keystore.cpp revision 0400675b20e36b976ec13b63e290e6d5d19bf654
1a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* 2a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Copyright (C) 2009 The Android Open Source Project 3a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 4a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Licensed under the Apache License, Version 2.0 (the "License"); 5a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * you may not use this file except in compliance with the License. 6a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * You may obtain a copy of the License at 7a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 8a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * http://www.apache.org/licenses/LICENSE-2.0 9a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 10a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Unless required by applicable law or agreed to in writing, software 11a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * distributed under the License is distributed on an "AS IS" BASIS, 12a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * See the License for the specific language governing permissions and 14a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * limitations under the License. 15a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root */ 16a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root//#define LOG_NDEBUG 0 1807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#define LOG_TAG "keystore" 1907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 20a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <stdio.h> 21a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <stdint.h> 22a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <string.h> 23aaf9802da6cea710e0777abb852724e1825cad63Elliott Hughes#include <strings.h> 24a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <unistd.h> 25a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <signal.h> 26a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <errno.h> 27a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <dirent.h> 28655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <errno.h> 29a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <fcntl.h> 30a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <limits.h> 31822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <assert.h> 32a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/types.h> 33a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/socket.h> 34a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/stat.h> 35a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/time.h> 36a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <arpa/inet.h> 37a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 38a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/aes.h> 39822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <openssl/bio.h> 40a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/evp.h> 41a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/md5.h> 42822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <openssl/pem.h> 43a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 4480843db63ed6b61c953a1243801117a15c9e8c38Shawn Willden#include <hardware/keymaster0.h> 4570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 4667d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker#include <keymaster/soft_keymaster_device.h> 470400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden#include <keymaster/soft_keymaster_logger.h> 480400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden#include <keymaster/softkeymaster.h> 4917208e0de5a42722901d803118745cca25fd10c1Kenny Root 5026cfc08add3966eca5892e3387cf5ed6dc3068fbKenny Root#include <UniquePtr.h> 51655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <utils/String8.h> 52655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <utils/Vector.h> 5370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 5407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <keystore/IKeystoreService.h> 5507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <binder/IPCThreadState.h> 5607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <binder/IServiceManager.h> 5707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 58a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <cutils/log.h> 59a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <cutils/sockets.h> 60a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <private/android_filesystem_config.h> 61a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 6207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <keystore/keystore.h> 63a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 64eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn#include <selinux/android.h> 65eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 66d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker#include "auth_token_table.h" 6796427baf0094d50047049d329b0779c3c910402cKenny Root#include "defaults.h" 6840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker#include "operation.h" 6996427baf0094d50047049d329b0779c3c910402cKenny Root 70a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* KeyStore is a secured storage for key-value pairs. In this implementation, 71a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * each file stores one key-value pair. Keys are encoded in file names, and 72a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * values are encrypted with checksums. The encryption key is protected by a 73a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * user-defined password. To keep things simple, buffers are always larger than 74a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * the maximum space we needed, so boundary checks on buffers are omitted. */ 75a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 76a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define KEY_SIZE ((NAME_MAX - 15) / 2) 77a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define VALUE_SIZE 32768 78a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define PASSWORD_SIZE VALUE_SIZE 79a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 80822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 8196427baf0094d50047049d329b0779c3c910402cKenny Rootstruct BIGNUM_Delete { 8296427baf0094d50047049d329b0779c3c910402cKenny Root void operator()(BIGNUM* p) const { 8396427baf0094d50047049d329b0779c3c910402cKenny Root BN_free(p); 8496427baf0094d50047049d329b0779c3c910402cKenny Root } 8596427baf0094d50047049d329b0779c3c910402cKenny Root}; 8696427baf0094d50047049d329b0779c3c910402cKenny Roottypedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; 8796427baf0094d50047049d329b0779c3c910402cKenny Root 88822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct BIO_Delete { 89822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(BIO* p) const { 90822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root BIO_free(p); 91822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 92822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 93822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<BIO, BIO_Delete> Unique_BIO; 94822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 95822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct EVP_PKEY_Delete { 96822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(EVP_PKEY* p) const { 97822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root EVP_PKEY_free(p); 98822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 99822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 100822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; 101822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 102822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct PKCS8_PRIV_KEY_INFO_Delete { 103822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(PKCS8_PRIV_KEY_INFO* p) const { 104822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root PKCS8_PRIV_KEY_INFO_free(p); 105822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 106822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 107822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; 108822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 10980843db63ed6b61c953a1243801117a15c9e8c38Shawn Willdenstatic int keymaster_device_initialize(keymaster0_device_t** dev) { 11070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root int rc; 11170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 11270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root const hw_module_t* mod; 11370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod); 11470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (rc) { 11570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("could not find any keystore module"); 11670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root goto out; 11770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 11870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 11980843db63ed6b61c953a1243801117a15c9e8c38Shawn Willden rc = keymaster0_open(mod, dev); 12070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (rc) { 12170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("could not open keymaster device in %s (%s)", 12270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc)); 12370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root goto out; 12470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 12570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 12670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return 0; 12770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 12870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Rootout: 12970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root *dev = NULL; 13070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return rc; 13170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 13270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1330400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden// softkeymaster_logger appears not to be used in keystore, but it installs itself as the 1340400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden// logger used by SoftKeymasterDevice. 1350400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willdenstatic keymaster::SoftKeymasterLogger softkeymaster_logger; 1360400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden 13767d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubakerstatic int fallback_keymaster_device_initialize(keymaster1_device_t** dev) { 13867d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster::SoftKeymasterDevice* softkeymaster = 13967d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker new keymaster::SoftKeymasterDevice(); 1409fd05a9a6299e9688c8fcf755516ea254868d187Shawn Willden *dev = softkeymaster->keymaster_device(); 1419fd05a9a6299e9688c8fcf755516ea254868d187Shawn Willden // softkeymaster will be freed by *dev->close_device; don't delete here. 142fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return 0; 143fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker} 144fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 14580843db63ed6b61c953a1243801117a15c9e8c38Shawn Willdenstatic void keymaster_device_release(keymaster0_device_t* dev) { 14680843db63ed6b61c953a1243801117a15c9e8c38Shawn Willden keymaster0_close(dev); 14770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 14870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 14907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/*************** 15007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * PERMISSIONS * 15107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ***************/ 15207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 15307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/* Here are the permissions, actions, users, and the main function. */ 15407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Roottypedef enum { 1554e865753346fc6a075966972a7a98051818859dbRobin Lee P_TEST = 1 << 0, 1564e865753346fc6a075966972a7a98051818859dbRobin Lee P_GET = 1 << 1, 1574e865753346fc6a075966972a7a98051818859dbRobin Lee P_INSERT = 1 << 2, 1584e865753346fc6a075966972a7a98051818859dbRobin Lee P_DELETE = 1 << 3, 1594e865753346fc6a075966972a7a98051818859dbRobin Lee P_EXIST = 1 << 4, 1604e865753346fc6a075966972a7a98051818859dbRobin Lee P_SAW = 1 << 5, 1614e865753346fc6a075966972a7a98051818859dbRobin Lee P_RESET = 1 << 6, 1624e865753346fc6a075966972a7a98051818859dbRobin Lee P_PASSWORD = 1 << 7, 1634e865753346fc6a075966972a7a98051818859dbRobin Lee P_LOCK = 1 << 8, 1644e865753346fc6a075966972a7a98051818859dbRobin Lee P_UNLOCK = 1 << 9, 1654e865753346fc6a075966972a7a98051818859dbRobin Lee P_ZERO = 1 << 10, 1664e865753346fc6a075966972a7a98051818859dbRobin Lee P_SIGN = 1 << 11, 1674e865753346fc6a075966972a7a98051818859dbRobin Lee P_VERIFY = 1 << 12, 1684e865753346fc6a075966972a7a98051818859dbRobin Lee P_GRANT = 1 << 13, 1694e865753346fc6a075966972a7a98051818859dbRobin Lee P_DUPLICATE = 1 << 14, 1704e865753346fc6a075966972a7a98051818859dbRobin Lee P_CLEAR_UID = 1 << 15, 1714e865753346fc6a075966972a7a98051818859dbRobin Lee P_RESET_UID = 1 << 16, 1724e865753346fc6a075966972a7a98051818859dbRobin Lee P_SYNC_UID = 1 << 17, 1734e865753346fc6a075966972a7a98051818859dbRobin Lee P_PASSWORD_UID = 1 << 18, 174d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker P_ADD_AUTH = 1 << 19, 17507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} perm_t; 17607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 17707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic struct user_euid { 17807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t uid; 17907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t euid; 18007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} user_euids[] = { 18107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_VPN, AID_SYSTEM}, 18207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_WIFI, AID_SYSTEM}, 18307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_ROOT, AID_SYSTEM}, 18407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 18507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 186eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn/* perm_labels associcated with keystore_key SELinux class verbs. */ 187eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnconst char *perm_labels[] = { 188eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "test", 189eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "get", 190eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "insert", 191eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "delete", 192eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "exist", 193eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "saw", 194eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "reset", 195eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "password", 196eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "lock", 197eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "unlock", 198eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "zero", 199eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "sign", 200eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "verify", 201eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "grant", 202eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "duplicate", 2034e865753346fc6a075966972a7a98051818859dbRobin Lee "clear_uid", 2044e865753346fc6a075966972a7a98051818859dbRobin Lee "reset_uid", 2054e865753346fc6a075966972a7a98051818859dbRobin Lee "sync_uid", 2064e865753346fc6a075966972a7a98051818859dbRobin Lee "password_uid", 207d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker "add_auth", 208eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn}; 209eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 21007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic struct user_perm { 21107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t uid; 21207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root perm_t perms; 21307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} user_perms[] = { 21407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_SYSTEM, static_cast<perm_t>((uint32_t)(~0)) }, 21507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_VPN, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY) }, 21607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_WIFI, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY) }, 21707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_ROOT, static_cast<perm_t>(P_GET) }, 21807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 21907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 22007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic const perm_t DEFAULT_PERMS = static_cast<perm_t>(P_TEST | P_GET | P_INSERT | P_DELETE | P_EXIST | P_SAW | P_SIGN 22107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root | P_VERIFY); 22207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 223eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic char *tctx; 224eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic int ks_is_selinux_enabled; 225eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 226eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic const char *get_perm_label(perm_t perm) { 227eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn unsigned int index = ffs(perm); 228eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (index > 0 && index <= (sizeof(perm_labels) / sizeof(perm_labels[0]))) { 229eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return perm_labels[index - 1]; 230eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } else { 231eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("Keystore: Failed to retrieve permission label.\n"); 232eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn abort(); 233eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 234eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn} 235eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 236655b958eb2180c7c06889f83f606d23421bf038cKenny Root/** 237655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns the app ID (in the Android multi-user sense) for the current 238655b958eb2180c7c06889f83f606d23421bf038cKenny Root * UNIX UID. 239655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 240655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic uid_t get_app_id(uid_t uid) { 241655b958eb2180c7c06889f83f606d23421bf038cKenny Root return uid % AID_USER; 242655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 243655b958eb2180c7c06889f83f606d23421bf038cKenny Root 244655b958eb2180c7c06889f83f606d23421bf038cKenny Root/** 245655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns the user ID (in the Android multi-user sense) for the current 246655b958eb2180c7c06889f83f606d23421bf038cKenny Root * UNIX UID. 247655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 248655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic uid_t get_user_id(uid_t uid) { 249655b958eb2180c7c06889f83f606d23421bf038cKenny Root return uid / AID_USER; 250655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 251655b958eb2180c7c06889f83f606d23421bf038cKenny Root 252a25b2a397fff48dea7bce16af2065e6f5f043956Chih-Hung Hsiehstatic bool keystore_selinux_check_access(uid_t /*uid*/, perm_t perm, pid_t spid) { 253eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!ks_is_selinux_enabled) { 254eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return true; 255eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 256eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 257eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn char *sctx = NULL; 258eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn const char *selinux_class = "keystore_key"; 259eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn const char *str_perm = get_perm_label(perm); 260eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 261eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!str_perm) { 262eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return false; 263eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 264eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 265eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (getpidcon(spid, &sctx) != 0) { 266eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("SELinux: Failed to get source pid context.\n"); 267eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return false; 268eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 26966dbf67dd65b4808a15ef64f0ffde1275bdd58a9Nick Kralevich 270eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn bool allowed = selinux_check_access(sctx, tctx, selinux_class, str_perm, 271eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn NULL) == 0; 272eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn freecon(sctx); 273eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return allowed; 274eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn} 275eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 276eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic bool has_permission(uid_t uid, perm_t perm, pid_t spid) { 277655b958eb2180c7c06889f83f606d23421bf038cKenny Root // All system users are equivalent for multi-user support. 278655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (get_app_id(uid) == AID_SYSTEM) { 279655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid = AID_SYSTEM; 280655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 281655b958eb2180c7c06889f83f606d23421bf038cKenny Root 28207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (size_t i = 0; i < sizeof(user_perms)/sizeof(user_perms[0]); i++) { 28307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct user_perm user = user_perms[i]; 28407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (user.uid == uid) { 285eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return (user.perms & perm) && 286eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn keystore_selinux_check_access(uid, perm, spid); 28707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 28807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 28907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 290eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return (DEFAULT_PERMS & perm) && 291eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn keystore_selinux_check_access(uid, perm, spid); 29207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 29307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 294494689083467ec372a58f094f041c8f102f39393Kenny Root/** 295494689083467ec372a58f094f041c8f102f39393Kenny Root * Returns the UID that the callingUid should act as. This is here for 296494689083467ec372a58f094f041c8f102f39393Kenny Root * legacy support of the WiFi and VPN systems and should be removed 297494689083467ec372a58f094f041c8f102f39393Kenny Root * when WiFi can operate in its own namespace. 298494689083467ec372a58f094f041c8f102f39393Kenny Root */ 29907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic uid_t get_keystore_euid(uid_t uid) { 30007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (size_t i = 0; i < sizeof(user_euids)/sizeof(user_euids[0]); i++) { 30107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct user_euid user = user_euids[i]; 30207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (user.uid == uid) { 30307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return user.euid; 30407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 30507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 30607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 30707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return uid; 30807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 30907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 310494689083467ec372a58f094f041c8f102f39393Kenny Root/** 311494689083467ec372a58f094f041c8f102f39393Kenny Root * Returns true if the callingUid is allowed to interact in the targetUid's 312494689083467ec372a58f094f041c8f102f39393Kenny Root * namespace. 313494689083467ec372a58f094f041c8f102f39393Kenny Root */ 314494689083467ec372a58f094f041c8f102f39393Kenny Rootstatic bool is_granted_to(uid_t callingUid, uid_t targetUid) { 3159489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (callingUid == targetUid) { 3169489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return true; 3179489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 318494689083467ec372a58f094f041c8f102f39393Kenny Root for (size_t i = 0; i < sizeof(user_euids)/sizeof(user_euids[0]); i++) { 319494689083467ec372a58f094f041c8f102f39393Kenny Root struct user_euid user = user_euids[i]; 320494689083467ec372a58f094f041c8f102f39393Kenny Root if (user.euid == callingUid && user.uid == targetUid) { 321494689083467ec372a58f094f041c8f102f39393Kenny Root return true; 322494689083467ec372a58f094f041c8f102f39393Kenny Root } 323494689083467ec372a58f094f041c8f102f39393Kenny Root } 324494689083467ec372a58f094f041c8f102f39393Kenny Root 325494689083467ec372a58f094f041c8f102f39393Kenny Root return false; 326494689083467ec372a58f094f041c8f102f39393Kenny Root} 327494689083467ec372a58f094f041c8f102f39393Kenny Root 328a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* Here is the encoding of keys. This is necessary in order to allow arbitrary 329a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * characters in keys. Characters in [0-~] are not encoded. Others are encoded 330a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * into two bytes. The first byte is one of [+-.] which represents the first 331a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * two bits of the character. The second byte encodes the rest of the bits into 332a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * [0-o]. Therefore in the worst case the length of a key gets doubled. Note 333a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * that Base64 cannot be used here due to the need of prefix match on keys. */ 334a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 335655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic size_t encode_key_length(const android::String8& keyName) { 336655b958eb2180c7c06889f83f606d23421bf038cKenny Root const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string()); 337655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t length = keyName.length(); 338655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (int i = length; i > 0; --i, ++in) { 339655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (*in < '0' || *in > '~') { 340655b958eb2180c7c06889f83f606d23421bf038cKenny Root ++length; 341655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 342655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 343655b958eb2180c7c06889f83f606d23421bf038cKenny Root return length; 344655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 345655b958eb2180c7c06889f83f606d23421bf038cKenny Root 34607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic int encode_key(char* out, const android::String8& keyName) { 34707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string()); 34807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t length = keyName.length(); 349a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root for (int i = length; i > 0; --i, ++in, ++out) { 350655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (*in < '0' || *in > '~') { 351a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '+' + (*in >> 6); 352a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *++out = '0' + (*in & 0x3F); 353a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ++length; 354655b958eb2180c7c06889f83f606d23421bf038cKenny Root } else { 355655b958eb2180c7c06889f83f606d23421bf038cKenny Root *out = *in; 356a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 357a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 358a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '\0'; 35970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return length; 36070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 36170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 36207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/* 36307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Converts from the "escaped" format on disk to actual name. 36407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * This will be smaller than the input string. 36507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * 36607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Characters that should combine with the next at the end will be truncated. 36707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 36807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic size_t decode_key_length(const char* in, size_t length) { 36907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t outLength = 0; 37007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 37107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (const char* end = in + length; in < end; in++) { 37207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* This combines with the next character. */ 37307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (*in < '0' || *in > '~') { 37407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root continue; 37507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 37607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 37707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root outLength++; 37807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 37907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return outLength; 38007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 38107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 38207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic void decode_key(char* out, const char* in, size_t length) { 38307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (const char* end = in + length; in < end; in++) { 38407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (*in < '0' || *in > '~') { 38507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* Truncate combining characters at the end. */ 38607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (in + 1 >= end) { 38707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root break; 38807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 38907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 39007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out = (*in++ - '+') << 6; 39107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out++ |= (*in - '0') & 0x3F; 392a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 39307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out++ = *in; 394a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 395a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 396a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '\0'; 397a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 398a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 399a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstatic size_t readFully(int fd, uint8_t* data, size_t size) { 400a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t remaining = size; 401a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while (remaining > 0) { 402150ca934edb745de3666a6492b039900df228ff0Kenny Root ssize_t n = TEMP_FAILURE_RETRY(read(fd, data, remaining)); 4035281edbc9445065479e92a6c86da462f3943c2caKenny Root if (n <= 0) { 404150ca934edb745de3666a6492b039900df228ff0Kenny Root return size - remaining; 405a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 406a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root data += n; 407a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root remaining -= n; 408a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 409a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return size; 410a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 411a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 412a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstatic size_t writeFully(int fd, uint8_t* data, size_t size) { 413a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t remaining = size; 414a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while (remaining > 0) { 415150ca934edb745de3666a6492b039900df228ff0Kenny Root ssize_t n = TEMP_FAILURE_RETRY(write(fd, data, remaining)); 416150ca934edb745de3666a6492b039900df228ff0Kenny Root if (n < 0) { 417150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("write failed: %s", strerror(errno)); 418150ca934edb745de3666a6492b039900df228ff0Kenny Root return size - remaining; 419a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 420a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root data += n; 421a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root remaining -= n; 422a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 423a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return size; 424a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 425a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 426a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootclass Entropy { 427a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootpublic: 428a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Entropy() : mRandom(-1) {} 429a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ~Entropy() { 430150ca934edb745de3666a6492b039900df228ff0Kenny Root if (mRandom >= 0) { 431a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root close(mRandom); 432a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 433a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 434a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 435a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root bool open() { 436a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root const char* randomDevice = "/dev/urandom"; 437150ca934edb745de3666a6492b039900df228ff0Kenny Root mRandom = TEMP_FAILURE_RETRY(::open(randomDevice, O_RDONLY)); 438150ca934edb745de3666a6492b039900df228ff0Kenny Root if (mRandom < 0) { 439a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("open: %s: %s", randomDevice, strerror(errno)); 440a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return false; 441a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 442a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 443a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 444a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 4455187818895c4c5f650a611c40531b1dff7764c18Kenny Root bool generate_random_data(uint8_t* data, size_t size) const { 446a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return (readFully(mRandom, data, size) == size); 447a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 448a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 449a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootprivate: 450a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root int mRandom; 451a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 452a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 453a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* Here is the file format. There are two parts in blob.value, the secret and 454a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * the description. The secret is stored in ciphertext, and its original size 455a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * can be found in blob.length. The description is stored after the secret in 456a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * plaintext, and its size is specified in blob.info. The total size of the two 457822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * parts must be no more than VALUE_SIZE bytes. The first field is the version, 458f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root * the second is the blob's type, and the third byte is flags. Fields other 459a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * than blob.info, blob.length, and blob.value are modified by encryptBlob() 460a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * and decryptBlob(). Thus they should not be accessed from outside. */ 461a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 462822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root/* ** Note to future implementors of encryption: ** 463822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Currently this is the construction: 464822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * metadata || Enc(MD5(data) || data) 465822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 466822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * This should be the construction used for encrypting if re-implementing: 467822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 468822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Derive independent keys for encryption and MAC: 469822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Kenc = AES_encrypt(masterKey, "Encrypt") 470822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Kmac = AES_encrypt(masterKey, "MAC") 471822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 472822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Store this: 473822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * metadata || AES_CTR_encrypt(Kenc, rand_IV, data) || 474822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * HMAC(Kmac, metadata || Enc(data)) 475822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 476a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstruct __attribute__((packed)) blob { 477822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t version; 478822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t type; 479f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t flags; 480a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t info; 481a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t vector[AES_BLOCK_SIZE]; 482822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t encrypted[0]; // Marks offset to encrypted data. 483a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t digest[MD5_DIGEST_LENGTH]; 484822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t digested[0]; // Marks offset to digested data. 485a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root int32_t length; // in network byte order when encrypted 486a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t value[VALUE_SIZE + AES_BLOCK_SIZE]; 487a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 488a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 489822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef enum { 490d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root TYPE_ANY = 0, // meta type that matches anything 491822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_GENERIC = 1, 492822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_MASTER_KEY = 2, 493822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_KEY_PAIR = 3, 49417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker TYPE_KEYMASTER_10 = 4, 495822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root} BlobType; 496822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 497f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Rootstatic const uint8_t CURRENT_BLOB_VERSION = 2; 498822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 499a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootclass Blob { 500a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootpublic: 50107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob(const uint8_t* value, int32_t valueLength, const uint8_t* info, uint8_t infoLength, 50207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root BlobType type) { 5031773b442b16098c6d111d6371d4a986a0747992bAlex Klyubin memset(&mBlob, 0, sizeof(mBlob)); 504a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = valueLength; 505a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mBlob.value, value, valueLength); 506a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 507a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.info = infoLength; 508a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mBlob.value + valueLength, info, infoLength); 509822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 51007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root mBlob.version = CURRENT_BLOB_VERSION; 511822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.type = uint8_t(type); 512f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 513ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root if (type == TYPE_MASTER_KEY) { 514ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root mBlob.flags = KEYSTORE_FLAG_ENCRYPTED; 515ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root } else { 516ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root mBlob.flags = KEYSTORE_FLAG_NONE; 517ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root } 518a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 519a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 520a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob(blob b) { 521a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob = b; 522a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 523a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5241773b442b16098c6d111d6371d4a986a0747992bAlex Klyubin Blob() { 5251773b442b16098c6d111d6371d4a986a0747992bAlex Klyubin memset(&mBlob, 0, sizeof(mBlob)); 5261773b442b16098c6d111d6371d4a986a0747992bAlex Klyubin } 527a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5285187818895c4c5f650a611c40531b1dff7764c18Kenny Root const uint8_t* getValue() const { 529a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.value; 530a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 531a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5325187818895c4c5f650a611c40531b1dff7764c18Kenny Root int32_t getLength() const { 533a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.length; 534a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 535a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5365187818895c4c5f650a611c40531b1dff7764c18Kenny Root const uint8_t* getInfo() const { 5375187818895c4c5f650a611c40531b1dff7764c18Kenny Root return mBlob.value + mBlob.length; 5385187818895c4c5f650a611c40531b1dff7764c18Kenny Root } 5395187818895c4c5f650a611c40531b1dff7764c18Kenny Root 5405187818895c4c5f650a611c40531b1dff7764c18Kenny Root uint8_t getInfoLength() const { 541a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.info; 542a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 543a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 544822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t getVersion() const { 545822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return mBlob.version; 546822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 547822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 548f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root bool isEncrypted() const { 549f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (mBlob.version < 2) { 550f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return true; 551f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 552f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 553f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return mBlob.flags & KEYSTORE_FLAG_ENCRYPTED; 554f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 555f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 556f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root void setEncrypted(bool encrypted) { 557f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encrypted) { 558f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.flags |= KEYSTORE_FLAG_ENCRYPTED; 559f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } else { 560f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.flags &= ~KEYSTORE_FLAG_ENCRYPTED; 561f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 562f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 563f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 56417208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback() const { 56517208e0de5a42722901d803118745cca25fd10c1Kenny Root return mBlob.flags & KEYSTORE_FLAG_FALLBACK; 56617208e0de5a42722901d803118745cca25fd10c1Kenny Root } 56717208e0de5a42722901d803118745cca25fd10c1Kenny Root 56817208e0de5a42722901d803118745cca25fd10c1Kenny Root void setFallback(bool fallback) { 56917208e0de5a42722901d803118745cca25fd10c1Kenny Root if (fallback) { 57017208e0de5a42722901d803118745cca25fd10c1Kenny Root mBlob.flags |= KEYSTORE_FLAG_FALLBACK; 57117208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 57217208e0de5a42722901d803118745cca25fd10c1Kenny Root mBlob.flags &= ~KEYSTORE_FLAG_FALLBACK; 57317208e0de5a42722901d803118745cca25fd10c1Kenny Root } 57417208e0de5a42722901d803118745cca25fd10c1Kenny Root } 57517208e0de5a42722901d803118745cca25fd10c1Kenny Root 576822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void setVersion(uint8_t version) { 577822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.version = version; 578822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 579822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 580822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root BlobType getType() const { 581822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return BlobType(mBlob.type); 582822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 583822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 584822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void setType(BlobType type) { 585822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.type = uint8_t(type); 586822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 587822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 588f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode writeBlob(const char* filename, AES_KEY *aes_key, State state, Entropy* entropy) { 589f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("writing blob %s", filename); 590f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 591f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (state != STATE_NO_ERROR) { 592f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGD("couldn't insert encrypted blob while not unlocked"); 593f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return LOCKED; 594f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 595f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 596f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (!entropy->generate_random_data(mBlob.vector, AES_BLOCK_SIZE)) { 597f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGW("Could not read random data for: %s", filename); 598f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return SYSTEM_ERROR; 599f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 600a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 601a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 602a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // data includes the value and the value's length 603a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t dataLength = mBlob.length + sizeof(mBlob.length); 604a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // pad data to the AES_BLOCK_SIZE 605a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t digestedLength = ((dataLength + AES_BLOCK_SIZE - 1) 606a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root / AES_BLOCK_SIZE * AES_BLOCK_SIZE); 607a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // encrypted data includes the digest value 608a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t encryptedLength = digestedLength + MD5_DIGEST_LENGTH; 609a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // move info after space for padding 610a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memmove(&mBlob.encrypted[encryptedLength], &mBlob.value[mBlob.length], mBlob.info); 611a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // zero padding area 612a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memset(mBlob.value + mBlob.length, 0, digestedLength - dataLength); 613a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 614a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = htonl(mBlob.length); 615a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 616f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 617f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root MD5(mBlob.digested, digestedLength, mBlob.digest); 618f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 619f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t vector[AES_BLOCK_SIZE]; 620f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root memcpy(vector, mBlob.vector, AES_BLOCK_SIZE); 621f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, 622f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root aes_key, vector, AES_ENCRYPT); 623f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 624a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 625a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob); 626a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t fileLength = encryptedLength + headerLength + mBlob.info; 627a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 628a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root const char* tmpFileName = ".tmp"; 629150ca934edb745de3666a6492b039900df228ff0Kenny Root int out = TEMP_FAILURE_RETRY(open(tmpFileName, 630150ca934edb745de3666a6492b039900df228ff0Kenny Root O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); 631150ca934edb745de3666a6492b039900df228ff0Kenny Root if (out < 0) { 632150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("could not open file: %s: %s", tmpFileName, strerror(errno)); 633a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 634a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 635a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t writtenBytes = writeFully(out, (uint8_t*) &mBlob, fileLength); 636a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(out) != 0) { 637a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 638a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 639a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (writtenBytes != fileLength) { 640150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("blob not fully written %zu != %zu", writtenBytes, fileLength); 641a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root unlink(tmpFileName); 642a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 643a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 644150ca934edb745de3666a6492b039900df228ff0Kenny Root if (rename(tmpFileName, filename) == -1) { 645150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("could not rename blob to %s: %s", filename, strerror(errno)); 646150ca934edb745de3666a6492b039900df228ff0Kenny Root return SYSTEM_ERROR; 647150ca934edb745de3666a6492b039900df228ff0Kenny Root } 648150ca934edb745de3666a6492b039900df228ff0Kenny Root return NO_ERROR; 649a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 650a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 651f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode readBlob(const char* filename, AES_KEY *aes_key, State state) { 652f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("reading blob %s", filename); 653150ca934edb745de3666a6492b039900df228ff0Kenny Root int in = TEMP_FAILURE_RETRY(open(filename, O_RDONLY)); 654150ca934edb745de3666a6492b039900df228ff0Kenny Root if (in < 0) { 655a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return (errno == ENOENT) ? KEY_NOT_FOUND : SYSTEM_ERROR; 656a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 657a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // fileLength may be less than sizeof(mBlob) since the in 658a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // memory version has extra padding to tolerate rounding up to 659a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // the AES_BLOCK_SIZE 660a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t fileLength = readFully(in, (uint8_t*) &mBlob, sizeof(mBlob)); 661a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(in) != 0) { 662a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 663a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 664f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 665f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted() && (state != STATE_NO_ERROR)) { 666f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return LOCKED; 667f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 668f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 669a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob); 670a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (fileLength < headerLength) { 671a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 672a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 673a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 674a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ssize_t encryptedLength = fileLength - (headerLength + mBlob.info); 675f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encryptedLength < 0) { 676a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 677a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 678f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 679f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ssize_t digestedLength; 680f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 681f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encryptedLength % AES_BLOCK_SIZE != 0) { 682f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return VALUE_CORRUPTED; 683f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 684f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 685f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, aes_key, 686f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.vector, AES_DECRYPT); 687f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root digestedLength = encryptedLength - MD5_DIGEST_LENGTH; 688f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t computedDigest[MD5_DIGEST_LENGTH]; 689f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root MD5(mBlob.digested, digestedLength, computedDigest); 690f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (memcmp(mBlob.digest, computedDigest, MD5_DIGEST_LENGTH) != 0) { 691f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return VALUE_CORRUPTED; 692f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 693f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } else { 694f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root digestedLength = encryptedLength; 695a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 696a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 697a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ssize_t maxValueLength = digestedLength - sizeof(mBlob.length); 698a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = ntohl(mBlob.length); 699a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mBlob.length < 0 || mBlob.length > maxValueLength) { 700a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 701a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 702a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mBlob.info != 0) { 703a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // move info from after padding to after data 704a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memmove(&mBlob.value[mBlob.length], &mBlob.value[maxValueLength], mBlob.info); 705a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 70607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 707a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 708a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 709a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootprivate: 710a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root struct blob mBlob; 711a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 712a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 713655b958eb2180c7c06889f83f606d23421bf038cKenny Rootclass UserState { 714655b958eb2180c7c06889f83f606d23421bf038cKenny Rootpublic: 715655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState(uid_t userId) : mUserId(userId), mRetry(MAX_RETRY) { 716655b958eb2180c7c06889f83f606d23421bf038cKenny Root asprintf(&mUserDir, "user_%u", mUserId); 717655b958eb2180c7c06889f83f606d23421bf038cKenny Root asprintf(&mMasterKeyFile, "%s/.masterkey", mUserDir); 718655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 71970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 720655b958eb2180c7c06889f83f606d23421bf038cKenny Root ~UserState() { 721655b958eb2180c7c06889f83f606d23421bf038cKenny Root free(mUserDir); 722655b958eb2180c7c06889f83f606d23421bf038cKenny Root free(mMasterKeyFile); 723655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 72470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 725655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool initialize() { 726655b958eb2180c7c06889f83f606d23421bf038cKenny Root if ((mkdir(mUserDir, S_IRUSR | S_IWUSR | S_IXUSR) < 0) && (errno != EEXIST)) { 727655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("Could not create directory '%s'", mUserDir); 728655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 729655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 730655b958eb2180c7c06889f83f606d23421bf038cKenny Root 731655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(mMasterKeyFile, R_OK) == 0) { 732a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setState(STATE_LOCKED); 733a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 734a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setState(STATE_UNINITIALIZED); 735a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 73670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 737655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 738655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 739655b958eb2180c7c06889f83f606d23421bf038cKenny Root 740655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t getUserId() const { 741655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mUserId; 742655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 743655b958eb2180c7c06889f83f606d23421bf038cKenny Root 744655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* getUserDirName() const { 745655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mUserDir; 746655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 747655b958eb2180c7c06889f83f606d23421bf038cKenny Root 748655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* getMasterKeyFileName() const { 749655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mMasterKeyFile; 750655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 751655b958eb2180c7c06889f83f606d23421bf038cKenny Root 752655b958eb2180c7c06889f83f606d23421bf038cKenny Root void setState(State state) { 753655b958eb2180c7c06889f83f606d23421bf038cKenny Root mState = state; 754655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (mState == STATE_NO_ERROR || mState == STATE_UNINITIALIZED) { 755655b958eb2180c7c06889f83f606d23421bf038cKenny Root mRetry = MAX_RETRY; 756655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 757a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 758a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7595187818895c4c5f650a611c40531b1dff7764c18Kenny Root State getState() const { 760a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mState; 761a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 762a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7635187818895c4c5f650a611c40531b1dff7764c18Kenny Root int8_t getRetry() const { 764a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mRetry; 765a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 766a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 767655b958eb2180c7c06889f83f606d23421bf038cKenny Root void zeroizeMasterKeysInMemory() { 768655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(mMasterKey, 0, sizeof(mMasterKey)); 769655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(mSalt, 0, sizeof(mSalt)); 770655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMasterKeyEncryption, 0, sizeof(mMasterKeyEncryption)); 771655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMasterKeyDecryption, 0, sizeof(mMasterKeyDecryption)); 77270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 77370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 774655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initialize(const android::String8& pw, Entropy* entropy) { 775655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateMasterKey(entropy)) { 776a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 777a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 778655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode response = writeMasterKey(pw, entropy); 779a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response != NO_ERROR) { 780a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return response; 781a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 782a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setupMasterKeys(); 78307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 784a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 785a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7864e865753346fc6a075966972a7a98051818859dbRobin Lee ResponseCode copyMasterKey(UserState* src) { 7874e865753346fc6a075966972a7a98051818859dbRobin Lee if (mState != STATE_UNINITIALIZED) { 7884e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 7894e865753346fc6a075966972a7a98051818859dbRobin Lee } 7904e865753346fc6a075966972a7a98051818859dbRobin Lee if (src->getState() != STATE_NO_ERROR) { 7914e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 7924e865753346fc6a075966972a7a98051818859dbRobin Lee } 7934e865753346fc6a075966972a7a98051818859dbRobin Lee memcpy(mMasterKey, src->mMasterKey, MASTER_KEY_SIZE_BYTES); 7944e865753346fc6a075966972a7a98051818859dbRobin Lee setupMasterKeys(); 7954e865753346fc6a075966972a7a98051818859dbRobin Lee return ::NO_ERROR; 7964e865753346fc6a075966972a7a98051818859dbRobin Lee } 7974e865753346fc6a075966972a7a98051818859dbRobin Lee 798655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode writeMasterKey(const android::String8& pw, Entropy* entropy) { 799a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t passwordKey[MASTER_KEY_SIZE_BYTES]; 800a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, mSalt); 801a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_KEY passwordAesKey; 802a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_set_encrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey); 803822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Blob masterKeyBlob(mMasterKey, sizeof(mMasterKey), mSalt, sizeof(mSalt), TYPE_MASTER_KEY); 804f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return masterKeyBlob.writeBlob(mMasterKeyFile, &passwordAesKey, STATE_NO_ERROR, entropy); 805a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 806a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 807655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode readMasterKey(const android::String8& pw, Entropy* entropy) { 808655b958eb2180c7c06889f83f606d23421bf038cKenny Root int in = TEMP_FAILURE_RETRY(open(mMasterKeyFile, O_RDONLY)); 809150ca934edb745de3666a6492b039900df228ff0Kenny Root if (in < 0) { 810a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 811a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 812a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 813a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // we read the raw blob to just to get the salt to generate 814a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // the AES key, then we create the Blob to use with decryptBlob 815a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root blob rawBlob; 816a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t length = readFully(in, (uint8_t*) &rawBlob, sizeof(rawBlob)); 817a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(in) != 0) { 818a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 819a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 820a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // find salt at EOF if present, otherwise we have an old file 821a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t* salt; 822a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (length > SALT_SIZE && rawBlob.info == SALT_SIZE) { 823a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root salt = (uint8_t*) &rawBlob + length - SALT_SIZE; 824a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 825a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root salt = NULL; 826a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 827a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t passwordKey[MASTER_KEY_SIZE_BYTES]; 828a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, salt); 829a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_KEY passwordAesKey; 830a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_set_decrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey); 831a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob masterKeyBlob(rawBlob); 832f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode response = masterKeyBlob.readBlob(mMasterKeyFile, &passwordAesKey, 833f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root STATE_NO_ERROR); 834a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == SYSTEM_ERROR) { 835f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return response; 836a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 837a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == NO_ERROR && masterKeyBlob.getLength() == MASTER_KEY_SIZE_BYTES) { 838a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // if salt was missing, generate one and write a new master key file with the salt. 839a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (salt == NULL) { 840655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateSalt(entropy)) { 841a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 842a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 843655b958eb2180c7c06889f83f606d23421bf038cKenny Root response = writeMasterKey(pw, entropy); 844a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 845a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == NO_ERROR) { 846a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mMasterKey, masterKeyBlob.getValue(), MASTER_KEY_SIZE_BYTES); 847a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setupMasterKeys(); 848a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 849a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return response; 850a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 851a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mRetry <= 0) { 852a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root reset(); 853a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return UNINITIALIZED; 854a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 855a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root --mRetry; 856a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root switch (mRetry) { 857a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 0: return WRONG_PASSWORD_0; 858a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 1: return WRONG_PASSWORD_1; 859a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 2: return WRONG_PASSWORD_2; 860a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 3: return WRONG_PASSWORD_3; 861a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root default: return WRONG_PASSWORD_3; 862a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 863a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 864a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 865655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY* getEncryptionKey() { 866655b958eb2180c7c06889f83f606d23421bf038cKenny Root return &mMasterKeyEncryption; 867655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 868a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 869655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY* getDecryptionKey() { 870655b958eb2180c7c06889f83f606d23421bf038cKenny Root return &mMasterKeyDecryption; 871655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 872a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 873655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool reset() { 874655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir(getUserDirName()); 875a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!dir) { 876655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't open user directory: %s", strerror(errno)); 877a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return false; 878a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 879655b958eb2180c7c06889f83f606d23421bf038cKenny Root 880655b958eb2180c7c06889f83f606d23421bf038cKenny Root struct dirent* file; 881a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while ((file = readdir(dir)) != NULL) { 882655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 883655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 884655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 885655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 886655b958eb2180c7c06889f83f606d23421bf038cKenny Root 887655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 888931fac098f2ae35aa1da26ced57962c9a21f95cfKenny Root if (file->d_name[0] == '.' && strcmp(".masterkey", file->d_name)) { 889655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 890655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 891655b958eb2180c7c06889f83f606d23421bf038cKenny Root 892655b958eb2180c7c06889f83f606d23421bf038cKenny Root unlinkat(dirfd(dir), file->d_name, 0); 893a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 894a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root closedir(dir); 895a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 896a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 897a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 898655b958eb2180c7c06889f83f606d23421bf038cKenny Rootprivate: 899655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MASTER_KEY_SIZE_BYTES = 16; 900655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8; 901655b958eb2180c7c06889f83f606d23421bf038cKenny Root 902655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MAX_RETRY = 4; 903655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const size_t SALT_SIZE = 16; 904655b958eb2180c7c06889f83f606d23421bf038cKenny Root 905655b958eb2180c7c06889f83f606d23421bf038cKenny Root void generateKeyFromPassword(uint8_t* key, ssize_t keySize, const android::String8& pw, 906655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t* salt) { 907655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t saltSize; 908655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (salt != NULL) { 909655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize = SALT_SIZE; 910655b958eb2180c7c06889f83f606d23421bf038cKenny Root } else { 911655b958eb2180c7c06889f83f606d23421bf038cKenny Root // pre-gingerbread used this hardwired salt, readMasterKey will rewrite these when found 912655b958eb2180c7c06889f83f606d23421bf038cKenny Root salt = (uint8_t*) "keystore"; 913655b958eb2180c7c06889f83f606d23421bf038cKenny Root // sizeof = 9, not strlen = 8 914655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize = sizeof("keystore"); 915655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 916655b958eb2180c7c06889f83f606d23421bf038cKenny Root 917655b958eb2180c7c06889f83f606d23421bf038cKenny Root PKCS5_PBKDF2_HMAC_SHA1(reinterpret_cast<const char*>(pw.string()), pw.length(), salt, 918655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize, 8192, keySize, key); 919655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 920655b958eb2180c7c06889f83f606d23421bf038cKenny Root 921655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool generateSalt(Entropy* entropy) { 922655b958eb2180c7c06889f83f606d23421bf038cKenny Root return entropy->generate_random_data(mSalt, sizeof(mSalt)); 923655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 924655b958eb2180c7c06889f83f606d23421bf038cKenny Root 925655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool generateMasterKey(Entropy* entropy) { 926655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!entropy->generate_random_data(mMasterKey, sizeof(mMasterKey))) { 927655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 928655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 929655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateSalt(entropy)) { 930655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 931655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 932655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 933655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 934655b958eb2180c7c06889f83f606d23421bf038cKenny Root 935655b958eb2180c7c06889f83f606d23421bf038cKenny Root void setupMasterKeys() { 936655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_set_encrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyEncryption); 937655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_set_decrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyDecryption); 938655b958eb2180c7c06889f83f606d23421bf038cKenny Root setState(STATE_NO_ERROR); 939655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 940655b958eb2180c7c06889f83f606d23421bf038cKenny Root 941655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t mUserId; 942655b958eb2180c7c06889f83f606d23421bf038cKenny Root 943655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* mUserDir; 944655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* mMasterKeyFile; 945655b958eb2180c7c06889f83f606d23421bf038cKenny Root 946655b958eb2180c7c06889f83f606d23421bf038cKenny Root State mState; 947655b958eb2180c7c06889f83f606d23421bf038cKenny Root int8_t mRetry; 948655b958eb2180c7c06889f83f606d23421bf038cKenny Root 949655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t mMasterKey[MASTER_KEY_SIZE_BYTES]; 950655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t mSalt[SALT_SIZE]; 951655b958eb2180c7c06889f83f606d23421bf038cKenny Root 952655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY mMasterKeyEncryption; 953655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY mMasterKeyDecryption; 954655b958eb2180c7c06889f83f606d23421bf038cKenny Root}; 955655b958eb2180c7c06889f83f606d23421bf038cKenny Root 956655b958eb2180c7c06889f83f606d23421bf038cKenny Roottypedef struct { 957655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint32_t uid; 958655b958eb2180c7c06889f83f606d23421bf038cKenny Root const uint8_t* filename; 959655b958eb2180c7c06889f83f606d23421bf038cKenny Root} grant_t; 960655b958eb2180c7c06889f83f606d23421bf038cKenny Root 961655b958eb2180c7c06889f83f606d23421bf038cKenny Rootclass KeyStore { 962655b958eb2180c7c06889f83f606d23421bf038cKenny Rootpublic: 96367d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker KeyStore(Entropy* entropy, keymaster1_device_t* device, keymaster1_device_t* fallback) 964655b958eb2180c7c06889f83f606d23421bf038cKenny Root : mEntropy(entropy) 965655b958eb2180c7c06889f83f606d23421bf038cKenny Root , mDevice(device) 966fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker , mFallbackDevice(fallback) 967655b958eb2180c7c06889f83f606d23421bf038cKenny Root { 968655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMetaData, '\0', sizeof(mMetaData)); 969655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 970655b958eb2180c7c06889f83f606d23421bf038cKenny Root 971655b958eb2180c7c06889f83f606d23421bf038cKenny Root ~KeyStore() { 972655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::iterator it(mGrants.begin()); 973655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 974655b958eb2180c7c06889f83f606d23421bf038cKenny Root delete *it; 975655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 976c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5haitao fang mGrants.clear(); 977655b958eb2180c7c06889f83f606d23421bf038cKenny Root 978655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::iterator it(mMasterKeys.begin()); 979655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 980655b958eb2180c7c06889f83f606d23421bf038cKenny Root delete *it; 981655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 982c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5haitao fang mMasterKeys.clear(); 983655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 984655b958eb2180c7c06889f83f606d23421bf038cKenny Root 98567d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker /** 98667d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker * Depending on the hardware keymaster version is this may return a 98767d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker * keymaster0_device_t* cast to a keymaster1_device_t*. All methods from 98867d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker * keymaster0 are safe to call, calls to keymaster1_device_t methods should 98967d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker * be guarded by a check on the device's version. 99067d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker */ 99167d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t *getDevice() const { 992655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mDevice; 993655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 994655b958eb2180c7c06889f83f606d23421bf038cKenny Root 99567d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t *getFallbackDevice() const { 996fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return mFallbackDevice; 997fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 998fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 99967d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t *getDeviceForBlob(const Blob& blob) const { 1000fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return blob.isFallback() ? mFallbackDevice: mDevice; 1001fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 1002fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 1003655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initialize() { 1004655b958eb2180c7c06889f83f606d23421bf038cKenny Root readMetaData(); 1005655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (upgradeKeystore()) { 1006655b958eb2180c7c06889f83f606d23421bf038cKenny Root writeMetaData(); 1007655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1008655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1009655b958eb2180c7c06889f83f606d23421bf038cKenny Root return ::NO_ERROR; 1010655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1011655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1012655b958eb2180c7c06889f83f606d23421bf038cKenny Root State getState(uid_t uid) { 1013655b958eb2180c7c06889f83f606d23421bf038cKenny Root return getUserState(uid)->getState(); 1014655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1015655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1016655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initializeUser(const android::String8& pw, uid_t uid) { 1017655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1018655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->initialize(pw, mEntropy); 1019655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1020655b958eb2180c7c06889f83f606d23421bf038cKenny Root 10214e865753346fc6a075966972a7a98051818859dbRobin Lee ResponseCode copyMasterKey(uid_t src, uid_t uid) { 10224e865753346fc6a075966972a7a98051818859dbRobin Lee UserState *userState = getUserState(uid); 10234e865753346fc6a075966972a7a98051818859dbRobin Lee UserState *initState = getUserState(src); 10244e865753346fc6a075966972a7a98051818859dbRobin Lee return userState->copyMasterKey(initState); 10254e865753346fc6a075966972a7a98051818859dbRobin Lee } 10264e865753346fc6a075966972a7a98051818859dbRobin Lee 1027655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode writeMasterKey(const android::String8& pw, uid_t uid) { 102850122db50bcb6c1aab50ef235c8f9d264b50e97aRobin Lee UserState* userState = getUserState(uid); 1029655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->writeMasterKey(pw, mEntropy); 1030655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1031655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1032655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode readMasterKey(const android::String8& pw, uid_t uid) { 103350122db50bcb6c1aab50ef235c8f9d264b50e97aRobin Lee UserState* userState = getUserState(uid); 1034655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->readMasterKey(pw, mEntropy); 1035655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1036655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1037655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyName(const android::String8& keyName) { 1038a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1039655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1040655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8(encoded); 1041655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1042655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1043655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyNameForUid(const android::String8& keyName, uid_t uid) { 1044a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1045655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1046655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8::format("%u_%s", uid, encoded); 1047655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1048655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1049655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyNameForUidWithDir(const android::String8& keyName, uid_t uid) { 1050a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1051655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1052655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8::format("%s/%u_%s", getUserState(uid)->getUserDirName(), uid, 1053655b958eb2180c7c06889f83f606d23421bf038cKenny Root encoded); 1054655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1055655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1056655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool reset(uid_t uid) { 10574b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::String8 prefix(""); 10584b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::Vector<android::String16> aliases; 10594b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (saw(prefix, &aliases, uid) != ::NO_ERROR) { 10604b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 10614b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 10624b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 1063655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 10644b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee for (uint32_t i = 0; i < aliases.size(); i++) { 10654b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::String8 filename(aliases[i]); 10664b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee filename = android::String8::format("%s/%s", userState->getUserDirName(), 10674b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee getKeyName(filename).string()); 10684b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee del(filename, ::TYPE_ANY, uid); 10694b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 10704b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 1071655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->zeroizeMasterKeysInMemory(); 1072655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->setState(STATE_UNINITIALIZED); 1073655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->reset(); 1074655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1075655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1076655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool isEmpty(uid_t uid) const { 1077655b958eb2180c7c06889f83f606d23421bf038cKenny Root const UserState* userState = getUserState(uid); 107831e27468b6d822adbd2aec9219a68c206aa6957cKenny Root if (userState == NULL || userState->getState() == STATE_UNINITIALIZED) { 1079655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 1080655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1081655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1082655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir(userState->getUserDirName()); 1083a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!dir) { 1084a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 1085a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1086655b958eb2180c7c06889f83f606d23421bf038cKenny Root 108731e27468b6d822adbd2aec9219a68c206aa6957cKenny Root bool result = true; 108831e27468b6d822adbd2aec9219a68c206aa6957cKenny Root struct dirent* file; 1089a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while ((file = readdir(dir)) != NULL) { 1090655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 1091655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 1092655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1093655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1094655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1095655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 1096655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_name[0] == '.') { 1097655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1098655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1099655b958eb2180c7c06889f83f606d23421bf038cKenny Root 110031e27468b6d822adbd2aec9219a68c206aa6957cKenny Root result = false; 110131e27468b6d822adbd2aec9219a68c206aa6957cKenny Root break; 1102a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1103a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root closedir(dir); 1104a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return result; 1105a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1106a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1107655b958eb2180c7c06889f83f606d23421bf038cKenny Root void lock(uid_t uid) { 1108655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1109655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->zeroizeMasterKeysInMemory(); 1110655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->setState(STATE_LOCKED); 1111a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1112a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1113655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode get(const char* filename, Blob* keyBlob, const BlobType type, uid_t uid) { 1114655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1115f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode rc = keyBlob->readBlob(filename, userState->getDecryptionKey(), 1116f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root userState->getState()); 1117822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc != NO_ERROR) { 1118822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1119822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1120822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1121822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root const uint8_t version = keyBlob->getVersion(); 112207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (version < CURRENT_BLOB_VERSION) { 1123cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root /* If we upgrade the key, we need to write it to disk again. Then 1124cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root * it must be read it again since the blob is encrypted each time 1125cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root * it's written. 1126cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root */ 1127655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (upgradeBlob(filename, keyBlob, version, type, uid)) { 1128655b958eb2180c7c06889f83f606d23421bf038cKenny Root if ((rc = this->put(filename, keyBlob, uid)) != NO_ERROR 1129f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root || (rc = keyBlob->readBlob(filename, userState->getDecryptionKey(), 1130f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root userState->getState())) != NO_ERROR) { 1131cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root return rc; 1132cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root } 1133cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root } 1134822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1135822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 113617208e0de5a42722901d803118745cca25fd10c1Kenny Root /* 113717208e0de5a42722901d803118745cca25fd10c1Kenny Root * This will upgrade software-backed keys to hardware-backed keys when 113817208e0de5a42722901d803118745cca25fd10c1Kenny Root * the HAL for the device supports the newer key types. 113917208e0de5a42722901d803118745cca25fd10c1Kenny Root */ 114017208e0de5a42722901d803118745cca25fd10c1Kenny Root if (rc == NO_ERROR && type == TYPE_KEY_PAIR 114117208e0de5a42722901d803118745cca25fd10c1Kenny Root && mDevice->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_0_2 114217208e0de5a42722901d803118745cca25fd10c1Kenny Root && keyBlob->isFallback()) { 114317208e0de5a42722901d803118745cca25fd10c1Kenny Root ResponseCode imported = importKey(keyBlob->getValue(), keyBlob->getLength(), filename, 114417208e0de5a42722901d803118745cca25fd10c1Kenny Root uid, keyBlob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); 114517208e0de5a42722901d803118745cca25fd10c1Kenny Root 114617208e0de5a42722901d803118745cca25fd10c1Kenny Root // The HAL allowed the import, reget the key to have the "fresh" 114717208e0de5a42722901d803118745cca25fd10c1Kenny Root // version. 114817208e0de5a42722901d803118745cca25fd10c1Kenny Root if (imported == NO_ERROR) { 114917208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = get(filename, keyBlob, TYPE_KEY_PAIR, uid); 115017208e0de5a42722901d803118745cca25fd10c1Kenny Root } 115117208e0de5a42722901d803118745cca25fd10c1Kenny Root } 115217208e0de5a42722901d803118745cca25fd10c1Kenny Root 1153d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (type != TYPE_ANY && keyBlob->getType() != type) { 1154822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGW("key found but type doesn't match: %d vs %d", keyBlob->getType(), type); 1155822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return KEY_NOT_FOUND; 1156822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1157822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1158822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1159a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1160a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1161655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode put(const char* filename, Blob* keyBlob, uid_t uid) { 1162655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1163f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return keyBlob->writeBlob(filename, userState->getEncryptionKey(), userState->getState(), 1164f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mEntropy); 1165a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1166a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 11674b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode del(const char *filename, const BlobType type, uid_t uid) { 11684b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee Blob keyBlob; 11694b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode rc = get(filename, &keyBlob, type, uid); 11704b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (rc != ::NO_ERROR) { 11714b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return rc; 11724b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11734b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11744b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (keyBlob.getType() == ::TYPE_KEY_PAIR) { 11754b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // A device doesn't have to implement delete_keypair. 11764b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mDevice->delete_keypair != NULL && !keyBlob.isFallback()) { 11774b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mDevice->delete_keypair(mDevice, keyBlob.getValue(), keyBlob.getLength())) { 11784b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee rc = ::SYSTEM_ERROR; 11794b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11804b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11814b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 118217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (keyBlob.getType() == ::TYPE_KEYMASTER_10) { 118317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster1_device_t* dev = getDeviceForBlob(keyBlob); 118417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (dev->delete_key) { 118517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_blob_t blob; 118617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker blob.key_material = keyBlob.getValue(); 118717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker blob.key_material_size = keyBlob.getLength(); 118817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker dev->delete_key(dev, &blob); 118917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 119017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 11914b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (rc != ::NO_ERROR) { 11924b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return rc; 11934b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11944b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11954b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return (unlink(filename) && errno != ENOENT) ? ::SYSTEM_ERROR : ::NO_ERROR; 11964b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11974b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11984b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode saw(const android::String8& prefix, android::Vector<android::String16> *matches, 11994b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee uid_t uid) { 12004b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12014b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee UserState* userState = getUserState(uid); 12024b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t n = prefix.length(); 12034b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12044b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee DIR* dir = opendir(userState->getUserDirName()); 12054b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (!dir) { 12064b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("can't open directory for user: %s", strerror(errno)); 12074b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 12084b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12094b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12104b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee struct dirent* file; 12114b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee while ((file = readdir(dir)) != NULL) { 12124b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // We only care about files. 12134b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (file->d_type != DT_REG) { 12144b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee continue; 12154b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12164b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12174b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // Skip anything that starts with a "." 12184b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (file->d_name[0] == '.') { 12194b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee continue; 12204b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12214b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12224b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (!strncmp(prefix.string(), file->d_name, n)) { 12234b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee const char* p = &file->d_name[n]; 12244b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t plen = strlen(p); 12254b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12264b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t extra = decode_key_length(p, plen); 12274b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee char *match = (char*) malloc(extra + 1); 12284b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (match != NULL) { 12294b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee decode_key(match, p, plen); 12304b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee matches->push(android::String16(match, extra)); 12314b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee free(match); 12324b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } else { 12334b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("could not allocate match of size %zd", extra); 12344b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12354b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12364b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12374b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee closedir(dir); 12384b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::NO_ERROR; 12394b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12404b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 124107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root void addGrant(const char* filename, uid_t granteeUid) { 1242655b958eb2180c7c06889f83f606d23421bf038cKenny Root const grant_t* existing = getGrant(filename, granteeUid); 1243655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (existing == NULL) { 1244655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = new grant_t; 124507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root grant->uid = granteeUid; 1246a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom grant->filename = reinterpret_cast<const uint8_t*>(strdup(filename)); 1247655b958eb2180c7c06889f83f606d23421bf038cKenny Root mGrants.add(grant); 124870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 124970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 125070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 125107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root bool removeGrant(const char* filename, uid_t granteeUid) { 1252655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::iterator it(mGrants.begin()); 1253655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 1254655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = *it; 1255655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (grant->uid == granteeUid 1256655b958eb2180c7c06889f83f606d23421bf038cKenny Root && !strcmp(reinterpret_cast<const char*>(grant->filename), filename)) { 1257655b958eb2180c7c06889f83f606d23421bf038cKenny Root mGrants.erase(it); 1258655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 1259655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 126070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 126170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return false; 126270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 126370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1264a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom bool hasGrant(const char* filename, const uid_t uid) const { 1265a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom return getGrant(filename, uid) != NULL; 126670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 126770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1268f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode importKey(const uint8_t* key, size_t keyLen, const char* filename, uid_t uid, 1269f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 1270822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t* data; 1271822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root size_t dataLength; 1272822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root int rc; 1273822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1274822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (mDevice->import_keypair == NULL) { 1275822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Keymaster doesn't support import!"); 1276822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1277822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1278822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 127917208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback = false; 128007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root rc = mDevice->import_keypair(mDevice, key, keyLen, &data, &dataLength); 1281822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc) { 1282a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root /* 1283a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * Maybe the device doesn't support this type of key. Try to use the 1284a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * software fallback keymaster implementation. This is a little bit 1285a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * lazier than checking the PKCS#8 key type, but the software 1286a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * implementation will do that anyway. 1287a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root */ 12887c1eb75a6898452867ca28a4d7fad2d91edca615Chad Brubaker rc = mFallbackDevice->import_keypair(mFallbackDevice, key, keyLen, &data, &dataLength); 1289a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root isFallback = true; 129017208e0de5a42722901d803118745cca25fd10c1Kenny Root 129117208e0de5a42722901d803118745cca25fd10c1Kenny Root if (rc) { 129217208e0de5a42722901d803118745cca25fd10c1Kenny Root ALOGE("Error while importing keypair: %d", rc); 129317208e0de5a42722901d803118745cca25fd10c1Kenny Root return SYSTEM_ERROR; 129417208e0de5a42722901d803118745cca25fd10c1Kenny Root } 1295822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1296822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1297822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR); 1298822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root free(data); 1299822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1300f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 130117208e0de5a42722901d803118745cca25fd10c1Kenny Root keyBlob.setFallback(isFallback); 1302f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1303655b958eb2180c7c06889f83f606d23421bf038cKenny Root return put(filename, &keyBlob, uid); 1304822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1305822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 13061b0e3933900c7ea21189704d5db64e7346aee7afKenny Root bool isHardwareBacked(const android::String16& keyType) const { 13071b0e3933900c7ea21189704d5db64e7346aee7afKenny Root if (mDevice == NULL) { 13081b0e3933900c7ea21189704d5db64e7346aee7afKenny Root ALOGW("can't get keymaster device"); 13091b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return false; 13101b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } 13111b0e3933900c7ea21189704d5db64e7346aee7afKenny Root 13121b0e3933900c7ea21189704d5db64e7346aee7afKenny Root if (sRSAKeyType == keyType) { 13131b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0; 13141b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } else { 13151b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0 13161b0e3933900c7ea21189704d5db64e7346aee7afKenny Root && (mDevice->common.module->module_api_version 13171b0e3933900c7ea21189704d5db64e7346aee7afKenny Root >= KEYMASTER_MODULE_API_VERSION_0_2); 13181b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } 13198ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root } 13208ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root 1321655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode getKeyForName(Blob* keyBlob, const android::String8& keyName, const uid_t uid, 1322655b958eb2180c7c06889f83f606d23421bf038cKenny Root const BlobType type) { 132386b16e8c0d353af97f0411917789308dba417295Kenny Root android::String8 filepath8(getKeyNameForUidWithDir(keyName, uid)); 1324a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1325655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = get(filepath8.string(), keyBlob, type, uid); 1326655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (responseCode == NO_ERROR) { 1327655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1328655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1329a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1330655b958eb2180c7c06889f83f606d23421bf038cKenny Root // If this is one of the legacy UID->UID mappings, use it. 1331655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t euid = get_keystore_euid(uid); 1332655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (euid != uid) { 133386b16e8c0d353af97f0411917789308dba417295Kenny Root filepath8 = getKeyNameForUidWithDir(keyName, euid); 1334655b958eb2180c7c06889f83f606d23421bf038cKenny Root responseCode = get(filepath8.string(), keyBlob, type, uid); 1335655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (responseCode == NO_ERROR) { 1336655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1337655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1338655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 133970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1340655b958eb2180c7c06889f83f606d23421bf038cKenny Root // They might be using a granted key. 134186b16e8c0d353af97f0411917789308dba417295Kenny Root android::String8 filename8 = getKeyName(keyName); 1342655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* end; 134386b16e8c0d353af97f0411917789308dba417295Kenny Root strtoul(filename8.string(), &end, 10); 1344655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (end[0] != '_' || end[1] == 0) { 1345655b958eb2180c7c06889f83f606d23421bf038cKenny Root return KEY_NOT_FOUND; 1346655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 134786b16e8c0d353af97f0411917789308dba417295Kenny Root filepath8 = android::String8::format("%s/%s", getUserState(uid)->getUserDirName(), 134886b16e8c0d353af97f0411917789308dba417295Kenny Root filename8.string()); 1349655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!hasGrant(filepath8.string(), uid)) { 1350655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1351a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1352a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1353655b958eb2180c7c06889f83f606d23421bf038cKenny Root // It is a granted key. Try to load it. 1354655b958eb2180c7c06889f83f606d23421bf038cKenny Root return get(filepath8.string(), keyBlob, type, uid); 1355a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1356a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1357655b958eb2180c7c06889f83f606d23421bf038cKenny Root /** 1358655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns any existing UserState or creates it if it doesn't exist. 1359655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1360655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* getUserState(uid_t uid) { 1361655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t userId = get_user_id(uid); 1362655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1363655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::iterator it(mMasterKeys.begin()); 1364655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 1365655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* state = *it; 1366655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (state->getUserId() == userId) { 1367655b958eb2180c7c06889f83f606d23421bf038cKenny Root return state; 1368655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1369a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1370655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1371655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = new UserState(userId); 1372655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!userState->initialize()) { 1373655b958eb2180c7c06889f83f606d23421bf038cKenny Root /* There's not much we can do if initialization fails. Trying to 1374655b958eb2180c7c06889f83f606d23421bf038cKenny Root * unlock the keystore for that user will fail as well, so any 1375655b958eb2180c7c06889f83f606d23421bf038cKenny Root * subsequent request for this user will just return SYSTEM_ERROR. 1376655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1377655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("User initialization failed for %u; subsuquent operations will fail", userId); 1378a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1379655b958eb2180c7c06889f83f606d23421bf038cKenny Root mMasterKeys.add(userState); 1380655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState; 1381a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1382a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1383655b958eb2180c7c06889f83f606d23421bf038cKenny Root /** 1384655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns NULL if the UserState doesn't already exist. 1385655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1386655b958eb2180c7c06889f83f606d23421bf038cKenny Root const UserState* getUserState(uid_t uid) const { 1387655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t userId = get_user_id(uid); 1388655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1389655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::const_iterator it(mMasterKeys.begin()); 1390655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 1391655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* state = *it; 1392655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (state->getUserId() == userId) { 1393655b958eb2180c7c06889f83f606d23421bf038cKenny Root return state; 1394655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1395655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1396a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1397655b958eb2180c7c06889f83f606d23421bf038cKenny Root return NULL; 1398a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1399a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1400655b958eb2180c7c06889f83f606d23421bf038cKenny Rootprivate: 1401655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const char* sOldMasterKey; 1402655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const char* sMetaDataFile; 14031b0e3933900c7ea21189704d5db64e7346aee7afKenny Root static const android::String16 sRSAKeyType; 1404655b958eb2180c7c06889f83f606d23421bf038cKenny Root Entropy* mEntropy; 140507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 140667d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t* mDevice; 140767d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t* mFallbackDevice; 1408a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1409655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::Vector<UserState*> mMasterKeys; 1410655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1411655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::Vector<grant_t*> mGrants; 141270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1413655b958eb2180c7c06889f83f606d23421bf038cKenny Root typedef struct { 1414655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint32_t version; 1415655b958eb2180c7c06889f83f606d23421bf038cKenny Root } keystore_metadata_t; 141670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1417655b958eb2180c7c06889f83f606d23421bf038cKenny Root keystore_metadata_t mMetaData; 1418655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1419655b958eb2180c7c06889f83f606d23421bf038cKenny Root const grant_t* getGrant(const char* filename, uid_t uid) const { 1420655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::const_iterator it(mGrants.begin()); 1421655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 1422655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = *it; 142370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (grant->uid == uid 1424655b958eb2180c7c06889f83f606d23421bf038cKenny Root && !strcmp(reinterpret_cast<const char*>(grant->filename), filename)) { 142570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return grant; 142670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 142770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 142870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return NULL; 142970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 143070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1431822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /** 1432822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Upgrade code. This will upgrade the key from the current version 1433822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * to whatever is newest. 1434822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 1435655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVersion, 1436655b958eb2180c7c06889f83f606d23421bf038cKenny Root const BlobType type, uid_t uid) { 1437822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root bool updated = false; 1438822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t version = oldVersion; 1439822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1440822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /* From V0 -> V1: All old types were unknown */ 1441822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (version == 0) { 1442822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGV("upgrading to version 1 and setting type %d", type); 1443822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1444822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root blob->setType(type); 1445822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (type == TYPE_KEY_PAIR) { 1446655b958eb2180c7c06889f83f606d23421bf038cKenny Root importBlobAsKey(blob, filename, uid); 1447822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1448822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root version = 1; 1449822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root updated = true; 1450822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1451822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1452f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root /* From V1 -> V2: All old keys were encrypted */ 1453f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (version == 1) { 1454f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("upgrading to version 2"); 1455f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1456f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root blob->setEncrypted(true); 1457f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root version = 2; 1458f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root updated = true; 1459f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 1460f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1461822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /* 1462822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * If we've updated, set the key blob to the right version 1463822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * and write it. 1464cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root */ 1465822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (updated) { 1466822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGV("updated and writing file %s", filename); 1467822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root blob->setVersion(version); 1468822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1469cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root 1470cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root return updated; 1471822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1472822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1473822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /** 1474822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Takes a blob that is an PEM-encoded RSA key as a byte array and 1475822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * converts it to a DER-encoded PKCS#8 for import into a keymaster. 1476822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Then it overwrites the original blob with the new blob 1477822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * format that is returned from the keymaster. 1478822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 1479655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode importBlobAsKey(Blob* blob, const char* filename, uid_t uid) { 1480822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root // We won't even write to the blob directly with this BIO, so const_cast is okay. 1481822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_BIO b(BIO_new_mem_buf(const_cast<uint8_t*>(blob->getValue()), blob->getLength())); 1482822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (b.get() == NULL) { 1483822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Problem instantiating BIO"); 1484822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1485822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1486822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1487822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_EVP_PKEY pkey(PEM_read_bio_PrivateKey(b.get(), NULL, NULL, NULL)); 1488822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (pkey.get() == NULL) { 1489822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't read old PEM file"); 1490822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1491822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1492822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1493822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_PKCS8_PRIV_KEY_INFO pkcs8(EVP_PKEY2PKCS8(pkey.get())); 1494822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root int len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), NULL); 1495822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (len < 0) { 1496822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't measure PKCS#8 length"); 1497822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1498822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1499822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 150070c9889c5ca912e7c492580e1999f18ab65b267bKenny Root UniquePtr<unsigned char[]> pkcs8key(new unsigned char[len]); 150170c9889c5ca912e7c492580e1999f18ab65b267bKenny Root uint8_t* tmp = pkcs8key.get(); 1502822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &tmp) != len) { 1503822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't convert to PKCS#8"); 1504822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1505822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1506822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1507f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode rc = importKey(pkcs8key.get(), len, filename, uid, 1508f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root blob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); 1509822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc != NO_ERROR) { 1510822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1511822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1512822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1513655b958eb2180c7c06889f83f606d23421bf038cKenny Root return get(filename, blob, TYPE_KEY_PAIR, uid); 1514822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 151570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1516655b958eb2180c7c06889f83f606d23421bf038cKenny Root void readMetaData() { 1517655b958eb2180c7c06889f83f606d23421bf038cKenny Root int in = TEMP_FAILURE_RETRY(open(sMetaDataFile, O_RDONLY)); 1518655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (in < 0) { 1519655b958eb2180c7c06889f83f606d23421bf038cKenny Root return; 1520655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1521655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t fileLength = readFully(in, (uint8_t*) &mMetaData, sizeof(mMetaData)); 1522655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (fileLength != sizeof(mMetaData)) { 1523655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGI("Metadata file is %zd bytes (%zd experted); upgrade?", fileLength, 1524655b958eb2180c7c06889f83f606d23421bf038cKenny Root sizeof(mMetaData)); 1525655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1526655b958eb2180c7c06889f83f606d23421bf038cKenny Root close(in); 152770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 152870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1529655b958eb2180c7c06889f83f606d23421bf038cKenny Root void writeMetaData() { 1530655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* tmpFileName = ".metadata.tmp"; 1531655b958eb2180c7c06889f83f606d23421bf038cKenny Root int out = TEMP_FAILURE_RETRY(open(tmpFileName, 1532655b958eb2180c7c06889f83f606d23421bf038cKenny Root O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); 1533655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (out < 0) { 1534655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't write metadata file: %s", strerror(errno)); 1535655b958eb2180c7c06889f83f606d23421bf038cKenny Root return; 1536655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1537655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t fileLength = writeFully(out, (uint8_t*) &mMetaData, sizeof(mMetaData)); 1538655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (fileLength != sizeof(mMetaData)) { 1539655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGI("Could only write %zd bytes to metadata file (%zd expected)", fileLength, 1540655b958eb2180c7c06889f83f606d23421bf038cKenny Root sizeof(mMetaData)); 154170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1542655b958eb2180c7c06889f83f606d23421bf038cKenny Root close(out); 1543655b958eb2180c7c06889f83f606d23421bf038cKenny Root rename(tmpFileName, sMetaDataFile); 154470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 154570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1546655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgradeKeystore() { 1547655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgraded = false; 1548655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1549655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (mMetaData.version == 0) { 1550655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(0); 1551655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1552655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Initialize first so the directory is made. 1553655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->initialize(); 1554655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1555655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Migrate the old .masterkey file to user 0. 1556655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(sOldMasterKey, R_OK) == 0) { 1557655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (rename(sOldMasterKey, userState->getMasterKeyFileName()) < 0) { 1558655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't migrate old masterkey: %s", strerror(errno)); 1559655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 1560655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1561655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1562655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1563655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Initialize again in case we had a key. 1564655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->initialize(); 1565655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1566655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Try to migrate existing keys. 1567655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir("."); 1568655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!dir) { 1569655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Give up now; maybe we can upgrade later. 1570655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't open keystore's directory; something is wrong"); 1571655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 1572655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1573655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1574655b958eb2180c7c06889f83f606d23421bf038cKenny Root struct dirent* file; 1575655b958eb2180c7c06889f83f606d23421bf038cKenny Root while ((file = readdir(dir)) != NULL) { 1576655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 1577655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 1578655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1579655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1580655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1581655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 1582655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_name[0] == '.') { 1583655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1584655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1585655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1586655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Find the current file's user. 1587655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* end; 1588655b958eb2180c7c06889f83f606d23421bf038cKenny Root unsigned long thisUid = strtoul(file->d_name, &end, 10); 1589655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (end[0] != '_' || end[1] == 0) { 1590655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1591655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1592655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* otherUser = getUserState(thisUid); 1593655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (otherUser->getUserId() != 0) { 1594655b958eb2180c7c06889f83f606d23421bf038cKenny Root unlinkat(dirfd(dir), file->d_name, 0); 1595655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1596655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1597655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Rename the file into user directory. 1598655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* otherdir = opendir(otherUser->getUserDirName()); 1599655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (otherdir == NULL) { 1600655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't open user directory for rename"); 1601655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1602655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1603655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (renameat(dirfd(dir), file->d_name, dirfd(otherdir), file->d_name) < 0) { 1604655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't rename blob: %s: %s", file->d_name, strerror(errno)); 1605655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1606655b958eb2180c7c06889f83f606d23421bf038cKenny Root closedir(otherdir); 1607655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1608655b958eb2180c7c06889f83f606d23421bf038cKenny Root closedir(dir); 1609655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1610655b958eb2180c7c06889f83f606d23421bf038cKenny Root mMetaData.version = 1; 1611655b958eb2180c7c06889f83f606d23421bf038cKenny Root upgraded = true; 1612655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1613655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1614655b958eb2180c7c06889f83f606d23421bf038cKenny Root return upgraded; 161570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1616655b958eb2180c7c06889f83f606d23421bf038cKenny Root}; 161770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1618655b958eb2180c7c06889f83f606d23421bf038cKenny Rootconst char* KeyStore::sOldMasterKey = ".masterkey"; 1619655b958eb2180c7c06889f83f606d23421bf038cKenny Rootconst char* KeyStore::sMetaDataFile = ".metadata"; 162070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 16211b0e3933900c7ea21189704d5db64e7346aee7afKenny Rootconst android::String16 KeyStore::sRSAKeyType("RSA"); 16221b0e3933900c7ea21189704d5db64e7346aee7afKenny Root 162307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootnamespace android { 162407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootclass KeyStoreProxy : public BnKeystoreService, public IBinder::DeathRecipient { 162507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootpublic: 162607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root KeyStoreProxy(KeyStore* keyStore) 162740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker : mKeyStore(keyStore), 162840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap(this) 162907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root { 163007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1631a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 163240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void binderDied(const wp<IBinder>& who) { 163340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker auto operations = mOperationMap.getOperationsForToken(who.unsafe_get()); 163440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker for (auto token: operations) { 163540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker abort(token); 163640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 163707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1638a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 163907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t test() { 16409489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_TEST)) { 164107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 164207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1643a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 16449489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return mKeyStore->getState(IPCThreadState::self()->getCallingUid()); 1645a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1646a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 164707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t get(const String16& name, uint8_t** item, size_t* itemLength) { 16489489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_GET)) { 164907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 165007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1651a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 16529489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 165307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 165407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 165566dbf67dd65b4808a15ef64f0ffde1275bdd58a9Nick Kralevich 1656655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 1657494689083467ec372a58f094f041c8f102f39393Kenny Root TYPE_GENERIC); 165807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 1659655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("Could not read %s", name8.string()); 166007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *item = NULL; 166107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *itemLength = 0; 166207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 166307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 166407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 166507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *item = (uint8_t*) malloc(keyBlob.getLength()); 166607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root memcpy(*item, keyBlob.getValue(), keyBlob.getLength()); 166707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *itemLength = keyBlob.getLength(); 166807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 166907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1670a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1671a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1672f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int targetUid, 1673f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 16749489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 16759489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, 16769489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 16779489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 16789489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 1679b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1680b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 168107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1682655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 168307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 168407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob(item, itemLength, NULL, 0, ::TYPE_GENERIC); 1685ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 1686ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root 1687fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->put(filename.string(), &keyBlob, targetUid); 1688a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1689a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1690494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t del(const String16& name, int targetUid) { 16919489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 16929489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_DELETE, targetUid)) { 1693b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1694b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 169507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1696655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 169717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return mKeyStore->del(filename.string(), ::TYPE_ANY, targetUid); 1698298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1699298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 1700494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t exist(const String16& name, int targetUid) { 17019489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 17029489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_EXIST, targetUid)) { 1703b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1704b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1705b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 170607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1707655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 170807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1709655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 171007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 171107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 171207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1713298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1714298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 1715494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t saw(const String16& prefix, int targetUid, Vector<String16>* matches) { 17169489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 17179489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_SAW, targetUid)) { 1718b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1719b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 172007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 prefix8(prefix); 1721655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUid(prefix8, targetUid)); 172207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 17234b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mKeyStore->saw(filename, matches, targetUid) != ::NO_ERROR) { 17244b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 172507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 172607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1727298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1728298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 172907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t reset() { 17309489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_RESET)) { 173107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 173207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1733a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 17349489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 17354b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return mKeyStore->reset(callingUid) ? ::NO_ERROR : ::SYSTEM_ERROR; 1736a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1737a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 173807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 173907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Here is the history. To improve the security, the parameters to generate the 174007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * master key has been changed. To make a seamless transition, we update the 174107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * file using the same password when the user unlock it for the first time. If 174207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * any thing goes wrong during the transition, the new file will not overwrite 174307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * the old one. This avoids permanent damages of the existing data. 174407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 174507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t password(const String16& password) { 17469489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_PASSWORD)) { 174707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 174807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1749a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 175007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 password8(password); 17519489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1752a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1753655b958eb2180c7c06889f83f606d23421bf038cKenny Root switch (mKeyStore->getState(callingUid)) { 175407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root case ::STATE_UNINITIALIZED: { 175507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root // generate master key, encrypt with password, write to file, initialize mMasterKey*. 1756655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->initializeUser(password8, callingUid); 175707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 175807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root case ::STATE_NO_ERROR: { 175907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root // rewrite master key with new password. 1760655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->writeMasterKey(password8, callingUid); 176107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 176207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root case ::STATE_LOCKED: { 176307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root // read master key, decrypt with password, initialize mMasterKey*. 1764655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->readMasterKey(password8, callingUid); 176507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 176607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 176707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 176807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1769a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 177007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t lock() { 17719489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_LOCK)) { 177207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 177307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 177407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 17759489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1776655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 17779d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (state != ::STATE_NO_ERROR) { 177807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling lock in state: %d", state); 177907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 178007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 178170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1782655b958eb2180c7c06889f83f606d23421bf038cKenny Root mKeyStore->lock(callingUid); 178307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 178470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1785a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 178607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t unlock(const String16& pw) { 17879489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_UNLOCK)) { 178807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 178907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 179007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 17919489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1792655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 17939d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (state != ::STATE_LOCKED) { 179407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling unlock when not locked"); 179507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 179607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 179707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 179807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 password8(pw); 179907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return password(pw); 180070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 180170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 180207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t zero() { 18039489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_ZERO)) { 180407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return -1; 180507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 180670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 18079489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1808655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->isEmpty(callingUid) ? ::KEY_NOT_FOUND : ::NO_ERROR; 180970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 181070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 181196427baf0094d50047049d329b0779c3c910402cKenny Root int32_t generate(const String16& name, int32_t targetUid, int32_t keyType, int32_t keySize, 181296427baf0094d50047049d329b0779c3c910402cKenny Root int32_t flags, Vector<sp<KeystoreArg> >* args) { 18139489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 18149489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, 18159489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 18169489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 18179489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 181807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 181907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uint8_t* data; 182007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t dataLength; 182107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int rc; 182217208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback = false; 182370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 182467d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 182567d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 182607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 182707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 182807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 182970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 183007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->generate_keypair == NULL) { 183107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 183207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 183370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 183417208e0de5a42722901d803118745cca25fd10c1Kenny Root if (keyType == EVP_PKEY_DSA) { 183596427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_dsa_keygen_params_t dsa_params; 183696427baf0094d50047049d329b0779c3c910402cKenny Root memset(&dsa_params, '\0', sizeof(dsa_params)); 183796427baf0094d50047049d329b0779c3c910402cKenny Root 183896427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 183996427baf0094d50047049d329b0779c3c910402cKenny Root keySize = DSA_DEFAULT_KEY_SIZE; 184096427baf0094d50047049d329b0779c3c910402cKenny Root } else if ((keySize % 64) != 0 || keySize < DSA_MIN_KEY_SIZE 184196427baf0094d50047049d329b0779c3c910402cKenny Root || keySize > DSA_MAX_KEY_SIZE) { 184296427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 184396427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 184496427baf0094d50047049d329b0779c3c910402cKenny Root } 184596427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.key_size = keySize; 184696427baf0094d50047049d329b0779c3c910402cKenny Root 184796427baf0094d50047049d329b0779c3c910402cKenny Root if (args->size() == 3) { 184896427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> gArg = args->itemAt(0); 184996427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> pArg = args->itemAt(1); 185096427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> qArg = args->itemAt(2); 185196427baf0094d50047049d329b0779c3c910402cKenny Root 185296427baf0094d50047049d329b0779c3c910402cKenny Root if (gArg != NULL && pArg != NULL && qArg != NULL) { 185396427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.generator = reinterpret_cast<const uint8_t*>(gArg->data()); 185496427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.generator_len = gArg->size(); 185596427baf0094d50047049d329b0779c3c910402cKenny Root 185696427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_p = reinterpret_cast<const uint8_t*>(pArg->data()); 185796427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_p_len = pArg->size(); 185896427baf0094d50047049d329b0779c3c910402cKenny Root 185996427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_q = reinterpret_cast<const uint8_t*>(qArg->data()); 186096427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_q_len = qArg->size(); 186196427baf0094d50047049d329b0779c3c910402cKenny Root } else { 186296427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("not all DSA parameters were read"); 186396427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 186496427baf0094d50047049d329b0779c3c910402cKenny Root } 186596427baf0094d50047049d329b0779c3c910402cKenny Root } else if (args->size() != 0) { 186696427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("DSA args must be 3"); 186796427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 186896427baf0094d50047049d329b0779c3c910402cKenny Root } 186996427baf0094d50047049d329b0779c3c910402cKenny Root 18701d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (isKeyTypeSupported(device, TYPE_DSA)) { 187117208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = device->generate_keypair(device, TYPE_DSA, &dsa_params, &data, &dataLength); 187217208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 187317208e0de5a42722901d803118745cca25fd10c1Kenny Root isFallback = true; 1874fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = fallback->generate_keypair(fallback, TYPE_DSA, &dsa_params, &data, 1875fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker &dataLength); 187617208e0de5a42722901d803118745cca25fd10c1Kenny Root } 187717208e0de5a42722901d803118745cca25fd10c1Kenny Root } else if (keyType == EVP_PKEY_EC) { 187896427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_ec_keygen_params_t ec_params; 187996427baf0094d50047049d329b0779c3c910402cKenny Root memset(&ec_params, '\0', sizeof(ec_params)); 188096427baf0094d50047049d329b0779c3c910402cKenny Root 188196427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 188296427baf0094d50047049d329b0779c3c910402cKenny Root keySize = EC_DEFAULT_KEY_SIZE; 188396427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) { 188496427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 188596427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 188696427baf0094d50047049d329b0779c3c910402cKenny Root } 188796427baf0094d50047049d329b0779c3c910402cKenny Root ec_params.field_size = keySize; 188896427baf0094d50047049d329b0779c3c910402cKenny Root 18891d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (isKeyTypeSupported(device, TYPE_EC)) { 189017208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = device->generate_keypair(device, TYPE_EC, &ec_params, &data, &dataLength); 189117208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 189217208e0de5a42722901d803118745cca25fd10c1Kenny Root isFallback = true; 1893fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = fallback->generate_keypair(fallback, TYPE_EC, &ec_params, &data, &dataLength); 189417208e0de5a42722901d803118745cca25fd10c1Kenny Root } 189596427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keyType == EVP_PKEY_RSA) { 189696427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_rsa_keygen_params_t rsa_params; 189796427baf0094d50047049d329b0779c3c910402cKenny Root memset(&rsa_params, '\0', sizeof(rsa_params)); 189896427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.public_exponent = RSA_DEFAULT_EXPONENT; 189996427baf0094d50047049d329b0779c3c910402cKenny Root 190096427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 190196427baf0094d50047049d329b0779c3c910402cKenny Root keySize = RSA_DEFAULT_KEY_SIZE; 190296427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keySize < RSA_MIN_KEY_SIZE || keySize > RSA_MAX_KEY_SIZE) { 190396427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 190496427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 190596427baf0094d50047049d329b0779c3c910402cKenny Root } 190696427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.modulus_size = keySize; 190796427baf0094d50047049d329b0779c3c910402cKenny Root 190896427baf0094d50047049d329b0779c3c910402cKenny Root if (args->size() > 1) { 19096489e02e134e4779d35c4a340ff68ad445fde133Matteo Franchin ALOGI("invalid number of arguments: %zu", args->size()); 191096427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 191196427baf0094d50047049d329b0779c3c910402cKenny Root } else if (args->size() == 1) { 191296427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> pubExpBlob = args->itemAt(0); 191396427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExpBlob != NULL) { 191496427baf0094d50047049d329b0779c3c910402cKenny Root Unique_BIGNUM pubExpBn( 191596427baf0094d50047049d329b0779c3c910402cKenny Root BN_bin2bn(reinterpret_cast<const unsigned char*>(pubExpBlob->data()), 191696427baf0094d50047049d329b0779c3c910402cKenny Root pubExpBlob->size(), NULL)); 191796427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExpBn.get() == NULL) { 191896427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("Could not convert public exponent to BN"); 191996427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 192096427baf0094d50047049d329b0779c3c910402cKenny Root } 192196427baf0094d50047049d329b0779c3c910402cKenny Root unsigned long pubExp = BN_get_word(pubExpBn.get()); 192296427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExp == 0xFFFFFFFFL) { 192396427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("cannot represent public exponent as a long value"); 192496427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 192596427baf0094d50047049d329b0779c3c910402cKenny Root } 192696427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.public_exponent = pubExp; 192796427baf0094d50047049d329b0779c3c910402cKenny Root } 192896427baf0094d50047049d329b0779c3c910402cKenny Root } 192996427baf0094d50047049d329b0779c3c910402cKenny Root 193096427baf0094d50047049d329b0779c3c910402cKenny Root rc = device->generate_keypair(device, TYPE_RSA, &rsa_params, &data, &dataLength); 193196427baf0094d50047049d329b0779c3c910402cKenny Root } else { 193296427baf0094d50047049d329b0779c3c910402cKenny Root ALOGW("Unsupported key type %d", keyType); 193396427baf0094d50047049d329b0779c3c910402cKenny Root rc = -1; 193496427baf0094d50047049d329b0779c3c910402cKenny Root } 193570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 193607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 193707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 193807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 193970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1940655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 name8(name); 19419489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 194270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 194307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR); 194407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root free(data); 194507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1946ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 194717208e0de5a42722901d803118745cca25fd10c1Kenny Root keyBlob.setFallback(isFallback); 194817208e0de5a42722901d803118745cca25fd10c1Kenny Root 19499489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return mKeyStore->put(filename.string(), &keyBlob, targetUid); 195070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 195170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1952f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t import(const String16& name, const uint8_t* data, size_t length, int targetUid, 1953f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 19549489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 19559489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, 19569489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 19579489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 19589489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 195907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 196007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 196160898896c3f3b2245d10076cac64346c956dbaa5Kenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 196270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1963fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->importKey(data, length, filename.string(), targetUid, flags); 196470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 196570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 196607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out, 196707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t* outLength) { 19689489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_SIGN)) { 196907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 197007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 19719a53d3eaf42104ddf02feeccec3cf7f5c1a34baeKenny Root 19729489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 197307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 197407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 197570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1976d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGV("sign %s from uid %d", name8.string(), callingUid); 197770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1978655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 1979d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ::TYPE_KEY_PAIR); 198007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 198107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 198207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 198370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 198467d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 198507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 198607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("no keymaster device; cannot sign"); 198707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 198807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 198970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 199007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->sign_data == NULL) { 199107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("device doesn't implement signing"); 199207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 199307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 199470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 199507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_rsa_sign_params_t params; 199607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.digest_type = DIGEST_NONE; 199707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.padding_type = PADDING_NONE; 19989489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int rc = device->sign_data(device, ¶ms, keyBlob.getValue(), keyBlob.getLength(), data, 1999fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker length, out, outLength); 200007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 200107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGW("device couldn't sign data"); 200207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 200307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 200470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 200507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 200670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 200770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 200807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t verify(const String16& name, const uint8_t* data, size_t dataLength, 200907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const uint8_t* signature, size_t signatureLength) { 20109489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_VERIFY)) { 201107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 201207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 201370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 20149489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 201507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 201607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 201707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int rc; 201870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2019655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2020494689083467ec372a58f094f041c8f102f39393Kenny Root TYPE_KEY_PAIR); 202107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 202207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 202307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 202470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 202567d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 202607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 202707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 202807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 202970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 203007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->verify_data == NULL) { 203107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 203207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 203307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 203407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_rsa_sign_params_t params; 203507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.digest_type = DIGEST_NONE; 203607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.padding_type = PADDING_NONE; 203770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2038fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = device->verify_data(device, ¶ms, keyBlob.getValue(), keyBlob.getLength(), data, 2039fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker dataLength, signature, signatureLength); 204007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 204107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 204207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } else { 204307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 204407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 204570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 204670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 204707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 204807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * TODO: The abstraction between things stored in hardware and regular blobs 204907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * of data stored on the filesystem should be moved down to keystore itself. 205007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Unfortunately the Java code that calls this has naming conventions that it 205107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * knows about. Ideally keystore shouldn't be used to store random blobs of 205207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * data. 205307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * 205407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Until that happens, it's necessary to have a separate "get_pubkey" and 205507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * "del_key" since the Java code doesn't really communicate what it's 205607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * intentions are. 205707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 205807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) { 2059d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 20609489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_GET)) { 2061d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: get_pubkey", callingUid); 206207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 206307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 206470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 206507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 206607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 206770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2068d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGV("get_pubkey '%s' from uid %d", name8.string(), callingUid); 206970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2070655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 207107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root TYPE_KEY_PAIR); 207207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 207307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 207407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 207570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 207667d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 207707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 207807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 207907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 208070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 208107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->get_keypair_public == NULL) { 208207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("device has no get_keypair_public implementation!"); 208307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 208407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 2085344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 208617208e0de5a42722901d803118745cca25fd10c1Kenny Root int rc; 2087fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = device->get_keypair_public(device, keyBlob.getValue(), keyBlob.getLength(), pubkey, 2088fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker pubkeyLength); 208907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 209007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 209107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 2092344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 209307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 2094344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root } 2095344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 2096494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t del_key(const String16& name, int targetUid) { 20979489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return del(name, targetUid); 2098a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 209907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 210007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t grant(const String16& name, int32_t granteeUid) { 2101d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 21029489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_GRANT); 21039489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 21049489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 210507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 210607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 210707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2108655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 210907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2110655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 211107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 211207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 211307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2114655b958eb2180c7c06889f83f606d23421bf038cKenny Root mKeyStore->addGrant(filename.string(), granteeUid); 211507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 2116a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 211707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 211807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t ungrant(const String16& name, int32_t granteeUid) { 2119d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 21209489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_GRANT); 21219489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 21229489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 212307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 212407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 212507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2126655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 212707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2128655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 212907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 213007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 213107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2132655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->removeGrant(filename.string(), granteeUid) ? ::NO_ERROR : ::KEY_NOT_FOUND; 2133a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 213407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 213507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int64_t getmtime(const String16& name) { 2136d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 21379489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_GET)) { 2138d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: getmtime", callingUid); 213936a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 214007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 214107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 214207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2143655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 214407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2145655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 2146655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not access %s for getmtime", filename.string()); 214736a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 2148a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 214907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2150655b958eb2180c7c06889f83f606d23421bf038cKenny Root int fd = TEMP_FAILURE_RETRY(open(filename.string(), O_NOFOLLOW, O_RDONLY)); 215107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (fd < 0) { 2152655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not open %s for getmtime", filename.string()); 215336a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 215407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 215507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 215607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct stat s; 215707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int ret = fstat(fd, &s); 215807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root close(fd); 215907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (ret == -1) { 2160655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not stat %s for getmtime", filename.string()); 216136a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 216207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 216307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 216436a9e231e03734cd2143383d26388455c1764e17Kenny Root return static_cast<int64_t>(s.st_mtime); 2165a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 216607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2167d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, 2168d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root int32_t destUid) { 21690225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2170eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2171eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_DUPLICATE, spid)) { 2172d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGW("permission denied for %d: duplicate", callingUid); 21730225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return -1L; 21740225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 21750225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2176655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 21770225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root if (!isKeystoreUnlocked(state)) { 2178d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("calling duplicate in state: %d", state); 21790225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return state; 21800225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 21810225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2182d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (srcUid == -1 || static_cast<uid_t>(srcUid) == callingUid) { 2183d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root srcUid = callingUid; 2184d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } else if (!is_granted_to(callingUid, srcUid)) { 2185d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("migrate not granted from source: %d -> %d", callingUid, srcUid); 21860225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return ::PERMISSION_DENIED; 21870225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 21880225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2189d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (destUid == -1) { 2190d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root destUid = callingUid; 2191d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 21920225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2193d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (srcUid != destUid) { 2194d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (static_cast<uid_t>(srcUid) != callingUid) { 2195d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("can only duplicate from caller to other or to same uid: " 2196d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root "calling=%d, srcUid=%d, destUid=%d", callingUid, srcUid, destUid); 2197d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return ::PERMISSION_DENIED; 2198d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 21990225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2200d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (!is_granted_to(callingUid, destUid)) { 2201d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("duplicate not granted to dest: %d -> %d", callingUid, destUid); 2202d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return ::PERMISSION_DENIED; 2203d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 22040225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22050225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2206d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root String8 source8(srcKey); 2207655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 sourceFile(mKeyStore->getKeyNameForUidWithDir(source8, srcUid)); 2208d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root 2209d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root String8 target8(destKey); 2210fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root String8 targetFile(mKeyStore->getKeyNameForUidWithDir(target8, destUid)); 22110225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2212655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(targetFile.string(), W_OK) != -1 || errno != ENOENT) { 2213655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGD("destination already exists: %s", targetFile.string()); 22140225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return ::SYSTEM_ERROR; 22150225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22160225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2217d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root Blob keyBlob; 2218655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->get(sourceFile.string(), &keyBlob, TYPE_ANY, 2219fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root srcUid); 2220d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (responseCode != ::NO_ERROR) { 2221d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return responseCode; 22220225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 2223d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root 2224fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->put(targetFile.string(), &keyBlob, destUid); 22250225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22260225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 22271b0e3933900c7ea21189704d5db64e7346aee7afKenny Root int32_t is_hardware_backed(const String16& keyType) { 22281b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return mKeyStore->isHardwareBacked(keyType) ? 1 : 0; 22298ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root } 22308ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root 2231fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root int32_t clear_uid(int64_t targetUid64) { 22329489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t targetUid = getEffectiveUid(targetUid64); 22339489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_CLEAR_UID, targetUid)) { 2234a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root return ::PERMISSION_DENIED; 2235a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2236a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 22374b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 prefix = String8::format("%u_", targetUid); 22384b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee Vector<String16> aliases; 22394b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mKeyStore->saw(prefix, &aliases, targetUid) != ::NO_ERROR) { 2240a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root return ::SYSTEM_ERROR; 2241a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2242a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 22434b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee for (uint32_t i = 0; i < aliases.size(); i++) { 22444b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 name8(aliases[i]); 22454b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 22464b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee mKeyStore->del(filename.string(), ::TYPE_ANY, targetUid); 2247a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 22484b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::NO_ERROR; 2249a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2250a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 22514b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee int32_t reset_uid(int32_t targetUid) { 22529489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 22539489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_RESET_UID, targetUid)) { 22544e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 22554e865753346fc6a075966972a7a98051818859dbRobin Lee } 2256bbc7648d285f67b898d24d307b011fb676ba6643Chad Brubaker // Flush the auth token table to prevent stale tokens from sticking 2257bbc7648d285f67b898d24d307b011fb676ba6643Chad Brubaker // around. 2258bbc7648d285f67b898d24d307b011fb676ba6643Chad Brubaker mAuthTokenTable.Clear(); 22594e865753346fc6a075966972a7a98051818859dbRobin Lee 22604b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return mKeyStore->reset(targetUid) ? ::NO_ERROR : ::SYSTEM_ERROR; 22614e865753346fc6a075966972a7a98051818859dbRobin Lee } 22624e865753346fc6a075966972a7a98051818859dbRobin Lee 22634e865753346fc6a075966972a7a98051818859dbRobin Lee int32_t sync_uid(int32_t sourceUid, int32_t targetUid) { 22649489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_SYNC_UID, targetUid)) { 22654e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 22664e865753346fc6a075966972a7a98051818859dbRobin Lee } 22679489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 22684e865753346fc6a075966972a7a98051818859dbRobin Lee if (sourceUid == targetUid) { 22694e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 22704e865753346fc6a075966972a7a98051818859dbRobin Lee } 22714e865753346fc6a075966972a7a98051818859dbRobin Lee 22724e865753346fc6a075966972a7a98051818859dbRobin Lee // Initialise user keystore with existing master key held in-memory 22734e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->copyMasterKey(sourceUid, targetUid); 22744e865753346fc6a075966972a7a98051818859dbRobin Lee } 22754e865753346fc6a075966972a7a98051818859dbRobin Lee 22764e865753346fc6a075966972a7a98051818859dbRobin Lee int32_t password_uid(const String16& pw, int32_t targetUid) { 22779489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 22789489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_PASSWORD, targetUid)) { 22794e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 22804e865753346fc6a075966972a7a98051818859dbRobin Lee } 22814e865753346fc6a075966972a7a98051818859dbRobin Lee const String8 password8(pw); 22824e865753346fc6a075966972a7a98051818859dbRobin Lee 22834e865753346fc6a075966972a7a98051818859dbRobin Lee switch (mKeyStore->getState(targetUid)) { 22844e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_UNINITIALIZED: { 22854e865753346fc6a075966972a7a98051818859dbRobin Lee // generate master key, encrypt with password, write to file, initialize mMasterKey*. 22864e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->initializeUser(password8, targetUid); 22874e865753346fc6a075966972a7a98051818859dbRobin Lee } 22884e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_NO_ERROR: { 22894e865753346fc6a075966972a7a98051818859dbRobin Lee // rewrite master key with new password. 22904e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->writeMasterKey(password8, targetUid); 22914e865753346fc6a075966972a7a98051818859dbRobin Lee } 22924e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_LOCKED: { 22934e865753346fc6a075966972a7a98051818859dbRobin Lee // read master key, decrypt with password, initialize mMasterKey*. 22944e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->readMasterKey(password8, targetUid); 22954e865753346fc6a075966972a7a98051818859dbRobin Lee } 22964e865753346fc6a075966972a7a98051818859dbRobin Lee } 22974e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 22984e865753346fc6a075966972a7a98051818859dbRobin Lee } 22994e865753346fc6a075966972a7a98051818859dbRobin Lee 23009c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t addRngEntropy(const uint8_t* data, size_t dataLength) { 23019c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 23029c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 23039c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t devResult = KM_ERROR_UNIMPLEMENTED; 23049c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t fallbackResult = KM_ERROR_UNIMPLEMENTED; 23059c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 23069c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker device->add_rng_entropy != NULL) { 23079c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker devResult = device->add_rng_entropy(device, data, dataLength); 23089c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23099c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (fallback->add_rng_entropy) { 23109c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker fallbackResult = fallback->add_rng_entropy(fallback, data, dataLength); 23119c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23129c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (devResult) { 23139c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return devResult; 23149c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23159c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (fallbackResult) { 23169c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return fallbackResult; 23179c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23189c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return ::NO_ERROR; 23199899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 23209899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 232117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker int32_t generateKey(const String16& name, const KeymasterArguments& params, 2322154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker const uint8_t* entropy, size_t entropyLength, int uid, int flags, 2323154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker KeyCharacteristics* outCharacteristics) { 23249489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid = getEffectiveUid(uid); 23259489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int rc = checkBinderPermissionAndKeystoreState(P_INSERT, uid, 23269489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 23279489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (rc != ::NO_ERROR) { 23289489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return rc; 232917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 233017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 23319489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 233217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker bool isFallback = false; 233317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_blob_t blob; 233417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_characteristics_t *out = NULL; 233517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 233617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 233717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 233817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (device == NULL) { 233917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return ::SYSTEM_ERROR; 234017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 2341154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker // TODO: Seed from Linux RNG before this. 234217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 234317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker device->generate_key != NULL) { 2344154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (!entropy) { 2345154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_OK; 2346154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else if (device->add_rng_entropy) { 2347154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = device->add_rng_entropy(device, entropy, entropyLength); 2348154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2349154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 2350154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2351154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (rc == KM_ERROR_OK) { 2352154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = device->generate_key(device, params.params.data(), params.params.size(), 2353154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker &blob, &out); 2354154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 235517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 235617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker // If the HW device didn't support generate_key or generate_key failed 235717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker // fall back to the software implementation. 235817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (rc && fallback->generate_key != NULL) { 235917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker isFallback = true; 2360154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (!entropy) { 2361154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_OK; 2362154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else if (fallback->add_rng_entropy) { 2363154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = fallback->add_rng_entropy(fallback, entropy, entropyLength); 2364154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2365154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 2366154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2367154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (rc == KM_ERROR_OK) { 2368154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = fallback->generate_key(fallback, params.params.data(), params.params.size(), 2369154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker &blob, 2370154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker &out); 2371154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 237217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 237317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 237417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (out) { 237517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (outCharacteristics) { 237617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker outCharacteristics->characteristics = *out; 237717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } else { 237817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_free_characteristics(out); 237917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 238017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker free(out); 238117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 238217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 238317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (rc) { 238417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return rc; 238517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 238617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 238717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker String8 name8(name); 238817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid)); 238917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 239017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker Blob keyBlob(blob.key_material, blob.key_material_size, NULL, 0, ::TYPE_KEYMASTER_10); 239117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keyBlob.setFallback(isFallback); 239217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 239317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 239417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker free(const_cast<uint8_t*>(blob.key_material)); 239517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 239617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return mKeyStore->put(filename.string(), &keyBlob, uid); 23979899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 23989899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 2399f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker int32_t getKeyCharacteristics(const String16& name, 2400d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* clientId, 2401d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* appData, 2402f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker KeyCharacteristics* outCharacteristics) { 2403f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (!outCharacteristics) { 2404f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return KM_ERROR_UNEXPECTED_NULL_POINTER; 2405f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2406f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2407f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2408f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2409f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker Blob keyBlob; 2410f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker String8 name8(name); 2411f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker int rc; 2412f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2413f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2414f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker TYPE_KEYMASTER_10); 2415f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (responseCode != ::NO_ERROR) { 2416f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return responseCode; 2417f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2418f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster_key_blob_t key; 2419f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker key.key_material_size = keyBlob.getLength(); 2420f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker key.key_material = keyBlob.getValue(); 2421f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 2422f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster_key_characteristics_t *out = NULL; 2423f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (!dev->get_key_characteristics) { 2424f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker ALOGW("device does not implement get_key_characteristics"); 2425f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return KM_ERROR_UNIMPLEMENTED; 2426f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2427d663442b590b59250062335cc057478001b8e439Chad Brubaker rc = dev->get_key_characteristics(dev, &key, clientId, appData, &out); 2428f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (out) { 2429f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker outCharacteristics->characteristics = *out; 2430f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker free(out); 2431f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2432f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return rc ? rc : ::NO_ERROR; 24339899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24349899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 24354c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker int32_t importKey(const String16& name, const KeymasterArguments& params, 24364c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_format_t format, const uint8_t *keyData, 24374c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker size_t keyLength, int uid, int flags, 24384c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker KeyCharacteristics* outCharacteristics) { 24399489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid = getEffectiveUid(uid); 24409489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int rc = checkBinderPermissionAndKeystoreState(P_INSERT, uid, 24419489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 24429489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (rc != ::NO_ERROR) { 24439489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return rc; 24444c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24454c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24469489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 24474c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker bool isFallback = false; 24484c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_blob_t blob; 24494c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_characteristics_t *out = NULL; 24504c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24514c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 24524c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 24534c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (device == NULL) { 24544c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return ::SYSTEM_ERROR; 24554c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24564c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 24574c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker device->import_key != NULL) { 24584c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker rc = device->import_key(device, params.params.data(), params.params.size(), 24594c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker format, keyData, keyLength, &blob, &out); 24604c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24614c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (rc && fallback->import_key != NULL) { 24624c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker isFallback = true; 24634c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker rc = fallback->import_key(fallback, params.params.data(), params.params.size(), 24644c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker format, keyData, keyLength, &blob, &out); 24654c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24664c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (out) { 24674c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (outCharacteristics) { 24684c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker outCharacteristics->characteristics = *out; 24694c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } else { 24704c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_free_characteristics(out); 24714c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24724c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker free(out); 24734c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24744c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (rc) { 24754c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return rc; 24764c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24774c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24784c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker String8 name8(name); 24794c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid)); 24804c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24814c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker Blob keyBlob(blob.key_material, blob.key_material_size, NULL, 0, ::TYPE_KEYMASTER_10); 24824c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keyBlob.setFallback(isFallback); 24834c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 24844c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24854c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker free((void*) blob.key_material); 24864c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24874c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return mKeyStore->put(filename.string(), &keyBlob, uid); 24889899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24899899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 249007b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker void exportKey(const String16& name, keymaster_key_format_t format, 2491d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* clientId, 2492d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* appData, ExportResult* result) { 249307b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 249407b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 249507b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 249607b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker Blob keyBlob; 249707b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker String8 name8(name); 249807b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker int rc; 249907b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 250007b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 250107b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker TYPE_KEYMASTER_10); 250207b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker if (responseCode != ::NO_ERROR) { 250307b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = responseCode; 250407b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker return; 250507b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker } 250607b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker keymaster_key_blob_t key; 250707b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker key.key_material_size = keyBlob.getLength(); 250807b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker key.key_material = keyBlob.getValue(); 250907b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 251007b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker if (!dev->export_key) { 251107b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = KM_ERROR_UNIMPLEMENTED; 251207b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker return; 251307b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker } 251407b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker uint8_t* ptr = NULL; 2515d663442b590b59250062335cc057478001b8e439Chad Brubaker rc = dev->export_key(dev, format, &key, clientId, appData, 251607b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker &ptr, &result->dataLength); 251707b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->exportData.reset(ptr); 251807b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = rc ? rc : ::NO_ERROR; 25199899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 25209899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 2521ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker 252240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void begin(const sp<IBinder>& appToken, const String16& name, keymaster_purpose_t purpose, 2523154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker bool pruneable, const KeymasterArguments& params, const uint8_t* entropy, 2524154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker size_t entropyLength, KeymasterArguments* outParams, OperationResult* result) { 252540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!result || !outParams) { 252640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ALOGE("Unexpected null arguments to begin()"); 252740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 252840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 252940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 253040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!pruneable && get_app_id(callingUid) != AID_SYSTEM) { 253140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ALOGE("Non-system uid %d trying to start non-pruneable operation", callingUid); 253240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = ::PERMISSION_DENIED; 253340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 253440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 25350cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!checkAllowedOperationParams(params.params)) { 25360cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = KM_ERROR_INVALID_ARGUMENT; 25370cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return; 25380cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 253940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker Blob keyBlob; 254040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker String8 name8(name); 254140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 254240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker TYPE_KEYMASTER_10); 254340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (responseCode != ::NO_ERROR) { 254440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = responseCode; 254540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 254640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 254740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_key_blob_t key; 254840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker key.key_material_size = keyBlob.getLength(); 254940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker key.key_material = keyBlob.getValue(); 255040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_key_param_t* out; 255140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t outSize; 255240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 255340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 2554154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker keymaster_error_t err = KM_ERROR_UNIMPLEMENTED; 255506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> opParams(params.params); 2556ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker Unique_keymaster_key_characteristics characteristics; 2557ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker characteristics.reset(new keymaster_key_characteristics_t); 2558ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker err = getOperationCharacteristics(key, dev, opParams, characteristics.get()); 2559ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker if (err) { 2560ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker result->resultCode = err; 2561ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker return; 2562ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker } 25630cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t* authToken = NULL; 25640cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t authResult = getAuthToken(characteristics.get(), 0, &authToken, 256506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker /*failOnTokenMissing*/ false); 25660cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // If per-operation auth is needed we need to begin the operation and 25670cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // the client will need to authorize that operation before calling 25680cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // update. Any other auth issues stop here. 25690cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authResult != ::NO_ERROR && authResult != ::OP_AUTH_NEEDED) { 25700cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = authResult; 257106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return; 257206801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 25730cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker addAuthToParams(&opParams, authToken); 2574154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker // Add entropy to the device first. 2575154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (entropy) { 2576154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (dev->add_rng_entropy) { 2577154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker err = dev->add_rng_entropy(dev, entropy, entropyLength); 2578154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2579154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker err = KM_ERROR_UNIMPLEMENTED; 2580154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2581154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (err) { 2582154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker result->resultCode = err; 2583154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker return; 2584154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2585154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 258606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker err = dev->begin(dev, purpose, &key, opParams.data(), opParams.size(), &out, &outSize, 258706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker &handle); 258840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 258940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // If there are too many operations abort the oldest operation that was 259040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // started as pruneable and try again. 259140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker while (err == KM_ERROR_TOO_MANY_OPERATIONS && mOperationMap.hasPruneableOperation()) { 259240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker sp<IBinder> oldest = mOperationMap.getOldestPruneableOperation(); 259340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ALOGD("Ran out of operation handles, trying to prune %p", oldest.get()); 259440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (abort(oldest) != ::NO_ERROR) { 259540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker break; 259640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 25970cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker err = dev->begin(dev, purpose, &key, opParams.data(), opParams.size(), &out, &outSize, 259840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker &handle); 259940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 260040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (err) { 260140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err; 260240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 260340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 260440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (out) { 260540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker outParams->params.assign(out, out + outSize); 260640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker free(out); 260740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 26089899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 2609ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker sp<IBinder> operationToken = mOperationMap.addOperation(handle, dev, appToken, 2610ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker characteristics.release(), 261106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker pruneable); 26120cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authToken) { 26130cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker mOperationMap.setOperationAuthToken(operationToken, authToken); 26140cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 26150cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // Return the authentication lookup result. If this is a per operation 26160cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // auth'd key then the resultCode will be ::OP_AUTH_NEEDED and the 26170cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // application should get an auth token using the handle before the 26180cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // first call to update, which will fail if keystore hasn't received the 26190cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // auth token. 26200cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = authResult; 262140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->token = operationToken; 2622c3a1856bbe2e39d5b3430f5f088b12fd710a159fChad Brubaker result->handle = handle; 26239899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 26249899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 262540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void update(const sp<IBinder>& token, const KeymasterArguments& params, const uint8_t* data, 262640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t dataLength, OperationResult* result) { 26270cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!checkAllowedOperationParams(params.params)) { 26280cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = KM_ERROR_INVALID_ARGUMENT; 26290cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return; 26300cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 263140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 263240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 26330cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, NULL)) { 263440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = KM_ERROR_INVALID_OPERATION_HANDLE; 263540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 263640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 263740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker uint8_t* output_buf = NULL; 263840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t output_length = 0; 263940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t consumed = 0; 264006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> opParams(params.params); 26410cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t authResult = addOperationAuthTokenIfNeeded(token, &opParams); 26420cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authResult != ::NO_ERROR) { 264306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker result->resultCode = authResult; 264406801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return; 264506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 264606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker keymaster_error_t err = dev->update(dev, handle, opParams.data(), opParams.size(), data, 264706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker dataLength, &consumed, &output_buf, &output_length); 264840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->data.reset(output_buf); 264940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->dataLength = output_length; 265040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->inputConsumed = consumed; 265140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err ? (int32_t) err : ::NO_ERROR; 265240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 265340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 265440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void finish(const sp<IBinder>& token, const KeymasterArguments& params, 265540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const uint8_t* signature, size_t signatureLength, OperationResult* result) { 26560cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!checkAllowedOperationParams(params.params)) { 26570cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = KM_ERROR_INVALID_ARGUMENT; 26580cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return; 26590cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 266040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 266140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 26620cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, NULL)) { 266340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = KM_ERROR_INVALID_OPERATION_HANDLE; 266440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 266540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 266640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker uint8_t* output_buf = NULL; 266740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t output_length = 0; 266806801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> opParams(params.params); 26690cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t authResult = addOperationAuthTokenIfNeeded(token, &opParams); 26700cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authResult != ::NO_ERROR) { 267106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker result->resultCode = authResult; 267206801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return; 267306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 26740cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 267506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker keymaster_error_t err = dev->finish(dev, handle, opParams.data(), opParams.size(), 267606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker signature, signatureLength, &output_buf, 267706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker &output_length); 267840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // Remove the operation regardless of the result 267940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap.removeOperation(token); 268006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker mAuthTokenTable.MarkCompleted(handle); 268140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->data.reset(output_buf); 268240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->dataLength = output_length; 268340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err ? (int32_t) err : ::NO_ERROR; 268440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 268540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 268640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker int32_t abort(const sp<IBinder>& token) { 268740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 268840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 268906801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, NULL)) { 269040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return KM_ERROR_INVALID_OPERATION_HANDLE; 269140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 269240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap.removeOperation(token); 269306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker int32_t rc; 269440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!dev->abort) { 269506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 269606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } else { 269706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker rc = dev->abort(dev, handle); 269840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 269906801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker mAuthTokenTable.MarkCompleted(handle); 270040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (rc) { 270140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return rc; 270240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 270340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return ::NO_ERROR; 27049899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 27059899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 27062ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker bool isOperationAuthorized(const sp<IBinder>& token) { 27072ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker const keymaster1_device_t* dev; 27082ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker keymaster_operation_handle_t handle; 2709ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker const keymaster_key_characteristics_t* characteristics; 2710ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, &characteristics)) { 27112ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker return false; 27122ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 27130cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t* authToken = NULL; 27140cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker mOperationMap.getOperationAuthToken(token, &authToken); 271506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> ignored; 27160cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t authResult = addOperationAuthTokenIfNeeded(token, &ignored); 27170cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return authResult == ::NO_ERROR; 27182ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 27192ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker 2720d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker int32_t addAuthToken(const uint8_t* token, size_t length) { 27219489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_ADD_AUTH)) { 27229489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker ALOGW("addAuthToken: permission denied for %d", 27239489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker IPCThreadState::self()->getCallingUid()); 2724d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return ::PERMISSION_DENIED; 2725d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker } 2726d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker if (length != sizeof(hw_auth_token_t)) { 2727d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return KM_ERROR_INVALID_ARGUMENT; 2728d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker } 2729d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker hw_auth_token_t* authToken = new hw_auth_token_t; 2730d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker memcpy(reinterpret_cast<void*>(authToken), token, sizeof(hw_auth_token_t)); 2731d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker // The table takes ownership of authToken. 2732d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker mAuthTokenTable.AddAuthenticationToken(authToken); 2733d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return ::NO_ERROR; 27342ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 27352ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker 273607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootprivate: 27379489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker static const int32_t UID_SELF = -1; 27389489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 27399489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 27409489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Get the effective target uid for a binder operation that takes an 27419489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * optional uid as the target. 27429489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 27439489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline uid_t getEffectiveUid(int32_t targetUid) { 27449489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (targetUid == UID_SELF) { 27459489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return IPCThreadState::self()->getCallingUid(); 27469489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 27479489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return static_cast<uid_t>(targetUid); 27489489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 27499489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 27509489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 27519489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Check if the caller of the current binder method has the required 27529489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * permission and if acting on other uids the grants to do so. 27539489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 27549489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF) { 27559489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 27569489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker pid_t spid = IPCThreadState::self()->getCallingPid(); 27579489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!has_permission(callingUid, permission, spid)) { 27589489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid); 27599489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return false; 27609489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 27619489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!is_granted_to(callingUid, getEffectiveUid(targetUid))) { 27629489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker ALOGW("uid %d not granted to act for %d", callingUid, targetUid); 27639489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return false; 27649489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 27659489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return true; 27669489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 27679489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 27689489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 27699489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Check if the caller of the current binder method has the required 27709489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * permission or the target of the operation is the caller's uid. This is 27719489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * for operation where the permission is only for cross-uid activity and all 27729489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * uids are allowed to act on their own (ie: clearing all entries for a 27739489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * given uid). 27749489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 27759489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid) { 27769489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 27779489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (getEffectiveUid(targetUid) == callingUid) { 27789489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return true; 27799489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } else { 27809489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return checkBinderPermission(permission, targetUid); 27819489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 27829489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 27839489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 27849489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 27859489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Helper method to check that the caller has the required permission as 27869489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * well as the keystore is in the unlocked state if checkUnlocked is true. 27879489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * 27889489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and 27899489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * otherwise the state of keystore when not unlocked and checkUnlocked is 27909489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * true. 27919489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 27929489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline int32_t checkBinderPermissionAndKeystoreState(perm_t permission, int32_t targetUid = -1, 27939489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker bool checkUnlocked = true) { 27949489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(permission, targetUid)) { 27959489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return ::PERMISSION_DENIED; 27969489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 27979489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker State state = mKeyStore->getState(getEffectiveUid(targetUid)); 27989489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (checkUnlocked && !isKeystoreUnlocked(state)) { 27999489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return state; 28009489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28019489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28029489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return ::NO_ERROR; 28039489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28049489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28059489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28069d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root inline bool isKeystoreUnlocked(State state) { 28079d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root switch (state) { 28089d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_NO_ERROR: 28099d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return true; 28109d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_UNINITIALIZED: 28119d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_LOCKED: 28129d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return false; 28139d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root } 28149d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return false; 2815a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 281607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 281767d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker bool isKeyTypeSupported(const keymaster1_device_t* device, keymaster_keypair_t keyType) { 28181d448c074a86ef5d05a22fdf1358718976628a86Kenny Root const int32_t device_api = device->common.module->module_api_version; 28191d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (device_api == KEYMASTER_MODULE_API_VERSION_0_2) { 28201d448c074a86ef5d05a22fdf1358718976628a86Kenny Root switch (keyType) { 28211d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_RSA: 28221d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_DSA: 28231d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_EC: 28241d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return true; 28251d448c074a86ef5d05a22fdf1358718976628a86Kenny Root default: 28261d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return false; 28271d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28281d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } else if (device_api >= KEYMASTER_MODULE_API_VERSION_0_3) { 28291d448c074a86ef5d05a22fdf1358718976628a86Kenny Root switch (keyType) { 28301d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_RSA: 28311d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return true; 28321d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_DSA: 28331d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return device->flags & KEYMASTER_SUPPORTS_DSA; 28341d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_EC: 28351d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return device->flags & KEYMASTER_SUPPORTS_EC; 28361d448c074a86ef5d05a22fdf1358718976628a86Kenny Root default: 28371d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return false; 28381d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28391d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } else { 28401d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return keyType == TYPE_RSA; 28411d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28421d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28431d448c074a86ef5d05a22fdf1358718976628a86Kenny Root 28440cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker /** 28450cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Check that all keymaster_key_param_t's provided by the application are 28460cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * allowed. Any parameter that keystore adds itself should be disallowed here. 28470cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker */ 28480cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker bool checkAllowedOperationParams(const std::vector<keymaster_key_param_t>& params) { 28490cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker for (auto param: params) { 28500cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker switch (param.tag) { 28510cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case KM_TAG_AUTH_TOKEN: 28520cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return false; 28530cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker default: 28540cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker break; 28550cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 28560cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 28570cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return true; 28580cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 28590cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 28600cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_error_t getOperationCharacteristics(const keymaster_key_blob_t& key, 28610cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const keymaster1_device_t* dev, 28620cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const std::vector<keymaster_key_param_t>& params, 28630cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_key_characteristics_t* out) { 28640cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker UniquePtr<keymaster_blob_t> appId; 28650cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker UniquePtr<keymaster_blob_t> appData; 28660cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker for (auto param : params) { 28670cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (param.tag == KM_TAG_APPLICATION_ID) { 28680cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appId.reset(new keymaster_blob_t); 28690cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appId->data = param.blob.data; 28700cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appId->data_length = param.blob.data_length; 28710cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } else if (param.tag == KM_TAG_APPLICATION_DATA) { 28720cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appData.reset(new keymaster_blob_t); 28730cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appData->data = param.blob.data; 28740cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appData->data_length = param.blob.data_length; 28750cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 28760cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 28770cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_key_characteristics_t* result = NULL; 28780cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!dev->get_key_characteristics) { 28790cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return KM_ERROR_UNIMPLEMENTED; 28800cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 28810cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_error_t error = dev->get_key_characteristics(dev, &key, appId.get(), 28820cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appData.get(), &result); 28830cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (result) { 28840cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker *out = *result; 28850cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker free(result); 28860cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 28870cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return error; 28880cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 28890cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 28900cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker /** 28910cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Get the auth token for this operation from the auth token table. 28920cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * 28930cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Returns ::NO_ERROR if the auth token was set or none was required. 28940cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * ::OP_AUTH_NEEDED if it is a per op authorization, no 28950cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * authorization token exists for that operation and 28960cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * failOnTokenMissing is false. 28970cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth 28980cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * token for the operation 28990cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker */ 29000cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t getAuthToken(const keymaster_key_characteristics_t* characteristics, 29010cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_operation_handle_t handle, 29020cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t** authToken, 29030cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker bool failOnTokenMissing = true) { 29040cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 29050cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker std::vector<keymaster_key_param_t> allCharacteristics; 29060cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker for (size_t i = 0; i < characteristics->sw_enforced.length; i++) { 29070cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker allCharacteristics.push_back(characteristics->sw_enforced.params[i]); 29080cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29090cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker for (size_t i = 0; i < characteristics->hw_enforced.length; i++) { 29100cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker allCharacteristics.push_back(characteristics->hw_enforced.params[i]); 29110cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29120cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster::AuthTokenTable::Error err = 29130cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker mAuthTokenTable.FindAuthorization(allCharacteristics.data(), 29140cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker allCharacteristics.size(), handle, authToken); 29150cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker switch (err) { 29160cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::OK: 29170cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::AUTH_NOT_REQUIRED: 29180cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return ::NO_ERROR; 29190cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::AUTH_TOKEN_NOT_FOUND: 29200cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::AUTH_TOKEN_EXPIRED: 29210cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::AUTH_TOKEN_WRONG_SID: 29220cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return KM_ERROR_KEY_USER_NOT_AUTHENTICATED; 29230cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::OP_HANDLE_REQUIRED: 29240cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return failOnTokenMissing ? (int32_t) KM_ERROR_KEY_USER_NOT_AUTHENTICATED : 29250cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker (int32_t) ::OP_AUTH_NEEDED; 29260cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker default: 29270cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker ALOGE("Unexpected FindAuthorization return value %d", err); 29280cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return KM_ERROR_INVALID_ARGUMENT; 29290cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29300cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29310cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 29320cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker inline void addAuthToParams(std::vector<keymaster_key_param_t>* params, 29330cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t* token) { 29340cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (token) { 29350cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker params->push_back(keymaster_param_blob(KM_TAG_AUTH_TOKEN, 29360cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker reinterpret_cast<const uint8_t*>(token), 29370cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker sizeof(hw_auth_token_t))); 29380cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29390cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29400cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 29410cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker /** 29420cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Add the auth token for the operation to the param list if the operation 29430cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * requires authorization. Uses the cached result in the OperationMap if available 29440cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * otherwise gets the token from the AuthTokenTable and caches the result. 29450cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * 29460cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Returns ::NO_ERROR if the auth token was added or not needed. 29470cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if the operation is not 29480cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * authenticated. 29490cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * KM_ERROR_INVALID_OPERATION_HANDLE if token is not a valid 29500cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * operation token. 29510cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker */ 29520cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t addOperationAuthTokenIfNeeded(sp<IBinder> token, 29530cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker std::vector<keymaster_key_param_t>* params) { 29540cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t* authToken = NULL; 29557169a8470f6539036addf3c960b075af224e83e2Chad Brubaker mOperationMap.getOperationAuthToken(token, &authToken); 29567169a8470f6539036addf3c960b075af224e83e2Chad Brubaker if (!authToken) { 29570cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const keymaster1_device_t* dev; 29580cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_operation_handle_t handle; 29590cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const keymaster_key_characteristics_t* characteristics = NULL; 29600cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, &characteristics)) { 29610cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return KM_ERROR_INVALID_OPERATION_HANDLE; 29620cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29630cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t result = getAuthToken(characteristics, handle, &authToken); 29640cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (result != ::NO_ERROR) { 29650cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return result; 29660cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29670cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authToken) { 29680cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker mOperationMap.setOperationAuthToken(token, authToken); 29690cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29700cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29710cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker addAuthToParams(params, authToken); 29720cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return ::NO_ERROR; 29730cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29740cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 297507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ::KeyStore* mKeyStore; 297640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker OperationMap mOperationMap; 2977d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker keymaster::AuthTokenTable mAuthTokenTable; 297807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 297907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 298007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; // namespace android 2981a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 2982a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootint main(int argc, char* argv[]) { 2983a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (argc < 2) { 2984a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("A directory must be specified!"); 2985a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2986a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 2987a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (chdir(argv[1]) == -1) { 2988a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("chdir: %s: %s", argv[1], strerror(errno)); 2989a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2990a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 2991a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 2992a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Entropy entropy; 2993a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!entropy.open()) { 2994a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2995a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 299670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 299780843db63ed6b61c953a1243801117a15c9e8c38Shawn Willden keymaster0_device_t* dev; 299870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (keymaster_device_initialize(&dev)) { 299970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("keystore keymaster could not be initialized; exiting"); 300070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return 1; 300170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 300270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 300367d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t* fallback; 3004fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker if (fallback_keymaster_device_initialize(&fallback)) { 3005fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker ALOGE("software keymaster could not be initialized; exiting"); 3006fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return 1; 3007fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 3008fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 3009eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ks_is_selinux_enabled = is_selinux_enabled(); 3010eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (ks_is_selinux_enabled) { 3011eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn union selinux_callback cb; 3012eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn cb.func_log = selinux_log_callback; 3013eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn selinux_set_callback(SELINUX_CB_LOG, cb); 3014eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (getcon(&tctx) != 0) { 3015eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("SELinux: Could not acquire target context. Aborting keystore.\n"); 3016eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return -1; 3017eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 3018eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } else { 3019eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGI("SELinux: Keystore SELinux is disabled.\n"); 3020eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 3021eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 302267d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker KeyStore keyStore(&entropy, reinterpret_cast<keymaster1_device_t*>(dev), fallback); 3023655b958eb2180c7c06889f83f606d23421bf038cKenny Root keyStore.initialize(); 302407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::sp<android::IServiceManager> sm = android::defaultServiceManager(); 302507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::sp<android::KeyStoreProxy> proxy = new android::KeyStoreProxy(&keyStore); 302607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::status_t ret = sm->addService(android::String16("android.security.keystore"), proxy); 302707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (ret != android::OK) { 302807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("Couldn't register binder service!"); 302907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return -1; 3030a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 303170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 303207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 303307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * We're the only thread in existence, so we're just going to process 303407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Binder transaction as a single-threaded program. 303507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 303607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::IPCThreadState::self()->joinThreadPool(); 303770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 303807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_device_release(dev); 3039a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 3040a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 3041