keystore.cpp revision 96d6d7868303ad87f1f408c40d3c44bcb39f561e
1a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* 2a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Copyright (C) 2009 The Android Open Source Project 3a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 4a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Licensed under the Apache License, Version 2.0 (the "License"); 5a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * you may not use this file except in compliance with the License. 6a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * You may obtain a copy of the License at 7a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 8a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * http://www.apache.org/licenses/LICENSE-2.0 9a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 10a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Unless required by applicable law or agreed to in writing, software 11a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * distributed under the License is distributed on an "AS IS" BASIS, 12a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * See the License for the specific language governing permissions and 14a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * limitations under the License. 15a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root */ 16a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root//#define LOG_NDEBUG 0 1807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#define LOG_TAG "keystore" 1907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 20a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <stdio.h> 21a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <stdint.h> 22a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <string.h> 23aaf9802da6cea710e0777abb852724e1825cad63Elliott Hughes#include <strings.h> 24a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <unistd.h> 25a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <signal.h> 26a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <errno.h> 27a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <dirent.h> 28655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <errno.h> 29a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <fcntl.h> 30a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <limits.h> 31822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <assert.h> 32a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/types.h> 33a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/socket.h> 34a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/stat.h> 35a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/time.h> 36a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <arpa/inet.h> 37a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 38a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/aes.h> 39822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <openssl/bio.h> 40a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/evp.h> 41a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/md5.h> 42822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <openssl/pem.h> 43a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 4480843db63ed6b61c953a1243801117a15c9e8c38Shawn Willden#include <hardware/keymaster0.h> 4570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 4667d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker#include <keymaster/soft_keymaster_device.h> 470400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden#include <keymaster/soft_keymaster_logger.h> 480400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden#include <keymaster/softkeymaster.h> 4917208e0de5a42722901d803118745cca25fd10c1Kenny Root 5026cfc08add3966eca5892e3387cf5ed6dc3068fbKenny Root#include <UniquePtr.h> 51655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <utils/String8.h> 52655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <utils/Vector.h> 5370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 5407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <keystore/IKeystoreService.h> 5507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <binder/IPCThreadState.h> 5607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <binder/IServiceManager.h> 5707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 58a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <cutils/log.h> 59a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <cutils/sockets.h> 60a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <private/android_filesystem_config.h> 61a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 6207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <keystore/keystore.h> 63a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 64eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn#include <selinux/android.h> 65eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 66d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker#include "auth_token_table.h" 6796427baf0094d50047049d329b0779c3c910402cKenny Root#include "defaults.h" 6840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker#include "operation.h" 6996427baf0094d50047049d329b0779c3c910402cKenny Root 70a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* KeyStore is a secured storage for key-value pairs. In this implementation, 71a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * each file stores one key-value pair. Keys are encoded in file names, and 72a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * values are encrypted with checksums. The encryption key is protected by a 73a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * user-defined password. To keep things simple, buffers are always larger than 74a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * the maximum space we needed, so boundary checks on buffers are omitted. */ 75a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 76a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define KEY_SIZE ((NAME_MAX - 15) / 2) 77a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define VALUE_SIZE 32768 78a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define PASSWORD_SIZE VALUE_SIZE 79a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 80822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 8196427baf0094d50047049d329b0779c3c910402cKenny Rootstruct BIGNUM_Delete { 8296427baf0094d50047049d329b0779c3c910402cKenny Root void operator()(BIGNUM* p) const { 8396427baf0094d50047049d329b0779c3c910402cKenny Root BN_free(p); 8496427baf0094d50047049d329b0779c3c910402cKenny Root } 8596427baf0094d50047049d329b0779c3c910402cKenny Root}; 8696427baf0094d50047049d329b0779c3c910402cKenny Roottypedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; 8796427baf0094d50047049d329b0779c3c910402cKenny Root 88822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct BIO_Delete { 89822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(BIO* p) const { 90822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root BIO_free(p); 91822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 92822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 93822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<BIO, BIO_Delete> Unique_BIO; 94822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 95822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct EVP_PKEY_Delete { 96822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(EVP_PKEY* p) const { 97822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root EVP_PKEY_free(p); 98822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 99822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 100822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; 101822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 102822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct PKCS8_PRIV_KEY_INFO_Delete { 103822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(PKCS8_PRIV_KEY_INFO* p) const { 104822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root PKCS8_PRIV_KEY_INFO_free(p); 105822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 106822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 107822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; 108822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 10980843db63ed6b61c953a1243801117a15c9e8c38Shawn Willdenstatic int keymaster_device_initialize(keymaster0_device_t** dev) { 11070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root int rc; 11170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 11270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root const hw_module_t* mod; 11370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod); 11470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (rc) { 11570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("could not find any keystore module"); 11670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root goto out; 11770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 11870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 11980843db63ed6b61c953a1243801117a15c9e8c38Shawn Willden rc = keymaster0_open(mod, dev); 12070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (rc) { 12170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("could not open keymaster device in %s (%s)", 12270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc)); 12370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root goto out; 12470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 12570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 12670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return 0; 12770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 12870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Rootout: 12970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root *dev = NULL; 13070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return rc; 13170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 13270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1330400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden// softkeymaster_logger appears not to be used in keystore, but it installs itself as the 1340400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden// logger used by SoftKeymasterDevice. 1350400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willdenstatic keymaster::SoftKeymasterLogger softkeymaster_logger; 1360400675b20e36b976ec13b63e290e6d5d19bf654Shawn Willden 13767d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubakerstatic int fallback_keymaster_device_initialize(keymaster1_device_t** dev) { 13867d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster::SoftKeymasterDevice* softkeymaster = 13967d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker new keymaster::SoftKeymasterDevice(); 1409fd05a9a6299e9688c8fcf755516ea254868d187Shawn Willden *dev = softkeymaster->keymaster_device(); 1419fd05a9a6299e9688c8fcf755516ea254868d187Shawn Willden // softkeymaster will be freed by *dev->close_device; don't delete here. 142fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return 0; 143fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker} 144fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 14580843db63ed6b61c953a1243801117a15c9e8c38Shawn Willdenstatic void keymaster_device_release(keymaster0_device_t* dev) { 14680843db63ed6b61c953a1243801117a15c9e8c38Shawn Willden keymaster0_close(dev); 14770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 14870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 14907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/*************** 15007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * PERMISSIONS * 15107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ***************/ 15207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 15307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/* Here are the permissions, actions, users, and the main function. */ 15407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Roottypedef enum { 1554e865753346fc6a075966972a7a98051818859dbRobin Lee P_TEST = 1 << 0, 1564e865753346fc6a075966972a7a98051818859dbRobin Lee P_GET = 1 << 1, 1574e865753346fc6a075966972a7a98051818859dbRobin Lee P_INSERT = 1 << 2, 1584e865753346fc6a075966972a7a98051818859dbRobin Lee P_DELETE = 1 << 3, 1594e865753346fc6a075966972a7a98051818859dbRobin Lee P_EXIST = 1 << 4, 1604e865753346fc6a075966972a7a98051818859dbRobin Lee P_SAW = 1 << 5, 1614e865753346fc6a075966972a7a98051818859dbRobin Lee P_RESET = 1 << 6, 1624e865753346fc6a075966972a7a98051818859dbRobin Lee P_PASSWORD = 1 << 7, 1634e865753346fc6a075966972a7a98051818859dbRobin Lee P_LOCK = 1 << 8, 1644e865753346fc6a075966972a7a98051818859dbRobin Lee P_UNLOCK = 1 << 9, 1654e865753346fc6a075966972a7a98051818859dbRobin Lee P_ZERO = 1 << 10, 1664e865753346fc6a075966972a7a98051818859dbRobin Lee P_SIGN = 1 << 11, 1674e865753346fc6a075966972a7a98051818859dbRobin Lee P_VERIFY = 1 << 12, 1684e865753346fc6a075966972a7a98051818859dbRobin Lee P_GRANT = 1 << 13, 1694e865753346fc6a075966972a7a98051818859dbRobin Lee P_DUPLICATE = 1 << 14, 1704e865753346fc6a075966972a7a98051818859dbRobin Lee P_CLEAR_UID = 1 << 15, 1714e865753346fc6a075966972a7a98051818859dbRobin Lee P_RESET_UID = 1 << 16, 1724e865753346fc6a075966972a7a98051818859dbRobin Lee P_SYNC_UID = 1 << 17, 1734e865753346fc6a075966972a7a98051818859dbRobin Lee P_PASSWORD_UID = 1 << 18, 174d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker P_ADD_AUTH = 1 << 19, 17507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} perm_t; 17607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 17707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic struct user_euid { 17807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t uid; 17907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t euid; 18007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} user_euids[] = { 18107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_VPN, AID_SYSTEM}, 18207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_WIFI, AID_SYSTEM}, 18307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_ROOT, AID_SYSTEM}, 18407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 18507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 186eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn/* perm_labels associcated with keystore_key SELinux class verbs. */ 187eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnconst char *perm_labels[] = { 188eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "test", 189eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "get", 190eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "insert", 191eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "delete", 192eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "exist", 193eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "saw", 194eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "reset", 195eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "password", 196eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "lock", 197eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "unlock", 198eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "zero", 199eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "sign", 200eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "verify", 201eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "grant", 202eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "duplicate", 2034e865753346fc6a075966972a7a98051818859dbRobin Lee "clear_uid", 2044e865753346fc6a075966972a7a98051818859dbRobin Lee "reset_uid", 2054e865753346fc6a075966972a7a98051818859dbRobin Lee "sync_uid", 2064e865753346fc6a075966972a7a98051818859dbRobin Lee "password_uid", 207d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker "add_auth", 208eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn}; 209eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 21007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic struct user_perm { 21107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t uid; 21207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root perm_t perms; 21307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} user_perms[] = { 21407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_SYSTEM, static_cast<perm_t>((uint32_t)(~0)) }, 21507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_VPN, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY) }, 21607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_WIFI, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY) }, 21707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_ROOT, static_cast<perm_t>(P_GET) }, 21807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 21907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 22007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic const perm_t DEFAULT_PERMS = static_cast<perm_t>(P_TEST | P_GET | P_INSERT | P_DELETE | P_EXIST | P_SAW | P_SIGN 22107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root | P_VERIFY); 22207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 223eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic char *tctx; 224eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic int ks_is_selinux_enabled; 225eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 226eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic const char *get_perm_label(perm_t perm) { 227eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn unsigned int index = ffs(perm); 228eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (index > 0 && index <= (sizeof(perm_labels) / sizeof(perm_labels[0]))) { 229eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return perm_labels[index - 1]; 230eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } else { 231eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("Keystore: Failed to retrieve permission label.\n"); 232eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn abort(); 233eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 234eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn} 235eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 236655b958eb2180c7c06889f83f606d23421bf038cKenny Root/** 237655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns the app ID (in the Android multi-user sense) for the current 238655b958eb2180c7c06889f83f606d23421bf038cKenny Root * UNIX UID. 239655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 240655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic uid_t get_app_id(uid_t uid) { 241655b958eb2180c7c06889f83f606d23421bf038cKenny Root return uid % AID_USER; 242655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 243655b958eb2180c7c06889f83f606d23421bf038cKenny Root 244655b958eb2180c7c06889f83f606d23421bf038cKenny Root/** 245655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns the user ID (in the Android multi-user sense) for the current 246655b958eb2180c7c06889f83f606d23421bf038cKenny Root * UNIX UID. 247655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 248655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic uid_t get_user_id(uid_t uid) { 249655b958eb2180c7c06889f83f606d23421bf038cKenny Root return uid / AID_USER; 250655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 251655b958eb2180c7c06889f83f606d23421bf038cKenny Root 25296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubakerstatic uid_t get_uid(uid_t userId, uid_t appId) { 25396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return userId * AID_USER + get_app_id(appId); 25496d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker} 25596d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker 256a25b2a397fff48dea7bce16af2065e6f5f043956Chih-Hung Hsiehstatic bool keystore_selinux_check_access(uid_t /*uid*/, perm_t perm, pid_t spid) { 257eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!ks_is_selinux_enabled) { 258eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return true; 259eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 260eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 261eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn char *sctx = NULL; 262eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn const char *selinux_class = "keystore_key"; 263eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn const char *str_perm = get_perm_label(perm); 264eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 265eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!str_perm) { 266eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return false; 267eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 268eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 269eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (getpidcon(spid, &sctx) != 0) { 270eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("SELinux: Failed to get source pid context.\n"); 271eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return false; 272eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 27366dbf67dd65b4808a15ef64f0ffde1275bdd58a9Nick Kralevich 274eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn bool allowed = selinux_check_access(sctx, tctx, selinux_class, str_perm, 275eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn NULL) == 0; 276eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn freecon(sctx); 277eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return allowed; 278eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn} 279eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 280eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic bool has_permission(uid_t uid, perm_t perm, pid_t spid) { 281655b958eb2180c7c06889f83f606d23421bf038cKenny Root // All system users are equivalent for multi-user support. 282655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (get_app_id(uid) == AID_SYSTEM) { 283655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid = AID_SYSTEM; 284655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 285655b958eb2180c7c06889f83f606d23421bf038cKenny Root 28607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (size_t i = 0; i < sizeof(user_perms)/sizeof(user_perms[0]); i++) { 28707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct user_perm user = user_perms[i]; 28807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (user.uid == uid) { 289eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return (user.perms & perm) && 290eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn keystore_selinux_check_access(uid, perm, spid); 29107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 29207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 29307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 294eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return (DEFAULT_PERMS & perm) && 295eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn keystore_selinux_check_access(uid, perm, spid); 29607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 29707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 298494689083467ec372a58f094f041c8f102f39393Kenny Root/** 299494689083467ec372a58f094f041c8f102f39393Kenny Root * Returns the UID that the callingUid should act as. This is here for 300494689083467ec372a58f094f041c8f102f39393Kenny Root * legacy support of the WiFi and VPN systems and should be removed 301494689083467ec372a58f094f041c8f102f39393Kenny Root * when WiFi can operate in its own namespace. 302494689083467ec372a58f094f041c8f102f39393Kenny Root */ 30307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic uid_t get_keystore_euid(uid_t uid) { 30407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (size_t i = 0; i < sizeof(user_euids)/sizeof(user_euids[0]); i++) { 30507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct user_euid user = user_euids[i]; 30607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (user.uid == uid) { 30707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return user.euid; 30807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 30907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 31007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 31107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return uid; 31207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 31307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 314494689083467ec372a58f094f041c8f102f39393Kenny Root/** 315494689083467ec372a58f094f041c8f102f39393Kenny Root * Returns true if the callingUid is allowed to interact in the targetUid's 316494689083467ec372a58f094f041c8f102f39393Kenny Root * namespace. 317494689083467ec372a58f094f041c8f102f39393Kenny Root */ 318494689083467ec372a58f094f041c8f102f39393Kenny Rootstatic bool is_granted_to(uid_t callingUid, uid_t targetUid) { 3199489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (callingUid == targetUid) { 3209489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return true; 3219489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 322494689083467ec372a58f094f041c8f102f39393Kenny Root for (size_t i = 0; i < sizeof(user_euids)/sizeof(user_euids[0]); i++) { 323494689083467ec372a58f094f041c8f102f39393Kenny Root struct user_euid user = user_euids[i]; 324494689083467ec372a58f094f041c8f102f39393Kenny Root if (user.euid == callingUid && user.uid == targetUid) { 325494689083467ec372a58f094f041c8f102f39393Kenny Root return true; 326494689083467ec372a58f094f041c8f102f39393Kenny Root } 327494689083467ec372a58f094f041c8f102f39393Kenny Root } 328494689083467ec372a58f094f041c8f102f39393Kenny Root 329494689083467ec372a58f094f041c8f102f39393Kenny Root return false; 330494689083467ec372a58f094f041c8f102f39393Kenny Root} 331494689083467ec372a58f094f041c8f102f39393Kenny Root 332a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* Here is the encoding of keys. This is necessary in order to allow arbitrary 333a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * characters in keys. Characters in [0-~] are not encoded. Others are encoded 334a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * into two bytes. The first byte is one of [+-.] which represents the first 335a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * two bits of the character. The second byte encodes the rest of the bits into 336a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * [0-o]. Therefore in the worst case the length of a key gets doubled. Note 337a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * that Base64 cannot be used here due to the need of prefix match on keys. */ 338a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 339655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic size_t encode_key_length(const android::String8& keyName) { 340655b958eb2180c7c06889f83f606d23421bf038cKenny Root const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string()); 341655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t length = keyName.length(); 342655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (int i = length; i > 0; --i, ++in) { 343655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (*in < '0' || *in > '~') { 344655b958eb2180c7c06889f83f606d23421bf038cKenny Root ++length; 345655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 346655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 347655b958eb2180c7c06889f83f606d23421bf038cKenny Root return length; 348655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 349655b958eb2180c7c06889f83f606d23421bf038cKenny Root 35007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic int encode_key(char* out, const android::String8& keyName) { 35107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string()); 35207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t length = keyName.length(); 353a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root for (int i = length; i > 0; --i, ++in, ++out) { 354655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (*in < '0' || *in > '~') { 355a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '+' + (*in >> 6); 356a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *++out = '0' + (*in & 0x3F); 357a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ++length; 358655b958eb2180c7c06889f83f606d23421bf038cKenny Root } else { 359655b958eb2180c7c06889f83f606d23421bf038cKenny Root *out = *in; 360a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 361a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 362a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '\0'; 36370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return length; 36470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 36570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 36607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/* 36707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Converts from the "escaped" format on disk to actual name. 36807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * This will be smaller than the input string. 36907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * 37007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Characters that should combine with the next at the end will be truncated. 37107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 37207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic size_t decode_key_length(const char* in, size_t length) { 37307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t outLength = 0; 37407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 37507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (const char* end = in + length; in < end; in++) { 37607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* This combines with the next character. */ 37707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (*in < '0' || *in > '~') { 37807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root continue; 37907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 38007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 38107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root outLength++; 38207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 38307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return outLength; 38407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 38507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 38607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic void decode_key(char* out, const char* in, size_t length) { 38707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (const char* end = in + length; in < end; in++) { 38807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (*in < '0' || *in > '~') { 38907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* Truncate combining characters at the end. */ 39007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (in + 1 >= end) { 39107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root break; 39207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 39307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 39407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out = (*in++ - '+') << 6; 39507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out++ |= (*in - '0') & 0x3F; 396a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 39707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out++ = *in; 398a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 399a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 400a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '\0'; 401a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 402a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 403a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstatic size_t readFully(int fd, uint8_t* data, size_t size) { 404a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t remaining = size; 405a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while (remaining > 0) { 406150ca934edb745de3666a6492b039900df228ff0Kenny Root ssize_t n = TEMP_FAILURE_RETRY(read(fd, data, remaining)); 4075281edbc9445065479e92a6c86da462f3943c2caKenny Root if (n <= 0) { 408150ca934edb745de3666a6492b039900df228ff0Kenny Root return size - remaining; 409a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 410a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root data += n; 411a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root remaining -= n; 412a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 413a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return size; 414a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 415a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 416a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstatic size_t writeFully(int fd, uint8_t* data, size_t size) { 417a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t remaining = size; 418a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while (remaining > 0) { 419150ca934edb745de3666a6492b039900df228ff0Kenny Root ssize_t n = TEMP_FAILURE_RETRY(write(fd, data, remaining)); 420150ca934edb745de3666a6492b039900df228ff0Kenny Root if (n < 0) { 421150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("write failed: %s", strerror(errno)); 422150ca934edb745de3666a6492b039900df228ff0Kenny Root return size - remaining; 423a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 424a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root data += n; 425a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root remaining -= n; 426a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 427a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return size; 428a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 429a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 430a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootclass Entropy { 431a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootpublic: 432a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Entropy() : mRandom(-1) {} 433a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ~Entropy() { 434150ca934edb745de3666a6492b039900df228ff0Kenny Root if (mRandom >= 0) { 435a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root close(mRandom); 436a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 437a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 438a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 439a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root bool open() { 440a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root const char* randomDevice = "/dev/urandom"; 441150ca934edb745de3666a6492b039900df228ff0Kenny Root mRandom = TEMP_FAILURE_RETRY(::open(randomDevice, O_RDONLY)); 442150ca934edb745de3666a6492b039900df228ff0Kenny Root if (mRandom < 0) { 443a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("open: %s: %s", randomDevice, strerror(errno)); 444a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return false; 445a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 446a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 447a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 448a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 4495187818895c4c5f650a611c40531b1dff7764c18Kenny Root bool generate_random_data(uint8_t* data, size_t size) const { 450a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return (readFully(mRandom, data, size) == size); 451a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 452a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 453a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootprivate: 454a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root int mRandom; 455a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 456a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 457a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* Here is the file format. There are two parts in blob.value, the secret and 458a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * the description. The secret is stored in ciphertext, and its original size 459a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * can be found in blob.length. The description is stored after the secret in 460a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * plaintext, and its size is specified in blob.info. The total size of the two 461822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * parts must be no more than VALUE_SIZE bytes. The first field is the version, 462f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root * the second is the blob's type, and the third byte is flags. Fields other 463a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * than blob.info, blob.length, and blob.value are modified by encryptBlob() 464a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * and decryptBlob(). Thus they should not be accessed from outside. */ 465a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 466822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root/* ** Note to future implementors of encryption: ** 467822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Currently this is the construction: 468822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * metadata || Enc(MD5(data) || data) 469822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 470822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * This should be the construction used for encrypting if re-implementing: 471822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 472822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Derive independent keys for encryption and MAC: 473822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Kenc = AES_encrypt(masterKey, "Encrypt") 474822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Kmac = AES_encrypt(masterKey, "MAC") 475822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 476822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Store this: 477822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * metadata || AES_CTR_encrypt(Kenc, rand_IV, data) || 478822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * HMAC(Kmac, metadata || Enc(data)) 479822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 480a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstruct __attribute__((packed)) blob { 481822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t version; 482822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t type; 483f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t flags; 484a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t info; 485a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t vector[AES_BLOCK_SIZE]; 486822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t encrypted[0]; // Marks offset to encrypted data. 487a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t digest[MD5_DIGEST_LENGTH]; 488822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t digested[0]; // Marks offset to digested data. 489a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root int32_t length; // in network byte order when encrypted 490a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t value[VALUE_SIZE + AES_BLOCK_SIZE]; 491a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 492a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 493822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef enum { 494d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root TYPE_ANY = 0, // meta type that matches anything 495822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_GENERIC = 1, 496822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_MASTER_KEY = 2, 497822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_KEY_PAIR = 3, 49817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker TYPE_KEYMASTER_10 = 4, 499822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root} BlobType; 500822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 501f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Rootstatic const uint8_t CURRENT_BLOB_VERSION = 2; 502822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 503a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootclass Blob { 504a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootpublic: 50507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob(const uint8_t* value, int32_t valueLength, const uint8_t* info, uint8_t infoLength, 50607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root BlobType type) { 5071773b442b16098c6d111d6371d4a986a0747992bAlex Klyubin memset(&mBlob, 0, sizeof(mBlob)); 508a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = valueLength; 509a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mBlob.value, value, valueLength); 510a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 511a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.info = infoLength; 512a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mBlob.value + valueLength, info, infoLength); 513822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 51407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root mBlob.version = CURRENT_BLOB_VERSION; 515822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.type = uint8_t(type); 516f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 517ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root if (type == TYPE_MASTER_KEY) { 518ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root mBlob.flags = KEYSTORE_FLAG_ENCRYPTED; 519ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root } else { 520ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root mBlob.flags = KEYSTORE_FLAG_NONE; 521ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root } 522a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 523a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 524a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob(blob b) { 525a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob = b; 526a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 527a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5281773b442b16098c6d111d6371d4a986a0747992bAlex Klyubin Blob() { 5291773b442b16098c6d111d6371d4a986a0747992bAlex Klyubin memset(&mBlob, 0, sizeof(mBlob)); 5301773b442b16098c6d111d6371d4a986a0747992bAlex Klyubin } 531a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5325187818895c4c5f650a611c40531b1dff7764c18Kenny Root const uint8_t* getValue() const { 533a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.value; 534a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 535a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5365187818895c4c5f650a611c40531b1dff7764c18Kenny Root int32_t getLength() const { 537a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.length; 538a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 539a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5405187818895c4c5f650a611c40531b1dff7764c18Kenny Root const uint8_t* getInfo() const { 5415187818895c4c5f650a611c40531b1dff7764c18Kenny Root return mBlob.value + mBlob.length; 5425187818895c4c5f650a611c40531b1dff7764c18Kenny Root } 5435187818895c4c5f650a611c40531b1dff7764c18Kenny Root 5445187818895c4c5f650a611c40531b1dff7764c18Kenny Root uint8_t getInfoLength() const { 545a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.info; 546a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 547a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 548822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t getVersion() const { 549822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return mBlob.version; 550822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 551822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 552f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root bool isEncrypted() const { 553f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (mBlob.version < 2) { 554f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return true; 555f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 556f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 557f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return mBlob.flags & KEYSTORE_FLAG_ENCRYPTED; 558f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 559f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 560f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root void setEncrypted(bool encrypted) { 561f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encrypted) { 562f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.flags |= KEYSTORE_FLAG_ENCRYPTED; 563f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } else { 564f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.flags &= ~KEYSTORE_FLAG_ENCRYPTED; 565f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 566f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 567f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 56817208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback() const { 56917208e0de5a42722901d803118745cca25fd10c1Kenny Root return mBlob.flags & KEYSTORE_FLAG_FALLBACK; 57017208e0de5a42722901d803118745cca25fd10c1Kenny Root } 57117208e0de5a42722901d803118745cca25fd10c1Kenny Root 57217208e0de5a42722901d803118745cca25fd10c1Kenny Root void setFallback(bool fallback) { 57317208e0de5a42722901d803118745cca25fd10c1Kenny Root if (fallback) { 57417208e0de5a42722901d803118745cca25fd10c1Kenny Root mBlob.flags |= KEYSTORE_FLAG_FALLBACK; 57517208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 57617208e0de5a42722901d803118745cca25fd10c1Kenny Root mBlob.flags &= ~KEYSTORE_FLAG_FALLBACK; 57717208e0de5a42722901d803118745cca25fd10c1Kenny Root } 57817208e0de5a42722901d803118745cca25fd10c1Kenny Root } 57917208e0de5a42722901d803118745cca25fd10c1Kenny Root 580822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void setVersion(uint8_t version) { 581822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.version = version; 582822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 583822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 584822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root BlobType getType() const { 585822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return BlobType(mBlob.type); 586822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 587822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 588822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void setType(BlobType type) { 589822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.type = uint8_t(type); 590822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 591822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 592f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode writeBlob(const char* filename, AES_KEY *aes_key, State state, Entropy* entropy) { 593f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("writing blob %s", filename); 594f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 595f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (state != STATE_NO_ERROR) { 596f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGD("couldn't insert encrypted blob while not unlocked"); 597f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return LOCKED; 598f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 599f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 600f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (!entropy->generate_random_data(mBlob.vector, AES_BLOCK_SIZE)) { 601f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGW("Could not read random data for: %s", filename); 602f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return SYSTEM_ERROR; 603f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 604a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 605a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 606a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // data includes the value and the value's length 607a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t dataLength = mBlob.length + sizeof(mBlob.length); 608a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // pad data to the AES_BLOCK_SIZE 609a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t digestedLength = ((dataLength + AES_BLOCK_SIZE - 1) 610a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root / AES_BLOCK_SIZE * AES_BLOCK_SIZE); 611a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // encrypted data includes the digest value 612a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t encryptedLength = digestedLength + MD5_DIGEST_LENGTH; 613a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // move info after space for padding 614a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memmove(&mBlob.encrypted[encryptedLength], &mBlob.value[mBlob.length], mBlob.info); 615a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // zero padding area 616a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memset(mBlob.value + mBlob.length, 0, digestedLength - dataLength); 617a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 618a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = htonl(mBlob.length); 619a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 620f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 621f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root MD5(mBlob.digested, digestedLength, mBlob.digest); 622f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 623f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t vector[AES_BLOCK_SIZE]; 624f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root memcpy(vector, mBlob.vector, AES_BLOCK_SIZE); 625f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, 626f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root aes_key, vector, AES_ENCRYPT); 627f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 628a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 629a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob); 630a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t fileLength = encryptedLength + headerLength + mBlob.info; 631a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 632a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root const char* tmpFileName = ".tmp"; 633150ca934edb745de3666a6492b039900df228ff0Kenny Root int out = TEMP_FAILURE_RETRY(open(tmpFileName, 634150ca934edb745de3666a6492b039900df228ff0Kenny Root O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); 635150ca934edb745de3666a6492b039900df228ff0Kenny Root if (out < 0) { 636150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("could not open file: %s: %s", tmpFileName, strerror(errno)); 637a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 638a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 639a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t writtenBytes = writeFully(out, (uint8_t*) &mBlob, fileLength); 640a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(out) != 0) { 641a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 642a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 643a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (writtenBytes != fileLength) { 644150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("blob not fully written %zu != %zu", writtenBytes, fileLength); 645a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root unlink(tmpFileName); 646a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 647a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 648150ca934edb745de3666a6492b039900df228ff0Kenny Root if (rename(tmpFileName, filename) == -1) { 649150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("could not rename blob to %s: %s", filename, strerror(errno)); 650150ca934edb745de3666a6492b039900df228ff0Kenny Root return SYSTEM_ERROR; 651150ca934edb745de3666a6492b039900df228ff0Kenny Root } 652150ca934edb745de3666a6492b039900df228ff0Kenny Root return NO_ERROR; 653a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 654a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 655f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode readBlob(const char* filename, AES_KEY *aes_key, State state) { 656f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("reading blob %s", filename); 657150ca934edb745de3666a6492b039900df228ff0Kenny Root int in = TEMP_FAILURE_RETRY(open(filename, O_RDONLY)); 658150ca934edb745de3666a6492b039900df228ff0Kenny Root if (in < 0) { 659a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return (errno == ENOENT) ? KEY_NOT_FOUND : SYSTEM_ERROR; 660a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 661a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // fileLength may be less than sizeof(mBlob) since the in 662a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // memory version has extra padding to tolerate rounding up to 663a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // the AES_BLOCK_SIZE 664a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t fileLength = readFully(in, (uint8_t*) &mBlob, sizeof(mBlob)); 665a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(in) != 0) { 666a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 667a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 668f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 669f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted() && (state != STATE_NO_ERROR)) { 670f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return LOCKED; 671f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 672f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 673a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob); 674a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (fileLength < headerLength) { 675a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 676a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 677a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 678a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ssize_t encryptedLength = fileLength - (headerLength + mBlob.info); 679f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encryptedLength < 0) { 680a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 681a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 682f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 683f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ssize_t digestedLength; 684f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 685f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encryptedLength % AES_BLOCK_SIZE != 0) { 686f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return VALUE_CORRUPTED; 687f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 688f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 689f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, aes_key, 690f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.vector, AES_DECRYPT); 691f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root digestedLength = encryptedLength - MD5_DIGEST_LENGTH; 692f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t computedDigest[MD5_DIGEST_LENGTH]; 693f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root MD5(mBlob.digested, digestedLength, computedDigest); 694f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (memcmp(mBlob.digest, computedDigest, MD5_DIGEST_LENGTH) != 0) { 695f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return VALUE_CORRUPTED; 696f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 697f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } else { 698f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root digestedLength = encryptedLength; 699a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 700a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 701a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ssize_t maxValueLength = digestedLength - sizeof(mBlob.length); 702a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = ntohl(mBlob.length); 703a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mBlob.length < 0 || mBlob.length > maxValueLength) { 704a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 705a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 706a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mBlob.info != 0) { 707a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // move info from after padding to after data 708a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memmove(&mBlob.value[mBlob.length], &mBlob.value[maxValueLength], mBlob.info); 709a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 71007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 711a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 712a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 713a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootprivate: 714a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root struct blob mBlob; 715a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 716a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 717655b958eb2180c7c06889f83f606d23421bf038cKenny Rootclass UserState { 718655b958eb2180c7c06889f83f606d23421bf038cKenny Rootpublic: 719655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState(uid_t userId) : mUserId(userId), mRetry(MAX_RETRY) { 720655b958eb2180c7c06889f83f606d23421bf038cKenny Root asprintf(&mUserDir, "user_%u", mUserId); 721655b958eb2180c7c06889f83f606d23421bf038cKenny Root asprintf(&mMasterKeyFile, "%s/.masterkey", mUserDir); 722655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 72370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 724655b958eb2180c7c06889f83f606d23421bf038cKenny Root ~UserState() { 725655b958eb2180c7c06889f83f606d23421bf038cKenny Root free(mUserDir); 726655b958eb2180c7c06889f83f606d23421bf038cKenny Root free(mMasterKeyFile); 727655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 72870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 729655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool initialize() { 730655b958eb2180c7c06889f83f606d23421bf038cKenny Root if ((mkdir(mUserDir, S_IRUSR | S_IWUSR | S_IXUSR) < 0) && (errno != EEXIST)) { 731655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("Could not create directory '%s'", mUserDir); 732655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 733655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 734655b958eb2180c7c06889f83f606d23421bf038cKenny Root 735655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(mMasterKeyFile, R_OK) == 0) { 736a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setState(STATE_LOCKED); 737a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 738a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setState(STATE_UNINITIALIZED); 739a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 74070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 741655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 742655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 743655b958eb2180c7c06889f83f606d23421bf038cKenny Root 744655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t getUserId() const { 745655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mUserId; 746655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 747655b958eb2180c7c06889f83f606d23421bf038cKenny Root 748655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* getUserDirName() const { 749655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mUserDir; 750655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 751655b958eb2180c7c06889f83f606d23421bf038cKenny Root 752655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* getMasterKeyFileName() const { 753655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mMasterKeyFile; 754655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 755655b958eb2180c7c06889f83f606d23421bf038cKenny Root 756655b958eb2180c7c06889f83f606d23421bf038cKenny Root void setState(State state) { 757655b958eb2180c7c06889f83f606d23421bf038cKenny Root mState = state; 758655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (mState == STATE_NO_ERROR || mState == STATE_UNINITIALIZED) { 759655b958eb2180c7c06889f83f606d23421bf038cKenny Root mRetry = MAX_RETRY; 760655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 761a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 762a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7635187818895c4c5f650a611c40531b1dff7764c18Kenny Root State getState() const { 764a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mState; 765a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 766a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7675187818895c4c5f650a611c40531b1dff7764c18Kenny Root int8_t getRetry() const { 768a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mRetry; 769a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 770a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 771655b958eb2180c7c06889f83f606d23421bf038cKenny Root void zeroizeMasterKeysInMemory() { 772655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(mMasterKey, 0, sizeof(mMasterKey)); 773655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(mSalt, 0, sizeof(mSalt)); 774655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMasterKeyEncryption, 0, sizeof(mMasterKeyEncryption)); 775655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMasterKeyDecryption, 0, sizeof(mMasterKeyDecryption)); 77670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 77770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 77896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker bool deleteMasterKey() { 77996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker setState(STATE_UNINITIALIZED); 78096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker zeroizeMasterKeysInMemory(); 78196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return unlink(mMasterKeyFile) == 0 || errno == ENOENT; 78296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 78396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker 784655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initialize(const android::String8& pw, Entropy* entropy) { 785655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateMasterKey(entropy)) { 786a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 787a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 788655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode response = writeMasterKey(pw, entropy); 789a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response != NO_ERROR) { 790a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return response; 791a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 792a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setupMasterKeys(); 79307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 794a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 795a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7964e865753346fc6a075966972a7a98051818859dbRobin Lee ResponseCode copyMasterKey(UserState* src) { 7974e865753346fc6a075966972a7a98051818859dbRobin Lee if (mState != STATE_UNINITIALIZED) { 7984e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 7994e865753346fc6a075966972a7a98051818859dbRobin Lee } 8004e865753346fc6a075966972a7a98051818859dbRobin Lee if (src->getState() != STATE_NO_ERROR) { 8014e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 8024e865753346fc6a075966972a7a98051818859dbRobin Lee } 8034e865753346fc6a075966972a7a98051818859dbRobin Lee memcpy(mMasterKey, src->mMasterKey, MASTER_KEY_SIZE_BYTES); 8044e865753346fc6a075966972a7a98051818859dbRobin Lee setupMasterKeys(); 8054e865753346fc6a075966972a7a98051818859dbRobin Lee return ::NO_ERROR; 8064e865753346fc6a075966972a7a98051818859dbRobin Lee } 8074e865753346fc6a075966972a7a98051818859dbRobin Lee 808655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode writeMasterKey(const android::String8& pw, Entropy* entropy) { 809a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t passwordKey[MASTER_KEY_SIZE_BYTES]; 810a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, mSalt); 811a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_KEY passwordAesKey; 812a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_set_encrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey); 813822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Blob masterKeyBlob(mMasterKey, sizeof(mMasterKey), mSalt, sizeof(mSalt), TYPE_MASTER_KEY); 814f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return masterKeyBlob.writeBlob(mMasterKeyFile, &passwordAesKey, STATE_NO_ERROR, entropy); 815a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 816a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 817655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode readMasterKey(const android::String8& pw, Entropy* entropy) { 818655b958eb2180c7c06889f83f606d23421bf038cKenny Root int in = TEMP_FAILURE_RETRY(open(mMasterKeyFile, O_RDONLY)); 819150ca934edb745de3666a6492b039900df228ff0Kenny Root if (in < 0) { 820a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 821a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 822a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 823a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // we read the raw blob to just to get the salt to generate 824a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // the AES key, then we create the Blob to use with decryptBlob 825a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root blob rawBlob; 826a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t length = readFully(in, (uint8_t*) &rawBlob, sizeof(rawBlob)); 827a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(in) != 0) { 828a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 829a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 830a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // find salt at EOF if present, otherwise we have an old file 831a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t* salt; 832a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (length > SALT_SIZE && rawBlob.info == SALT_SIZE) { 833a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root salt = (uint8_t*) &rawBlob + length - SALT_SIZE; 834a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 835a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root salt = NULL; 836a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 837a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t passwordKey[MASTER_KEY_SIZE_BYTES]; 838a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, salt); 839a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_KEY passwordAesKey; 840a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_set_decrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey); 841a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob masterKeyBlob(rawBlob); 842f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode response = masterKeyBlob.readBlob(mMasterKeyFile, &passwordAesKey, 843f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root STATE_NO_ERROR); 844a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == SYSTEM_ERROR) { 845f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return response; 846a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 847a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == NO_ERROR && masterKeyBlob.getLength() == MASTER_KEY_SIZE_BYTES) { 848a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // if salt was missing, generate one and write a new master key file with the salt. 849a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (salt == NULL) { 850655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateSalt(entropy)) { 851a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 852a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 853655b958eb2180c7c06889f83f606d23421bf038cKenny Root response = writeMasterKey(pw, entropy); 854a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 855a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == NO_ERROR) { 856a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mMasterKey, masterKeyBlob.getValue(), MASTER_KEY_SIZE_BYTES); 857a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setupMasterKeys(); 858a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 859a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return response; 860a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 861a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mRetry <= 0) { 862a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root reset(); 863a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return UNINITIALIZED; 864a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 865a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root --mRetry; 866a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root switch (mRetry) { 867a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 0: return WRONG_PASSWORD_0; 868a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 1: return WRONG_PASSWORD_1; 869a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 2: return WRONG_PASSWORD_2; 870a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 3: return WRONG_PASSWORD_3; 871a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root default: return WRONG_PASSWORD_3; 872a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 873a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 874a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 875655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY* getEncryptionKey() { 876655b958eb2180c7c06889f83f606d23421bf038cKenny Root return &mMasterKeyEncryption; 877655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 878a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 879655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY* getDecryptionKey() { 880655b958eb2180c7c06889f83f606d23421bf038cKenny Root return &mMasterKeyDecryption; 881655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 882a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 883655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool reset() { 884655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir(getUserDirName()); 885a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!dir) { 88696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // If the directory doesn't exist then nothing to do. 88796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (errno == ENOENT) { 88896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return true; 88996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 890655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't open user directory: %s", strerror(errno)); 891a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return false; 892a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 893655b958eb2180c7c06889f83f606d23421bf038cKenny Root 894655b958eb2180c7c06889f83f606d23421bf038cKenny Root struct dirent* file; 895a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while ((file = readdir(dir)) != NULL) { 89696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // skip . and .. 89796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (!strcmp(".", file->d_name) || !strcmp("..", file->d_name)) { 898655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 899655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 900655b958eb2180c7c06889f83f606d23421bf038cKenny Root 901655b958eb2180c7c06889f83f606d23421bf038cKenny Root unlinkat(dirfd(dir), file->d_name, 0); 902a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 903a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root closedir(dir); 904a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 905a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 906a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 907655b958eb2180c7c06889f83f606d23421bf038cKenny Rootprivate: 908655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MASTER_KEY_SIZE_BYTES = 16; 909655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8; 910655b958eb2180c7c06889f83f606d23421bf038cKenny Root 911655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MAX_RETRY = 4; 912655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const size_t SALT_SIZE = 16; 913655b958eb2180c7c06889f83f606d23421bf038cKenny Root 914655b958eb2180c7c06889f83f606d23421bf038cKenny Root void generateKeyFromPassword(uint8_t* key, ssize_t keySize, const android::String8& pw, 915655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t* salt) { 916655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t saltSize; 917655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (salt != NULL) { 918655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize = SALT_SIZE; 919655b958eb2180c7c06889f83f606d23421bf038cKenny Root } else { 920655b958eb2180c7c06889f83f606d23421bf038cKenny Root // pre-gingerbread used this hardwired salt, readMasterKey will rewrite these when found 921655b958eb2180c7c06889f83f606d23421bf038cKenny Root salt = (uint8_t*) "keystore"; 922655b958eb2180c7c06889f83f606d23421bf038cKenny Root // sizeof = 9, not strlen = 8 923655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize = sizeof("keystore"); 924655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 925655b958eb2180c7c06889f83f606d23421bf038cKenny Root 926655b958eb2180c7c06889f83f606d23421bf038cKenny Root PKCS5_PBKDF2_HMAC_SHA1(reinterpret_cast<const char*>(pw.string()), pw.length(), salt, 927655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize, 8192, keySize, key); 928655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 929655b958eb2180c7c06889f83f606d23421bf038cKenny Root 930655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool generateSalt(Entropy* entropy) { 931655b958eb2180c7c06889f83f606d23421bf038cKenny Root return entropy->generate_random_data(mSalt, sizeof(mSalt)); 932655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 933655b958eb2180c7c06889f83f606d23421bf038cKenny Root 934655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool generateMasterKey(Entropy* entropy) { 935655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!entropy->generate_random_data(mMasterKey, sizeof(mMasterKey))) { 936655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 937655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 938655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateSalt(entropy)) { 939655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 940655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 941655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 942655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 943655b958eb2180c7c06889f83f606d23421bf038cKenny Root 944655b958eb2180c7c06889f83f606d23421bf038cKenny Root void setupMasterKeys() { 945655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_set_encrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyEncryption); 946655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_set_decrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyDecryption); 947655b958eb2180c7c06889f83f606d23421bf038cKenny Root setState(STATE_NO_ERROR); 948655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 949655b958eb2180c7c06889f83f606d23421bf038cKenny Root 950655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t mUserId; 951655b958eb2180c7c06889f83f606d23421bf038cKenny Root 952655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* mUserDir; 953655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* mMasterKeyFile; 954655b958eb2180c7c06889f83f606d23421bf038cKenny Root 955655b958eb2180c7c06889f83f606d23421bf038cKenny Root State mState; 956655b958eb2180c7c06889f83f606d23421bf038cKenny Root int8_t mRetry; 957655b958eb2180c7c06889f83f606d23421bf038cKenny Root 958655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t mMasterKey[MASTER_KEY_SIZE_BYTES]; 959655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t mSalt[SALT_SIZE]; 960655b958eb2180c7c06889f83f606d23421bf038cKenny Root 961655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY mMasterKeyEncryption; 962655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY mMasterKeyDecryption; 963655b958eb2180c7c06889f83f606d23421bf038cKenny Root}; 964655b958eb2180c7c06889f83f606d23421bf038cKenny Root 965655b958eb2180c7c06889f83f606d23421bf038cKenny Roottypedef struct { 966655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint32_t uid; 967655b958eb2180c7c06889f83f606d23421bf038cKenny Root const uint8_t* filename; 968655b958eb2180c7c06889f83f606d23421bf038cKenny Root} grant_t; 969655b958eb2180c7c06889f83f606d23421bf038cKenny Root 970655b958eb2180c7c06889f83f606d23421bf038cKenny Rootclass KeyStore { 971655b958eb2180c7c06889f83f606d23421bf038cKenny Rootpublic: 97267d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker KeyStore(Entropy* entropy, keymaster1_device_t* device, keymaster1_device_t* fallback) 973655b958eb2180c7c06889f83f606d23421bf038cKenny Root : mEntropy(entropy) 974655b958eb2180c7c06889f83f606d23421bf038cKenny Root , mDevice(device) 975fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker , mFallbackDevice(fallback) 976655b958eb2180c7c06889f83f606d23421bf038cKenny Root { 977655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMetaData, '\0', sizeof(mMetaData)); 978655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 979655b958eb2180c7c06889f83f606d23421bf038cKenny Root 980655b958eb2180c7c06889f83f606d23421bf038cKenny Root ~KeyStore() { 981655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::iterator it(mGrants.begin()); 982655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 983655b958eb2180c7c06889f83f606d23421bf038cKenny Root delete *it; 984655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 985c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5haitao fang mGrants.clear(); 986655b958eb2180c7c06889f83f606d23421bf038cKenny Root 987655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::iterator it(mMasterKeys.begin()); 988655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 989655b958eb2180c7c06889f83f606d23421bf038cKenny Root delete *it; 990655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 991c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5haitao fang mMasterKeys.clear(); 992655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 993655b958eb2180c7c06889f83f606d23421bf038cKenny Root 99467d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker /** 99567d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker * Depending on the hardware keymaster version is this may return a 99667d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker * keymaster0_device_t* cast to a keymaster1_device_t*. All methods from 99767d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker * keymaster0 are safe to call, calls to keymaster1_device_t methods should 99867d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker * be guarded by a check on the device's version. 99967d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker */ 100067d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t *getDevice() const { 1001655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mDevice; 1002655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1003655b958eb2180c7c06889f83f606d23421bf038cKenny Root 100467d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t *getFallbackDevice() const { 1005fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return mFallbackDevice; 1006fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 1007fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 100867d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t *getDeviceForBlob(const Blob& blob) const { 1009fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return blob.isFallback() ? mFallbackDevice: mDevice; 1010fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 1011fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 1012655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initialize() { 1013655b958eb2180c7c06889f83f606d23421bf038cKenny Root readMetaData(); 1014655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (upgradeKeystore()) { 1015655b958eb2180c7c06889f83f606d23421bf038cKenny Root writeMetaData(); 1016655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1017655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1018655b958eb2180c7c06889f83f606d23421bf038cKenny Root return ::NO_ERROR; 1019655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1020655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1021655b958eb2180c7c06889f83f606d23421bf038cKenny Root State getState(uid_t uid) { 1022655b958eb2180c7c06889f83f606d23421bf038cKenny Root return getUserState(uid)->getState(); 1023655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1024655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1025655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initializeUser(const android::String8& pw, uid_t uid) { 1026655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1027655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->initialize(pw, mEntropy); 1028655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1029655b958eb2180c7c06889f83f606d23421bf038cKenny Root 10304e865753346fc6a075966972a7a98051818859dbRobin Lee ResponseCode copyMasterKey(uid_t src, uid_t uid) { 10314e865753346fc6a075966972a7a98051818859dbRobin Lee UserState *userState = getUserState(uid); 10324e865753346fc6a075966972a7a98051818859dbRobin Lee UserState *initState = getUserState(src); 10334e865753346fc6a075966972a7a98051818859dbRobin Lee return userState->copyMasterKey(initState); 10344e865753346fc6a075966972a7a98051818859dbRobin Lee } 10354e865753346fc6a075966972a7a98051818859dbRobin Lee 1036655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode writeMasterKey(const android::String8& pw, uid_t uid) { 103750122db50bcb6c1aab50ef235c8f9d264b50e97aRobin Lee UserState* userState = getUserState(uid); 1038655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->writeMasterKey(pw, mEntropy); 1039655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1040655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1041655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode readMasterKey(const android::String8& pw, uid_t uid) { 104250122db50bcb6c1aab50ef235c8f9d264b50e97aRobin Lee UserState* userState = getUserState(uid); 1043655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->readMasterKey(pw, mEntropy); 1044655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1045655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1046655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyName(const android::String8& keyName) { 1047a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1048655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1049655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8(encoded); 1050655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1051655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1052655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyNameForUid(const android::String8& keyName, uid_t uid) { 1053a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1054655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1055655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8::format("%u_%s", uid, encoded); 1056655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1057655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1058655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyNameForUidWithDir(const android::String8& keyName, uid_t uid) { 1059a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1060655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1061655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8::format("%s/%u_%s", getUserState(uid)->getUserDirName(), uid, 1062655b958eb2180c7c06889f83f606d23421bf038cKenny Root encoded); 1063655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1064655b958eb2180c7c06889f83f606d23421bf038cKenny Root 106596d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker /* 106696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker * Delete entries owned by userId. If keepUnencryptedEntries is true 106796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker * then only encrypted entries will be removed, otherwise all entries will 106896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker * be removed. 106996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker */ 107096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker void resetUser(uid_t userId, bool keepUnenryptedEntries) { 10714b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::String8 prefix(""); 10724b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::Vector<android::String16> aliases; 107396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker uid_t uid = get_uid(userId, AID_SYSTEM); 107496d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker UserState* userState = getUserState(uid); 10754b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (saw(prefix, &aliases, uid) != ::NO_ERROR) { 107696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return; 10774b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 10784b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee for (uint32_t i = 0; i < aliases.size(); i++) { 10794b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::String8 filename(aliases[i]); 10804b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee filename = android::String8::format("%s/%s", userState->getUserDirName(), 108196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker getKeyName(filename).string()); 108296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker bool shouldDelete = true; 108396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (keepUnenryptedEntries) { 108496d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker Blob blob; 108596d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker ResponseCode rc = get(filename, &blob, ::TYPE_ANY, uid); 108696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker 108796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker /* get can fail if the blob is encrypted and the state is 108896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker * not unlocked, only skip deleting blobs that were loaded and 108996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker * who are not encrypted. If there are blobs we fail to read for 109096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker * other reasons err on the safe side and delete them since we 109196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker * can't tell if they're encrypted. 109296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker */ 109396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker shouldDelete = !(rc == ::NO_ERROR && !blob.isEncrypted()); 109496d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 109596d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (shouldDelete) { 109696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker del(filename, ::TYPE_ANY, uid); 109796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 109896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 109996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (!userState->deleteMasterKey()) { 110096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker ALOGE("Failed to delete user %d's master key", userId); 110196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 110296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (!keepUnenryptedEntries) { 110396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if(!userState->reset()) { 110496d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker ALOGE("Failed to remove user %d's directory", userId); 110596d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 11064b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 1107655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1108655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1109655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool isEmpty(uid_t uid) const { 1110655b958eb2180c7c06889f83f606d23421bf038cKenny Root const UserState* userState = getUserState(uid); 111196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (userState == NULL) { 1112655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 1113655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1114655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1115655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir(userState->getUserDirName()); 1116a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!dir) { 1117a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 1118a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1119655b958eb2180c7c06889f83f606d23421bf038cKenny Root 112031e27468b6d822adbd2aec9219a68c206aa6957cKenny Root bool result = true; 112131e27468b6d822adbd2aec9219a68c206aa6957cKenny Root struct dirent* file; 1122a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while ((file = readdir(dir)) != NULL) { 1123655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 1124655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 1125655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1126655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1127655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1128655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 1129655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_name[0] == '.') { 1130655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1131655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1132655b958eb2180c7c06889f83f606d23421bf038cKenny Root 113331e27468b6d822adbd2aec9219a68c206aa6957cKenny Root result = false; 113431e27468b6d822adbd2aec9219a68c206aa6957cKenny Root break; 1135a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1136a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root closedir(dir); 1137a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return result; 1138a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1139a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1140655b958eb2180c7c06889f83f606d23421bf038cKenny Root void lock(uid_t uid) { 1141655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1142655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->zeroizeMasterKeysInMemory(); 1143655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->setState(STATE_LOCKED); 1144a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1145a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1146655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode get(const char* filename, Blob* keyBlob, const BlobType type, uid_t uid) { 1147655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1148f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode rc = keyBlob->readBlob(filename, userState->getDecryptionKey(), 1149f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root userState->getState()); 1150822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc != NO_ERROR) { 1151822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1152822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1153822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1154822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root const uint8_t version = keyBlob->getVersion(); 115507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (version < CURRENT_BLOB_VERSION) { 1156cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root /* If we upgrade the key, we need to write it to disk again. Then 1157cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root * it must be read it again since the blob is encrypted each time 1158cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root * it's written. 1159cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root */ 1160655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (upgradeBlob(filename, keyBlob, version, type, uid)) { 1161655b958eb2180c7c06889f83f606d23421bf038cKenny Root if ((rc = this->put(filename, keyBlob, uid)) != NO_ERROR 1162f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root || (rc = keyBlob->readBlob(filename, userState->getDecryptionKey(), 1163f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root userState->getState())) != NO_ERROR) { 1164cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root return rc; 1165cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root } 1166cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root } 1167822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1168822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 116917208e0de5a42722901d803118745cca25fd10c1Kenny Root /* 117017208e0de5a42722901d803118745cca25fd10c1Kenny Root * This will upgrade software-backed keys to hardware-backed keys when 117117208e0de5a42722901d803118745cca25fd10c1Kenny Root * the HAL for the device supports the newer key types. 117217208e0de5a42722901d803118745cca25fd10c1Kenny Root */ 117317208e0de5a42722901d803118745cca25fd10c1Kenny Root if (rc == NO_ERROR && type == TYPE_KEY_PAIR 117417208e0de5a42722901d803118745cca25fd10c1Kenny Root && mDevice->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_0_2 117517208e0de5a42722901d803118745cca25fd10c1Kenny Root && keyBlob->isFallback()) { 117617208e0de5a42722901d803118745cca25fd10c1Kenny Root ResponseCode imported = importKey(keyBlob->getValue(), keyBlob->getLength(), filename, 117717208e0de5a42722901d803118745cca25fd10c1Kenny Root uid, keyBlob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); 117817208e0de5a42722901d803118745cca25fd10c1Kenny Root 117917208e0de5a42722901d803118745cca25fd10c1Kenny Root // The HAL allowed the import, reget the key to have the "fresh" 118017208e0de5a42722901d803118745cca25fd10c1Kenny Root // version. 118117208e0de5a42722901d803118745cca25fd10c1Kenny Root if (imported == NO_ERROR) { 118217208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = get(filename, keyBlob, TYPE_KEY_PAIR, uid); 118317208e0de5a42722901d803118745cca25fd10c1Kenny Root } 118417208e0de5a42722901d803118745cca25fd10c1Kenny Root } 118517208e0de5a42722901d803118745cca25fd10c1Kenny Root 1186d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (type != TYPE_ANY && keyBlob->getType() != type) { 1187822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGW("key found but type doesn't match: %d vs %d", keyBlob->getType(), type); 1188822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return KEY_NOT_FOUND; 1189822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1190822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1191822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1192a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1193a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1194655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode put(const char* filename, Blob* keyBlob, uid_t uid) { 1195655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1196f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return keyBlob->writeBlob(filename, userState->getEncryptionKey(), userState->getState(), 1197f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mEntropy); 1198a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1199a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 12004b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode del(const char *filename, const BlobType type, uid_t uid) { 12014b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee Blob keyBlob; 12024b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode rc = get(filename, &keyBlob, type, uid); 12034b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (rc != ::NO_ERROR) { 12044b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return rc; 12054b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12064b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12074b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (keyBlob.getType() == ::TYPE_KEY_PAIR) { 12084b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // A device doesn't have to implement delete_keypair. 12094b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mDevice->delete_keypair != NULL && !keyBlob.isFallback()) { 12104b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mDevice->delete_keypair(mDevice, keyBlob.getValue(), keyBlob.getLength())) { 12114b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee rc = ::SYSTEM_ERROR; 12124b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12134b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12144b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 121517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (keyBlob.getType() == ::TYPE_KEYMASTER_10) { 121617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster1_device_t* dev = getDeviceForBlob(keyBlob); 121717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (dev->delete_key) { 121817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_blob_t blob; 121917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker blob.key_material = keyBlob.getValue(); 122017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker blob.key_material_size = keyBlob.getLength(); 122117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker dev->delete_key(dev, &blob); 122217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 122317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 12244b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (rc != ::NO_ERROR) { 12254b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return rc; 12264b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12274b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12284b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return (unlink(filename) && errno != ENOENT) ? ::SYSTEM_ERROR : ::NO_ERROR; 12294b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12304b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12314b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode saw(const android::String8& prefix, android::Vector<android::String16> *matches, 12324b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee uid_t uid) { 12334b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12344b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee UserState* userState = getUserState(uid); 12354b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t n = prefix.length(); 12364b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12374b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee DIR* dir = opendir(userState->getUserDirName()); 12384b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (!dir) { 12394b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("can't open directory for user: %s", strerror(errno)); 12404b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 12414b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12424b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12434b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee struct dirent* file; 12444b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee while ((file = readdir(dir)) != NULL) { 12454b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // We only care about files. 12464b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (file->d_type != DT_REG) { 12474b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee continue; 12484b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12494b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12504b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // Skip anything that starts with a "." 12514b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (file->d_name[0] == '.') { 12524b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee continue; 12534b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12544b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12554b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (!strncmp(prefix.string(), file->d_name, n)) { 12564b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee const char* p = &file->d_name[n]; 12574b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t plen = strlen(p); 12584b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12594b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t extra = decode_key_length(p, plen); 12604b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee char *match = (char*) malloc(extra + 1); 12614b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (match != NULL) { 12624b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee decode_key(match, p, plen); 12634b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee matches->push(android::String16(match, extra)); 12644b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee free(match); 12654b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } else { 12664b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("could not allocate match of size %zd", extra); 12674b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12684b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12694b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12704b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee closedir(dir); 12714b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::NO_ERROR; 12724b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12734b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 127407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root void addGrant(const char* filename, uid_t granteeUid) { 1275655b958eb2180c7c06889f83f606d23421bf038cKenny Root const grant_t* existing = getGrant(filename, granteeUid); 1276655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (existing == NULL) { 1277655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = new grant_t; 127807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root grant->uid = granteeUid; 1279a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom grant->filename = reinterpret_cast<const uint8_t*>(strdup(filename)); 1280655b958eb2180c7c06889f83f606d23421bf038cKenny Root mGrants.add(grant); 128170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 128270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 128370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 128407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root bool removeGrant(const char* filename, uid_t granteeUid) { 1285655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::iterator it(mGrants.begin()); 1286655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 1287655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = *it; 1288655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (grant->uid == granteeUid 1289655b958eb2180c7c06889f83f606d23421bf038cKenny Root && !strcmp(reinterpret_cast<const char*>(grant->filename), filename)) { 1290655b958eb2180c7c06889f83f606d23421bf038cKenny Root mGrants.erase(it); 1291655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 1292655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 129370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 129470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return false; 129570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 129670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1297a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom bool hasGrant(const char* filename, const uid_t uid) const { 1298a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom return getGrant(filename, uid) != NULL; 129970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 130070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1301f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode importKey(const uint8_t* key, size_t keyLen, const char* filename, uid_t uid, 1302f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 1303822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t* data; 1304822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root size_t dataLength; 1305822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root int rc; 1306822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1307822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (mDevice->import_keypair == NULL) { 1308822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Keymaster doesn't support import!"); 1309822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1310822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1311822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 131217208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback = false; 131307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root rc = mDevice->import_keypair(mDevice, key, keyLen, &data, &dataLength); 1314822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc) { 1315a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root /* 1316a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * Maybe the device doesn't support this type of key. Try to use the 1317a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * software fallback keymaster implementation. This is a little bit 1318a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * lazier than checking the PKCS#8 key type, but the software 1319a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * implementation will do that anyway. 1320a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root */ 13217c1eb75a6898452867ca28a4d7fad2d91edca615Chad Brubaker rc = mFallbackDevice->import_keypair(mFallbackDevice, key, keyLen, &data, &dataLength); 1322a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root isFallback = true; 132317208e0de5a42722901d803118745cca25fd10c1Kenny Root 132417208e0de5a42722901d803118745cca25fd10c1Kenny Root if (rc) { 132517208e0de5a42722901d803118745cca25fd10c1Kenny Root ALOGE("Error while importing keypair: %d", rc); 132617208e0de5a42722901d803118745cca25fd10c1Kenny Root return SYSTEM_ERROR; 132717208e0de5a42722901d803118745cca25fd10c1Kenny Root } 1328822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1329822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1330822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR); 1331822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root free(data); 1332822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1333f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 133417208e0de5a42722901d803118745cca25fd10c1Kenny Root keyBlob.setFallback(isFallback); 1335f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1336655b958eb2180c7c06889f83f606d23421bf038cKenny Root return put(filename, &keyBlob, uid); 1337822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1338822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 13391b0e3933900c7ea21189704d5db64e7346aee7afKenny Root bool isHardwareBacked(const android::String16& keyType) const { 13401b0e3933900c7ea21189704d5db64e7346aee7afKenny Root if (mDevice == NULL) { 13411b0e3933900c7ea21189704d5db64e7346aee7afKenny Root ALOGW("can't get keymaster device"); 13421b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return false; 13431b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } 13441b0e3933900c7ea21189704d5db64e7346aee7afKenny Root 13451b0e3933900c7ea21189704d5db64e7346aee7afKenny Root if (sRSAKeyType == keyType) { 13461b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0; 13471b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } else { 13481b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0 13491b0e3933900c7ea21189704d5db64e7346aee7afKenny Root && (mDevice->common.module->module_api_version 13501b0e3933900c7ea21189704d5db64e7346aee7afKenny Root >= KEYMASTER_MODULE_API_VERSION_0_2); 13511b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } 13528ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root } 13538ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root 1354655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode getKeyForName(Blob* keyBlob, const android::String8& keyName, const uid_t uid, 1355655b958eb2180c7c06889f83f606d23421bf038cKenny Root const BlobType type) { 135686b16e8c0d353af97f0411917789308dba417295Kenny Root android::String8 filepath8(getKeyNameForUidWithDir(keyName, uid)); 1357a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1358655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = get(filepath8.string(), keyBlob, type, uid); 1359655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (responseCode == NO_ERROR) { 1360655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1361655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1362a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1363655b958eb2180c7c06889f83f606d23421bf038cKenny Root // If this is one of the legacy UID->UID mappings, use it. 1364655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t euid = get_keystore_euid(uid); 1365655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (euid != uid) { 136686b16e8c0d353af97f0411917789308dba417295Kenny Root filepath8 = getKeyNameForUidWithDir(keyName, euid); 1367655b958eb2180c7c06889f83f606d23421bf038cKenny Root responseCode = get(filepath8.string(), keyBlob, type, uid); 1368655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (responseCode == NO_ERROR) { 1369655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1370655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1371655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 137270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1373655b958eb2180c7c06889f83f606d23421bf038cKenny Root // They might be using a granted key. 137486b16e8c0d353af97f0411917789308dba417295Kenny Root android::String8 filename8 = getKeyName(keyName); 1375655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* end; 137686b16e8c0d353af97f0411917789308dba417295Kenny Root strtoul(filename8.string(), &end, 10); 1377655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (end[0] != '_' || end[1] == 0) { 1378655b958eb2180c7c06889f83f606d23421bf038cKenny Root return KEY_NOT_FOUND; 1379655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 138086b16e8c0d353af97f0411917789308dba417295Kenny Root filepath8 = android::String8::format("%s/%s", getUserState(uid)->getUserDirName(), 138186b16e8c0d353af97f0411917789308dba417295Kenny Root filename8.string()); 1382655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!hasGrant(filepath8.string(), uid)) { 1383655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1384a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1385a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1386655b958eb2180c7c06889f83f606d23421bf038cKenny Root // It is a granted key. Try to load it. 1387655b958eb2180c7c06889f83f606d23421bf038cKenny Root return get(filepath8.string(), keyBlob, type, uid); 1388a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1389a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1390655b958eb2180c7c06889f83f606d23421bf038cKenny Root /** 1391655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns any existing UserState or creates it if it doesn't exist. 1392655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1393655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* getUserState(uid_t uid) { 1394655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t userId = get_user_id(uid); 1395655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1396655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::iterator it(mMasterKeys.begin()); 1397655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 1398655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* state = *it; 1399655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (state->getUserId() == userId) { 1400655b958eb2180c7c06889f83f606d23421bf038cKenny Root return state; 1401655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1402a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1403655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1404655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = new UserState(userId); 1405655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!userState->initialize()) { 1406655b958eb2180c7c06889f83f606d23421bf038cKenny Root /* There's not much we can do if initialization fails. Trying to 1407655b958eb2180c7c06889f83f606d23421bf038cKenny Root * unlock the keystore for that user will fail as well, so any 1408655b958eb2180c7c06889f83f606d23421bf038cKenny Root * subsequent request for this user will just return SYSTEM_ERROR. 1409655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1410655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("User initialization failed for %u; subsuquent operations will fail", userId); 1411a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1412655b958eb2180c7c06889f83f606d23421bf038cKenny Root mMasterKeys.add(userState); 1413655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState; 1414a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1415a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1416655b958eb2180c7c06889f83f606d23421bf038cKenny Root /** 1417655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns NULL if the UserState doesn't already exist. 1418655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1419655b958eb2180c7c06889f83f606d23421bf038cKenny Root const UserState* getUserState(uid_t uid) const { 1420655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t userId = get_user_id(uid); 1421655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1422655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::const_iterator it(mMasterKeys.begin()); 1423655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 1424655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* state = *it; 1425655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (state->getUserId() == userId) { 1426655b958eb2180c7c06889f83f606d23421bf038cKenny Root return state; 1427655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1428655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1429a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1430655b958eb2180c7c06889f83f606d23421bf038cKenny Root return NULL; 1431a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1432a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1433655b958eb2180c7c06889f83f606d23421bf038cKenny Rootprivate: 1434655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const char* sOldMasterKey; 1435655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const char* sMetaDataFile; 14361b0e3933900c7ea21189704d5db64e7346aee7afKenny Root static const android::String16 sRSAKeyType; 1437655b958eb2180c7c06889f83f606d23421bf038cKenny Root Entropy* mEntropy; 143807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 143967d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t* mDevice; 144067d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t* mFallbackDevice; 1441a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1442655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::Vector<UserState*> mMasterKeys; 1443655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1444655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::Vector<grant_t*> mGrants; 144570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1446655b958eb2180c7c06889f83f606d23421bf038cKenny Root typedef struct { 1447655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint32_t version; 1448655b958eb2180c7c06889f83f606d23421bf038cKenny Root } keystore_metadata_t; 144970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1450655b958eb2180c7c06889f83f606d23421bf038cKenny Root keystore_metadata_t mMetaData; 1451655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1452655b958eb2180c7c06889f83f606d23421bf038cKenny Root const grant_t* getGrant(const char* filename, uid_t uid) const { 1453655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::const_iterator it(mGrants.begin()); 1454655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 1455655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = *it; 145670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (grant->uid == uid 1457655b958eb2180c7c06889f83f606d23421bf038cKenny Root && !strcmp(reinterpret_cast<const char*>(grant->filename), filename)) { 145870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return grant; 145970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 146070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 146170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return NULL; 146270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 146370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1464822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /** 1465822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Upgrade code. This will upgrade the key from the current version 1466822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * to whatever is newest. 1467822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 1468655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVersion, 1469655b958eb2180c7c06889f83f606d23421bf038cKenny Root const BlobType type, uid_t uid) { 1470822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root bool updated = false; 1471822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t version = oldVersion; 1472822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1473822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /* From V0 -> V1: All old types were unknown */ 1474822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (version == 0) { 1475822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGV("upgrading to version 1 and setting type %d", type); 1476822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1477822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root blob->setType(type); 1478822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (type == TYPE_KEY_PAIR) { 1479655b958eb2180c7c06889f83f606d23421bf038cKenny Root importBlobAsKey(blob, filename, uid); 1480822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1481822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root version = 1; 1482822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root updated = true; 1483822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1484822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1485f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root /* From V1 -> V2: All old keys were encrypted */ 1486f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (version == 1) { 1487f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("upgrading to version 2"); 1488f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1489f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root blob->setEncrypted(true); 1490f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root version = 2; 1491f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root updated = true; 1492f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 1493f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1494822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /* 1495822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * If we've updated, set the key blob to the right version 1496822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * and write it. 1497cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root */ 1498822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (updated) { 1499822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGV("updated and writing file %s", filename); 1500822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root blob->setVersion(version); 1501822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1502cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root 1503cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root return updated; 1504822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1505822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1506822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /** 1507822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Takes a blob that is an PEM-encoded RSA key as a byte array and 1508822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * converts it to a DER-encoded PKCS#8 for import into a keymaster. 1509822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Then it overwrites the original blob with the new blob 1510822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * format that is returned from the keymaster. 1511822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 1512655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode importBlobAsKey(Blob* blob, const char* filename, uid_t uid) { 1513822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root // We won't even write to the blob directly with this BIO, so const_cast is okay. 1514822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_BIO b(BIO_new_mem_buf(const_cast<uint8_t*>(blob->getValue()), blob->getLength())); 1515822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (b.get() == NULL) { 1516822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Problem instantiating BIO"); 1517822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1518822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1519822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1520822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_EVP_PKEY pkey(PEM_read_bio_PrivateKey(b.get(), NULL, NULL, NULL)); 1521822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (pkey.get() == NULL) { 1522822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't read old PEM file"); 1523822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1524822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1525822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1526822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_PKCS8_PRIV_KEY_INFO pkcs8(EVP_PKEY2PKCS8(pkey.get())); 1527822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root int len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), NULL); 1528822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (len < 0) { 1529822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't measure PKCS#8 length"); 1530822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1531822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1532822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 153370c9889c5ca912e7c492580e1999f18ab65b267bKenny Root UniquePtr<unsigned char[]> pkcs8key(new unsigned char[len]); 153470c9889c5ca912e7c492580e1999f18ab65b267bKenny Root uint8_t* tmp = pkcs8key.get(); 1535822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &tmp) != len) { 1536822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't convert to PKCS#8"); 1537822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1538822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1539822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1540f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode rc = importKey(pkcs8key.get(), len, filename, uid, 1541f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root blob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); 1542822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc != NO_ERROR) { 1543822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1544822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1545822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1546655b958eb2180c7c06889f83f606d23421bf038cKenny Root return get(filename, blob, TYPE_KEY_PAIR, uid); 1547822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 154870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1549655b958eb2180c7c06889f83f606d23421bf038cKenny Root void readMetaData() { 1550655b958eb2180c7c06889f83f606d23421bf038cKenny Root int in = TEMP_FAILURE_RETRY(open(sMetaDataFile, O_RDONLY)); 1551655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (in < 0) { 1552655b958eb2180c7c06889f83f606d23421bf038cKenny Root return; 1553655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1554655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t fileLength = readFully(in, (uint8_t*) &mMetaData, sizeof(mMetaData)); 1555655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (fileLength != sizeof(mMetaData)) { 1556655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGI("Metadata file is %zd bytes (%zd experted); upgrade?", fileLength, 1557655b958eb2180c7c06889f83f606d23421bf038cKenny Root sizeof(mMetaData)); 1558655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1559655b958eb2180c7c06889f83f606d23421bf038cKenny Root close(in); 156070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 156170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1562655b958eb2180c7c06889f83f606d23421bf038cKenny Root void writeMetaData() { 1563655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* tmpFileName = ".metadata.tmp"; 1564655b958eb2180c7c06889f83f606d23421bf038cKenny Root int out = TEMP_FAILURE_RETRY(open(tmpFileName, 1565655b958eb2180c7c06889f83f606d23421bf038cKenny Root O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); 1566655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (out < 0) { 1567655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't write metadata file: %s", strerror(errno)); 1568655b958eb2180c7c06889f83f606d23421bf038cKenny Root return; 1569655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1570655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t fileLength = writeFully(out, (uint8_t*) &mMetaData, sizeof(mMetaData)); 1571655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (fileLength != sizeof(mMetaData)) { 1572655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGI("Could only write %zd bytes to metadata file (%zd expected)", fileLength, 1573655b958eb2180c7c06889f83f606d23421bf038cKenny Root sizeof(mMetaData)); 157470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1575655b958eb2180c7c06889f83f606d23421bf038cKenny Root close(out); 1576655b958eb2180c7c06889f83f606d23421bf038cKenny Root rename(tmpFileName, sMetaDataFile); 157770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 157870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1579655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgradeKeystore() { 1580655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgraded = false; 1581655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1582655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (mMetaData.version == 0) { 1583655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(0); 1584655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1585655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Initialize first so the directory is made. 1586655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->initialize(); 1587655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1588655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Migrate the old .masterkey file to user 0. 1589655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(sOldMasterKey, R_OK) == 0) { 1590655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (rename(sOldMasterKey, userState->getMasterKeyFileName()) < 0) { 1591655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't migrate old masterkey: %s", strerror(errno)); 1592655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 1593655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1594655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1595655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1596655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Initialize again in case we had a key. 1597655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->initialize(); 1598655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1599655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Try to migrate existing keys. 1600655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir("."); 1601655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!dir) { 1602655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Give up now; maybe we can upgrade later. 1603655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't open keystore's directory; something is wrong"); 1604655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 1605655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1606655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1607655b958eb2180c7c06889f83f606d23421bf038cKenny Root struct dirent* file; 1608655b958eb2180c7c06889f83f606d23421bf038cKenny Root while ((file = readdir(dir)) != NULL) { 1609655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 1610655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 1611655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1612655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1613655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1614655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 1615655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_name[0] == '.') { 1616655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1617655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1618655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1619655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Find the current file's user. 1620655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* end; 1621655b958eb2180c7c06889f83f606d23421bf038cKenny Root unsigned long thisUid = strtoul(file->d_name, &end, 10); 1622655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (end[0] != '_' || end[1] == 0) { 1623655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1624655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1625655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* otherUser = getUserState(thisUid); 1626655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (otherUser->getUserId() != 0) { 1627655b958eb2180c7c06889f83f606d23421bf038cKenny Root unlinkat(dirfd(dir), file->d_name, 0); 1628655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1629655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1630655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Rename the file into user directory. 1631655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* otherdir = opendir(otherUser->getUserDirName()); 1632655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (otherdir == NULL) { 1633655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't open user directory for rename"); 1634655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1635655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1636655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (renameat(dirfd(dir), file->d_name, dirfd(otherdir), file->d_name) < 0) { 1637655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't rename blob: %s: %s", file->d_name, strerror(errno)); 1638655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1639655b958eb2180c7c06889f83f606d23421bf038cKenny Root closedir(otherdir); 1640655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1641655b958eb2180c7c06889f83f606d23421bf038cKenny Root closedir(dir); 1642655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1643655b958eb2180c7c06889f83f606d23421bf038cKenny Root mMetaData.version = 1; 1644655b958eb2180c7c06889f83f606d23421bf038cKenny Root upgraded = true; 1645655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1646655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1647655b958eb2180c7c06889f83f606d23421bf038cKenny Root return upgraded; 164870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1649655b958eb2180c7c06889f83f606d23421bf038cKenny Root}; 165070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1651655b958eb2180c7c06889f83f606d23421bf038cKenny Rootconst char* KeyStore::sOldMasterKey = ".masterkey"; 1652655b958eb2180c7c06889f83f606d23421bf038cKenny Rootconst char* KeyStore::sMetaDataFile = ".metadata"; 165370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 16541b0e3933900c7ea21189704d5db64e7346aee7afKenny Rootconst android::String16 KeyStore::sRSAKeyType("RSA"); 16551b0e3933900c7ea21189704d5db64e7346aee7afKenny Root 165607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootnamespace android { 165707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootclass KeyStoreProxy : public BnKeystoreService, public IBinder::DeathRecipient { 165807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootpublic: 165907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root KeyStoreProxy(KeyStore* keyStore) 166040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker : mKeyStore(keyStore), 166140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap(this) 166207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root { 166307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1664a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 166540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void binderDied(const wp<IBinder>& who) { 166640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker auto operations = mOperationMap.getOperationsForToken(who.unsafe_get()); 166740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker for (auto token: operations) { 166840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker abort(token); 166940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 167007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1671a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 167207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t test() { 16739489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_TEST)) { 167407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 167507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1676a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 16779489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return mKeyStore->getState(IPCThreadState::self()->getCallingUid()); 1678a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1679a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 168007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t get(const String16& name, uint8_t** item, size_t* itemLength) { 16819489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_GET)) { 168207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 168307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1684a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 16859489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 168607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 168707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 168866dbf67dd65b4808a15ef64f0ffde1275bdd58a9Nick Kralevich 1689655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 1690494689083467ec372a58f094f041c8f102f39393Kenny Root TYPE_GENERIC); 169107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 1692655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("Could not read %s", name8.string()); 169307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *item = NULL; 169407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *itemLength = 0; 169507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 169607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 169707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 169807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *item = (uint8_t*) malloc(keyBlob.getLength()); 169907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root memcpy(*item, keyBlob.getValue(), keyBlob.getLength()); 170007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *itemLength = keyBlob.getLength(); 170107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 170207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1703a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1704a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1705f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int targetUid, 1706f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 17079489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 17089489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, 17099489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 17109489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 17119489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 1712b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1713b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 171407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1715655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 171607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 171707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob(item, itemLength, NULL, 0, ::TYPE_GENERIC); 1718ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 1719ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root 1720fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->put(filename.string(), &keyBlob, targetUid); 1721a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1722a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1723494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t del(const String16& name, int targetUid) { 17249489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 17259489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_DELETE, targetUid)) { 1726b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1727b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 172807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1729655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 173017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return mKeyStore->del(filename.string(), ::TYPE_ANY, targetUid); 1731298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1732298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 1733494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t exist(const String16& name, int targetUid) { 17349489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 17359489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_EXIST, targetUid)) { 1736b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1737b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1738b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 173907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1740655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 174107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1742655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 174307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 174407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 174507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1746298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1747298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 1748494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t saw(const String16& prefix, int targetUid, Vector<String16>* matches) { 17499489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 17509489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_SAW, targetUid)) { 1751b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1752b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 175307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 prefix8(prefix); 1754655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUid(prefix8, targetUid)); 175507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 17564b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mKeyStore->saw(filename, matches, targetUid) != ::NO_ERROR) { 17574b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 175807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 175907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1760298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1761298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 176207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t reset() { 17639489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_RESET)) { 176407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 176507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1766a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 17679489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 176896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker mKeyStore->resetUser(get_user_id(callingUid), false); 176996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return ::NO_ERROR; 1770a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1771a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 177296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker int32_t onUserPasswordChanged(int32_t userId, const String16& password) { 17739489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_PASSWORD)) { 177407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 177507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1776a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 177707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 password8(password); 177896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker uid_t uid = get_uid(userId, AID_SYSTEM); 1779a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 178096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // Flush the auth token table to prevent stale tokens from sticking 178196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // around. 178296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker mAuthTokenTable.Clear(); 178396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker 178496d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker if (password.size() == 0) { 178596d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker ALOGI("Secure lockscreen for user %d removed, deleting encrypted entries", userId); 178696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker mKeyStore->resetUser(static_cast<uid_t>(userId), true); 178796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return ::NO_ERROR; 178896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } else { 178996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker switch (mKeyStore->getState(uid)) { 179096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker case ::STATE_UNINITIALIZED: { 179196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // generate master key, encrypt with password, write to file, 179296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // initialize mMasterKey*. 179396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return mKeyStore->initializeUser(password8, uid); 179496d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 179596d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker case ::STATE_NO_ERROR: { 179696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // rewrite master key with new password. 179796d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return mKeyStore->writeMasterKey(password8, uid); 179896d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 179996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker case ::STATE_LOCKED: { 180096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker ALOGE("Changing user %d's password while locked, clearing old encryption", 180196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker userId); 180296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker mKeyStore->resetUser(static_cast<uid_t>(userId), true); 180396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return mKeyStore->initializeUser(password8, uid); 180496d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker } 180507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 180696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return ::SYSTEM_ERROR; 180707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 180807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1809a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 181007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t lock() { 18119489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_LOCK)) { 181207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 181307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 181407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 18159489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1816655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 18179d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (state != ::STATE_NO_ERROR) { 181807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling lock in state: %d", state); 181907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 182007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 182170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1822655b958eb2180c7c06889f83f606d23421bf038cKenny Root mKeyStore->lock(callingUid); 182307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 182470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1825a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 182696d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker int32_t unlock(int32_t userId, const String16& pw) { 18279489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_UNLOCK)) { 182807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 182907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 183007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 183196d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker uid_t uid = get_uid(userId, AID_SYSTEM); 183296d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker State state = mKeyStore->getState(uid); 18339d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (state != ::STATE_LOCKED) { 183496d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker ALOGI("calling unlock when not locked, ignoring."); 183507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 183607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 183707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 183807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 password8(pw); 183996d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // read master key, decrypt with password, initialize mMasterKey*. 184096d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return mKeyStore->readMasterKey(password8, uid); 184170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 184270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 184307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t zero() { 18449489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_ZERO)) { 184507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return -1; 184607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 184770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 18489489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1849655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->isEmpty(callingUid) ? ::KEY_NOT_FOUND : ::NO_ERROR; 185070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 185170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 185296427baf0094d50047049d329b0779c3c910402cKenny Root int32_t generate(const String16& name, int32_t targetUid, int32_t keyType, int32_t keySize, 185396427baf0094d50047049d329b0779c3c910402cKenny Root int32_t flags, Vector<sp<KeystoreArg> >* args) { 18549489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 18559489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, 18569489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 18579489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 18589489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 185907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 186007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uint8_t* data; 186107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t dataLength; 186207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int rc; 186317208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback = false; 186470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 186567d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 186667d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 186707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 186807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 186907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 187070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 187107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->generate_keypair == NULL) { 187207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 187307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 187470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 187517208e0de5a42722901d803118745cca25fd10c1Kenny Root if (keyType == EVP_PKEY_DSA) { 187696427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_dsa_keygen_params_t dsa_params; 187796427baf0094d50047049d329b0779c3c910402cKenny Root memset(&dsa_params, '\0', sizeof(dsa_params)); 187896427baf0094d50047049d329b0779c3c910402cKenny Root 187996427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 188096427baf0094d50047049d329b0779c3c910402cKenny Root keySize = DSA_DEFAULT_KEY_SIZE; 188196427baf0094d50047049d329b0779c3c910402cKenny Root } else if ((keySize % 64) != 0 || keySize < DSA_MIN_KEY_SIZE 188296427baf0094d50047049d329b0779c3c910402cKenny Root || keySize > DSA_MAX_KEY_SIZE) { 188396427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 188496427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 188596427baf0094d50047049d329b0779c3c910402cKenny Root } 188696427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.key_size = keySize; 188796427baf0094d50047049d329b0779c3c910402cKenny Root 188896427baf0094d50047049d329b0779c3c910402cKenny Root if (args->size() == 3) { 188996427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> gArg = args->itemAt(0); 189096427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> pArg = args->itemAt(1); 189196427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> qArg = args->itemAt(2); 189296427baf0094d50047049d329b0779c3c910402cKenny Root 189396427baf0094d50047049d329b0779c3c910402cKenny Root if (gArg != NULL && pArg != NULL && qArg != NULL) { 189496427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.generator = reinterpret_cast<const uint8_t*>(gArg->data()); 189596427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.generator_len = gArg->size(); 189696427baf0094d50047049d329b0779c3c910402cKenny Root 189796427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_p = reinterpret_cast<const uint8_t*>(pArg->data()); 189896427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_p_len = pArg->size(); 189996427baf0094d50047049d329b0779c3c910402cKenny Root 190096427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_q = reinterpret_cast<const uint8_t*>(qArg->data()); 190196427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_q_len = qArg->size(); 190296427baf0094d50047049d329b0779c3c910402cKenny Root } else { 190396427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("not all DSA parameters were read"); 190496427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 190596427baf0094d50047049d329b0779c3c910402cKenny Root } 190696427baf0094d50047049d329b0779c3c910402cKenny Root } else if (args->size() != 0) { 190796427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("DSA args must be 3"); 190896427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 190996427baf0094d50047049d329b0779c3c910402cKenny Root } 191096427baf0094d50047049d329b0779c3c910402cKenny Root 19111d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (isKeyTypeSupported(device, TYPE_DSA)) { 191217208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = device->generate_keypair(device, TYPE_DSA, &dsa_params, &data, &dataLength); 191317208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 191417208e0de5a42722901d803118745cca25fd10c1Kenny Root isFallback = true; 1915fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = fallback->generate_keypair(fallback, TYPE_DSA, &dsa_params, &data, 1916fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker &dataLength); 191717208e0de5a42722901d803118745cca25fd10c1Kenny Root } 191817208e0de5a42722901d803118745cca25fd10c1Kenny Root } else if (keyType == EVP_PKEY_EC) { 191996427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_ec_keygen_params_t ec_params; 192096427baf0094d50047049d329b0779c3c910402cKenny Root memset(&ec_params, '\0', sizeof(ec_params)); 192196427baf0094d50047049d329b0779c3c910402cKenny Root 192296427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 192396427baf0094d50047049d329b0779c3c910402cKenny Root keySize = EC_DEFAULT_KEY_SIZE; 192496427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) { 192596427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 192696427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 192796427baf0094d50047049d329b0779c3c910402cKenny Root } 192896427baf0094d50047049d329b0779c3c910402cKenny Root ec_params.field_size = keySize; 192996427baf0094d50047049d329b0779c3c910402cKenny Root 19301d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (isKeyTypeSupported(device, TYPE_EC)) { 193117208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = device->generate_keypair(device, TYPE_EC, &ec_params, &data, &dataLength); 193217208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 193317208e0de5a42722901d803118745cca25fd10c1Kenny Root isFallback = true; 1934fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = fallback->generate_keypair(fallback, TYPE_EC, &ec_params, &data, &dataLength); 193517208e0de5a42722901d803118745cca25fd10c1Kenny Root } 193696427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keyType == EVP_PKEY_RSA) { 193796427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_rsa_keygen_params_t rsa_params; 193896427baf0094d50047049d329b0779c3c910402cKenny Root memset(&rsa_params, '\0', sizeof(rsa_params)); 193996427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.public_exponent = RSA_DEFAULT_EXPONENT; 194096427baf0094d50047049d329b0779c3c910402cKenny Root 194196427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 194296427baf0094d50047049d329b0779c3c910402cKenny Root keySize = RSA_DEFAULT_KEY_SIZE; 194396427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keySize < RSA_MIN_KEY_SIZE || keySize > RSA_MAX_KEY_SIZE) { 194496427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 194596427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 194696427baf0094d50047049d329b0779c3c910402cKenny Root } 194796427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.modulus_size = keySize; 194896427baf0094d50047049d329b0779c3c910402cKenny Root 194996427baf0094d50047049d329b0779c3c910402cKenny Root if (args->size() > 1) { 19506489e02e134e4779d35c4a340ff68ad445fde133Matteo Franchin ALOGI("invalid number of arguments: %zu", args->size()); 195196427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 195296427baf0094d50047049d329b0779c3c910402cKenny Root } else if (args->size() == 1) { 195396427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> pubExpBlob = args->itemAt(0); 195496427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExpBlob != NULL) { 195596427baf0094d50047049d329b0779c3c910402cKenny Root Unique_BIGNUM pubExpBn( 195696427baf0094d50047049d329b0779c3c910402cKenny Root BN_bin2bn(reinterpret_cast<const unsigned char*>(pubExpBlob->data()), 195796427baf0094d50047049d329b0779c3c910402cKenny Root pubExpBlob->size(), NULL)); 195896427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExpBn.get() == NULL) { 195996427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("Could not convert public exponent to BN"); 196096427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 196196427baf0094d50047049d329b0779c3c910402cKenny Root } 196296427baf0094d50047049d329b0779c3c910402cKenny Root unsigned long pubExp = BN_get_word(pubExpBn.get()); 196396427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExp == 0xFFFFFFFFL) { 196496427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("cannot represent public exponent as a long value"); 196596427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 196696427baf0094d50047049d329b0779c3c910402cKenny Root } 196796427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.public_exponent = pubExp; 196896427baf0094d50047049d329b0779c3c910402cKenny Root } 196996427baf0094d50047049d329b0779c3c910402cKenny Root } 197096427baf0094d50047049d329b0779c3c910402cKenny Root 197196427baf0094d50047049d329b0779c3c910402cKenny Root rc = device->generate_keypair(device, TYPE_RSA, &rsa_params, &data, &dataLength); 197296427baf0094d50047049d329b0779c3c910402cKenny Root } else { 197396427baf0094d50047049d329b0779c3c910402cKenny Root ALOGW("Unsupported key type %d", keyType); 197496427baf0094d50047049d329b0779c3c910402cKenny Root rc = -1; 197596427baf0094d50047049d329b0779c3c910402cKenny Root } 197670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 197707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 197807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 197907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 198070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1981655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 name8(name); 19829489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 198370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 198407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR); 198507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root free(data); 198607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1987ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 198817208e0de5a42722901d803118745cca25fd10c1Kenny Root keyBlob.setFallback(isFallback); 198917208e0de5a42722901d803118745cca25fd10c1Kenny Root 19909489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return mKeyStore->put(filename.string(), &keyBlob, targetUid); 199170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 199270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1993f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t import(const String16& name, const uint8_t* data, size_t length, int targetUid, 1994f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 19959489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 19969489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, 19979489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 19989489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 19999489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 200007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 200107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 200260898896c3f3b2245d10076cac64346c956dbaa5Kenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 200370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2004fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->importKey(data, length, filename.string(), targetUid, flags); 200570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 200670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 200707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out, 200807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t* outLength) { 20099489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_SIGN)) { 201007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 201107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 20129a53d3eaf42104ddf02feeccec3cf7f5c1a34baeKenny Root 20139489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 201407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 201507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 201670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2017d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGV("sign %s from uid %d", name8.string(), callingUid); 201870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2019655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2020d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ::TYPE_KEY_PAIR); 202107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 202207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 202307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 202470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 202567d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 202607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 202707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("no keymaster device; cannot sign"); 202807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 202907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 203070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 203107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->sign_data == NULL) { 203207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("device doesn't implement signing"); 203307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 203407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 203570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 203607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_rsa_sign_params_t params; 203707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.digest_type = DIGEST_NONE; 203807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.padding_type = PADDING_NONE; 20399489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int rc = device->sign_data(device, ¶ms, keyBlob.getValue(), keyBlob.getLength(), data, 2040fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker length, out, outLength); 204107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 204207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGW("device couldn't sign data"); 204307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 204407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 204570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 204607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 204770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 204870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 204907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t verify(const String16& name, const uint8_t* data, size_t dataLength, 205007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const uint8_t* signature, size_t signatureLength) { 20519489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_VERIFY)) { 205207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 205307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 205470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 20559489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 205607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 205707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 205807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int rc; 205970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2060655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2061494689083467ec372a58f094f041c8f102f39393Kenny Root TYPE_KEY_PAIR); 206207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 206307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 206407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 206570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 206667d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 206707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 206807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 206907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 207070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 207107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->verify_data == NULL) { 207207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 207307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 207407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 207507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_rsa_sign_params_t params; 207607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.digest_type = DIGEST_NONE; 207707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.padding_type = PADDING_NONE; 207870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2079fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = device->verify_data(device, ¶ms, keyBlob.getValue(), keyBlob.getLength(), data, 2080fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker dataLength, signature, signatureLength); 208107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 208207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 208307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } else { 208407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 208507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 208670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 208770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 208807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 208907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * TODO: The abstraction between things stored in hardware and regular blobs 209007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * of data stored on the filesystem should be moved down to keystore itself. 209107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Unfortunately the Java code that calls this has naming conventions that it 209207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * knows about. Ideally keystore shouldn't be used to store random blobs of 209307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * data. 209407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * 209507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Until that happens, it's necessary to have a separate "get_pubkey" and 209607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * "del_key" since the Java code doesn't really communicate what it's 209707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * intentions are. 209807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 209907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) { 2100d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 21019489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_GET)) { 2102d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: get_pubkey", callingUid); 210307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 210407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 210570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 210607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 210707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 210870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2109d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGV("get_pubkey '%s' from uid %d", name8.string(), callingUid); 211070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2111655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 211207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root TYPE_KEY_PAIR); 211307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 211407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 211507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 211670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 211767d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 211807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 211907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 212007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 212170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 212207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->get_keypair_public == NULL) { 212307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("device has no get_keypair_public implementation!"); 212407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 212507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 2126344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 212717208e0de5a42722901d803118745cca25fd10c1Kenny Root int rc; 2128fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = device->get_keypair_public(device, keyBlob.getValue(), keyBlob.getLength(), pubkey, 2129fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker pubkeyLength); 213007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 213107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 213207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 2133344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 213407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 2135344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root } 2136344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 2137494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t del_key(const String16& name, int targetUid) { 21389489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return del(name, targetUid); 2139a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 214007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 214107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t grant(const String16& name, int32_t granteeUid) { 2142d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 21439489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_GRANT); 21449489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 21459489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 214607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 214707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 214807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2149655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 215007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2151655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 215207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 215307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 215407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2155655b958eb2180c7c06889f83f606d23421bf038cKenny Root mKeyStore->addGrant(filename.string(), granteeUid); 215607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 2157a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 215807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 215907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t ungrant(const String16& name, int32_t granteeUid) { 2160d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 21619489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int32_t result = checkBinderPermissionAndKeystoreState(P_GRANT); 21629489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (result != ::NO_ERROR) { 21639489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return result; 216407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 216507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 216607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2167655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 216807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2169655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 217007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 217107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 217207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2173655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->removeGrant(filename.string(), granteeUid) ? ::NO_ERROR : ::KEY_NOT_FOUND; 2174a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 217507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 217607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int64_t getmtime(const String16& name) { 2177d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 21789489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_GET)) { 2179d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: getmtime", callingUid); 218036a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 218107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 218207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 218307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2184655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 218507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2186655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 2187655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not access %s for getmtime", filename.string()); 218836a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 2189a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 219007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2191655b958eb2180c7c06889f83f606d23421bf038cKenny Root int fd = TEMP_FAILURE_RETRY(open(filename.string(), O_NOFOLLOW, O_RDONLY)); 219207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (fd < 0) { 2193655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not open %s for getmtime", filename.string()); 219436a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 219507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 219607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 219707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct stat s; 219807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int ret = fstat(fd, &s); 219907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root close(fd); 220007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (ret == -1) { 2201655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not stat %s for getmtime", filename.string()); 220236a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 220307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 220407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 220536a9e231e03734cd2143383d26388455c1764e17Kenny Root return static_cast<int64_t>(s.st_mtime); 2206a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 220707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2208d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, 2209d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root int32_t destUid) { 22100225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2211eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2212eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_DUPLICATE, spid)) { 2213d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGW("permission denied for %d: duplicate", callingUid); 22140225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return -1L; 22150225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22160225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2217655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 22180225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root if (!isKeystoreUnlocked(state)) { 2219d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("calling duplicate in state: %d", state); 22200225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return state; 22210225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22220225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2223d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (srcUid == -1 || static_cast<uid_t>(srcUid) == callingUid) { 2224d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root srcUid = callingUid; 2225d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } else if (!is_granted_to(callingUid, srcUid)) { 2226d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("migrate not granted from source: %d -> %d", callingUid, srcUid); 22270225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return ::PERMISSION_DENIED; 22280225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22290225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2230d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (destUid == -1) { 2231d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root destUid = callingUid; 2232d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 22330225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2234d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (srcUid != destUid) { 2235d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (static_cast<uid_t>(srcUid) != callingUid) { 2236d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("can only duplicate from caller to other or to same uid: " 2237d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root "calling=%d, srcUid=%d, destUid=%d", callingUid, srcUid, destUid); 2238d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return ::PERMISSION_DENIED; 2239d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 22400225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2241d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (!is_granted_to(callingUid, destUid)) { 2242d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("duplicate not granted to dest: %d -> %d", callingUid, destUid); 2243d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return ::PERMISSION_DENIED; 2244d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 22450225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22460225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2247d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root String8 source8(srcKey); 2248655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 sourceFile(mKeyStore->getKeyNameForUidWithDir(source8, srcUid)); 2249d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root 2250d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root String8 target8(destKey); 2251fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root String8 targetFile(mKeyStore->getKeyNameForUidWithDir(target8, destUid)); 22520225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2253655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(targetFile.string(), W_OK) != -1 || errno != ENOENT) { 2254655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGD("destination already exists: %s", targetFile.string()); 22550225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return ::SYSTEM_ERROR; 22560225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22570225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2258d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root Blob keyBlob; 2259655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->get(sourceFile.string(), &keyBlob, TYPE_ANY, 2260fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root srcUid); 2261d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (responseCode != ::NO_ERROR) { 2262d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return responseCode; 22630225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 2264d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root 2265fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->put(targetFile.string(), &keyBlob, destUid); 22660225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22670225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 22681b0e3933900c7ea21189704d5db64e7346aee7afKenny Root int32_t is_hardware_backed(const String16& keyType) { 22691b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return mKeyStore->isHardwareBacked(keyType) ? 1 : 0; 22708ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root } 22718ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root 2272fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root int32_t clear_uid(int64_t targetUid64) { 22739489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t targetUid = getEffectiveUid(targetUid64); 2274b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker if (!checkBinderPermissionSelfOrSystem(P_CLEAR_UID, targetUid)) { 2275a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root return ::PERMISSION_DENIED; 2276a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2277a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 22784b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 prefix = String8::format("%u_", targetUid); 22794b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee Vector<String16> aliases; 22804b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mKeyStore->saw(prefix, &aliases, targetUid) != ::NO_ERROR) { 2281a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root return ::SYSTEM_ERROR; 2282a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2283a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 22844b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee for (uint32_t i = 0; i < aliases.size(); i++) { 22854b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 name8(aliases[i]); 22864b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 22874b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee mKeyStore->del(filename.string(), ::TYPE_ANY, targetUid); 2288a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 22894b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::NO_ERROR; 2290a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2291a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 22924b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee int32_t reset_uid(int32_t targetUid) { 229396d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker // TODO: Remove this method from the binder interface 22949489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 229596d6d7868303ad87f1f408c40d3c44bcb39f561eChad Brubaker return onUserPasswordChanged(get_user_id(targetUid), String16("")); 22964e865753346fc6a075966972a7a98051818859dbRobin Lee } 22974e865753346fc6a075966972a7a98051818859dbRobin Lee 22984e865753346fc6a075966972a7a98051818859dbRobin Lee int32_t sync_uid(int32_t sourceUid, int32_t targetUid) { 22999489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_SYNC_UID, targetUid)) { 23004e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 23014e865753346fc6a075966972a7a98051818859dbRobin Lee } 23029489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 23034e865753346fc6a075966972a7a98051818859dbRobin Lee if (sourceUid == targetUid) { 23044e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 23054e865753346fc6a075966972a7a98051818859dbRobin Lee } 23064e865753346fc6a075966972a7a98051818859dbRobin Lee 23074e865753346fc6a075966972a7a98051818859dbRobin Lee // Initialise user keystore with existing master key held in-memory 23084e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->copyMasterKey(sourceUid, targetUid); 23094e865753346fc6a075966972a7a98051818859dbRobin Lee } 23104e865753346fc6a075966972a7a98051818859dbRobin Lee 23114e865753346fc6a075966972a7a98051818859dbRobin Lee int32_t password_uid(const String16& pw, int32_t targetUid) { 23129489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker targetUid = getEffectiveUid(targetUid); 23139489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_PASSWORD, targetUid)) { 23144e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 23154e865753346fc6a075966972a7a98051818859dbRobin Lee } 23164e865753346fc6a075966972a7a98051818859dbRobin Lee const String8 password8(pw); 23174e865753346fc6a075966972a7a98051818859dbRobin Lee 23184e865753346fc6a075966972a7a98051818859dbRobin Lee switch (mKeyStore->getState(targetUid)) { 23194e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_UNINITIALIZED: { 23204e865753346fc6a075966972a7a98051818859dbRobin Lee // generate master key, encrypt with password, write to file, initialize mMasterKey*. 23214e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->initializeUser(password8, targetUid); 23224e865753346fc6a075966972a7a98051818859dbRobin Lee } 23234e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_NO_ERROR: { 23244e865753346fc6a075966972a7a98051818859dbRobin Lee // rewrite master key with new password. 23254e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->writeMasterKey(password8, targetUid); 23264e865753346fc6a075966972a7a98051818859dbRobin Lee } 23274e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_LOCKED: { 23284e865753346fc6a075966972a7a98051818859dbRobin Lee // read master key, decrypt with password, initialize mMasterKey*. 23294e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->readMasterKey(password8, targetUid); 23304e865753346fc6a075966972a7a98051818859dbRobin Lee } 23314e865753346fc6a075966972a7a98051818859dbRobin Lee } 23324e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 23334e865753346fc6a075966972a7a98051818859dbRobin Lee } 23344e865753346fc6a075966972a7a98051818859dbRobin Lee 23359c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t addRngEntropy(const uint8_t* data, size_t dataLength) { 23369c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 23379c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 23389c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t devResult = KM_ERROR_UNIMPLEMENTED; 23399c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t fallbackResult = KM_ERROR_UNIMPLEMENTED; 23409c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 23419c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker device->add_rng_entropy != NULL) { 23429c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker devResult = device->add_rng_entropy(device, data, dataLength); 23439c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23449c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (fallback->add_rng_entropy) { 23459c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker fallbackResult = fallback->add_rng_entropy(fallback, data, dataLength); 23469c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23479c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (devResult) { 23489c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return devResult; 23499c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23509c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (fallbackResult) { 23519c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return fallbackResult; 23529c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 23539c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return ::NO_ERROR; 23549899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 23559899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 235617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker int32_t generateKey(const String16& name, const KeymasterArguments& params, 2357154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker const uint8_t* entropy, size_t entropyLength, int uid, int flags, 2358154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker KeyCharacteristics* outCharacteristics) { 23599489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid = getEffectiveUid(uid); 23609489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int rc = checkBinderPermissionAndKeystoreState(P_INSERT, uid, 23619489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 23629489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (rc != ::NO_ERROR) { 23639489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return rc; 236417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 236517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 23669489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 236717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker bool isFallback = false; 236817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_blob_t blob; 236917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_characteristics_t *out = NULL; 237017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 237117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 237217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 237317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (device == NULL) { 237417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return ::SYSTEM_ERROR; 237517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 2376154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker // TODO: Seed from Linux RNG before this. 237717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 237817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker device->generate_key != NULL) { 2379154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (!entropy) { 2380154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_OK; 2381154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else if (device->add_rng_entropy) { 2382154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = device->add_rng_entropy(device, entropy, entropyLength); 2383154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2384154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 2385154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2386154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (rc == KM_ERROR_OK) { 2387154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = device->generate_key(device, params.params.data(), params.params.size(), 2388154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker &blob, &out); 2389154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 239017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 239117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker // If the HW device didn't support generate_key or generate_key failed 239217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker // fall back to the software implementation. 239317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (rc && fallback->generate_key != NULL) { 239417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker isFallback = true; 2395154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (!entropy) { 2396154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_OK; 2397154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else if (fallback->add_rng_entropy) { 2398154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = fallback->add_rng_entropy(fallback, entropy, entropyLength); 2399154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2400154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 2401154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2402154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (rc == KM_ERROR_OK) { 2403154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = fallback->generate_key(fallback, params.params.data(), params.params.size(), 2404154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker &blob, 2405154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker &out); 2406154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 240717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 240817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 240917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (out) { 241017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (outCharacteristics) { 241117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker outCharacteristics->characteristics = *out; 241217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } else { 241317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_free_characteristics(out); 241417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 241517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker free(out); 241617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 241717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 241817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (rc) { 241917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return rc; 242017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 242117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 242217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker String8 name8(name); 242317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid)); 242417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 242517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker Blob keyBlob(blob.key_material, blob.key_material_size, NULL, 0, ::TYPE_KEYMASTER_10); 242617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keyBlob.setFallback(isFallback); 242717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 242817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 242917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker free(const_cast<uint8_t*>(blob.key_material)); 243017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 243117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return mKeyStore->put(filename.string(), &keyBlob, uid); 24329899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24339899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 2434f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker int32_t getKeyCharacteristics(const String16& name, 2435d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* clientId, 2436d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* appData, 2437f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker KeyCharacteristics* outCharacteristics) { 2438f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (!outCharacteristics) { 2439f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return KM_ERROR_UNEXPECTED_NULL_POINTER; 2440f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2441f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2442f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2443f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2444f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker Blob keyBlob; 2445f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker String8 name8(name); 2446f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker int rc; 2447f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2448f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2449f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker TYPE_KEYMASTER_10); 2450f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (responseCode != ::NO_ERROR) { 2451f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return responseCode; 2452f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2453f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster_key_blob_t key; 2454f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker key.key_material_size = keyBlob.getLength(); 2455f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker key.key_material = keyBlob.getValue(); 2456f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 2457f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster_key_characteristics_t *out = NULL; 2458f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (!dev->get_key_characteristics) { 2459f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker ALOGW("device does not implement get_key_characteristics"); 2460f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return KM_ERROR_UNIMPLEMENTED; 2461f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2462d663442b590b59250062335cc057478001b8e439Chad Brubaker rc = dev->get_key_characteristics(dev, &key, clientId, appData, &out); 2463f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (out) { 2464f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker outCharacteristics->characteristics = *out; 2465f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker free(out); 2466f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2467f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return rc ? rc : ::NO_ERROR; 24689899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24699899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 24704c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker int32_t importKey(const String16& name, const KeymasterArguments& params, 24714c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_format_t format, const uint8_t *keyData, 24724c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker size_t keyLength, int uid, int flags, 24734c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker KeyCharacteristics* outCharacteristics) { 24749489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid = getEffectiveUid(uid); 24759489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker int rc = checkBinderPermissionAndKeystoreState(P_INSERT, uid, 24769489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker flags & KEYSTORE_FLAG_ENCRYPTED); 24779489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (rc != ::NO_ERROR) { 24789489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return rc; 24794c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24804c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24819489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 24824c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker bool isFallback = false; 24834c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_blob_t blob; 24844c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_characteristics_t *out = NULL; 24854c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 24864c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 24874c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 24884c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (device == NULL) { 24894c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return ::SYSTEM_ERROR; 24904c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24914c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 24924c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker device->import_key != NULL) { 24934c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker rc = device->import_key(device, params.params.data(), params.params.size(), 24944c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker format, keyData, keyLength, &blob, &out); 24954c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 24964c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (rc && fallback->import_key != NULL) { 24974c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker isFallback = true; 24984c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker rc = fallback->import_key(fallback, params.params.data(), params.params.size(), 24994c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker format, keyData, keyLength, &blob, &out); 25004c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 25014c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (out) { 25024c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (outCharacteristics) { 25034c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker outCharacteristics->characteristics = *out; 25044c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } else { 25054c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_free_characteristics(out); 25064c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 25074c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker free(out); 25084c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 25094c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (rc) { 25104c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return rc; 25114c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 25124c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 25134c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker String8 name8(name); 25144c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid)); 25154c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 25164c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker Blob keyBlob(blob.key_material, blob.key_material_size, NULL, 0, ::TYPE_KEYMASTER_10); 25174c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keyBlob.setFallback(isFallback); 25184c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 25194c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 25204c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker free((void*) blob.key_material); 25214c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 25224c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return mKeyStore->put(filename.string(), &keyBlob, uid); 25239899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 25249899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 252507b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker void exportKey(const String16& name, keymaster_key_format_t format, 2526d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* clientId, 2527d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* appData, ExportResult* result) { 252807b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 252907b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 253007b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 253107b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker Blob keyBlob; 253207b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker String8 name8(name); 253307b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker int rc; 253407b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 253507b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 253607b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker TYPE_KEYMASTER_10); 253707b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker if (responseCode != ::NO_ERROR) { 253807b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = responseCode; 253907b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker return; 254007b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker } 254107b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker keymaster_key_blob_t key; 254207b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker key.key_material_size = keyBlob.getLength(); 254307b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker key.key_material = keyBlob.getValue(); 254407b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 254507b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker if (!dev->export_key) { 254607b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = KM_ERROR_UNIMPLEMENTED; 254707b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker return; 254807b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker } 254907b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker uint8_t* ptr = NULL; 2550d663442b590b59250062335cc057478001b8e439Chad Brubaker rc = dev->export_key(dev, format, &key, clientId, appData, 255107b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker &ptr, &result->dataLength); 255207b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->exportData.reset(ptr); 255307b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = rc ? rc : ::NO_ERROR; 25549899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 25559899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 2556ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker 255740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void begin(const sp<IBinder>& appToken, const String16& name, keymaster_purpose_t purpose, 2558154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker bool pruneable, const KeymasterArguments& params, const uint8_t* entropy, 2559154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker size_t entropyLength, KeymasterArguments* outParams, OperationResult* result) { 256040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!result || !outParams) { 256140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ALOGE("Unexpected null arguments to begin()"); 256240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 256340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 256440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 256540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!pruneable && get_app_id(callingUid) != AID_SYSTEM) { 256640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ALOGE("Non-system uid %d trying to start non-pruneable operation", callingUid); 256740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = ::PERMISSION_DENIED; 256840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 256940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 25700cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!checkAllowedOperationParams(params.params)) { 25710cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = KM_ERROR_INVALID_ARGUMENT; 25720cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return; 25730cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 257440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker Blob keyBlob; 257540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker String8 name8(name); 257640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 257740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker TYPE_KEYMASTER_10); 257840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (responseCode != ::NO_ERROR) { 257940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = responseCode; 258040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 258140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 258240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_key_blob_t key; 258340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker key.key_material_size = keyBlob.getLength(); 258440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker key.key_material = keyBlob.getValue(); 258540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_key_param_t* out; 258640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t outSize; 258740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 258840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 2589154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker keymaster_error_t err = KM_ERROR_UNIMPLEMENTED; 259006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> opParams(params.params); 2591ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker Unique_keymaster_key_characteristics characteristics; 2592ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker characteristics.reset(new keymaster_key_characteristics_t); 2593ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker err = getOperationCharacteristics(key, dev, opParams, characteristics.get()); 2594ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker if (err) { 2595ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker result->resultCode = err; 2596ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker return; 2597ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker } 25980cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t* authToken = NULL; 25990cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t authResult = getAuthToken(characteristics.get(), 0, &authToken, 260006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker /*failOnTokenMissing*/ false); 26010cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // If per-operation auth is needed we need to begin the operation and 26020cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // the client will need to authorize that operation before calling 26030cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // update. Any other auth issues stop here. 26040cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authResult != ::NO_ERROR && authResult != ::OP_AUTH_NEEDED) { 26050cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = authResult; 260606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return; 260706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 26080cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker addAuthToParams(&opParams, authToken); 2609154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker // Add entropy to the device first. 2610154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (entropy) { 2611154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (dev->add_rng_entropy) { 2612154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker err = dev->add_rng_entropy(dev, entropy, entropyLength); 2613154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2614154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker err = KM_ERROR_UNIMPLEMENTED; 2615154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2616154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (err) { 2617154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker result->resultCode = err; 2618154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker return; 2619154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2620154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 262106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker err = dev->begin(dev, purpose, &key, opParams.data(), opParams.size(), &out, &outSize, 262206801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker &handle); 262340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 262440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // If there are too many operations abort the oldest operation that was 262540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // started as pruneable and try again. 262640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker while (err == KM_ERROR_TOO_MANY_OPERATIONS && mOperationMap.hasPruneableOperation()) { 262740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker sp<IBinder> oldest = mOperationMap.getOldestPruneableOperation(); 262840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ALOGD("Ran out of operation handles, trying to prune %p", oldest.get()); 262940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (abort(oldest) != ::NO_ERROR) { 263040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker break; 263140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 26320cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker err = dev->begin(dev, purpose, &key, opParams.data(), opParams.size(), &out, &outSize, 263340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker &handle); 263440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 263540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (err) { 263640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err; 263740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 263840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 263940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (out) { 264040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker outParams->params.assign(out, out + outSize); 264140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker free(out); 264240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 26439899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 2644ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker sp<IBinder> operationToken = mOperationMap.addOperation(handle, dev, appToken, 2645ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker characteristics.release(), 264606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker pruneable); 26470cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authToken) { 26480cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker mOperationMap.setOperationAuthToken(operationToken, authToken); 26490cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 26500cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // Return the authentication lookup result. If this is a per operation 26510cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // auth'd key then the resultCode will be ::OP_AUTH_NEEDED and the 26520cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // application should get an auth token using the handle before the 26530cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // first call to update, which will fail if keystore hasn't received the 26540cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker // auth token. 26550cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = authResult; 265640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->token = operationToken; 2657c3a1856bbe2e39d5b3430f5f088b12fd710a159fChad Brubaker result->handle = handle; 26589899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 26599899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 266040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void update(const sp<IBinder>& token, const KeymasterArguments& params, const uint8_t* data, 266140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t dataLength, OperationResult* result) { 26620cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!checkAllowedOperationParams(params.params)) { 26630cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = KM_ERROR_INVALID_ARGUMENT; 26640cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return; 26650cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 266640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 266740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 26680cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, NULL)) { 266940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = KM_ERROR_INVALID_OPERATION_HANDLE; 267040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 267140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 267240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker uint8_t* output_buf = NULL; 267340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t output_length = 0; 267440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t consumed = 0; 267506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> opParams(params.params); 26760cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t authResult = addOperationAuthTokenIfNeeded(token, &opParams); 26770cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authResult != ::NO_ERROR) { 267806801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker result->resultCode = authResult; 267906801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return; 268006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 268106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker keymaster_error_t err = dev->update(dev, handle, opParams.data(), opParams.size(), data, 268206801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker dataLength, &consumed, &output_buf, &output_length); 268340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->data.reset(output_buf); 268440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->dataLength = output_length; 268540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->inputConsumed = consumed; 268640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err ? (int32_t) err : ::NO_ERROR; 268740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 268840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 268940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void finish(const sp<IBinder>& token, const KeymasterArguments& params, 269040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const uint8_t* signature, size_t signatureLength, OperationResult* result) { 26910cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!checkAllowedOperationParams(params.params)) { 26920cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker result->resultCode = KM_ERROR_INVALID_ARGUMENT; 26930cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return; 26940cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 269540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 269640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 26970cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, NULL)) { 269840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = KM_ERROR_INVALID_OPERATION_HANDLE; 269940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 270040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 270140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker uint8_t* output_buf = NULL; 270240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t output_length = 0; 270306801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> opParams(params.params); 27040cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t authResult = addOperationAuthTokenIfNeeded(token, &opParams); 27050cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authResult != ::NO_ERROR) { 270606801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker result->resultCode = authResult; 270706801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker return; 270806801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } 27090cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 271006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker keymaster_error_t err = dev->finish(dev, handle, opParams.data(), opParams.size(), 271106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker signature, signatureLength, &output_buf, 271206801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker &output_length); 271340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // Remove the operation regardless of the result 271440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap.removeOperation(token); 271506801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker mAuthTokenTable.MarkCompleted(handle); 271640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->data.reset(output_buf); 271740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->dataLength = output_length; 271840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err ? (int32_t) err : ::NO_ERROR; 271940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 272040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 272140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker int32_t abort(const sp<IBinder>& token) { 272240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 272340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 272406801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, NULL)) { 272540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return KM_ERROR_INVALID_OPERATION_HANDLE; 272640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 272740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap.removeOperation(token); 272806801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker int32_t rc; 272940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!dev->abort) { 273006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 273106801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker } else { 273206801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker rc = dev->abort(dev, handle); 273340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 273406801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker mAuthTokenTable.MarkCompleted(handle); 273540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (rc) { 273640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return rc; 273740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 273840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return ::NO_ERROR; 27399899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 27409899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 27412ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker bool isOperationAuthorized(const sp<IBinder>& token) { 27422ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker const keymaster1_device_t* dev; 27432ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker keymaster_operation_handle_t handle; 2744ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker const keymaster_key_characteristics_t* characteristics; 2745ad6514ab7a57504aa3b04bcc383f60940b923710Chad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, &characteristics)) { 27462ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker return false; 27472ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 27480cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t* authToken = NULL; 27490cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker mOperationMap.getOperationAuthToken(token, &authToken); 275006801e0a7ccabbe8f22cff29b7edb7c7d02d7692Chad Brubaker std::vector<keymaster_key_param_t> ignored; 27510cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t authResult = addOperationAuthTokenIfNeeded(token, &ignored); 27520cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return authResult == ::NO_ERROR; 27532ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 27542ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker 2755d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker int32_t addAuthToken(const uint8_t* token, size_t length) { 27569489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(P_ADD_AUTH)) { 27579489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker ALOGW("addAuthToken: permission denied for %d", 27589489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker IPCThreadState::self()->getCallingUid()); 2759d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return ::PERMISSION_DENIED; 2760d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker } 2761d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker if (length != sizeof(hw_auth_token_t)) { 2762d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return KM_ERROR_INVALID_ARGUMENT; 2763d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker } 2764d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker hw_auth_token_t* authToken = new hw_auth_token_t; 2765d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker memcpy(reinterpret_cast<void*>(authToken), token, sizeof(hw_auth_token_t)); 2766d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker // The table takes ownership of authToken. 2767d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker mAuthTokenTable.AddAuthenticationToken(authToken); 2768d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return ::NO_ERROR; 27692ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 27702ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker 277107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootprivate: 27729489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker static const int32_t UID_SELF = -1; 27739489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 27749489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 27759489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Get the effective target uid for a binder operation that takes an 27769489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * optional uid as the target. 27779489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 27789489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline uid_t getEffectiveUid(int32_t targetUid) { 27799489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (targetUid == UID_SELF) { 27809489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return IPCThreadState::self()->getCallingUid(); 27819489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 27829489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return static_cast<uid_t>(targetUid); 27839489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 27849489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 27859489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 27869489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Check if the caller of the current binder method has the required 27879489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * permission and if acting on other uids the grants to do so. 27889489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 27899489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF) { 27909489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 27919489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker pid_t spid = IPCThreadState::self()->getCallingPid(); 27929489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!has_permission(callingUid, permission, spid)) { 27939489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid); 27949489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return false; 27959489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 27969489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!is_granted_to(callingUid, getEffectiveUid(targetUid))) { 27979489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker ALOGW("uid %d not granted to act for %d", callingUid, targetUid); 27989489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return false; 27999489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28009489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return true; 28019489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28029489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28039489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 28049489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Check if the caller of the current binder method has the required 2805b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker * permission and the target uid is the caller or the caller is system. 2806b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker */ 2807b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker inline bool checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid) { 2808b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2809b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker pid_t spid = IPCThreadState::self()->getCallingPid(); 2810b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker if (!has_permission(callingUid, permission, spid)) { 2811b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid); 2812b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker return false; 2813b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker } 2814b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker return getEffectiveUid(targetUid) == callingUid || callingUid == AID_SYSTEM; 2815b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker } 2816b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker 2817b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker /** 2818b37a52337f001f8a43f7cbb64203dba78560ee6bChad Brubaker * Check if the caller of the current binder method has the required 28199489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * permission or the target of the operation is the caller's uid. This is 28209489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * for operation where the permission is only for cross-uid activity and all 28219489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * uids are allowed to act on their own (ie: clearing all entries for a 28229489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * given uid). 28239489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 28249489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid) { 28259489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 28269489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (getEffectiveUid(targetUid) == callingUid) { 28279489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return true; 28289489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } else { 28299489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return checkBinderPermission(permission, targetUid); 28309489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28319489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28329489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28339489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker /** 28349489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Helper method to check that the caller has the required permission as 28359489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * well as the keystore is in the unlocked state if checkUnlocked is true. 28369489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * 28379489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and 28389489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * otherwise the state of keystore when not unlocked and checkUnlocked is 28399489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker * true. 28409489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker */ 28419489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker inline int32_t checkBinderPermissionAndKeystoreState(perm_t permission, int32_t targetUid = -1, 28429489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker bool checkUnlocked = true) { 28439489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (!checkBinderPermission(permission, targetUid)) { 28449489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return ::PERMISSION_DENIED; 28459489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28469489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker State state = mKeyStore->getState(getEffectiveUid(targetUid)); 28479489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker if (checkUnlocked && !isKeystoreUnlocked(state)) { 28489489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return state; 28499489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28509489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28519489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker return ::NO_ERROR; 28529489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28539489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker } 28549489b7905acfb27a99dd505364a715f4cf2ab5e6Chad Brubaker 28559d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root inline bool isKeystoreUnlocked(State state) { 28569d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root switch (state) { 28579d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_NO_ERROR: 28589d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return true; 28599d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_UNINITIALIZED: 28609d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_LOCKED: 28619d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return false; 28629d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root } 28639d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return false; 2864a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 286507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 286667d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker bool isKeyTypeSupported(const keymaster1_device_t* device, keymaster_keypair_t keyType) { 28671d448c074a86ef5d05a22fdf1358718976628a86Kenny Root const int32_t device_api = device->common.module->module_api_version; 28681d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (device_api == KEYMASTER_MODULE_API_VERSION_0_2) { 28691d448c074a86ef5d05a22fdf1358718976628a86Kenny Root switch (keyType) { 28701d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_RSA: 28711d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_DSA: 28721d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_EC: 28731d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return true; 28741d448c074a86ef5d05a22fdf1358718976628a86Kenny Root default: 28751d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return false; 28761d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28771d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } else if (device_api >= KEYMASTER_MODULE_API_VERSION_0_3) { 28781d448c074a86ef5d05a22fdf1358718976628a86Kenny Root switch (keyType) { 28791d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_RSA: 28801d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return true; 28811d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_DSA: 28821d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return device->flags & KEYMASTER_SUPPORTS_DSA; 28831d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_EC: 28841d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return device->flags & KEYMASTER_SUPPORTS_EC; 28851d448c074a86ef5d05a22fdf1358718976628a86Kenny Root default: 28861d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return false; 28871d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28881d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } else { 28891d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return keyType == TYPE_RSA; 28901d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28911d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28921d448c074a86ef5d05a22fdf1358718976628a86Kenny Root 28930cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker /** 28940cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Check that all keymaster_key_param_t's provided by the application are 28950cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * allowed. Any parameter that keystore adds itself should be disallowed here. 28960cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker */ 28970cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker bool checkAllowedOperationParams(const std::vector<keymaster_key_param_t>& params) { 28980cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker for (auto param: params) { 28990cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker switch (param.tag) { 29000cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case KM_TAG_AUTH_TOKEN: 29010cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return false; 29020cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker default: 29030cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker break; 29040cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29050cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29060cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return true; 29070cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29080cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 29090cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_error_t getOperationCharacteristics(const keymaster_key_blob_t& key, 29100cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const keymaster1_device_t* dev, 29110cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const std::vector<keymaster_key_param_t>& params, 29120cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_key_characteristics_t* out) { 29130cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker UniquePtr<keymaster_blob_t> appId; 29140cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker UniquePtr<keymaster_blob_t> appData; 29150cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker for (auto param : params) { 29160cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (param.tag == KM_TAG_APPLICATION_ID) { 29170cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appId.reset(new keymaster_blob_t); 29180cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appId->data = param.blob.data; 29190cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appId->data_length = param.blob.data_length; 29200cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } else if (param.tag == KM_TAG_APPLICATION_DATA) { 29210cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appData.reset(new keymaster_blob_t); 29220cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appData->data = param.blob.data; 29230cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appData->data_length = param.blob.data_length; 29240cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29250cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29260cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_key_characteristics_t* result = NULL; 29270cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!dev->get_key_characteristics) { 29280cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return KM_ERROR_UNIMPLEMENTED; 29290cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29300cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_error_t error = dev->get_key_characteristics(dev, &key, appId.get(), 29310cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker appData.get(), &result); 29320cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (result) { 29330cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker *out = *result; 29340cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker free(result); 29350cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29360cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return error; 29370cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29380cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 29390cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker /** 29400cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Get the auth token for this operation from the auth token table. 29410cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * 29420cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Returns ::NO_ERROR if the auth token was set or none was required. 29430cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * ::OP_AUTH_NEEDED if it is a per op authorization, no 29440cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * authorization token exists for that operation and 29450cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * failOnTokenMissing is false. 29460cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth 29470cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * token for the operation 29480cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker */ 29490cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t getAuthToken(const keymaster_key_characteristics_t* characteristics, 29500cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_operation_handle_t handle, 29510cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t** authToken, 29520cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker bool failOnTokenMissing = true) { 29530cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 29540cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker std::vector<keymaster_key_param_t> allCharacteristics; 29550cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker for (size_t i = 0; i < characteristics->sw_enforced.length; i++) { 29560cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker allCharacteristics.push_back(characteristics->sw_enforced.params[i]); 29570cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29580cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker for (size_t i = 0; i < characteristics->hw_enforced.length; i++) { 29590cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker allCharacteristics.push_back(characteristics->hw_enforced.params[i]); 29600cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29610cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster::AuthTokenTable::Error err = 29620cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker mAuthTokenTable.FindAuthorization(allCharacteristics.data(), 29630cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker allCharacteristics.size(), handle, authToken); 29640cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker switch (err) { 29650cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::OK: 29660cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::AUTH_NOT_REQUIRED: 29670cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return ::NO_ERROR; 29680cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::AUTH_TOKEN_NOT_FOUND: 29690cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::AUTH_TOKEN_EXPIRED: 29700cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::AUTH_TOKEN_WRONG_SID: 29710cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return KM_ERROR_KEY_USER_NOT_AUTHENTICATED; 29720cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker case keymaster::AuthTokenTable::OP_HANDLE_REQUIRED: 29730cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return failOnTokenMissing ? (int32_t) KM_ERROR_KEY_USER_NOT_AUTHENTICATED : 29740cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker (int32_t) ::OP_AUTH_NEEDED; 29750cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker default: 29760cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker ALOGE("Unexpected FindAuthorization return value %d", err); 29770cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return KM_ERROR_INVALID_ARGUMENT; 29780cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29790cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29800cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 29810cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker inline void addAuthToParams(std::vector<keymaster_key_param_t>* params, 29820cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t* token) { 29830cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (token) { 29840cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker params->push_back(keymaster_param_blob(KM_TAG_AUTH_TOKEN, 29850cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker reinterpret_cast<const uint8_t*>(token), 29860cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker sizeof(hw_auth_token_t))); 29870cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29880cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 29890cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 29900cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker /** 29910cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Add the auth token for the operation to the param list if the operation 29920cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * requires authorization. Uses the cached result in the OperationMap if available 29930cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * otherwise gets the token from the AuthTokenTable and caches the result. 29940cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * 29950cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * Returns ::NO_ERROR if the auth token was added or not needed. 29960cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if the operation is not 29970cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * authenticated. 29980cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * KM_ERROR_INVALID_OPERATION_HANDLE if token is not a valid 29990cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker * operation token. 30000cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker */ 30010cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t addOperationAuthTokenIfNeeded(sp<IBinder> token, 30020cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker std::vector<keymaster_key_param_t>* params) { 30030cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const hw_auth_token_t* authToken = NULL; 30047169a8470f6539036addf3c960b075af224e83e2Chad Brubaker mOperationMap.getOperationAuthToken(token, &authToken); 30057169a8470f6539036addf3c960b075af224e83e2Chad Brubaker if (!authToken) { 30060cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const keymaster1_device_t* dev; 30070cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker keymaster_operation_handle_t handle; 30080cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker const keymaster_key_characteristics_t* characteristics = NULL; 30090cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev, &characteristics)) { 30100cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return KM_ERROR_INVALID_OPERATION_HANDLE; 30110cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 30120cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker int32_t result = getAuthToken(characteristics, handle, &authToken); 30130cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (result != ::NO_ERROR) { 30140cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return result; 30150cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 30160cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker if (authToken) { 30170cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker mOperationMap.setOperationAuthToken(token, authToken); 30180cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 30190cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 30200cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker addAuthToParams(params, authToken); 30210cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker return ::NO_ERROR; 30220cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker } 30230cf34a249c008743cf2e2371743a89f86aa4b03cChad Brubaker 302407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ::KeyStore* mKeyStore; 302540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker OperationMap mOperationMap; 3026d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker keymaster::AuthTokenTable mAuthTokenTable; 302707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 302807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 302907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; // namespace android 3030a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 3031a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootint main(int argc, char* argv[]) { 3032a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (argc < 2) { 3033a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("A directory must be specified!"); 3034a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 3035a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 3036a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (chdir(argv[1]) == -1) { 3037a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("chdir: %s: %s", argv[1], strerror(errno)); 3038a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 3039a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 3040a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 3041a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Entropy entropy; 3042a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!entropy.open()) { 3043a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 3044a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 304570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 304680843db63ed6b61c953a1243801117a15c9e8c38Shawn Willden keymaster0_device_t* dev; 304770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (keymaster_device_initialize(&dev)) { 304870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("keystore keymaster could not be initialized; exiting"); 304970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return 1; 305070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 305170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 305267d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker keymaster1_device_t* fallback; 3053fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker if (fallback_keymaster_device_initialize(&fallback)) { 3054fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker ALOGE("software keymaster could not be initialized; exiting"); 3055fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return 1; 3056fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 3057fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 3058eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ks_is_selinux_enabled = is_selinux_enabled(); 3059eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (ks_is_selinux_enabled) { 3060eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn union selinux_callback cb; 3061eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn cb.func_log = selinux_log_callback; 3062eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn selinux_set_callback(SELINUX_CB_LOG, cb); 3063eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (getcon(&tctx) != 0) { 3064eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("SELinux: Could not acquire target context. Aborting keystore.\n"); 3065eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return -1; 3066eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 3067eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } else { 3068eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGI("SELinux: Keystore SELinux is disabled.\n"); 3069eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 3070eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 307167d2a5029e8c25c5ee448e3bbd245cdcebe6abd3Chad Brubaker KeyStore keyStore(&entropy, reinterpret_cast<keymaster1_device_t*>(dev), fallback); 3072655b958eb2180c7c06889f83f606d23421bf038cKenny Root keyStore.initialize(); 307307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::sp<android::IServiceManager> sm = android::defaultServiceManager(); 307407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::sp<android::KeyStoreProxy> proxy = new android::KeyStoreProxy(&keyStore); 307507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::status_t ret = sm->addService(android::String16("android.security.keystore"), proxy); 307607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (ret != android::OK) { 307707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("Couldn't register binder service!"); 307807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return -1; 3079a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 308070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 308107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 308207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * We're the only thread in existence, so we're just going to process 308307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Binder transaction as a single-threaded program. 308407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 308507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::IPCThreadState::self()->joinThreadPool(); 308670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 308707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_device_release(dev); 3088a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 3089a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 3090