1/* 2** Copyright 2009, The Android Open Source Project 3** 4** Licensed under the Apache License, Version 2.0 (the "License"); 5** you may not use this file except in compliance with the License. 6** You may obtain a copy of the License at 7** 8** http://www.apache.org/licenses/LICENSE-2.0 9** 10** Unless required by applicable law or agreed to in writing, software 11** distributed under the License is distributed on an "AS IS" BASIS, 12** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13** See the License for the specific language governing permissions and 14** limitations under the License. 15*/ 16 17#include <stdio.h> 18#include <stdlib.h> 19#include <string.h> 20#include <sys/stat.h> 21#include <sys/types.h> 22#include <ctype.h> 23#include <fcntl.h> 24#include <dirent.h> 25#include <errno.h> 26#include <openssl/aes.h> 27#include <openssl/evp.h> 28#include <cutils/log.h> 29 30#include "common.h" 31#include "keymgmt.h" 32 33static int retry_count = 0; 34static unsigned char iv[IV_LEN]; 35static KEYSTORE_STATE state = BOOTUP; 36static AES_KEY encryptKey, decryptKey; 37 38inline void unlock_keystore(unsigned char *master_key) 39{ 40 AES_set_encrypt_key(master_key, AES_KEY_LEN, &encryptKey); 41 AES_set_decrypt_key(master_key, AES_KEY_LEN, &decryptKey); 42 memset(master_key, 0, sizeof(master_key)); 43 state = UNLOCKED; 44} 45 46inline void lock_keystore() 47{ 48 memset(&encryptKey, 0 , sizeof(AES_KEY)); 49 memset(&decryptKey, 0 , sizeof(AES_KEY)); 50 state = LOCKED; 51} 52 53inline void get_encrypt_key(char *passwd, AES_KEY *key) 54{ 55 unsigned char user_key[USER_KEY_LEN]; 56 gen_key(passwd, user_key, USER_KEY_LEN); 57 AES_set_encrypt_key(user_key, AES_KEY_LEN, key); 58} 59 60inline void get_decrypt_key(char *passwd, AES_KEY *key) 61{ 62 unsigned char user_key[USER_KEY_LEN]; 63 gen_key(passwd, user_key, USER_KEY_LEN); 64 AES_set_decrypt_key(user_key, AES_KEY_LEN, key); 65} 66 67static int gen_random_blob(unsigned char *key, int size) 68{ 69 int ret = 0; 70 int fd = open("/dev/urandom", O_RDONLY); 71 if (fd == -1) return -1; 72 if (read(fd, key, size) != size) ret = -1; 73 close(fd); 74 return ret; 75} 76 77static int encrypt_n_save(AES_KEY *enc_key, DATA_BLOB *blob, 78 const char *keyfile) 79{ 80 int size, fd, ret = -1; 81 unsigned char enc_blob[MAX_BLOB_LEN]; 82 char tmpfile[KEYFILE_LEN]; 83 84 if ((keyfile == NULL) || (strlen(keyfile) >= (KEYFILE_LEN - 4))) { 85 LOGE("keyfile name is too long or null"); 86 return -1; 87 } 88 strcpy(tmpfile, keyfile); 89 strcat(tmpfile, ".tmp"); 90 91 // prepare the blob 92 if (IV_LEN > USER_KEY_LEN) { 93 LOGE("iv length is too long."); 94 return -1; 95 } 96 memcpy(blob->iv, iv, IV_LEN); 97 blob->blob_size = get_blob_size(blob); 98 if (blob->blob_size > MAX_BLOB_LEN) { 99 LOGE("blob data size is too large."); 100 return -1; 101 } 102 memcpy(enc_blob, blob->blob, blob->blob_size); 103 AES_cbc_encrypt((unsigned char *)enc_blob, (unsigned char *)blob->blob, 104 blob->blob_size, enc_key, iv, AES_ENCRYPT); 105 // write to keyfile 106 size = data_blob_size(blob); 107 if ((fd = open(tmpfile, O_CREAT|O_RDWR)) == -1) return -1; 108 if (write(fd, blob, size) == size) ret = 0; 109 close(fd); 110 if (!ret) { 111 unlink(keyfile); 112 rename(tmpfile, keyfile); 113 chmod(keyfile, 0440); 114 } 115 return ret; 116} 117 118static int load_n_decrypt(const char *keyname, const char *keyfile, 119 AES_KEY *key, DATA_BLOB *blob) 120{ 121 int fd, ret = -1; 122 if ((fd = open(keyfile, O_RDONLY)) == -1) return -1; 123 // get the encrypted blob and iv 124 if ((read(fd, blob->iv, sizeof(blob->iv)) != sizeof(blob->iv)) || 125 (read(fd, &blob->blob_size, sizeof(uint32_t)) != sizeof(uint32_t)) || 126 (blob->blob_size > MAX_BLOB_LEN)) { 127 goto err; 128 } else { 129 unsigned char enc_blob[MAX_BLOB_LEN]; 130 if (read(fd, enc_blob, blob->blob_size) != 131 (int) blob->blob_size) goto err; 132 // decrypt the blob 133 AES_cbc_encrypt((unsigned char *)enc_blob, (unsigned char*)blob->blob, 134 blob->blob_size, key, blob->iv, AES_DECRYPT); 135 if (strcmp(keyname, (char*)blob->keyname) == 0) ret = 0; 136 } 137err: 138 close(fd); 139 return ret; 140} 141 142static int store_master_key(char *upasswd, unsigned char *master_key) 143{ 144 AES_KEY key; 145 DATA_BLOB blob; 146 147 // prepare the blob 148 if (strlen(MASTER_KEY_TAG) >= USER_KEY_LEN) return -1; 149 strlcpy(blob.keyname, MASTER_KEY_TAG, USER_KEY_LEN); 150 blob.value_size = USER_KEY_LEN; 151 if (USER_KEY_LEN > MAX_KEY_VALUE_LENGTH) { 152 LOGE("master_key length is too long."); 153 return -1; 154 } 155 memcpy((void*)blob.value, (const void*)master_key, USER_KEY_LEN); 156 157 // generate the encryption key 158 get_encrypt_key(upasswd, &key); 159 return encrypt_n_save(&key, &blob, MASTER_KEY); 160} 161 162static int get_master_key(char *upasswd, unsigned char *master_key) 163{ 164 AES_KEY key; 165 int size, ret = 0; 166 DATA_BLOB blob; 167 168 get_decrypt_key(upasswd, &key); 169 ret = load_n_decrypt(MASTER_KEY_TAG, MASTER_KEY, &key, &blob); 170 if (blob.value_size > USER_KEY_LEN) { 171 LOGE("the blob's value size is too large"); 172 return -1; 173 } 174 if (!ret) memcpy(master_key, blob.value, blob.value_size); 175 return ret; 176} 177 178static int create_master_key(char *upasswd) 179{ 180 int ret; 181 unsigned char mpasswd[AES_KEY_LEN]; 182 unsigned char master_key[USER_KEY_LEN]; 183 184 gen_random_blob(mpasswd, AES_KEY_LEN); 185 gen_key((char*)mpasswd, master_key, USER_KEY_LEN); 186 if ((ret = store_master_key(upasswd, master_key)) == 0) { 187 unlock_keystore(master_key); 188 } 189 memset(master_key, 0, USER_KEY_LEN); 190 memset(mpasswd, 0, AES_KEY_LEN); 191 192 return ret; 193} 194 195static int change_passwd(char *data) 196{ 197 unsigned char master_key[USER_KEY_LEN]; 198 char *old_pass, *new_pass = NULL, *p, *delimiter=" "; 199 int ret, count = 0; 200 char *context = NULL; 201 202 old_pass = p = strtok_r(data, delimiter, &context); 203 while (p != NULL) { 204 count++; 205 new_pass = p; 206 p = strtok_r(NULL, delimiter, &context); 207 } 208 if (count != 2) return -1; 209 if (strlen(new_pass) < MIN_PASSWD_LENGTH) return -1; 210 if ((ret = get_master_key(old_pass, master_key)) == 0) { 211 ret = store_master_key(new_pass, master_key); 212 retry_count = 0; 213 } else { 214 ret = MAX_RETRY_COUNT - ++retry_count; 215 if (ret == 0) { 216 retry_count = 0; 217 LOGE("passwd:reach max retry count, reset the keystore now."); 218 reset_keystore(); 219 return -1; 220 } 221 222 } 223 return ret; 224} 225 226int remove_key(const char *namespace, const char *keyname) 227{ 228 char keyfile[KEYFILE_LEN]; 229 230 if (state != UNLOCKED) return -state; 231 if ((strlen(namespace) >= MAX_KEY_NAME_LENGTH) || 232 (strlen(keyname) >= MAX_KEY_NAME_LENGTH)) { 233 LOGE("keyname is too long."); 234 return -1; 235 } 236 sprintf(keyfile, KEYFILE_NAME, namespace, keyname); 237 return unlink(keyfile); 238} 239 240int put_key(const char *namespace, const char *keyname, 241 unsigned char *data, int size) 242{ 243 DATA_BLOB blob; 244 uint32_t real_size; 245 char keyfile[KEYFILE_LEN]; 246 247 if (state != UNLOCKED) { 248 LOGE("Can not store key with current state %d\n", state); 249 return -state; 250 } 251 if ((strlen(namespace) >= MAX_KEY_NAME_LENGTH) || 252 (strlen(keyname) >= MAX_KEY_NAME_LENGTH)) { 253 LOGE("keyname is too long."); 254 return -1; 255 } 256 sprintf(keyfile, KEYFILE_NAME, namespace, keyname); 257 strcpy(blob.keyname, keyname); 258 blob.value_size = size; 259 if (size > MAX_KEY_VALUE_LENGTH) { 260 LOGE("the data size is too large."); 261 return -1; 262 } 263 memcpy(blob.value, data, size); 264 return encrypt_n_save(&encryptKey, &blob, keyfile); 265} 266 267int get_key(const char *namespace, const char *keyname, 268 unsigned char *data, int *size) 269{ 270 int ret; 271 DATA_BLOB blob; 272 uint32_t blob_size; 273 char keyfile[KEYFILE_LEN]; 274 275 if (state != UNLOCKED) { 276 LOGE("Can not retrieve key value with current state %d\n", state); 277 return -state; 278 } 279 if ((strlen(namespace) >= MAX_KEY_NAME_LENGTH) || 280 (strlen(keyname) >= MAX_KEY_NAME_LENGTH)) { 281 LOGE("keyname is too long."); 282 return -1; 283 } 284 sprintf(keyfile, KEYFILE_NAME, namespace, keyname); 285 ret = load_n_decrypt(keyname, keyfile, &decryptKey, &blob); 286 if (!ret) { 287 if ((blob.value_size > MAX_KEY_VALUE_LENGTH)) { 288 LOGE("blob value size is too large."); 289 ret = -1; 290 } else { 291 *size = blob.value_size; 292 memcpy(data, blob.value, *size); 293 } 294 } 295 return ret; 296} 297 298int list_keys(const char *namespace, char reply[BUFFER_MAX]) 299{ 300 DIR *d; 301 struct dirent *de; 302 303 if (state != UNLOCKED) { 304 LOGE("Can not list key with current state %d\n", state); 305 return -1; 306 } 307 308 if (!namespace || ((d = opendir("."))) == NULL) { 309 LOGE("cannot open keystore dir or namespace is null\n"); 310 return -1; 311 } 312 313 if (strlen(namespace) >= MAX_KEY_NAME_LENGTH) { 314 LOGE("namespace is too long."); 315 return -1; 316 } 317 318 reply[0] = 0; 319 while ((de = readdir(d))) { 320 char *prefix, *name, *keyfile = de->d_name; 321 char *context = NULL; 322 323 if (de->d_type != DT_REG) continue; 324 if ((prefix = strtok_r(keyfile, NAME_DELIMITER, &context)) 325 == NULL) continue; 326 if (strcmp(prefix, namespace)) continue; 327 if ((name = strtok_r(NULL, NAME_DELIMITER, &context)) == NULL) continue; 328 // append the key name into reply 329 if (reply[0] != 0) strlcat(reply, " ", BUFFER_MAX); 330 if (strlcat(reply, name, BUFFER_MAX) >= BUFFER_MAX) { 331 LOGE("too many files under keystore directory\n"); 332 return -1; 333 } 334 } 335 closedir(d); 336 return 0; 337} 338 339int passwd(char *data) 340{ 341 if (state == UNINITIALIZED) { 342 if (strchr(data, ' ')) return -1; 343 if (strlen(data) < MIN_PASSWD_LENGTH) return -1; 344 return create_master_key(data); 345 } 346 return change_passwd(data); 347} 348 349int lock() 350{ 351 switch(state) { 352 case UNLOCKED: 353 lock_keystore(); 354 case LOCKED: 355 return 0; 356 default: 357 return -1; 358 } 359} 360 361int unlock(char *passwd) 362{ 363 unsigned char master_key[USER_KEY_LEN]; 364 int ret = get_master_key(passwd, master_key); 365 if (!ret) { 366 unlock_keystore(master_key); 367 retry_count = 0; 368 } else { 369 ret = MAX_RETRY_COUNT - ++retry_count; 370 if (ret == 0) { 371 retry_count = 0; 372 LOGE("unlock:reach max retry count, reset the keystore now."); 373 reset_keystore(); 374 return -1; 375 } 376 } 377 return ret; 378} 379 380KEYSTORE_STATE get_state() 381{ 382 return state; 383} 384 385int reset_keystore() 386{ 387 int ret = 0; 388 DIR *d; 389 struct dirent *de; 390 391 if ((d = opendir(".")) == NULL) { 392 LOGE("cannot open keystore dir\n"); 393 return -1; 394 } 395 while ((de = readdir(d))) { 396 if (unlink(de->d_name) != 0) ret = -1; 397 } 398 closedir(d); 399 state = UNINITIALIZED; 400 if (ret == 0) { 401 LOGI("keystore is reset."); 402 } else { 403 LOGI("keystore can not be cleaned up entirely."); 404 } 405 return ret; 406} 407 408int init_keystore(const char *dir) 409{ 410 int fd; 411 412 if (dir) mkdir(dir, 0770); 413 if (!dir || chdir(dir)) { 414 LOGE("Can not open/create the keystore directory %s\n", 415 dir ? dir : "(null)"); 416 return -1; 417 } 418 gen_random_blob(iv, IV_LEN); 419 if ((fd = open(MASTER_KEY, O_RDONLY)) == -1) { 420 state = UNINITIALIZED; 421 return 0; 422 } 423 close(fd); 424 state = LOCKED; 425 return 0; 426} 427