blob: 6c3e452252713ba3cbd83b2e244274d8d48e27bc [file] [log] [blame]
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Janis Danisevskis011675d2016-09-01 11:41:29 +010017#define LOG_TAG "keystore"
18
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070019#include "key_store_service.h"
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -070020#include "include/keystore/KeystoreArg.h"
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070021
22#include <fcntl.h>
23#include <sys/stat.h>
24
Janis Danisevskis7612fd42016-09-01 11:50:02 +010025#include <algorithm>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070026#include <sstream>
27
Pavel Grafovff311b42018-01-24 20:34:37 +000028#include <android-base/scopeguard.h>
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +010029#include <binder/IInterface.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070030#include <binder/IPCThreadState.h>
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +010031#include <binder/IPermissionController.h>
32#include <binder/IServiceManager.h>
Pavel Grafovff311b42018-01-24 20:34:37 +000033#include <log/log_event_list.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070034
35#include <private/android_filesystem_config.h>
Pavel Grafovff311b42018-01-24 20:34:37 +000036#include <private/android_logger.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070037
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +010038#include <android/hardware/keymaster/3.0/IHwKeymasterDevice.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070039
40#include "defaults.h"
Max Bires33aac2d2018-02-23 10:53:10 -080041#include "key_proto_handler.h"
Janis Danisevskis18f27ad2016-06-01 13:57:40 -070042#include "keystore_attestation_id.h"
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +010043#include "keystore_keymaster_enforcement.h"
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070044#include "keystore_utils.h"
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +010045#include <keystore/keystore_hidl_support.h>
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070046
Janis Danisevskis8f737ad2017-11-21 12:30:15 -080047#include <hardware/hw_auth_token.h>
48
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +010049namespace keystore {
Shawn Willdend5a24e62017-02-28 13:53:24 -070050
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +010051using namespace android;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070052
Shawn Willdene2a7b522017-04-11 09:27:40 -060053namespace {
54
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -070055using ::android::binder::Status;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -070056using android::security::KeystoreArg;
57using android::security::keymaster::ExportResult;
58using android::security::keymaster::KeymasterArguments;
59using android::security::keymaster::KeymasterBlob;
60using android::security::keymaster::KeymasterCertificateChain;
61using android::security::keymaster::OperationResult;
David Zeuthenc6eb7cd2017-11-27 11:33:55 -050062using ConfirmationResponseCode = android::hardware::confirmationui::V1_0::ResponseCode;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -070063
Shawn Willdene2a7b522017-04-11 09:27:40 -060064constexpr size_t kMaxOperations = 15;
65constexpr double kIdRotationPeriod = 30 * 24 * 60 * 60; /* Thirty days, in seconds */
66const char* kTimestampFilePath = "timestamp";
Rubin Xu1a203e32018-05-08 14:25:21 +010067const int ID_ATTESTATION_REQUEST_GENERIC_INFO = 1 << 0;
68const int ID_ATTESTATION_REQUEST_UNIQUE_DEVICE_ID = 1 << 1;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070069
70struct BIGNUM_Delete {
71 void operator()(BIGNUM* p) const { BN_free(p); }
72};
Janis Danisevskisccfff102017-05-01 11:02:51 -070073typedef std::unique_ptr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070074
Shawn Willdene2a7b522017-04-11 09:27:40 -060075bool containsTag(const hidl_vec<KeyParameter>& params, Tag tag) {
76 return params.end() != std::find_if(params.begin(), params.end(),
77 [&](auto& param) { return param.tag == tag; });
78}
79
Shawn Willdend5a24e62017-02-28 13:53:24 -070080bool isAuthenticationBound(const hidl_vec<KeyParameter>& params) {
81 return !containsTag(params, Tag::NO_AUTH_REQUIRED);
82}
83
Shawn Willdene2a7b522017-04-11 09:27:40 -060084std::pair<KeyStoreServiceReturnCode, bool> hadFactoryResetSinceIdRotation() {
85 struct stat sbuf;
86 if (stat(kTimestampFilePath, &sbuf) == 0) {
Yi Konge353f252018-07-30 01:38:39 -070087 double diff_secs = difftime(time(nullptr), sbuf.st_ctime);
Shawn Willdene2a7b522017-04-11 09:27:40 -060088 return {ResponseCode::NO_ERROR, diff_secs < kIdRotationPeriod};
89 }
90
91 if (errno != ENOENT) {
92 ALOGE("Failed to stat \"timestamp\" file, with error %d", errno);
93 return {ResponseCode::SYSTEM_ERROR, false /* don't care */};
94 }
95
96 int fd = creat(kTimestampFilePath, 0600);
97 if (fd < 0) {
98 ALOGE("Couldn't create \"timestamp\" file, with error %d", errno);
99 return {ResponseCode::SYSTEM_ERROR, false /* don't care */};
100 }
101
102 if (close(fd)) {
103 ALOGE("Couldn't close \"timestamp\" file, with error %d", errno);
104 return {ResponseCode::SYSTEM_ERROR, false /* don't care */};
105 }
106
107 return {ResponseCode::NO_ERROR, true};
108}
109
Eran Messeri03fc4c82018-08-16 18:53:15 +0100110using ::android::security::KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE;
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200111
112KeyStoreServiceReturnCode updateParamsForAttestation(uid_t callingUid, AuthorizationSet* params) {
113 KeyStoreServiceReturnCode responseCode;
114 bool factoryResetSinceIdRotation;
115 std::tie(responseCode, factoryResetSinceIdRotation) = hadFactoryResetSinceIdRotation();
116
117 if (!responseCode.isOk()) return responseCode;
118 if (factoryResetSinceIdRotation) params->push_back(TAG_RESET_SINCE_ID_ROTATION);
119
120 auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid);
121 if (!asn1_attestation_id_result.isOk()) {
122 ALOGE("failed to gather attestation_id");
123 return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
124 }
125 std::vector<uint8_t>& asn1_attestation_id = asn1_attestation_id_result;
126
127 /*
Eran Messeri03fc4c82018-08-16 18:53:15 +0100128 * The attestation application ID must not be longer than
129 * KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE, error out if gather_attestation_application_id
130 * returned such an invalid vector.
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200131 */
132 if (asn1_attestation_id.size() > KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE) {
Eran Messeri03fc4c82018-08-16 18:53:15 +0100133 ALOGE("BUG: Gathered Attestation Application ID is too big (%d)",
134 static_cast<int32_t>(asn1_attestation_id.size()));
135 return ErrorCode::CANNOT_ATTEST_IDS;
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +0200136 }
137
138 params->push_back(TAG_ATTESTATION_APPLICATION_ID, asn1_attestation_id);
139
140 return ResponseCode::NO_ERROR;
141}
142
Shawn Willdene2a7b522017-04-11 09:27:40 -0600143} // anonymous namespace
144
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700145void KeyStoreService::binderDied(const wp<IBinder>& who) {
146 auto operations = mOperationMap.getOperationsForToken(who.unsafe_get());
Chih-Hung Hsieh24b2a392016-07-28 10:35:24 -0700147 for (const auto& token : operations) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700148 int32_t unused_result;
149 abort(token, &unused_result);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700150 }
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500151 mConfirmationManager->binderDied(who);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700152}
153
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700154Status KeyStoreService::getState(int32_t userId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700155 if (!checkBinderPermission(P_GET_STATE)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700156 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
157 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700158 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700159 *aidl_return = mKeyStore->getState(userId);
160 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700161}
162
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700163Status KeyStoreService::get(const String16& name, int32_t uid, ::std::vector<uint8_t>* item) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700164 uid_t targetUid = getEffectiveUid(uid);
165 if (!checkBinderPermission(P_GET, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700166 // see keystore/keystore.h
167 return Status::fromServiceSpecificError(
168 static_cast<int32_t>(ResponseCode::PERMISSION_DENIED));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700169 }
170
171 String8 name8(name);
172 Blob keyBlob;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100173 KeyStoreServiceReturnCode rc =
174 mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_GENERIC);
175 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700176 *item = ::std::vector<uint8_t>();
177 // Return empty array if key is not found
178 // TODO: consider having returned value nullable or parse exception on the client.
179 return Status::fromServiceSpecificError(static_cast<int32_t>(rc));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700180 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100181 auto resultBlob = blob2hidlVec(keyBlob);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700182 // The static_cast here is needed to prevent a move, forcing a deep copy.
183 if (item) *item = static_cast<const hidl_vec<uint8_t>&>(blob2hidlVec(keyBlob));
184 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700185}
186
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700187Status KeyStoreService::insert(const String16& name, const ::std::vector<uint8_t>& item,
188 int targetUid, int32_t flags, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700189 targetUid = getEffectiveUid(targetUid);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700190 KeyStoreServiceReturnCode result =
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700191 checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, flags & KEYSTORE_FLAG_ENCRYPTED);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100192 if (!result.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700193 *aidl_return = static_cast<int32_t>(result);
194 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700195 }
196
197 String8 name8(name);
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400198 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_GENERIC));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700199
Yi Konge353f252018-07-30 01:38:39 -0700200 Blob keyBlob(&item[0], item.size(), nullptr, 0, ::TYPE_GENERIC);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700201 keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
202
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700203 *aidl_return =
204 static_cast<int32_t>(mKeyStore->put(filename.string(), &keyBlob, get_user_id(targetUid)));
205 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700206}
207
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700208Status KeyStoreService::del(const String16& name, int targetUid, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700209 targetUid = getEffectiveUid(targetUid);
210 if (!checkBinderPermission(P_DELETE, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700211 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
212 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700213 }
214 String8 name8(name);
Rubin Xu7675c9f2017-03-15 19:26:52 +0000215 ALOGI("del %s %d", name8.string(), targetUid);
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700216 auto filename = mKeyStore->getBlobFileNameIfExists(name8, targetUid, ::TYPE_ANY);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700217 if (!filename.isOk()) {
218 *aidl_return = static_cast<int32_t>(ResponseCode::KEY_NOT_FOUND);
219 return Status::ok();
220 }
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700221
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700222 ResponseCode result =
223 mKeyStore->del(filename.value().string(), ::TYPE_ANY, get_user_id(targetUid));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100224 if (result != ResponseCode::NO_ERROR) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700225 *aidl_return = static_cast<int32_t>(result);
226 return Status::ok();
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400227 }
228
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700229 filename = mKeyStore->getBlobFileNameIfExists(name8, targetUid, ::TYPE_KEY_CHARACTERISTICS);
230 if (filename.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700231 *aidl_return = static_cast<int32_t>(mKeyStore->del(
232 filename.value().string(), ::TYPE_KEY_CHARACTERISTICS, get_user_id(targetUid)));
233 return Status::ok();
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700234 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700235 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
236 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700237}
238
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700239Status KeyStoreService::exist(const String16& name, int targetUid, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700240 targetUid = getEffectiveUid(targetUid);
241 if (!checkBinderPermission(P_EXIST, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700242 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
243 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700244 }
245
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700246 auto filename = mKeyStore->getBlobFileNameIfExists(String8(name), targetUid, ::TYPE_ANY);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700247 *aidl_return = static_cast<int32_t>(filename.isOk() ? ResponseCode::NO_ERROR
248 : ResponseCode::KEY_NOT_FOUND);
249 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700250}
251
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700252Status KeyStoreService::list(const String16& prefix, int targetUid,
253 ::std::vector<::android::String16>* matches) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700254 targetUid = getEffectiveUid(targetUid);
255 if (!checkBinderPermission(P_LIST, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700256 return Status::fromServiceSpecificError(
257 static_cast<int32_t>(ResponseCode::PERMISSION_DENIED));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700258 }
259 const String8 prefix8(prefix);
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400260 String8 filename(mKeyStore->getKeyNameForUid(prefix8, targetUid, TYPE_ANY));
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700261 android::Vector<android::String16> matches_internal;
262 if (mKeyStore->list(filename, &matches_internal, get_user_id(targetUid)) !=
263 ResponseCode::NO_ERROR) {
264 return Status::fromServiceSpecificError(static_cast<int32_t>(ResponseCode::SYSTEM_ERROR));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700265 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700266 matches->clear();
267 for (size_t i = 0; i < matches_internal.size(); ++i) {
268 matches->push_back(matches_internal[i]);
269 }
270 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700271}
272
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700273Status KeyStoreService::reset(int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700274 if (!checkBinderPermission(P_RESET)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700275 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
276 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700277 }
278
279 uid_t callingUid = IPCThreadState::self()->getCallingUid();
280 mKeyStore->resetUser(get_user_id(callingUid), false);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700281 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
282 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700283}
284
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700285Status KeyStoreService::onUserPasswordChanged(int32_t userId, const String16& password,
286 int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700287 if (!checkBinderPermission(P_PASSWORD)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700288 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
289 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700290 }
291
292 const String8 password8(password);
293 // Flush the auth token table to prevent stale tokens from sticking
294 // around.
295 mAuthTokenTable.Clear();
296
297 if (password.size() == 0) {
298 ALOGI("Secure lockscreen for user %d removed, deleting encrypted entries", userId);
299 mKeyStore->resetUser(userId, true);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700300 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
301 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700302 } else {
303 switch (mKeyStore->getState(userId)) {
304 case ::STATE_UNINITIALIZED: {
305 // generate master key, encrypt with password, write to file,
306 // initialize mMasterKey*.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700307 *aidl_return = static_cast<int32_t>(mKeyStore->initializeUser(password8, userId));
308 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700309 }
310 case ::STATE_NO_ERROR: {
311 // rewrite master key with new password.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700312 *aidl_return = static_cast<int32_t>(mKeyStore->writeMasterKey(password8, userId));
313 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700314 }
315 case ::STATE_LOCKED: {
316 ALOGE("Changing user %d's password while locked, clearing old encryption", userId);
317 mKeyStore->resetUser(userId, true);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700318 *aidl_return = static_cast<int32_t>(mKeyStore->initializeUser(password8, userId));
319 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700320 }
321 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700322 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
323 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700324 }
325}
326
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700327Status KeyStoreService::onUserAdded(int32_t userId, int32_t parentId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700328 if (!checkBinderPermission(P_USER_CHANGED)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700329 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
330 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700331 }
332
333 // Sanity check that the new user has an empty keystore.
334 if (!mKeyStore->isEmpty(userId)) {
335 ALOGW("New user %d's keystore not empty. Clearing old entries.", userId);
336 }
337 // Unconditionally clear the keystore, just to be safe.
338 mKeyStore->resetUser(userId, false);
339 if (parentId != -1) {
340 // This profile must share the same master key password as the parent profile. Because the
341 // password of the parent profile is not known here, the best we can do is copy the parent's
342 // master key and master key file. This makes this profile use the same master key as the
343 // parent profile, forever.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700344 *aidl_return = static_cast<int32_t>(mKeyStore->copyMasterKey(parentId, userId));
345 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700346 } else {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700347 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
348 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700349 }
350}
351
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700352Status KeyStoreService::onUserRemoved(int32_t userId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700353 if (!checkBinderPermission(P_USER_CHANGED)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700354 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
355 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700356 }
357
358 mKeyStore->resetUser(userId, false);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700359 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
360 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700361}
362
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700363Status KeyStoreService::lock(int32_t userId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700364 if (!checkBinderPermission(P_LOCK)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700365 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
366 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700367 }
368
369 State state = mKeyStore->getState(userId);
370 if (state != ::STATE_NO_ERROR) {
371 ALOGD("calling lock in state: %d", state);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700372 *aidl_return = static_cast<int32_t>(ResponseCode(state));
373 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700374 }
375
Brian Young9a947d52018-02-23 18:03:14 +0000376 enforcement_policy.set_device_locked(true, userId);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700377 mKeyStore->lock(userId);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700378 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
379 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700380}
381
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700382Status KeyStoreService::unlock(int32_t userId, const String16& pw, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700383 if (!checkBinderPermission(P_UNLOCK)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700384 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
385 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700386 }
387
388 State state = mKeyStore->getState(userId);
389 if (state != ::STATE_LOCKED) {
390 switch (state) {
391 case ::STATE_NO_ERROR:
392 ALOGI("calling unlock when already unlocked, ignoring.");
393 break;
394 case ::STATE_UNINITIALIZED:
395 ALOGE("unlock called on uninitialized keystore.");
396 break;
397 default:
398 ALOGE("unlock called on keystore in unknown state: %d", state);
399 break;
400 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700401 *aidl_return = static_cast<int32_t>(ResponseCode(state));
402 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700403 }
404
Brian Young9a947d52018-02-23 18:03:14 +0000405 enforcement_policy.set_device_locked(false, userId);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700406 const String8 password8(pw);
407 // read master key, decrypt with password, initialize mMasterKey*.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700408 *aidl_return = static_cast<int32_t>(mKeyStore->readMasterKey(password8, userId));
409 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700410}
411
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700412Status KeyStoreService::isEmpty(int32_t userId, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700413 if (!checkBinderPermission(P_IS_EMPTY)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700414 *aidl_return = static_cast<int32_t>(false);
415 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700416 }
417
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700418 *aidl_return = static_cast<int32_t>(mKeyStore->isEmpty(userId));
419 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700420}
421
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700422Status KeyStoreService::generate(const String16& name, int32_t targetUid, int32_t keyType,
423 int32_t keySize, int32_t flags,
424 const ::android::security::KeystoreArguments& keystoreArgs,
425 int32_t* aidl_return) {
426 const Vector<sp<KeystoreArg>>* args = &(keystoreArgs.getArguments());
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700427 targetUid = getEffectiveUid(targetUid);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700428 KeyStoreServiceReturnCode result =
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700429 checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, flags & KEYSTORE_FLAG_ENCRYPTED);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100430 if (!result.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700431 *aidl_return = static_cast<int32_t>(result);
432 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700433 }
434
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100435 keystore::AuthorizationSet params;
436 add_legacy_key_authorizations(keyType, &params);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700437
438 switch (keyType) {
439 case EVP_PKEY_EC: {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100440 params.push_back(TAG_ALGORITHM, Algorithm::EC);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700441 if (keySize == -1) {
442 keySize = EC_DEFAULT_KEY_SIZE;
443 } else if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) {
444 ALOGI("invalid key size %d", keySize);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700445 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
446 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700447 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100448 params.push_back(TAG_KEY_SIZE, keySize);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700449 break;
450 }
451 case EVP_PKEY_RSA: {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100452 params.push_back(TAG_ALGORITHM, Algorithm::RSA);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700453 if (keySize == -1) {
454 keySize = RSA_DEFAULT_KEY_SIZE;
455 } else if (keySize < RSA_MIN_KEY_SIZE || keySize > RSA_MAX_KEY_SIZE) {
456 ALOGI("invalid key size %d", keySize);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700457 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
458 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700459 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100460 params.push_back(TAG_KEY_SIZE, keySize);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700461 unsigned long exponent = RSA_DEFAULT_EXPONENT;
462 if (args->size() > 1) {
463 ALOGI("invalid number of arguments: %zu", args->size());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700464 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
465 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700466 } else if (args->size() == 1) {
Chih-Hung Hsieh24b2a392016-07-28 10:35:24 -0700467 const sp<KeystoreArg>& expArg = args->itemAt(0);
Yi Konge353f252018-07-30 01:38:39 -0700468 if (expArg != nullptr) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700469 Unique_BIGNUM pubExpBn(BN_bin2bn(
Yi Konge353f252018-07-30 01:38:39 -0700470 reinterpret_cast<const unsigned char*>(expArg->data()), expArg->size(), nullptr));
471 if (pubExpBn.get() == nullptr) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700472 ALOGI("Could not convert public exponent to BN");
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700473 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
474 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700475 }
476 exponent = BN_get_word(pubExpBn.get());
477 if (exponent == 0xFFFFFFFFL) {
478 ALOGW("cannot represent public exponent as a long value");
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700479 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
480 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700481 }
482 } else {
483 ALOGW("public exponent not read");
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700484 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
485 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700486 }
487 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100488 params.push_back(TAG_RSA_PUBLIC_EXPONENT, exponent);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700489 break;
490 }
491 default: {
492 ALOGW("Unsupported key type %d", keyType);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700493 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
494 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700495 }
496 }
497
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700498 int32_t aidl_result;
499 android::security::keymaster::KeyCharacteristics unused_characteristics;
500 auto rc = generateKey(name, KeymasterArguments(params.hidl_data()), ::std::vector<uint8_t>(),
501 targetUid, flags, &unused_characteristics, &aidl_result);
502 if (!KeyStoreServiceReturnCode(aidl_result).isOk()) {
503 ALOGW("generate failed: %d", int32_t(aidl_result));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700504 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700505 *aidl_return = aidl_result;
506 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700507}
508
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700509Status KeyStoreService::import_key(const String16& name, const ::std::vector<uint8_t>& data,
510 int targetUid, int32_t flags, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700511
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100512 const uint8_t* ptr = &data[0];
513
Yi Konge353f252018-07-30 01:38:39 -0700514 Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(nullptr, &ptr, data.size()));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700515 if (!pkcs8.get()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700516 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
517 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700518 }
519 Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get()));
520 if (!pkey.get()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700521 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
522 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700523 }
524 int type = EVP_PKEY_type(pkey->type);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100525 AuthorizationSet params;
526 add_legacy_key_authorizations(type, &params);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700527 switch (type) {
528 case EVP_PKEY_RSA:
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100529 params.push_back(TAG_ALGORITHM, Algorithm::RSA);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700530 break;
531 case EVP_PKEY_EC:
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100532 params.push_back(TAG_ALGORITHM, Algorithm::EC);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700533 break;
534 default:
535 ALOGW("Unsupported key type %d", type);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700536 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
537 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700538 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100539
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700540 int import_result;
541 auto rc = importKey(name, KeymasterArguments(params.hidl_data()),
542 static_cast<int32_t>(KeyFormat::PKCS8), data, targetUid, flags,
Yi Konge353f252018-07-30 01:38:39 -0700543 /*outCharacteristics*/ nullptr, &import_result);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100544
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700545 if (!KeyStoreServiceReturnCode(import_result).isOk()) {
546 ALOGW("importKey failed: %d", int32_t(import_result));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700547 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700548 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
549 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700550}
551
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700552Status KeyStoreService::sign(const String16& name, const ::std::vector<uint8_t>& data,
553 ::std::vector<uint8_t>* out) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700554 if (!checkBinderPermission(P_SIGN)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700555 return Status::fromServiceSpecificError(
556 static_cast<int32_t>(ResponseCode::PERMISSION_DENIED));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700557 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700558 hidl_vec<uint8_t> legacy_out;
559 KeyStoreServiceReturnCode res =
560 doLegacySignVerify(name, data, &legacy_out, hidl_vec<uint8_t>(), KeyPurpose::SIGN);
Dmitry Dementyevec71e7b2018-03-29 14:22:52 -0700561 if (!res.isOk()) {
562 return Status::fromServiceSpecificError((res));
563 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700564 *out = legacy_out;
Dmitry Dementyevec71e7b2018-03-29 14:22:52 -0700565 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700566}
567
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700568Status KeyStoreService::verify(const String16& name, const ::std::vector<uint8_t>& data,
569 const ::std::vector<uint8_t>& signature, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700570 if (!checkBinderPermission(P_VERIFY)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700571 return Status::fromServiceSpecificError(
572 static_cast<int32_t>(ResponseCode::PERMISSION_DENIED));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700573 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700574 *aidl_return = static_cast<int32_t>(
575 doLegacySignVerify(name, data, nullptr, signature, KeyPurpose::VERIFY));
576 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700577}
578
579/*
580 * TODO: The abstraction between things stored in hardware and regular blobs
581 * of data stored on the filesystem should be moved down to keystore itself.
582 * Unfortunately the Java code that calls this has naming conventions that it
583 * knows about. Ideally keystore shouldn't be used to store random blobs of
584 * data.
585 *
586 * Until that happens, it's necessary to have a separate "get_pubkey" and
587 * "del_key" since the Java code doesn't really communicate what it's
588 * intentions are.
589 */
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700590Status KeyStoreService::get_pubkey(const String16& name, ::std::vector<uint8_t>* pubKey) {
591 android::security::keymaster::ExportResult result;
592 KeymasterBlob clientId;
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -0800593 KeymasterBlob appData;
594 exportKey(name, static_cast<int32_t>(KeyFormat::X509), clientId, appData, UID_SELF, &result);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100595 if (!result.resultCode.isOk()) {
596 ALOGW("export failed: %d", int32_t(result.resultCode));
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700597 return Status::fromServiceSpecificError(static_cast<int32_t>(result.resultCode));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700598 }
599
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100600 if (pubKey) *pubKey = std::move(result.exportData);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700601 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700602}
603
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700604Status KeyStoreService::grant(const String16& name, int32_t granteeUid,
605 ::android::String16* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700606 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Bo Zhu91de6db2018-03-20 12:52:13 -0700607 auto result =
608 checkBinderPermissionAndKeystoreState(P_GRANT, /*targetUid=*/-1, /*checkUnlocked=*/false);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100609 if (!result.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700610 *aidl_return = String16();
611 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700612 }
613
614 String8 name8(name);
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400615 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid, ::TYPE_ANY));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700616
617 if (access(filename.string(), R_OK) == -1) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700618 *aidl_return = String16();
619 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700620 }
621
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700622 *aidl_return =
623 String16(mKeyStore->addGrant(String8(name).string(), callingUid, granteeUid).c_str());
624 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700625}
626
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700627Status KeyStoreService::ungrant(const String16& name, int32_t granteeUid, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700628 uid_t callingUid = IPCThreadState::self()->getCallingUid();
Bo Zhu91de6db2018-03-20 12:52:13 -0700629 KeyStoreServiceReturnCode result =
630 checkBinderPermissionAndKeystoreState(P_GRANT, /*targetUid=*/-1, /*checkUnlocked=*/false);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100631 if (!result.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700632 *aidl_return = static_cast<int32_t>(result);
633 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700634 }
635
636 String8 name8(name);
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400637 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid, ::TYPE_ANY));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700638
639 if (access(filename.string(), R_OK) == -1) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700640 *aidl_return = static_cast<int32_t>((errno != ENOENT) ? ResponseCode::SYSTEM_ERROR
641 : ResponseCode::KEY_NOT_FOUND);
642 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700643 }
644
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700645 *aidl_return = static_cast<int32_t>(mKeyStore->removeGrant(name8, callingUid, granteeUid)
646 ? ResponseCode::NO_ERROR
647 : ResponseCode::KEY_NOT_FOUND);
648 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700649}
650
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700651Status KeyStoreService::getmtime(const String16& name, int32_t uid, int64_t* time) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700652 uid_t targetUid = getEffectiveUid(uid);
653 if (!checkBinderPermission(P_GET, targetUid)) {
654 ALOGW("permission denied for %d: getmtime", targetUid);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700655 *time = -1L;
656 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700657 }
658
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700659 auto filename = mKeyStore->getBlobFileNameIfExists(String8(name), targetUid, ::TYPE_ANY);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700660
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700661 if (!filename.isOk()) {
662 ALOGW("could not access %s for getmtime", filename.value().string());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700663 *time = -1L;
664 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700665 }
666
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700667 int fd = TEMP_FAILURE_RETRY(open(filename.value().string(), O_NOFOLLOW, O_RDONLY));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700668 if (fd < 0) {
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700669 ALOGW("could not open %s for getmtime", filename.value().string());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700670 *time = -1L;
671 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700672 }
673
674 struct stat s;
675 int ret = fstat(fd, &s);
676 close(fd);
677 if (ret == -1) {
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700678 ALOGW("could not stat %s for getmtime", filename.value().string());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700679 *time = -1L;
680 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700681 }
682
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700683 *time = static_cast<int64_t>(s.st_mtime);
684 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700685}
686
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700687Status KeyStoreService::is_hardware_backed(const String16& keyType, int32_t* aidl_return) {
688 *aidl_return = static_cast<int32_t>(mKeyStore->isHardwareBacked(keyType) ? 1 : 0);
689 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700690}
691
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700692Status KeyStoreService::clear_uid(int64_t targetUid64, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700693 uid_t targetUid = getEffectiveUid(targetUid64);
694 if (!checkBinderPermissionSelfOrSystem(P_CLEAR_UID, targetUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700695 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
696 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700697 }
Rubin Xu7675c9f2017-03-15 19:26:52 +0000698 ALOGI("clear_uid %" PRId64, targetUid64);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700699
Janis Danisevskisaf7783f2017-09-21 11:29:47 -0700700 mKeyStore->removeAllGrantsToUid(targetUid);
701
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700702 String8 prefix = String8::format("%u_", targetUid);
703 Vector<String16> aliases;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100704 if (mKeyStore->list(prefix, &aliases, get_user_id(targetUid)) != ResponseCode::NO_ERROR) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700705 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
706 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700707 }
708
709 for (uint32_t i = 0; i < aliases.size(); i++) {
710 String8 name8(aliases[i]);
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400711 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_ANY));
Rubin Xu85c85e92017-04-26 20:07:30 +0100712
713 if (get_app_id(targetUid) == AID_SYSTEM) {
714 Blob keyBlob;
715 ResponseCode responseCode =
716 mKeyStore->get(filename.string(), &keyBlob, ::TYPE_ANY, get_user_id(targetUid));
717 if (responseCode == ResponseCode::NO_ERROR && keyBlob.isCriticalToDeviceEncryption()) {
718 // Do not clear keys critical to device encryption under system uid.
719 continue;
720 }
721 }
722
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700723 mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(targetUid));
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400724
725 // del() will fail silently if no cached characteristics are present for this alias.
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100726 String8 chr_filename(
727 mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_KEY_CHARACTERISTICS));
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400728 mKeyStore->del(chr_filename.string(), ::TYPE_KEY_CHARACTERISTICS, get_user_id(targetUid));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700729 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700730 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
731 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700732}
733
Janis Danisevskisc1460142017-12-18 16:48:46 -0800734Status KeyStoreService::addRngEntropy(const ::std::vector<uint8_t>& entropy, int32_t flags,
735 int32_t* aidl_return) {
736 auto device = mKeyStore->getDevice(flagsToSecurityLevel(flags));
737 if (!device) {
738 *aidl_return = static_cast<int32_t>(ErrorCode::HARDWARE_TYPE_UNAVAILABLE);
739 } else {
740 *aidl_return = static_cast<int32_t>(
741 KeyStoreServiceReturnCode(KS_HANDLE_HIDL_ERROR(device->addRngEntropy(entropy))));
742 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700743 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700744}
745
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700746Status
747KeyStoreService::generateKey(const String16& name, const KeymasterArguments& params,
748 const ::std::vector<uint8_t>& entropy, int uid, int flags,
749 android::security::keymaster::KeyCharacteristics* outCharacteristics,
750 int32_t* aidl_return) {
Max Biresef4f0672017-11-29 14:38:48 -0800751 // TODO(jbires): remove this getCallingUid call upon implementation of b/25646100
752 uid_t originalUid = IPCThreadState::self()->getCallingUid();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700753 uid = getEffectiveUid(uid);
Pavel Grafovff311b42018-01-24 20:34:37 +0000754 auto logOnScopeExit = android::base::make_scope_guard([&] {
755 if (__android_log_security()) {
756 android_log_event_list(SEC_TAG_AUTH_KEY_GENERATED)
757 << int32_t(*aidl_return == static_cast<int32_t>(ResponseCode::NO_ERROR))
758 << String8(name) << int32_t(uid) << LOG_ID_SECURITY;
759 }
760 });
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100761 KeyStoreServiceReturnCode rc =
762 checkBinderPermissionAndKeystoreState(P_INSERT, uid, flags & KEYSTORE_FLAG_ENCRYPTED);
763 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700764 *aidl_return = static_cast<int32_t>(rc);
765 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700766 }
Rubin Xu67899de2017-04-21 19:15:13 +0100767 if ((flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION) && get_app_id(uid) != AID_SYSTEM) {
768 ALOGE("Non-system uid %d cannot set FLAG_CRITICAL_TO_DEVICE_ENCRYPTION", uid);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700769 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
770 return Status::ok();
Rubin Xu67899de2017-04-21 19:15:13 +0100771 }
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700772
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700773 if (containsTag(params.getParameters(), Tag::INCLUDE_UNIQUE_ID)) {
Shawn Willdenda6dcc32017-12-03 14:56:05 -0700774 // TODO(jbires): remove uid checking upon implementation of b/25646100
Max Bires670467d2017-12-12 11:16:43 -0800775 if (!checkBinderPermission(P_GEN_UNIQUE_ID) ||
Max Biresef4f0672017-11-29 14:38:48 -0800776 originalUid != IPCThreadState::self()->getCallingUid()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700777 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
778 return Status::ok();
779 }
Shawn Willdene2a7b522017-04-11 09:27:40 -0600780 }
781
Janis Danisevskisc1460142017-12-18 16:48:46 -0800782 SecurityLevel securityLevel = flagsToSecurityLevel(flags);
783 auto dev = mKeyStore->getDevice(securityLevel);
784 if (!dev) {
785 *aidl_return = static_cast<int32_t>(ErrorCode::HARDWARE_TYPE_UNAVAILABLE);
786 return Status::ok();
787 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700788 AuthorizationSet keyCharacteristics = params.getParameters();
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400789
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700790 // TODO: Seed from Linux RNG before this.
Janis Danisevskisc1460142017-12-18 16:48:46 -0800791 rc = KS_HANDLE_HIDL_ERROR(dev->addRngEntropy(entropy));
792 if (!rc.isOk()) {
793 *aidl_return = static_cast<int32_t>(rc);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700794 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700795 }
796
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100797 KeyStoreServiceReturnCode error;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700798 auto hidl_cb = [&](ErrorCode ret, const ::std::vector<uint8_t>& hidlKeyBlob,
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100799 const KeyCharacteristics& keyCharacteristics) {
800 error = ret;
801 if (!error.isOk()) {
802 return;
803 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700804 if (outCharacteristics)
805 *outCharacteristics =
806 ::android::security::keymaster::KeyCharacteristics(keyCharacteristics);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700807
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100808 // Write the key
809 String8 name8(name);
810 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEYMASTER_10));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700811
Yi Konge353f252018-07-30 01:38:39 -0700812 Blob keyBlob(&hidlKeyBlob[0], hidlKeyBlob.size(), nullptr, 0, ::TYPE_KEYMASTER_10);
Janis Danisevskisc1460142017-12-18 16:48:46 -0800813 keyBlob.setSecurityLevel(securityLevel);
Rubin Xu67899de2017-04-21 19:15:13 +0100814 keyBlob.setCriticalToDeviceEncryption(flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700815 if (isAuthenticationBound(params.getParameters()) &&
816 !keyBlob.isCriticalToDeviceEncryption()) {
Shawn Willdend5a24e62017-02-28 13:53:24 -0700817 keyBlob.setSuperEncrypted(true);
818 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100819 keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700820
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100821 error = mKeyStore->put(filename.string(), &keyBlob, get_user_id(uid));
822 };
823
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700824 rc = KS_HANDLE_HIDL_ERROR(dev->generateKey(params.getParameters(), hidl_cb));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100825 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700826 *aidl_return = static_cast<int32_t>(rc);
827 return Status::ok();
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400828 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100829 if (!error.isOk()) {
830 ALOGE("Failed to generate key -> falling back to software keymaster");
Max Bires33aac2d2018-02-23 10:53:10 -0800831 uploadKeyCharacteristicsAsProto(params.getParameters(), false /* wasCreationSuccessful */);
Janis Danisevskisc1460142017-12-18 16:48:46 -0800832 securityLevel = SecurityLevel::SOFTWARE;
Janis Danisevskis4a1da2f2018-03-26 15:02:38 -0700833
834 // No fall back for 3DES
835 for (auto& param : params.getParameters()) {
836 auto algorithm = authorizationValue(TAG_ALGORITHM, param);
837 if (algorithm.isOk() && algorithm.value() == Algorithm::TRIPLE_DES) {
838 *aidl_return = static_cast<int32_t>(ErrorCode::UNSUPPORTED_ALGORITHM);
839 return Status::ok();
840 }
841 }
842
Janis Danisevskise8ba1802017-01-30 10:49:51 +0000843 auto fallback = mKeyStore->getFallbackDevice();
Janis Danisevskisc1460142017-12-18 16:48:46 -0800844 if (!fallback) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700845 *aidl_return = static_cast<int32_t>(error);
846 return Status::ok();
Janis Danisevskise8ba1802017-01-30 10:49:51 +0000847 }
Janis Danisevskisc1460142017-12-18 16:48:46 -0800848 rc = KS_HANDLE_HIDL_ERROR(fallback->generateKey(params.getParameters(), hidl_cb));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100849 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700850 *aidl_return = static_cast<int32_t>(rc);
851 return Status::ok();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100852 }
853 if (!error.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700854 *aidl_return = static_cast<int32_t>(error);
855 return Status::ok();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100856 }
Max Bires33aac2d2018-02-23 10:53:10 -0800857 } else {
858 uploadKeyCharacteristicsAsProto(params.getParameters(), true /* wasCreationSuccessful */);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100859 }
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400860
Brian C. Young78daac22018-03-31 15:02:34 -0700861 if (!containsTag(params.getParameters(), Tag::USER_ID)) {
862 // Most Java processes don't have access to this tag
863 KeyParameter user_id;
864 user_id.tag = Tag::USER_ID;
865 user_id.f.integer = mActiveUserId;
866 keyCharacteristics.push_back(user_id);
867 }
868
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400869 // Write the characteristics:
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100870 String8 name8(name);
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400871 String8 cFilename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEY_CHARACTERISTICS));
872
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100873 std::stringstream kc_stream;
874 keyCharacteristics.Serialize(&kc_stream);
875 if (kc_stream.bad()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700876 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
877 return Status::ok();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100878 }
879 auto kc_buf = kc_stream.str();
Yi Konge353f252018-07-30 01:38:39 -0700880 Blob charBlob(reinterpret_cast<const uint8_t*>(kc_buf.data()), kc_buf.size(), nullptr, 0,
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100881 ::TYPE_KEY_CHARACTERISTICS);
Janis Danisevskisc1460142017-12-18 16:48:46 -0800882 charBlob.setSecurityLevel(securityLevel);
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400883 charBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
884
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700885 *aidl_return =
886 static_cast<int32_t>(mKeyStore->put(cFilename.string(), &charBlob, get_user_id(uid)));
887 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700888}
889
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700890Status KeyStoreService::getKeyCharacteristics(
891 const String16& name, const ::android::security::keymaster::KeymasterBlob& clientId,
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -0800892 const ::android::security::keymaster::KeymasterBlob& appData, int32_t uid,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700893 ::android::security::keymaster::KeyCharacteristics* outCharacteristics, int32_t* aidl_return) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700894 if (!outCharacteristics) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700895 *aidl_return =
896 static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::UNEXPECTED_NULL_POINTER));
897 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700898 }
899
900 uid_t targetUid = getEffectiveUid(uid);
901 uid_t callingUid = IPCThreadState::self()->getCallingUid();
902 if (!is_granted_to(callingUid, targetUid)) {
903 ALOGW("uid %d not permitted to act for uid %d in getKeyCharacteristics", callingUid,
904 targetUid);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700905 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
906 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700907 }
908
909 Blob keyBlob;
910 String8 name8(name);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700911
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100912 KeyStoreServiceReturnCode rc =
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700913 mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_KEYMASTER_10);
Janis Danisevskisd714a672017-09-01 14:31:36 -0700914 if (rc == ResponseCode::UNINITIALIZED) {
915 /*
916 * If we fail reading the blob because the master key is missing we try to retrieve the
917 * key characteristics from the characteristics file. This happens when auth-bound
918 * keys are used after a screen lock has been removed by the user.
919 */
920 rc = mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_KEY_CHARACTERISTICS);
921 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700922 *aidl_return = static_cast<int32_t>(rc);
923 return Status::ok();
Janis Danisevskisd714a672017-09-01 14:31:36 -0700924 }
925 AuthorizationSet keyCharacteristics;
926 // TODO write one shot stream buffer to avoid copying (twice here)
927 std::string charBuffer(reinterpret_cast<const char*>(keyBlob.getValue()),
928 keyBlob.getLength());
929 std::stringstream charStream(charBuffer);
930 keyCharacteristics.Deserialize(&charStream);
931
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700932 outCharacteristics->softwareEnforced = KeymasterArguments(keyCharacteristics.hidl_data());
933 *aidl_return = static_cast<int32_t>(rc);
934 return Status::ok();
Janis Danisevskisd714a672017-09-01 14:31:36 -0700935 } else if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700936 *aidl_return = static_cast<int32_t>(rc);
937 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700938 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100939
940 auto hidlKeyBlob = blob2hidlVec(keyBlob);
Janis Danisevskisc1460142017-12-18 16:48:46 -0800941 auto dev = mKeyStore->getDevice(keyBlob);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100942
943 KeyStoreServiceReturnCode error;
944
945 auto hidlCb = [&](ErrorCode ret, const KeyCharacteristics& keyCharacteristics) {
946 error = ret;
947 if (!error.isOk()) {
Pavel Grafovcef39472018-02-12 18:45:02 +0000948 if (error == ErrorCode::INVALID_KEY_BLOB) {
949 log_key_integrity_violation(name8, targetUid);
950 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100951 return;
Shawn Willden98c59162016-03-20 09:10:18 -0600952 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700953 *outCharacteristics =
954 ::android::security::keymaster::KeyCharacteristics(keyCharacteristics);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100955 };
956
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700957 rc = KS_HANDLE_HIDL_ERROR(
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -0800958 dev->getKeyCharacteristics(hidlKeyBlob, clientId.getData(), appData.getData(), hidlCb));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100959 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700960 *aidl_return = static_cast<int32_t>(rc);
961 return Status::ok();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100962 }
963
964 if (error == ErrorCode::KEY_REQUIRES_UPGRADE) {
965 AuthorizationSet upgradeParams;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700966 if (clientId.getData().size()) {
967 upgradeParams.push_back(TAG_APPLICATION_ID, clientId.getData());
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100968 }
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -0800969 if (appData.getData().size()) {
970 upgradeParams.push_back(TAG_APPLICATION_DATA, appData.getData());
Shawn Willden98c59162016-03-20 09:10:18 -0600971 }
972 rc = upgradeKeyBlob(name, targetUid, upgradeParams, &keyBlob);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100973 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700974 *aidl_return = static_cast<int32_t>(rc);
975 return Status::ok();
Shawn Willden98c59162016-03-20 09:10:18 -0600976 }
Shawn Willden715d0232016-01-21 00:45:13 -0700977
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100978 auto upgradedHidlKeyBlob = blob2hidlVec(keyBlob);
979
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700980 rc = KS_HANDLE_HIDL_ERROR(dev->getKeyCharacteristics(
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -0800981 upgradedHidlKeyBlob, clientId.getData(), appData.getData(), hidlCb));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100982 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700983 *aidl_return = static_cast<int32_t>(rc);
984 return Status::ok();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100985 }
986 // Note that, on success, "error" will have been updated by the hidlCB callback.
987 // So it is fine to return "error" below.
988 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700989 *aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(error));
990 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700991}
992
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700993Status
994KeyStoreService::importKey(const String16& name, const KeymasterArguments& params, int32_t format,
995 const ::std::vector<uint8_t>& keyData, int uid, int flags,
996 ::android::security::keymaster::KeyCharacteristics* outCharacteristics,
997 int32_t* aidl_return) {
998
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700999 uid = getEffectiveUid(uid);
Pavel Grafovff311b42018-01-24 20:34:37 +00001000 auto logOnScopeExit = android::base::make_scope_guard([&] {
1001 if (__android_log_security()) {
1002 android_log_event_list(SEC_TAG_KEY_IMPORTED)
1003 << int32_t(*aidl_return == static_cast<int32_t>(ResponseCode::NO_ERROR))
1004 << String8(name) << int32_t(uid) << LOG_ID_SECURITY;
1005 }
1006 });
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001007 KeyStoreServiceReturnCode rc =
1008 checkBinderPermissionAndKeystoreState(P_INSERT, uid, flags & KEYSTORE_FLAG_ENCRYPTED);
1009 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001010 *aidl_return = static_cast<int32_t>(rc);
1011 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001012 }
Rubin Xu67899de2017-04-21 19:15:13 +01001013 if ((flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION) && get_app_id(uid) != AID_SYSTEM) {
1014 ALOGE("Non-system uid %d cannot set FLAG_CRITICAL_TO_DEVICE_ENCRYPTION", uid);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001015 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
1016 return Status::ok();
Rubin Xu67899de2017-04-21 19:15:13 +01001017 }
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001018
Janis Danisevskisc1460142017-12-18 16:48:46 -08001019 SecurityLevel securityLevel = flagsToSecurityLevel(flags);
1020 auto dev = mKeyStore->getDevice(securityLevel);
1021 if (!dev) {
1022 *aidl_return = static_cast<int32_t>(ErrorCode::HARDWARE_TYPE_UNAVAILABLE);
1023 return Status::ok();
1024 }
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001025
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001026 String8 name8(name);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001027
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001028 KeyStoreServiceReturnCode error;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001029
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001030 auto hidlCb = [&](ErrorCode ret, const ::std::vector<uint8_t>& keyBlob,
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001031 const KeyCharacteristics& keyCharacteristics) {
1032 error = ret;
1033 if (!error.isOk()) {
1034 return;
1035 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001036 if (outCharacteristics)
1037 *outCharacteristics =
1038 ::android::security::keymaster::KeyCharacteristics(keyCharacteristics);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001039
1040 // Write the key:
1041 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEYMASTER_10));
1042
Yi Konge353f252018-07-30 01:38:39 -07001043 Blob ksBlob(&keyBlob[0], keyBlob.size(), nullptr, 0, ::TYPE_KEYMASTER_10);
Janis Danisevskisc1460142017-12-18 16:48:46 -08001044 ksBlob.setSecurityLevel(securityLevel);
Rubin Xu67899de2017-04-21 19:15:13 +01001045 ksBlob.setCriticalToDeviceEncryption(flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001046 if (isAuthenticationBound(params.getParameters()) &&
1047 !ksBlob.isCriticalToDeviceEncryption()) {
Shawn Willdend5a24e62017-02-28 13:53:24 -07001048 ksBlob.setSuperEncrypted(true);
1049 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001050 ksBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
1051
1052 error = mKeyStore->put(filename.string(), &ksBlob, get_user_id(uid));
1053 };
1054
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001055 rc = KS_HANDLE_HIDL_ERROR(
1056 dev->importKey(params.getParameters(), KeyFormat(format), keyData, hidlCb));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001057 // possible hidl error
1058 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001059 *aidl_return = static_cast<int32_t>(rc);
1060 return Status::ok();
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -04001061 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001062 // now check error from callback
1063 if (!error.isOk()) {
1064 ALOGE("Failed to import key -> falling back to software keymaster");
Max Bires33aac2d2018-02-23 10:53:10 -08001065 uploadKeyCharacteristicsAsProto(params.getParameters(), false /* wasCreationSuccessful */);
Janis Danisevskisc1460142017-12-18 16:48:46 -08001066 securityLevel = SecurityLevel::SOFTWARE;
Janis Danisevskis4a1da2f2018-03-26 15:02:38 -07001067
1068 // No fall back for 3DES
1069 for (auto& param : params.getParameters()) {
1070 auto algorithm = authorizationValue(TAG_ALGORITHM, param);
1071 if (algorithm.isOk() && algorithm.value() == Algorithm::TRIPLE_DES) {
1072 *aidl_return = static_cast<int32_t>(ErrorCode::UNSUPPORTED_ALGORITHM);
1073 return Status::ok();
1074 }
1075 }
1076
Janis Danisevskise8ba1802017-01-30 10:49:51 +00001077 auto fallback = mKeyStore->getFallbackDevice();
Janis Danisevskisc1460142017-12-18 16:48:46 -08001078 if (!fallback) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001079 *aidl_return = static_cast<int32_t>(error);
1080 return Status::ok();
Janis Danisevskise8ba1802017-01-30 10:49:51 +00001081 }
Janis Danisevskisc1460142017-12-18 16:48:46 -08001082 rc = KS_HANDLE_HIDL_ERROR(
1083 fallback->importKey(params.getParameters(), KeyFormat(format), keyData, hidlCb));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001084 // possible hidl error
1085 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001086 *aidl_return = static_cast<int32_t>(rc);
1087 return Status::ok();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001088 }
1089 // now check error from callback
1090 if (!error.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001091 *aidl_return = static_cast<int32_t>(error);
1092 return Status::ok();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001093 }
Max Bires33aac2d2018-02-23 10:53:10 -08001094 } else {
1095 uploadKeyCharacteristicsAsProto(params.getParameters(), true /* wasCreationSuccessful */);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001096 }
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -04001097
1098 // Write the characteristics:
1099 String8 cFilename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEY_CHARACTERISTICS));
1100
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001101 AuthorizationSet opParams = params.getParameters();
Brian C. Young78daac22018-03-31 15:02:34 -07001102 if (!containsTag(params.getParameters(), Tag::USER_ID)) {
1103 // Most Java processes don't have access to this tag
1104 KeyParameter user_id;
1105 user_id.tag = Tag::USER_ID;
1106 user_id.f.integer = mActiveUserId;
1107 opParams.push_back(user_id);
1108 }
1109
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001110 std::stringstream kcStream;
1111 opParams.Serialize(&kcStream);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001112 if (kcStream.bad()) {
1113 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
1114 return Status::ok();
1115 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001116 auto kcBuf = kcStream.str();
1117
Yi Konge353f252018-07-30 01:38:39 -07001118 Blob charBlob(reinterpret_cast<const uint8_t*>(kcBuf.data()), kcBuf.size(), nullptr, 0,
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001119 ::TYPE_KEY_CHARACTERISTICS);
Janis Danisevskisc1460142017-12-18 16:48:46 -08001120 charBlob.setSecurityLevel(securityLevel);
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -04001121 charBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
1122
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001123 *aidl_return =
1124 static_cast<int32_t>(mKeyStore->put(cFilename.string(), &charBlob, get_user_id(uid)));
1125
1126 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001127}
1128
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001129Status KeyStoreService::exportKey(const String16& name, int32_t format,
1130 const ::android::security::keymaster::KeymasterBlob& clientId,
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -08001131 const ::android::security::keymaster::KeymasterBlob& appData,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001132 int32_t uid, ExportResult* result) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001133
1134 uid_t targetUid = getEffectiveUid(uid);
1135 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1136 if (!is_granted_to(callingUid, targetUid)) {
1137 ALOGW("uid %d not permitted to act for uid %d in exportKey", callingUid, targetUid);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001138 result->resultCode = ResponseCode::PERMISSION_DENIED;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001139 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001140 }
1141
1142 Blob keyBlob;
1143 String8 name8(name);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001144
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001145 result->resultCode = mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_KEYMASTER_10);
1146 if (!result->resultCode.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001147 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001148 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001149
1150 auto key = blob2hidlVec(keyBlob);
Janis Danisevskisc1460142017-12-18 16:48:46 -08001151 auto dev = mKeyStore->getDevice(keyBlob);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001152
1153 auto hidlCb = [&](ErrorCode ret, const ::android::hardware::hidl_vec<uint8_t>& keyMaterial) {
1154 result->resultCode = ret;
1155 if (!result->resultCode.isOk()) {
Pavel Grafovcef39472018-02-12 18:45:02 +00001156 if (result->resultCode == ErrorCode::INVALID_KEY_BLOB) {
1157 log_key_integrity_violation(name8, targetUid);
1158 }
Ji Wang2c142312016-10-14 17:21:10 +08001159 return;
1160 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001161 result->exportData = keyMaterial;
1162 };
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001163 KeyStoreServiceReturnCode rc = KS_HANDLE_HIDL_ERROR(
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -08001164 dev->exportKey(KeyFormat(format), key, clientId.getData(), appData.getData(), hidlCb));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001165 // Overwrite result->resultCode only on HIDL error. Otherwise we want the result set in the
1166 // callback hidlCb.
1167 if (!rc.isOk()) {
1168 result->resultCode = rc;
Ji Wang2c142312016-10-14 17:21:10 +08001169 }
1170
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001171 if (result->resultCode == ErrorCode::KEY_REQUIRES_UPGRADE) {
1172 AuthorizationSet upgradeParams;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001173 if (clientId.getData().size()) {
1174 upgradeParams.push_back(TAG_APPLICATION_ID, clientId.getData());
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001175 }
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -08001176 if (appData.getData().size()) {
1177 upgradeParams.push_back(TAG_APPLICATION_DATA, appData.getData());
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001178 }
1179 result->resultCode = upgradeKeyBlob(name, targetUid, upgradeParams, &keyBlob);
1180 if (!result->resultCode.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001181 return Status::ok();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001182 }
1183
1184 auto upgradedHidlKeyBlob = blob2hidlVec(keyBlob);
1185
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001186 result->resultCode = KS_HANDLE_HIDL_ERROR(dev->exportKey(
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -08001187 KeyFormat(format), upgradedHidlKeyBlob, clientId.getData(), appData.getData(), hidlCb));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001188 if (!result->resultCode.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001189 return Status::ok();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001190 }
1191 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001192 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001193}
1194
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001195Status KeyStoreService::begin(const sp<IBinder>& appToken, const String16& name, int32_t purpose,
1196 bool pruneable, const KeymasterArguments& params,
1197 const ::std::vector<uint8_t>& entropy, int32_t uid,
1198 OperationResult* result) {
Shawn Willden0329a822017-12-04 13:55:14 -07001199 auto keyPurpose = static_cast<KeyPurpose>(purpose);
1200
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001201 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1202 uid_t targetUid = getEffectiveUid(uid);
1203 if (!is_granted_to(callingUid, targetUid)) {
1204 ALOGW("uid %d not permitted to act for uid %d in begin", callingUid, targetUid);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001205 result->resultCode = ResponseCode::PERMISSION_DENIED;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001206 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001207 }
1208 if (!pruneable && get_app_id(callingUid) != AID_SYSTEM) {
1209 ALOGE("Non-system uid %d trying to start non-pruneable operation", callingUid);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001210 result->resultCode = ResponseCode::PERMISSION_DENIED;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001211 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001212 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001213 if (!checkAllowedOperationParams(params.getParameters())) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001214 result->resultCode = ErrorCode::INVALID_ARGUMENT;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001215 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001216 }
Shawn Willden0329a822017-12-04 13:55:14 -07001217
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001218 Blob keyBlob;
1219 String8 name8(name);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001220 result->resultCode = mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_KEYMASTER_10);
Shawn Willdend5a24e62017-02-28 13:53:24 -07001221 if (result->resultCode == ResponseCode::LOCKED && keyBlob.isSuperEncrypted()) {
1222 result->resultCode = ErrorCode::KEY_USER_NOT_AUTHENTICATED;
1223 }
Shawn Willden0329a822017-12-04 13:55:14 -07001224 if (!result->resultCode.isOk()) return Status::ok();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001225
1226 auto key = blob2hidlVec(keyBlob);
Janis Danisevskisc1460142017-12-18 16:48:46 -08001227 auto dev = mKeyStore->getDevice(keyBlob);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001228 AuthorizationSet opParams = params.getParameters();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001229 KeyCharacteristics characteristics;
1230 result->resultCode = getOperationCharacteristics(key, &dev, opParams, &characteristics);
1231
1232 if (result->resultCode == ErrorCode::KEY_REQUIRES_UPGRADE) {
1233 result->resultCode = upgradeKeyBlob(name, targetUid, opParams, &keyBlob);
1234 if (!result->resultCode.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001235 return Status::ok();
Shawn Willden98c59162016-03-20 09:10:18 -06001236 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001237 key = blob2hidlVec(keyBlob);
1238 result->resultCode = getOperationCharacteristics(key, &dev, opParams, &characteristics);
Shawn Willden98c59162016-03-20 09:10:18 -06001239 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001240 if (!result->resultCode.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001241 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001242 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001243
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -04001244 // Merge these characteristics with the ones cached when the key was generated or imported
1245 Blob charBlob;
1246 AuthorizationSet persistedCharacteristics;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001247 result->resultCode =
1248 mKeyStore->getKeyForName(&charBlob, name8, targetUid, TYPE_KEY_CHARACTERISTICS);
1249 if (result->resultCode.isOk()) {
1250 // TODO write one shot stream buffer to avoid copying (twice here)
1251 std::string charBuffer(reinterpret_cast<const char*>(charBlob.getValue()),
1252 charBlob.getLength());
1253 std::stringstream charStream(charBuffer);
1254 persistedCharacteristics.Deserialize(&charStream);
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -04001255 } else {
1256 ALOGD("Unable to read cached characteristics for key");
1257 }
1258
1259 // Replace the sw_enforced set with those persisted to disk, minus hw_enforced
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001260 AuthorizationSet softwareEnforced = characteristics.softwareEnforced;
Shawn Willden0329a822017-12-04 13:55:14 -07001261 AuthorizationSet hardwareEnforced = characteristics.hardwareEnforced;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001262 persistedCharacteristics.Union(softwareEnforced);
Shawn Willden0329a822017-12-04 13:55:14 -07001263 persistedCharacteristics.Subtract(hardwareEnforced);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001264 characteristics.softwareEnforced = persistedCharacteristics.hidl_data();
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -04001265
Shawn Willden0329a822017-12-04 13:55:14 -07001266 KeyStoreServiceReturnCode authResult;
1267 HardwareAuthToken authToken;
1268 std::tie(authResult, authToken) =
1269 getAuthToken(characteristics, 0 /* no challenge */, keyPurpose,
1270 /*failOnTokenMissing*/ false);
1271
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001272 // If per-operation auth is needed we need to begin the operation and
1273 // the client will need to authorize that operation before calling
1274 // update. Any other auth issues stop here.
Shawn Willden827243a2017-09-12 05:41:33 -06001275 if (!authResult.isOk() && authResult != ResponseCode::OP_AUTH_NEEDED) {
1276 result->resultCode = authResult;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001277 return Status::ok();
Shawn Willden827243a2017-09-12 05:41:33 -06001278 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001279
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001280 // Add entropy to the device first.
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001281 if (entropy.size()) {
Janis Danisevskisc1460142017-12-18 16:48:46 -08001282 result->resultCode = KS_HANDLE_HIDL_ERROR(dev->addRngEntropy(entropy));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001283 if (!result->resultCode.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001284 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001285 }
1286 }
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001287
1288 // Create a keyid for this key.
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001289 km_id_t keyid;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001290 if (!enforcement_policy.CreateKeyId(key, &keyid)) {
1291 ALOGE("Failed to create a key ID for authorization checking.");
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001292 result->resultCode = ErrorCode::UNKNOWN_ERROR;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001293 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001294 }
1295
1296 // Check that all key authorization policy requirements are met.
Shawn Willden0329a822017-12-04 13:55:14 -07001297 AuthorizationSet key_auths = characteristics.hardwareEnforced;
1298 key_auths.append(characteristics.softwareEnforced.begin(),
1299 characteristics.softwareEnforced.end());
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001300
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001301 result->resultCode =
Shawn Willden0329a822017-12-04 13:55:14 -07001302 enforcement_policy.AuthorizeOperation(keyPurpose, keyid, key_auths, opParams, authToken,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001303 0 /* op_handle */, true /* is_begin_operation */);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001304 if (!result->resultCode.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001305 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001306 }
1307
Shawn Willdene2a7b522017-04-11 09:27:40 -06001308 // If there are more than kMaxOperations, abort the oldest operation that was started as
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001309 // pruneable.
Shawn Willdene2a7b522017-04-11 09:27:40 -06001310 while (mOperationMap.getOperationCount() >= kMaxOperations) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001311 ALOGD("Reached or exceeded concurrent operations limit");
1312 if (!pruneOperation()) {
1313 break;
1314 }
1315 }
1316
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001317 auto hidlCb = [&](ErrorCode ret, const hidl_vec<KeyParameter>& outParams,
1318 uint64_t operationHandle) {
1319 result->resultCode = ret;
1320 if (!result->resultCode.isOk()) {
Pavel Grafovcef39472018-02-12 18:45:02 +00001321 if (result->resultCode == ErrorCode::INVALID_KEY_BLOB) {
1322 log_key_integrity_violation(name8, targetUid);
1323 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001324 return;
1325 }
1326 result->handle = operationHandle;
1327 result->outParams = outParams;
1328 };
1329
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001330 ErrorCode rc =
Shawn Willden0329a822017-12-04 13:55:14 -07001331 KS_HANDLE_HIDL_ERROR(dev->begin(keyPurpose, key, opParams.hidl_data(), authToken, hidlCb));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001332 if (rc != ErrorCode::OK) {
1333 ALOGW("Got error %d from begin()", rc);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001334 }
1335
1336 // If there are too many operations abort the oldest operation that was
1337 // started as pruneable and try again.
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001338 while (rc == ErrorCode::TOO_MANY_OPERATIONS && mOperationMap.hasPruneableOperation()) {
1339 ALOGW("Ran out of operation handles");
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001340 if (!pruneOperation()) {
1341 break;
1342 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001343 rc = KS_HANDLE_HIDL_ERROR(
Shawn Willden0329a822017-12-04 13:55:14 -07001344 dev->begin(keyPurpose, key, opParams.hidl_data(), authToken, hidlCb));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001345 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001346 if (rc != ErrorCode::OK) {
1347 result->resultCode = rc;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001348 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001349 }
1350
Shawn Willden2eef1352018-05-22 16:13:24 -06001351 VerificationToken verificationToken;
1352 if (authResult.isOk() && authToken.mac.size() &&
1353 dev->halVersion().securityLevel == SecurityLevel::STRONGBOX) {
1354 // This operation needs an auth token, but the device is a STRONGBOX, so it can't check the
1355 // timestamp in the auth token. Get a VerificationToken from the TEE, which will be passed
1356 // to update() and begin().
1357 rc = KS_HANDLE_HIDL_ERROR(mKeyStore->getDevice(SecurityLevel::TRUSTED_ENVIRONMENT)
1358 ->verifyAuthorization(result->handle,
1359 {} /* parametersToVerify */, authToken,
1360 [&](auto error, const auto& token) {
1361 result->resultCode = error;
1362 verificationToken = token;
1363 }));
1364
1365 if (rc != ErrorCode::OK) result->resultCode = rc;
1366 if (result->resultCode != ErrorCode::OK) return Status::ok();
1367 }
1368
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001369 // Note: The operation map takes possession of the contents of "characteristics".
1370 // It is safe to use characteristics after the following line but it will be empty.
Max Bires33aac2d2018-02-23 10:53:10 -08001371 sp<IBinder> operationToken =
1372 mOperationMap.addOperation(result->handle, keyid, keyPurpose, dev, appToken,
1373 std::move(characteristics), params.getParameters(), pruneable);
Shawn Willden0329a822017-12-04 13:55:14 -07001374 assert(characteristics.hardwareEnforced.size() == 0);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001375 assert(characteristics.softwareEnforced.size() == 0);
Shawn Willdenc5e8f362017-08-31 09:23:06 -06001376 result->token = operationToken;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001377
Shawn Willden0329a822017-12-04 13:55:14 -07001378 mOperationMap.setOperationAuthToken(operationToken, std::move(authToken));
Shawn Willden2eef1352018-05-22 16:13:24 -06001379 mOperationMap.setOperationVerificationToken(operationToken, std::move(verificationToken));
Shawn Willden0329a822017-12-04 13:55:14 -07001380
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001381 // Return the authentication lookup result. If this is a per operation
1382 // auth'd key then the resultCode will be ::OP_AUTH_NEEDED and the
1383 // application should get an auth token using the handle before the
1384 // first call to update, which will fail if keystore hasn't received the
1385 // auth token.
Shawn Willden2f96c792017-09-07 23:59:08 -06001386 if (result->resultCode == ErrorCode::OK) {
1387 result->resultCode = authResult;
1388 }
Shawn Willdenc5e8f362017-08-31 09:23:06 -06001389
1390 // Other result fields were set in the begin operation's callback.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001391 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001392}
1393
David Zeuthenc6eb7cd2017-11-27 11:33:55 -05001394void KeyStoreService::appendConfirmationTokenIfNeeded(const KeyCharacteristics& keyCharacteristics,
1395 std::vector<KeyParameter>* params) {
1396 if (!(containsTag(keyCharacteristics.softwareEnforced, Tag::TRUSTED_CONFIRMATION_REQUIRED) ||
1397 containsTag(keyCharacteristics.hardwareEnforced, Tag::TRUSTED_CONFIRMATION_REQUIRED))) {
1398 return;
1399 }
1400
1401 hidl_vec<uint8_t> confirmationToken = mConfirmationManager->getLatestConfirmationToken();
1402 if (confirmationToken.size() == 0) {
1403 return;
1404 }
1405
1406 params->push_back(
1407 Authorization(keymaster::TAG_CONFIRMATION_TOKEN, std::move(confirmationToken)));
1408 ALOGD("Appending confirmation token\n");
1409}
1410
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001411Status KeyStoreService::update(const sp<IBinder>& token, const KeymasterArguments& params,
1412 const ::std::vector<uint8_t>& data, OperationResult* result) {
1413 if (!checkAllowedOperationParams(params.getParameters())) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001414 result->resultCode = ErrorCode::INVALID_ARGUMENT;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001415 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001416 }
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001417
1418 auto getOpResult = mOperationMap.getOperation(token);
1419 if (!getOpResult.isOk()) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001420 result->resultCode = ErrorCode::INVALID_OPERATION_HANDLE;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001421 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001422 }
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001423 const auto& op = getOpResult.value();
1424
Shawn Willden0329a822017-12-04 13:55:14 -07001425 HardwareAuthToken authToken;
1426 std::tie(result->resultCode, authToken) = getOperationAuthTokenIfNeeded(token);
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001427 if (!result->resultCode.isOk()) return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001428
1429 // Check that all key authorization policy requirements are met.
Shawn Willden0329a822017-12-04 13:55:14 -07001430 AuthorizationSet key_auths(op.characteristics.hardwareEnforced);
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001431 key_auths.append(op.characteristics.softwareEnforced.begin(),
1432 op.characteristics.softwareEnforced.end());
1433
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001434 result->resultCode = enforcement_policy.AuthorizeOperation(
Shawn Willden0329a822017-12-04 13:55:14 -07001435 op.purpose, op.keyid, key_auths, params.getParameters(), authToken, op.handle,
1436 false /* is_begin_operation */);
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001437 if (!result->resultCode.isOk()) return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001438
David Zeuthenc6eb7cd2017-11-27 11:33:55 -05001439 std::vector<KeyParameter> inParams = params.getParameters();
David Zeuthenc6eb7cd2017-11-27 11:33:55 -05001440
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001441 auto hidlCb = [&](ErrorCode ret, uint32_t inputConsumed,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001442 const hidl_vec<KeyParameter>& outParams,
1443 const ::std::vector<uint8_t>& output) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001444 result->resultCode = ret;
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001445 if (result->resultCode.isOk()) {
1446 result->inputConsumed = inputConsumed;
1447 result->outParams = outParams;
1448 result->data = output;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001449 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001450 };
1451
David Zeuthenc6eb7cd2017-11-27 11:33:55 -05001452 KeyStoreServiceReturnCode rc = KS_HANDLE_HIDL_ERROR(
Shawn Willden2eef1352018-05-22 16:13:24 -06001453 op.device->update(op.handle, inParams, data, authToken, op.verificationToken, hidlCb));
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001454
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001455 // just a reminder: on success result->resultCode was set in the callback. So we only overwrite
1456 // it if there was a communication error indicated by the ErrorCode.
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001457 if (!rc.isOk()) result->resultCode = rc;
1458
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001459 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001460}
1461
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001462Status KeyStoreService::finish(const sp<IBinder>& token, const KeymasterArguments& params,
1463 const ::std::vector<uint8_t>& signature,
1464 const ::std::vector<uint8_t>& entropy, OperationResult* result) {
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001465 auto getOpResult = mOperationMap.getOperation(token);
1466 if (!getOpResult.isOk()) {
1467 result->resultCode = ErrorCode::INVALID_OPERATION_HANDLE;
1468 return Status::ok();
1469 }
1470 const auto& op = std::move(getOpResult.value());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001471 if (!checkAllowedOperationParams(params.getParameters())) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001472 result->resultCode = ErrorCode::INVALID_ARGUMENT;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001473 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001474 }
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001475
Shawn Willden0329a822017-12-04 13:55:14 -07001476 HardwareAuthToken authToken;
1477 std::tie(result->resultCode, authToken) = getOperationAuthTokenIfNeeded(token);
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001478 if (!result->resultCode.isOk()) return Status::ok();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001479
1480 if (entropy.size()) {
Janis Danisevskisc1460142017-12-18 16:48:46 -08001481 result->resultCode = KS_HANDLE_HIDL_ERROR(op.device->addRngEntropy(entropy));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001482 if (!result->resultCode.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001483 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001484 }
1485 }
1486
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001487 // Check that all key authorization policy requirements are met.
Shawn Willden0329a822017-12-04 13:55:14 -07001488 AuthorizationSet key_auths(op.characteristics.hardwareEnforced);
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001489 key_auths.append(op.characteristics.softwareEnforced.begin(),
1490 op.characteristics.softwareEnforced.end());
1491
David Zeuthenc6eb7cd2017-11-27 11:33:55 -05001492 std::vector<KeyParameter> inParams = params.getParameters();
1493 appendConfirmationTokenIfNeeded(op.characteristics, &inParams);
1494
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001495 result->resultCode = enforcement_policy.AuthorizeOperation(
Shawn Willden0329a822017-12-04 13:55:14 -07001496 op.purpose, op.keyid, key_auths, params.getParameters(), authToken, op.handle,
1497 false /* is_begin_operation */);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001498 if (!result->resultCode.isOk()) return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001499
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001500 auto hidlCb = [&](ErrorCode ret, const hidl_vec<KeyParameter>& outParams,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001501 const ::std::vector<uint8_t>& output) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001502 result->resultCode = ret;
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001503 if (result->resultCode.isOk()) {
1504 result->outParams = outParams;
1505 result->data = output;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001506 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001507 };
1508
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001509 KeyStoreServiceReturnCode rc = KS_HANDLE_HIDL_ERROR(
David Zeuthenc6eb7cd2017-11-27 11:33:55 -05001510 op.device->finish(op.handle, inParams,
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001511 ::std::vector<uint8_t>() /* TODO(swillden): wire up input to finish() */,
Shawn Willden2eef1352018-05-22 16:13:24 -06001512 signature, authToken, op.verificationToken, hidlCb));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001513
Max Bires33aac2d2018-02-23 10:53:10 -08001514 bool wasOpSuccessful = true;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001515 // just a reminder: on success result->resultCode was set in the callback. So we only overwrite
1516 // it if there was a communication error indicated by the ErrorCode.
1517 if (!rc.isOk()) {
1518 result->resultCode = rc;
Max Bires33aac2d2018-02-23 10:53:10 -08001519 wasOpSuccessful = false;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001520 }
Max Bires33aac2d2018-02-23 10:53:10 -08001521
1522 // removeOperation() will free the memory 'op' used, so the order is important
1523 mAuthTokenTable.MarkCompleted(op.handle);
1524 mOperationMap.removeOperation(token, wasOpSuccessful);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001525 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001526}
1527
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001528Status KeyStoreService::abort(const sp<IBinder>& token, int32_t* aidl_return) {
Max Bires33aac2d2018-02-23 10:53:10 -08001529 auto getOpResult = mOperationMap.removeOperation(token, false /* wasOpSuccessful */);
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001530 if (!getOpResult.isOk()) {
1531 *aidl_return = static_cast<int32_t>(ErrorCode::INVALID_OPERATION_HANDLE);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001532 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001533 }
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001534 auto op = std::move(getOpResult.value());
1535 mAuthTokenTable.MarkCompleted(op.handle);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001536
Shawn Willdenda6dcc32017-12-03 14:56:05 -07001537 ErrorCode error_code = KS_HANDLE_HIDL_ERROR(op.device->abort(op.handle));
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001538 *aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(error_code));
1539 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001540}
1541
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001542Status KeyStoreService::isOperationAuthorized(const sp<IBinder>& token, bool* aidl_return) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001543 AuthorizationSet ignored;
Shawn Willden0329a822017-12-04 13:55:14 -07001544 KeyStoreServiceReturnCode rc;
1545 std::tie(rc, std::ignore) = getOperationAuthTokenIfNeeded(token);
1546 *aidl_return = rc.isOk();
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001547 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001548}
1549
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001550Status KeyStoreService::addAuthToken(const ::std::vector<uint8_t>& authTokenAsVector,
Brian Youngccb492d2018-02-22 23:36:01 +00001551 int32_t* aidl_return) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001552
Shawn Willdend3ed3a22017-03-28 00:39:16 +00001553 // TODO(swillden): When gatekeeper and fingerprint are ready, this should be updated to
1554 // receive a HardwareAuthToken, rather than an opaque byte array.
1555
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001556 if (!checkBinderPermission(P_ADD_AUTH)) {
1557 ALOGW("addAuthToken: permission denied for %d", IPCThreadState::self()->getCallingUid());
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001558 *aidl_return = static_cast<int32_t>(ResponseCode::PERMISSION_DENIED);
1559 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001560 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001561 if (authTokenAsVector.size() != sizeof(hw_auth_token_t)) {
1562 *aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
1563 return Status::ok();
Shawn Willdend3ed3a22017-03-28 00:39:16 +00001564 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001565
Shawn Willdend3ed3a22017-03-28 00:39:16 +00001566 hw_auth_token_t authToken;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001567 memcpy(reinterpret_cast<void*>(&authToken), authTokenAsVector.data(), sizeof(hw_auth_token_t));
Shawn Willdend3ed3a22017-03-28 00:39:16 +00001568 if (authToken.version != 0) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001569 *aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
1570 return Status::ok();
Shawn Willdend3ed3a22017-03-28 00:39:16 +00001571 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001572
Shawn Willden0329a822017-12-04 13:55:14 -07001573 mAuthTokenTable.AddAuthenticationToken(hidlVec2AuthToken(hidl_vec<uint8_t>(authTokenAsVector)));
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001574 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
1575 return Status::ok();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001576}
1577
Rubin Xu1a203e32018-05-08 14:25:21 +01001578int isDeviceIdAttestationRequested(const KeymasterArguments& params) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001579 const hardware::hidl_vec<KeyParameter> paramsVec = params.getParameters();
Rubin Xu1a203e32018-05-08 14:25:21 +01001580 int result = 0;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001581 for (size_t i = 0; i < paramsVec.size(); ++i) {
1582 switch (paramsVec[i].tag) {
Shawn Willdene2a7b522017-04-11 09:27:40 -06001583 case Tag::ATTESTATION_ID_BRAND:
1584 case Tag::ATTESTATION_ID_DEVICE:
Shawn Willdene2a7b522017-04-11 09:27:40 -06001585 case Tag::ATTESTATION_ID_MANUFACTURER:
Shawn Willdene2a7b522017-04-11 09:27:40 -06001586 case Tag::ATTESTATION_ID_MODEL:
1587 case Tag::ATTESTATION_ID_PRODUCT:
Rubin Xu1a203e32018-05-08 14:25:21 +01001588 result |= ID_ATTESTATION_REQUEST_GENERIC_INFO;
Shawn Willdene2a7b522017-04-11 09:27:40 -06001589 break;
Rubin Xu1a203e32018-05-08 14:25:21 +01001590 case Tag::ATTESTATION_ID_IMEI:
1591 case Tag::ATTESTATION_ID_MEID:
1592 case Tag::ATTESTATION_ID_SERIAL:
1593 result |= ID_ATTESTATION_REQUEST_UNIQUE_DEVICE_ID;
1594 break;
1595 default:
1596 continue;
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +01001597 }
1598 }
Rubin Xu1a203e32018-05-08 14:25:21 +01001599 return result;
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +01001600}
1601
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001602Status KeyStoreService::attestKey(const String16& name, const KeymasterArguments& params,
1603 ::android::security::keymaster::KeymasterCertificateChain* chain,
1604 int32_t* aidl_return) {
1605 // check null output if method signature is updated and return ErrorCode::OUTPUT_PARAMETER_NULL
1606 if (!checkAllowedOperationParams(params.getParameters())) {
1607 *aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
1608 return Status::ok();
Shawn Willden50eb1b22016-01-21 12:41:23 -07001609 }
1610
Eran Messerie2c34152017-12-21 21:01:22 +00001611 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1612
Rubin Xu1a203e32018-05-08 14:25:21 +01001613 int needsIdAttestation = isDeviceIdAttestationRequested(params);
1614 bool needsUniqueIdAttestation = needsIdAttestation & ID_ATTESTATION_REQUEST_UNIQUE_DEVICE_ID;
1615 bool isPrimaryUserSystemUid = (callingUid == AID_SYSTEM);
1616 bool isSomeUserSystemUid = (get_app_id(callingUid) == AID_SYSTEM);
1617 // Allow system context from any user to request attestation with basic device information,
1618 // while only allow system context from user 0 (device owner) to request attestation with
1619 // unique device ID.
1620 if ((needsIdAttestation && !isSomeUserSystemUid) ||
1621 (needsUniqueIdAttestation && !isPrimaryUserSystemUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001622 *aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
1623 return Status::ok();
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +01001624 }
1625
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001626 AuthorizationSet mutableParams = params.getParameters();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001627 KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams);
1628 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001629 *aidl_return = static_cast<int32_t>(rc);
1630 return Status::ok();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001631 }
Shawn Willdene2a7b522017-04-11 09:27:40 -06001632
Shawn Willden50eb1b22016-01-21 12:41:23 -07001633 Blob keyBlob;
1634 String8 name8(name);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001635 rc = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, TYPE_KEYMASTER_10);
1636 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001637 *aidl_return = static_cast<int32_t>(rc);
1638 return Status::ok();
Shawn Willden50eb1b22016-01-21 12:41:23 -07001639 }
1640
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001641 KeyStoreServiceReturnCode error;
1642 auto hidlCb = [&](ErrorCode ret, const hidl_vec<hidl_vec<uint8_t>>& certChain) {
1643 error = ret;
1644 if (!error.isOk()) {
1645 return;
1646 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001647 if (chain) {
1648 *chain = KeymasterCertificateChain(certChain);
1649 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001650 };
1651
1652 auto hidlKey = blob2hidlVec(keyBlob);
Janis Danisevskisc1460142017-12-18 16:48:46 -08001653 auto dev = mKeyStore->getDevice(keyBlob);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001654 rc = KS_HANDLE_HIDL_ERROR(dev->attestKey(hidlKey, mutableParams.hidl_data(), hidlCb));
1655 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001656 *aidl_return = static_cast<int32_t>(rc);
1657 return Status::ok();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001658 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001659 *aidl_return = static_cast<int32_t>(error);
1660 return Status::ok();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001661}
1662
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001663Status
1664KeyStoreService::attestDeviceIds(const KeymasterArguments& params,
1665 ::android::security::keymaster::KeymasterCertificateChain* chain,
1666 int32_t* aidl_return) {
1667 // check null output if method signature is updated and return ErrorCode::OUTPUT_PARAMETER_NULL
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001668
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001669 if (!checkAllowedOperationParams(params.getParameters())) {
1670 *aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
1671 return Status::ok();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001672 }
1673
1674 if (!isDeviceIdAttestationRequested(params)) {
1675 // There is an attestKey() method for attesting keys without device ID attestation.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001676 *aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::INVALID_ARGUMENT));
1677 return Status::ok();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001678 }
1679
1680 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1681 sp<IBinder> binder = defaultServiceManager()->getService(String16("permission"));
Yi Konge353f252018-07-30 01:38:39 -07001682 if (binder == nullptr) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001683 *aidl_return =
1684 static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::CANNOT_ATTEST_IDS));
1685 return Status::ok();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001686 }
1687 if (!interface_cast<IPermissionController>(binder)->checkPermission(
1688 String16("android.permission.READ_PRIVILEGED_PHONE_STATE"),
1689 IPCThreadState::self()->getCallingPid(), callingUid)) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001690 *aidl_return =
1691 static_cast<int32_t>(KeyStoreServiceReturnCode(ErrorCode::CANNOT_ATTEST_IDS));
1692 return Status::ok();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001693 }
1694
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001695 AuthorizationSet mutableParams = params.getParameters();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001696 KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams);
1697 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001698 *aidl_return = static_cast<int32_t>(rc);
1699 return Status::ok();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001700 }
1701
1702 // Generate temporary key.
Janis Danisevskisc1460142017-12-18 16:48:46 -08001703 sp<Keymaster> dev;
1704 SecurityLevel securityLevel;
1705 std::tie(dev, securityLevel) = mKeyStore->getMostSecureDevice();
1706
1707 if (securityLevel == SecurityLevel::SOFTWARE) {
1708 *aidl_return = static_cast<int32_t>(ResponseCode::SYSTEM_ERROR);
1709 return Status::ok();
1710 }
1711
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001712 KeyStoreServiceReturnCode error;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001713 ::std::vector<uint8_t> hidlKey;
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001714
1715 AuthorizationSet keyCharacteristics;
1716 keyCharacteristics.push_back(TAG_PURPOSE, KeyPurpose::VERIFY);
1717 keyCharacteristics.push_back(TAG_ALGORITHM, Algorithm::EC);
1718 keyCharacteristics.push_back(TAG_DIGEST, Digest::SHA_2_256);
1719 keyCharacteristics.push_back(TAG_NO_AUTH_REQUIRED);
1720 keyCharacteristics.push_back(TAG_EC_CURVE, EcCurve::P_256);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001721 auto generateHidlCb = [&](ErrorCode ret, const ::std::vector<uint8_t>& hidlKeyBlob,
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001722 const KeyCharacteristics&) {
1723 error = ret;
1724 if (!error.isOk()) {
1725 return;
1726 }
1727 hidlKey = hidlKeyBlob;
1728 };
1729
1730 rc = KS_HANDLE_HIDL_ERROR(dev->generateKey(keyCharacteristics.hidl_data(), generateHidlCb));
1731 if (!rc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001732 *aidl_return = static_cast<int32_t>(rc);
1733 return Status::ok();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001734 }
1735 if (!error.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001736 *aidl_return = static_cast<int32_t>(error);
1737 return Status::ok();
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001738 }
1739
1740 // Attest key and device IDs.
1741 auto attestHidlCb = [&](ErrorCode ret, const hidl_vec<hidl_vec<uint8_t>>& certChain) {
1742 error = ret;
1743 if (!error.isOk()) {
1744 return;
1745 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001746 *chain = ::android::security::keymaster::KeymasterCertificateChain(certChain);
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001747 };
1748 KeyStoreServiceReturnCode attestationRc =
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001749 KS_HANDLE_HIDL_ERROR(dev->attestKey(hidlKey, mutableParams.hidl_data(), attestHidlCb));
Bartosz Fabianowski5aa93e02017-04-24 13:54:49 +02001750
1751 // Delete temporary key.
1752 KeyStoreServiceReturnCode deletionRc = KS_HANDLE_HIDL_ERROR(dev->deleteKey(hidlKey));
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +01001753
1754 if (!attestationRc.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001755 *aidl_return = static_cast<int32_t>(attestationRc);
1756 return Status::ok();
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +01001757 }
1758 if (!error.isOk()) {
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001759 *aidl_return = static_cast<int32_t>(error);
1760 return Status::ok();
Bartosz Fabianowskia9452d92017-01-23 22:21:11 +01001761 }
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001762 *aidl_return = static_cast<int32_t>(deletionRc);
1763 return Status::ok();
Shawn Willden50eb1b22016-01-21 12:41:23 -07001764}
1765
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001766Status KeyStoreService::onDeviceOffBody(int32_t* aidl_return) {
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -04001767 // TODO(tuckeris): add permission check. This should be callable from ClockworkHome only.
1768 mAuthTokenTable.onDeviceOffBody();
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001769 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
1770 return Status::ok();
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -04001771}
1772
Janis Danisevskiscb9267d2017-12-19 16:27:52 -08001773#define AIDL_RETURN(rc) \
1774 (*_aidl_return = static_cast<int32_t>(KeyStoreServiceReturnCode(rc)), Status::ok())
1775
1776Status KeyStoreService::importWrappedKey(
1777 const ::android::String16& wrappedKeyAlias, const ::std::vector<uint8_t>& wrappedKey,
1778 const ::android::String16& wrappingKeyAlias, const ::std::vector<uint8_t>& maskingKey,
1779 const KeymasterArguments& params, int64_t rootSid, int64_t fingerprintSid,
1780 ::android::security::keymaster::KeyCharacteristics* outCharacteristics, int32_t* _aidl_return) {
1781
1782 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1783
1784 if (!checkBinderPermission(P_INSERT, callingUid)) {
1785 return AIDL_RETURN(ResponseCode::PERMISSION_DENIED);
1786 }
1787
1788 Blob wrappingKeyBlob;
1789 String8 wrappingKeyName8(wrappingKeyAlias);
1790 KeyStoreServiceReturnCode rc =
1791 mKeyStore->getKeyForName(&wrappingKeyBlob, wrappingKeyName8, callingUid, TYPE_KEYMASTER_10);
1792 if (!rc.isOk()) {
1793 return AIDL_RETURN(rc);
1794 }
1795
1796 SecurityLevel securityLevel = wrappingKeyBlob.getSecurityLevel();
1797 auto dev = mKeyStore->getDevice(securityLevel);
1798 if (!dev) {
1799 return AIDL_RETURN(ErrorCode::HARDWARE_TYPE_UNAVAILABLE);
1800 }
1801
1802 auto hidlWrappingKey = blob2hidlVec(wrappingKeyBlob);
1803 String8 wrappedKeyAlias8(wrappedKeyAlias);
1804
1805 KeyStoreServiceReturnCode error;
1806
1807 auto hidlCb = [&](ErrorCode ret, const ::std::vector<uint8_t>& keyBlob,
1808 const KeyCharacteristics& keyCharacteristics) {
1809 error = ret;
1810 if (!error.isOk()) {
1811 return;
1812 }
1813 if (outCharacteristics) {
1814 *outCharacteristics =
1815 ::android::security::keymaster::KeyCharacteristics(keyCharacteristics);
1816 }
1817
1818 // Write the key:
1819 String8 filename(
1820 mKeyStore->getKeyNameForUidWithDir(wrappedKeyAlias8, callingUid, ::TYPE_KEYMASTER_10));
1821
Yi Konge353f252018-07-30 01:38:39 -07001822 Blob ksBlob(&keyBlob[0], keyBlob.size(), nullptr, 0, ::TYPE_KEYMASTER_10);
Janis Danisevskiscb9267d2017-12-19 16:27:52 -08001823 ksBlob.setSecurityLevel(securityLevel);
1824
1825 if (containsTag(keyCharacteristics.hardwareEnforced, Tag::USER_SECURE_ID)) {
1826 ksBlob.setSuperEncrypted(true);
1827 }
1828
1829 error = mKeyStore->put(filename.string(), &ksBlob, get_user_id(callingUid));
1830 };
1831
Shawn Willden0a198a02018-01-19 13:36:31 -07001832 rc = KS_HANDLE_HIDL_ERROR(dev->importWrappedKey(wrappedKey, hidlWrappingKey, maskingKey,
1833 params.getParameters(), rootSid, fingerprintSid,
1834 hidlCb));
1835
Janis Danisevskiscb9267d2017-12-19 16:27:52 -08001836 // possible hidl error
1837 if (!rc.isOk()) {
1838 return AIDL_RETURN(rc);
1839 }
1840 // now check error from callback
1841 if (!error.isOk()) {
1842 return AIDL_RETURN(error);
1843 }
1844
1845 // Write the characteristics:
1846 String8 cFilename(mKeyStore->getKeyNameForUidWithDir(wrappedKeyAlias8, callingUid,
1847 ::TYPE_KEY_CHARACTERISTICS));
1848
1849 AuthorizationSet opParams = params.getParameters();
1850 std::stringstream kcStream;
1851 opParams.Serialize(&kcStream);
1852 if (kcStream.bad()) {
1853 return AIDL_RETURN(ResponseCode::SYSTEM_ERROR);
1854 }
1855 auto kcBuf = kcStream.str();
1856
Yi Konge353f252018-07-30 01:38:39 -07001857 Blob charBlob(reinterpret_cast<const uint8_t*>(kcBuf.data()), kcBuf.size(), nullptr, 0,
Janis Danisevskiscb9267d2017-12-19 16:27:52 -08001858 ::TYPE_KEY_CHARACTERISTICS);
1859 charBlob.setSecurityLevel(securityLevel);
1860
1861 return AIDL_RETURN(mKeyStore->put(cFilename.string(), &charBlob, get_user_id(callingUid)));
1862}
1863
David Zeuthenc6eb7cd2017-11-27 11:33:55 -05001864Status KeyStoreService::presentConfirmationPrompt(const sp<IBinder>& listener,
1865 const String16& promptText,
1866 const ::std::vector<uint8_t>& extraData,
1867 const String16& locale, int32_t uiOptionsAsFlags,
1868 int32_t* aidl_return) {
1869 return mConfirmationManager->presentConfirmationPrompt(listener, promptText, extraData, locale,
1870 uiOptionsAsFlags, aidl_return);
1871}
1872
1873Status KeyStoreService::cancelConfirmationPrompt(const sp<IBinder>& listener,
1874 int32_t* aidl_return) {
1875 return mConfirmationManager->cancelConfirmationPrompt(listener, aidl_return);
1876}
1877
David Zeuthen1a492312018-02-26 11:00:30 -05001878Status KeyStoreService::isConfirmationPromptSupported(bool* aidl_return) {
1879 return mConfirmationManager->isConfirmationPromptSupported(aidl_return);
1880}
1881
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001882/**
1883 * Prune the oldest pruneable operation.
1884 */
1885bool KeyStoreService::pruneOperation() {
1886 sp<IBinder> oldest = mOperationMap.getOldestPruneableOperation();
1887 ALOGD("Trying to prune operation %p", oldest.get());
1888 size_t op_count_before_abort = mOperationMap.getOperationCount();
1889 // We mostly ignore errors from abort() because all we care about is whether at least
1890 // one operation has been removed.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07001891 int32_t abort_error;
1892 abort(oldest, &abort_error);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001893 if (mOperationMap.getOperationCount() >= op_count_before_abort) {
1894 ALOGE("Failed to abort pruneable operation %p, error: %d", oldest.get(), abort_error);
1895 return false;
1896 }
1897 return true;
1898}
1899
1900/**
1901 * Get the effective target uid for a binder operation that takes an
1902 * optional uid as the target.
1903 */
1904uid_t KeyStoreService::getEffectiveUid(int32_t targetUid) {
1905 if (targetUid == UID_SELF) {
1906 return IPCThreadState::self()->getCallingUid();
1907 }
1908 return static_cast<uid_t>(targetUid);
1909}
1910
1911/**
1912 * Check if the caller of the current binder method has the required
1913 * permission and if acting on other uids the grants to do so.
1914 */
1915bool KeyStoreService::checkBinderPermission(perm_t permission, int32_t targetUid) {
1916 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1917 pid_t spid = IPCThreadState::self()->getCallingPid();
1918 if (!has_permission(callingUid, permission, spid)) {
1919 ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid);
1920 return false;
1921 }
1922 if (!is_granted_to(callingUid, getEffectiveUid(targetUid))) {
1923 ALOGW("uid %d not granted to act for %d", callingUid, targetUid);
1924 return false;
1925 }
1926 return true;
1927}
1928
1929/**
1930 * Check if the caller of the current binder method has the required
1931 * permission and the target uid is the caller or the caller is system.
1932 */
1933bool KeyStoreService::checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid) {
1934 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1935 pid_t spid = IPCThreadState::self()->getCallingPid();
1936 if (!has_permission(callingUid, permission, spid)) {
1937 ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid);
1938 return false;
1939 }
1940 return getEffectiveUid(targetUid) == callingUid || callingUid == AID_SYSTEM;
1941}
1942
1943/**
1944 * Check if the caller of the current binder method has the required
1945 * permission or the target of the operation is the caller's uid. This is
1946 * for operation where the permission is only for cross-uid activity and all
1947 * uids are allowed to act on their own (ie: clearing all entries for a
1948 * given uid).
1949 */
1950bool KeyStoreService::checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid) {
1951 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1952 if (getEffectiveUid(targetUid) == callingUid) {
1953 return true;
1954 } else {
1955 return checkBinderPermission(permission, targetUid);
1956 }
1957}
1958
1959/**
1960 * Helper method to check that the caller has the required permission as
1961 * well as the keystore is in the unlocked state if checkUnlocked is true.
1962 *
1963 * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and
1964 * otherwise the state of keystore when not unlocked and checkUnlocked is
1965 * true.
1966 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001967KeyStoreServiceReturnCode
1968KeyStoreService::checkBinderPermissionAndKeystoreState(perm_t permission, int32_t targetUid,
1969 bool checkUnlocked) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001970 if (!checkBinderPermission(permission, targetUid)) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001971 return ResponseCode::PERMISSION_DENIED;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001972 }
1973 State state = mKeyStore->getState(get_user_id(getEffectiveUid(targetUid)));
1974 if (checkUnlocked && !isKeystoreUnlocked(state)) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001975 // All State values coincide with ResponseCodes
1976 return static_cast<ResponseCode>(state);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001977 }
1978
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001979 return ResponseCode::NO_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001980}
1981
1982bool KeyStoreService::isKeystoreUnlocked(State state) {
1983 switch (state) {
1984 case ::STATE_NO_ERROR:
1985 return true;
1986 case ::STATE_UNINITIALIZED:
1987 case ::STATE_LOCKED:
1988 return false;
1989 }
1990 return false;
1991}
1992
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001993/**
Shawn Willden0329a822017-12-04 13:55:14 -07001994 * Check that all KeyParameters provided by the application are allowed. Any parameter that keystore
1995 * adds itself should be disallowed here.
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001996 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01001997bool KeyStoreService::checkAllowedOperationParams(const hidl_vec<KeyParameter>& params) {
1998 for (size_t i = 0; i < params.size(); ++i) {
1999 switch (params[i].tag) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002000 case Tag::ATTESTATION_APPLICATION_ID:
Shawn Willdene2a7b522017-04-11 09:27:40 -06002001 case Tag::RESET_SINCE_ID_ROTATION:
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002002 return false;
2003 default:
2004 break;
2005 }
2006 }
2007 return true;
2008}
2009
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002010ErrorCode KeyStoreService::getOperationCharacteristics(const hidl_vec<uint8_t>& key,
Shawn Willdenc67a8aa2017-12-03 17:51:29 -07002011 sp<Keymaster>* dev,
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002012 const AuthorizationSet& params,
2013 KeyCharacteristics* out) {
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -08002014 ::std::vector<uint8_t> clientId;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07002015 ::std::vector<uint8_t> appData;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002016 for (auto param : params) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002017 if (param.tag == Tag::APPLICATION_ID) {
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -08002018 clientId = authorizationValue(TAG_APPLICATION_ID, param).value();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002019 } else if (param.tag == Tag::APPLICATION_DATA) {
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -08002020 appData = authorizationValue(TAG_APPLICATION_DATA, param).value();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002021 }
2022 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002023 ErrorCode error = ErrorCode::OK;
2024
2025 auto hidlCb = [&](ErrorCode ret, const KeyCharacteristics& keyCharacteristics) {
2026 error = ret;
2027 if (error != ErrorCode::OK) {
2028 return;
2029 }
2030 if (out) *out = keyCharacteristics;
2031 };
2032
Janis Danisevskis64ec1fe2018-02-26 16:47:21 -08002033 ErrorCode rc =
2034 KS_HANDLE_HIDL_ERROR((*dev)->getKeyCharacteristics(key, clientId, appData, hidlCb));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002035 if (rc != ErrorCode::OK) {
2036 return rc;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002037 }
2038 return error;
2039}
2040
2041/**
Shawn Willdend3ed3a22017-03-28 00:39:16 +00002042 * Get the auth token for this operation from the auth token table.
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002043 *
Shawn Willdend3ed3a22017-03-28 00:39:16 +00002044 * Returns ResponseCode::NO_ERROR if the auth token was set or none was required.
2045 * ::OP_AUTH_NEEDED if it is a per op authorization, no
2046 * authorization token exists for that operation and
2047 * failOnTokenMissing is false.
2048 * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth
2049 * token for the operation
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002050 */
Shawn Willden0329a822017-12-04 13:55:14 -07002051std::pair<KeyStoreServiceReturnCode, HardwareAuthToken>
2052KeyStoreService::getAuthToken(const KeyCharacteristics& characteristics, uint64_t handle,
2053 KeyPurpose purpose, bool failOnTokenMissing) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002054
Shawn Willden0329a822017-12-04 13:55:14 -07002055 AuthorizationSet allCharacteristics(characteristics.softwareEnforced);
2056 allCharacteristics.append(characteristics.hardwareEnforced.begin(),
2057 characteristics.hardwareEnforced.end());
2058
2059 const HardwareAuthToken* authToken = nullptr;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07002060 AuthTokenTable::Error err = mAuthTokenTable.FindAuthorization(
Shawn Willden0329a822017-12-04 13:55:14 -07002061 allCharacteristics, static_cast<KeyPurpose>(purpose), handle, &authToken);
2062
2063 KeyStoreServiceReturnCode rc;
2064
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002065 switch (err) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002066 case AuthTokenTable::OK:
2067 case AuthTokenTable::AUTH_NOT_REQUIRED:
Shawn Willden0329a822017-12-04 13:55:14 -07002068 rc = ResponseCode::NO_ERROR;
2069 break;
2070
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002071 case AuthTokenTable::AUTH_TOKEN_NOT_FOUND:
2072 case AuthTokenTable::AUTH_TOKEN_EXPIRED:
2073 case AuthTokenTable::AUTH_TOKEN_WRONG_SID:
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07002074 ALOGE("getAuthToken failed: %d", err); // STOPSHIP: debug only, to be removed
Shawn Willden0329a822017-12-04 13:55:14 -07002075 rc = ErrorCode::KEY_USER_NOT_AUTHENTICATED;
2076 break;
2077
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002078 case AuthTokenTable::OP_HANDLE_REQUIRED:
Shawn Willden0329a822017-12-04 13:55:14 -07002079 rc = failOnTokenMissing ? KeyStoreServiceReturnCode(ErrorCode::KEY_USER_NOT_AUTHENTICATED)
2080 : KeyStoreServiceReturnCode(ResponseCode::OP_AUTH_NEEDED);
2081 break;
2082
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002083 default:
2084 ALOGE("Unexpected FindAuthorization return value %d", err);
Shawn Willden0329a822017-12-04 13:55:14 -07002085 rc = ErrorCode::INVALID_ARGUMENT;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002086 }
Shawn Willden0329a822017-12-04 13:55:14 -07002087
2088 return {rc, authToken ? std::move(*authToken) : HardwareAuthToken()};
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002089}
2090
2091/**
2092 * Add the auth token for the operation to the param list if the operation
2093 * requires authorization. Uses the cached result in the OperationMap if available
2094 * otherwise gets the token from the AuthTokenTable and caches the result.
2095 *
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002096 * Returns ResponseCode::NO_ERROR if the auth token was added or not needed.
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002097 * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if the operation is not
2098 * authenticated.
2099 * KM_ERROR_INVALID_OPERATION_HANDLE if token is not a valid
2100 * operation token.
2101 */
Shawn Willden0329a822017-12-04 13:55:14 -07002102std::pair<KeyStoreServiceReturnCode, const HardwareAuthToken&>
2103KeyStoreService::getOperationAuthTokenIfNeeded(const sp<IBinder>& token) {
2104 static HardwareAuthToken emptyToken = {};
2105
Shawn Willdenda6dcc32017-12-03 14:56:05 -07002106 auto getOpResult = mOperationMap.getOperation(token);
Shawn Willden0329a822017-12-04 13:55:14 -07002107 if (!getOpResult.isOk()) return {ErrorCode::INVALID_OPERATION_HANDLE, emptyToken};
Shawn Willdenda6dcc32017-12-03 14:56:05 -07002108 const auto& op = getOpResult.value();
2109
Shawn Willden0329a822017-12-04 13:55:14 -07002110 if (!op.hasAuthToken()) {
2111 KeyStoreServiceReturnCode rc;
2112 HardwareAuthToken found;
2113 std::tie(rc, found) = getAuthToken(op.characteristics, op.handle, op.purpose);
2114 if (!rc.isOk()) return {rc, emptyToken};
2115 mOperationMap.setOperationAuthToken(token, std::move(found));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002116 }
Shawn Willden0329a822017-12-04 13:55:14 -07002117
2118 return {ResponseCode::NO_ERROR, op.authToken};
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002119}
2120
2121/**
2122 * Translate a result value to a legacy return value. All keystore errors are
2123 * preserved and keymaster errors become SYSTEM_ERRORs
2124 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002125KeyStoreServiceReturnCode KeyStoreService::translateResultToLegacyResult(int32_t result) {
Shawn Willden0329a822017-12-04 13:55:14 -07002126 if (result > 0) return static_cast<ResponseCode>(result);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002127 return ResponseCode::SYSTEM_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002128}
2129
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07002130static NullOr<const Algorithm&> getKeyAlgoritmFromKeyCharacteristics(
2131 const ::android::security::keymaster::KeyCharacteristics& characteristics) {
Shawn Willden0329a822017-12-04 13:55:14 -07002132 for (const auto& param : characteristics.hardwareEnforced.getParameters()) {
2133 auto algo = authorizationValue(TAG_ALGORITHM, param);
2134 if (algo.isOk()) return algo;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002135 }
Shawn Willden0329a822017-12-04 13:55:14 -07002136 for (const auto& param : characteristics.softwareEnforced.getParameters()) {
2137 auto algo = authorizationValue(TAG_ALGORITHM, param);
2138 if (algo.isOk()) return algo;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002139 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002140 return {};
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002141}
2142
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002143void KeyStoreService::addLegacyBeginParams(const String16& name, AuthorizationSet* params) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002144 // All legacy keys are DIGEST_NONE/PAD_NONE.
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002145 params->push_back(TAG_DIGEST, Digest::NONE);
2146 params->push_back(TAG_PADDING, PaddingMode::NONE);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002147
2148 // Look up the algorithm of the key.
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07002149 ::android::security::keymaster::KeyCharacteristics characteristics;
2150 int32_t result;
2151 auto rc = getKeyCharacteristics(name, ::android::security::keymaster::KeymasterBlob(),
2152 ::android::security::keymaster::KeymasterBlob(), UID_SELF,
2153 &characteristics, &result);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002154 if (!rc.isOk()) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002155 ALOGE("Failed to get key characteristics");
2156 return;
2157 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002158 auto algorithm = getKeyAlgoritmFromKeyCharacteristics(characteristics);
2159 if (!algorithm.isOk()) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002160 ALOGE("getKeyCharacteristics did not include KM_TAG_ALGORITHM");
2161 return;
2162 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002163 params->push_back(TAG_ALGORITHM, algorithm.value());
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002164}
2165
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002166KeyStoreServiceReturnCode KeyStoreService::doLegacySignVerify(const String16& name,
2167 const hidl_vec<uint8_t>& data,
2168 hidl_vec<uint8_t>* out,
2169 const hidl_vec<uint8_t>& signature,
2170 KeyPurpose purpose) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002171
2172 std::basic_stringstream<uint8_t> outBuffer;
2173 OperationResult result;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002174 AuthorizationSet inArgs;
2175 addLegacyBeginParams(name, &inArgs);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002176 sp<IBinder> appToken(new BBinder);
2177 sp<IBinder> token;
2178
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07002179 begin(appToken, name, static_cast<int32_t>(purpose), true,
2180 KeymasterArguments(inArgs.hidl_data()), ::std::vector<uint8_t>(), UID_SELF, &result);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002181 if (!result.resultCode.isOk()) {
2182 if (result.resultCode == ResponseCode::KEY_NOT_FOUND) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002183 ALOGW("Key not found");
2184 } else {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002185 ALOGW("Error in begin: %d", int32_t(result.resultCode));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002186 }
2187 return translateResultToLegacyResult(result.resultCode);
2188 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002189 inArgs.Clear();
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002190 token = result.token;
2191 size_t consumed = 0;
2192 size_t lastConsumed = 0;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002193 hidl_vec<uint8_t> data_view;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002194 do {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002195 data_view.setToExternal(const_cast<uint8_t*>(&data[consumed]), data.size() - consumed);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07002196 update(token, KeymasterArguments(inArgs.hidl_data()), data_view, &result);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002197 if (result.resultCode != ResponseCode::NO_ERROR) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002198 ALOGW("Error in update: %d", int32_t(result.resultCode));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002199 return translateResultToLegacyResult(result.resultCode);
2200 }
2201 if (out) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002202 outBuffer.write(&result.data[0], result.data.size());
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002203 }
2204 lastConsumed = result.inputConsumed;
2205 consumed += lastConsumed;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002206 } while (consumed < data.size() && lastConsumed > 0);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002207
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002208 if (consumed != data.size()) {
2209 ALOGW("Not all data consumed. Consumed %zu of %zu", consumed, data.size());
2210 return ResponseCode::SYSTEM_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002211 }
2212
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07002213 finish(token, KeymasterArguments(inArgs.hidl_data()), signature, ::std::vector<uint8_t>(),
2214 &result);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002215 if (result.resultCode != ResponseCode::NO_ERROR) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002216 ALOGW("Error in finish: %d", int32_t(result.resultCode));
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002217 return translateResultToLegacyResult(result.resultCode);
2218 }
2219 if (out) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002220 outBuffer.write(&result.data[0], result.data.size());
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002221 }
2222
2223 if (out) {
2224 auto buf = outBuffer.str();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002225 out->resize(buf.size());
2226 memcpy(&(*out)[0], buf.data(), out->size());
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002227 }
2228
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002229 return ResponseCode::NO_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07002230}
2231
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002232KeyStoreServiceReturnCode KeyStoreService::upgradeKeyBlob(const String16& name, uid_t uid,
2233 const AuthorizationSet& params,
2234 Blob* blob) {
Shawn Willden98c59162016-03-20 09:10:18 -06002235 // Read the blob rather than assuming the caller provided the right name/uid/blob triplet.
2236 String8 name8(name);
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07002237 KeyStoreServiceReturnCode responseCode =
2238 mKeyStore->getKeyForName(blob, name8, uid, TYPE_KEYMASTER_10);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002239 if (responseCode != ResponseCode::NO_ERROR) {
Shawn Willden98c59162016-03-20 09:10:18 -06002240 return responseCode;
2241 }
Rubin Xu7675c9f2017-03-15 19:26:52 +00002242 ALOGI("upgradeKeyBlob %s %d", name8.string(), uid);
Shawn Willden98c59162016-03-20 09:10:18 -06002243
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002244 auto hidlKey = blob2hidlVec(*blob);
Janis Danisevskisc1460142017-12-18 16:48:46 -08002245 auto dev = mKeyStore->getDevice(*blob);
Shawn Willden98c59162016-03-20 09:10:18 -06002246
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002247 KeyStoreServiceReturnCode error;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -07002248 auto hidlCb = [&](ErrorCode ret, const ::std::vector<uint8_t>& upgradedKeyBlob) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002249 error = ret;
2250 if (!error.isOk()) {
Pavel Grafovcef39472018-02-12 18:45:02 +00002251 if (error == ErrorCode::INVALID_KEY_BLOB) {
2252 log_key_integrity_violation(name8, uid);
2253 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002254 return;
2255 }
2256
Janis Danisevskisaf7783f2017-09-21 11:29:47 -07002257 auto filename = mKeyStore->getBlobFileNameIfExists(name8, uid, ::TYPE_KEYMASTER_10);
2258 if (!filename.isOk()) {
2259 ALOGI("trying to upgrade a non existing blob");
2260 return;
2261 }
2262 error = mKeyStore->del(filename.value().string(), ::TYPE_ANY, get_user_id(uid));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002263 if (!error.isOk()) {
Rubin Xu7675c9f2017-03-15 19:26:52 +00002264 ALOGI("upgradeKeyBlob keystore->del failed %d", (int)error);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002265 return;
2266 }
2267
2268 Blob newBlob(&upgradedKeyBlob[0], upgradedKeyBlob.size(), nullptr /* info */,
2269 0 /* infoLength */, ::TYPE_KEYMASTER_10);
Janis Danisevskisc1460142017-12-18 16:48:46 -08002270 newBlob.setSecurityLevel(blob->getSecurityLevel());
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002271 newBlob.setEncrypted(blob->isEncrypted());
Rubin Xu67899de2017-04-21 19:15:13 +01002272 newBlob.setSuperEncrypted(blob->isSuperEncrypted());
2273 newBlob.setCriticalToDeviceEncryption(blob->isCriticalToDeviceEncryption());
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002274
Janis Danisevskisaf7783f2017-09-21 11:29:47 -07002275 error = mKeyStore->put(filename.value().string(), &newBlob, get_user_id(uid));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002276 if (!error.isOk()) {
Rubin Xu7675c9f2017-03-15 19:26:52 +00002277 ALOGI("upgradeKeyBlob keystore->put failed %d", (int)error);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002278 return;
2279 }
2280
2281 // Re-read blob for caller. We can't use newBlob because writing it modified it.
2282 error = mKeyStore->getKeyForName(blob, name8, uid, TYPE_KEYMASTER_10);
2283 };
2284
2285 KeyStoreServiceReturnCode rc =
2286 KS_HANDLE_HIDL_ERROR(dev->upgradeKey(hidlKey, params.hidl_data(), hidlCb));
2287 if (!rc.isOk()) {
Shawn Willden98c59162016-03-20 09:10:18 -06002288 return rc;
2289 }
2290
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +01002291 return error;
Shawn Willden98c59162016-03-20 09:10:18 -06002292}
2293
Brian Young9a947d52018-02-23 18:03:14 +00002294Status KeyStoreService::onKeyguardVisibilityChanged(bool isShowing, int32_t userId,
2295 int32_t* aidl_return) {
2296 enforcement_policy.set_device_locked(isShowing, userId);
Brian C. Young78daac22018-03-31 15:02:34 -07002297 if (!isShowing) {
2298 mActiveUserId = userId;
2299 }
Brian Young9a947d52018-02-23 18:03:14 +00002300 *aidl_return = static_cast<int32_t>(ResponseCode::NO_ERROR);
Brian Young9371e952018-02-23 18:03:14 +00002301
2302 return Status::ok();
2303}
2304
Shawn Willdene2a7b522017-04-11 09:27:40 -06002305} // namespace keystore