keystore.cpp revision 3cc40125e8b495e7f0784dad53bb9acdb5b9a8eb
1a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* 2a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Copyright (C) 2009 The Android Open Source Project 3a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 4a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Licensed under the Apache License, Version 2.0 (the "License"); 5a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * you may not use this file except in compliance with the License. 6a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * You may obtain a copy of the License at 7a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 8a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * http://www.apache.org/licenses/LICENSE-2.0 9a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 10a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Unless required by applicable law or agreed to in writing, software 11a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * distributed under the License is distributed on an "AS IS" BASIS, 12a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * See the License for the specific language governing permissions and 14a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * limitations under the License. 15a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root */ 16a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root//#define LOG_NDEBUG 0 1807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#define LOG_TAG "keystore" 1907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 20a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <stdio.h> 21a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <stdint.h> 22a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <string.h> 23aaf9802da6cea710e0777abb852724e1825cad63Elliott Hughes#include <strings.h> 24a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <unistd.h> 25a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <signal.h> 26a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <errno.h> 27a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <dirent.h> 28655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <errno.h> 29a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <fcntl.h> 30a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <limits.h> 31822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <assert.h> 32a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/types.h> 33a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/socket.h> 34a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/stat.h> 35a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/time.h> 36a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <arpa/inet.h> 37a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 38a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/aes.h> 39822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <openssl/bio.h> 40a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/evp.h> 41a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/md5.h> 42822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <openssl/pem.h> 43a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 4480843db63ed6b61c953a1243801117a15c9e8c38Shawn Willden#include <hardware/keymaster0.h> 4570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 4667d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker#include <keymaster/soft_keymaster_device.h> 470400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden#include <keymaster/soft_keymaster_logger.h> 480400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden#include <keymaster/softkeymaster.h> 4917208e0de5a42722901d803118745cca25fd10c1Kenny Root 5026cfc08add3966eca5892e3387cf5ed6dc3068fbKenny Root#include <UniquePtr.h> 51655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <utils/String8.h> 52655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <utils/Vector.h> 5370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 5407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <keystore/IKeystoreService.h> 5507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <binder/IPCThreadState.h> 5607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <binder/IServiceManager.h> 5707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 58a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <cutils/log.h> 59a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <cutils/sockets.h> 60a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <private/android_filesystem_config.h> 61a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 6207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <keystore/keystore.h> 63a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 64eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn#include <selinux/android.h> 65eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 66d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker#include "auth_token_table.h" 6796427baf0094d50047049d329b0779c3c910402cKenny Root#include "defaults.h" 6840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker#include "operation.h" 6996427baf0094d50047049d329b0779c3c910402cKenny Root 70a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* KeyStore is a secured storage for key-value pairs. In this implementation, 71a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * each file stores one key-value pair. Keys are encoded in file names, and 72a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * values are encrypted with checksums. The encryption key is protected by a 73a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * user-defined password. To keep things simple, buffers are always larger than 74a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * the maximum space we needed, so boundary checks on buffers are omitted. */ 75a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 76a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define KEY_SIZE ((NAME_MAX - 15) / 2) 77a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define VALUE_SIZE 32768 78a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define PASSWORD_SIZE VALUE_SIZE 79a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 80822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 8196427baf0094d50047049d329b0779c3c910402cKenny Rootstruct BIGNUM_Delete { 8296427baf0094d50047049d329b0779c3c910402cKenny Root void operator()(BIGNUM* p) const { 8396427baf0094d50047049d329b0779c3c910402cKenny Root BN_free(p); 8496427baf0094d50047049d329b0779c3c910402cKenny Root } 8596427baf0094d50047049d329b0779c3c910402cKenny Root}; 8696427baf0094d50047049d329b0779c3c910402cKenny Roottypedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; 8796427baf0094d50047049d329b0779c3c910402cKenny Root 88822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct BIO_Delete { 89822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(BIO* p) const { 90822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root BIO_free(p); 91822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 92822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 93822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<BIO, BIO_Delete> Unique_BIO; 94822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 95822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct EVP_PKEY_Delete { 96822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(EVP_PKEY* p) const { 97822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root EVP_PKEY_free(p); 98822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 99822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 100822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; 101822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 102822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct PKCS8_PRIV_KEY_INFO_Delete { 103822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(PKCS8_PRIV_KEY_INFO* p) const { 104822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root PKCS8_PRIV_KEY_INFO_free(p); 105822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 106822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 107822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; 108822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 109bd07a239085228c25898bc6cdece8b1b8758df83Chad Brubakerstatic int keymaster_device_initialize(keymaster1_device_t** dev) { 11070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root int rc; 11170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 11270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root const hw_module_t* mod; 113bd07a239085228c25898bc6cdece8b1b8758df83Chad Brubaker keymaster::SoftKeymasterDevice* softkeymaster = NULL; 11470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod); 11570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (rc) { 11670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("could not find any keystore module"); 11770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root goto out; 11870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 11970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 120bd07a239085228c25898bc6cdece8b1b8758df83Chad Brubaker rc = mod->methods->open(mod, KEYSTORE_KEYMASTER, reinterpret_cast<struct hw_device_t**>(dev)); 12170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (rc) { 12270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("could not open keymaster device in %s (%s)", 12370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc)); 12470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root goto out; 12570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 12670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 127bd07a239085228c25898bc6cdece8b1b8758df83Chad Brubaker // Wrap older hardware modules with a softkeymaster adapter. 128bd07a239085228c25898bc6cdece8b1b8758df83Chad Brubaker if ((*dev)->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0) { 129bd07a239085228c25898bc6cdece8b1b8758df83Chad Brubaker return 0; 130bd07a239085228c25898bc6cdece8b1b8758df83Chad Brubaker } 131bd07a239085228c25898bc6cdece8b1b8758df83Chad Brubaker softkeymaster = 132bd07a239085228c25898bc6cdece8b1b8758df83Chad Brubaker new keymaster::SoftKeymasterDevice(reinterpret_cast<keymaster0_device_t*>(*dev)); 133bd07a239085228c25898bc6cdece8b1b8758df83Chad Brubaker *dev = softkeymaster->keymaster_device(); 13470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return 0; 13570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 13670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Rootout: 13770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root *dev = NULL; 13870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return rc; 13970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 14070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1410400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden// softkeymaster_logger appears not to be used in keystore, but it installs itself as the 1420400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden// logger used by SoftKeymasterDevice. 1430400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willdenstatic keymaster::SoftKeymasterLogger softkeymaster_logger; 1440400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden 14567d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubakerstatic int fallback_keymaster_device_initialize(keymaster1_device_t** dev) { 14667d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster::SoftKeymasterDevice* softkeymaster = 14767d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker new keymaster::SoftKeymasterDevice(); 1489fd05a9a6299e9688c8fcf755516ea254868d187Shawn Willden *dev = softkeymaster->keymaster_device(); 1499fd05a9a6299e9688c8fcf755516ea254868d187Shawn Willden // softkeymaster will be freed by *dev->close_device; don't delete here. 150fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return 0; 151fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker} 152fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 153bd07a239085228c25898bc6cdece8b1b8758df83Chad Brubakerstatic void keymaster_device_release(keymaster1_device_t* dev) { 154bd07a239085228c25898bc6cdece8b1b8758df83Chad Brubaker dev->common.close(&dev->common); 15570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 15670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 15707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/*************** 15807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * PERMISSIONS * 15907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ***************/ 16007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 16107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/* Here are the permissions, actions, users, and the main function. */ 16207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Roottypedef enum { 163e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker P_GET_STATE = 1 << 0, 1644e865753346fc6a075966972a7a98051818859dbRobin Lee P_GET = 1 << 1, 1654e865753346fc6a075966972a7a98051818859dbRobin Lee P_INSERT = 1 << 2, 1664e865753346fc6a075966972a7a98051818859dbRobin Lee P_DELETE = 1 << 3, 1674e865753346fc6a075966972a7a98051818859dbRobin Lee P_EXIST = 1 << 4, 168e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker P_LIST = 1 << 5, 1694e865753346fc6a075966972a7a98051818859dbRobin Lee P_RESET = 1 << 6, 1704e865753346fc6a075966972a7a98051818859dbRobin Lee P_PASSWORD = 1 << 7, 1714e865753346fc6a075966972a7a98051818859dbRobin Lee P_LOCK = 1 << 8, 1724e865753346fc6a075966972a7a98051818859dbRobin Lee P_UNLOCK = 1 << 9, 173e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker P_IS_EMPTY = 1 << 10, 1744e865753346fc6a075966972a7a98051818859dbRobin Lee P_SIGN = 1 << 11, 1754e865753346fc6a075966972a7a98051818859dbRobin Lee P_VERIFY = 1 << 12, 1764e865753346fc6a075966972a7a98051818859dbRobin Lee P_GRANT = 1 << 13, 1774e865753346fc6a075966972a7a98051818859dbRobin Lee P_DUPLICATE = 1 << 14, 1784e865753346fc6a075966972a7a98051818859dbRobin Lee P_CLEAR_UID = 1 << 15, 179e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker P_ADD_AUTH = 1 << 16, 180e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker P_USER_CHANGED = 1 << 17, 18107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} perm_t; 18207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 18307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic struct user_euid { 18407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t uid; 18507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t euid; 18607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} user_euids[] = { 18707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_VPN, AID_SYSTEM}, 18807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_WIFI, AID_SYSTEM}, 18907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_ROOT, AID_SYSTEM}, 19007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 19107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 192eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn/* perm_labels associcated with keystore_key SELinux class verbs. */ 193eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnconst char *perm_labels[] = { 194e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker "get_state", 195eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "get", 196eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "insert", 197eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "delete", 198eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "exist", 199e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker "list", 200eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "reset", 201eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "password", 202eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "lock", 203eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "unlock", 204e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker "is_empty", 205eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "sign", 206eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "verify", 207eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "grant", 208eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "duplicate", 2094e865753346fc6a075966972a7a98051818859dbRobin Lee "clear_uid", 210d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker "add_auth", 211c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker "user_changed", 212eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn}; 213eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 21407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic struct user_perm { 21507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t uid; 21607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root perm_t perms; 21707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} user_perms[] = { 21807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_SYSTEM, static_cast<perm_t>((uint32_t)(~0)) }, 21907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_VPN, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY) }, 22007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_WIFI, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY) }, 22107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_ROOT, static_cast<perm_t>(P_GET) }, 22207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 22307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 224e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubakerstatic const perm_t DEFAULT_PERMS = static_cast<perm_t>(P_GET_STATE | P_GET | P_INSERT | P_DELETE 225e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker | P_EXIST | P_LIST | P_SIGN | P_VERIFY); 22607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 227eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic char *tctx; 228eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic int ks_is_selinux_enabled; 229eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 230eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic const char *get_perm_label(perm_t perm) { 231eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn unsigned int index = ffs(perm); 232eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (index > 0 && index <= (sizeof(perm_labels) / sizeof(perm_labels[0]))) { 233eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return perm_labels[index - 1]; 234eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } else { 235eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("Keystore: Failed to retrieve permission label.\n"); 236eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn abort(); 237eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 238eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn} 239eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 240655b958eb2180c7c06889f83f606d23421bf038cKenny Root/** 241655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns the app ID (in the Android multi-user sense) for the current 242655b958eb2180c7c06889f83f606d23421bf038cKenny Root * UNIX UID. 243655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 244655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic uid_t get_app_id(uid_t uid) { 245655b958eb2180c7c06889f83f606d23421bf038cKenny Root return uid % AID_USER; 246655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 247655b958eb2180c7c06889f83f606d23421bf038cKenny Root 248655b958eb2180c7c06889f83f606d23421bf038cKenny Root/** 249655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns the user ID (in the Android multi-user sense) for the current 250655b958eb2180c7c06889f83f606d23421bf038cKenny Root * UNIX UID. 251655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 252655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic uid_t get_user_id(uid_t uid) { 253655b958eb2180c7c06889f83f606d23421bf038cKenny Root return uid / AID_USER; 254655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 255655b958eb2180c7c06889f83f606d23421bf038cKenny Root 256a25b2a397fff48dea7bce16af2065e6f5f043956Chih-Hung Hsiehstatic bool keystore_selinux_check_access(uid_t /*uid*/, perm_t perm, pid_t spid) { 257eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!ks_is_selinux_enabled) { 258eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return true; 259eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 260eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 261eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn char *sctx = NULL; 262eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn const char *selinux_class = "keystore_key"; 263eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn const char *str_perm = get_perm_label(perm); 264eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 265eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!str_perm) { 266eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return false; 267eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 268eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 269eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (getpidcon(spid, &sctx) != 0) { 270eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("SELinux: Failed to get source pid context.\n"); 271eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return false; 272eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 27366dbf67dd65b4808a15ef64f0ffde1275bdd58a9Nick Kralevich 274eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn bool allowed = selinux_check_access(sctx, tctx, selinux_class, str_perm, 275eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn NULL) == 0; 276eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn freecon(sctx); 277eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return allowed; 278eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn} 279eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 280eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic bool has_permission(uid_t uid, perm_t perm, pid_t spid) { 281655b958eb2180c7c06889f83f606d23421bf038cKenny Root // All system users are equivalent for multi-user support. 282655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (get_app_id(uid) == AID_SYSTEM) { 283655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid = AID_SYSTEM; 284655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 285655b958eb2180c7c06889f83f606d23421bf038cKenny Root 28607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (size_t i = 0; i < sizeof(user_perms)/sizeof(user_perms[0]); i++) { 28707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct user_perm user = user_perms[i]; 28807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (user.uid == uid) { 289eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return (user.perms & perm) && 290eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn keystore_selinux_check_access(uid, perm, spid); 29107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 29207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 29307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 294eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return (DEFAULT_PERMS & perm) && 295eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn keystore_selinux_check_access(uid, perm, spid); 29607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 29707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 298494689083467ec372a58f094f041c8f102f39393Kenny Root/** 299494689083467ec372a58f094f041c8f102f39393Kenny Root * Returns the UID that the callingUid should act as. This is here for 300494689083467ec372a58f094f041c8f102f39393Kenny Root * legacy support of the WiFi and VPN systems and should be removed 301494689083467ec372a58f094f041c8f102f39393Kenny Root * when WiFi can operate in its own namespace. 302494689083467ec372a58f094f041c8f102f39393Kenny Root */ 30307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic uid_t get_keystore_euid(uid_t uid) { 30407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (size_t i = 0; i < sizeof(user_euids)/sizeof(user_euids[0]); i++) { 30507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct user_euid user = user_euids[i]; 30607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (user.uid == uid) { 30707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return user.euid; 30807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 30907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 31007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 31107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return uid; 31207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 31307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 314494689083467ec372a58f094f041c8f102f39393Kenny Root/** 315494689083467ec372a58f094f041c8f102f39393Kenny Root * Returns true if the callingUid is allowed to interact in the targetUid's 316494689083467ec372a58f094f041c8f102f39393Kenny Root * namespace. 317494689083467ec372a58f094f041c8f102f39393Kenny Root */ 318494689083467ec372a58f094f041c8f102f39393Kenny Rootstatic bool is_granted_to(uid_t callingUid, uid_t targetUid) { 3199489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (callingUid == targetUid) { 3209489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return true; 3219489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 322494689083467ec372a58f094f041c8f102f39393Kenny Root for (size_t i = 0; i < sizeof(user_euids)/sizeof(user_euids[0]); i++) { 323494689083467ec372a58f094f041c8f102f39393Kenny Root struct user_euid user = user_euids[i]; 324494689083467ec372a58f094f041c8f102f39393Kenny Root if (user.euid == callingUid && user.uid == targetUid) { 325494689083467ec372a58f094f041c8f102f39393Kenny Root return true; 326494689083467ec372a58f094f041c8f102f39393Kenny Root } 327494689083467ec372a58f094f041c8f102f39393Kenny Root } 328494689083467ec372a58f094f041c8f102f39393Kenny Root 329494689083467ec372a58f094f041c8f102f39393Kenny Root return false; 330494689083467ec372a58f094f041c8f102f39393Kenny Root} 331494689083467ec372a58f094f041c8f102f39393Kenny Root 332a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* Here is the encoding of keys. This is necessary in order to allow arbitrary 333a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * characters in keys. Characters in [0-~] are not encoded. Others are encoded 334a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * into two bytes. The first byte is one of [+-.] which represents the first 335a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * two bits of the character. The second byte encodes the rest of the bits into 336a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * [0-o]. Therefore in the worst case the length of a key gets doubled. Note 337a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * that Base64 cannot be used here due to the need of prefix match on keys. */ 338a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 339655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic size_t encode_key_length(const android::String8& keyName) { 340655b958eb2180c7c06889f83f606d23421bf038cKenny Root const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string()); 341655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t length = keyName.length(); 342655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (int i = length; i > 0; --i, ++in) { 343655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (*in < '0' || *in > '~') { 344655b958eb2180c7c06889f83f606d23421bf038cKenny Root ++length; 345655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 346655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 347655b958eb2180c7c06889f83f606d23421bf038cKenny Root return length; 348655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 349655b958eb2180c7c06889f83f606d23421bf038cKenny Root 35007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic int encode_key(char* out, const android::String8& keyName) { 35107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string()); 35207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t length = keyName.length(); 353a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root for (int i = length; i > 0; --i, ++in, ++out) { 354655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (*in < '0' || *in > '~') { 355a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '+' + (*in >> 6); 356a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *++out = '0' + (*in & 0x3F); 357a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ++length; 358655b958eb2180c7c06889f83f606d23421bf038cKenny Root } else { 359655b958eb2180c7c06889f83f606d23421bf038cKenny Root *out = *in; 360a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 361a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 362a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '\0'; 36370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return length; 36470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 36570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 36607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/* 36707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Converts from the "escaped" format on disk to actual name. 36807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * This will be smaller than the input string. 36907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * 37007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Characters that should combine with the next at the end will be truncated. 37107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 37207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic size_t decode_key_length(const char* in, size_t length) { 37307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t outLength = 0; 37407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 37507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (const char* end = in + length; in < end; in++) { 37607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* This combines with the next character. */ 37707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (*in < '0' || *in > '~') { 37807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root continue; 37907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 38007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 38107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root outLength++; 38207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 38307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return outLength; 38407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 38507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 38607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic void decode_key(char* out, const char* in, size_t length) { 38707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (const char* end = in + length; in < end; in++) { 38807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (*in < '0' || *in > '~') { 38907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* Truncate combining characters at the end. */ 39007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (in + 1 >= end) { 39107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root break; 39207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 39307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 39407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out = (*in++ - '+') << 6; 39507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out++ |= (*in - '0') & 0x3F; 396a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 39707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out++ = *in; 398a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 399a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 400a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '\0'; 401a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 402a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 403a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstatic size_t readFully(int fd, uint8_t* data, size_t size) { 404a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t remaining = size; 405a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while (remaining > 0) { 406150ca934edb745de3666a6492b039900df228ff0Kenny Root ssize_t n = TEMP_FAILURE_RETRY(read(fd, data, remaining)); 4075281edbc9445065479e92a6c86da462f3943c2caKenny Root if (n <= 0) { 408150ca934edb745de3666a6492b039900df228ff0Kenny Root return size - remaining; 409a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 410a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root data += n; 411a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root remaining -= n; 412a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 413a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return size; 414a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 415a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 416a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstatic size_t writeFully(int fd, uint8_t* data, size_t size) { 417a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t remaining = size; 418a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while (remaining > 0) { 419150ca934edb745de3666a6492b039900df228ff0Kenny Root ssize_t n = TEMP_FAILURE_RETRY(write(fd, data, remaining)); 420150ca934edb745de3666a6492b039900df228ff0Kenny Root if (n < 0) { 421150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("write failed: %s", strerror(errno)); 422150ca934edb745de3666a6492b039900df228ff0Kenny Root return size - remaining; 423a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 424a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root data += n; 425a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root remaining -= n; 426a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 427a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return size; 428a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 429a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 430a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootclass Entropy { 431a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootpublic: 432a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Entropy() : mRandom(-1) {} 433a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ~Entropy() { 434150ca934edb745de3666a6492b039900df228ff0Kenny Root if (mRandom >= 0) { 435a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root close(mRandom); 436a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 437a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 438a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 439a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root bool open() { 440a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root const char* randomDevice = "/dev/urandom"; 441150ca934edb745de3666a6492b039900df228ff0Kenny Root mRandom = TEMP_FAILURE_RETRY(::open(randomDevice, O_RDONLY)); 442150ca934edb745de3666a6492b039900df228ff0Kenny Root if (mRandom < 0) { 443a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("open: %s: %s", randomDevice, strerror(errno)); 444a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return false; 445a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 446a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 447a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 448a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 4495187818895c4c5f650a611c40531b1dff7764c18Kenny Root bool generate_random_data(uint8_t* data, size_t size) const { 450a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return (readFully(mRandom, data, size) == size); 451a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 452a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 453a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootprivate: 454a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root int mRandom; 455a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 456a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 457a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* Here is the file format. There are two parts in blob.value, the secret and 458a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * the description. The secret is stored in ciphertext, and its original size 459a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * can be found in blob.length. The description is stored after the secret in 460a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * plaintext, and its size is specified in blob.info. The total size of the two 461822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * parts must be no more than VALUE_SIZE bytes. The first field is the version, 462f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root * the second is the blob's type, and the third byte is flags. Fields other 463a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * than blob.info, blob.length, and blob.value are modified by encryptBlob() 464a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * and decryptBlob(). Thus they should not be accessed from outside. */ 465a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 466822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root/* ** Note to future implementors of encryption: ** 467822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Currently this is the construction: 468822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * metadata || Enc(MD5(data) || data) 469822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 470822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * This should be the construction used for encrypting if re-implementing: 471822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 472822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Derive independent keys for encryption and MAC: 473822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Kenc = AES_encrypt(masterKey, "Encrypt") 474822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Kmac = AES_encrypt(masterKey, "MAC") 475822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 476822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Store this: 477822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * metadata || AES_CTR_encrypt(Kenc, rand_IV, data) || 478822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * HMAC(Kmac, metadata || Enc(data)) 479822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 480a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstruct __attribute__((packed)) blob { 481822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t version; 482822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t type; 483f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t flags; 484a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t info; 485a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t vector[AES_BLOCK_SIZE]; 486822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t encrypted[0]; // Marks offset to encrypted data. 487a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t digest[MD5_DIGEST_LENGTH]; 488822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t digested[0]; // Marks offset to digested data. 489a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root int32_t length; // in network byte order when encrypted 490a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t value[VALUE_SIZE + AES_BLOCK_SIZE]; 491a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 492a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 493822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef enum { 494d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root TYPE_ANY = 0, // meta type that matches anything 495822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_GENERIC = 1, 496822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_MASTER_KEY = 2, 497822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_KEY_PAIR = 3, 49817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker TYPE_KEYMASTER_10 = 4, 499822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root} BlobType; 500822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 501f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Rootstatic const uint8_t CURRENT_BLOB_VERSION = 2; 502822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 503a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootclass Blob { 504a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootpublic: 50507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob(const uint8_t* value, int32_t valueLength, const uint8_t* info, uint8_t infoLength, 50607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root BlobType type) { 5071773b442b16098c6d111d6371d4a986a0747992bAlex Klyubin memset(&mBlob, 0, sizeof(mBlob)); 508a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = valueLength; 509a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mBlob.value, value, valueLength); 510a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 511a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.info = infoLength; 512a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mBlob.value + valueLength, info, infoLength); 513822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 51407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root mBlob.version = CURRENT_BLOB_VERSION; 515822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.type = uint8_t(type); 516f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 517ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root if (type == TYPE_MASTER_KEY) { 518ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root mBlob.flags = KEYSTORE_FLAG_ENCRYPTED; 519ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root } else { 520ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root mBlob.flags = KEYSTORE_FLAG_NONE; 521ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root } 522a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 523a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 524a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob(blob b) { 525a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob = b; 526a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 527a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5281773b442b16098c6d111d6371d4a986a0747992bAlex Klyubin Blob() { 5291773b442b16098c6d111d6371d4a986a0747992bAlex Klyubin memset(&mBlob, 0, sizeof(mBlob)); 5301773b442b16098c6d111d6371d4a986a0747992bAlex Klyubin } 531a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5325187818895c4c5f650a611c40531b1dff7764c18Kenny Root const uint8_t* getValue() const { 533a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.value; 534a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 535a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5365187818895c4c5f650a611c40531b1dff7764c18Kenny Root int32_t getLength() const { 537a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.length; 538a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 539a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5405187818895c4c5f650a611c40531b1dff7764c18Kenny Root const uint8_t* getInfo() const { 5415187818895c4c5f650a611c40531b1dff7764c18Kenny Root return mBlob.value + mBlob.length; 5425187818895c4c5f650a611c40531b1dff7764c18Kenny Root } 5435187818895c4c5f650a611c40531b1dff7764c18Kenny Root 5445187818895c4c5f650a611c40531b1dff7764c18Kenny Root uint8_t getInfoLength() const { 545a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.info; 546a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 547a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 548822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t getVersion() const { 549822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return mBlob.version; 550822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 551822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 552f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root bool isEncrypted() const { 553f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (mBlob.version < 2) { 554f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return true; 555f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 556f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 557f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return mBlob.flags & KEYSTORE_FLAG_ENCRYPTED; 558f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 559f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 560f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root void setEncrypted(bool encrypted) { 561f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encrypted) { 562f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.flags |= KEYSTORE_FLAG_ENCRYPTED; 563f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } else { 564f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.flags &= ~KEYSTORE_FLAG_ENCRYPTED; 565f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 566f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 567f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 56817208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback() const { 56917208e0de5a42722901d803118745cca25fd10c1Kenny Root return mBlob.flags & KEYSTORE_FLAG_FALLBACK; 57017208e0de5a42722901d803118745cca25fd10c1Kenny Root } 57117208e0de5a42722901d803118745cca25fd10c1Kenny Root 57217208e0de5a42722901d803118745cca25fd10c1Kenny Root void setFallback(bool fallback) { 57317208e0de5a42722901d803118745cca25fd10c1Kenny Root if (fallback) { 57417208e0de5a42722901d803118745cca25fd10c1Kenny Root mBlob.flags |= KEYSTORE_FLAG_FALLBACK; 57517208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 57617208e0de5a42722901d803118745cca25fd10c1Kenny Root mBlob.flags &= ~KEYSTORE_FLAG_FALLBACK; 57717208e0de5a42722901d803118745cca25fd10c1Kenny Root } 57817208e0de5a42722901d803118745cca25fd10c1Kenny Root } 57917208e0de5a42722901d803118745cca25fd10c1Kenny Root 580822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void setVersion(uint8_t version) { 581822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.version = version; 582822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 583822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 584822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root BlobType getType() const { 585822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return BlobType(mBlob.type); 586822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 587822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 588822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void setType(BlobType type) { 589822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.type = uint8_t(type); 590822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 591822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 592f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode writeBlob(const char* filename, AES_KEY *aes_key, State state, Entropy* entropy) { 593f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("writing blob %s", filename); 594f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 595f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (state != STATE_NO_ERROR) { 596f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGD("couldn't insert encrypted blob while not unlocked"); 597f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return LOCKED; 598f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 599f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 600f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (!entropy->generate_random_data(mBlob.vector, AES_BLOCK_SIZE)) { 601f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGW("Could not read random data for: %s", filename); 602f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return SYSTEM_ERROR; 603f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 604a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 605a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 606a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // data includes the value and the value's length 607a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t dataLength = mBlob.length + sizeof(mBlob.length); 608a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // pad data to the AES_BLOCK_SIZE 609a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t digestedLength = ((dataLength + AES_BLOCK_SIZE - 1) 610a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root / AES_BLOCK_SIZE * AES_BLOCK_SIZE); 611a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // encrypted data includes the digest value 612a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t encryptedLength = digestedLength + MD5_DIGEST_LENGTH; 613a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // move info after space for padding 614a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memmove(&mBlob.encrypted[encryptedLength], &mBlob.value[mBlob.length], mBlob.info); 615a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // zero padding area 616a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memset(mBlob.value + mBlob.length, 0, digestedLength - dataLength); 617a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 618a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = htonl(mBlob.length); 619a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 620f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 621f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root MD5(mBlob.digested, digestedLength, mBlob.digest); 622f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 623f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t vector[AES_BLOCK_SIZE]; 624f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root memcpy(vector, mBlob.vector, AES_BLOCK_SIZE); 625f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, 626f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root aes_key, vector, AES_ENCRYPT); 627f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 628a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 629a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob); 630a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t fileLength = encryptedLength + headerLength + mBlob.info; 631a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 632a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root const char* tmpFileName = ".tmp"; 633150ca934edb745de3666a6492b039900df228ff0Kenny Root int out = TEMP_FAILURE_RETRY(open(tmpFileName, 634150ca934edb745de3666a6492b039900df228ff0Kenny Root O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); 635150ca934edb745de3666a6492b039900df228ff0Kenny Root if (out < 0) { 636150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("could not open file: %s: %s", tmpFileName, strerror(errno)); 637a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 638a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 639a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t writtenBytes = writeFully(out, (uint8_t*) &mBlob, fileLength); 640a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(out) != 0) { 641a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 642a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 643a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (writtenBytes != fileLength) { 644150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("blob not fully written %zu != %zu", writtenBytes, fileLength); 645a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root unlink(tmpFileName); 646a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 647a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 648150ca934edb745de3666a6492b039900df228ff0Kenny Root if (rename(tmpFileName, filename) == -1) { 649150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("could not rename blob to %s: %s", filename, strerror(errno)); 650150ca934edb745de3666a6492b039900df228ff0Kenny Root return SYSTEM_ERROR; 651150ca934edb745de3666a6492b039900df228ff0Kenny Root } 652150ca934edb745de3666a6492b039900df228ff0Kenny Root return NO_ERROR; 653a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 654a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 655f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode readBlob(const char* filename, AES_KEY *aes_key, State state) { 656f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("reading blob %s", filename); 657150ca934edb745de3666a6492b039900df228ff0Kenny Root int in = TEMP_FAILURE_RETRY(open(filename, O_RDONLY)); 658150ca934edb745de3666a6492b039900df228ff0Kenny Root if (in < 0) { 659a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return (errno == ENOENT) ? KEY_NOT_FOUND : SYSTEM_ERROR; 660a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 661a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // fileLength may be less than sizeof(mBlob) since the in 662a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // memory version has extra padding to tolerate rounding up to 663a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // the AES_BLOCK_SIZE 664a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t fileLength = readFully(in, (uint8_t*) &mBlob, sizeof(mBlob)); 665a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(in) != 0) { 666a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 667a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 668f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 669f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted() && (state != STATE_NO_ERROR)) { 670f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return LOCKED; 671f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 672f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 673a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob); 674a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (fileLength < headerLength) { 675a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 676a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 677a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 678a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ssize_t encryptedLength = fileLength - (headerLength + mBlob.info); 679f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encryptedLength < 0) { 680a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 681a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 682f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 683f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ssize_t digestedLength; 684f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 685f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encryptedLength % AES_BLOCK_SIZE != 0) { 686f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return VALUE_CORRUPTED; 687f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 688f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 689f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, aes_key, 690f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.vector, AES_DECRYPT); 691f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root digestedLength = encryptedLength - MD5_DIGEST_LENGTH; 692f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t computedDigest[MD5_DIGEST_LENGTH]; 693f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root MD5(mBlob.digested, digestedLength, computedDigest); 694f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (memcmp(mBlob.digest, computedDigest, MD5_DIGEST_LENGTH) != 0) { 695f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return VALUE_CORRUPTED; 696f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 697f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } else { 698f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root digestedLength = encryptedLength; 699a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 700a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 701a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ssize_t maxValueLength = digestedLength - sizeof(mBlob.length); 702a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = ntohl(mBlob.length); 703a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mBlob.length < 0 || mBlob.length > maxValueLength) { 704a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 705a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 706a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mBlob.info != 0) { 707a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // move info from after padding to after data 708a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memmove(&mBlob.value[mBlob.length], &mBlob.value[maxValueLength], mBlob.info); 709a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 71007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 711a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 712a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 713a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootprivate: 714a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root struct blob mBlob; 715a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 716a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 717655b958eb2180c7c06889f83f606d23421bf038cKenny Rootclass UserState { 718655b958eb2180c7c06889f83f606d23421bf038cKenny Rootpublic: 719655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState(uid_t userId) : mUserId(userId), mRetry(MAX_RETRY) { 720655b958eb2180c7c06889f83f606d23421bf038cKenny Root asprintf(&mUserDir, "user_%u", mUserId); 721655b958eb2180c7c06889f83f606d23421bf038cKenny Root asprintf(&mMasterKeyFile, "%s/.masterkey", mUserDir); 722655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 72370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 724655b958eb2180c7c06889f83f606d23421bf038cKenny Root ~UserState() { 725655b958eb2180c7c06889f83f606d23421bf038cKenny Root free(mUserDir); 726655b958eb2180c7c06889f83f606d23421bf038cKenny Root free(mMasterKeyFile); 727655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 72870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 729655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool initialize() { 730655b958eb2180c7c06889f83f606d23421bf038cKenny Root if ((mkdir(mUserDir, S_IRUSR | S_IWUSR | S_IXUSR) < 0) && (errno != EEXIST)) { 731655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("Could not create directory '%s'", mUserDir); 732655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 733655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 734655b958eb2180c7c06889f83f606d23421bf038cKenny Root 735655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(mMasterKeyFile, R_OK) == 0) { 736a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setState(STATE_LOCKED); 737a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 738a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setState(STATE_UNINITIALIZED); 739a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 74070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 741655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 742655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 743655b958eb2180c7c06889f83f606d23421bf038cKenny Root 744655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t getUserId() const { 745655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mUserId; 746655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 747655b958eb2180c7c06889f83f606d23421bf038cKenny Root 748655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* getUserDirName() const { 749655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mUserDir; 750655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 751655b958eb2180c7c06889f83f606d23421bf038cKenny Root 752655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* getMasterKeyFileName() const { 753655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mMasterKeyFile; 754655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 755655b958eb2180c7c06889f83f606d23421bf038cKenny Root 756655b958eb2180c7c06889f83f606d23421bf038cKenny Root void setState(State state) { 757655b958eb2180c7c06889f83f606d23421bf038cKenny Root mState = state; 758655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (mState == STATE_NO_ERROR || mState == STATE_UNINITIALIZED) { 759655b958eb2180c7c06889f83f606d23421bf038cKenny Root mRetry = MAX_RETRY; 760655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 761a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 762a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7635187818895c4c5f650a611c40531b1dff7764c18Kenny Root State getState() const { 764a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mState; 765a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 766a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7675187818895c4c5f650a611c40531b1dff7764c18Kenny Root int8_t getRetry() const { 768a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mRetry; 769a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 770a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 771655b958eb2180c7c06889f83f606d23421bf038cKenny Root void zeroizeMasterKeysInMemory() { 772655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(mMasterKey, 0, sizeof(mMasterKey)); 773655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(mSalt, 0, sizeof(mSalt)); 774655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMasterKeyEncryption, 0, sizeof(mMasterKeyEncryption)); 775655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMasterKeyDecryption, 0, sizeof(mMasterKeyDecryption)); 77670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 77770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 77896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker bool deleteMasterKey() { 77996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker setState(STATE_UNINITIALIZED); 78096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker zeroizeMasterKeysInMemory(); 78196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return unlink(mMasterKeyFile) == 0 || errno == ENOENT; 78296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 78396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker 784655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initialize(const android::String8& pw, Entropy* entropy) { 785655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateMasterKey(entropy)) { 786a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 787a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 788655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode response = writeMasterKey(pw, entropy); 789a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response != NO_ERROR) { 790a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return response; 791a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 792a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setupMasterKeys(); 79307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 794a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 795a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7964e865753346fc6a075966972a7a98051818859dbRobin Lee ResponseCode copyMasterKey(UserState* src) { 7974e865753346fc6a075966972a7a98051818859dbRobin Lee if (mState != STATE_UNINITIALIZED) { 7984e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 7994e865753346fc6a075966972a7a98051818859dbRobin Lee } 8004e865753346fc6a075966972a7a98051818859dbRobin Lee if (src->getState() != STATE_NO_ERROR) { 8014e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 8024e865753346fc6a075966972a7a98051818859dbRobin Lee } 8034e865753346fc6a075966972a7a98051818859dbRobin Lee memcpy(mMasterKey, src->mMasterKey, MASTER_KEY_SIZE_BYTES); 8044e865753346fc6a075966972a7a98051818859dbRobin Lee setupMasterKeys(); 8054e865753346fc6a075966972a7a98051818859dbRobin Lee return ::NO_ERROR; 8064e865753346fc6a075966972a7a98051818859dbRobin Lee } 8074e865753346fc6a075966972a7a98051818859dbRobin Lee 808655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode writeMasterKey(const android::String8& pw, Entropy* entropy) { 809a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t passwordKey[MASTER_KEY_SIZE_BYTES]; 810a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, mSalt); 811a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_KEY passwordAesKey; 812a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_set_encrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey); 813822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Blob masterKeyBlob(mMasterKey, sizeof(mMasterKey), mSalt, sizeof(mSalt), TYPE_MASTER_KEY); 814f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return masterKeyBlob.writeBlob(mMasterKeyFile, &passwordAesKey, STATE_NO_ERROR, entropy); 815a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 816a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 817655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode readMasterKey(const android::String8& pw, Entropy* entropy) { 818655b958eb2180c7c06889f83f606d23421bf038cKenny Root int in = TEMP_FAILURE_RETRY(open(mMasterKeyFile, O_RDONLY)); 819150ca934edb745de3666a6492b039900df228ff0Kenny Root if (in < 0) { 820a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 821a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 822a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 823a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // we read the raw blob to just to get the salt to generate 824a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // the AES key, then we create the Blob to use with decryptBlob 825a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root blob rawBlob; 826a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t length = readFully(in, (uint8_t*) &rawBlob, sizeof(rawBlob)); 827a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(in) != 0) { 828a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 829a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 830a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // find salt at EOF if present, otherwise we have an old file 831a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t* salt; 832a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (length > SALT_SIZE && rawBlob.info == SALT_SIZE) { 833a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root salt = (uint8_t*) &rawBlob + length - SALT_SIZE; 834a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 835a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root salt = NULL; 836a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 837a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t passwordKey[MASTER_KEY_SIZE_BYTES]; 838a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, salt); 839a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_KEY passwordAesKey; 840a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_set_decrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey); 841a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob masterKeyBlob(rawBlob); 842f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode response = masterKeyBlob.readBlob(mMasterKeyFile, &passwordAesKey, 843f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root STATE_NO_ERROR); 844a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == SYSTEM_ERROR) { 845f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return response; 846a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 847a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == NO_ERROR && masterKeyBlob.getLength() == MASTER_KEY_SIZE_BYTES) { 848a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // if salt was missing, generate one and write a new master key file with the salt. 849a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (salt == NULL) { 850655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateSalt(entropy)) { 851a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 852a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 853655b958eb2180c7c06889f83f606d23421bf038cKenny Root response = writeMasterKey(pw, entropy); 854a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 855a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == NO_ERROR) { 856a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mMasterKey, masterKeyBlob.getValue(), MASTER_KEY_SIZE_BYTES); 857a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setupMasterKeys(); 858a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 859a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return response; 860a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 861a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mRetry <= 0) { 862a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root reset(); 863a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return UNINITIALIZED; 864a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 865a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root --mRetry; 866a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root switch (mRetry) { 867a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 0: return WRONG_PASSWORD_0; 868a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 1: return WRONG_PASSWORD_1; 869a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 2: return WRONG_PASSWORD_2; 870a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 3: return WRONG_PASSWORD_3; 871a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root default: return WRONG_PASSWORD_3; 872a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 873a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 874a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 875655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY* getEncryptionKey() { 876655b958eb2180c7c06889f83f606d23421bf038cKenny Root return &mMasterKeyEncryption; 877655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 878a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 879655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY* getDecryptionKey() { 880655b958eb2180c7c06889f83f606d23421bf038cKenny Root return &mMasterKeyDecryption; 881655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 882a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 883655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool reset() { 884655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir(getUserDirName()); 885a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!dir) { 88696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // If the directory doesn't exist then nothing to do. 88796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (errno == ENOENT) { 88896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return true; 88996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 890655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't open user directory: %s", strerror(errno)); 891a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return false; 892a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 893655b958eb2180c7c06889f83f606d23421bf038cKenny Root 894655b958eb2180c7c06889f83f606d23421bf038cKenny Root struct dirent* file; 895a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while ((file = readdir(dir)) != NULL) { 89696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // skip . and .. 89796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (!strcmp(".", file->d_name) || !strcmp("..", file->d_name)) { 898655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 899655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 900655b958eb2180c7c06889f83f606d23421bf038cKenny Root 901655b958eb2180c7c06889f83f606d23421bf038cKenny Root unlinkat(dirfd(dir), file->d_name, 0); 902a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 903a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root closedir(dir); 904a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 905a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 906a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 907655b958eb2180c7c06889f83f606d23421bf038cKenny Rootprivate: 908655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MASTER_KEY_SIZE_BYTES = 16; 909655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8; 910655b958eb2180c7c06889f83f606d23421bf038cKenny Root 911655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MAX_RETRY = 4; 912655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const size_t SALT_SIZE = 16; 913655b958eb2180c7c06889f83f606d23421bf038cKenny Root 914655b958eb2180c7c06889f83f606d23421bf038cKenny Root void generateKeyFromPassword(uint8_t* key, ssize_t keySize, const android::String8& pw, 915655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t* salt) { 916655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t saltSize; 917655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (salt != NULL) { 918655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize = SALT_SIZE; 919655b958eb2180c7c06889f83f606d23421bf038cKenny Root } else { 920655b958eb2180c7c06889f83f606d23421bf038cKenny Root // pre-gingerbread used this hardwired salt, readMasterKey will rewrite these when found 921655b958eb2180c7c06889f83f606d23421bf038cKenny Root salt = (uint8_t*) "keystore"; 922655b958eb2180c7c06889f83f606d23421bf038cKenny Root // sizeof = 9, not strlen = 8 923655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize = sizeof("keystore"); 924655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 925655b958eb2180c7c06889f83f606d23421bf038cKenny Root 926655b958eb2180c7c06889f83f606d23421bf038cKenny Root PKCS5_PBKDF2_HMAC_SHA1(reinterpret_cast<const char*>(pw.string()), pw.length(), salt, 927655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize, 8192, keySize, key); 928655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 929655b958eb2180c7c06889f83f606d23421bf038cKenny Root 930655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool generateSalt(Entropy* entropy) { 931655b958eb2180c7c06889f83f606d23421bf038cKenny Root return entropy->generate_random_data(mSalt, sizeof(mSalt)); 932655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 933655b958eb2180c7c06889f83f606d23421bf038cKenny Root 934655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool generateMasterKey(Entropy* entropy) { 935655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!entropy->generate_random_data(mMasterKey, sizeof(mMasterKey))) { 936655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 937655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 938655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateSalt(entropy)) { 939655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 940655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 941655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 942655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 943655b958eb2180c7c06889f83f606d23421bf038cKenny Root 944655b958eb2180c7c06889f83f606d23421bf038cKenny Root void setupMasterKeys() { 945655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_set_encrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyEncryption); 946655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_set_decrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyDecryption); 947655b958eb2180c7c06889f83f606d23421bf038cKenny Root setState(STATE_NO_ERROR); 948655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 949655b958eb2180c7c06889f83f606d23421bf038cKenny Root 950655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t mUserId; 951655b958eb2180c7c06889f83f606d23421bf038cKenny Root 952655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* mUserDir; 953655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* mMasterKeyFile; 954655b958eb2180c7c06889f83f606d23421bf038cKenny Root 955655b958eb2180c7c06889f83f606d23421bf038cKenny Root State mState; 956655b958eb2180c7c06889f83f606d23421bf038cKenny Root int8_t mRetry; 957655b958eb2180c7c06889f83f606d23421bf038cKenny Root 958655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t mMasterKey[MASTER_KEY_SIZE_BYTES]; 959655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t mSalt[SALT_SIZE]; 960655b958eb2180c7c06889f83f606d23421bf038cKenny Root 961655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY mMasterKeyEncryption; 962655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY mMasterKeyDecryption; 963655b958eb2180c7c06889f83f606d23421bf038cKenny Root}; 964655b958eb2180c7c06889f83f606d23421bf038cKenny Root 965655b958eb2180c7c06889f83f606d23421bf038cKenny Roottypedef struct { 966655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint32_t uid; 967655b958eb2180c7c06889f83f606d23421bf038cKenny Root const uint8_t* filename; 968655b958eb2180c7c06889f83f606d23421bf038cKenny Root} grant_t; 969655b958eb2180c7c06889f83f606d23421bf038cKenny Root 970655b958eb2180c7c06889f83f606d23421bf038cKenny Rootclass KeyStore { 971655b958eb2180c7c06889f83f606d23421bf038cKenny Rootpublic: 97267d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker KeyStore(Entropy* entropy, keymaster1_device_t* device, keymaster1_device_t* fallback) 973655b958eb2180c7c06889f83f606d23421bf038cKenny Root : mEntropy(entropy) 974655b958eb2180c7c06889f83f606d23421bf038cKenny Root , mDevice(device) 975fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker , mFallbackDevice(fallback) 976655b958eb2180c7c06889f83f606d23421bf038cKenny Root { 977655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMetaData, '\0', sizeof(mMetaData)); 978655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 979655b958eb2180c7c06889f83f606d23421bf038cKenny Root 980655b958eb2180c7c06889f83f606d23421bf038cKenny Root ~KeyStore() { 981655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::iterator it(mGrants.begin()); 982655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 983655b958eb2180c7c06889f83f606d23421bf038cKenny Root delete *it; 984655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 985c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5haitao fang mGrants.clear(); 986655b958eb2180c7c06889f83f606d23421bf038cKenny Root 987655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::iterator it(mMasterKeys.begin()); 988655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 989655b958eb2180c7c06889f83f606d23421bf038cKenny Root delete *it; 990655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 991c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5haitao fang mMasterKeys.clear(); 992655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 993655b958eb2180c7c06889f83f606d23421bf038cKenny Root 99467d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker /** 99567d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker * Depending on the hardware keymaster version is this may return a 99667d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker * keymaster0_device_t* cast to a keymaster1_device_t*. All methods from 99767d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker * keymaster0 are safe to call, calls to keymaster1_device_t methods should 99867d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker * be guarded by a check on the device's version. 99967d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker */ 100067d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t *getDevice() const { 1001655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mDevice; 1002655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1003655b958eb2180c7c06889f83f606d23421bf038cKenny Root 100467d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t *getFallbackDevice() const { 1005fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return mFallbackDevice; 1006fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 1007fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 100867d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t *getDeviceForBlob(const Blob& blob) const { 1009fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return blob.isFallback() ? mFallbackDevice: mDevice; 1010fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 1011fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 1012655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initialize() { 1013655b958eb2180c7c06889f83f606d23421bf038cKenny Root readMetaData(); 1014655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (upgradeKeystore()) { 1015655b958eb2180c7c06889f83f606d23421bf038cKenny Root writeMetaData(); 1016655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1017655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1018655b958eb2180c7c06889f83f606d23421bf038cKenny Root return ::NO_ERROR; 1019655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1020655b958eb2180c7c06889f83f606d23421bf038cKenny Root 102172593ee807e89239d98ae08d32c733ecc08203baChad Brubaker State getState(uid_t userId) { 102272593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return getUserState(userId)->getState(); 1023655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1024655b958eb2180c7c06889f83f606d23421bf038cKenny Root 102572593ee807e89239d98ae08d32c733ecc08203baChad Brubaker ResponseCode initializeUser(const android::String8& pw, uid_t userId) { 102672593ee807e89239d98ae08d32c733ecc08203baChad Brubaker UserState* userState = getUserState(userId); 1027655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->initialize(pw, mEntropy); 1028655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1029655b958eb2180c7c06889f83f606d23421bf038cKenny Root 103072593ee807e89239d98ae08d32c733ecc08203baChad Brubaker ResponseCode copyMasterKey(uid_t srcUser, uid_t dstUser) { 103172593ee807e89239d98ae08d32c733ecc08203baChad Brubaker UserState *userState = getUserState(dstUser); 103272593ee807e89239d98ae08d32c733ecc08203baChad Brubaker UserState *initState = getUserState(srcUser); 10334e865753346fc6a075966972a7a98051818859dbRobin Lee return userState->copyMasterKey(initState); 10344e865753346fc6a075966972a7a98051818859dbRobin Lee } 10354e865753346fc6a075966972a7a98051818859dbRobin Lee 103672593ee807e89239d98ae08d32c733ecc08203baChad Brubaker ResponseCode writeMasterKey(const android::String8& pw, uid_t userId) { 103772593ee807e89239d98ae08d32c733ecc08203baChad Brubaker UserState* userState = getUserState(userId); 1038655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->writeMasterKey(pw, mEntropy); 1039655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1040655b958eb2180c7c06889f83f606d23421bf038cKenny Root 104172593ee807e89239d98ae08d32c733ecc08203baChad Brubaker ResponseCode readMasterKey(const android::String8& pw, uid_t userId) { 104272593ee807e89239d98ae08d32c733ecc08203baChad Brubaker UserState* userState = getUserState(userId); 1043655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->readMasterKey(pw, mEntropy); 1044655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1045655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1046655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyName(const android::String8& keyName) { 1047a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1048655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1049655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8(encoded); 1050655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1051655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1052655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyNameForUid(const android::String8& keyName, uid_t uid) { 1053a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1054655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1055655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8::format("%u_%s", uid, encoded); 1056655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1057655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1058655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyNameForUidWithDir(const android::String8& keyName, uid_t uid) { 1059a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1060655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 106172593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return android::String8::format("%s/%u_%s", getUserStateByUid(uid)->getUserDirName(), uid, 1062655b958eb2180c7c06889f83f606d23421bf038cKenny Root encoded); 1063655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1064655b958eb2180c7c06889f83f606d23421bf038cKenny Root 106596d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker /* 106696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker * Delete entries owned by userId. If keepUnencryptedEntries is true 106796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker * then only encrypted entries will be removed, otherwise all entries will 106896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker * be removed. 106996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker */ 107096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker void resetUser(uid_t userId, bool keepUnenryptedEntries) { 10714b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::String8 prefix(""); 10724b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::Vector<android::String16> aliases; 107372593ee807e89239d98ae08d32c733ecc08203baChad Brubaker UserState* userState = getUserState(userId); 1074e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker if (list(prefix, &aliases, userId) != ::NO_ERROR) { 107596d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return; 10764b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 10774b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee for (uint32_t i = 0; i < aliases.size(); i++) { 10784b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::String8 filename(aliases[i]); 10794b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee filename = android::String8::format("%s/%s", userState->getUserDirName(), 108096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker getKeyName(filename).string()); 108196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker bool shouldDelete = true; 108296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (keepUnenryptedEntries) { 108396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker Blob blob; 108472593ee807e89239d98ae08d32c733ecc08203baChad Brubaker ResponseCode rc = get(filename, &blob, ::TYPE_ANY, userId); 108596d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker 108696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker /* get can fail if the blob is encrypted and the state is 108796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker * not unlocked, only skip deleting blobs that were loaded and 108896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker * who are not encrypted. If there are blobs we fail to read for 108996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker * other reasons err on the safe side and delete them since we 109096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker * can't tell if they're encrypted. 109196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker */ 109296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker shouldDelete = !(rc == ::NO_ERROR && !blob.isEncrypted()); 109396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 109496d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (shouldDelete) { 109572593ee807e89239d98ae08d32c733ecc08203baChad Brubaker del(filename, ::TYPE_ANY, userId); 109696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 109796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 109896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (!userState->deleteMasterKey()) { 109996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker ALOGE("Failed to delete user %d's master key", userId); 110096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 110196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (!keepUnenryptedEntries) { 110296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if(!userState->reset()) { 110396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker ALOGE("Failed to remove user %d's directory", userId); 110496d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 11054b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 1106655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1107655b958eb2180c7c06889f83f606d23421bf038cKenny Root 110872593ee807e89239d98ae08d32c733ecc08203baChad Brubaker bool isEmpty(uid_t userId) const { 110972593ee807e89239d98ae08d32c733ecc08203baChad Brubaker const UserState* userState = getUserState(userId); 111096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (userState == NULL) { 1111655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 1112655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1113655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1114655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir(userState->getUserDirName()); 1115a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!dir) { 1116a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 1117a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1118655b958eb2180c7c06889f83f606d23421bf038cKenny Root 111931e27468b6d822adbd2aec9219a68c206aa6957cKenny Root bool result = true; 112031e27468b6d822adbd2aec9219a68c206aa6957cKenny Root struct dirent* file; 1121a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while ((file = readdir(dir)) != NULL) { 1122655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 1123655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 1124655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1125655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1126655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1127655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 1128655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_name[0] == '.') { 1129655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1130655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1131655b958eb2180c7c06889f83f606d23421bf038cKenny Root 113231e27468b6d822adbd2aec9219a68c206aa6957cKenny Root result = false; 113331e27468b6d822adbd2aec9219a68c206aa6957cKenny Root break; 1134a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1135a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root closedir(dir); 1136a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return result; 1137a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1138a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 113972593ee807e89239d98ae08d32c733ecc08203baChad Brubaker void lock(uid_t userId) { 114072593ee807e89239d98ae08d32c733ecc08203baChad Brubaker UserState* userState = getUserState(userId); 1141655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->zeroizeMasterKeysInMemory(); 1142655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->setState(STATE_LOCKED); 1143a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1144a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 114572593ee807e89239d98ae08d32c733ecc08203baChad Brubaker ResponseCode get(const char* filename, Blob* keyBlob, const BlobType type, uid_t userId) { 114672593ee807e89239d98ae08d32c733ecc08203baChad Brubaker UserState* userState = getUserState(userId); 1147f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode rc = keyBlob->readBlob(filename, userState->getDecryptionKey(), 1148f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root userState->getState()); 1149822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc != NO_ERROR) { 1150822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1151822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1152822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1153822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root const uint8_t version = keyBlob->getVersion(); 115407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (version < CURRENT_BLOB_VERSION) { 1155cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root /* If we upgrade the key, we need to write it to disk again. Then 1156cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root * it must be read it again since the blob is encrypted each time 1157cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root * it's written. 1158cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root */ 115972593ee807e89239d98ae08d32c733ecc08203baChad Brubaker if (upgradeBlob(filename, keyBlob, version, type, userId)) { 116072593ee807e89239d98ae08d32c733ecc08203baChad Brubaker if ((rc = this->put(filename, keyBlob, userId)) != NO_ERROR 1161f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root || (rc = keyBlob->readBlob(filename, userState->getDecryptionKey(), 1162f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root userState->getState())) != NO_ERROR) { 1163cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root return rc; 1164cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root } 1165cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root } 1166822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1167822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 116817208e0de5a42722901d803118745cca25fd10c1Kenny Root /* 116917208e0de5a42722901d803118745cca25fd10c1Kenny Root * This will upgrade software-backed keys to hardware-backed keys when 117017208e0de5a42722901d803118745cca25fd10c1Kenny Root * the HAL for the device supports the newer key types. 117117208e0de5a42722901d803118745cca25fd10c1Kenny Root */ 117217208e0de5a42722901d803118745cca25fd10c1Kenny Root if (rc == NO_ERROR && type == TYPE_KEY_PAIR 117317208e0de5a42722901d803118745cca25fd10c1Kenny Root && mDevice->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_0_2 117417208e0de5a42722901d803118745cca25fd10c1Kenny Root && keyBlob->isFallback()) { 117517208e0de5a42722901d803118745cca25fd10c1Kenny Root ResponseCode imported = importKey(keyBlob->getValue(), keyBlob->getLength(), filename, 117672593ee807e89239d98ae08d32c733ecc08203baChad Brubaker userId, keyBlob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); 117717208e0de5a42722901d803118745cca25fd10c1Kenny Root 117817208e0de5a42722901d803118745cca25fd10c1Kenny Root // The HAL allowed the import, reget the key to have the "fresh" 117917208e0de5a42722901d803118745cca25fd10c1Kenny Root // version. 118017208e0de5a42722901d803118745cca25fd10c1Kenny Root if (imported == NO_ERROR) { 118172593ee807e89239d98ae08d32c733ecc08203baChad Brubaker rc = get(filename, keyBlob, TYPE_KEY_PAIR, userId); 118217208e0de5a42722901d803118745cca25fd10c1Kenny Root } 118317208e0de5a42722901d803118745cca25fd10c1Kenny Root } 118417208e0de5a42722901d803118745cca25fd10c1Kenny Root 11853cc40125e8b495e7f0784dad53bb9acdb5b9a8ebChad Brubaker // Keymaster 0.3 keys are valid keymaster 1.0 keys, so silently upgrade 11863cc40125e8b495e7f0784dad53bb9acdb5b9a8ebChad Brubaker // them if needed. 11873cc40125e8b495e7f0784dad53bb9acdb5b9a8ebChad Brubaker if (type == TYPE_KEYMASTER_10 && keyBlob->getType() == TYPE_KEY_PAIR) { 11883cc40125e8b495e7f0784dad53bb9acdb5b9a8ebChad Brubaker keyBlob->setType(TYPE_KEYMASTER_10); 11893cc40125e8b495e7f0784dad53bb9acdb5b9a8ebChad Brubaker } 11903cc40125e8b495e7f0784dad53bb9acdb5b9a8ebChad Brubaker 1191d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (type != TYPE_ANY && keyBlob->getType() != type) { 1192822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGW("key found but type doesn't match: %d vs %d", keyBlob->getType(), type); 1193822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return KEY_NOT_FOUND; 1194822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1195822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1196822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1197a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1198a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 119972593ee807e89239d98ae08d32c733ecc08203baChad Brubaker ResponseCode put(const char* filename, Blob* keyBlob, uid_t userId) { 120072593ee807e89239d98ae08d32c733ecc08203baChad Brubaker UserState* userState = getUserState(userId); 1201f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return keyBlob->writeBlob(filename, userState->getEncryptionKey(), userState->getState(), 1202f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mEntropy); 1203a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1204a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 120572593ee807e89239d98ae08d32c733ecc08203baChad Brubaker ResponseCode del(const char *filename, const BlobType type, uid_t userId) { 12064b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee Blob keyBlob; 120772593ee807e89239d98ae08d32c733ecc08203baChad Brubaker ResponseCode rc = get(filename, &keyBlob, type, userId); 12084b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (rc != ::NO_ERROR) { 12094b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return rc; 12104b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12114b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12124b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (keyBlob.getType() == ::TYPE_KEY_PAIR) { 12134b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // A device doesn't have to implement delete_keypair. 12144b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mDevice->delete_keypair != NULL && !keyBlob.isFallback()) { 12154b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mDevice->delete_keypair(mDevice, keyBlob.getValue(), keyBlob.getLength())) { 12164b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee rc = ::SYSTEM_ERROR; 12174b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12184b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12194b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 122017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (keyBlob.getType() == ::TYPE_KEYMASTER_10) { 122117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster1_device_t* dev = getDeviceForBlob(keyBlob); 122217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (dev->delete_key) { 122317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_blob_t blob; 122417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker blob.key_material = keyBlob.getValue(); 122517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker blob.key_material_size = keyBlob.getLength(); 122617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker dev->delete_key(dev, &blob); 122717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 122817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 12294b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (rc != ::NO_ERROR) { 12304b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return rc; 12314b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12324b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12334b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return (unlink(filename) && errno != ENOENT) ? ::SYSTEM_ERROR : ::NO_ERROR; 12344b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12354b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 1236e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker ResponseCode list(const android::String8& prefix, android::Vector<android::String16> *matches, 123772593ee807e89239d98ae08d32c733ecc08203baChad Brubaker uid_t userId) { 12384b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 123972593ee807e89239d98ae08d32c733ecc08203baChad Brubaker UserState* userState = getUserState(userId); 12404b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t n = prefix.length(); 12414b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12424b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee DIR* dir = opendir(userState->getUserDirName()); 12434b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (!dir) { 12444b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("can't open directory for user: %s", strerror(errno)); 12454b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 12464b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12474b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12484b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee struct dirent* file; 12494b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee while ((file = readdir(dir)) != NULL) { 12504b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // We only care about files. 12514b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (file->d_type != DT_REG) { 12524b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee continue; 12534b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12544b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12554b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // Skip anything that starts with a "." 12564b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (file->d_name[0] == '.') { 12574b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee continue; 12584b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12594b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12604b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (!strncmp(prefix.string(), file->d_name, n)) { 12614b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee const char* p = &file->d_name[n]; 12624b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t plen = strlen(p); 12634b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12644b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t extra = decode_key_length(p, plen); 12654b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee char *match = (char*) malloc(extra + 1); 12664b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (match != NULL) { 12674b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee decode_key(match, p, plen); 12684b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee matches->push(android::String16(match, extra)); 12694b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee free(match); 12704b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } else { 12714b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("could not allocate match of size %zd", extra); 12724b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12734b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12744b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12754b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee closedir(dir); 12764b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::NO_ERROR; 12774b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12784b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 127907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root void addGrant(const char* filename, uid_t granteeUid) { 1280655b958eb2180c7c06889f83f606d23421bf038cKenny Root const grant_t* existing = getGrant(filename, granteeUid); 1281655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (existing == NULL) { 1282655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = new grant_t; 128307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root grant->uid = granteeUid; 1284a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom grant->filename = reinterpret_cast<const uint8_t*>(strdup(filename)); 1285655b958eb2180c7c06889f83f606d23421bf038cKenny Root mGrants.add(grant); 128670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 128770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 128870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 128907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root bool removeGrant(const char* filename, uid_t granteeUid) { 1290655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::iterator it(mGrants.begin()); 1291655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 1292655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = *it; 1293655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (grant->uid == granteeUid 1294655b958eb2180c7c06889f83f606d23421bf038cKenny Root && !strcmp(reinterpret_cast<const char*>(grant->filename), filename)) { 1295655b958eb2180c7c06889f83f606d23421bf038cKenny Root mGrants.erase(it); 1296655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 1297655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 129870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 129970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return false; 130070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 130170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1302a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom bool hasGrant(const char* filename, const uid_t uid) const { 1303a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom return getGrant(filename, uid) != NULL; 130470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 130570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 130672593ee807e89239d98ae08d32c733ecc08203baChad Brubaker ResponseCode importKey(const uint8_t* key, size_t keyLen, const char* filename, uid_t userId, 1307f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 1308822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t* data; 1309822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root size_t dataLength; 1310822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root int rc; 1311822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1312822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (mDevice->import_keypair == NULL) { 1313822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Keymaster doesn't support import!"); 1314822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1315822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1316822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 131717208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback = false; 131807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root rc = mDevice->import_keypair(mDevice, key, keyLen, &data, &dataLength); 1319822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc) { 1320a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root /* 1321a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * Maybe the device doesn't support this type of key. Try to use the 1322a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * software fallback keymaster implementation. This is a little bit 1323a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * lazier than checking the PKCS#8 key type, but the software 1324a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * implementation will do that anyway. 1325a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root */ 13267c1eb75a6898452867ca28a4d7fad2d91edca615Chad Brubaker rc = mFallbackDevice->import_keypair(mFallbackDevice, key, keyLen, &data, &dataLength); 1327a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root isFallback = true; 132817208e0de5a42722901d803118745cca25fd10c1Kenny Root 132917208e0de5a42722901d803118745cca25fd10c1Kenny Root if (rc) { 133017208e0de5a42722901d803118745cca25fd10c1Kenny Root ALOGE("Error while importing keypair: %d", rc); 133117208e0de5a42722901d803118745cca25fd10c1Kenny Root return SYSTEM_ERROR; 133217208e0de5a42722901d803118745cca25fd10c1Kenny Root } 1333822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1334822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1335822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR); 1336822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root free(data); 1337822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1338f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 133917208e0de5a42722901d803118745cca25fd10c1Kenny Root keyBlob.setFallback(isFallback); 1340f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 134172593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return put(filename, &keyBlob, userId); 1342822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1343822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 13441b0e3933900c7ea21189704d5db64e7346aee7afKenny Root bool isHardwareBacked(const android::String16& keyType) const { 13451b0e3933900c7ea21189704d5db64e7346aee7afKenny Root if (mDevice == NULL) { 13461b0e3933900c7ea21189704d5db64e7346aee7afKenny Root ALOGW("can't get keymaster device"); 13471b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return false; 13481b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } 13491b0e3933900c7ea21189704d5db64e7346aee7afKenny Root 13501b0e3933900c7ea21189704d5db64e7346aee7afKenny Root if (sRSAKeyType == keyType) { 13511b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0; 13521b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } else { 13531b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0 13541b0e3933900c7ea21189704d5db64e7346aee7afKenny Root && (mDevice->common.module->module_api_version 13551b0e3933900c7ea21189704d5db64e7346aee7afKenny Root >= KEYMASTER_MODULE_API_VERSION_0_2); 13561b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } 13578ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root } 13588ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root 1359655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode getKeyForName(Blob* keyBlob, const android::String8& keyName, const uid_t uid, 1360655b958eb2180c7c06889f83f606d23421bf038cKenny Root const BlobType type) { 136186b16e8c0d353af97f0411917789308dba417295Kenny Root android::String8 filepath8(getKeyNameForUidWithDir(keyName, uid)); 136272593ee807e89239d98ae08d32c733ecc08203baChad Brubaker uid_t userId = get_user_id(uid); 1363a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 136472593ee807e89239d98ae08d32c733ecc08203baChad Brubaker ResponseCode responseCode = get(filepath8.string(), keyBlob, type, userId); 1365655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (responseCode == NO_ERROR) { 1366655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1367655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1368a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1369655b958eb2180c7c06889f83f606d23421bf038cKenny Root // If this is one of the legacy UID->UID mappings, use it. 1370655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t euid = get_keystore_euid(uid); 1371655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (euid != uid) { 137286b16e8c0d353af97f0411917789308dba417295Kenny Root filepath8 = getKeyNameForUidWithDir(keyName, euid); 137372593ee807e89239d98ae08d32c733ecc08203baChad Brubaker responseCode = get(filepath8.string(), keyBlob, type, userId); 1374655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (responseCode == NO_ERROR) { 1375655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1376655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1377655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 137870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1379655b958eb2180c7c06889f83f606d23421bf038cKenny Root // They might be using a granted key. 138086b16e8c0d353af97f0411917789308dba417295Kenny Root android::String8 filename8 = getKeyName(keyName); 1381655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* end; 138286b16e8c0d353af97f0411917789308dba417295Kenny Root strtoul(filename8.string(), &end, 10); 1383655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (end[0] != '_' || end[1] == 0) { 1384655b958eb2180c7c06889f83f606d23421bf038cKenny Root return KEY_NOT_FOUND; 1385655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 138672593ee807e89239d98ae08d32c733ecc08203baChad Brubaker filepath8 = android::String8::format("%s/%s", getUserState(userId)->getUserDirName(), 138786b16e8c0d353af97f0411917789308dba417295Kenny Root filename8.string()); 1388655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!hasGrant(filepath8.string(), uid)) { 1389655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1390a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1391a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1392655b958eb2180c7c06889f83f606d23421bf038cKenny Root // It is a granted key. Try to load it. 139372593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return get(filepath8.string(), keyBlob, type, userId); 1394a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1395a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1396655b958eb2180c7c06889f83f606d23421bf038cKenny Root /** 1397655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns any existing UserState or creates it if it doesn't exist. 1398655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 139972593ee807e89239d98ae08d32c733ecc08203baChad Brubaker UserState* getUserState(uid_t userId) { 1400655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::iterator it(mMasterKeys.begin()); 1401655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 1402655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* state = *it; 1403655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (state->getUserId() == userId) { 1404655b958eb2180c7c06889f83f606d23421bf038cKenny Root return state; 1405655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1406a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1407655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1408655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = new UserState(userId); 1409655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!userState->initialize()) { 1410655b958eb2180c7c06889f83f606d23421bf038cKenny Root /* There's not much we can do if initialization fails. Trying to 1411655b958eb2180c7c06889f83f606d23421bf038cKenny Root * unlock the keystore for that user will fail as well, so any 1412655b958eb2180c7c06889f83f606d23421bf038cKenny Root * subsequent request for this user will just return SYSTEM_ERROR. 1413655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1414655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("User initialization failed for %u; subsuquent operations will fail", userId); 1415a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1416655b958eb2180c7c06889f83f606d23421bf038cKenny Root mMasterKeys.add(userState); 1417655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState; 1418a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1419a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1420655b958eb2180c7c06889f83f606d23421bf038cKenny Root /** 142172593ee807e89239d98ae08d32c733ecc08203baChad Brubaker * Returns any existing UserState or creates it if it doesn't exist. 1422655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 142372593ee807e89239d98ae08d32c733ecc08203baChad Brubaker UserState* getUserStateByUid(uid_t uid) { 1424655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t userId = get_user_id(uid); 142572593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return getUserState(userId); 142672593ee807e89239d98ae08d32c733ecc08203baChad Brubaker } 1427655b958eb2180c7c06889f83f606d23421bf038cKenny Root 142872593ee807e89239d98ae08d32c733ecc08203baChad Brubaker /** 142972593ee807e89239d98ae08d32c733ecc08203baChad Brubaker * Returns NULL if the UserState doesn't already exist. 143072593ee807e89239d98ae08d32c733ecc08203baChad Brubaker */ 143172593ee807e89239d98ae08d32c733ecc08203baChad Brubaker const UserState* getUserState(uid_t userId) const { 1432655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::const_iterator it(mMasterKeys.begin()); 1433655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 1434655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* state = *it; 1435655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (state->getUserId() == userId) { 1436655b958eb2180c7c06889f83f606d23421bf038cKenny Root return state; 1437655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1438655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1439a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1440655b958eb2180c7c06889f83f606d23421bf038cKenny Root return NULL; 1441a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1442a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 144372593ee807e89239d98ae08d32c733ecc08203baChad Brubaker /** 144472593ee807e89239d98ae08d32c733ecc08203baChad Brubaker * Returns NULL if the UserState doesn't already exist. 144572593ee807e89239d98ae08d32c733ecc08203baChad Brubaker */ 144672593ee807e89239d98ae08d32c733ecc08203baChad Brubaker const UserState* getUserStateByUid(uid_t uid) const { 144772593ee807e89239d98ae08d32c733ecc08203baChad Brubaker uid_t userId = get_user_id(uid); 144872593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return getUserState(userId); 144972593ee807e89239d98ae08d32c733ecc08203baChad Brubaker } 145072593ee807e89239d98ae08d32c733ecc08203baChad Brubaker 1451655b958eb2180c7c06889f83f606d23421bf038cKenny Rootprivate: 1452655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const char* sOldMasterKey; 1453655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const char* sMetaDataFile; 14541b0e3933900c7ea21189704d5db64e7346aee7afKenny Root static const android::String16 sRSAKeyType; 1455655b958eb2180c7c06889f83f606d23421bf038cKenny Root Entropy* mEntropy; 145607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 145767d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t* mDevice; 145867d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t* mFallbackDevice; 1459a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1460655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::Vector<UserState*> mMasterKeys; 1461655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1462655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::Vector<grant_t*> mGrants; 146370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1464655b958eb2180c7c06889f83f606d23421bf038cKenny Root typedef struct { 1465655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint32_t version; 1466655b958eb2180c7c06889f83f606d23421bf038cKenny Root } keystore_metadata_t; 146770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1468655b958eb2180c7c06889f83f606d23421bf038cKenny Root keystore_metadata_t mMetaData; 1469655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1470655b958eb2180c7c06889f83f606d23421bf038cKenny Root const grant_t* getGrant(const char* filename, uid_t uid) const { 1471655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::const_iterator it(mGrants.begin()); 1472655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 1473655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = *it; 147470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (grant->uid == uid 1475655b958eb2180c7c06889f83f606d23421bf038cKenny Root && !strcmp(reinterpret_cast<const char*>(grant->filename), filename)) { 147670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return grant; 147770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 147870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 147970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return NULL; 148070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 148170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1482822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /** 1483822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Upgrade code. This will upgrade the key from the current version 1484822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * to whatever is newest. 1485822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 1486655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVersion, 1487655b958eb2180c7c06889f83f606d23421bf038cKenny Root const BlobType type, uid_t uid) { 1488822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root bool updated = false; 1489822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t version = oldVersion; 1490822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1491822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /* From V0 -> V1: All old types were unknown */ 1492822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (version == 0) { 1493822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGV("upgrading to version 1 and setting type %d", type); 1494822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1495822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root blob->setType(type); 1496822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (type == TYPE_KEY_PAIR) { 1497655b958eb2180c7c06889f83f606d23421bf038cKenny Root importBlobAsKey(blob, filename, uid); 1498822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1499822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root version = 1; 1500822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root updated = true; 1501822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1502822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1503f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root /* From V1 -> V2: All old keys were encrypted */ 1504f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (version == 1) { 1505f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("upgrading to version 2"); 1506f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1507f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root blob->setEncrypted(true); 1508f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root version = 2; 1509f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root updated = true; 1510f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 1511f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1512822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /* 1513822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * If we've updated, set the key blob to the right version 1514822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * and write it. 1515cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root */ 1516822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (updated) { 1517822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGV("updated and writing file %s", filename); 1518822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root blob->setVersion(version); 1519822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1520cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root 1521cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root return updated; 1522822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1523822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1524822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /** 1525822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Takes a blob that is an PEM-encoded RSA key as a byte array and 1526822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * converts it to a DER-encoded PKCS#8 for import into a keymaster. 1527822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Then it overwrites the original blob with the new blob 1528822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * format that is returned from the keymaster. 1529822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 1530655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode importBlobAsKey(Blob* blob, const char* filename, uid_t uid) { 1531822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root // We won't even write to the blob directly with this BIO, so const_cast is okay. 1532822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_BIO b(BIO_new_mem_buf(const_cast<uint8_t*>(blob->getValue()), blob->getLength())); 1533822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (b.get() == NULL) { 1534822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Problem instantiating BIO"); 1535822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1536822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1537822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1538822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_EVP_PKEY pkey(PEM_read_bio_PrivateKey(b.get(), NULL, NULL, NULL)); 1539822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (pkey.get() == NULL) { 1540822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't read old PEM file"); 1541822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1542822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1543822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1544822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_PKCS8_PRIV_KEY_INFO pkcs8(EVP_PKEY2PKCS8(pkey.get())); 1545822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root int len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), NULL); 1546822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (len < 0) { 1547822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't measure PKCS#8 length"); 1548822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1549822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1550822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 155170c9889c5ca912e7c492580e1999f18ab65b267bKenny Root UniquePtr<unsigned char[]> pkcs8key(new unsigned char[len]); 155270c9889c5ca912e7c492580e1999f18ab65b267bKenny Root uint8_t* tmp = pkcs8key.get(); 1553822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &tmp) != len) { 1554822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't convert to PKCS#8"); 1555822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1556822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1557822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 155872593ee807e89239d98ae08d32c733ecc08203baChad Brubaker ResponseCode rc = importKey(pkcs8key.get(), len, filename, get_user_id(uid), 1559f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root blob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); 1560822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc != NO_ERROR) { 1561822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1562822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1563822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1564655b958eb2180c7c06889f83f606d23421bf038cKenny Root return get(filename, blob, TYPE_KEY_PAIR, uid); 1565822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 156670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1567655b958eb2180c7c06889f83f606d23421bf038cKenny Root void readMetaData() { 1568655b958eb2180c7c06889f83f606d23421bf038cKenny Root int in = TEMP_FAILURE_RETRY(open(sMetaDataFile, O_RDONLY)); 1569655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (in < 0) { 1570655b958eb2180c7c06889f83f606d23421bf038cKenny Root return; 1571655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1572655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t fileLength = readFully(in, (uint8_t*) &mMetaData, sizeof(mMetaData)); 1573655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (fileLength != sizeof(mMetaData)) { 1574655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGI("Metadata file is %zd bytes (%zd experted); upgrade?", fileLength, 1575655b958eb2180c7c06889f83f606d23421bf038cKenny Root sizeof(mMetaData)); 1576655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1577655b958eb2180c7c06889f83f606d23421bf038cKenny Root close(in); 157870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 157970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1580655b958eb2180c7c06889f83f606d23421bf038cKenny Root void writeMetaData() { 1581655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* tmpFileName = ".metadata.tmp"; 1582655b958eb2180c7c06889f83f606d23421bf038cKenny Root int out = TEMP_FAILURE_RETRY(open(tmpFileName, 1583655b958eb2180c7c06889f83f606d23421bf038cKenny Root O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); 1584655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (out < 0) { 1585655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't write metadata file: %s", strerror(errno)); 1586655b958eb2180c7c06889f83f606d23421bf038cKenny Root return; 1587655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1588655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t fileLength = writeFully(out, (uint8_t*) &mMetaData, sizeof(mMetaData)); 1589655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (fileLength != sizeof(mMetaData)) { 1590655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGI("Could only write %zd bytes to metadata file (%zd expected)", fileLength, 1591655b958eb2180c7c06889f83f606d23421bf038cKenny Root sizeof(mMetaData)); 159270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1593655b958eb2180c7c06889f83f606d23421bf038cKenny Root close(out); 1594655b958eb2180c7c06889f83f606d23421bf038cKenny Root rename(tmpFileName, sMetaDataFile); 159570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 159670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1597655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgradeKeystore() { 1598655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgraded = false; 1599655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1600655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (mMetaData.version == 0) { 160172593ee807e89239d98ae08d32c733ecc08203baChad Brubaker UserState* userState = getUserStateByUid(0); 1602655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1603655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Initialize first so the directory is made. 1604655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->initialize(); 1605655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1606655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Migrate the old .masterkey file to user 0. 1607655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(sOldMasterKey, R_OK) == 0) { 1608655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (rename(sOldMasterKey, userState->getMasterKeyFileName()) < 0) { 1609655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't migrate old masterkey: %s", strerror(errno)); 1610655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 1611655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1612655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1613655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1614655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Initialize again in case we had a key. 1615655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->initialize(); 1616655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1617655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Try to migrate existing keys. 1618655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir("."); 1619655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!dir) { 1620655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Give up now; maybe we can upgrade later. 1621655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't open keystore's directory; something is wrong"); 1622655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 1623655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1624655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1625655b958eb2180c7c06889f83f606d23421bf038cKenny Root struct dirent* file; 1626655b958eb2180c7c06889f83f606d23421bf038cKenny Root while ((file = readdir(dir)) != NULL) { 1627655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 1628655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 1629655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1630655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1631655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1632655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 1633655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_name[0] == '.') { 1634655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1635655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1636655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1637655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Find the current file's user. 1638655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* end; 1639655b958eb2180c7c06889f83f606d23421bf038cKenny Root unsigned long thisUid = strtoul(file->d_name, &end, 10); 1640655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (end[0] != '_' || end[1] == 0) { 1641655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1642655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 164372593ee807e89239d98ae08d32c733ecc08203baChad Brubaker UserState* otherUser = getUserStateByUid(thisUid); 1644655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (otherUser->getUserId() != 0) { 1645655b958eb2180c7c06889f83f606d23421bf038cKenny Root unlinkat(dirfd(dir), file->d_name, 0); 1646655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1647655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1648655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Rename the file into user directory. 1649655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* otherdir = opendir(otherUser->getUserDirName()); 1650655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (otherdir == NULL) { 1651655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't open user directory for rename"); 1652655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1653655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1654655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (renameat(dirfd(dir), file->d_name, dirfd(otherdir), file->d_name) < 0) { 1655655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't rename blob: %s: %s", file->d_name, strerror(errno)); 1656655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1657655b958eb2180c7c06889f83f606d23421bf038cKenny Root closedir(otherdir); 1658655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1659655b958eb2180c7c06889f83f606d23421bf038cKenny Root closedir(dir); 1660655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1661655b958eb2180c7c06889f83f606d23421bf038cKenny Root mMetaData.version = 1; 1662655b958eb2180c7c06889f83f606d23421bf038cKenny Root upgraded = true; 1663655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1664655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1665655b958eb2180c7c06889f83f606d23421bf038cKenny Root return upgraded; 166670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1667655b958eb2180c7c06889f83f606d23421bf038cKenny Root}; 166870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1669655b958eb2180c7c06889f83f606d23421bf038cKenny Rootconst char* KeyStore::sOldMasterKey = ".masterkey"; 1670655b958eb2180c7c06889f83f606d23421bf038cKenny Rootconst char* KeyStore::sMetaDataFile = ".metadata"; 167170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 16721b0e3933900c7ea21189704d5db64e7346aee7afKenny Rootconst android::String16 KeyStore::sRSAKeyType("RSA"); 16731b0e3933900c7ea21189704d5db64e7346aee7afKenny Root 167407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootnamespace android { 167507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootclass KeyStoreProxy : public BnKeystoreService, public IBinder::DeathRecipient { 167607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootpublic: 167707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root KeyStoreProxy(KeyStore* keyStore) 167840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker : mKeyStore(keyStore), 167940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap(this) 168007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root { 168107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1682a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 168340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void binderDied(const wp<IBinder>& who) { 168440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker auto operations = mOperationMap.getOperationsForToken(who.unsafe_get()); 168540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker for (auto token: operations) { 168640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker abort(token); 168740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 168807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1689a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1690e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker int32_t getState(int32_t userId) { 1691e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker if (!checkBinderPermission(P_GET_STATE)) { 169207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 169307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1694a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1695e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker return mKeyStore->getState(userId); 1696a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1697a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 169807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t get(const String16& name, uint8_t** item, size_t* itemLength) { 16999489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_GET)) { 170007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 170107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1702a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 17039489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 170407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 170507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 170666dbf67dd65b4808a15ef64f0ffde1275bdd58a9Nick Kralevich 1707655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 1708494689083467ec372a58f094f041c8f102f39393Kenny Root TYPE_GENERIC); 170907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 1710655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("Could not read %s", name8.string()); 171107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *item = NULL; 171207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *itemLength = 0; 171307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 171407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 171507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 171607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *item = (uint8_t*) malloc(keyBlob.getLength()); 171707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root memcpy(*item, keyBlob.getValue(), keyBlob.getLength()); 171807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *itemLength = keyBlob.getLength(); 171907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 172007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1721a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1722a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1723f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int targetUid, 1724f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 17259489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 17269489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, 17279489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 17289489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 17299489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 1730b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1731b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 173207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1733655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 173407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 173507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob(item, itemLength, NULL, 0, ::TYPE_GENERIC); 1736ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 1737ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root 173872593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return mKeyStore->put(filename.string(), &keyBlob, get_user_id(targetUid)); 1739a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1740a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1741494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t del(const String16& name, int targetUid) { 17429489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 17439489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_DELETE, targetUid)) { 1744b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1745b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 174607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1747655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 174872593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(targetUid)); 1749298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1750298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 1751494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t exist(const String16& name, int targetUid) { 17529489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 17539489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_EXIST, targetUid)) { 1754b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1755b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1756b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 175707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1758655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 175907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1760655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 176107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 176207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 176307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1764298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1765298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 1766e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker int32_t list(const String16& prefix, int targetUid, Vector<String16>* matches) { 17679489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 1768e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker if (!checkBinderPermission(P_LIST, targetUid)) { 1769b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1770b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 177107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 prefix8(prefix); 1772655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUid(prefix8, targetUid)); 177307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1774e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker if (mKeyStore->list(filename, matches, get_user_id(targetUid)) != ::NO_ERROR) { 17754b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 177607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 177707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1778298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1779298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 178007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t reset() { 17819489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_RESET)) { 178207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 178307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1784a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 17859489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 178696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker mKeyStore->resetUser(get_user_id(callingUid), false); 178796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return ::NO_ERROR; 1788a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1789a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 179096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker int32_t onUserPasswordChanged(int32_t userId, const String16& password) { 17919489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_PASSWORD)) { 179207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 179307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1794a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 179507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 password8(password); 179696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // Flush the auth token table to prevent stale tokens from sticking 179796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // around. 179896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker mAuthTokenTable.Clear(); 179996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker 180096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (password.size() == 0) { 180196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker ALOGI("Secure lockscreen for user %d removed, deleting encrypted entries", userId); 180272593ee807e89239d98ae08d32c733ecc08203baChad Brubaker mKeyStore->resetUser(userId, true); 180396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return ::NO_ERROR; 180496d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } else { 180572593ee807e89239d98ae08d32c733ecc08203baChad Brubaker switch (mKeyStore->getState(userId)) { 180696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker case ::STATE_UNINITIALIZED: { 180796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // generate master key, encrypt with password, write to file, 180896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // initialize mMasterKey*. 180972593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return mKeyStore->initializeUser(password8, userId); 181096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 181196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker case ::STATE_NO_ERROR: { 181296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // rewrite master key with new password. 181372593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return mKeyStore->writeMasterKey(password8, userId); 181496d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 181596d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker case ::STATE_LOCKED: { 181696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker ALOGE("Changing user %d's password while locked, clearing old encryption", 181796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker userId); 181872593ee807e89239d98ae08d32c733ecc08203baChad Brubaker mKeyStore->resetUser(userId, true); 181972593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return mKeyStore->initializeUser(password8, userId); 182096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 182107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 182296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return ::SYSTEM_ERROR; 182307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 182407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1825a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1826c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker int32_t onUserAdded(int32_t userId, int32_t parentId) { 1827c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker if (!checkBinderPermission(P_USER_CHANGED)) { 1828c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker return ::PERMISSION_DENIED; 1829c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker } 1830c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker 1831c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker // Sanity check that the new user has an empty keystore. 1832c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker if (!mKeyStore->isEmpty(userId)) { 1833c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker ALOGW("New user %d's keystore not empty. Clearing old entries.", userId); 1834c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker } 1835c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker // Unconditionally clear the keystore, just to be safe. 1836c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker mKeyStore->resetUser(userId, false); 1837c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker 1838c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker // If the user has a parent user then use the parent's 1839c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker // masterkey/password, otherwise there's nothing to do. 1840c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker if (parentId != -1) { 1841c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker return mKeyStore->copyMasterKey(parentId, userId); 1842c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker } else { 1843c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker return ::NO_ERROR; 1844c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker } 1845c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker } 1846c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker 1847c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker int32_t onUserRemoved(int32_t userId) { 1848c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker if (!checkBinderPermission(P_USER_CHANGED)) { 1849c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker return ::PERMISSION_DENIED; 1850c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker } 1851c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker 1852c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker mKeyStore->resetUser(userId, false); 1853c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker return ::NO_ERROR; 1854c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker } 1855c0f031a867a6c3fa05732fcd72bd284d56073cf8Chad Brubaker 1856e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker int32_t lock(int32_t userId) { 18579489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_LOCK)) { 185807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 185907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 186007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 186172593ee807e89239d98ae08d32c733ecc08203baChad Brubaker State state = mKeyStore->getState(userId); 18629d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (state != ::STATE_NO_ERROR) { 186307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling lock in state: %d", state); 186407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 186507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 186670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 186772593ee807e89239d98ae08d32c733ecc08203baChad Brubaker mKeyStore->lock(userId); 186807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 186970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1870a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 187196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker int32_t unlock(int32_t userId, const String16& pw) { 18729489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_UNLOCK)) { 187307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 187407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 187507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 187672593ee807e89239d98ae08d32c733ecc08203baChad Brubaker State state = mKeyStore->getState(userId); 18779d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (state != ::STATE_LOCKED) { 187896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker ALOGI("calling unlock when not locked, ignoring."); 187907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 188007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 188107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 188207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 password8(pw); 188396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // read master key, decrypt with password, initialize mMasterKey*. 188472593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return mKeyStore->readMasterKey(password8, userId); 188570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 188670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1887e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker bool isEmpty(int32_t userId) { 1888e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker if (!checkBinderPermission(P_IS_EMPTY)) { 1889e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker return false; 189007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 189170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1892e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker return mKeyStore->isEmpty(userId); 189370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 189470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 189596427baf0094d50047049d329b0779c3c910402cKenny Root int32_t generate(const String16& name, int32_t targetUid, int32_t keyType, int32_t keySize, 189696427baf0094d50047049d329b0779c3c910402cKenny Root int32_t flags, Vector<sp<KeystoreArg> >* args) { 18979489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 18989489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, 18999489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 19009489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 19019489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 190207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 190307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uint8_t* data; 190407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t dataLength; 190507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int rc; 190617208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback = false; 190770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 190867d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 190967d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 191007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 191107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 191207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 191370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 191407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->generate_keypair == NULL) { 191507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 191607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 191770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 191817208e0de5a42722901d803118745cca25fd10c1Kenny Root if (keyType == EVP_PKEY_DSA) { 191996427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_dsa_keygen_params_t dsa_params; 192096427baf0094d50047049d329b0779c3c910402cKenny Root memset(&dsa_params, '\0', sizeof(dsa_params)); 192196427baf0094d50047049d329b0779c3c910402cKenny Root 192296427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 192396427baf0094d50047049d329b0779c3c910402cKenny Root keySize = DSA_DEFAULT_KEY_SIZE; 192496427baf0094d50047049d329b0779c3c910402cKenny Root } else if ((keySize % 64) != 0 || keySize < DSA_MIN_KEY_SIZE 192596427baf0094d50047049d329b0779c3c910402cKenny Root || keySize > DSA_MAX_KEY_SIZE) { 192696427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 192796427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 192896427baf0094d50047049d329b0779c3c910402cKenny Root } 192996427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.key_size = keySize; 193096427baf0094d50047049d329b0779c3c910402cKenny Root 193196427baf0094d50047049d329b0779c3c910402cKenny Root if (args->size() == 3) { 193296427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> gArg = args->itemAt(0); 193396427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> pArg = args->itemAt(1); 193496427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> qArg = args->itemAt(2); 193596427baf0094d50047049d329b0779c3c910402cKenny Root 193696427baf0094d50047049d329b0779c3c910402cKenny Root if (gArg != NULL && pArg != NULL && qArg != NULL) { 193796427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.generator = reinterpret_cast<const uint8_t*>(gArg->data()); 193896427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.generator_len = gArg->size(); 193996427baf0094d50047049d329b0779c3c910402cKenny Root 194096427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_p = reinterpret_cast<const uint8_t*>(pArg->data()); 194196427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_p_len = pArg->size(); 194296427baf0094d50047049d329b0779c3c910402cKenny Root 194396427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_q = reinterpret_cast<const uint8_t*>(qArg->data()); 194496427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_q_len = qArg->size(); 194596427baf0094d50047049d329b0779c3c910402cKenny Root } else { 194696427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("not all DSA parameters were read"); 194796427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 194896427baf0094d50047049d329b0779c3c910402cKenny Root } 194996427baf0094d50047049d329b0779c3c910402cKenny Root } else if (args->size() != 0) { 195096427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("DSA args must be 3"); 195196427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 195296427baf0094d50047049d329b0779c3c910402cKenny Root } 195396427baf0094d50047049d329b0779c3c910402cKenny Root 19541d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (isKeyTypeSupported(device, TYPE_DSA)) { 195517208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = device->generate_keypair(device, TYPE_DSA, &dsa_params, &data, &dataLength); 195617208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 195717208e0de5a42722901d803118745cca25fd10c1Kenny Root isFallback = true; 1958fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = fallback->generate_keypair(fallback, TYPE_DSA, &dsa_params, &data, 1959fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker &dataLength); 196017208e0de5a42722901d803118745cca25fd10c1Kenny Root } 196117208e0de5a42722901d803118745cca25fd10c1Kenny Root } else if (keyType == EVP_PKEY_EC) { 196296427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_ec_keygen_params_t ec_params; 196396427baf0094d50047049d329b0779c3c910402cKenny Root memset(&ec_params, '\0', sizeof(ec_params)); 196496427baf0094d50047049d329b0779c3c910402cKenny Root 196596427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 196696427baf0094d50047049d329b0779c3c910402cKenny Root keySize = EC_DEFAULT_KEY_SIZE; 196796427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) { 196896427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 196996427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 197096427baf0094d50047049d329b0779c3c910402cKenny Root } 197196427baf0094d50047049d329b0779c3c910402cKenny Root ec_params.field_size = keySize; 197296427baf0094d50047049d329b0779c3c910402cKenny Root 19731d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (isKeyTypeSupported(device, TYPE_EC)) { 197417208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = device->generate_keypair(device, TYPE_EC, &ec_params, &data, &dataLength); 197517208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 197617208e0de5a42722901d803118745cca25fd10c1Kenny Root isFallback = true; 1977fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = fallback->generate_keypair(fallback, TYPE_EC, &ec_params, &data, &dataLength); 197817208e0de5a42722901d803118745cca25fd10c1Kenny Root } 197996427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keyType == EVP_PKEY_RSA) { 198096427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_rsa_keygen_params_t rsa_params; 198196427baf0094d50047049d329b0779c3c910402cKenny Root memset(&rsa_params, '\0', sizeof(rsa_params)); 198296427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.public_exponent = RSA_DEFAULT_EXPONENT; 198396427baf0094d50047049d329b0779c3c910402cKenny Root 198496427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 198596427baf0094d50047049d329b0779c3c910402cKenny Root keySize = RSA_DEFAULT_KEY_SIZE; 198696427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keySize < RSA_MIN_KEY_SIZE || keySize > RSA_MAX_KEY_SIZE) { 198796427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 198896427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 198996427baf0094d50047049d329b0779c3c910402cKenny Root } 199096427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.modulus_size = keySize; 199196427baf0094d50047049d329b0779c3c910402cKenny Root 199296427baf0094d50047049d329b0779c3c910402cKenny Root if (args->size() > 1) { 19936489e02e134e4779d35c4a340ff68ad445fde133Matteo Franchin ALOGI("invalid number of arguments: %zu", args->size()); 199496427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 199596427baf0094d50047049d329b0779c3c910402cKenny Root } else if (args->size() == 1) { 199696427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> pubExpBlob = args->itemAt(0); 199796427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExpBlob != NULL) { 199896427baf0094d50047049d329b0779c3c910402cKenny Root Unique_BIGNUM pubExpBn( 199996427baf0094d50047049d329b0779c3c910402cKenny Root BN_bin2bn(reinterpret_cast<const unsigned char*>(pubExpBlob->data()), 200096427baf0094d50047049d329b0779c3c910402cKenny Root pubExpBlob->size(), NULL)); 200196427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExpBn.get() == NULL) { 200296427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("Could not convert public exponent to BN"); 200396427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 200496427baf0094d50047049d329b0779c3c910402cKenny Root } 200596427baf0094d50047049d329b0779c3c910402cKenny Root unsigned long pubExp = BN_get_word(pubExpBn.get()); 200696427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExp == 0xFFFFFFFFL) { 200796427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("cannot represent public exponent as a long value"); 200896427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 200996427baf0094d50047049d329b0779c3c910402cKenny Root } 201096427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.public_exponent = pubExp; 201196427baf0094d50047049d329b0779c3c910402cKenny Root } 201296427baf0094d50047049d329b0779c3c910402cKenny Root } 201396427baf0094d50047049d329b0779c3c910402cKenny Root 201496427baf0094d50047049d329b0779c3c910402cKenny Root rc = device->generate_keypair(device, TYPE_RSA, &rsa_params, &data, &dataLength); 201596427baf0094d50047049d329b0779c3c910402cKenny Root } else { 201696427baf0094d50047049d329b0779c3c910402cKenny Root ALOGW("Unsupported key type %d", keyType); 201796427baf0094d50047049d329b0779c3c910402cKenny Root rc = -1; 201896427baf0094d50047049d329b0779c3c910402cKenny Root } 201970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 202007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 202107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 202207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 202370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2024655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 name8(name); 20259489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 202670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 202707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR); 202807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root free(data); 202907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2030ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 203117208e0de5a42722901d803118745cca25fd10c1Kenny Root keyBlob.setFallback(isFallback); 203217208e0de5a42722901d803118745cca25fd10c1Kenny Root 203372593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return mKeyStore->put(filename.string(), &keyBlob, get_user_id(targetUid)); 203470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 203570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2036f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t import(const String16& name, const uint8_t* data, size_t length, int targetUid, 2037f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 20389489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 20399489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, 20409489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 20419489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 20429489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 204307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 204407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 204560898896c3f3b2245d10076cac64346c956dbaa5Kenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 204670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 204772593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return mKeyStore->importKey(data, length, filename.string(), get_user_id(targetUid), 204872593ee807e89239d98ae08d32c733ecc08203baChad Brubaker flags); 204970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 205070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 205107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out, 205207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t* outLength) { 20539489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_SIGN)) { 205407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 205507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 20569a53d3eaf42104ddf02feeccec3cf7f5c1a34baeKenny Root 20579489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 205807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 205907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 206070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2061d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGV("sign %s from uid %d", name8.string(), callingUid); 206270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2063655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2064d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ::TYPE_KEY_PAIR); 206507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 206607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 206707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 206870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 206967d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 207007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 207107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("no keymaster device; cannot sign"); 207207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 207307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 207470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 207507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->sign_data == NULL) { 207607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("device doesn't implement signing"); 207707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 207807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 207970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 208007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_rsa_sign_params_t params; 208107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.digest_type = DIGEST_NONE; 208207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.padding_type = PADDING_NONE; 20839489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int rc = device->sign_data(device, ¶ms, keyBlob.getValue(), keyBlob.getLength(), data, 2084fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker length, out, outLength); 208507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 208607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGW("device couldn't sign data"); 208707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 208807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 208970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 209007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 209170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 209270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 209307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t verify(const String16& name, const uint8_t* data, size_t dataLength, 209407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const uint8_t* signature, size_t signatureLength) { 20959489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_VERIFY)) { 209607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 209707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 209870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 20999489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 210007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 210107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 210207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int rc; 210370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2104655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2105494689083467ec372a58f094f041c8f102f39393Kenny Root TYPE_KEY_PAIR); 210607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 210707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 210807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 210970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 211067d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 211107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 211207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 211307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 211470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 211507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->verify_data == NULL) { 211607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 211707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 211807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 211907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_rsa_sign_params_t params; 212007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.digest_type = DIGEST_NONE; 212107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.padding_type = PADDING_NONE; 212270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2123fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = device->verify_data(device, ¶ms, keyBlob.getValue(), keyBlob.getLength(), data, 2124fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker dataLength, signature, signatureLength); 212507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 212607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 212707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } else { 212807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 212907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 213070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 213170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 213207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 213307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * TODO: The abstraction between things stored in hardware and regular blobs 213407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * of data stored on the filesystem should be moved down to keystore itself. 213507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Unfortunately the Java code that calls this has naming conventions that it 213607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * knows about. Ideally keystore shouldn't be used to store random blobs of 213707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * data. 213807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * 213907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Until that happens, it's necessary to have a separate "get_pubkey" and 214007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * "del_key" since the Java code doesn't really communicate what it's 214107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * intentions are. 214207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 214307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) { 2144d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 21459489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_GET)) { 2146d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: get_pubkey", callingUid); 214707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 214807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 214970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 215007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 215107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 215270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2153d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGV("get_pubkey '%s' from uid %d", name8.string(), callingUid); 215470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2155655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 215607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root TYPE_KEY_PAIR); 215707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 215807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 215907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 216070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 216167d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 216207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 216307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 216407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 216570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 216607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->get_keypair_public == NULL) { 216707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("device has no get_keypair_public implementation!"); 216807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 216907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 2170344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 217117208e0de5a42722901d803118745cca25fd10c1Kenny Root int rc; 2172fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = device->get_keypair_public(device, keyBlob.getValue(), keyBlob.getLength(), pubkey, 2173fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker pubkeyLength); 217407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 217507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 217607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 2177344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 217807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 2179344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root } 2180344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 218107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t grant(const String16& name, int32_t granteeUid) { 2182d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 21839489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_GRANT); 21849489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 21859489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 218607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 218707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 218807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2189655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 219007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2191655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 219207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 219307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 219407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2195655b958eb2180c7c06889f83f606d23421bf038cKenny Root mKeyStore->addGrant(filename.string(), granteeUid); 219607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 2197a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 219807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 219907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t ungrant(const String16& name, int32_t granteeUid) { 2200d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 22019489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_GRANT); 22029489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 22039489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 220407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 220507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 220607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2207655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 220807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2209655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 221007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 221107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 221207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2213655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->removeGrant(filename.string(), granteeUid) ? ::NO_ERROR : ::KEY_NOT_FOUND; 2214a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 221507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 221607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int64_t getmtime(const String16& name) { 2217d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 22189489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_GET)) { 2219d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: getmtime", callingUid); 222036a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 222107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 222207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 222307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2224655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 222507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2226655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 2227655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not access %s for getmtime", filename.string()); 222836a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 2229a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 223007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2231655b958eb2180c7c06889f83f606d23421bf038cKenny Root int fd = TEMP_FAILURE_RETRY(open(filename.string(), O_NOFOLLOW, O_RDONLY)); 223207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (fd < 0) { 2233655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not open %s for getmtime", filename.string()); 223436a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 223507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 223607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 223707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct stat s; 223807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int ret = fstat(fd, &s); 223907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root close(fd); 224007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (ret == -1) { 2241655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not stat %s for getmtime", filename.string()); 224236a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 224307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 224407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 224536a9e231e03734cd2143383d26388455c1764e17Kenny Root return static_cast<int64_t>(s.st_mtime); 2246a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 224707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2248d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, 2249d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root int32_t destUid) { 22500225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2251eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2252eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_DUPLICATE, spid)) { 2253d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGW("permission denied for %d: duplicate", callingUid); 22540225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return -1L; 22550225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22560225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 225772593ee807e89239d98ae08d32c733ecc08203baChad Brubaker State state = mKeyStore->getState(get_user_id(callingUid)); 22580225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root if (!isKeystoreUnlocked(state)) { 2259d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("calling duplicate in state: %d", state); 22600225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return state; 22610225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22620225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2263d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (srcUid == -1 || static_cast<uid_t>(srcUid) == callingUid) { 2264d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root srcUid = callingUid; 2265d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } else if (!is_granted_to(callingUid, srcUid)) { 2266d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("migrate not granted from source: %d -> %d", callingUid, srcUid); 22670225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return ::PERMISSION_DENIED; 22680225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22690225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2270d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (destUid == -1) { 2271d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root destUid = callingUid; 2272d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 22730225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2274d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (srcUid != destUid) { 2275d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (static_cast<uid_t>(srcUid) != callingUid) { 2276d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("can only duplicate from caller to other or to same uid: " 2277d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root "calling=%d, srcUid=%d, destUid=%d", callingUid, srcUid, destUid); 2278d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return ::PERMISSION_DENIED; 2279d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 22800225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2281d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (!is_granted_to(callingUid, destUid)) { 2282d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("duplicate not granted to dest: %d -> %d", callingUid, destUid); 2283d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return ::PERMISSION_DENIED; 2284d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 22850225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22860225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2287d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root String8 source8(srcKey); 2288655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 sourceFile(mKeyStore->getKeyNameForUidWithDir(source8, srcUid)); 2289d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root 2290d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root String8 target8(destKey); 2291fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root String8 targetFile(mKeyStore->getKeyNameForUidWithDir(target8, destUid)); 22920225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2293655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(targetFile.string(), W_OK) != -1 || errno != ENOENT) { 2294655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGD("destination already exists: %s", targetFile.string()); 22950225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return ::SYSTEM_ERROR; 22960225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22970225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2298d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root Blob keyBlob; 2299655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->get(sourceFile.string(), &keyBlob, TYPE_ANY, 230072593ee807e89239d98ae08d32c733ecc08203baChad Brubaker get_user_id(srcUid)); 2301d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (responseCode != ::NO_ERROR) { 2302d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return responseCode; 23030225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 2304d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root 230572593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return mKeyStore->put(targetFile.string(), &keyBlob, get_user_id(destUid)); 23060225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 23070225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 23081b0e3933900c7ea21189704d5db64e7346aee7afKenny Root int32_t is_hardware_backed(const String16& keyType) { 23091b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return mKeyStore->isHardwareBacked(keyType) ? 1 : 0; 23108ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root } 23118ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root 2312fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root int32_t clear_uid(int64_t targetUid64) { 23139489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t targetUid = getEffectiveUid(targetUid64); 2314b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker if (!checkBinderPermissionSelfOrSystem(P_CLEAR_UID, targetUid)) { 2315a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root return ::PERMISSION_DENIED; 2316a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2317a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 23184b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 prefix = String8::format("%u_", targetUid); 23194b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee Vector<String16> aliases; 2320e6c3bfa8d39c7addbfbac0b2df63b0067bb664d8Chad Brubaker if (mKeyStore->list(prefix, &aliases, get_user_id(targetUid)) != ::NO_ERROR) { 2321a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root return ::SYSTEM_ERROR; 2322a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2323a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 23244b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee for (uint32_t i = 0; i < aliases.size(); i++) { 23254b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 name8(aliases[i]); 23264b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 232772593ee807e89239d98ae08d32c733ecc08203baChad Brubaker mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(targetUid)); 2328a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 23294b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::NO_ERROR; 2330a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2331a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 23329c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t addRngEntropy(const uint8_t* data, size_t dataLength) { 23339c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 23349c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 23359c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t devResult = KM_ERROR_UNIMPLEMENTED; 23369c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t fallbackResult = KM_ERROR_UNIMPLEMENTED; 23379c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 23389c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker device->add_rng_entropy != NULL) { 23399c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker devResult = device->add_rng_entropy(device, data, dataLength); 23409c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23419c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (fallback->add_rng_entropy) { 23429c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker fallbackResult = fallback->add_rng_entropy(fallback, data, dataLength); 23439c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23449c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (devResult) { 23459c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return devResult; 23469c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23479c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (fallbackResult) { 23489c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return fallbackResult; 23499c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23509c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return ::NO_ERROR; 23519899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 23529899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 235317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker int32_t generateKey(const String16& name, const KeymasterArguments& params, 2354154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker const uint8_t* entropy, size_t entropyLength, int uid, int flags, 2355154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker KeyCharacteristics* outCharacteristics) { 23569489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid = getEffectiveUid(uid); 23579489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int rc = checkBinderPermissionAndKeystoreState(P_INSERT, uid, 23589489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 23599489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (rc != ::NO_ERROR) { 23609489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return rc; 236117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 236217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 23639489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 236417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker bool isFallback = false; 236517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_blob_t blob; 236617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_characteristics_t *out = NULL; 236717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 236817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 236917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 237057e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker std::vector<keymaster_key_param_t> opParams(params.params); 237157e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker const keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; 237217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (device == NULL) { 237317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return ::SYSTEM_ERROR; 237417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 2375154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker // TODO: Seed from Linux RNG before this. 237617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 237717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker device->generate_key != NULL) { 2378154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (!entropy) { 2379154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_OK; 2380154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else if (device->add_rng_entropy) { 2381154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = device->add_rng_entropy(device, entropy, entropyLength); 2382154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2383154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 2384154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2385154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (rc == KM_ERROR_OK) { 238657e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker rc = device->generate_key(device, &inParams, &blob, &out); 2387154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 238817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 238917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker // If the HW device didn't support generate_key or generate_key failed 239017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker // fall back to the software implementation. 239117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (rc && fallback->generate_key != NULL) { 239217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker isFallback = true; 2393154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (!entropy) { 2394154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_OK; 2395154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else if (fallback->add_rng_entropy) { 2396154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = fallback->add_rng_entropy(fallback, entropy, entropyLength); 2397154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2398154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 2399154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2400154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (rc == KM_ERROR_OK) { 240157e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker rc = fallback->generate_key(fallback, &inParams, &blob, &out); 2402154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 240317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 240417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 240517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (out) { 240617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (outCharacteristics) { 240717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker outCharacteristics->characteristics = *out; 240817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } else { 240917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_free_characteristics(out); 241017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 241117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker free(out); 241217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 241317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 241417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (rc) { 241517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return rc; 241617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 241717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 241817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker String8 name8(name); 241917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid)); 242017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 242117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker Blob keyBlob(blob.key_material, blob.key_material_size, NULL, 0, ::TYPE_KEYMASTER_10); 242217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keyBlob.setFallback(isFallback); 242317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 242417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 242517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker free(const_cast<uint8_t*>(blob.key_material)); 242617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 242772593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return mKeyStore->put(filename.string(), &keyBlob, get_user_id(uid)); 24289899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24299899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 2430f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker int32_t getKeyCharacteristics(const String16& name, 2431d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* clientId, 2432d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* appData, 2433f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker KeyCharacteristics* outCharacteristics) { 2434f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (!outCharacteristics) { 2435f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return KM_ERROR_UNEXPECTED_NULL_POINTER; 2436f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2437f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2438f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2439f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2440f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker Blob keyBlob; 2441f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker String8 name8(name); 2442f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker int rc; 2443f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2444f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2445f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker TYPE_KEYMASTER_10); 2446f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (responseCode != ::NO_ERROR) { 2447f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return responseCode; 2448f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2449f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster_key_blob_t key; 2450f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker key.key_material_size = keyBlob.getLength(); 2451f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker key.key_material = keyBlob.getValue(); 2452f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 2453f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster_key_characteristics_t *out = NULL; 2454f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (!dev->get_key_characteristics) { 2455f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker ALOGW("device does not implement get_key_characteristics"); 2456f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return KM_ERROR_UNIMPLEMENTED; 2457f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2458d663442b590b59250062335cc057478001b8e439Chad Brubaker rc = dev->get_key_characteristics(dev, &key, clientId, appData, &out); 2459f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (out) { 2460f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker outCharacteristics->characteristics = *out; 2461f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker free(out); 2462f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2463f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return rc ? rc : ::NO_ERROR; 24649899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24659899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 24664c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker int32_t importKey(const String16& name, const KeymasterArguments& params, 24674c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_format_t format, const uint8_t *keyData, 24684c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker size_t keyLength, int uid, int flags, 24694c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker KeyCharacteristics* outCharacteristics) { 24709489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid = getEffectiveUid(uid); 24719489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int rc = checkBinderPermissionAndKeystoreState(P_INSERT, uid, 24729489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 24739489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (rc != ::NO_ERROR) { 24749489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return rc; 24754c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24764c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24779489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 24784c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker bool isFallback = false; 24794c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_blob_t blob; 24804c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_characteristics_t *out = NULL; 24814c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24824c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 24834c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 248457e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker std::vector<keymaster_key_param_t> opParams(params.params); 248557e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker const keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; 248657e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker const keymaster_blob_t input = {keyData, keyLength}; 24874c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (device == NULL) { 24884c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return ::SYSTEM_ERROR; 24894c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24904c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 24914c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker device->import_key != NULL) { 249257e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker rc = device->import_key(device, &inParams, format,&input, &blob, &out); 24934c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24944c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (rc && fallback->import_key != NULL) { 24954c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker isFallback = true; 249657e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker rc = fallback->import_key(fallback, &inParams, format, &input, &blob, &out); 24974c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24984c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (out) { 24994c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (outCharacteristics) { 25004c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker outCharacteristics->characteristics = *out; 25014c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } else { 25024c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_free_characteristics(out); 25034c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 25044c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker free(out); 25054c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 25064c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (rc) { 25074c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return rc; 25084c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 25094c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 25104c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker String8 name8(name); 25114c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid)); 25124c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 25134c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker Blob keyBlob(blob.key_material, blob.key_material_size, NULL, 0, ::TYPE_KEYMASTER_10); 25144c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keyBlob.setFallback(isFallback); 25154c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 25164c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 25174c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker free((void*) blob.key_material); 25184c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 251972593ee807e89239d98ae08d32c733ecc08203baChad Brubaker return mKeyStore->put(filename.string(), &keyBlob, get_user_id(uid)); 25209899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 25219899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 252207b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker void exportKey(const String16& name, keymaster_key_format_t format, 2523d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* clientId, 2524d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* appData, ExportResult* result) { 252507b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 252607b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 252707b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 252807b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker Blob keyBlob; 252907b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker String8 name8(name); 253007b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker int rc; 253107b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 253207b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 253307b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker TYPE_KEYMASTER_10); 253407b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker if (responseCode != ::NO_ERROR) { 253507b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = responseCode; 253607b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker return; 253707b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker } 253807b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker keymaster_key_blob_t key; 253907b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker key.key_material_size = keyBlob.getLength(); 254007b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker key.key_material = keyBlob.getValue(); 254107b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 254207b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker if (!dev->export_key) { 254307b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = KM_ERROR_UNIMPLEMENTED; 254407b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker return; 254507b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker } 254657e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker keymaster_blob_t output = {NULL, 0}; 254757e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker rc = dev->export_key(dev, format, &key, clientId, appData, &output); 254857e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker result->exportData.reset(const_cast<uint8_t*>(output.data)); 254957e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker result->dataLength = output.data_length; 255007b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = rc ? rc : ::NO_ERROR; 25519899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 25529899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 2553ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker 255440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void begin(const sp<IBinder>& appToken, const String16& name, keymaster_purpose_t purpose, 2555154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker bool pruneable, const KeymasterArguments& params, const uint8_t* entropy, 255657e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker size_t entropyLength, OperationResult* result) { 255740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 255840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!pruneable && get_app_id(callingUid) != AID_SYSTEM) { 255940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ALOGE("Non-system uid %d trying to start non-pruneable operation", callingUid); 256040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = ::PERMISSION_DENIED; 256140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 256240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 25630cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!checkAllowedOperationParams(params.params)) { 25640cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = KM_ERROR_INVALID_ARGUMENT; 25650cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return; 25660cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 256740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker Blob keyBlob; 256840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker String8 name8(name); 256940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 257040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker TYPE_KEYMASTER_10); 257140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (responseCode != ::NO_ERROR) { 257240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = responseCode; 257340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 257440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 257540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_key_blob_t key; 257640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker key.key_material_size = keyBlob.getLength(); 257740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker key.key_material = keyBlob.getValue(); 257840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 257940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 2580154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker keymaster_error_t err = KM_ERROR_UNIMPLEMENTED; 258106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> opParams(params.params); 2582ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker Unique_keymaster_key_characteristics characteristics; 2583ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker characteristics.reset(new keymaster_key_characteristics_t); 2584ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker err = getOperationCharacteristics(key, dev, opParams, characteristics.get()); 2585ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker if (err) { 2586ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker result->resultCode = err; 2587ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker return; 2588ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker } 25890cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t* authToken = NULL; 25900cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t authResult = getAuthToken(characteristics.get(), 0, &authToken, 259106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker /*failOnTokenMissing*/ false); 25920cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // If per-operation auth is needed we need to begin the operation and 25930cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // the client will need to authorize that operation before calling 25940cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // update. Any other auth issues stop here. 25950cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authResult != ::NO_ERROR && authResult != ::OP_AUTH_NEEDED) { 25960cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = authResult; 259706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return; 259806801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 25990cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker addAuthToParams(&opParams, authToken); 2600154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker // Add entropy to the device first. 2601154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (entropy) { 2602154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (dev->add_rng_entropy) { 2603154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker err = dev->add_rng_entropy(dev, entropy, entropyLength); 2604154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2605154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker err = KM_ERROR_UNIMPLEMENTED; 2606154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2607154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (err) { 2608154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker result->resultCode = err; 2609154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker return; 2610154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2611154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 261257e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; 261357e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker keymaster_key_param_set_t outParams = {NULL, 0}; 261457e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker err = dev->begin(dev, purpose, &key, &inParams, &outParams, &handle); 261540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 261640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // If there are too many operations abort the oldest operation that was 261740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // started as pruneable and try again. 261840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker while (err == KM_ERROR_TOO_MANY_OPERATIONS && mOperationMap.hasPruneableOperation()) { 261940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker sp<IBinder> oldest = mOperationMap.getOldestPruneableOperation(); 262040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ALOGD("Ran out of operation handles, trying to prune %p", oldest.get()); 262140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (abort(oldest) != ::NO_ERROR) { 262240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker break; 262340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 262457e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker err = dev->begin(dev, purpose, &key, &inParams, &outParams, &handle); 262540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 262640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (err) { 262740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err; 262840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 262940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 26309899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 2631ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker sp<IBinder> operationToken = mOperationMap.addOperation(handle, dev, appToken, 2632ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker characteristics.release(), 263306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker pruneable); 26340cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authToken) { 26350cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker mOperationMap.setOperationAuthToken(operationToken, authToken); 26360cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 26370cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // Return the authentication lookup result. If this is a per operation 26380cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // auth'd key then the resultCode will be ::OP_AUTH_NEEDED and the 26390cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // application should get an auth token using the handle before the 26400cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // first call to update, which will fail if keystore hasn't received the 26410cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // auth token. 26420cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = authResult; 264340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->token = operationToken; 2644c3a1856bbe2e39d5b3430f5f088b12fd710a159fChad Brubaker result->handle = handle; 264557e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker if (outParams.params) { 264657e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker result->outParams.params.assign(outParams.params, outParams.params + outParams.length); 264757e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker free(outParams.params); 264857e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker } 26499899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 26509899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 265140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void update(const sp<IBinder>& token, const KeymasterArguments& params, const uint8_t* data, 265240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t dataLength, OperationResult* result) { 26530cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!checkAllowedOperationParams(params.params)) { 26540cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = KM_ERROR_INVALID_ARGUMENT; 26550cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return; 26560cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 265740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 265840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 26590cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, NULL)) { 266040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = KM_ERROR_INVALID_OPERATION_HANDLE; 266140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 266240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 266306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> opParams(params.params); 26640cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t authResult = addOperationAuthTokenIfNeeded(token, &opParams); 26650cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authResult != ::NO_ERROR) { 266606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker result->resultCode = authResult; 266706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return; 266806801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 266957e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; 267057e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker keymaster_blob_t input = {data, dataLength}; 267157e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker size_t consumed = 0; 267257e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker keymaster_blob_t output = {NULL, 0}; 267357e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker keymaster_key_param_set_t outParams = {NULL, 0}; 267457e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker 267557e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker keymaster_error_t err = dev->update(dev, handle, &inParams, &input, &consumed, &outParams, 267657e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker &output); 267757e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker result->data.reset(const_cast<uint8_t*>(output.data)); 267857e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker result->dataLength = output.data_length; 267940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->inputConsumed = consumed; 268040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err ? (int32_t) err : ::NO_ERROR; 268157e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker if (outParams.params) { 268257e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker result->outParams.params.assign(outParams.params, outParams.params + outParams.length); 268357e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker free(outParams.params); 268457e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker } 268540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 268640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 268740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void finish(const sp<IBinder>& token, const KeymasterArguments& params, 26880d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker const uint8_t* signature, size_t signatureLength, 26890d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker const uint8_t* entropy, size_t entropyLength, OperationResult* result) { 26900cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!checkAllowedOperationParams(params.params)) { 26910cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = KM_ERROR_INVALID_ARGUMENT; 26920cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return; 26930cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 269440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 269540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 26960cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, NULL)) { 269740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = KM_ERROR_INVALID_OPERATION_HANDLE; 269840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 269940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 270006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> opParams(params.params); 27010cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t authResult = addOperationAuthTokenIfNeeded(token, &opParams); 27020cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authResult != ::NO_ERROR) { 270306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker result->resultCode = authResult; 270406801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return; 270506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 27060d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker keymaster_error_t err; 27070d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker if (entropy) { 27080d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker if (dev->add_rng_entropy) { 27090d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker err = dev->add_rng_entropy(dev, entropy, entropyLength); 27100d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker } else { 27110d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker err = KM_ERROR_UNIMPLEMENTED; 27120d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker } 27130d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker if (err) { 27140d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker result->resultCode = err; 27150d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker return; 27160d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker } 27170d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker } 27180cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 271957e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker keymaster_key_param_set_t inParams = {opParams.data(), opParams.size()}; 272057e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker keymaster_blob_t input = {signature, signatureLength}; 272157e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker keymaster_blob_t output = {NULL, 0}; 272257e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker keymaster_key_param_set_t outParams = {NULL, 0}; 27230d33e0babec356b1e69f1f15e8d9fe2ad878762cChad Brubaker err = dev->finish(dev, handle, &inParams, &input, &outParams, &output); 272440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // Remove the operation regardless of the result 272540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap.removeOperation(token); 272606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker mAuthTokenTable.MarkCompleted(handle); 272757e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker 272857e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker result->data.reset(const_cast<uint8_t*>(output.data)); 272957e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker result->dataLength = output.data_length; 273040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err ? (int32_t) err : ::NO_ERROR; 273157e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker if (outParams.params) { 273257e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker result->outParams.params.assign(outParams.params, outParams.params + outParams.length); 273357e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker free(outParams.params); 273457e106dc183744cdc05c62bea11bc285b3346846Chad Brubaker } 273540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 273640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 273740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker int32_t abort(const sp<IBinder>& token) { 273840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 273940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 274006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, NULL)) { 274140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return KM_ERROR_INVALID_OPERATION_HANDLE; 274240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 274340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap.removeOperation(token); 274406801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker int32_t rc; 274540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!dev->abort) { 274606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 274706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } else { 274806801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker rc = dev->abort(dev, handle); 274940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 275006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker mAuthTokenTable.MarkCompleted(handle); 275140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (rc) { 275240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return rc; 275340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 275440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return ::NO_ERROR; 27559899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 27569899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 27572ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker bool isOperationAuthorized(const sp<IBinder>& token) { 27582ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker const keymaster1_device_t* dev; 27592ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker keymaster_operation_handle_t handle; 2760ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker const keymaster_key_characteristics_t* characteristics; 2761ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, &characteristics)) { 27622ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker return false; 27632ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 27640cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t* authToken = NULL; 27650cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker mOperationMap.getOperationAuthToken(token, &authToken); 276606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> ignored; 27670cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t authResult = addOperationAuthTokenIfNeeded(token, &ignored); 27680cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return authResult == ::NO_ERROR; 27692ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 27702ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker 2771d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker int32_t addAuthToken(const uint8_t* token, size_t length) { 27729489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_ADD_AUTH)) { 27739489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker ALOGW("addAuthToken: permission denied for %d", 27749489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker IPCThreadState::self()->getCallingUid()); 2775d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return ::PERMISSION_DENIED; 2776d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker } 2777d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker if (length != sizeof(hw_auth_token_t)) { 2778d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return KM_ERROR_INVALID_ARGUMENT; 2779d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker } 2780d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker hw_auth_token_t* authToken = new hw_auth_token_t; 2781d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker memcpy(reinterpret_cast<void*>(authToken), token, sizeof(hw_auth_token_t)); 2782d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker // The table takes ownership of authToken. 2783d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker mAuthTokenTable.AddAuthenticationToken(authToken); 2784d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return ::NO_ERROR; 27852ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 27862ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker 278707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootprivate: 27889489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker static const int32_t UID_SELF = -1; 27899489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 27909489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 27919489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Get the effective target uid for a binder operation that takes an 27929489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * optional uid as the target. 27939489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 27949489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline uid_t getEffectiveUid(int32_t targetUid) { 27959489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (targetUid == UID_SELF) { 27969489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return IPCThreadState::self()->getCallingUid(); 27979489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 27989489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return static_cast<uid_t>(targetUid); 27999489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28009489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28019489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 28029489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Check if the caller of the current binder method has the required 28039489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * permission and if acting on other uids the grants to do so. 28049489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 28059489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF) { 28069489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 28079489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker pid_t spid = IPCThreadState::self()->getCallingPid(); 28089489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!has_permission(callingUid, permission, spid)) { 28099489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid); 28109489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return false; 28119489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28129489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!is_granted_to(callingUid, getEffectiveUid(targetUid))) { 28139489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker ALOGW("uid %d not granted to act for %d", callingUid, targetUid); 28149489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return false; 28159489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28169489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return true; 28179489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28189489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28199489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 28209489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Check if the caller of the current binder method has the required 2821b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker * permission and the target uid is the caller or the caller is system. 2822b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker */ 2823b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker inline bool checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid) { 2824b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2825b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker pid_t spid = IPCThreadState::self()->getCallingPid(); 2826b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker if (!has_permission(callingUid, permission, spid)) { 2827b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid); 2828b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker return false; 2829b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker } 2830b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker return getEffectiveUid(targetUid) == callingUid || callingUid == AID_SYSTEM; 2831b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker } 2832b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker 2833b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker /** 2834b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker * Check if the caller of the current binder method has the required 28359489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * permission or the target of the operation is the caller's uid. This is 28369489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * for operation where the permission is only for cross-uid activity and all 28379489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * uids are allowed to act on their own (ie: clearing all entries for a 28389489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * given uid). 28399489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 28409489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid) { 28419489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 28429489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (getEffectiveUid(targetUid) == callingUid) { 28439489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return true; 28449489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } else { 28459489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return checkBinderPermission(permission, targetUid); 28469489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28479489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28489489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28499489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 28509489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Helper method to check that the caller has the required permission as 28519489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * well as the keystore is in the unlocked state if checkUnlocked is true. 28529489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * 28539489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and 28549489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * otherwise the state of keystore when not unlocked and checkUnlocked is 28559489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * true. 28569489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 28579489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline int32_t checkBinderPermissionAndKeystoreState(perm_t permission, int32_t targetUid = -1, 28589489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker bool checkUnlocked = true) { 28599489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(permission, targetUid)) { 28609489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return ::PERMISSION_DENIED; 28619489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 286272593ee807e89239d98ae08d32c733ecc08203baChad Brubaker State state = mKeyStore->getState(get_user_id(getEffectiveUid(targetUid))); 28639489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (checkUnlocked && !isKeystoreUnlocked(state)) { 28649489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return state; 28659489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28669489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28679489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return ::NO_ERROR; 28689489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28699489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28709489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28719d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root inline bool isKeystoreUnlocked(State state) { 28729d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root switch (state) { 28739d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_NO_ERROR: 28749d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return true; 28759d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_UNINITIALIZED: 28769d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_LOCKED: 28779d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return false; 28789d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root } 28799d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return false; 2880a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 288107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 288267d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker bool isKeyTypeSupported(const keymaster1_device_t* device, keymaster_keypair_t keyType) { 28831d448c074a86ef5d05a22fdf1358718976628a86Kenny Root const int32_t device_api = device->common.module->module_api_version; 28841d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (device_api == KEYMASTER_MODULE_API_VERSION_0_2) { 28851d448c074a86ef5d05a22fdf1358718976628a86Kenny Root switch (keyType) { 28861d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_RSA: 28871d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_DSA: 28881d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_EC: 28891d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return true; 28901d448c074a86ef5d05a22fdf1358718976628a86Kenny Root default: 28911d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return false; 28921d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28931d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } else if (device_api >= KEYMASTER_MODULE_API_VERSION_0_3) { 28941d448c074a86ef5d05a22fdf1358718976628a86Kenny Root switch (keyType) { 28951d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_RSA: 28961d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return true; 28971d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_DSA: 28981d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return device->flags & KEYMASTER_SUPPORTS_DSA; 28991d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_EC: 29001d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return device->flags & KEYMASTER_SUPPORTS_EC; 29011d448c074a86ef5d05a22fdf1358718976628a86Kenny Root default: 29021d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return false; 29031d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 29041d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } else { 29051d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return keyType == TYPE_RSA; 29061d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 29071d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 29081d448c074a86ef5d05a22fdf1358718976628a86Kenny Root 29090cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker /** 29100cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Check that all keymaster_key_param_t's provided by the application are 29110cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * allowed. Any parameter that keystore adds itself should be disallowed here. 29120cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker */ 29130cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker bool checkAllowedOperationParams(const std::vector<keymaster_key_param_t>& params) { 29140cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker for (auto param: params) { 29150cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker switch (param.tag) { 29160cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case KM_TAG_AUTH_TOKEN: 29170cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return false; 29180cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker default: 29190cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker break; 29200cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29210cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29220cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return true; 29230cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29240cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 29250cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_error_t getOperationCharacteristics(const keymaster_key_blob_t& key, 29260cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const keymaster1_device_t* dev, 29270cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const std::vector<keymaster_key_param_t>& params, 29280cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_key_characteristics_t* out) { 29290cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker UniquePtr<keymaster_blob_t> appId; 29300cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker UniquePtr<keymaster_blob_t> appData; 29310cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker for (auto param : params) { 29320cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (param.tag == KM_TAG_APPLICATION_ID) { 29330cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appId.reset(new keymaster_blob_t); 29340cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appId->data = param.blob.data; 29350cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appId->data_length = param.blob.data_length; 29360cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } else if (param.tag == KM_TAG_APPLICATION_DATA) { 29370cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appData.reset(new keymaster_blob_t); 29380cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appData->data = param.blob.data; 29390cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appData->data_length = param.blob.data_length; 29400cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29410cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29420cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_key_characteristics_t* result = NULL; 29430cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!dev->get_key_characteristics) { 29440cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return KM_ERROR_UNIMPLEMENTED; 29450cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29460cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_error_t error = dev->get_key_characteristics(dev, &key, appId.get(), 29470cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appData.get(), &result); 29480cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (result) { 29490cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker *out = *result; 29500cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker free(result); 29510cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29520cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return error; 29530cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29540cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 29550cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker /** 29560cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Get the auth token for this operation from the auth token table. 29570cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * 29580cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Returns ::NO_ERROR if the auth token was set or none was required. 29590cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * ::OP_AUTH_NEEDED if it is a per op authorization, no 29600cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * authorization token exists for that operation and 29610cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * failOnTokenMissing is false. 29620cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth 29630cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * token for the operation 29640cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker */ 29650cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t getAuthToken(const keymaster_key_characteristics_t* characteristics, 29660cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_operation_handle_t handle, 29670cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t** authToken, 29680cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker bool failOnTokenMissing = true) { 29690cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 29700cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker std::vector<keymaster_key_param_t> allCharacteristics; 29710cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker for (size_t i = 0; i < characteristics->sw_enforced.length; i++) { 29720cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker allCharacteristics.push_back(characteristics->sw_enforced.params[i]); 29730cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29740cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker for (size_t i = 0; i < characteristics->hw_enforced.length; i++) { 29750cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker allCharacteristics.push_back(characteristics->hw_enforced.params[i]); 29760cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29770cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster::AuthTokenTable::Error err = 29780cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker mAuthTokenTable.FindAuthorization(allCharacteristics.data(), 29790cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker allCharacteristics.size(), handle, authToken); 29800cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker switch (err) { 29810cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::OK: 29820cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::AUTH_NOT_REQUIRED: 29830cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return ::NO_ERROR; 29840cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::AUTH_TOKEN_NOT_FOUND: 29850cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::AUTH_TOKEN_EXPIRED: 29860cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::AUTH_TOKEN_WRONG_SID: 29870cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return KM_ERROR_KEY_USER_NOT_AUTHENTICATED; 29880cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::OP_HANDLE_REQUIRED: 29890cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return failOnTokenMissing ? (int32_t) KM_ERROR_KEY_USER_NOT_AUTHENTICATED : 29900cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker (int32_t) ::OP_AUTH_NEEDED; 29910cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker default: 29920cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker ALOGE("Unexpected FindAuthorization return value %d", err); 29930cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return KM_ERROR_INVALID_ARGUMENT; 29940cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29950cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29960cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 29970cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker inline void addAuthToParams(std::vector<keymaster_key_param_t>* params, 29980cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t* token) { 29990cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (token) { 30000cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker params->push_back(keymaster_param_blob(KM_TAG_AUTH_TOKEN, 30010cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker reinterpret_cast<const uint8_t*>(token), 30020cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker sizeof(hw_auth_token_t))); 30030cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 30040cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 30050cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 30060cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker /** 30070cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Add the auth token for the operation to the param list if the operation 30080cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * requires authorization. Uses the cached result in the OperationMap if available 30090cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * otherwise gets the token from the AuthTokenTable and caches the result. 30100cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * 30110cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Returns ::NO_ERROR if the auth token was added or not needed. 30120cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if the operation is not 30130cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * authenticated. 30140cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * KM_ERROR_INVALID_OPERATION_HANDLE if token is not a valid 30150cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * operation token. 30160cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker */ 30170cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t addOperationAuthTokenIfNeeded(sp<IBinder> token, 30180cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker std::vector<keymaster_key_param_t>* params) { 30190cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t* authToken = NULL; 30207169a8470f6539036addf3c960b075af224e83e2Chad Brubaker mOperationMap.getOperationAuthToken(token, &authToken); 30217169a8470f6539036addf3c960b075af224e83e2Chad Brubaker if (!authToken) { 30220cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const keymaster1_device_t* dev; 30230cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_operation_handle_t handle; 30240cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const keymaster_key_characteristics_t* characteristics = NULL; 30250cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, &characteristics)) { 30260cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return KM_ERROR_INVALID_OPERATION_HANDLE; 30270cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 30280cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t result = getAuthToken(characteristics, handle, &authToken); 30290cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (result != ::NO_ERROR) { 30300cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return result; 30310cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 30320cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authToken) { 30330cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker mOperationMap.setOperationAuthToken(token, authToken); 30340cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 30350cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 30360cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker addAuthToParams(params, authToken); 30370cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return ::NO_ERROR; 30380cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 30390cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 304007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ::KeyStore* mKeyStore; 304140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker OperationMap mOperationMap; 3042d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker keymaster::AuthTokenTable mAuthTokenTable; 304307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 304407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 304507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; // namespace android 3046a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 3047a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootint main(int argc, char* argv[]) { 3048a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (argc < 2) { 3049a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("A directory must be specified!"); 3050a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 3051a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 3052a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (chdir(argv[1]) == -1) { 3053a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("chdir: %s: %s", argv[1], strerror(errno)); 3054a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 3055a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 3056a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 3057a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Entropy entropy; 3058a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!entropy.open()) { 3059a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 3060a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 306170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 3062bd07a239085228c25898bc6cdece8b1b8758df83Chad Brubaker keymaster1_device_t* dev; 306370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (keymaster_device_initialize(&dev)) { 306470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("keystore keymaster could not be initialized; exiting"); 306570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return 1; 306670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 306770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 306867d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t* fallback; 3069fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker if (fallback_keymaster_device_initialize(&fallback)) { 3070fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker ALOGE("software keymaster could not be initialized; exiting"); 3071fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return 1; 3072fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 3073fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 3074eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ks_is_selinux_enabled = is_selinux_enabled(); 3075eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (ks_is_selinux_enabled) { 3076eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn union selinux_callback cb; 3077eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn cb.func_log = selinux_log_callback; 3078eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn selinux_set_callback(SELINUX_CB_LOG, cb); 3079eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (getcon(&tctx) != 0) { 3080eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("SELinux: Could not acquire target context. Aborting keystore.\n"); 3081eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return -1; 3082eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 3083eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } else { 3084eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGI("SELinux: Keystore SELinux is disabled.\n"); 3085eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 3086eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 3087bd07a239085228c25898bc6cdece8b1b8758df83Chad Brubaker KeyStore keyStore(&entropy, dev, fallback); 3088655b958eb2180c7c06889f83f606d23421bf038cKenny Root keyStore.initialize(); 308907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::sp<android::IServiceManager> sm = android::defaultServiceManager(); 309007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::sp<android::KeyStoreProxy> proxy = new android::KeyStoreProxy(&keyStore); 309107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::status_t ret = sm->addService(android::String16("android.security.keystore"), proxy); 309207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (ret != android::OK) { 309307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("Couldn't register binder service!"); 309407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return -1; 3095a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 309670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 309707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 309807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * We're the only thread in existence, so we're just going to process 309907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Binder transaction as a single-threaded program. 310007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 310107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::IPCThreadState::self()->joinThreadPool(); 310270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 310307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_device_release(dev); 3104a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 3105a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 3106