keystore.cpp revision 9489b7905acfb27a99dd505364a715f4cf2ab5e6
1a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* 2a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Copyright (C) 2009 The Android Open Source Project 3a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 4a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Licensed under the Apache License, Version 2.0 (the "License"); 5a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * you may not use this file except in compliance with the License. 6a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * You may obtain a copy of the License at 7a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 8a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * http://www.apache.org/licenses/LICENSE-2.0 9a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 10a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Unless required by applicable law or agreed to in writing, software 11a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * distributed under the License is distributed on an "AS IS" BASIS, 12a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * See the License for the specific language governing permissions and 14a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * limitations under the License. 15a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root */ 16a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root//#define LOG_NDEBUG 0 1807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#define LOG_TAG "keystore" 1907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 20a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <stdio.h> 21a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <stdint.h> 22a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <string.h> 23aaf9802da6cea710e0777abb852724e1825cad63Elliott Hughes#include <strings.h> 24a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <unistd.h> 25a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <signal.h> 26a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <errno.h> 27a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <dirent.h> 28655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <errno.h> 29a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <fcntl.h> 30a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <limits.h> 31822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <assert.h> 32a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/types.h> 33a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/socket.h> 34a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/stat.h> 35a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/time.h> 36a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <arpa/inet.h> 37a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 38a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/aes.h> 39822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <openssl/bio.h> 40a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/evp.h> 41a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/md5.h> 42822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <openssl/pem.h> 43a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 44a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willden#include <hardware/keymaster0.h> 4570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 4617208e0de5a42722901d803118745cca25fd10c1Kenny Root#include <keymaster/softkeymaster.h> 47919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker#include <keymaster/soft_keymaster_device.h> 4817208e0de5a42722901d803118745cca25fd10c1Kenny Root 4926cfc08add3966eca5892e3387cf5ed6dc3068fbKenny Root#include <UniquePtr.h> 50655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <utils/String8.h> 51655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <utils/Vector.h> 5270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 5307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <keystore/IKeystoreService.h> 5407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <binder/IPCThreadState.h> 5507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <binder/IServiceManager.h> 5607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 57a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <cutils/log.h> 58a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <cutils/sockets.h> 59a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <private/android_filesystem_config.h> 60a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 6107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <keystore/keystore.h> 62a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 63eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn#include <selinux/android.h> 64eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 65d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker#include "auth_token_table.h" 6696427baf0094d50047049d329b0779c3c910402cKenny Root#include "defaults.h" 6740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker#include "operation.h" 6896427baf0094d50047049d329b0779c3c910402cKenny Root 69a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* KeyStore is a secured storage for key-value pairs. In this implementation, 70a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * each file stores one key-value pair. Keys are encoded in file names, and 71a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * values are encrypted with checksums. The encryption key is protected by a 72a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * user-defined password. To keep things simple, buffers are always larger than 73a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * the maximum space we needed, so boundary checks on buffers are omitted. */ 74a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 75a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define KEY_SIZE ((NAME_MAX - 15) / 2) 76a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define VALUE_SIZE 32768 77a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define PASSWORD_SIZE VALUE_SIZE 78a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 79822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 8096427baf0094d50047049d329b0779c3c910402cKenny Rootstruct BIGNUM_Delete { 8196427baf0094d50047049d329b0779c3c910402cKenny Root void operator()(BIGNUM* p) const { 8296427baf0094d50047049d329b0779c3c910402cKenny Root BN_free(p); 8396427baf0094d50047049d329b0779c3c910402cKenny Root } 8496427baf0094d50047049d329b0779c3c910402cKenny Root}; 8596427baf0094d50047049d329b0779c3c910402cKenny Roottypedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; 8696427baf0094d50047049d329b0779c3c910402cKenny Root 87822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct BIO_Delete { 88822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(BIO* p) const { 89822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root BIO_free(p); 90822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 91822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 92822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<BIO, BIO_Delete> Unique_BIO; 93822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 94822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct EVP_PKEY_Delete { 95822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(EVP_PKEY* p) const { 96822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root EVP_PKEY_free(p); 97822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 98822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 99822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; 100822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 101822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct PKCS8_PRIV_KEY_INFO_Delete { 102822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(PKCS8_PRIV_KEY_INFO* p) const { 103822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root PKCS8_PRIV_KEY_INFO_free(p); 104822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 105822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 106822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; 107822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 108a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willdenstatic int keymaster_device_initialize(keymaster0_device_t** dev) { 10970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root int rc; 11070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 11170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root const hw_module_t* mod; 11270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod); 11370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (rc) { 11470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("could not find any keystore module"); 11570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root goto out; 11670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 11770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 118a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willden rc = keymaster0_open(mod, dev); 11970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (rc) { 12070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("could not open keymaster device in %s (%s)", 12170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc)); 12270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root goto out; 12370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 12470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 12570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return 0; 12670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 12770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Rootout: 12870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root *dev = NULL; 12970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return rc; 13070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 13170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 132919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubakerstatic int fallback_keymaster_device_initialize(keymaster1_device_t** dev) { 133919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster::SoftKeymasterDevice* softkeymaster = 134919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker new keymaster::SoftKeymasterDevice(); 135919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker // SoftKeymasterDevice is designed to make this cast safe. 136919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker *dev = reinterpret_cast<keymaster1_device_t*>(softkeymaster); 137fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return 0; 138fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker} 139fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 140a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willdenstatic void keymaster_device_release(keymaster0_device_t* dev) { 141a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willden keymaster0_close(dev); 14270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 14370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 14407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/*************** 14507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * PERMISSIONS * 14607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ***************/ 14707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 14807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/* Here are the permissions, actions, users, and the main function. */ 14907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Roottypedef enum { 1504e865753346fc6a075966972a7a98051818859dbRobin Lee P_TEST = 1 << 0, 1514e865753346fc6a075966972a7a98051818859dbRobin Lee P_GET = 1 << 1, 1524e865753346fc6a075966972a7a98051818859dbRobin Lee P_INSERT = 1 << 2, 1534e865753346fc6a075966972a7a98051818859dbRobin Lee P_DELETE = 1 << 3, 1544e865753346fc6a075966972a7a98051818859dbRobin Lee P_EXIST = 1 << 4, 1554e865753346fc6a075966972a7a98051818859dbRobin Lee P_SAW = 1 << 5, 1564e865753346fc6a075966972a7a98051818859dbRobin Lee P_RESET = 1 << 6, 1574e865753346fc6a075966972a7a98051818859dbRobin Lee P_PASSWORD = 1 << 7, 1584e865753346fc6a075966972a7a98051818859dbRobin Lee P_LOCK = 1 << 8, 1594e865753346fc6a075966972a7a98051818859dbRobin Lee P_UNLOCK = 1 << 9, 1604e865753346fc6a075966972a7a98051818859dbRobin Lee P_ZERO = 1 << 10, 1614e865753346fc6a075966972a7a98051818859dbRobin Lee P_SIGN = 1 << 11, 1624e865753346fc6a075966972a7a98051818859dbRobin Lee P_VERIFY = 1 << 12, 1634e865753346fc6a075966972a7a98051818859dbRobin Lee P_GRANT = 1 << 13, 1644e865753346fc6a075966972a7a98051818859dbRobin Lee P_DUPLICATE = 1 << 14, 1654e865753346fc6a075966972a7a98051818859dbRobin Lee P_CLEAR_UID = 1 << 15, 1664e865753346fc6a075966972a7a98051818859dbRobin Lee P_RESET_UID = 1 << 16, 1674e865753346fc6a075966972a7a98051818859dbRobin Lee P_SYNC_UID = 1 << 17, 1684e865753346fc6a075966972a7a98051818859dbRobin Lee P_PASSWORD_UID = 1 << 18, 169d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker P_ADD_AUTH = 1 << 19, 17007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} perm_t; 17107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 17207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic struct user_euid { 17307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t uid; 17407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t euid; 17507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} user_euids[] = { 17607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_VPN, AID_SYSTEM}, 17707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_WIFI, AID_SYSTEM}, 17807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_ROOT, AID_SYSTEM}, 17907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 18007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 181eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn/* perm_labels associcated with keystore_key SELinux class verbs. */ 182eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnconst char *perm_labels[] = { 183eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "test", 184eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "get", 185eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "insert", 186eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "delete", 187eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "exist", 188eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "saw", 189eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "reset", 190eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "password", 191eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "lock", 192eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "unlock", 193eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "zero", 194eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "sign", 195eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "verify", 196eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "grant", 197eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "duplicate", 1984e865753346fc6a075966972a7a98051818859dbRobin Lee "clear_uid", 1994e865753346fc6a075966972a7a98051818859dbRobin Lee "reset_uid", 2004e865753346fc6a075966972a7a98051818859dbRobin Lee "sync_uid", 2014e865753346fc6a075966972a7a98051818859dbRobin Lee "password_uid", 202d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker "add_auth", 203eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn}; 204eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 20507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic struct user_perm { 20607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t uid; 20707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root perm_t perms; 20807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} user_perms[] = { 20907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_SYSTEM, static_cast<perm_t>((uint32_t)(~0)) }, 21007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_VPN, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY) }, 21107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_WIFI, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY) }, 21207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_ROOT, static_cast<perm_t>(P_GET) }, 21307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 21407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 21507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic const perm_t DEFAULT_PERMS = static_cast<perm_t>(P_TEST | P_GET | P_INSERT | P_DELETE | P_EXIST | P_SAW | P_SIGN 21607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root | P_VERIFY); 21707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 218eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic char *tctx; 219eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic int ks_is_selinux_enabled; 220eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 221eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic const char *get_perm_label(perm_t perm) { 222eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn unsigned int index = ffs(perm); 223eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (index > 0 && index <= (sizeof(perm_labels) / sizeof(perm_labels[0]))) { 224eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return perm_labels[index - 1]; 225eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } else { 226eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("Keystore: Failed to retrieve permission label.\n"); 227eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn abort(); 228eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 229eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn} 230eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 231655b958eb2180c7c06889f83f606d23421bf038cKenny Root/** 232655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns the app ID (in the Android multi-user sense) for the current 233655b958eb2180c7c06889f83f606d23421bf038cKenny Root * UNIX UID. 234655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 235655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic uid_t get_app_id(uid_t uid) { 236655b958eb2180c7c06889f83f606d23421bf038cKenny Root return uid % AID_USER; 237655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 238655b958eb2180c7c06889f83f606d23421bf038cKenny Root 239655b958eb2180c7c06889f83f606d23421bf038cKenny Root/** 240655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns the user ID (in the Android multi-user sense) for the current 241655b958eb2180c7c06889f83f606d23421bf038cKenny Root * UNIX UID. 242655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 243655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic uid_t get_user_id(uid_t uid) { 244655b958eb2180c7c06889f83f606d23421bf038cKenny Root return uid / AID_USER; 245655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 246655b958eb2180c7c06889f83f606d23421bf038cKenny Root 247a25b2a397fff48dea7bce16af2065e6f5f043956Chih-Hung Hsiehstatic bool keystore_selinux_check_access(uid_t /*uid*/, perm_t perm, pid_t spid) { 248eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!ks_is_selinux_enabled) { 249eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return true; 250eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 251eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 252eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn char *sctx = NULL; 253eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn const char *selinux_class = "keystore_key"; 254eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn const char *str_perm = get_perm_label(perm); 255eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 256eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!str_perm) { 257eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return false; 258eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 259eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 260eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (getpidcon(spid, &sctx) != 0) { 261eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("SELinux: Failed to get source pid context.\n"); 262eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return false; 263eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 26466dbf67dd65b4808a15ef64f0ffde1275bdd58a9Nick Kralevich 265eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn bool allowed = selinux_check_access(sctx, tctx, selinux_class, str_perm, 266eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn NULL) == 0; 267eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn freecon(sctx); 268eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return allowed; 269eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn} 270eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 271eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic bool has_permission(uid_t uid, perm_t perm, pid_t spid) { 272655b958eb2180c7c06889f83f606d23421bf038cKenny Root // All system users are equivalent for multi-user support. 273655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (get_app_id(uid) == AID_SYSTEM) { 274655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid = AID_SYSTEM; 275655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 276655b958eb2180c7c06889f83f606d23421bf038cKenny Root 27707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (size_t i = 0; i < sizeof(user_perms)/sizeof(user_perms[0]); i++) { 27807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct user_perm user = user_perms[i]; 27907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (user.uid == uid) { 280eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return (user.perms & perm) && 281eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn keystore_selinux_check_access(uid, perm, spid); 28207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 28307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 28407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 285eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return (DEFAULT_PERMS & perm) && 286eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn keystore_selinux_check_access(uid, perm, spid); 28707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 28807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 289494689083467ec372a58f094f041c8f102f39393Kenny Root/** 290494689083467ec372a58f094f041c8f102f39393Kenny Root * Returns the UID that the callingUid should act as. This is here for 291494689083467ec372a58f094f041c8f102f39393Kenny Root * legacy support of the WiFi and VPN systems and should be removed 292494689083467ec372a58f094f041c8f102f39393Kenny Root * when WiFi can operate in its own namespace. 293494689083467ec372a58f094f041c8f102f39393Kenny Root */ 29407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic uid_t get_keystore_euid(uid_t uid) { 29507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (size_t i = 0; i < sizeof(user_euids)/sizeof(user_euids[0]); i++) { 29607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct user_euid user = user_euids[i]; 29707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (user.uid == uid) { 29807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return user.euid; 29907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 30007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 30107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 30207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return uid; 30307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 30407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 305494689083467ec372a58f094f041c8f102f39393Kenny Root/** 306494689083467ec372a58f094f041c8f102f39393Kenny Root * Returns true if the callingUid is allowed to interact in the targetUid's 307494689083467ec372a58f094f041c8f102f39393Kenny Root * namespace. 308494689083467ec372a58f094f041c8f102f39393Kenny Root */ 309494689083467ec372a58f094f041c8f102f39393Kenny Rootstatic bool is_granted_to(uid_t callingUid, uid_t targetUid) { 3109489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (callingUid == targetUid) { 3119489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return true; 3129489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 313494689083467ec372a58f094f041c8f102f39393Kenny Root for (size_t i = 0; i < sizeof(user_euids)/sizeof(user_euids[0]); i++) { 314494689083467ec372a58f094f041c8f102f39393Kenny Root struct user_euid user = user_euids[i]; 315494689083467ec372a58f094f041c8f102f39393Kenny Root if (user.euid == callingUid && user.uid == targetUid) { 316494689083467ec372a58f094f041c8f102f39393Kenny Root return true; 317494689083467ec372a58f094f041c8f102f39393Kenny Root } 318494689083467ec372a58f094f041c8f102f39393Kenny Root } 319494689083467ec372a58f094f041c8f102f39393Kenny Root 320494689083467ec372a58f094f041c8f102f39393Kenny Root return false; 321494689083467ec372a58f094f041c8f102f39393Kenny Root} 322494689083467ec372a58f094f041c8f102f39393Kenny Root 323a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* Here is the encoding of keys. This is necessary in order to allow arbitrary 324a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * characters in keys. Characters in [0-~] are not encoded. Others are encoded 325a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * into two bytes. The first byte is one of [+-.] which represents the first 326a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * two bits of the character. The second byte encodes the rest of the bits into 327a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * [0-o]. Therefore in the worst case the length of a key gets doubled. Note 328a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * that Base64 cannot be used here due to the need of prefix match on keys. */ 329a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 330655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic size_t encode_key_length(const android::String8& keyName) { 331655b958eb2180c7c06889f83f606d23421bf038cKenny Root const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string()); 332655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t length = keyName.length(); 333655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (int i = length; i > 0; --i, ++in) { 334655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (*in < '0' || *in > '~') { 335655b958eb2180c7c06889f83f606d23421bf038cKenny Root ++length; 336655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 337655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 338655b958eb2180c7c06889f83f606d23421bf038cKenny Root return length; 339655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 340655b958eb2180c7c06889f83f606d23421bf038cKenny Root 34107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic int encode_key(char* out, const android::String8& keyName) { 34207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string()); 34307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t length = keyName.length(); 344a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root for (int i = length; i > 0; --i, ++in, ++out) { 345655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (*in < '0' || *in > '~') { 346a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '+' + (*in >> 6); 347a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *++out = '0' + (*in & 0x3F); 348a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ++length; 349655b958eb2180c7c06889f83f606d23421bf038cKenny Root } else { 350655b958eb2180c7c06889f83f606d23421bf038cKenny Root *out = *in; 351a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 352a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 353a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '\0'; 35470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return length; 35570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 35670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 35707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/* 35807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Converts from the "escaped" format on disk to actual name. 35907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * This will be smaller than the input string. 36007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * 36107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Characters that should combine with the next at the end will be truncated. 36207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 36307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic size_t decode_key_length(const char* in, size_t length) { 36407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t outLength = 0; 36507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 36607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (const char* end = in + length; in < end; in++) { 36707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* This combines with the next character. */ 36807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (*in < '0' || *in > '~') { 36907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root continue; 37007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 37107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 37207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root outLength++; 37307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 37407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return outLength; 37507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 37607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 37707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic void decode_key(char* out, const char* in, size_t length) { 37807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (const char* end = in + length; in < end; in++) { 37907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (*in < '0' || *in > '~') { 38007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* Truncate combining characters at the end. */ 38107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (in + 1 >= end) { 38207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root break; 38307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 38407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 38507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out = (*in++ - '+') << 6; 38607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out++ |= (*in - '0') & 0x3F; 387a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 38807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out++ = *in; 389a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 390a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 391a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '\0'; 392a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 393a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 394a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstatic size_t readFully(int fd, uint8_t* data, size_t size) { 395a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t remaining = size; 396a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while (remaining > 0) { 397150ca934edb745de3666a6492b039900df228ff0Kenny Root ssize_t n = TEMP_FAILURE_RETRY(read(fd, data, remaining)); 3985281edbc9445065479e92a6c86da462f3943c2caKenny Root if (n <= 0) { 399150ca934edb745de3666a6492b039900df228ff0Kenny Root return size - remaining; 400a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 401a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root data += n; 402a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root remaining -= n; 403a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 404a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return size; 405a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 406a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 407a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstatic size_t writeFully(int fd, uint8_t* data, size_t size) { 408a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t remaining = size; 409a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while (remaining > 0) { 410150ca934edb745de3666a6492b039900df228ff0Kenny Root ssize_t n = TEMP_FAILURE_RETRY(write(fd, data, remaining)); 411150ca934edb745de3666a6492b039900df228ff0Kenny Root if (n < 0) { 412150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("write failed: %s", strerror(errno)); 413150ca934edb745de3666a6492b039900df228ff0Kenny Root return size - remaining; 414a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 415a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root data += n; 416a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root remaining -= n; 417a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 418a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return size; 419a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 420a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 421a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootclass Entropy { 422a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootpublic: 423a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Entropy() : mRandom(-1) {} 424a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ~Entropy() { 425150ca934edb745de3666a6492b039900df228ff0Kenny Root if (mRandom >= 0) { 426a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root close(mRandom); 427a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 428a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 429a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 430a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root bool open() { 431a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root const char* randomDevice = "/dev/urandom"; 432150ca934edb745de3666a6492b039900df228ff0Kenny Root mRandom = TEMP_FAILURE_RETRY(::open(randomDevice, O_RDONLY)); 433150ca934edb745de3666a6492b039900df228ff0Kenny Root if (mRandom < 0) { 434a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("open: %s: %s", randomDevice, strerror(errno)); 435a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return false; 436a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 437a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 438a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 439a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 4405187818895c4c5f650a611c40531b1dff7764c18Kenny Root bool generate_random_data(uint8_t* data, size_t size) const { 441a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return (readFully(mRandom, data, size) == size); 442a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 443a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 444a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootprivate: 445a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root int mRandom; 446a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 447a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 448a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* Here is the file format. There are two parts in blob.value, the secret and 449a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * the description. The secret is stored in ciphertext, and its original size 450a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * can be found in blob.length. The description is stored after the secret in 451a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * plaintext, and its size is specified in blob.info. The total size of the two 452822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * parts must be no more than VALUE_SIZE bytes. The first field is the version, 453f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root * the second is the blob's type, and the third byte is flags. Fields other 454a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * than blob.info, blob.length, and blob.value are modified by encryptBlob() 455a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * and decryptBlob(). Thus they should not be accessed from outside. */ 456a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 457822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root/* ** Note to future implementors of encryption: ** 458822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Currently this is the construction: 459822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * metadata || Enc(MD5(data) || data) 460822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 461822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * This should be the construction used for encrypting if re-implementing: 462822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 463822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Derive independent keys for encryption and MAC: 464822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Kenc = AES_encrypt(masterKey, "Encrypt") 465822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Kmac = AES_encrypt(masterKey, "MAC") 466822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 467822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Store this: 468822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * metadata || AES_CTR_encrypt(Kenc, rand_IV, data) || 469822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * HMAC(Kmac, metadata || Enc(data)) 470822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 471a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstruct __attribute__((packed)) blob { 472822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t version; 473822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t type; 474f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t flags; 475a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t info; 476a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t vector[AES_BLOCK_SIZE]; 477822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t encrypted[0]; // Marks offset to encrypted data. 478a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t digest[MD5_DIGEST_LENGTH]; 479822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t digested[0]; // Marks offset to digested data. 480a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root int32_t length; // in network byte order when encrypted 481a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t value[VALUE_SIZE + AES_BLOCK_SIZE]; 482a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 483a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 484822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef enum { 485d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root TYPE_ANY = 0, // meta type that matches anything 486822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_GENERIC = 1, 487822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_MASTER_KEY = 2, 488822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_KEY_PAIR = 3, 48917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker TYPE_KEYMASTER_10 = 4, 490822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root} BlobType; 491822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 492f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Rootstatic const uint8_t CURRENT_BLOB_VERSION = 2; 493822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 494a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootclass Blob { 495a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootpublic: 49607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob(const uint8_t* value, int32_t valueLength, const uint8_t* info, uint8_t infoLength, 49707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root BlobType type) { 498a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = valueLength; 499a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mBlob.value, value, valueLength); 500a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 501a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.info = infoLength; 502a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mBlob.value + valueLength, info, infoLength); 503822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 50407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root mBlob.version = CURRENT_BLOB_VERSION; 505822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.type = uint8_t(type); 506f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 507ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root if (type == TYPE_MASTER_KEY) { 508ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root mBlob.flags = KEYSTORE_FLAG_ENCRYPTED; 509ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root } else { 510ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root mBlob.flags = KEYSTORE_FLAG_NONE; 511ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root } 512a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 513a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 514a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob(blob b) { 515a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob = b; 516a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 517a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 518a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob() {} 519a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5205187818895c4c5f650a611c40531b1dff7764c18Kenny Root const uint8_t* getValue() const { 521a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.value; 522a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 523a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5245187818895c4c5f650a611c40531b1dff7764c18Kenny Root int32_t getLength() const { 525a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.length; 526a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 527a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5285187818895c4c5f650a611c40531b1dff7764c18Kenny Root const uint8_t* getInfo() const { 5295187818895c4c5f650a611c40531b1dff7764c18Kenny Root return mBlob.value + mBlob.length; 5305187818895c4c5f650a611c40531b1dff7764c18Kenny Root } 5315187818895c4c5f650a611c40531b1dff7764c18Kenny Root 5325187818895c4c5f650a611c40531b1dff7764c18Kenny Root uint8_t getInfoLength() const { 533a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.info; 534a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 535a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 536822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t getVersion() const { 537822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return mBlob.version; 538822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 539822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 540f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root bool isEncrypted() const { 541f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (mBlob.version < 2) { 542f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return true; 543f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 544f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 545f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return mBlob.flags & KEYSTORE_FLAG_ENCRYPTED; 546f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 547f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 548f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root void setEncrypted(bool encrypted) { 549f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encrypted) { 550f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.flags |= KEYSTORE_FLAG_ENCRYPTED; 551f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } else { 552f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.flags &= ~KEYSTORE_FLAG_ENCRYPTED; 553f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 554f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 555f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 55617208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback() const { 55717208e0de5a42722901d803118745cca25fd10c1Kenny Root return mBlob.flags & KEYSTORE_FLAG_FALLBACK; 55817208e0de5a42722901d803118745cca25fd10c1Kenny Root } 55917208e0de5a42722901d803118745cca25fd10c1Kenny Root 56017208e0de5a42722901d803118745cca25fd10c1Kenny Root void setFallback(bool fallback) { 56117208e0de5a42722901d803118745cca25fd10c1Kenny Root if (fallback) { 56217208e0de5a42722901d803118745cca25fd10c1Kenny Root mBlob.flags |= KEYSTORE_FLAG_FALLBACK; 56317208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 56417208e0de5a42722901d803118745cca25fd10c1Kenny Root mBlob.flags &= ~KEYSTORE_FLAG_FALLBACK; 56517208e0de5a42722901d803118745cca25fd10c1Kenny Root } 56617208e0de5a42722901d803118745cca25fd10c1Kenny Root } 56717208e0de5a42722901d803118745cca25fd10c1Kenny Root 568822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void setVersion(uint8_t version) { 569822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.version = version; 570822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 571822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 572822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root BlobType getType() const { 573822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return BlobType(mBlob.type); 574822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 575822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 576822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void setType(BlobType type) { 577822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.type = uint8_t(type); 578822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 579822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 580f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode writeBlob(const char* filename, AES_KEY *aes_key, State state, Entropy* entropy) { 581f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("writing blob %s", filename); 582f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 583f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (state != STATE_NO_ERROR) { 584f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGD("couldn't insert encrypted blob while not unlocked"); 585f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return LOCKED; 586f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 587f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 588f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (!entropy->generate_random_data(mBlob.vector, AES_BLOCK_SIZE)) { 589f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGW("Could not read random data for: %s", filename); 590f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return SYSTEM_ERROR; 591f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 592a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 593a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 594a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // data includes the value and the value's length 595a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t dataLength = mBlob.length + sizeof(mBlob.length); 596a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // pad data to the AES_BLOCK_SIZE 597a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t digestedLength = ((dataLength + AES_BLOCK_SIZE - 1) 598a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root / AES_BLOCK_SIZE * AES_BLOCK_SIZE); 599a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // encrypted data includes the digest value 600a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t encryptedLength = digestedLength + MD5_DIGEST_LENGTH; 601a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // move info after space for padding 602a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memmove(&mBlob.encrypted[encryptedLength], &mBlob.value[mBlob.length], mBlob.info); 603a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // zero padding area 604a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memset(mBlob.value + mBlob.length, 0, digestedLength - dataLength); 605a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 606a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = htonl(mBlob.length); 607a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 608f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 609f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root MD5(mBlob.digested, digestedLength, mBlob.digest); 610f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 611f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t vector[AES_BLOCK_SIZE]; 612f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root memcpy(vector, mBlob.vector, AES_BLOCK_SIZE); 613f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, 614f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root aes_key, vector, AES_ENCRYPT); 615f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 616a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 617a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob); 618a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t fileLength = encryptedLength + headerLength + mBlob.info; 619a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 620a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root const char* tmpFileName = ".tmp"; 621150ca934edb745de3666a6492b039900df228ff0Kenny Root int out = TEMP_FAILURE_RETRY(open(tmpFileName, 622150ca934edb745de3666a6492b039900df228ff0Kenny Root O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); 623150ca934edb745de3666a6492b039900df228ff0Kenny Root if (out < 0) { 624150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("could not open file: %s: %s", tmpFileName, strerror(errno)); 625a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 626a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 627a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t writtenBytes = writeFully(out, (uint8_t*) &mBlob, fileLength); 628a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(out) != 0) { 629a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 630a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 631a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (writtenBytes != fileLength) { 632150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("blob not fully written %zu != %zu", writtenBytes, fileLength); 633a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root unlink(tmpFileName); 634a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 635a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 636150ca934edb745de3666a6492b039900df228ff0Kenny Root if (rename(tmpFileName, filename) == -1) { 637150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("could not rename blob to %s: %s", filename, strerror(errno)); 638150ca934edb745de3666a6492b039900df228ff0Kenny Root return SYSTEM_ERROR; 639150ca934edb745de3666a6492b039900df228ff0Kenny Root } 640150ca934edb745de3666a6492b039900df228ff0Kenny Root return NO_ERROR; 641a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 642a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 643f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode readBlob(const char* filename, AES_KEY *aes_key, State state) { 644f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("reading blob %s", filename); 645150ca934edb745de3666a6492b039900df228ff0Kenny Root int in = TEMP_FAILURE_RETRY(open(filename, O_RDONLY)); 646150ca934edb745de3666a6492b039900df228ff0Kenny Root if (in < 0) { 647a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return (errno == ENOENT) ? KEY_NOT_FOUND : SYSTEM_ERROR; 648a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 649a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // fileLength may be less than sizeof(mBlob) since the in 650a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // memory version has extra padding to tolerate rounding up to 651a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // the AES_BLOCK_SIZE 652a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t fileLength = readFully(in, (uint8_t*) &mBlob, sizeof(mBlob)); 653a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(in) != 0) { 654a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 655a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 656f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 657f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted() && (state != STATE_NO_ERROR)) { 658f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return LOCKED; 659f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 660f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 661a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob); 662a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (fileLength < headerLength) { 663a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 664a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 665a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 666a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ssize_t encryptedLength = fileLength - (headerLength + mBlob.info); 667f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encryptedLength < 0) { 668a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 669a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 670f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 671f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ssize_t digestedLength; 672f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 673f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encryptedLength % AES_BLOCK_SIZE != 0) { 674f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return VALUE_CORRUPTED; 675f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 676f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 677f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, aes_key, 678f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.vector, AES_DECRYPT); 679f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root digestedLength = encryptedLength - MD5_DIGEST_LENGTH; 680f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t computedDigest[MD5_DIGEST_LENGTH]; 681f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root MD5(mBlob.digested, digestedLength, computedDigest); 682f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (memcmp(mBlob.digest, computedDigest, MD5_DIGEST_LENGTH) != 0) { 683f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return VALUE_CORRUPTED; 684f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 685f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } else { 686f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root digestedLength = encryptedLength; 687a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 688a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 689a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ssize_t maxValueLength = digestedLength - sizeof(mBlob.length); 690a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = ntohl(mBlob.length); 691a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mBlob.length < 0 || mBlob.length > maxValueLength) { 692a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 693a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 694a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mBlob.info != 0) { 695a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // move info from after padding to after data 696a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memmove(&mBlob.value[mBlob.length], &mBlob.value[maxValueLength], mBlob.info); 697a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 69807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 699a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 700a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 701a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootprivate: 702a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root struct blob mBlob; 703a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 704a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 705655b958eb2180c7c06889f83f606d23421bf038cKenny Rootclass UserState { 706655b958eb2180c7c06889f83f606d23421bf038cKenny Rootpublic: 707655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState(uid_t userId) : mUserId(userId), mRetry(MAX_RETRY) { 708655b958eb2180c7c06889f83f606d23421bf038cKenny Root asprintf(&mUserDir, "user_%u", mUserId); 709655b958eb2180c7c06889f83f606d23421bf038cKenny Root asprintf(&mMasterKeyFile, "%s/.masterkey", mUserDir); 710655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 71170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 712655b958eb2180c7c06889f83f606d23421bf038cKenny Root ~UserState() { 713655b958eb2180c7c06889f83f606d23421bf038cKenny Root free(mUserDir); 714655b958eb2180c7c06889f83f606d23421bf038cKenny Root free(mMasterKeyFile); 715655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 71670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 717655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool initialize() { 718655b958eb2180c7c06889f83f606d23421bf038cKenny Root if ((mkdir(mUserDir, S_IRUSR | S_IWUSR | S_IXUSR) < 0) && (errno != EEXIST)) { 719655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("Could not create directory '%s'", mUserDir); 720655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 721655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 722655b958eb2180c7c06889f83f606d23421bf038cKenny Root 723655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(mMasterKeyFile, R_OK) == 0) { 724a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setState(STATE_LOCKED); 725a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 726a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setState(STATE_UNINITIALIZED); 727a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 72870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 729655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 730655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 731655b958eb2180c7c06889f83f606d23421bf038cKenny Root 732655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t getUserId() const { 733655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mUserId; 734655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 735655b958eb2180c7c06889f83f606d23421bf038cKenny Root 736655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* getUserDirName() const { 737655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mUserDir; 738655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 739655b958eb2180c7c06889f83f606d23421bf038cKenny Root 740655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* getMasterKeyFileName() const { 741655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mMasterKeyFile; 742655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 743655b958eb2180c7c06889f83f606d23421bf038cKenny Root 744655b958eb2180c7c06889f83f606d23421bf038cKenny Root void setState(State state) { 745655b958eb2180c7c06889f83f606d23421bf038cKenny Root mState = state; 746655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (mState == STATE_NO_ERROR || mState == STATE_UNINITIALIZED) { 747655b958eb2180c7c06889f83f606d23421bf038cKenny Root mRetry = MAX_RETRY; 748655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 749a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 750a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7515187818895c4c5f650a611c40531b1dff7764c18Kenny Root State getState() const { 752a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mState; 753a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 754a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7555187818895c4c5f650a611c40531b1dff7764c18Kenny Root int8_t getRetry() const { 756a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mRetry; 757a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 758a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 759655b958eb2180c7c06889f83f606d23421bf038cKenny Root void zeroizeMasterKeysInMemory() { 760655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(mMasterKey, 0, sizeof(mMasterKey)); 761655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(mSalt, 0, sizeof(mSalt)); 762655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMasterKeyEncryption, 0, sizeof(mMasterKeyEncryption)); 763655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMasterKeyDecryption, 0, sizeof(mMasterKeyDecryption)); 76470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 76570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 766655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initialize(const android::String8& pw, Entropy* entropy) { 767655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateMasterKey(entropy)) { 768a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 769a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 770655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode response = writeMasterKey(pw, entropy); 771a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response != NO_ERROR) { 772a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return response; 773a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 774a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setupMasterKeys(); 77507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 776a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 777a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7784e865753346fc6a075966972a7a98051818859dbRobin Lee ResponseCode copyMasterKey(UserState* src) { 7794e865753346fc6a075966972a7a98051818859dbRobin Lee if (mState != STATE_UNINITIALIZED) { 7804e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 7814e865753346fc6a075966972a7a98051818859dbRobin Lee } 7824e865753346fc6a075966972a7a98051818859dbRobin Lee if (src->getState() != STATE_NO_ERROR) { 7834e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 7844e865753346fc6a075966972a7a98051818859dbRobin Lee } 7854e865753346fc6a075966972a7a98051818859dbRobin Lee memcpy(mMasterKey, src->mMasterKey, MASTER_KEY_SIZE_BYTES); 7864e865753346fc6a075966972a7a98051818859dbRobin Lee setupMasterKeys(); 7874e865753346fc6a075966972a7a98051818859dbRobin Lee return ::NO_ERROR; 7884e865753346fc6a075966972a7a98051818859dbRobin Lee } 7894e865753346fc6a075966972a7a98051818859dbRobin Lee 790655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode writeMasterKey(const android::String8& pw, Entropy* entropy) { 791a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t passwordKey[MASTER_KEY_SIZE_BYTES]; 792a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, mSalt); 793a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_KEY passwordAesKey; 794a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_set_encrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey); 795822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Blob masterKeyBlob(mMasterKey, sizeof(mMasterKey), mSalt, sizeof(mSalt), TYPE_MASTER_KEY); 796f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return masterKeyBlob.writeBlob(mMasterKeyFile, &passwordAesKey, STATE_NO_ERROR, entropy); 797a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 798a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 799655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode readMasterKey(const android::String8& pw, Entropy* entropy) { 800655b958eb2180c7c06889f83f606d23421bf038cKenny Root int in = TEMP_FAILURE_RETRY(open(mMasterKeyFile, O_RDONLY)); 801150ca934edb745de3666a6492b039900df228ff0Kenny Root if (in < 0) { 802a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 803a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 804a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 805a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // we read the raw blob to just to get the salt to generate 806a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // the AES key, then we create the Blob to use with decryptBlob 807a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root blob rawBlob; 808a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t length = readFully(in, (uint8_t*) &rawBlob, sizeof(rawBlob)); 809a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(in) != 0) { 810a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 811a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 812a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // find salt at EOF if present, otherwise we have an old file 813a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t* salt; 814a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (length > SALT_SIZE && rawBlob.info == SALT_SIZE) { 815a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root salt = (uint8_t*) &rawBlob + length - SALT_SIZE; 816a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 817a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root salt = NULL; 818a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 819a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t passwordKey[MASTER_KEY_SIZE_BYTES]; 820a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, salt); 821a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_KEY passwordAesKey; 822a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_set_decrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey); 823a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob masterKeyBlob(rawBlob); 824f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode response = masterKeyBlob.readBlob(mMasterKeyFile, &passwordAesKey, 825f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root STATE_NO_ERROR); 826a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == SYSTEM_ERROR) { 827f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return response; 828a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 829a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == NO_ERROR && masterKeyBlob.getLength() == MASTER_KEY_SIZE_BYTES) { 830a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // if salt was missing, generate one and write a new master key file with the salt. 831a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (salt == NULL) { 832655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateSalt(entropy)) { 833a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 834a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 835655b958eb2180c7c06889f83f606d23421bf038cKenny Root response = writeMasterKey(pw, entropy); 836a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 837a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == NO_ERROR) { 838a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mMasterKey, masterKeyBlob.getValue(), MASTER_KEY_SIZE_BYTES); 839a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setupMasterKeys(); 840a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 841a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return response; 842a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 843a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mRetry <= 0) { 844a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root reset(); 845a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return UNINITIALIZED; 846a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 847a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root --mRetry; 848a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root switch (mRetry) { 849a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 0: return WRONG_PASSWORD_0; 850a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 1: return WRONG_PASSWORD_1; 851a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 2: return WRONG_PASSWORD_2; 852a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 3: return WRONG_PASSWORD_3; 853a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root default: return WRONG_PASSWORD_3; 854a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 855a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 856a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 857655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY* getEncryptionKey() { 858655b958eb2180c7c06889f83f606d23421bf038cKenny Root return &mMasterKeyEncryption; 859655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 860a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 861655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY* getDecryptionKey() { 862655b958eb2180c7c06889f83f606d23421bf038cKenny Root return &mMasterKeyDecryption; 863655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 864a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 865655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool reset() { 866655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir(getUserDirName()); 867a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!dir) { 868655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't open user directory: %s", strerror(errno)); 869a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return false; 870a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 871655b958eb2180c7c06889f83f606d23421bf038cKenny Root 872655b958eb2180c7c06889f83f606d23421bf038cKenny Root struct dirent* file; 873a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while ((file = readdir(dir)) != NULL) { 874655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 875655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 876655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 877655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 878655b958eb2180c7c06889f83f606d23421bf038cKenny Root 879655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 880931fac098f2ae35aa1da26ced57962c9a21f95cfKenny Root if (file->d_name[0] == '.' && strcmp(".masterkey", file->d_name)) { 881655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 882655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 883655b958eb2180c7c06889f83f606d23421bf038cKenny Root 884655b958eb2180c7c06889f83f606d23421bf038cKenny Root unlinkat(dirfd(dir), file->d_name, 0); 885a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 886a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root closedir(dir); 887a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 888a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 889a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 890655b958eb2180c7c06889f83f606d23421bf038cKenny Rootprivate: 891655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MASTER_KEY_SIZE_BYTES = 16; 892655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8; 893655b958eb2180c7c06889f83f606d23421bf038cKenny Root 894655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MAX_RETRY = 4; 895655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const size_t SALT_SIZE = 16; 896655b958eb2180c7c06889f83f606d23421bf038cKenny Root 897655b958eb2180c7c06889f83f606d23421bf038cKenny Root void generateKeyFromPassword(uint8_t* key, ssize_t keySize, const android::String8& pw, 898655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t* salt) { 899655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t saltSize; 900655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (salt != NULL) { 901655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize = SALT_SIZE; 902655b958eb2180c7c06889f83f606d23421bf038cKenny Root } else { 903655b958eb2180c7c06889f83f606d23421bf038cKenny Root // pre-gingerbread used this hardwired salt, readMasterKey will rewrite these when found 904655b958eb2180c7c06889f83f606d23421bf038cKenny Root salt = (uint8_t*) "keystore"; 905655b958eb2180c7c06889f83f606d23421bf038cKenny Root // sizeof = 9, not strlen = 8 906655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize = sizeof("keystore"); 907655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 908655b958eb2180c7c06889f83f606d23421bf038cKenny Root 909655b958eb2180c7c06889f83f606d23421bf038cKenny Root PKCS5_PBKDF2_HMAC_SHA1(reinterpret_cast<const char*>(pw.string()), pw.length(), salt, 910655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize, 8192, keySize, key); 911655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 912655b958eb2180c7c06889f83f606d23421bf038cKenny Root 913655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool generateSalt(Entropy* entropy) { 914655b958eb2180c7c06889f83f606d23421bf038cKenny Root return entropy->generate_random_data(mSalt, sizeof(mSalt)); 915655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 916655b958eb2180c7c06889f83f606d23421bf038cKenny Root 917655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool generateMasterKey(Entropy* entropy) { 918655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!entropy->generate_random_data(mMasterKey, sizeof(mMasterKey))) { 919655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 920655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 921655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateSalt(entropy)) { 922655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 923655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 924655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 925655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 926655b958eb2180c7c06889f83f606d23421bf038cKenny Root 927655b958eb2180c7c06889f83f606d23421bf038cKenny Root void setupMasterKeys() { 928655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_set_encrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyEncryption); 929655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_set_decrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyDecryption); 930655b958eb2180c7c06889f83f606d23421bf038cKenny Root setState(STATE_NO_ERROR); 931655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 932655b958eb2180c7c06889f83f606d23421bf038cKenny Root 933655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t mUserId; 934655b958eb2180c7c06889f83f606d23421bf038cKenny Root 935655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* mUserDir; 936655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* mMasterKeyFile; 937655b958eb2180c7c06889f83f606d23421bf038cKenny Root 938655b958eb2180c7c06889f83f606d23421bf038cKenny Root State mState; 939655b958eb2180c7c06889f83f606d23421bf038cKenny Root int8_t mRetry; 940655b958eb2180c7c06889f83f606d23421bf038cKenny Root 941655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t mMasterKey[MASTER_KEY_SIZE_BYTES]; 942655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t mSalt[SALT_SIZE]; 943655b958eb2180c7c06889f83f606d23421bf038cKenny Root 944655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY mMasterKeyEncryption; 945655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY mMasterKeyDecryption; 946655b958eb2180c7c06889f83f606d23421bf038cKenny Root}; 947655b958eb2180c7c06889f83f606d23421bf038cKenny Root 948655b958eb2180c7c06889f83f606d23421bf038cKenny Roottypedef struct { 949655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint32_t uid; 950655b958eb2180c7c06889f83f606d23421bf038cKenny Root const uint8_t* filename; 951655b958eb2180c7c06889f83f606d23421bf038cKenny Root} grant_t; 952655b958eb2180c7c06889f83f606d23421bf038cKenny Root 953655b958eb2180c7c06889f83f606d23421bf038cKenny Rootclass KeyStore { 954655b958eb2180c7c06889f83f606d23421bf038cKenny Rootpublic: 955919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker KeyStore(Entropy* entropy, keymaster1_device_t* device, keymaster1_device_t* fallback) 956655b958eb2180c7c06889f83f606d23421bf038cKenny Root : mEntropy(entropy) 957655b958eb2180c7c06889f83f606d23421bf038cKenny Root , mDevice(device) 958fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker , mFallbackDevice(fallback) 959655b958eb2180c7c06889f83f606d23421bf038cKenny Root { 960655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMetaData, '\0', sizeof(mMetaData)); 961655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 962655b958eb2180c7c06889f83f606d23421bf038cKenny Root 963655b958eb2180c7c06889f83f606d23421bf038cKenny Root ~KeyStore() { 964655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::iterator it(mGrants.begin()); 965655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 966655b958eb2180c7c06889f83f606d23421bf038cKenny Root delete *it; 967655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 968c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5haitao fang mGrants.clear(); 969655b958eb2180c7c06889f83f606d23421bf038cKenny Root 970655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::iterator it(mMasterKeys.begin()); 971655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 972655b958eb2180c7c06889f83f606d23421bf038cKenny Root delete *it; 973655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 974c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5haitao fang mMasterKeys.clear(); 975655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 976655b958eb2180c7c06889f83f606d23421bf038cKenny Root 977919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker /** 978919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker * Depending on the hardware keymaster version is this may return a 979919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker * keymaster0_device_t* cast to a keymaster1_device_t*. All methods from 980919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker * keymaster0 are safe to call, calls to keymaster1_device_t methods should 981919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker * be guarded by a check on the device's version. 982919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker */ 983919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t *getDevice() const { 984655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mDevice; 985655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 986655b958eb2180c7c06889f83f606d23421bf038cKenny Root 987919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t *getFallbackDevice() const { 988fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return mFallbackDevice; 989fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 990fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 991919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t *getDeviceForBlob(const Blob& blob) const { 992fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return blob.isFallback() ? mFallbackDevice: mDevice; 993fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 994fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 995655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initialize() { 996655b958eb2180c7c06889f83f606d23421bf038cKenny Root readMetaData(); 997655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (upgradeKeystore()) { 998655b958eb2180c7c06889f83f606d23421bf038cKenny Root writeMetaData(); 999655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1000655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1001655b958eb2180c7c06889f83f606d23421bf038cKenny Root return ::NO_ERROR; 1002655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1003655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1004655b958eb2180c7c06889f83f606d23421bf038cKenny Root State getState(uid_t uid) { 1005655b958eb2180c7c06889f83f606d23421bf038cKenny Root return getUserState(uid)->getState(); 1006655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1007655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1008655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initializeUser(const android::String8& pw, uid_t uid) { 1009655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1010655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->initialize(pw, mEntropy); 1011655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1012655b958eb2180c7c06889f83f606d23421bf038cKenny Root 10134e865753346fc6a075966972a7a98051818859dbRobin Lee ResponseCode copyMasterKey(uid_t src, uid_t uid) { 10144e865753346fc6a075966972a7a98051818859dbRobin Lee UserState *userState = getUserState(uid); 10154e865753346fc6a075966972a7a98051818859dbRobin Lee UserState *initState = getUserState(src); 10164e865753346fc6a075966972a7a98051818859dbRobin Lee return userState->copyMasterKey(initState); 10174e865753346fc6a075966972a7a98051818859dbRobin Lee } 10184e865753346fc6a075966972a7a98051818859dbRobin Lee 1019655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode writeMasterKey(const android::String8& pw, uid_t uid) { 102050122db50bcb6c1aab50ef235c8f9d264b50e97aRobin Lee UserState* userState = getUserState(uid); 1021655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->writeMasterKey(pw, mEntropy); 1022655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1023655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1024655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode readMasterKey(const android::String8& pw, uid_t uid) { 102550122db50bcb6c1aab50ef235c8f9d264b50e97aRobin Lee UserState* userState = getUserState(uid); 1026655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->readMasterKey(pw, mEntropy); 1027655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1028655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1029655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyName(const android::String8& keyName) { 1030a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1031655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1032655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8(encoded); 1033655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1034655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1035655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyNameForUid(const android::String8& keyName, uid_t uid) { 1036a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1037655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1038655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8::format("%u_%s", uid, encoded); 1039655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1040655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1041655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyNameForUidWithDir(const android::String8& keyName, uid_t uid) { 1042a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1043655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1044655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8::format("%s/%u_%s", getUserState(uid)->getUserDirName(), uid, 1045655b958eb2180c7c06889f83f606d23421bf038cKenny Root encoded); 1046655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1047655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1048655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool reset(uid_t uid) { 10494b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::String8 prefix(""); 10504b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::Vector<android::String16> aliases; 10514b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (saw(prefix, &aliases, uid) != ::NO_ERROR) { 10524b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 10534b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 10544b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 1055655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 10564b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee for (uint32_t i = 0; i < aliases.size(); i++) { 10574b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::String8 filename(aliases[i]); 10584b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee filename = android::String8::format("%s/%s", userState->getUserDirName(), 10594b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee getKeyName(filename).string()); 10604b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee del(filename, ::TYPE_ANY, uid); 10614b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 10624b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 1063655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->zeroizeMasterKeysInMemory(); 1064655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->setState(STATE_UNINITIALIZED); 1065655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->reset(); 1066655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1067655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1068655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool isEmpty(uid_t uid) const { 1069655b958eb2180c7c06889f83f606d23421bf038cKenny Root const UserState* userState = getUserState(uid); 107031e27468b6d822adbd2aec9219a68c206aa6957cKenny Root if (userState == NULL || userState->getState() == STATE_UNINITIALIZED) { 1071655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 1072655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1073655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1074655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir(userState->getUserDirName()); 1075a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!dir) { 1076a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 1077a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1078655b958eb2180c7c06889f83f606d23421bf038cKenny Root 107931e27468b6d822adbd2aec9219a68c206aa6957cKenny Root bool result = true; 108031e27468b6d822adbd2aec9219a68c206aa6957cKenny Root struct dirent* file; 1081a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while ((file = readdir(dir)) != NULL) { 1082655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 1083655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 1084655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1085655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1086655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1087655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 1088655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_name[0] == '.') { 1089655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1090655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1091655b958eb2180c7c06889f83f606d23421bf038cKenny Root 109231e27468b6d822adbd2aec9219a68c206aa6957cKenny Root result = false; 109331e27468b6d822adbd2aec9219a68c206aa6957cKenny Root break; 1094a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1095a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root closedir(dir); 1096a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return result; 1097a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1098a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1099655b958eb2180c7c06889f83f606d23421bf038cKenny Root void lock(uid_t uid) { 1100655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1101655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->zeroizeMasterKeysInMemory(); 1102655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->setState(STATE_LOCKED); 1103a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1104a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1105655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode get(const char* filename, Blob* keyBlob, const BlobType type, uid_t uid) { 1106655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1107f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode rc = keyBlob->readBlob(filename, userState->getDecryptionKey(), 1108f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root userState->getState()); 1109822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc != NO_ERROR) { 1110822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1111822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1112822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1113822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root const uint8_t version = keyBlob->getVersion(); 111407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (version < CURRENT_BLOB_VERSION) { 1115cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root /* If we upgrade the key, we need to write it to disk again. Then 1116cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root * it must be read it again since the blob is encrypted each time 1117cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root * it's written. 1118cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root */ 1119655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (upgradeBlob(filename, keyBlob, version, type, uid)) { 1120655b958eb2180c7c06889f83f606d23421bf038cKenny Root if ((rc = this->put(filename, keyBlob, uid)) != NO_ERROR 1121f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root || (rc = keyBlob->readBlob(filename, userState->getDecryptionKey(), 1122f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root userState->getState())) != NO_ERROR) { 1123cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root return rc; 1124cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root } 1125cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root } 1126822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1127822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 112817208e0de5a42722901d803118745cca25fd10c1Kenny Root /* 112917208e0de5a42722901d803118745cca25fd10c1Kenny Root * This will upgrade software-backed keys to hardware-backed keys when 113017208e0de5a42722901d803118745cca25fd10c1Kenny Root * the HAL for the device supports the newer key types. 113117208e0de5a42722901d803118745cca25fd10c1Kenny Root */ 113217208e0de5a42722901d803118745cca25fd10c1Kenny Root if (rc == NO_ERROR && type == TYPE_KEY_PAIR 113317208e0de5a42722901d803118745cca25fd10c1Kenny Root && mDevice->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_0_2 113417208e0de5a42722901d803118745cca25fd10c1Kenny Root && keyBlob->isFallback()) { 113517208e0de5a42722901d803118745cca25fd10c1Kenny Root ResponseCode imported = importKey(keyBlob->getValue(), keyBlob->getLength(), filename, 113617208e0de5a42722901d803118745cca25fd10c1Kenny Root uid, keyBlob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); 113717208e0de5a42722901d803118745cca25fd10c1Kenny Root 113817208e0de5a42722901d803118745cca25fd10c1Kenny Root // The HAL allowed the import, reget the key to have the "fresh" 113917208e0de5a42722901d803118745cca25fd10c1Kenny Root // version. 114017208e0de5a42722901d803118745cca25fd10c1Kenny Root if (imported == NO_ERROR) { 114117208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = get(filename, keyBlob, TYPE_KEY_PAIR, uid); 114217208e0de5a42722901d803118745cca25fd10c1Kenny Root } 114317208e0de5a42722901d803118745cca25fd10c1Kenny Root } 114417208e0de5a42722901d803118745cca25fd10c1Kenny Root 1145d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (type != TYPE_ANY && keyBlob->getType() != type) { 1146822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGW("key found but type doesn't match: %d vs %d", keyBlob->getType(), type); 1147822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return KEY_NOT_FOUND; 1148822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1149822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1150822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1151a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1152a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1153655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode put(const char* filename, Blob* keyBlob, uid_t uid) { 1154655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1155f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return keyBlob->writeBlob(filename, userState->getEncryptionKey(), userState->getState(), 1156f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mEntropy); 1157a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1158a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 11594b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode del(const char *filename, const BlobType type, uid_t uid) { 11604b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee Blob keyBlob; 11614b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode rc = get(filename, &keyBlob, type, uid); 11624b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (rc != ::NO_ERROR) { 11634b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return rc; 11644b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11654b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11664b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (keyBlob.getType() == ::TYPE_KEY_PAIR) { 11674b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // A device doesn't have to implement delete_keypair. 11684b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mDevice->delete_keypair != NULL && !keyBlob.isFallback()) { 11694b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mDevice->delete_keypair(mDevice, keyBlob.getValue(), keyBlob.getLength())) { 11704b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee rc = ::SYSTEM_ERROR; 11714b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11724b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11734b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 117417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (keyBlob.getType() == ::TYPE_KEYMASTER_10) { 117517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster1_device_t* dev = getDeviceForBlob(keyBlob); 117617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (dev->delete_key) { 117717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_blob_t blob; 117817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker blob.key_material = keyBlob.getValue(); 117917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker blob.key_material_size = keyBlob.getLength(); 118017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker dev->delete_key(dev, &blob); 118117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 118217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 11834b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (rc != ::NO_ERROR) { 11844b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return rc; 11854b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11864b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11874b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return (unlink(filename) && errno != ENOENT) ? ::SYSTEM_ERROR : ::NO_ERROR; 11884b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11894b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11904b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode saw(const android::String8& prefix, android::Vector<android::String16> *matches, 11914b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee uid_t uid) { 11924b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11934b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee UserState* userState = getUserState(uid); 11944b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t n = prefix.length(); 11954b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11964b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee DIR* dir = opendir(userState->getUserDirName()); 11974b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (!dir) { 11984b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("can't open directory for user: %s", strerror(errno)); 11994b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 12004b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12014b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12024b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee struct dirent* file; 12034b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee while ((file = readdir(dir)) != NULL) { 12044b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // We only care about files. 12054b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (file->d_type != DT_REG) { 12064b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee continue; 12074b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12084b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12094b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // Skip anything that starts with a "." 12104b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (file->d_name[0] == '.') { 12114b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee continue; 12124b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12134b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12144b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (!strncmp(prefix.string(), file->d_name, n)) { 12154b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee const char* p = &file->d_name[n]; 12164b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t plen = strlen(p); 12174b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12184b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t extra = decode_key_length(p, plen); 12194b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee char *match = (char*) malloc(extra + 1); 12204b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (match != NULL) { 12214b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee decode_key(match, p, plen); 12224b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee matches->push(android::String16(match, extra)); 12234b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee free(match); 12244b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } else { 12254b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("could not allocate match of size %zd", extra); 12264b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12274b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12284b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12294b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee closedir(dir); 12304b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::NO_ERROR; 12314b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12324b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 123307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root void addGrant(const char* filename, uid_t granteeUid) { 1234655b958eb2180c7c06889f83f606d23421bf038cKenny Root const grant_t* existing = getGrant(filename, granteeUid); 1235655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (existing == NULL) { 1236655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = new grant_t; 123707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root grant->uid = granteeUid; 1238a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom grant->filename = reinterpret_cast<const uint8_t*>(strdup(filename)); 1239655b958eb2180c7c06889f83f606d23421bf038cKenny Root mGrants.add(grant); 124070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 124170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 124270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 124307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root bool removeGrant(const char* filename, uid_t granteeUid) { 1244655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::iterator it(mGrants.begin()); 1245655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 1246655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = *it; 1247655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (grant->uid == granteeUid 1248655b958eb2180c7c06889f83f606d23421bf038cKenny Root && !strcmp(reinterpret_cast<const char*>(grant->filename), filename)) { 1249655b958eb2180c7c06889f83f606d23421bf038cKenny Root mGrants.erase(it); 1250655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 1251655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 125270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 125370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return false; 125470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 125570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1256a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom bool hasGrant(const char* filename, const uid_t uid) const { 1257a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom return getGrant(filename, uid) != NULL; 125870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 125970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1260f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode importKey(const uint8_t* key, size_t keyLen, const char* filename, uid_t uid, 1261f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 1262822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t* data; 1263822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root size_t dataLength; 1264822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root int rc; 1265822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1266822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (mDevice->import_keypair == NULL) { 1267822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Keymaster doesn't support import!"); 1268822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1269822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1270822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 127117208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback = false; 127207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root rc = mDevice->import_keypair(mDevice, key, keyLen, &data, &dataLength); 1273822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc) { 1274a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root /* 1275a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * Maybe the device doesn't support this type of key. Try to use the 1276a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * software fallback keymaster implementation. This is a little bit 1277a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * lazier than checking the PKCS#8 key type, but the software 1278a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * implementation will do that anyway. 1279a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root */ 12807c1eb75a6898452867ca28a4d7fad2d91edca615Chad Brubaker rc = mFallbackDevice->import_keypair(mFallbackDevice, key, keyLen, &data, &dataLength); 1281a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root isFallback = true; 128217208e0de5a42722901d803118745cca25fd10c1Kenny Root 128317208e0de5a42722901d803118745cca25fd10c1Kenny Root if (rc) { 128417208e0de5a42722901d803118745cca25fd10c1Kenny Root ALOGE("Error while importing keypair: %d", rc); 128517208e0de5a42722901d803118745cca25fd10c1Kenny Root return SYSTEM_ERROR; 128617208e0de5a42722901d803118745cca25fd10c1Kenny Root } 1287822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1288822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1289822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR); 1290822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root free(data); 1291822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1292f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 129317208e0de5a42722901d803118745cca25fd10c1Kenny Root keyBlob.setFallback(isFallback); 1294f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1295655b958eb2180c7c06889f83f606d23421bf038cKenny Root return put(filename, &keyBlob, uid); 1296822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1297822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 12981b0e3933900c7ea21189704d5db64e7346aee7afKenny Root bool isHardwareBacked(const android::String16& keyType) const { 12991b0e3933900c7ea21189704d5db64e7346aee7afKenny Root if (mDevice == NULL) { 13001b0e3933900c7ea21189704d5db64e7346aee7afKenny Root ALOGW("can't get keymaster device"); 13011b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return false; 13021b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } 13031b0e3933900c7ea21189704d5db64e7346aee7afKenny Root 13041b0e3933900c7ea21189704d5db64e7346aee7afKenny Root if (sRSAKeyType == keyType) { 13051b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0; 13061b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } else { 13071b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0 13081b0e3933900c7ea21189704d5db64e7346aee7afKenny Root && (mDevice->common.module->module_api_version 13091b0e3933900c7ea21189704d5db64e7346aee7afKenny Root >= KEYMASTER_MODULE_API_VERSION_0_2); 13101b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } 13118ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root } 13128ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root 1313655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode getKeyForName(Blob* keyBlob, const android::String8& keyName, const uid_t uid, 1314655b958eb2180c7c06889f83f606d23421bf038cKenny Root const BlobType type) { 131586b16e8c0d353af97f0411917789308dba417295Kenny Root android::String8 filepath8(getKeyNameForUidWithDir(keyName, uid)); 1316a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1317655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = get(filepath8.string(), keyBlob, type, uid); 1318655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (responseCode == NO_ERROR) { 1319655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1320655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1321a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1322655b958eb2180c7c06889f83f606d23421bf038cKenny Root // If this is one of the legacy UID->UID mappings, use it. 1323655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t euid = get_keystore_euid(uid); 1324655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (euid != uid) { 132586b16e8c0d353af97f0411917789308dba417295Kenny Root filepath8 = getKeyNameForUidWithDir(keyName, euid); 1326655b958eb2180c7c06889f83f606d23421bf038cKenny Root responseCode = get(filepath8.string(), keyBlob, type, uid); 1327655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (responseCode == NO_ERROR) { 1328655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1329655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1330655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 133170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1332655b958eb2180c7c06889f83f606d23421bf038cKenny Root // They might be using a granted key. 133386b16e8c0d353af97f0411917789308dba417295Kenny Root android::String8 filename8 = getKeyName(keyName); 1334655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* end; 133586b16e8c0d353af97f0411917789308dba417295Kenny Root strtoul(filename8.string(), &end, 10); 1336655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (end[0] != '_' || end[1] == 0) { 1337655b958eb2180c7c06889f83f606d23421bf038cKenny Root return KEY_NOT_FOUND; 1338655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 133986b16e8c0d353af97f0411917789308dba417295Kenny Root filepath8 = android::String8::format("%s/%s", getUserState(uid)->getUserDirName(), 134086b16e8c0d353af97f0411917789308dba417295Kenny Root filename8.string()); 1341655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!hasGrant(filepath8.string(), uid)) { 1342655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1343a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1344a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1345655b958eb2180c7c06889f83f606d23421bf038cKenny Root // It is a granted key. Try to load it. 1346655b958eb2180c7c06889f83f606d23421bf038cKenny Root return get(filepath8.string(), keyBlob, type, uid); 1347a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1348a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1349655b958eb2180c7c06889f83f606d23421bf038cKenny Root /** 1350655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns any existing UserState or creates it if it doesn't exist. 1351655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1352655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* getUserState(uid_t uid) { 1353655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t userId = get_user_id(uid); 1354655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1355655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::iterator it(mMasterKeys.begin()); 1356655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 1357655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* state = *it; 1358655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (state->getUserId() == userId) { 1359655b958eb2180c7c06889f83f606d23421bf038cKenny Root return state; 1360655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1361a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1362655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1363655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = new UserState(userId); 1364655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!userState->initialize()) { 1365655b958eb2180c7c06889f83f606d23421bf038cKenny Root /* There's not much we can do if initialization fails. Trying to 1366655b958eb2180c7c06889f83f606d23421bf038cKenny Root * unlock the keystore for that user will fail as well, so any 1367655b958eb2180c7c06889f83f606d23421bf038cKenny Root * subsequent request for this user will just return SYSTEM_ERROR. 1368655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1369655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("User initialization failed for %u; subsuquent operations will fail", userId); 1370a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1371655b958eb2180c7c06889f83f606d23421bf038cKenny Root mMasterKeys.add(userState); 1372655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState; 1373a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1374a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1375655b958eb2180c7c06889f83f606d23421bf038cKenny Root /** 1376655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns NULL if the UserState doesn't already exist. 1377655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1378655b958eb2180c7c06889f83f606d23421bf038cKenny Root const UserState* getUserState(uid_t uid) const { 1379655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t userId = get_user_id(uid); 1380655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1381655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::const_iterator it(mMasterKeys.begin()); 1382655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 1383655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* state = *it; 1384655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (state->getUserId() == userId) { 1385655b958eb2180c7c06889f83f606d23421bf038cKenny Root return state; 1386655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1387655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1388a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1389655b958eb2180c7c06889f83f606d23421bf038cKenny Root return NULL; 1390a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1391a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1392655b958eb2180c7c06889f83f606d23421bf038cKenny Rootprivate: 1393655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const char* sOldMasterKey; 1394655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const char* sMetaDataFile; 13951b0e3933900c7ea21189704d5db64e7346aee7afKenny Root static const android::String16 sRSAKeyType; 1396655b958eb2180c7c06889f83f606d23421bf038cKenny Root Entropy* mEntropy; 139707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1398919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t* mDevice; 1399919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t* mFallbackDevice; 1400a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1401655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::Vector<UserState*> mMasterKeys; 1402655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1403655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::Vector<grant_t*> mGrants; 140470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1405655b958eb2180c7c06889f83f606d23421bf038cKenny Root typedef struct { 1406655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint32_t version; 1407655b958eb2180c7c06889f83f606d23421bf038cKenny Root } keystore_metadata_t; 140870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1409655b958eb2180c7c06889f83f606d23421bf038cKenny Root keystore_metadata_t mMetaData; 1410655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1411655b958eb2180c7c06889f83f606d23421bf038cKenny Root const grant_t* getGrant(const char* filename, uid_t uid) const { 1412655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::const_iterator it(mGrants.begin()); 1413655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 1414655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = *it; 141570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (grant->uid == uid 1416655b958eb2180c7c06889f83f606d23421bf038cKenny Root && !strcmp(reinterpret_cast<const char*>(grant->filename), filename)) { 141770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return grant; 141870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 141970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 142070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return NULL; 142170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 142270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1423822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /** 1424822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Upgrade code. This will upgrade the key from the current version 1425822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * to whatever is newest. 1426822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 1427655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVersion, 1428655b958eb2180c7c06889f83f606d23421bf038cKenny Root const BlobType type, uid_t uid) { 1429822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root bool updated = false; 1430822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t version = oldVersion; 1431822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1432822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /* From V0 -> V1: All old types were unknown */ 1433822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (version == 0) { 1434822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGV("upgrading to version 1 and setting type %d", type); 1435822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1436822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root blob->setType(type); 1437822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (type == TYPE_KEY_PAIR) { 1438655b958eb2180c7c06889f83f606d23421bf038cKenny Root importBlobAsKey(blob, filename, uid); 1439822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1440822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root version = 1; 1441822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root updated = true; 1442822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1443822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1444f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root /* From V1 -> V2: All old keys were encrypted */ 1445f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (version == 1) { 1446f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("upgrading to version 2"); 1447f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1448f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root blob->setEncrypted(true); 1449f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root version = 2; 1450f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root updated = true; 1451f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 1452f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1453822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /* 1454822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * If we've updated, set the key blob to the right version 1455822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * and write it. 1456cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root */ 1457822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (updated) { 1458822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGV("updated and writing file %s", filename); 1459822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root blob->setVersion(version); 1460822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1461cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root 1462cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root return updated; 1463822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1464822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1465822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /** 1466822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Takes a blob that is an PEM-encoded RSA key as a byte array and 1467822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * converts it to a DER-encoded PKCS#8 for import into a keymaster. 1468822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Then it overwrites the original blob with the new blob 1469822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * format that is returned from the keymaster. 1470822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 1471655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode importBlobAsKey(Blob* blob, const char* filename, uid_t uid) { 1472822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root // We won't even write to the blob directly with this BIO, so const_cast is okay. 1473822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_BIO b(BIO_new_mem_buf(const_cast<uint8_t*>(blob->getValue()), blob->getLength())); 1474822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (b.get() == NULL) { 1475822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Problem instantiating BIO"); 1476822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1477822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1478822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1479822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_EVP_PKEY pkey(PEM_read_bio_PrivateKey(b.get(), NULL, NULL, NULL)); 1480822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (pkey.get() == NULL) { 1481822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't read old PEM file"); 1482822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1483822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1484822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1485822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_PKCS8_PRIV_KEY_INFO pkcs8(EVP_PKEY2PKCS8(pkey.get())); 1486822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root int len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), NULL); 1487822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (len < 0) { 1488822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't measure PKCS#8 length"); 1489822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1490822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1491822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 149270c9889c5ca912e7c492580e1999f18ab65b267bKenny Root UniquePtr<unsigned char[]> pkcs8key(new unsigned char[len]); 149370c9889c5ca912e7c492580e1999f18ab65b267bKenny Root uint8_t* tmp = pkcs8key.get(); 1494822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &tmp) != len) { 1495822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't convert to PKCS#8"); 1496822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1497822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1498822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1499f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode rc = importKey(pkcs8key.get(), len, filename, uid, 1500f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root blob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); 1501822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc != NO_ERROR) { 1502822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1503822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1504822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1505655b958eb2180c7c06889f83f606d23421bf038cKenny Root return get(filename, blob, TYPE_KEY_PAIR, uid); 1506822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 150770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1508655b958eb2180c7c06889f83f606d23421bf038cKenny Root void readMetaData() { 1509655b958eb2180c7c06889f83f606d23421bf038cKenny Root int in = TEMP_FAILURE_RETRY(open(sMetaDataFile, O_RDONLY)); 1510655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (in < 0) { 1511655b958eb2180c7c06889f83f606d23421bf038cKenny Root return; 1512655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1513655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t fileLength = readFully(in, (uint8_t*) &mMetaData, sizeof(mMetaData)); 1514655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (fileLength != sizeof(mMetaData)) { 1515655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGI("Metadata file is %zd bytes (%zd experted); upgrade?", fileLength, 1516655b958eb2180c7c06889f83f606d23421bf038cKenny Root sizeof(mMetaData)); 1517655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1518655b958eb2180c7c06889f83f606d23421bf038cKenny Root close(in); 151970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 152070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1521655b958eb2180c7c06889f83f606d23421bf038cKenny Root void writeMetaData() { 1522655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* tmpFileName = ".metadata.tmp"; 1523655b958eb2180c7c06889f83f606d23421bf038cKenny Root int out = TEMP_FAILURE_RETRY(open(tmpFileName, 1524655b958eb2180c7c06889f83f606d23421bf038cKenny Root O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); 1525655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (out < 0) { 1526655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't write metadata file: %s", strerror(errno)); 1527655b958eb2180c7c06889f83f606d23421bf038cKenny Root return; 1528655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1529655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t fileLength = writeFully(out, (uint8_t*) &mMetaData, sizeof(mMetaData)); 1530655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (fileLength != sizeof(mMetaData)) { 1531655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGI("Could only write %zd bytes to metadata file (%zd expected)", fileLength, 1532655b958eb2180c7c06889f83f606d23421bf038cKenny Root sizeof(mMetaData)); 153370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1534655b958eb2180c7c06889f83f606d23421bf038cKenny Root close(out); 1535655b958eb2180c7c06889f83f606d23421bf038cKenny Root rename(tmpFileName, sMetaDataFile); 153670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 153770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1538655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgradeKeystore() { 1539655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgraded = false; 1540655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1541655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (mMetaData.version == 0) { 1542655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(0); 1543655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1544655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Initialize first so the directory is made. 1545655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->initialize(); 1546655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1547655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Migrate the old .masterkey file to user 0. 1548655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(sOldMasterKey, R_OK) == 0) { 1549655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (rename(sOldMasterKey, userState->getMasterKeyFileName()) < 0) { 1550655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't migrate old masterkey: %s", strerror(errno)); 1551655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 1552655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1553655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1554655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1555655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Initialize again in case we had a key. 1556655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->initialize(); 1557655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1558655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Try to migrate existing keys. 1559655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir("."); 1560655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!dir) { 1561655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Give up now; maybe we can upgrade later. 1562655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't open keystore's directory; something is wrong"); 1563655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 1564655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1565655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1566655b958eb2180c7c06889f83f606d23421bf038cKenny Root struct dirent* file; 1567655b958eb2180c7c06889f83f606d23421bf038cKenny Root while ((file = readdir(dir)) != NULL) { 1568655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 1569655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 1570655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1571655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1572655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1573655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 1574655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_name[0] == '.') { 1575655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1576655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1577655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1578655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Find the current file's user. 1579655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* end; 1580655b958eb2180c7c06889f83f606d23421bf038cKenny Root unsigned long thisUid = strtoul(file->d_name, &end, 10); 1581655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (end[0] != '_' || end[1] == 0) { 1582655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1583655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1584655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* otherUser = getUserState(thisUid); 1585655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (otherUser->getUserId() != 0) { 1586655b958eb2180c7c06889f83f606d23421bf038cKenny Root unlinkat(dirfd(dir), file->d_name, 0); 1587655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1588655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1589655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Rename the file into user directory. 1590655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* otherdir = opendir(otherUser->getUserDirName()); 1591655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (otherdir == NULL) { 1592655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't open user directory for rename"); 1593655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1594655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1595655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (renameat(dirfd(dir), file->d_name, dirfd(otherdir), file->d_name) < 0) { 1596655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't rename blob: %s: %s", file->d_name, strerror(errno)); 1597655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1598655b958eb2180c7c06889f83f606d23421bf038cKenny Root closedir(otherdir); 1599655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1600655b958eb2180c7c06889f83f606d23421bf038cKenny Root closedir(dir); 1601655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1602655b958eb2180c7c06889f83f606d23421bf038cKenny Root mMetaData.version = 1; 1603655b958eb2180c7c06889f83f606d23421bf038cKenny Root upgraded = true; 1604655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1605655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1606655b958eb2180c7c06889f83f606d23421bf038cKenny Root return upgraded; 160770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1608655b958eb2180c7c06889f83f606d23421bf038cKenny Root}; 160970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1610655b958eb2180c7c06889f83f606d23421bf038cKenny Rootconst char* KeyStore::sOldMasterKey = ".masterkey"; 1611655b958eb2180c7c06889f83f606d23421bf038cKenny Rootconst char* KeyStore::sMetaDataFile = ".metadata"; 161270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 16131b0e3933900c7ea21189704d5db64e7346aee7afKenny Rootconst android::String16 KeyStore::sRSAKeyType("RSA"); 16141b0e3933900c7ea21189704d5db64e7346aee7afKenny Root 161507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootnamespace android { 161607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootclass KeyStoreProxy : public BnKeystoreService, public IBinder::DeathRecipient { 161707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootpublic: 161807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root KeyStoreProxy(KeyStore* keyStore) 161940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker : mKeyStore(keyStore), 162040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap(this) 162107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root { 162207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1623a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 162440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void binderDied(const wp<IBinder>& who) { 162540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker auto operations = mOperationMap.getOperationsForToken(who.unsafe_get()); 162640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker for (auto token: operations) { 162740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker abort(token); 162840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 162907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1630a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 163107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t test() { 16329489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_TEST)) { 163307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 163407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1635a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 16369489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return mKeyStore->getState(IPCThreadState::self()->getCallingUid()); 1637a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1638a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 163907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t get(const String16& name, uint8_t** item, size_t* itemLength) { 16409489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_GET)) { 164107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 164207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1643a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 16449489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 164507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 164607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 164766dbf67dd65b4808a15ef64f0ffde1275bdd58a9Nick Kralevich 1648655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 1649494689083467ec372a58f094f041c8f102f39393Kenny Root TYPE_GENERIC); 165007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 1651655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("Could not read %s", name8.string()); 165207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *item = NULL; 165307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *itemLength = 0; 165407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 165507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 165607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 165707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *item = (uint8_t*) malloc(keyBlob.getLength()); 165807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root memcpy(*item, keyBlob.getValue(), keyBlob.getLength()); 165907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *itemLength = keyBlob.getLength(); 166007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 166107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1662a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1663a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1664f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int targetUid, 1665f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 16669489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 16679489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, 16689489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 16699489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 16709489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 1671b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1672b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 167307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1674655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 167507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 167607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob(item, itemLength, NULL, 0, ::TYPE_GENERIC); 1677ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 1678ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root 1679fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->put(filename.string(), &keyBlob, targetUid); 1680a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1681a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1682494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t del(const String16& name, int targetUid) { 16839489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 16849489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_DELETE, targetUid)) { 1685b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1686b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 168707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1688655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 168917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return mKeyStore->del(filename.string(), ::TYPE_ANY, targetUid); 1690298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1691298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 1692494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t exist(const String16& name, int targetUid) { 16939489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 16949489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_EXIST, targetUid)) { 1695b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1696b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1697b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 169807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1699655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 170007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1701655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 170207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 170307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 170407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1705298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1706298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 1707494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t saw(const String16& prefix, int targetUid, Vector<String16>* matches) { 17089489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 17099489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_SAW, targetUid)) { 1710b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1711b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 171207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 prefix8(prefix); 1713655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUid(prefix8, targetUid)); 171407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 17154b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mKeyStore->saw(filename, matches, targetUid) != ::NO_ERROR) { 17164b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 171707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 171807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1719298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1720298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 172107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t reset() { 17229489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_RESET)) { 172307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 172407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1725a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 17269489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 17274b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return mKeyStore->reset(callingUid) ? ::NO_ERROR : ::SYSTEM_ERROR; 1728a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1729a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 173007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 173107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Here is the history. To improve the security, the parameters to generate the 173207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * master key has been changed. To make a seamless transition, we update the 173307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * file using the same password when the user unlock it for the first time. If 173407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * any thing goes wrong during the transition, the new file will not overwrite 173507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * the old one. This avoids permanent damages of the existing data. 173607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 173707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t password(const String16& password) { 17389489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_PASSWORD)) { 173907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 174007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1741a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 174207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 password8(password); 17439489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1744a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1745655b958eb2180c7c06889f83f606d23421bf038cKenny Root switch (mKeyStore->getState(callingUid)) { 174607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root case ::STATE_UNINITIALIZED: { 174707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root // generate master key, encrypt with password, write to file, initialize mMasterKey*. 1748655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->initializeUser(password8, callingUid); 174907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 175007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root case ::STATE_NO_ERROR: { 175107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root // rewrite master key with new password. 1752655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->writeMasterKey(password8, callingUid); 175307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 175407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root case ::STATE_LOCKED: { 175507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root // read master key, decrypt with password, initialize mMasterKey*. 1756655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->readMasterKey(password8, callingUid); 175707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 175807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 175907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 176007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1761a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 176207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t lock() { 17639489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_LOCK)) { 176407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 176507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 176607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 17679489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1768655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 17699d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (state != ::STATE_NO_ERROR) { 177007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling lock in state: %d", state); 177107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 177207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 177370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1774655b958eb2180c7c06889f83f606d23421bf038cKenny Root mKeyStore->lock(callingUid); 177507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 177670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1777a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 177807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t unlock(const String16& pw) { 17799489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_UNLOCK)) { 178007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 178107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 178207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 17839489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1784655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 17859d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (state != ::STATE_LOCKED) { 178607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling unlock when not locked"); 178707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 178807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 178907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 179007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 password8(pw); 179107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return password(pw); 179270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 179370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 179407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t zero() { 17959489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_ZERO)) { 179607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return -1; 179707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 179870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 17999489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1800655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->isEmpty(callingUid) ? ::KEY_NOT_FOUND : ::NO_ERROR; 180170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 180270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 180396427baf0094d50047049d329b0779c3c910402cKenny Root int32_t generate(const String16& name, int32_t targetUid, int32_t keyType, int32_t keySize, 180496427baf0094d50047049d329b0779c3c910402cKenny Root int32_t flags, Vector<sp<KeystoreArg> >* args) { 18059489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 18069489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, 18079489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 18089489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 18099489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 181007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 181107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uint8_t* data; 181207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t dataLength; 181307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int rc; 181417208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback = false; 181570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1816919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 1817919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 181807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 181907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 182007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 182170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 182207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->generate_keypair == NULL) { 182307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 182407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 182570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 182617208e0de5a42722901d803118745cca25fd10c1Kenny Root if (keyType == EVP_PKEY_DSA) { 182796427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_dsa_keygen_params_t dsa_params; 182896427baf0094d50047049d329b0779c3c910402cKenny Root memset(&dsa_params, '\0', sizeof(dsa_params)); 182996427baf0094d50047049d329b0779c3c910402cKenny Root 183096427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 183196427baf0094d50047049d329b0779c3c910402cKenny Root keySize = DSA_DEFAULT_KEY_SIZE; 183296427baf0094d50047049d329b0779c3c910402cKenny Root } else if ((keySize % 64) != 0 || keySize < DSA_MIN_KEY_SIZE 183396427baf0094d50047049d329b0779c3c910402cKenny Root || keySize > DSA_MAX_KEY_SIZE) { 183496427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 183596427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 183696427baf0094d50047049d329b0779c3c910402cKenny Root } 183796427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.key_size = keySize; 183896427baf0094d50047049d329b0779c3c910402cKenny Root 183996427baf0094d50047049d329b0779c3c910402cKenny Root if (args->size() == 3) { 184096427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> gArg = args->itemAt(0); 184196427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> pArg = args->itemAt(1); 184296427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> qArg = args->itemAt(2); 184396427baf0094d50047049d329b0779c3c910402cKenny Root 184496427baf0094d50047049d329b0779c3c910402cKenny Root if (gArg != NULL && pArg != NULL && qArg != NULL) { 184596427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.generator = reinterpret_cast<const uint8_t*>(gArg->data()); 184696427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.generator_len = gArg->size(); 184796427baf0094d50047049d329b0779c3c910402cKenny Root 184896427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_p = reinterpret_cast<const uint8_t*>(pArg->data()); 184996427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_p_len = pArg->size(); 185096427baf0094d50047049d329b0779c3c910402cKenny Root 185196427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_q = reinterpret_cast<const uint8_t*>(qArg->data()); 185296427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_q_len = qArg->size(); 185396427baf0094d50047049d329b0779c3c910402cKenny Root } else { 185496427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("not all DSA parameters were read"); 185596427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 185696427baf0094d50047049d329b0779c3c910402cKenny Root } 185796427baf0094d50047049d329b0779c3c910402cKenny Root } else if (args->size() != 0) { 185896427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("DSA args must be 3"); 185996427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 186096427baf0094d50047049d329b0779c3c910402cKenny Root } 186196427baf0094d50047049d329b0779c3c910402cKenny Root 18621d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (isKeyTypeSupported(device, TYPE_DSA)) { 186317208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = device->generate_keypair(device, TYPE_DSA, &dsa_params, &data, &dataLength); 186417208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 186517208e0de5a42722901d803118745cca25fd10c1Kenny Root isFallback = true; 1866fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = fallback->generate_keypair(fallback, TYPE_DSA, &dsa_params, &data, 1867fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker &dataLength); 186817208e0de5a42722901d803118745cca25fd10c1Kenny Root } 186917208e0de5a42722901d803118745cca25fd10c1Kenny Root } else if (keyType == EVP_PKEY_EC) { 187096427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_ec_keygen_params_t ec_params; 187196427baf0094d50047049d329b0779c3c910402cKenny Root memset(&ec_params, '\0', sizeof(ec_params)); 187296427baf0094d50047049d329b0779c3c910402cKenny Root 187396427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 187496427baf0094d50047049d329b0779c3c910402cKenny Root keySize = EC_DEFAULT_KEY_SIZE; 187596427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) { 187696427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 187796427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 187896427baf0094d50047049d329b0779c3c910402cKenny Root } 187996427baf0094d50047049d329b0779c3c910402cKenny Root ec_params.field_size = keySize; 188096427baf0094d50047049d329b0779c3c910402cKenny Root 18811d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (isKeyTypeSupported(device, TYPE_EC)) { 188217208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = device->generate_keypair(device, TYPE_EC, &ec_params, &data, &dataLength); 188317208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 188417208e0de5a42722901d803118745cca25fd10c1Kenny Root isFallback = true; 1885fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = fallback->generate_keypair(fallback, TYPE_EC, &ec_params, &data, &dataLength); 188617208e0de5a42722901d803118745cca25fd10c1Kenny Root } 188796427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keyType == EVP_PKEY_RSA) { 188896427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_rsa_keygen_params_t rsa_params; 188996427baf0094d50047049d329b0779c3c910402cKenny Root memset(&rsa_params, '\0', sizeof(rsa_params)); 189096427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.public_exponent = RSA_DEFAULT_EXPONENT; 189196427baf0094d50047049d329b0779c3c910402cKenny Root 189296427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 189396427baf0094d50047049d329b0779c3c910402cKenny Root keySize = RSA_DEFAULT_KEY_SIZE; 189496427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keySize < RSA_MIN_KEY_SIZE || keySize > RSA_MAX_KEY_SIZE) { 189596427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 189696427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 189796427baf0094d50047049d329b0779c3c910402cKenny Root } 189896427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.modulus_size = keySize; 189996427baf0094d50047049d329b0779c3c910402cKenny Root 190096427baf0094d50047049d329b0779c3c910402cKenny Root if (args->size() > 1) { 19016489e02e134e4779d35c4a340ff68ad445fde133Matteo Franchin ALOGI("invalid number of arguments: %zu", args->size()); 190296427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 190396427baf0094d50047049d329b0779c3c910402cKenny Root } else if (args->size() == 1) { 190496427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> pubExpBlob = args->itemAt(0); 190596427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExpBlob != NULL) { 190696427baf0094d50047049d329b0779c3c910402cKenny Root Unique_BIGNUM pubExpBn( 190796427baf0094d50047049d329b0779c3c910402cKenny Root BN_bin2bn(reinterpret_cast<const unsigned char*>(pubExpBlob->data()), 190896427baf0094d50047049d329b0779c3c910402cKenny Root pubExpBlob->size(), NULL)); 190996427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExpBn.get() == NULL) { 191096427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("Could not convert public exponent to BN"); 191196427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 191296427baf0094d50047049d329b0779c3c910402cKenny Root } 191396427baf0094d50047049d329b0779c3c910402cKenny Root unsigned long pubExp = BN_get_word(pubExpBn.get()); 191496427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExp == 0xFFFFFFFFL) { 191596427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("cannot represent public exponent as a long value"); 191696427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 191796427baf0094d50047049d329b0779c3c910402cKenny Root } 191896427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.public_exponent = pubExp; 191996427baf0094d50047049d329b0779c3c910402cKenny Root } 192096427baf0094d50047049d329b0779c3c910402cKenny Root } 192196427baf0094d50047049d329b0779c3c910402cKenny Root 192296427baf0094d50047049d329b0779c3c910402cKenny Root rc = device->generate_keypair(device, TYPE_RSA, &rsa_params, &data, &dataLength); 192396427baf0094d50047049d329b0779c3c910402cKenny Root } else { 192496427baf0094d50047049d329b0779c3c910402cKenny Root ALOGW("Unsupported key type %d", keyType); 192596427baf0094d50047049d329b0779c3c910402cKenny Root rc = -1; 192696427baf0094d50047049d329b0779c3c910402cKenny Root } 192770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 192807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 192907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 193007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 193170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1932655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 name8(name); 19339489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 193470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 193507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR); 193607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root free(data); 193707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1938ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 193917208e0de5a42722901d803118745cca25fd10c1Kenny Root keyBlob.setFallback(isFallback); 194017208e0de5a42722901d803118745cca25fd10c1Kenny Root 19419489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return mKeyStore->put(filename.string(), &keyBlob, targetUid); 194270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 194370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1944f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t import(const String16& name, const uint8_t* data, size_t length, int targetUid, 1945f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 19469489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 19479489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, 19489489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 19499489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 19509489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 195107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 195207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 195360898896c3f3b2245d10076cac64346c956dbaa5Kenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 195470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1955fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->importKey(data, length, filename.string(), targetUid, flags); 195670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 195770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 195807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out, 195907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t* outLength) { 19609489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_SIGN)) { 196107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 196207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 19639a53d3eaf42104ddf02feeccec3cf7f5c1a34baeKenny Root 19649489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 196507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 196607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 196770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1968d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGV("sign %s from uid %d", name8.string(), callingUid); 196970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1970655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 1971d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ::TYPE_KEY_PAIR); 197207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 197307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 197407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 197570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1976919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 197707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 197807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("no keymaster device; cannot sign"); 197907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 198007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 198170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 198207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->sign_data == NULL) { 198307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("device doesn't implement signing"); 198407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 198507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 198670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 198707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_rsa_sign_params_t params; 198807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.digest_type = DIGEST_NONE; 198907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.padding_type = PADDING_NONE; 19909489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int rc = device->sign_data(device, ¶ms, keyBlob.getValue(), keyBlob.getLength(), data, 1991fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker length, out, outLength); 199207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 199307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGW("device couldn't sign data"); 199407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 199507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 199670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 199707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 199870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 199970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 200007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t verify(const String16& name, const uint8_t* data, size_t dataLength, 200107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const uint8_t* signature, size_t signatureLength) { 20029489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_VERIFY)) { 200307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 200407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 200570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 20069489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 200707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 200807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 200907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int rc; 201070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2011655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2012494689083467ec372a58f094f041c8f102f39393Kenny Root TYPE_KEY_PAIR); 201307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 201407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 201507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 201670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2017919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 201807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 201907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 202007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 202170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 202207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->verify_data == NULL) { 202307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 202407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 202507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 202607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_rsa_sign_params_t params; 202707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.digest_type = DIGEST_NONE; 202807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.padding_type = PADDING_NONE; 202970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2030fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = device->verify_data(device, ¶ms, keyBlob.getValue(), keyBlob.getLength(), data, 2031fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker dataLength, signature, signatureLength); 203207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 203307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 203407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } else { 203507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 203607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 203770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 203870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 203907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 204007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * TODO: The abstraction between things stored in hardware and regular blobs 204107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * of data stored on the filesystem should be moved down to keystore itself. 204207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Unfortunately the Java code that calls this has naming conventions that it 204307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * knows about. Ideally keystore shouldn't be used to store random blobs of 204407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * data. 204507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * 204607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Until that happens, it's necessary to have a separate "get_pubkey" and 204707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * "del_key" since the Java code doesn't really communicate what it's 204807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * intentions are. 204907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 205007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) { 2051d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 20529489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_GET)) { 2053d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: get_pubkey", callingUid); 205407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 205507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 205670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 205707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 205807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 205970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2060d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGV("get_pubkey '%s' from uid %d", name8.string(), callingUid); 206170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2062655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 206307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root TYPE_KEY_PAIR); 206407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 206507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 206607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 206770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2068919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 206907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 207007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 207107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 207270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 207307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->get_keypair_public == NULL) { 207407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("device has no get_keypair_public implementation!"); 207507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 207607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 2077344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 207817208e0de5a42722901d803118745cca25fd10c1Kenny Root int rc; 2079fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = device->get_keypair_public(device, keyBlob.getValue(), keyBlob.getLength(), pubkey, 2080fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker pubkeyLength); 208107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 208207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 208307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 2084344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 208507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 2086344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root } 2087344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 2088494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t del_key(const String16& name, int targetUid) { 20899489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return del(name, targetUid); 2090a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 209107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 209207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t grant(const String16& name, int32_t granteeUid) { 2093d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 20949489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_GRANT); 20959489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 20969489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 209707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 209807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 209907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2100655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 210107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2102655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 210307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 210407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 210507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2106655b958eb2180c7c06889f83f606d23421bf038cKenny Root mKeyStore->addGrant(filename.string(), granteeUid); 210707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 2108a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 210907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 211007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t ungrant(const String16& name, int32_t granteeUid) { 2111d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 21129489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_GRANT); 21139489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 21149489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 211507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 211607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 211707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2118655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 211907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2120655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 212107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 212207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 212307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2124655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->removeGrant(filename.string(), granteeUid) ? ::NO_ERROR : ::KEY_NOT_FOUND; 2125a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 212607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 212707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int64_t getmtime(const String16& name) { 2128d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 21299489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_GET)) { 2130d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: getmtime", callingUid); 213136a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 213207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 213307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 213407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2135655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 213607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2137655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 2138655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not access %s for getmtime", filename.string()); 213936a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 2140a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 214107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2142655b958eb2180c7c06889f83f606d23421bf038cKenny Root int fd = TEMP_FAILURE_RETRY(open(filename.string(), O_NOFOLLOW, O_RDONLY)); 214307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (fd < 0) { 2144655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not open %s for getmtime", filename.string()); 214536a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 214607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 214707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 214807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct stat s; 214907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int ret = fstat(fd, &s); 215007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root close(fd); 215107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (ret == -1) { 2152655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not stat %s for getmtime", filename.string()); 215336a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 215407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 215507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 215636a9e231e03734cd2143383d26388455c1764e17Kenny Root return static_cast<int64_t>(s.st_mtime); 2157a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 215807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2159d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, 2160d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root int32_t destUid) { 21610225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2162eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2163eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_DUPLICATE, spid)) { 2164d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGW("permission denied for %d: duplicate", callingUid); 21650225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return -1L; 21660225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 21670225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2168655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 21690225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root if (!isKeystoreUnlocked(state)) { 2170d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("calling duplicate in state: %d", state); 21710225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return state; 21720225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 21730225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2174d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (srcUid == -1 || static_cast<uid_t>(srcUid) == callingUid) { 2175d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root srcUid = callingUid; 2176d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } else if (!is_granted_to(callingUid, srcUid)) { 2177d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("migrate not granted from source: %d -> %d", callingUid, srcUid); 21780225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return ::PERMISSION_DENIED; 21790225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 21800225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2181d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (destUid == -1) { 2182d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root destUid = callingUid; 2183d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 21840225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2185d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (srcUid != destUid) { 2186d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (static_cast<uid_t>(srcUid) != callingUid) { 2187d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("can only duplicate from caller to other or to same uid: " 2188d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root "calling=%d, srcUid=%d, destUid=%d", callingUid, srcUid, destUid); 2189d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return ::PERMISSION_DENIED; 2190d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 21910225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2192d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (!is_granted_to(callingUid, destUid)) { 2193d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("duplicate not granted to dest: %d -> %d", callingUid, destUid); 2194d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return ::PERMISSION_DENIED; 2195d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 21960225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 21970225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2198d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root String8 source8(srcKey); 2199655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 sourceFile(mKeyStore->getKeyNameForUidWithDir(source8, srcUid)); 2200d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root 2201d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root String8 target8(destKey); 2202fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root String8 targetFile(mKeyStore->getKeyNameForUidWithDir(target8, destUid)); 22030225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2204655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(targetFile.string(), W_OK) != -1 || errno != ENOENT) { 2205655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGD("destination already exists: %s", targetFile.string()); 22060225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return ::SYSTEM_ERROR; 22070225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22080225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2209d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root Blob keyBlob; 2210655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->get(sourceFile.string(), &keyBlob, TYPE_ANY, 2211fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root srcUid); 2212d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (responseCode != ::NO_ERROR) { 2213d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return responseCode; 22140225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 2215d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root 2216fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->put(targetFile.string(), &keyBlob, destUid); 22170225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22180225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 22191b0e3933900c7ea21189704d5db64e7346aee7afKenny Root int32_t is_hardware_backed(const String16& keyType) { 22201b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return mKeyStore->isHardwareBacked(keyType) ? 1 : 0; 22218ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root } 22228ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root 2223fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root int32_t clear_uid(int64_t targetUid64) { 22249489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t targetUid = getEffectiveUid(targetUid64); 22259489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_CLEAR_UID, targetUid)) { 2226a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root return ::PERMISSION_DENIED; 2227a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2228a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 22294b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 prefix = String8::format("%u_", targetUid); 22304b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee Vector<String16> aliases; 22314b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mKeyStore->saw(prefix, &aliases, targetUid) != ::NO_ERROR) { 2232a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root return ::SYSTEM_ERROR; 2233a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2234a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 22354b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee for (uint32_t i = 0; i < aliases.size(); i++) { 22364b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 name8(aliases[i]); 22374b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 22384b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee mKeyStore->del(filename.string(), ::TYPE_ANY, targetUid); 2239a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 22404b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::NO_ERROR; 2241a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2242a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 22434b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee int32_t reset_uid(int32_t targetUid) { 22449489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 22459489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_RESET_UID, targetUid)) { 22464e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 22474e865753346fc6a075966972a7a98051818859dbRobin Lee } 22484e865753346fc6a075966972a7a98051818859dbRobin Lee 22494b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return mKeyStore->reset(targetUid) ? ::NO_ERROR : ::SYSTEM_ERROR; 22504e865753346fc6a075966972a7a98051818859dbRobin Lee } 22514e865753346fc6a075966972a7a98051818859dbRobin Lee 22524e865753346fc6a075966972a7a98051818859dbRobin Lee int32_t sync_uid(int32_t sourceUid, int32_t targetUid) { 22539489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_SYNC_UID, targetUid)) { 22544e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 22554e865753346fc6a075966972a7a98051818859dbRobin Lee } 22569489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 22574e865753346fc6a075966972a7a98051818859dbRobin Lee if (sourceUid == targetUid) { 22584e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 22594e865753346fc6a075966972a7a98051818859dbRobin Lee } 22604e865753346fc6a075966972a7a98051818859dbRobin Lee 22614e865753346fc6a075966972a7a98051818859dbRobin Lee // Initialise user keystore with existing master key held in-memory 22624e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->copyMasterKey(sourceUid, targetUid); 22634e865753346fc6a075966972a7a98051818859dbRobin Lee } 22644e865753346fc6a075966972a7a98051818859dbRobin Lee 22654e865753346fc6a075966972a7a98051818859dbRobin Lee int32_t password_uid(const String16& pw, int32_t targetUid) { 22669489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 22679489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_PASSWORD, targetUid)) { 22684e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 22694e865753346fc6a075966972a7a98051818859dbRobin Lee } 22704e865753346fc6a075966972a7a98051818859dbRobin Lee const String8 password8(pw); 22714e865753346fc6a075966972a7a98051818859dbRobin Lee 22724e865753346fc6a075966972a7a98051818859dbRobin Lee switch (mKeyStore->getState(targetUid)) { 22734e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_UNINITIALIZED: { 22744e865753346fc6a075966972a7a98051818859dbRobin Lee // generate master key, encrypt with password, write to file, initialize mMasterKey*. 22754e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->initializeUser(password8, targetUid); 22764e865753346fc6a075966972a7a98051818859dbRobin Lee } 22774e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_NO_ERROR: { 22784e865753346fc6a075966972a7a98051818859dbRobin Lee // rewrite master key with new password. 22794e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->writeMasterKey(password8, targetUid); 22804e865753346fc6a075966972a7a98051818859dbRobin Lee } 22814e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_LOCKED: { 22824e865753346fc6a075966972a7a98051818859dbRobin Lee // read master key, decrypt with password, initialize mMasterKey*. 22834e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->readMasterKey(password8, targetUid); 22844e865753346fc6a075966972a7a98051818859dbRobin Lee } 22854e865753346fc6a075966972a7a98051818859dbRobin Lee } 22864e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 22874e865753346fc6a075966972a7a98051818859dbRobin Lee } 22884e865753346fc6a075966972a7a98051818859dbRobin Lee 22899c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t addRngEntropy(const uint8_t* data, size_t dataLength) { 22909c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 22919c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 22929c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t devResult = KM_ERROR_UNIMPLEMENTED; 22939c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t fallbackResult = KM_ERROR_UNIMPLEMENTED; 22949c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 22959c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker device->add_rng_entropy != NULL) { 22969c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker devResult = device->add_rng_entropy(device, data, dataLength); 22979c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 22989c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (fallback->add_rng_entropy) { 22999c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker fallbackResult = fallback->add_rng_entropy(fallback, data, dataLength); 23009c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23019c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (devResult) { 23029c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return devResult; 23039c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23049c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (fallbackResult) { 23059c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return fallbackResult; 23069c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23079c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return ::NO_ERROR; 23089899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 23099899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 231017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker int32_t generateKey(const String16& name, const KeymasterArguments& params, 2311154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker const uint8_t* entropy, size_t entropyLength, int uid, int flags, 2312154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker KeyCharacteristics* outCharacteristics) { 23139489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid = getEffectiveUid(uid); 23149489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int rc = checkBinderPermissionAndKeystoreState(P_INSERT, uid, 23159489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 23169489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (rc != ::NO_ERROR) { 23179489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return rc; 231817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 231917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 23209489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 232117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker bool isFallback = false; 232217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_blob_t blob; 232317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_characteristics_t *out = NULL; 232417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 232517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 232617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 232717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (device == NULL) { 232817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return ::SYSTEM_ERROR; 232917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 2330154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker // TODO: Seed from Linux RNG before this. 233117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 233217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker device->generate_key != NULL) { 2333154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (!entropy) { 2334154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_OK; 2335154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else if (device->add_rng_entropy) { 2336154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = device->add_rng_entropy(device, entropy, entropyLength); 2337154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2338154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 2339154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2340154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (rc == KM_ERROR_OK) { 2341154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = device->generate_key(device, params.params.data(), params.params.size(), 2342154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker &blob, &out); 2343154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 234417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 234517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker // If the HW device didn't support generate_key or generate_key failed 234617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker // fall back to the software implementation. 234717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (rc && fallback->generate_key != NULL) { 234817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker isFallback = true; 2349154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (!entropy) { 2350154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_OK; 2351154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else if (fallback->add_rng_entropy) { 2352154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = fallback->add_rng_entropy(fallback, entropy, entropyLength); 2353154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2354154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 2355154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2356154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (rc == KM_ERROR_OK) { 2357154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = fallback->generate_key(fallback, params.params.data(), params.params.size(), 2358154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker &blob, 2359154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker &out); 2360154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 236117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 236217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 236317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (out) { 236417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (outCharacteristics) { 236517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker outCharacteristics->characteristics = *out; 236617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } else { 236717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_free_characteristics(out); 236817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 236917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker free(out); 237017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 237117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 237217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (rc) { 237317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return rc; 237417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 237517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 237617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker String8 name8(name); 237717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid)); 237817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 237917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker Blob keyBlob(blob.key_material, blob.key_material_size, NULL, 0, ::TYPE_KEYMASTER_10); 238017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keyBlob.setFallback(isFallback); 238117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 238217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 238317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker free(const_cast<uint8_t*>(blob.key_material)); 238417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 238517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return mKeyStore->put(filename.string(), &keyBlob, uid); 23869899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 23879899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 2388f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker int32_t getKeyCharacteristics(const String16& name, 2389d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* clientId, 2390d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* appData, 2391f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker KeyCharacteristics* outCharacteristics) { 2392f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (!outCharacteristics) { 2393f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return KM_ERROR_UNEXPECTED_NULL_POINTER; 2394f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2395f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2396f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2397f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2398f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker Blob keyBlob; 2399f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker String8 name8(name); 2400f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker int rc; 2401f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2402f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2403f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker TYPE_KEYMASTER_10); 2404f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (responseCode != ::NO_ERROR) { 2405f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return responseCode; 2406f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2407f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster_key_blob_t key; 2408f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker key.key_material_size = keyBlob.getLength(); 2409f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker key.key_material = keyBlob.getValue(); 2410f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 2411f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster_key_characteristics_t *out = NULL; 2412f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (!dev->get_key_characteristics) { 2413f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker ALOGW("device does not implement get_key_characteristics"); 2414f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return KM_ERROR_UNIMPLEMENTED; 2415f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2416d663442b590b59250062335cc057478001b8e439Chad Brubaker rc = dev->get_key_characteristics(dev, &key, clientId, appData, &out); 2417f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (out) { 2418f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker outCharacteristics->characteristics = *out; 2419f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker free(out); 2420f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2421f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return rc ? rc : ::NO_ERROR; 24229899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24239899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 24244c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker int32_t importKey(const String16& name, const KeymasterArguments& params, 24254c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_format_t format, const uint8_t *keyData, 24264c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker size_t keyLength, int uid, int flags, 24274c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker KeyCharacteristics* outCharacteristics) { 24289489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid = getEffectiveUid(uid); 24299489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int rc = checkBinderPermissionAndKeystoreState(P_INSERT, uid, 24309489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 24319489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (rc != ::NO_ERROR) { 24329489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return rc; 24334c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24344c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24359489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 24364c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker bool isFallback = false; 24374c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_blob_t blob; 24384c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_characteristics_t *out = NULL; 24394c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24404c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 24414c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 24424c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (device == NULL) { 24434c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return ::SYSTEM_ERROR; 24444c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24454c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 24464c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker device->import_key != NULL) { 24474c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker rc = device->import_key(device, params.params.data(), params.params.size(), 24484c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker format, keyData, keyLength, &blob, &out); 24494c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24504c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (rc && fallback->import_key != NULL) { 24514c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker isFallback = true; 24524c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker rc = fallback->import_key(fallback, params.params.data(), params.params.size(), 24534c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker format, keyData, keyLength, &blob, &out); 24544c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24554c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (out) { 24564c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (outCharacteristics) { 24574c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker outCharacteristics->characteristics = *out; 24584c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } else { 24594c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_free_characteristics(out); 24604c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24614c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker free(out); 24624c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24634c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (rc) { 24644c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return rc; 24654c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24664c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24674c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker String8 name8(name); 24684c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid)); 24694c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24704c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker Blob keyBlob(blob.key_material, blob.key_material_size, NULL, 0, ::TYPE_KEYMASTER_10); 24714c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keyBlob.setFallback(isFallback); 24724c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 24734c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24744c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker free((void*) blob.key_material); 24754c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24764c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return mKeyStore->put(filename.string(), &keyBlob, uid); 24779899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24789899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 247907b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker void exportKey(const String16& name, keymaster_key_format_t format, 2480d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* clientId, 2481d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* appData, ExportResult* result) { 248207b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 248307b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 248407b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 248507b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker Blob keyBlob; 248607b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker String8 name8(name); 248707b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker int rc; 248807b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 248907b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 249007b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker TYPE_KEYMASTER_10); 249107b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker if (responseCode != ::NO_ERROR) { 249207b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = responseCode; 249307b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker return; 249407b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker } 249507b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker keymaster_key_blob_t key; 249607b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker key.key_material_size = keyBlob.getLength(); 249707b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker key.key_material = keyBlob.getValue(); 249807b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 249907b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker if (!dev->export_key) { 250007b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = KM_ERROR_UNIMPLEMENTED; 250107b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker return; 250207b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker } 250307b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker uint8_t* ptr = NULL; 2504d663442b590b59250062335cc057478001b8e439Chad Brubaker rc = dev->export_key(dev, format, &key, clientId, appData, 250507b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker &ptr, &result->dataLength); 250607b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->exportData.reset(ptr); 250707b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = rc ? rc : ::NO_ERROR; 25089899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 25099899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 251006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker /** 251106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker * Check that all keymaster_key_param_t's provided by the application are 251206801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker * allowed. Any parameter that keystore adds itself should be disallowed here. 251306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker */ 251406801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker bool checkAllowedOperationParams(const std::vector<keymaster_key_param_t>& params) { 251506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker for (auto param: params) { 251606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker switch (param.tag) { 251706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker case KM_TAG_AUTH_TOKEN: 251806801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return false; 251906801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker default: 252006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker break; 252106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 252206801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 252306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return true; 252406801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 252506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker 2526ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker int authorizeOperation(const keymaster_key_characteristics_t& characteristics, 252706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker keymaster_operation_handle_t handle, 252806801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t>* params, 252906801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker bool failOnTokenMissing=true) { 253006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker if (!checkAllowedOperationParams(*params)) { 253106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return KM_ERROR_INVALID_ARGUMENT; 253206801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 2533ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker std::vector<keymaster_key_param_t> allCharacteristics; 2534ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker for (size_t i = 0; i < characteristics.sw_enforced.length; i++) { 2535ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker allCharacteristics.push_back(characteristics.sw_enforced.params[i]); 2536ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker } 2537ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker for (size_t i = 0; i < characteristics.hw_enforced.length; i++) { 2538ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker allCharacteristics.push_back(characteristics.hw_enforced.params[i]); 2539ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker } 254006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker // Check for auth token and add it to the param list if present. 254106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker const hw_auth_token_t* authToken; 2542ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker switch (mAuthTokenTable.FindAuthorization(allCharacteristics.data(), 2543ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker allCharacteristics.size(), handle, &authToken)) { 254406801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker case keymaster::AuthTokenTable::OK: 254506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker // Auth token found. 254606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker params->push_back(keymaster_param_blob(KM_TAG_AUTH_TOKEN, 254706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker reinterpret_cast<const uint8_t*>(authToken), 254806801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker sizeof(hw_auth_token_t))); 254906801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker break; 255006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker case keymaster::AuthTokenTable::AUTH_NOT_REQUIRED: 255106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return KM_ERROR_OK; 255206801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker case keymaster::AuthTokenTable::AUTH_TOKEN_NOT_FOUND: 255306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker case keymaster::AuthTokenTable::OP_HANDLE_REQUIRED: 255406801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker case keymaster::AuthTokenTable::AUTH_TOKEN_EXPIRED: 255506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker if (failOnTokenMissing) { 255606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return KM_ERROR_KEY_USER_NOT_AUTHENTICATED; 255706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 255806801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker break; 255906801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker case keymaster::AuthTokenTable::AUTH_TOKEN_WRONG_SID: 256006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return KM_ERROR_KEY_USER_NOT_AUTHENTICATED; 256106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker default: 256206801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return KM_ERROR_INVALID_ARGUMENT; 256306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 256406801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker // TODO: Enforce the rest of authorization 256506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return KM_ERROR_OK; 256606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 256706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker 2568ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker keymaster_error_t getOperationCharacteristics(const keymaster_key_blob_t& key, 2569ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker const keymaster1_device_t* dev, 2570ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker const std::vector<keymaster_key_param_t>& params, 2571ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker keymaster_key_characteristics_t* out) { 2572ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker UniquePtr<keymaster_blob_t> appId; 2573ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker UniquePtr<keymaster_blob_t> appData; 2574ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker for (auto param : params) { 2575ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker if (param.tag == KM_TAG_APPLICATION_ID) { 2576ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker appId.reset(new keymaster_blob_t); 2577ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker appId->data = param.blob.data; 2578ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker appId->data_length = param.blob.data_length; 2579ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker } else if (param.tag == KM_TAG_APPLICATION_DATA) { 2580ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker appData.reset(new keymaster_blob_t); 2581ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker appData->data = param.blob.data; 2582ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker appData->data_length = param.blob.data_length; 2583ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker } 2584ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker } 2585ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker keymaster_key_characteristics_t* result = NULL; 2586ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker if (!dev->get_key_characteristics) { 2587ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker return KM_ERROR_UNIMPLEMENTED; 2588ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker } 2589ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker keymaster_error_t error = dev->get_key_characteristics(dev, &key, appId.get(), 2590ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker appData.get(), &result); 2591ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker if (result) { 2592ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker *out = *result; 2593ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker free(result); 2594ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker } 2595ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker return error; 2596ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker } 2597ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker 259840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void begin(const sp<IBinder>& appToken, const String16& name, keymaster_purpose_t purpose, 2599154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker bool pruneable, const KeymasterArguments& params, const uint8_t* entropy, 2600154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker size_t entropyLength, KeymasterArguments* outParams, OperationResult* result) { 260140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!result || !outParams) { 260240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ALOGE("Unexpected null arguments to begin()"); 260340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 260440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 260540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 260640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!pruneable && get_app_id(callingUid) != AID_SYSTEM) { 260740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ALOGE("Non-system uid %d trying to start non-pruneable operation", callingUid); 260840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = ::PERMISSION_DENIED; 260940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 261040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 261140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker Blob keyBlob; 261240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker String8 name8(name); 261340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 261440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker TYPE_KEYMASTER_10); 261540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (responseCode != ::NO_ERROR) { 261640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = responseCode; 261740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 261840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 261940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_key_blob_t key; 262040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker key.key_material_size = keyBlob.getLength(); 262140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker key.key_material = keyBlob.getValue(); 262240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_key_param_t* out; 262340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t outSize; 262440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 262540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 2626154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker keymaster_error_t err = KM_ERROR_UNIMPLEMENTED; 262706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> opParams(params.params); 2628ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker Unique_keymaster_key_characteristics characteristics; 2629ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker characteristics.reset(new keymaster_key_characteristics_t); 2630ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker err = getOperationCharacteristics(key, dev, opParams, characteristics.get()); 2631ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker if (err) { 2632ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker result->resultCode = err; 2633ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker return; 2634ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker } 263506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker // Don't require an auth token for the call to begin, authentication can 263606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker // require an operation handle. Update and finish will require the token 263706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker // be present and valid. 2638ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker int32_t authResult = authorizeOperation(*characteristics, 0, &opParams, 263906801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker /*failOnTokenMissing*/ false); 264006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker if (authResult) { 264106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker result->resultCode = err; 264206801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return; 264306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 2644154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker // Add entropy to the device first. 2645154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (entropy) { 2646154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (dev->add_rng_entropy) { 2647154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker err = dev->add_rng_entropy(dev, entropy, entropyLength); 2648154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2649154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker err = KM_ERROR_UNIMPLEMENTED; 2650154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2651154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (err) { 2652154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker result->resultCode = err; 2653154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker return; 2654154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2655154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 265606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker // Don't do an auth check here, we need begin to succeed for 265706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker // per-operation auth. update/finish will be doing the auth checks. 265806801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker err = dev->begin(dev, purpose, &key, opParams.data(), opParams.size(), &out, &outSize, 265906801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker &handle); 266040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 266140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // If there are too many operations abort the oldest operation that was 266240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // started as pruneable and try again. 266340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker while (err == KM_ERROR_TOO_MANY_OPERATIONS && mOperationMap.hasPruneableOperation()) { 266440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker sp<IBinder> oldest = mOperationMap.getOldestPruneableOperation(); 266540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ALOGD("Ran out of operation handles, trying to prune %p", oldest.get()); 266640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (abort(oldest) != ::NO_ERROR) { 266740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker break; 266840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 266940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker err = dev->begin(dev, purpose, &key, params.params.data(), 267040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker params.params.size(), &out, &outSize, 267140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker &handle); 267240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 267340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (err) { 267440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err; 267540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 267640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 267740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (out) { 267840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker outParams->params.assign(out, out + outSize); 267940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker free(out); 268040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 26819899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 2682ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker sp<IBinder> operationToken = mOperationMap.addOperation(handle, dev, appToken, 2683ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker characteristics.release(), 268406801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker pruneable); 268540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = ::NO_ERROR; 268640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->token = operationToken; 2687c3a1856bbe2e39d5b3430f5f088b12fd710a159fChad Brubaker result->handle = handle; 26889899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 26899899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 269040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void update(const sp<IBinder>& token, const KeymasterArguments& params, const uint8_t* data, 269140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t dataLength, OperationResult* result) { 269240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 269340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 2694ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker const keymaster_key_characteristics_t* characteristics; 2695ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, &characteristics)) { 269640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = KM_ERROR_INVALID_OPERATION_HANDLE; 269740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 269840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 269940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker uint8_t* output_buf = NULL; 270040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t output_length = 0; 270140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t consumed = 0; 270206801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> opParams(params.params); 2703ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker int32_t authResult = authorizeOperation(*characteristics, handle, &opParams); 270406801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker if (authResult) { 270506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker result->resultCode = authResult; 270606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return; 270706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 270806801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker keymaster_error_t err = dev->update(dev, handle, opParams.data(), opParams.size(), data, 270906801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker dataLength, &consumed, &output_buf, &output_length); 271040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->data.reset(output_buf); 271140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->dataLength = output_length; 271240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->inputConsumed = consumed; 271340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err ? (int32_t) err : ::NO_ERROR; 271440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 271540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 271640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void finish(const sp<IBinder>& token, const KeymasterArguments& params, 271740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const uint8_t* signature, size_t signatureLength, OperationResult* result) { 271840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 271940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 2720ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker const keymaster_key_characteristics_t* characteristics; 2721ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, &characteristics)) { 272240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = KM_ERROR_INVALID_OPERATION_HANDLE; 272340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 272440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 272540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker uint8_t* output_buf = NULL; 272640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t output_length = 0; 272706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> opParams(params.params); 2728ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker int32_t authResult = authorizeOperation(*characteristics, handle, &opParams); 272906801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker if (authResult) { 273006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker result->resultCode = authResult; 273106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return; 273206801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 273306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker keymaster_error_t err = dev->finish(dev, handle, opParams.data(), opParams.size(), 273406801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker signature, signatureLength, &output_buf, 273506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker &output_length); 273640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // Remove the operation regardless of the result 273740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap.removeOperation(token); 273806801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker mAuthTokenTable.MarkCompleted(handle); 273940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->data.reset(output_buf); 274040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->dataLength = output_length; 274140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err ? (int32_t) err : ::NO_ERROR; 274240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 274340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 274440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker int32_t abort(const sp<IBinder>& token) { 274540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 274640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 274706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, NULL)) { 274840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return KM_ERROR_INVALID_OPERATION_HANDLE; 274940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 275040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap.removeOperation(token); 275106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker int32_t rc; 275240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!dev->abort) { 275306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 275406801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } else { 275506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker rc = dev->abort(dev, handle); 275640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 275706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker mAuthTokenTable.MarkCompleted(handle); 275840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (rc) { 275940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return rc; 276040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 276140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return ::NO_ERROR; 27629899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 27639899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 27642ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker bool isOperationAuthorized(const sp<IBinder>& token) { 27652ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker const keymaster1_device_t* dev; 27662ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker keymaster_operation_handle_t handle; 2767ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker const keymaster_key_characteristics_t* characteristics; 2768ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, &characteristics)) { 27692ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker return false; 27702ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 277106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> ignored; 2772ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker int32_t authResult = authorizeOperation(*characteristics, handle, &ignored); 277306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return authResult == KM_ERROR_OK; 27742ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 27752ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker 2776d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker int32_t addAuthToken(const uint8_t* token, size_t length) { 27779489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_ADD_AUTH)) { 27789489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker ALOGW("addAuthToken: permission denied for %d", 27799489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker IPCThreadState::self()->getCallingUid()); 2780d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return ::PERMISSION_DENIED; 2781d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker } 2782d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker if (length != sizeof(hw_auth_token_t)) { 2783d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return KM_ERROR_INVALID_ARGUMENT; 2784d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker } 2785d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker hw_auth_token_t* authToken = new hw_auth_token_t; 2786d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker memcpy(reinterpret_cast<void*>(authToken), token, sizeof(hw_auth_token_t)); 2787d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker // The table takes ownership of authToken. 2788d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker mAuthTokenTable.AddAuthenticationToken(authToken); 2789d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return ::NO_ERROR; 27902ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 27912ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker 279207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootprivate: 27939489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker static const int32_t UID_SELF = -1; 27949489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 27959489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 27969489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Get the effective target uid for a binder operation that takes an 27979489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * optional uid as the target. 27989489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 27999489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline uid_t getEffectiveUid(int32_t targetUid) { 28009489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (targetUid == UID_SELF) { 28019489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return IPCThreadState::self()->getCallingUid(); 28029489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28039489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return static_cast<uid_t>(targetUid); 28049489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28059489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28069489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 28079489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Check if the caller of the current binder method has the required 28089489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * permission and if acting on other uids the grants to do so. 28099489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 28109489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF) { 28119489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 28129489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker pid_t spid = IPCThreadState::self()->getCallingPid(); 28139489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!has_permission(callingUid, permission, spid)) { 28149489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid); 28159489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return false; 28169489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28179489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!is_granted_to(callingUid, getEffectiveUid(targetUid))) { 28189489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker ALOGW("uid %d not granted to act for %d", callingUid, targetUid); 28199489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return false; 28209489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28219489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return true; 28229489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28239489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28249489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 28259489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Check if the caller of the current binder method has the required 28269489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * permission or the target of the operation is the caller's uid. This is 28279489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * for operation where the permission is only for cross-uid activity and all 28289489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * uids are allowed to act on their own (ie: clearing all entries for a 28299489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * given uid). 28309489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 28319489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid) { 28329489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 28339489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (getEffectiveUid(targetUid) == callingUid) { 28349489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return true; 28359489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } else { 28369489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return checkBinderPermission(permission, targetUid); 28379489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28389489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28399489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28409489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 28419489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Helper method to check that the caller has the required permission as 28429489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * well as the keystore is in the unlocked state if checkUnlocked is true. 28439489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * 28449489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and 28459489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * otherwise the state of keystore when not unlocked and checkUnlocked is 28469489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * true. 28479489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 28489489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline int32_t checkBinderPermissionAndKeystoreState(perm_t permission, int32_t targetUid = -1, 28499489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker bool checkUnlocked = true) { 28509489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(permission, targetUid)) { 28519489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return ::PERMISSION_DENIED; 28529489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28539489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker State state = mKeyStore->getState(getEffectiveUid(targetUid)); 28549489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (checkUnlocked && !isKeystoreUnlocked(state)) { 28559489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return state; 28569489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28579489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28589489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return ::NO_ERROR; 28599489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28609489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28619489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28629d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root inline bool isKeystoreUnlocked(State state) { 28639d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root switch (state) { 28649d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_NO_ERROR: 28659d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return true; 28669d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_UNINITIALIZED: 28679d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_LOCKED: 28689d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return false; 28699d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root } 28709d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return false; 2871a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 287207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2873919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker bool isKeyTypeSupported(const keymaster1_device_t* device, keymaster_keypair_t keyType) { 28741d448c074a86ef5d05a22fdf1358718976628a86Kenny Root const int32_t device_api = device->common.module->module_api_version; 28751d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (device_api == KEYMASTER_MODULE_API_VERSION_0_2) { 28761d448c074a86ef5d05a22fdf1358718976628a86Kenny Root switch (keyType) { 28771d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_RSA: 28781d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_DSA: 28791d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_EC: 28801d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return true; 28811d448c074a86ef5d05a22fdf1358718976628a86Kenny Root default: 28821d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return false; 28831d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28841d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } else if (device_api >= KEYMASTER_MODULE_API_VERSION_0_3) { 28851d448c074a86ef5d05a22fdf1358718976628a86Kenny Root switch (keyType) { 28861d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_RSA: 28871d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return true; 28881d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_DSA: 28891d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return device->flags & KEYMASTER_SUPPORTS_DSA; 28901d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_EC: 28911d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return device->flags & KEYMASTER_SUPPORTS_EC; 28921d448c074a86ef5d05a22fdf1358718976628a86Kenny Root default: 28931d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return false; 28941d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28951d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } else { 28961d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return keyType == TYPE_RSA; 28971d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28981d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28991d448c074a86ef5d05a22fdf1358718976628a86Kenny Root 290007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ::KeyStore* mKeyStore; 290140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker OperationMap mOperationMap; 2902d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker keymaster::AuthTokenTable mAuthTokenTable; 290307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 290407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 290507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; // namespace android 2906a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 2907a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootint main(int argc, char* argv[]) { 2908a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (argc < 2) { 2909a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("A directory must be specified!"); 2910a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2911a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 2912a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (chdir(argv[1]) == -1) { 2913a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("chdir: %s: %s", argv[1], strerror(errno)); 2914a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2915a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 2916a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 2917a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Entropy entropy; 2918a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!entropy.open()) { 2919a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2920a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 292170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2922a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willden keymaster0_device_t* dev; 292370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (keymaster_device_initialize(&dev)) { 292470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("keystore keymaster could not be initialized; exiting"); 292570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return 1; 292670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 292770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2928919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t* fallback; 2929fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker if (fallback_keymaster_device_initialize(&fallback)) { 2930fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker ALOGE("software keymaster could not be initialized; exiting"); 2931fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return 1; 2932fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 2933fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 2934eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ks_is_selinux_enabled = is_selinux_enabled(); 2935eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (ks_is_selinux_enabled) { 2936eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn union selinux_callback cb; 2937eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn cb.func_log = selinux_log_callback; 2938eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn selinux_set_callback(SELINUX_CB_LOG, cb); 2939eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (getcon(&tctx) != 0) { 2940eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("SELinux: Could not acquire target context. Aborting keystore.\n"); 2941eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return -1; 2942eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 2943eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } else { 2944eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGI("SELinux: Keystore SELinux is disabled.\n"); 2945eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 2946eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 2947919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker KeyStore keyStore(&entropy, reinterpret_cast<keymaster1_device_t*>(dev), fallback); 2948655b958eb2180c7c06889f83f606d23421bf038cKenny Root keyStore.initialize(); 294907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::sp<android::IServiceManager> sm = android::defaultServiceManager(); 295007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::sp<android::KeyStoreProxy> proxy = new android::KeyStoreProxy(&keyStore); 295107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::status_t ret = sm->addService(android::String16("android.security.keystore"), proxy); 295207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (ret != android::OK) { 295307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("Couldn't register binder service!"); 295407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return -1; 2955a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 295670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 295707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 295807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * We're the only thread in existence, so we're just going to process 295907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Binder transaction as a single-threaded program. 296007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 296107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::IPCThreadState::self()->joinThreadPool(); 296270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 296307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_device_release(dev); 2964a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2965a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 2966