blob: 8c8267b581b5342e373173ee9f4acda4a5da86e2 [file] [log] [blame]
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001/*
2 * Copyright (C) 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#define LOG_TAG "keystore"
18
19#include <arpa/inet.h>
20#include <errno.h>
21#include <fcntl.h>
22#include <string.h>
23
24#include <cutils/log.h>
25
26#include "blob.h"
27#include "entropy.h"
28
29#include "keystore_utils.h"
30
31Blob::Blob(const uint8_t* value, size_t valueLength, const uint8_t* info, uint8_t infoLength,
32 BlobType type) {
33 memset(&mBlob, 0, sizeof(mBlob));
34 if (valueLength > VALUE_SIZE) {
35 valueLength = VALUE_SIZE;
36 ALOGW("Provided blob length too large");
37 }
38 if (infoLength + valueLength > VALUE_SIZE) {
39 infoLength = VALUE_SIZE - valueLength;
40 ALOGW("Provided info length too large");
41 }
42 mBlob.length = valueLength;
43 memcpy(mBlob.value, value, valueLength);
44
45 mBlob.info = infoLength;
46 memcpy(mBlob.value + valueLength, info, infoLength);
47
48 mBlob.version = CURRENT_BLOB_VERSION;
49 mBlob.type = uint8_t(type);
50
51 if (type == TYPE_MASTER_KEY) {
52 mBlob.flags = KEYSTORE_FLAG_ENCRYPTED;
53 } else {
54 mBlob.flags = KEYSTORE_FLAG_NONE;
55 }
56}
57
58Blob::Blob(blob b) {
59 mBlob = b;
60}
61
62Blob::Blob() {
63 memset(&mBlob, 0, sizeof(mBlob));
64}
65
66bool Blob::isEncrypted() const {
67 if (mBlob.version < 2) {
68 return true;
69 }
70
71 return mBlob.flags & KEYSTORE_FLAG_ENCRYPTED;
72}
73
Shawn Willdend5a24e62017-02-28 13:53:24 -070074bool Blob::isSuperEncrypted() const {
75 return mBlob.flags & KEYSTORE_FLAG_SUPER_ENCRYPTED;
76}
77
78inline uint8_t setFlag(uint8_t flags, bool set, KeyStoreFlag flag) {
79 return set ? (flags | flag) : (flags & ~flag);
80}
81
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070082void Blob::setEncrypted(bool encrypted) {
Shawn Willdend5a24e62017-02-28 13:53:24 -070083 mBlob.flags = setFlag(mBlob.flags, encrypted, KEYSTORE_FLAG_ENCRYPTED);
84}
85
Rubin Xu48477952017-04-19 14:16:57 +010086void Blob::setSuperEncrypted(__attribute__((unused)) bool superEncrypted) {
87 // Do not enable super encryption yet, as it's clashing with synthetic password flow
88 // TODO: re-enables this once keystore knows about synthetic password keys
89
90 //mBlob.flags = setFlag(mBlob.flags, superEncrypted, KEYSTORE_FLAG_SUPER_ENCRYPTED);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070091}
92
93void Blob::setFallback(bool fallback) {
94 if (fallback) {
95 mBlob.flags |= KEYSTORE_FLAG_FALLBACK;
96 } else {
97 mBlob.flags &= ~KEYSTORE_FLAG_FALLBACK;
98 }
99}
100
101ResponseCode Blob::writeBlob(const char* filename, AES_KEY* aes_key, State state,
102 Entropy* entropy) {
103 ALOGV("writing blob %s", filename);
Shawn Willdend5a24e62017-02-28 13:53:24 -0700104 if (isEncrypted() || isSuperEncrypted()) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700105 if (state != STATE_NO_ERROR) {
106 ALOGD("couldn't insert encrypted blob while not unlocked");
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100107 return ResponseCode::LOCKED;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700108 }
109
110 if (!entropy->generate_random_data(mBlob.vector, AES_BLOCK_SIZE)) {
111 ALOGW("Could not read random data for: %s", filename);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100112 return ResponseCode::SYSTEM_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700113 }
114 }
115
116 // data includes the value and the value's length
117 size_t dataLength = mBlob.length + sizeof(mBlob.length);
118 // pad data to the AES_BLOCK_SIZE
119 size_t digestedLength = ((dataLength + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE * AES_BLOCK_SIZE);
120 // encrypted data includes the digest value
121 size_t encryptedLength = digestedLength + MD5_DIGEST_LENGTH;
122 // move info after space for padding
123 memmove(&mBlob.encrypted[encryptedLength], &mBlob.value[mBlob.length], mBlob.info);
124 // zero padding area
125 memset(mBlob.value + mBlob.length, 0, digestedLength - dataLength);
126
127 mBlob.length = htonl(mBlob.length);
128
Shawn Willdend5a24e62017-02-28 13:53:24 -0700129 if (isEncrypted() || isSuperEncrypted()) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700130 MD5(mBlob.digested, digestedLength, mBlob.digest);
131
132 uint8_t vector[AES_BLOCK_SIZE];
133 memcpy(vector, mBlob.vector, AES_BLOCK_SIZE);
134 AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, aes_key, vector,
135 AES_ENCRYPT);
136 }
137
138 size_t headerLength = (mBlob.encrypted - (uint8_t*)&mBlob);
139 size_t fileLength = encryptedLength + headerLength + mBlob.info;
140
141 const char* tmpFileName = ".tmp";
142 int out =
143 TEMP_FAILURE_RETRY(open(tmpFileName, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR));
144 if (out < 0) {
145 ALOGW("could not open file: %s: %s", tmpFileName, strerror(errno));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100146 return ResponseCode::SYSTEM_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700147 }
148 size_t writtenBytes = writeFully(out, (uint8_t*)&mBlob, fileLength);
149 if (close(out) != 0) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100150 return ResponseCode::SYSTEM_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700151 }
152 if (writtenBytes != fileLength) {
153 ALOGW("blob not fully written %zu != %zu", writtenBytes, fileLength);
154 unlink(tmpFileName);
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100155 return ResponseCode::SYSTEM_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700156 }
157 if (rename(tmpFileName, filename) == -1) {
158 ALOGW("could not rename blob to %s: %s", filename, strerror(errno));
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100159 return ResponseCode::SYSTEM_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700160 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100161 return ResponseCode::NO_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700162}
163
164ResponseCode Blob::readBlob(const char* filename, AES_KEY* aes_key, State state) {
165 ALOGV("reading blob %s", filename);
166 int in = TEMP_FAILURE_RETRY(open(filename, O_RDONLY));
167 if (in < 0) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100168 return (errno == ENOENT) ? ResponseCode::KEY_NOT_FOUND : ResponseCode::SYSTEM_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700169 }
170 // fileLength may be less than sizeof(mBlob) since the in
171 // memory version has extra padding to tolerate rounding up to
172 // the AES_BLOCK_SIZE
173 size_t fileLength = readFully(in, (uint8_t*)&mBlob, sizeof(mBlob));
174 if (close(in) != 0) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100175 return ResponseCode::SYSTEM_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700176 }
177
178 if (fileLength == 0) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100179 return ResponseCode::VALUE_CORRUPTED;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700180 }
181
Shawn Willdend5a24e62017-02-28 13:53:24 -0700182 if ((isEncrypted() || isSuperEncrypted()) && (state != STATE_NO_ERROR)) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100183 return ResponseCode::LOCKED;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700184 }
185
186 size_t headerLength = (mBlob.encrypted - (uint8_t*)&mBlob);
187 if (fileLength < headerLength) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100188 return ResponseCode::VALUE_CORRUPTED;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700189 }
190
191 ssize_t encryptedLength = fileLength - (headerLength + mBlob.info);
192 if (encryptedLength < 0) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100193 return ResponseCode::VALUE_CORRUPTED;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700194 }
195
196 ssize_t digestedLength;
Shawn Willden45c112a2017-04-17 09:02:42 -0600197 if (isEncrypted() || isSuperEncrypted()) {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700198 if (encryptedLength % AES_BLOCK_SIZE != 0) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100199 return ResponseCode::VALUE_CORRUPTED;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700200 }
201
202 AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, aes_key, mBlob.vector,
203 AES_DECRYPT);
204 digestedLength = encryptedLength - MD5_DIGEST_LENGTH;
205 uint8_t computedDigest[MD5_DIGEST_LENGTH];
206 MD5(mBlob.digested, digestedLength, computedDigest);
207 if (memcmp(mBlob.digest, computedDigest, MD5_DIGEST_LENGTH) != 0) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100208 return ResponseCode::VALUE_CORRUPTED;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700209 }
210 } else {
211 digestedLength = encryptedLength;
212 }
213
214 ssize_t maxValueLength = digestedLength - sizeof(mBlob.length);
215 mBlob.length = ntohl(mBlob.length);
216 if (mBlob.length < 0 || mBlob.length > maxValueLength) {
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100217 return ResponseCode::VALUE_CORRUPTED;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700218 }
219 if (mBlob.info != 0) {
220 // move info from after padding to after data
221 memmove(&mBlob.value[mBlob.length], &mBlob.value[maxValueLength], mBlob.info);
222 }
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100223 return ResponseCode::NO_ERROR;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700224}