Gitiles
Code Review Sign In
gerrit.omnirom.org / android_system_security / e5a09aac43f4f80284ba54b42867c5400469eaf6 / . / keystore / key_store_service.h
blob: 7a48be75784b6b629bd41c0e1db6a306e1148d50 [file] [log] [blame]
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef KEYSTORE_KEYSTORE_SERVICE_H_
18#define KEYSTORE_KEYSTORE_SERVICE_H_
19
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]20#include <android/security/BnKeystoreService.h>
Shawn Willden98c59162016-03-20 09:10:18 -0600[diff] [blame]21
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]22#include "auth_token_table.h"
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]23#include "confirmation_manager.h"
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]24
Shawn Willdenfa5702f2017-12-03 15:14:58 -0700[diff] [blame]25#include "KeyStore.h"
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]26#include "keystore_keymaster_enforcement.h"
27#include "operation.h"
28#include "permissions.h"
29
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]30namespace keystore {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]31
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]32// Class provides implementation for generated BnKeystoreService.h based on
33// gen/aidl/android/security/BnKeystoreService.h generated from
34// java/android/security/IKeystoreService.aidl Note that all generated methods return binder::Status
35// and use last arguments to send actual result to the caller. Private methods don't need to handle
36// binder::Status. Input parameters cannot be null unless annotated with @nullable in .aidl file.
37class KeyStoreService : public android::security::BnKeystoreService,
38 android::IBinder::DeathRecipient {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]39 public:
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]40 explicit KeyStoreService(KeyStore* keyStore)
41 : mKeyStore(keyStore), mOperationMap(this),
Brian Claire Young3133c452018-08-31 13:56:49 -0700[diff] [blame]42 mConfirmationManager(new ConfirmationManager(this)) {}
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]43 virtual ~KeyStoreService() = default;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]44
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]45 void binderDied(const android::wp<android::IBinder>& who);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]46
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]47 ::android::binder::Status getState(int32_t userId, int32_t* _aidl_return) override;
48 ::android::binder::Status get(const ::android::String16& name, int32_t uid,
49 ::std::vector<uint8_t>* _aidl_return) override;
50 ::android::binder::Status insert(const ::android::String16& name,
51 const ::std::vector<uint8_t>& item, int32_t uid, int32_t flags,
52 int32_t* _aidl_return) override;
53 ::android::binder::Status del(const ::android::String16& name, int32_t uid,
54 int32_t* _aidl_return) override;
55 ::android::binder::Status exist(const ::android::String16& name, int32_t uid,
56 int32_t* _aidl_return) override;
57 ::android::binder::Status list(const ::android::String16& namePrefix, int32_t uid,
58 ::std::vector<::android::String16>* _aidl_return) override;
59 ::android::binder::Status reset(int32_t* _aidl_return) override;
60 ::android::binder::Status onUserPasswordChanged(int32_t userId,
61 const ::android::String16& newPassword,
62 int32_t* _aidl_return) override;
63 ::android::binder::Status lock(int32_t userId, int32_t* _aidl_return) override;
64 ::android::binder::Status unlock(int32_t userId, const ::android::String16& userPassword,
65 int32_t* _aidl_return) override;
66 ::android::binder::Status isEmpty(int32_t userId, int32_t* _aidl_return) override;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]67 ::android::binder::Status grant(const ::android::String16& name, int32_t granteeUid,
68 ::android::String16* _aidl_return) override;
69 ::android::binder::Status ungrant(const ::android::String16& name, int32_t granteeUid,
70 int32_t* _aidl_return) override;
71 ::android::binder::Status getmtime(const ::android::String16& name, int32_t uid,
72 int64_t* _aidl_return) override;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]73 ::android::binder::Status is_hardware_backed(const ::android::String16& string,
74 int32_t* _aidl_return) override;
75 ::android::binder::Status clear_uid(int64_t uid, int32_t* _aidl_return) override;
Janis Danisevskisc1460142017-12-18 16:48:46 -0800[diff] [blame]76 ::android::binder::Status addRngEntropy(const ::std::vector<uint8_t>& data, int32_t flags,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]77 int32_t* _aidl_return) override;
78 ::android::binder::Status
79 generateKey(const ::android::String16& alias,
80 const ::android::security::keymaster::KeymasterArguments& arguments,
81 const ::std::vector<uint8_t>& entropy, int32_t uid, int32_t flags,
82 ::android::security::keymaster::KeyCharacteristics* characteristics,
83 int32_t* _aidl_return) override;
84 ::android::binder::Status
85 getKeyCharacteristics(const ::android::String16& alias,
86 const ::android::security::keymaster::KeymasterBlob& clientId,
87 const ::android::security::keymaster::KeymasterBlob& appId, int32_t uid,
88 ::android::security::keymaster::KeyCharacteristics* characteristics,
89 int32_t* _aidl_return) override;
90 ::android::binder::Status
91 importKey(const ::android::String16& alias,
92 const ::android::security::keymaster::KeymasterArguments& arguments, int32_t format,
93 const ::std::vector<uint8_t>& keyData, int32_t uid, int32_t flags,
94 ::android::security::keymaster::KeyCharacteristics* characteristics,
95 int32_t* _aidl_return) override;
96 ::android::binder::Status
97 exportKey(const ::android::String16& alias, int32_t format,
98 const ::android::security::keymaster::KeymasterBlob& clientId,
99 const ::android::security::keymaster::KeymasterBlob& appId, int32_t uid,
100 ::android::security::keymaster::ExportResult* _aidl_return) override;
101 ::android::binder::Status
102 begin(const ::android::sp<::android::IBinder>& appToken, const ::android::String16& alias,
103 int32_t purpose, bool pruneable,
104 const ::android::security::keymaster::KeymasterArguments& params,
105 const ::std::vector<uint8_t>& entropy, int32_t uid,
106 ::android::security::keymaster::OperationResult* _aidl_return) override;
107 ::android::binder::Status
108 update(const ::android::sp<::android::IBinder>& token,
109 const ::android::security::keymaster::KeymasterArguments& params,
110 const ::std::vector<uint8_t>& input,
111 ::android::security::keymaster::OperationResult* _aidl_return) override;
112 ::android::binder::Status
113 finish(const ::android::sp<::android::IBinder>& token,
114 const ::android::security::keymaster::KeymasterArguments& params,
115 const ::std::vector<uint8_t>& signature, const ::std::vector<uint8_t>& entropy,
116 ::android::security::keymaster::OperationResult* _aidl_return) override;
117 ::android::binder::Status abort(const ::android::sp<::android::IBinder>& handle,
118 int32_t* _aidl_return) override;
Brian Youngccb492d2018-02-22 23:36:01 +0000[diff] [blame]119 ::android::binder::Status addAuthToken(const ::std::vector<uint8_t>& authToken,
Brian Young1b759292018-01-29 23:57:29 +0000[diff] [blame]120 int32_t* _aidl_return) override;
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700[diff] [blame]121 ::android::binder::Status onUserAdded(int32_t userId, int32_t parentId,
122 int32_t* _aidl_return) override;
123 ::android::binder::Status onUserRemoved(int32_t userId, int32_t* _aidl_return) override;
124 ::android::binder::Status
125 attestKey(const ::android::String16& alias,
126 const ::android::security::keymaster::KeymasterArguments& params,
127 ::android::security::keymaster::KeymasterCertificateChain* chain,
128 int32_t* _aidl_return) override;
129 ::android::binder::Status
130 attestDeviceIds(const ::android::security::keymaster::KeymasterArguments& params,
131 ::android::security::keymaster::KeymasterCertificateChain* chain,
132 int32_t* _aidl_return) override;
133 ::android::binder::Status onDeviceOffBody(int32_t* _aidl_return) override;
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]134
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800[diff] [blame]135 ::android::binder::Status importWrappedKey(
136 const ::android::String16& wrappedKeyAlias, const ::std::vector<uint8_t>& wrappedKey,
137 const ::android::String16& wrappingKeyAlias, const ::std::vector<uint8_t>& maskingKey,
138 const ::android::security::keymaster::KeymasterArguments& params, int64_t rootSid,
139 int64_t fingerprintSid, ::android::security::keymaster::KeyCharacteristics* characteristics,
140 int32_t* _aidl_return) override;
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]141
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]142 ::android::binder::Status presentConfirmationPrompt(
143 const ::android::sp<::android::IBinder>& listener, const ::android::String16& promptText,
144 const ::std::vector<uint8_t>& extraData, const ::android::String16& locale,
145 int32_t uiOptionsAsFlags, int32_t* _aidl_return) override;
146 ::android::binder::Status
147 cancelConfirmationPrompt(const ::android::sp<::android::IBinder>& listener,
148 int32_t* _aidl_return) override;
David Zeuthen1a492312018-02-26 11:00:30 -0500[diff] [blame]149 ::android::binder::Status isConfirmationPromptSupported(bool* _aidl_return) override;
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]150
Brian Young9371e952018-02-23 18:03:14 +0000[diff] [blame]151 ::android::binder::Status onKeyguardVisibilityChanged(bool isShowing, int32_t userId,
152 int32_t* _aidl_return);
153
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]154 private:
155 static const int32_t UID_SELF = -1;
156
157 /**
158 * Prune the oldest pruneable operation.
159 */
160 bool pruneOperation();
161
162 /**
163 * Get the effective target uid for a binder operation that takes an
164 * optional uid as the target.
165 */
166 uid_t getEffectiveUid(int32_t targetUid);
167
168 /**
169 * Check if the caller of the current binder method has the required
170 * permission and if acting on other uids the grants to do so.
171 */
172 bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF);
173
174 /**
175 * Check if the caller of the current binder method has the required
176 * permission and the target uid is the caller or the caller is system.
177 */
178 bool checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid);
179
180 /**
181 * Check if the caller of the current binder method has the required
182 * permission or the target of the operation is the caller's uid. This is
183 * for operation where the permission is only for cross-uid activity and all
184 * uids are allowed to act on their own (ie: clearing all entries for a
185 * given uid).
186 */
187 bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid);
188
189 /**
190 * Helper method to check that the caller has the required permission as
191 * well as the keystore is in the unlocked state if checkUnlocked is true.
192 *
193 * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and
194 * otherwise the state of keystore when not unlocked and checkUnlocked is
195 * true.
196 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]197 KeyStoreServiceReturnCode checkBinderPermissionAndKeystoreState(perm_t permission,
198 int32_t targetUid = -1,
199 bool checkUnlocked = true);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]200
201 bool isKeystoreUnlocked(State state);
202
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]203 /**
204 * Check that all keymaster_key_param_t's provided by the application are
205 * allowed. Any parameter that keystore adds itself should be disallowed here.
206 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]207 bool checkAllowedOperationParams(const hidl_vec<KeyParameter>& params);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]208
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]209 ErrorCode getOperationCharacteristics(const hidl_vec<uint8_t>& key, sp<Keymaster>* dev,
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]210 const AuthorizationSet& params, KeyCharacteristics* out);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]211
212 /**
213 * Get the auth token for this operation from the auth token table.
214 *
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]215 * Returns NO_ERROR if the auth token was found or none was required. If not needed, the
216 * token will be empty (which keymaster interprets as no auth token).
217 * OP_AUTH_NEEDED if it is a per op authorization, no authorization token exists for
218 * that operation and failOnTokenMissing is false.
219 * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth token for the operation
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]220 */
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]221 std::pair<KeyStoreServiceReturnCode, HardwareAuthToken>
222 getAuthToken(const KeyCharacteristics& characteristics, uint64_t handle, KeyPurpose purpose,
223 bool failOnTokenMissing = true);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]224
225 /**
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]226 * Get the auth token for the operation if the operation requires authorization. Uses the cached
227 * result in the OperationMap if available otherwise gets the token from the AuthTokenTable and
228 * caches the result.
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]229 *
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]230 * Returns NO_ERROR if the auth token was found or not needed. If not needed, the token will
231 * be empty (which keymaster interprets as no auth token).
232 * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if the operation is not authenticated.
233 * KM_ERROR_INVALID_OPERATION_HANDLE if token is not a valid operation token.
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]234 */
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]235 std::pair<KeyStoreServiceReturnCode, const HardwareAuthToken&>
236 getOperationAuthTokenIfNeeded(const sp<android::IBinder>& token);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]237
238 /**
239 * Translate a result value to a legacy return value. All keystore errors are
240 * preserved and keymaster errors become SYSTEM_ERRORs
241 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]242 KeyStoreServiceReturnCode translateResultToLegacyResult(int32_t result);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]243
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]244 void addLegacyBeginParams(const android::String16& name, AuthorizationSet* params);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]245
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]246 KeyStoreServiceReturnCode doLegacySignVerify(const android::String16& name,
247 const hidl_vec<uint8_t>& data,
248 hidl_vec<uint8_t>* out,
249 const hidl_vec<uint8_t>& signature,
250 KeyPurpose purpose);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]251
Shawn Willden98c59162016-03-20 09:10:18 -0600[diff] [blame]252 /**
253 * Upgrade a key blob under alias "name", returning the new blob in "blob". If "blob"
254 * previously contained data, it will be overwritten.
255 *
256 * Returns ::NO_ERROR if the key was upgraded successfully.
257 * KM_ERROR_VERSION_MISMATCH if called on a key whose patch level is greater than or
258 * equal to the current system patch level.
259 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]260 KeyStoreServiceReturnCode upgradeKeyBlob(const android::String16& name, uid_t targetUid,
261 const AuthorizationSet& params, Blob* blob);
Shawn Willden98c59162016-03-20 09:10:18 -0600[diff] [blame]262
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]263 /**
264 * Adds a Confirmation Token to the key parameters if needed.
265 */
266 void appendConfirmationTokenIfNeeded(const KeyCharacteristics& keyCharacteristics,
267 std::vector<KeyParameter>* params);
268
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]269 KeyStore* mKeyStore;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]270 OperationMap mOperationMap;
David Zeuthenc6eb7cd2017-11-27 11:33:55 -0500[diff] [blame]271 android::sp<ConfirmationManager> mConfirmationManager;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]272 keystore::AuthTokenTable mAuthTokenTable;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]273 KeystoreKeymasterEnforcement enforcement_policy;
274};
275
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]276}; // namespace keystore
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]277
278#endif // KEYSTORE_KEYSTORE_SERVICE_H_