-13 12:59:14 -0800[diff] [blame]2096 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2097 int32_t result = checkBinderPermissionAndKeystoreState(P_GRANT);
2098 if (result != ::NO_ERROR) {
2099 return result;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2100 }
2101
2102 String8 name8(name);
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2103 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid));
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2104
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2105 if (access(filename.string(), R_OK) == -1) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2106 return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND;
2107 }
2108
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2109 mKeyStore->addGrant(filename.string(), granteeUid);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2110 return ::NO_ERROR;
2111 }
2112
2113 int32_t ungrant(const String16& name, int32_t granteeUid) {
Kenny Rootd38a0b02013-02-13 12:59:14 -0800[diff] [blame]2114 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2115 int32_t result = checkBinderPermissionAndKeystoreState(P_GRANT);
2116 if (result != ::NO_ERROR) {
2117 return result;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2118 }
2119
2120 String8 name8(name);
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2121 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid));
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2122
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2123 if (access(filename.string(), R_OK) == -1) {
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2124 return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND;
2125 }
2126
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2127 return mKeyStore->removeGrant(filename.string(), granteeUid) ? ::NO_ERROR : ::KEY_NOT_FOUND;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2128 }
2129
2130 int64_t getmtime(const String16& name) {
Kenny Rootd38a0b02013-02-13 12:59:14 -0800[diff] [blame]2131 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2132 if (!checkBinderPermission(P_GET)) {
Kenny Rootd38a0b02013-02-13 12:59:14 -0800[diff] [blame]2133 ALOGW("permission denied for %d: getmtime", callingUid);
Kenny Root36a9e232013-02-04 14:24:15 -0800[diff] [blame]2134 return -1L;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2135 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2136
2137 String8 name8(name);
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2138 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid));
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2139
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2140 if (access(filename.string(), R_OK) == -1) {
2141 ALOGW("could not access %s for getmtime", filename.string());
Kenny Root36a9e232013-02-04 14:24:15 -0800[diff] [blame]2142 return -1L;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2143 }
2144
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2145 int fd = TEMP_FAILURE_RETRY(open(filename.string(), O_NOFOLLOW, O_RDONLY));
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2146 if (fd < 0) {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2147 ALOGW("could not open %s for getmtime", filename.string());
Kenny Root36a9e232013-02-04 14:24:15 -0800[diff] [blame]2148 return -1L;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2149 }
2150
2151 struct stat s;
2152 int ret = fstat(fd, &s);
2153 close(fd);
2154 if (ret == -1) {
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2155 ALOGW("could not stat %s for getmtime", filename.string());
Kenny Root36a9e232013-02-04 14:24:15 -0800[diff] [blame]2156 return -1L;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2157 }
2158
Kenny Root36a9e232013-02-04 14:24:15 -0800[diff] [blame]2159 return static_cast<int64_t>(s.st_mtime);
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2160 }
2161
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]2162 int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
2163 int32_t destUid) {
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]2164 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Riley Spahneaabae92014-06-30 12:39:52 -0700[diff] [blame]2165 pid_t spid = IPCThreadState::self()->getCallingPid();
2166 if (!has_permission(callingUid, P_DUPLICATE, spid)) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]2167 ALOGW("permission denied for %d: duplicate", callingUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]2168 return -1L;
2169 }
2170
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2171 State state = mKeyStore->getState(callingUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]2172 if (!isKeystoreUnlocked(state)) {
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]2173 ALOGD("calling duplicate in state: %d", state);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]2174 return state;
2175 }
2176
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]2177 if (srcUid == -1 || static_cast<uid_t>(srcUid) == callingUid) {
2178 srcUid = callingUid;
2179 } else if (!is_granted_to(callingUid, srcUid)) {
2180 ALOGD("migrate not granted from source: %d -> %d", callingUid, srcUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]2181 return ::PERMISSION_DENIED;
2182 }
2183
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]2184 if (destUid == -1) {
2185 destUid = callingUid;
2186 }
2187
2188 if (srcUid != destUid) {
2189 if (static_cast<uid_t>(srcUid) != callingUid) {
2190 ALOGD("can only duplicate from caller to other or to same uid: "
2191 "calling=%d, srcUid=%d, destUid=%d", callingUid, srcUid, destUid);
2192 return ::PERMISSION_DENIED;
2193 }
2194
2195 if (!is_granted_to(callingUid, destUid)) {
2196 ALOGD("duplicate not granted to dest: %d -> %d", callingUid, destUid);
2197 return ::PERMISSION_DENIED;
2198 }
2199 }
2200
2201 String8 source8(srcKey);
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2202 String8 sourceFile(mKeyStore->getKeyNameForUidWithDir(source8, srcUid));
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]2203
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]2204 String8 target8(destKey);
Kenny Rootfa27d5b2013-10-15 09:01:08 -0700[diff] [blame]2205 String8 targetFile(mKeyStore->getKeyNameForUidWithDir(target8, destUid));
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]2206
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2207 if (access(targetFile.string(), W_OK) != -1 || errno != ENOENT) {
2208 ALOGD("destination already exists: %s", targetFile.string());
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]2209 return ::SYSTEM_ERROR;
2210 }
2211
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]2212 Blob keyBlob;
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]2213 ResponseCode responseCode = mKeyStore->get(sourceFile.string(), &keyBlob, TYPE_ANY,
Kenny Rootfa27d5b2013-10-15 09:01:08 -0700[diff] [blame]2214 srcUid);
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]2215 if (responseCode != ::NO_ERROR) {
2216 return responseCode;
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]2217 }
Kenny Rootd53bc922013-03-21 14:10:15 -0700[diff] [blame]2218
Kenny Rootfa27d5b2013-10-15 09:01:08 -0700[diff] [blame]2219 return mKeyStore->put(targetFile.string(), &keyBlob, destUid);
Kenny Root02254072013-03-20 11:48:19 -0700[diff] [blame]2220 }
2221
Kenny Root1b0e3932013-09-05 13:06:32 -0700[diff] [blame]2222 int32_t is_hardware_backed(const String16& keyType) {
2223 return mKeyStore->isHardwareBacked(keyType) ? 1 : 0;
Kenny Root8ddf35a2013-03-29 11:15:50 -0700[diff] [blame]2224 }
2225
Kenny Rootfa27d5b2013-10-15 09:01:08 -0700[diff] [blame]2226 int32_t clear_uid(int64_t targetUid64) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2227 uid_t targetUid = getEffectiveUid(targetUid64);
2228 if (!checkBinderPermission(P_CLEAR_UID, targetUid)) {
Kenny Roota9bb5492013-04-01 16:29:11 -0700[diff] [blame]2229 return ::PERMISSION_DENIED;
2230 }
2231
Robin Lee4b84fdc2014-09-24 11:56:57 +0100[diff] [blame]2232 String8 prefix = String8::format("%u_", targetUid);
2233 Vector<String16> aliases;
2234 if (mKeyStore->saw(prefix, &aliases, targetUid) != ::NO_ERROR) {
Kenny Roota9bb5492013-04-01 16:29:11 -0700[diff] [blame]2235 return ::SYSTEM_ERROR;
2236 }
2237
Robin Lee4b84fdc2014-09-24 11:56:57 +0100[diff] [blame]2238 for (uint32_t i = 0; i < aliases.size(); i++) {
2239 String8 name8(aliases[i]);
2240 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid));
2241 mKeyStore->del(filename.string(), ::TYPE_ANY, targetUid);
Kenny Roota9bb5492013-04-01 16:29:11 -0700[diff] [blame]2242 }
Robin Lee4b84fdc2014-09-24 11:56:57 +0100[diff] [blame]2243 return ::NO_ERROR;
Kenny Roota9bb5492013-04-01 16:29:11 -0700[diff] [blame]2244 }
2245
Robin Lee4b84fdc2014-09-24 11:56:57 +0100[diff] [blame]2246 int32_t reset_uid(int32_t targetUid) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2247 targetUid = getEffectiveUid(targetUid);
2248 if (!checkBinderPermission(P_RESET_UID, targetUid)) {
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]2249 return ::PERMISSION_DENIED;
2250 }
Chad Brubakerbbc76482015-04-16 15:16:44 -0700[diff] [blame]2251 // Flush the auth token table to prevent stale tokens from sticking
2252 // around.
2253 mAuthTokenTable.Clear();
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]2254
Robin Lee4b84fdc2014-09-24 11:56:57 +0100[diff] [blame]2255 return mKeyStore->reset(targetUid) ? ::NO_ERROR : ::SYSTEM_ERROR;
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]2256 }
2257
2258 int32_t sync_uid(int32_t sourceUid, int32_t targetUid) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2259 if (!checkBinderPermission(P_SYNC_UID, targetUid)) {
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]2260 return ::PERMISSION_DENIED;
2261 }
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2262
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]2263 if (sourceUid == targetUid) {
2264 return ::SYSTEM_ERROR;
2265 }
2266
2267 // Initialise user keystore with existing master key held in-memory
2268 return mKeyStore->copyMasterKey(sourceUid, targetUid);
2269 }
2270
2271 int32_t password_uid(const String16& pw, int32_t targetUid) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2272 targetUid = getEffectiveUid(targetUid);
2273 if (!checkBinderPermission(P_PASSWORD, targetUid)) {
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]2274 return ::PERMISSION_DENIED;
2275 }
Robin Lee4e865752014-08-19 17:37:55 +0100[diff] [blame]2276 const String8 password8(pw);
2277
2278 switch (mKeyStore->getState(targetUid)) {
2279 case ::STATE_UNINITIALIZED: {
2280 // generate master key, encrypt with password, write to file, initialize mMasterKey*.
2281 return mKeyStore->initializeUser(password8, targetUid);
2282 }
2283 case ::STATE_NO_ERROR: {
2284 // rewrite master key with new password.
2285 return mKeyStore->writeMasterKey(password8, targetUid);
2286 }
2287 case ::STATE_LOCKED: {
2288 // read master key, decrypt with password, initialize mMasterKey*.
2289 return mKeyStore->readMasterKey(password8, targetUid);
2290 }
2291 }
2292 return ::SYSTEM_ERROR;
2293 }
2294
Chad Brubaker9c8612c2015-02-09 11:32:54 -0800[diff] [blame]2295 int32_t addRngEntropy(const uint8_t* data, size_t dataLength) {
2296 const keymaster1_device_t* device = mKeyStore->getDevice();
2297 const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice();
2298 int32_t devResult = KM_ERROR_UNIMPLEMENTED;
2299 int32_t fallbackResult = KM_ERROR_UNIMPLEMENTED;
2300 if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 &&
2301 device->add_rng_entropy != NULL) {
2302 devResult = device->add_rng_entropy(device, data, dataLength);
2303 }
2304 if (fallback->add_rng_entropy) {
2305 fallbackResult = fallback->add_rng_entropy(fallback, data, dataLength);
2306 }
2307 if (devResult) {
2308 return devResult;
2309 }
2310 if (fallbackResult) {
2311 return fallbackResult;
2312 }
2313 return ::NO_ERROR;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]2314 }
2315
Chad Brubaker17d68b92015-02-05 22:04:16 -0800[diff] [blame]2316 int32_t generateKey(const String16& name, const KeymasterArguments& params,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]2317 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
2318 KeyCharacteristics* outCharacteristics) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2319 uid = getEffectiveUid(uid);
2320 int rc = checkBinderPermissionAndKeystoreState(P_INSERT, uid,
2321 flags & KEYSTORE_FLAG_ENCRYPTED);
2322 if (rc != ::NO_ERROR) {
2323 return rc;
Chad Brubaker17d68b92015-02-05 22:04:16 -0800[diff] [blame]2324 }
2325
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2326 rc = KM_ERROR_UNIMPLEMENTED;
Chad Brubaker17d68b92015-02-05 22:04:16 -0800[diff] [blame]2327 bool isFallback = false;
2328 keymaster_key_blob_t blob;
2329 keymaster_key_characteristics_t *out = NULL;
2330
2331 const keymaster1_device_t* device = mKeyStore->getDevice();
2332 const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice();
2333 if (device == NULL) {
2334 return ::SYSTEM_ERROR;
2335 }
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]2336 // TODO: Seed from Linux RNG before this.
Chad Brubaker17d68b92015-02-05 22:04:16 -0800[diff] [blame]2337 if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 &&
2338 device->generate_key != NULL) {
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]2339 if (!entropy) {
2340 rc = KM_ERROR_OK;
2341 } else if (device->add_rng_entropy) {
2342 rc = device->add_rng_entropy(device, entropy, entropyLength);
2343 } else {
2344 rc = KM_ERROR_UNIMPLEMENTED;
2345 }
2346 if (rc == KM_ERROR_OK) {
2347 rc = device->generate_key(device, params.params.data(), params.params.size(),
2348 &blob, &out);
2349 }
Chad Brubaker17d68b92015-02-05 22:04:16 -0800[diff] [blame]2350 }
2351 // If the HW device didn't support generate_key or generate_key failed
2352 // fall back to the software implementation.
2353 if (rc && fallback->generate_key != NULL) {
2354 isFallback = true;
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]2355 if (!entropy) {
2356 rc = KM_ERROR_OK;
2357 } else if (fallback->add_rng_entropy) {
2358 rc = fallback->add_rng_entropy(fallback, entropy, entropyLength);
2359 } else {
2360 rc = KM_ERROR_UNIMPLEMENTED;
2361 }
2362 if (rc == KM_ERROR_OK) {
2363 rc = fallback->generate_key(fallback, params.params.data(), params.params.size(),
2364 &blob,
2365 &out);
2366 }
Chad Brubaker17d68b92015-02-05 22:04:16 -0800[diff] [blame]2367 }
2368
2369 if (out) {
2370 if (outCharacteristics) {
2371 outCharacteristics->characteristics = *out;
2372 } else {
2373 keymaster_free_characteristics(out);
2374 }
2375 free(out);
2376 }
2377
2378 if (rc) {
2379 return rc;
2380 }
2381
2382 String8 name8(name);
2383 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid));
2384
2385 Blob keyBlob(blob.key_material, blob.key_material_size, NULL, 0, ::TYPE_KEYMASTER_10);
2386 keyBlob.setFallback(isFallback);
2387 keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
2388
2389 free(const_cast<uint8_t*>(blob.key_material));
2390
2391 return mKeyStore->put(filename.string(), &keyBlob, uid);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]2392 }
2393
Chad Brubakerf3f071f2015-02-10 19:38:51 -0800[diff] [blame]2394 int32_t getKeyCharacteristics(const String16& name,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]2395 const keymaster_blob_t* clientId,
2396 const keymaster_blob_t* appData,
Chad Brubakerf3f071f2015-02-10 19:38:51 -0800[diff] [blame]2397 KeyCharacteristics* outCharacteristics) {
Chad Brubakerf3f071f2015-02-10 19:38:51 -0800[diff] [blame]2398 if (!outCharacteristics) {
2399 return KM_ERROR_UNEXPECTED_NULL_POINTER;
2400 }
2401
2402 uid_t callingUid = IPCThreadState::self()->getCallingUid();
2403
2404 Blob keyBlob;
2405 String8 name8(name);
2406 int rc;
2407
2408 ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid,
2409 TYPE_KEYMASTER_10);
2410 if (responseCode != ::NO_ERROR) {
2411 return responseCode;
2412 }
2413 keymaster_key_blob_t key;
2414 key.key_material_size = keyBlob.getLength();
2415 key.key_material = keyBlob.getValue();
2416 keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob);
2417 keymaster_key_characteristics_t *out = NULL;
2418 if (!dev->get_key_characteristics) {
2419 ALOGW("device does not implement get_key_characteristics");
2420 return KM_ERROR_UNIMPLEMENTED;
2421 }
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]2422 rc = dev->get_key_characteristics(dev, &key, clientId, appData, &out);
Chad Brubakerf3f071f2015-02-10 19:38:51 -0800[diff] [blame]2423 if (out) {
2424 outCharacteristics->characteristics = *out;
2425 free(out);
2426 }
2427 return rc ? rc : ::NO_ERROR;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]2428 }
2429
Chad Brubaker4c353cb2015-02-11 14:36:11 -0800[diff] [blame]2430 int32_t importKey(const String16& name, const KeymasterArguments& params,
2431 keymaster_key_format_t format, const uint8_t *keyData,
2432 size_t keyLength, int uid, int flags,
2433 KeyCharacteristics* outCharacteristics) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2434 uid = getEffectiveUid(uid);
2435 int rc = checkBinderPermissionAndKeystoreState(P_INSERT, uid,
2436 flags & KEYSTORE_FLAG_ENCRYPTED);
2437 if (rc != ::NO_ERROR) {
2438 return rc;
Chad Brubaker4c353cb2015-02-11 14:36:11 -0800[diff] [blame]2439 }
2440
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2441 rc = KM_ERROR_UNIMPLEMENTED;
Chad Brubaker4c353cb2015-02-11 14:36:11 -0800[diff] [blame]2442 bool isFallback = false;
2443 keymaster_key_blob_t blob;
2444 keymaster_key_characteristics_t *out = NULL;
2445
2446 const keymaster1_device_t* device = mKeyStore->getDevice();
2447 const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice();
2448 if (device == NULL) {
2449 return ::SYSTEM_ERROR;
2450 }
2451 if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 &&
2452 device->import_key != NULL) {
2453 rc = device->import_key(device, params.params.data(), params.params.size(),
2454 format, keyData, keyLength, &blob, &out);
2455 }
2456 if (rc && fallback->import_key != NULL) {
2457 isFallback = true;
2458 rc = fallback->import_key(fallback, params.params.data(), params.params.size(),
2459 format, keyData, keyLength, &blob, &out);
2460 }
2461 if (out) {
2462 if (outCharacteristics) {
2463 outCharacteristics->characteristics = *out;
2464 } else {
2465 keymaster_free_characteristics(out);
2466 }
2467 free(out);
2468 }
2469 if (rc) {
2470 return rc;
2471 }
2472
2473 String8 name8(name);
2474 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid));
2475
2476 Blob keyBlob(blob.key_material, blob.key_material_size, NULL, 0, ::TYPE_KEYMASTER_10);
2477 keyBlob.setFallback(isFallback);
2478 keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
2479
2480 free((void*) blob.key_material);
2481
2482 return mKeyStore->put(filename.string(), &keyBlob, uid);
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]2483 }
2484
Chad Brubaker07b0cda2015-02-18 15:52:54 -0800[diff] [blame]2485 void exportKey(const String16& name, keymaster_key_format_t format,
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]2486 const keymaster_blob_t* clientId,
2487 const keymaster_blob_t* appData, ExportResult* result) {
Chad Brubaker07b0cda2015-02-18 15:52:54 -0800[diff] [blame]2488
2489 uid_t callingUid = IPCThreadState::self()->getCallingUid();
2490
2491 Blob keyBlob;
2492 String8 name8(name);
2493 int rc;
2494
2495 ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid,
2496 TYPE_KEYMASTER_10);
2497 if (responseCode != ::NO_ERROR) {
2498 result->resultCode = responseCode;
2499 return;
2500 }
2501 keymaster_key_blob_t key;
2502 key.key_material_size = keyBlob.getLength();
2503 key.key_material = keyBlob.getValue();
2504 keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob);
2505 if (!dev->export_key) {
2506 result->resultCode = KM_ERROR_UNIMPLEMENTED;
2507 return;
2508 }
2509 uint8_t* ptr = NULL;
Chad Brubakerd6634422015-03-21 22:36:07 -0700[diff] [blame]2510 rc = dev->export_key(dev, format, &key, clientId, appData,
Chad Brubaker07b0cda2015-02-18 15:52:54 -0800[diff] [blame]2511 &ptr, &result->dataLength);
2512 result->exportData.reset(ptr);
2513 result->resultCode = rc ? rc : ::NO_ERROR;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]2514 }
2515
Chad Brubakerad6514a2015-04-09 14:00:26 -0700[diff] [blame]2516
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2517 void begin(const sp<IBinder>& appToken, const String16& name, keymaster_purpose_t purpose,
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]2518 bool pruneable, const KeymasterArguments& params, const uint8_t* entropy,
2519 size_t entropyLength, KeymasterArguments* outParams, OperationResult* result) {
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2520 if (!result || !outParams) {
2521 ALOGE("Unexpected null arguments to begin()");
2522 return;
2523 }
2524 uid_t callingUid = IPCThreadState::self()->getCallingUid();
2525 if (!pruneable && get_app_id(callingUid) != AID_SYSTEM) {
2526 ALOGE("Non-system uid %d trying to start non-pruneable operation", callingUid);
2527 result->resultCode = ::PERMISSION_DENIED;
2528 return;
2529 }
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2530 if (!checkAllowedOperationParams(params.params)) {
2531 result->resultCode = KM_ERROR_INVALID_ARGUMENT;
2532 return;
2533 }
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2534 Blob keyBlob;
2535 String8 name8(name);
2536 ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid,
2537 TYPE_KEYMASTER_10);
2538 if (responseCode != ::NO_ERROR) {
2539 result->resultCode = responseCode;
2540 return;
2541 }
2542 keymaster_key_blob_t key;
2543 key.key_material_size = keyBlob.getLength();
2544 key.key_material = keyBlob.getValue();
2545 keymaster_key_param_t* out;
2546 size_t outSize;
2547 keymaster_operation_handle_t handle;
2548 keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]2549 keymaster_error_t err = KM_ERROR_UNIMPLEMENTED;
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2550 std::vector<keymaster_key_param_t> opParams(params.params);
Chad Brubakerad6514a2015-04-09 14:00:26 -0700[diff] [blame]2551 Unique_keymaster_key_characteristics characteristics;
2552 characteristics.reset(new keymaster_key_characteristics_t);
2553 err = getOperationCharacteristics(key, dev, opParams, characteristics.get());
2554 if (err) {
2555 result->resultCode = err;
2556 return;
2557 }
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2558 const hw_auth_token_t* authToken = NULL;
2559 int32_t authResult = getAuthToken(characteristics.get(), 0, &authToken,
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2560 /*failOnTokenMissing*/ false);
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2561 // If per-operation auth is needed we need to begin the operation and
2562 // the client will need to authorize that operation before calling
2563 // update. Any other auth issues stop here.
2564 if (authResult != ::NO_ERROR && authResult != ::OP_AUTH_NEEDED) {
2565 result->resultCode = authResult;
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2566 return;
2567 }
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2568 addAuthToParams(&opParams, authToken);
Chad Brubaker154d7692015-03-27 13:59:31 -0700[diff] [blame]2569 // Add entropy to the device first.
2570 if (entropy) {
2571 if (dev->add_rng_entropy) {
2572 err = dev->add_rng_entropy(dev, entropy, entropyLength);
2573 } else {
2574 err = KM_ERROR_UNIMPLEMENTED;
2575 }
2576 if (err) {
2577 result->resultCode = err;
2578 return;
2579 }
2580 }
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2581 err = dev->begin(dev, purpose, &key, opParams.data(), opParams.size(), &out, &outSize,
2582 &handle);
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2583
2584 // If there are too many operations abort the oldest operation that was
2585 // started as pruneable and try again.
2586 while (err == KM_ERROR_TOO_MANY_OPERATIONS && mOperationMap.hasPruneableOperation()) {
2587 sp<IBinder> oldest = mOperationMap.getOldestPruneableOperation();
2588 ALOGD("Ran out of operation handles, trying to prune %p", oldest.get());
2589 if (abort(oldest) != ::NO_ERROR) {
2590 break;
2591 }
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2592 err = dev->begin(dev, purpose, &key, opParams.data(), opParams.size(), &out, &outSize,
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2593 &handle);
2594 }
2595 if (err) {
2596 result->resultCode = err;
2597 return;
2598 }
2599 if (out) {
2600 outParams->params.assign(out, out + outSize);
2601 free(out);
2602 }
2603
Chad Brubakerad6514a2015-04-09 14:00:26 -0700[diff] [blame]2604 sp<IBinder> operationToken = mOperationMap.addOperation(handle, dev, appToken,
2605 characteristics.release(),
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2606 pruneable);
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2607 if (authToken) {
2608 mOperationMap.setOperationAuthToken(operationToken, authToken);
2609 }
2610 // Return the authentication lookup result. If this is a per operation
2611 // auth'd key then the resultCode will be ::OP_AUTH_NEEDED and the
2612 // application should get an auth token using the handle before the
2613 // first call to update, which will fail if keystore hasn't received the
2614 // auth token.
2615 result->resultCode = authResult;
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2616 result->token = operationToken;
Chad Brubakerc3a18562015-03-17 18:21:35 -0700[diff] [blame]2617 result->handle = handle;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]2618 }
2619
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2620 void update(const sp<IBinder>& token, const KeymasterArguments& params, const uint8_t* data,
2621 size_t dataLength, OperationResult* result) {
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2622 if (!checkAllowedOperationParams(params.params)) {
2623 result->resultCode = KM_ERROR_INVALID_ARGUMENT;
2624 return;
2625 }
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2626 const keymaster1_device_t* dev;
2627 keymaster_operation_handle_t handle;
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2628 if (!mOperationMap.getOperation(token, &handle, &dev, NULL)) {
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2629 result->resultCode = KM_ERROR_INVALID_OPERATION_HANDLE;
2630 return;
2631 }
2632 uint8_t* output_buf = NULL;
2633 size_t output_length = 0;
2634 size_t consumed = 0;
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2635 std::vector<keymaster_key_param_t> opParams(params.params);
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2636 int32_t authResult = addOperationAuthTokenIfNeeded(token, &opParams);
2637 if (authResult != ::NO_ERROR) {
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2638 result->resultCode = authResult;
2639 return;
2640 }
2641 keymaster_error_t err = dev->update(dev, handle, opParams.data(), opParams.size(), data,
2642 dataLength, &consumed, &output_buf, &output_length);
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2643 result->data.reset(output_buf);
2644 result->dataLength = output_length;
2645 result->inputConsumed = consumed;
2646 result->resultCode = err ? (int32_t) err : ::NO_ERROR;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]2647 }
2648
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2649 void finish(const sp<IBinder>& token, const KeymasterArguments& params,
2650 const uint8_t* signature, size_t signatureLength, OperationResult* result) {
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2651 if (!checkAllowedOperationParams(params.params)) {
2652 result->resultCode = KM_ERROR_INVALID_ARGUMENT;
2653 return;
2654 }
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2655 const keymaster1_device_t* dev;
2656 keymaster_operation_handle_t handle;
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2657 if (!mOperationMap.getOperation(token, &handle, &dev, NULL)) {
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2658 result->resultCode = KM_ERROR_INVALID_OPERATION_HANDLE;
2659 return;
2660 }
2661 uint8_t* output_buf = NULL;
2662 size_t output_length = 0;
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2663 std::vector<keymaster_key_param_t> opParams(params.params);
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2664 int32_t authResult = addOperationAuthTokenIfNeeded(token, &opParams);
2665 if (authResult != ::NO_ERROR) {
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2666 result->resultCode = authResult;
2667 return;
2668 }
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2669
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2670 keymaster_error_t err = dev->finish(dev, handle, opParams.data(), opParams.size(),
2671 signature, signatureLength, &output_buf,
2672 &output_length);
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2673 // Remove the operation regardless of the result
2674 mOperationMap.removeOperation(token);
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2675 mAuthTokenTable.MarkCompleted(handle);
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2676 result->data.reset(output_buf);
2677 result->dataLength = output_length;
2678 result->resultCode = err ? (int32_t) err : ::NO_ERROR;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]2679 }
2680
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2681 int32_t abort(const sp<IBinder>& token) {
2682 const keymaster1_device_t* dev;
2683 keymaster_operation_handle_t handle;
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2684 if (!mOperationMap.getOperation(token, &handle, &dev, NULL)) {
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2685 return KM_ERROR_INVALID_OPERATION_HANDLE;
2686 }
2687 mOperationMap.removeOperation(token);
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2688 int32_t rc;
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2689 if (!dev->abort) {
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2690 rc = KM_ERROR_UNIMPLEMENTED;
2691 } else {
2692 rc = dev->abort(dev, handle);
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2693 }
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2694 mAuthTokenTable.MarkCompleted(handle);
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2695 if (rc) {
2696 return rc;
2697 }
2698 return ::NO_ERROR;
Chad Brubaker9899d6b2015-02-03 13:03:00 -0800[diff] [blame]2699 }
2700
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]2701 bool isOperationAuthorized(const sp<IBinder>& token) {
2702 const keymaster1_device_t* dev;
2703 keymaster_operation_handle_t handle;
Chad Brubakerad6514a2015-04-09 14:00:26 -0700[diff] [blame]2704 const keymaster_key_characteristics_t* characteristics;
2705 if (!mOperationMap.getOperation(token, &handle, &dev, &characteristics)) {
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]2706 return false;
2707 }
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2708 const hw_auth_token_t* authToken = NULL;
2709 mOperationMap.getOperationAuthToken(token, &authToken);
Chad Brubaker06801e02015-03-31 15:13:13 -0700[diff] [blame]2710 std::vector<keymaster_key_param_t> ignored;
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2711 int32_t authResult = addOperationAuthTokenIfNeeded(token, &ignored);
2712 return authResult == ::NO_ERROR;
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]2713 }
2714
Chad Brubakerd80c7b42015-03-31 11:04:28 -0700[diff] [blame]2715 int32_t addAuthToken(const uint8_t* token, size_t length) {
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2716 if (!checkBinderPermission(P_ADD_AUTH)) {
2717 ALOGW("addAuthToken: permission denied for %d",
2718 IPCThreadState::self()->getCallingUid());
Chad Brubakerd80c7b42015-03-31 11:04:28 -0700[diff] [blame]2719 return ::PERMISSION_DENIED;
2720 }
2721 if (length != sizeof(hw_auth_token_t)) {
2722 return KM_ERROR_INVALID_ARGUMENT;
2723 }
2724 hw_auth_token_t* authToken = new hw_auth_token_t;
2725 memcpy(reinterpret_cast<void*>(authToken), token, sizeof(hw_auth_token_t));
2726 // The table takes ownership of authToken.
2727 mAuthTokenTable.AddAuthenticationToken(authToken);
2728 return ::NO_ERROR;
Chad Brubaker2ed2baa2015-03-21 21:20:10 -0700[diff] [blame]2729 }
2730
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2731private:
Chad Brubaker9489b792015-04-14 11:01:45 -0700[diff] [blame]2732 static const int32_t UID_SELF = -1;
2733
2734 /**
2735 * Get the effective target uid for a binder operation that takes an
2736 * optional uid as the target.
2737 */
2738 inline uid_t getEffectiveUid(int32_t targetUid) {
2739 if (targetUid == UID_SELF) {
2740 return IPCThreadState::self()->getCallingUid();
2741 }
2742 return static_cast<uid_t>(targetUid);
2743 }
2744
2745 /**
2746 * Check if the caller of the current binder method has the required
2747 * permission and if acting on other uids the grants to do so.
2748 */
2749 inline bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF) {
2750 uid_t callingUid = IPCThreadState::self()->getCallingUid();
2751 pid_t spid = IPCThreadState::self()->getCallingPid();
2752 if (!has_permission(callingUid, permission, spid)) {
2753 ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid);
2754 return false;
2755 }
2756 if (!is_granted_to(callingUid, getEffectiveUid(targetUid))) {
2757 ALOGW("uid %d not granted to act for %d", callingUid, targetUid);
2758 return false;
2759 }
2760 return true;
2761 }
2762
2763 /**
2764 * Check if the caller of the current binder method has the required
2765 * permission or the target of the operation is the caller's uid. This is
2766 * for operation where the permission is only for cross-uid activity and all
2767 * uids are allowed to act on their own (ie: clearing all entries for a
2768 * given uid).
2769 */
2770 inline bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid) {
2771 uid_t callingUid = IPCThreadState::self()->getCallingUid();
2772 if (getEffectiveUid(targetUid) == callingUid) {
2773 return true;
2774 } else {
2775 return checkBinderPermission(permission, targetUid);
2776 }
2777 }
2778
2779 /**
2780 * Helper method to check that the caller has the required permission as
2781 * well as the keystore is in the unlocked state if checkUnlocked is true.
2782 *
2783 * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and
2784 * otherwise the state of keystore when not unlocked and checkUnlocked is
2785 * true.
2786 */
2787 inline int32_t checkBinderPermissionAndKeystoreState(perm_t permission, int32_t targetUid = -1,
2788 bool checkUnlocked = true) {
2789 if (!checkBinderPermission(permission, targetUid)) {
2790 return ::PERMISSION_DENIED;
2791 }
2792 State state = mKeyStore->getState(getEffectiveUid(targetUid));
2793 if (checkUnlocked && !isKeystoreUnlocked(state)) {
2794 return state;
2795 }
2796
2797 return ::NO_ERROR;
2798
2799 }
2800
Kenny Root9d45d1c2013-02-14 10:32:30 -0800[diff] [blame]2801 inline bool isKeystoreUnlocked(State state) {
2802 switch (state) {
2803 case ::STATE_NO_ERROR:
2804 return true;
2805 case ::STATE_UNINITIALIZED:
2806 case ::STATE_LOCKED:
2807 return false;
2808 }
2809 return false;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2810 }
2811
Chad Brubaker67d2a502015-03-11 17:21:18 +0000[diff] [blame]2812 bool isKeyTypeSupported(const keymaster1_device_t* device, keymaster_keypair_t keyType) {
Kenny Root1d448c02013-11-21 10:36:53 -0800[diff] [blame]2813 const int32_t device_api = device->common.module->module_api_version;
2814 if (device_api == KEYMASTER_MODULE_API_VERSION_0_2) {
2815 switch (keyType) {
2816 case TYPE_RSA:
2817 case TYPE_DSA:
2818 case TYPE_EC:
2819 return true;
2820 default:
2821 return false;
2822 }
2823 } else if (device_api >= KEYMASTER_MODULE_API_VERSION_0_3) {
2824 switch (keyType) {
2825 case TYPE_RSA:
2826 return true;
2827 case TYPE_DSA:
2828 return device->flags & KEYMASTER_SUPPORTS_DSA;
2829 case TYPE_EC:
2830 return device->flags & KEYMASTER_SUPPORTS_EC;
2831 default:
2832 return false;
2833 }
2834 } else {
2835 return keyType == TYPE_RSA;
2836 }
2837 }
2838
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2839 /**
2840 * Check that all keymaster_key_param_t's provided by the application are
2841 * allowed. Any parameter that keystore adds itself should be disallowed here.
2842 */
2843 bool checkAllowedOperationParams(const std::vector<keymaster_key_param_t>& params) {
2844 for (auto param: params) {
2845 switch (param.tag) {
2846 case KM_TAG_AUTH_TOKEN:
2847 return false;
2848 default:
2849 break;
2850 }
2851 }
2852 return true;
2853 }
2854
2855 keymaster_error_t getOperationCharacteristics(const keymaster_key_blob_t& key,
2856 const keymaster1_device_t* dev,
2857 const std::vector<keymaster_key_param_t>& params,
2858 keymaster_key_characteristics_t* out) {
2859 UniquePtr<keymaster_blob_t> appId;
2860 UniquePtr<keymaster_blob_t> appData;
2861 for (auto param : params) {
2862 if (param.tag == KM_TAG_APPLICATION_ID) {
2863 appId.reset(new keymaster_blob_t);
2864 appId->data = param.blob.data;
2865 appId->data_length = param.blob.data_length;
2866 } else if (param.tag == KM_TAG_APPLICATION_DATA) {
2867 appData.reset(new keymaster_blob_t);
2868 appData->data = param.blob.data;
2869 appData->data_length = param.blob.data_length;
2870 }
2871 }
2872 keymaster_key_characteristics_t* result = NULL;
2873 if (!dev->get_key_characteristics) {
2874 return KM_ERROR_UNIMPLEMENTED;
2875 }
2876 keymaster_error_t error = dev->get_key_characteristics(dev, &key, appId.get(),
2877 appData.get(), &result);
2878 if (result) {
2879 *out = *result;
2880 free(result);
2881 }
2882 return error;
2883 }
2884
2885 /**
2886 * Get the auth token for this operation from the auth token table.
2887 *
2888 * Returns ::NO_ERROR if the auth token was set or none was required.
2889 * ::OP_AUTH_NEEDED if it is a per op authorization, no
2890 * authorization token exists for that operation and
2891 * failOnTokenMissing is false.
2892 * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth
2893 * token for the operation
2894 */
2895 int32_t getAuthToken(const keymaster_key_characteristics_t* characteristics,
2896 keymaster_operation_handle_t handle,
2897 const hw_auth_token_t** authToken,
2898 bool failOnTokenMissing = true) {
2899
2900 std::vector<keymaster_key_param_t> allCharacteristics;
2901 for (size_t i = 0; i < characteristics->sw_enforced.length; i++) {
2902 allCharacteristics.push_back(characteristics->sw_enforced.params[i]);
2903 }
2904 for (size_t i = 0; i < characteristics->hw_enforced.length; i++) {
2905 allCharacteristics.push_back(characteristics->hw_enforced.params[i]);
2906 }
2907 keymaster::AuthTokenTable::Error err =
2908 mAuthTokenTable.FindAuthorization(allCharacteristics.data(),
2909 allCharacteristics.size(), handle, authToken);
2910 switch (err) {
2911 case keymaster::AuthTokenTable::OK:
2912 case keymaster::AuthTokenTable::AUTH_NOT_REQUIRED:
2913 return ::NO_ERROR;
2914 case keymaster::AuthTokenTable::AUTH_TOKEN_NOT_FOUND:
2915 case keymaster::AuthTokenTable::AUTH_TOKEN_EXPIRED:
2916 case keymaster::AuthTokenTable::AUTH_TOKEN_WRONG_SID:
2917 return KM_ERROR_KEY_USER_NOT_AUTHENTICATED;
2918 case keymaster::AuthTokenTable::OP_HANDLE_REQUIRED:
2919 return failOnTokenMissing ? (int32_t) KM_ERROR_KEY_USER_NOT_AUTHENTICATED :
2920 (int32_t) ::OP_AUTH_NEEDED;
2921 default:
2922 ALOGE("Unexpected FindAuthorization return value %d", err);
2923 return KM_ERROR_INVALID_ARGUMENT;
2924 }
2925 }
2926
2927 inline void addAuthToParams(std::vector<keymaster_key_param_t>* params,
2928 const hw_auth_token_t* token) {
2929 if (token) {
2930 params->push_back(keymaster_param_blob(KM_TAG_AUTH_TOKEN,
2931 reinterpret_cast<const uint8_t*>(token),
2932 sizeof(hw_auth_token_t)));
2933 }
2934 }
2935
2936 /**
2937 * Add the auth token for the operation to the param list if the operation
2938 * requires authorization. Uses the cached result in the OperationMap if available
2939 * otherwise gets the token from the AuthTokenTable and caches the result.
2940 *
2941 * Returns ::NO_ERROR if the auth token was added or not needed.
2942 * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if the operation is not
2943 * authenticated.
2944 * KM_ERROR_INVALID_OPERATION_HANDLE if token is not a valid
2945 * operation token.
2946 */
2947 int32_t addOperationAuthTokenIfNeeded(sp<IBinder> token,
2948 std::vector<keymaster_key_param_t>* params) {
2949 const hw_auth_token_t* authToken = NULL;
Chad Brubaker7169a842015-04-29 19:58:34 -0700[diff] [blame]2950 mOperationMap.getOperationAuthToken(token, &authToken);
2951 if (!authToken) {
Chad Brubaker0cf34a22015-04-23 11:06:16 -0700[diff] [blame]2952 const keymaster1_device_t* dev;
2953 keymaster_operation_handle_t handle;
2954 const keymaster_key_characteristics_t* characteristics = NULL;
2955 if (!mOperationMap.getOperation(token, &handle, &dev, &characteristics)) {
2956 return KM_ERROR_INVALID_OPERATION_HANDLE;
2957 }
2958 int32_t result = getAuthToken(characteristics, handle, &authToken);
2959 if (result != ::NO_ERROR) {
2960 return result;
2961 }
2962 if (authToken) {
2963 mOperationMap.setOperationAuthToken(token, authToken);
2964 }
2965 }
2966 addAuthToParams(params, authToken);
2967 return ::NO_ERROR;
2968 }
2969
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2970 ::KeyStore* mKeyStore;
Chad Brubaker40a1a9b2015-02-20 14:08:13 -0800[diff] [blame]2971 OperationMap mOperationMap;
Chad Brubakerd80c7b42015-03-31 11:04:28 -0700[diff] [blame]2972 keymaster::AuthTokenTable mAuthTokenTable;
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]2973};
2974
2975}; // namespace android
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]2976
2977int main(int argc, char* argv[]) {
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]2978 if (argc < 2) {
2979 ALOGE("A directory must be specified!");
2980 return 1;
2981 }
2982 if (chdir(argv[1]) == -1) {
2983 ALOGE("chdir: %s: %s", argv[1], strerror(errno));
2984 return 1;
2985 }
2986
2987 Entropy entropy;
2988 if (!entropy.open()) {
2989 return 1;
2990 }
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]2991
Shawn Willden80843db2015-02-24 09:31:25 -0700[diff] [blame]2992 keymaster0_device_t* dev;
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]2993 if (keymaster_device_initialize(&dev)) {
2994 ALOGE("keystore keymaster could not be initialized; exiting");
2995 return 1;
2996 }
2997
Chad Brubaker67d2a502015-03-11 17:21:18 +0000[diff] [blame]2998 keymaster1_device_t* fallback;
Chad Brubakerfc18edc2015-01-12 15:17:18 -0800[diff] [blame]2999 if (fallback_keymaster_device_initialize(&fallback)) {
3000 ALOGE("software keymaster could not be initialized; exiting");
3001 return 1;
3002 }
3003
Riley Spahneaabae92014-06-30 12:39:52 -0700[diff] [blame]3004 ks_is_selinux_enabled = is_selinux_enabled();
3005 if (ks_is_selinux_enabled) {
3006 union selinux_callback cb;
3007 cb.func_log = selinux_log_callback;
3008 selinux_set_callback(SELINUX_CB_LOG, cb);
3009 if (getcon(&tctx) != 0) {
3010 ALOGE("SELinux: Could not acquire target context. Aborting keystore.\n");
3011 return -1;
3012 }
3013 } else {
3014 ALOGI("SELinux: Keystore SELinux is disabled.\n");
3015 }
3016
Chad Brubaker67d2a502015-03-11 17:21:18 +0000[diff] [blame]3017 KeyStore keyStore(&entropy, reinterpret_cast<keymaster1_device_t*>(dev), fallback);
Kenny Root655b9582013-04-04 08:37:42 -0700[diff] [blame]3018 keyStore.initialize();
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]3019 android::sp<android::IServiceManager> sm = android::defaultServiceManager();
3020 android::sp<android::KeyStoreProxy> proxy = new android::KeyStoreProxy(&keyStore);
3021 android::status_t ret = sm->addService(android::String16("android.security.keystore"), proxy);
3022 if (ret != android::OK) {
3023 ALOGE("Couldn't register binder service!");
3024 return -1;
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]3025 }
Kenny Root07438c82012-11-02 15:41:02 -0700[diff] [blame]3026
3027 /*
3028 * We're the only thread in existence, so we're just going to process
3029 * Binder transaction as a single-threaded program.
3030 */
3031 android::IPCThreadState::self()->joinThreadPool();
Kenny Root70e3a862012-02-15 17:20:23 -0800[diff] [blame]3032
3033 keymaster_device_release(dev);
Kenny Roota91203b2012-02-15 15:00:46 -0800[diff] [blame]3034 return 1;
3035}