keystore.cpp revision 9c8612c88dc03dc52d85e7a482453e04e7e3e2a2
1a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* 2a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Copyright (C) 2009 The Android Open Source Project 3a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 4a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Licensed under the Apache License, Version 2.0 (the "License"); 5a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * you may not use this file except in compliance with the License. 6a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * You may obtain a copy of the License at 7a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 8a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * http://www.apache.org/licenses/LICENSE-2.0 9a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 10a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Unless required by applicable law or agreed to in writing, software 11a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * distributed under the License is distributed on an "AS IS" BASIS, 12a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * See the License for the specific language governing permissions and 14a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * limitations under the License. 15a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root */ 16a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root//#define LOG_NDEBUG 0 1807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#define LOG_TAG "keystore" 1907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 20a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <stdio.h> 21a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <stdint.h> 22a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <string.h> 23aaf9802da6cea710e0777abb852724e1825cad63Elliott Hughes#include <strings.h> 24a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <unistd.h> 25a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <signal.h> 26a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <errno.h> 27a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <dirent.h> 28655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <errno.h> 29a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <fcntl.h> 30a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <limits.h> 31822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <assert.h> 32a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/types.h> 33a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/socket.h> 34a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/stat.h> 35a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/time.h> 36a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <arpa/inet.h> 37a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 38a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/aes.h> 39822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <openssl/bio.h> 40a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/evp.h> 41a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/md5.h> 42822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <openssl/pem.h> 43a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 44a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willden#include <hardware/keymaster0.h> 4570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 4617208e0de5a42722901d803118745cca25fd10c1Kenny Root#include <keymaster/softkeymaster.h> 47919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker#include <keymaster/soft_keymaster_device.h> 4817208e0de5a42722901d803118745cca25fd10c1Kenny Root 4926cfc08add3966eca5892e3387cf5ed6dc3068fbKenny Root#include <UniquePtr.h> 50655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <utils/String8.h> 51655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <utils/Vector.h> 5270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 5307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <keystore/IKeystoreService.h> 5407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <binder/IPCThreadState.h> 5507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <binder/IServiceManager.h> 5607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 57a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <cutils/log.h> 58a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <cutils/sockets.h> 59a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <private/android_filesystem_config.h> 60a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 6107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <keystore/keystore.h> 62a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 63eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn#include <selinux/android.h> 64eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 6596427baf0094d50047049d329b0779c3c910402cKenny Root#include "defaults.h" 6696427baf0094d50047049d329b0779c3c910402cKenny Root 67a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* KeyStore is a secured storage for key-value pairs. In this implementation, 68a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * each file stores one key-value pair. Keys are encoded in file names, and 69a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * values are encrypted with checksums. The encryption key is protected by a 70a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * user-defined password. To keep things simple, buffers are always larger than 71a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * the maximum space we needed, so boundary checks on buffers are omitted. */ 72a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 73a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define KEY_SIZE ((NAME_MAX - 15) / 2) 74a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define VALUE_SIZE 32768 75a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define PASSWORD_SIZE VALUE_SIZE 76a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 77822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 7896427baf0094d50047049d329b0779c3c910402cKenny Rootstruct BIGNUM_Delete { 7996427baf0094d50047049d329b0779c3c910402cKenny Root void operator()(BIGNUM* p) const { 8096427baf0094d50047049d329b0779c3c910402cKenny Root BN_free(p); 8196427baf0094d50047049d329b0779c3c910402cKenny Root } 8296427baf0094d50047049d329b0779c3c910402cKenny Root}; 8396427baf0094d50047049d329b0779c3c910402cKenny Roottypedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; 8496427baf0094d50047049d329b0779c3c910402cKenny Root 85822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct BIO_Delete { 86822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(BIO* p) const { 87822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root BIO_free(p); 88822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 89822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 90822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<BIO, BIO_Delete> Unique_BIO; 91822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 92822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct EVP_PKEY_Delete { 93822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(EVP_PKEY* p) const { 94822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root EVP_PKEY_free(p); 95822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 96822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 97822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; 98822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 99822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct PKCS8_PRIV_KEY_INFO_Delete { 100822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(PKCS8_PRIV_KEY_INFO* p) const { 101822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root PKCS8_PRIV_KEY_INFO_free(p); 102822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 103822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 104822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; 105822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 106822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 107a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willdenstatic int keymaster_device_initialize(keymaster0_device_t** dev) { 10870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root int rc; 10970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 11070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root const hw_module_t* mod; 11170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod); 11270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (rc) { 11370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("could not find any keystore module"); 11470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root goto out; 11570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 11670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 117a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willden rc = keymaster0_open(mod, dev); 11870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (rc) { 11970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("could not open keymaster device in %s (%s)", 12070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc)); 12170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root goto out; 12270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 12370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 12470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return 0; 12570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 12670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Rootout: 12770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root *dev = NULL; 12870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return rc; 12970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 13070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 131919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubakerstatic int fallback_keymaster_device_initialize(keymaster1_device_t** dev) { 132919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster::SoftKeymasterDevice* softkeymaster = 133919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker new keymaster::SoftKeymasterDevice(); 134919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker // SoftKeymasterDevice is designed to make this cast safe. 135919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker *dev = reinterpret_cast<keymaster1_device_t*>(softkeymaster); 136fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return 0; 137fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker} 138fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 139a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willdenstatic void keymaster_device_release(keymaster0_device_t* dev) { 140a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willden keymaster0_close(dev); 14170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 14270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 14307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/*************** 14407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * PERMISSIONS * 14507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ***************/ 14607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 14707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/* Here are the permissions, actions, users, and the main function. */ 14807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Roottypedef enum { 1494e865753346fc6a075966972a7a98051818859dbRobin Lee P_TEST = 1 << 0, 1504e865753346fc6a075966972a7a98051818859dbRobin Lee P_GET = 1 << 1, 1514e865753346fc6a075966972a7a98051818859dbRobin Lee P_INSERT = 1 << 2, 1524e865753346fc6a075966972a7a98051818859dbRobin Lee P_DELETE = 1 << 3, 1534e865753346fc6a075966972a7a98051818859dbRobin Lee P_EXIST = 1 << 4, 1544e865753346fc6a075966972a7a98051818859dbRobin Lee P_SAW = 1 << 5, 1554e865753346fc6a075966972a7a98051818859dbRobin Lee P_RESET = 1 << 6, 1564e865753346fc6a075966972a7a98051818859dbRobin Lee P_PASSWORD = 1 << 7, 1574e865753346fc6a075966972a7a98051818859dbRobin Lee P_LOCK = 1 << 8, 1584e865753346fc6a075966972a7a98051818859dbRobin Lee P_UNLOCK = 1 << 9, 1594e865753346fc6a075966972a7a98051818859dbRobin Lee P_ZERO = 1 << 10, 1604e865753346fc6a075966972a7a98051818859dbRobin Lee P_SIGN = 1 << 11, 1614e865753346fc6a075966972a7a98051818859dbRobin Lee P_VERIFY = 1 << 12, 1624e865753346fc6a075966972a7a98051818859dbRobin Lee P_GRANT = 1 << 13, 1634e865753346fc6a075966972a7a98051818859dbRobin Lee P_DUPLICATE = 1 << 14, 1644e865753346fc6a075966972a7a98051818859dbRobin Lee P_CLEAR_UID = 1 << 15, 1654e865753346fc6a075966972a7a98051818859dbRobin Lee P_RESET_UID = 1 << 16, 1664e865753346fc6a075966972a7a98051818859dbRobin Lee P_SYNC_UID = 1 << 17, 1674e865753346fc6a075966972a7a98051818859dbRobin Lee P_PASSWORD_UID = 1 << 18, 16807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} perm_t; 16907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 17007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic struct user_euid { 17107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t uid; 17207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t euid; 17307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} user_euids[] = { 17407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_VPN, AID_SYSTEM}, 17507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_WIFI, AID_SYSTEM}, 17607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_ROOT, AID_SYSTEM}, 17707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 17807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 179eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn/* perm_labels associcated with keystore_key SELinux class verbs. */ 180eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnconst char *perm_labels[] = { 181eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "test", 182eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "get", 183eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "insert", 184eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "delete", 185eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "exist", 186eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "saw", 187eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "reset", 188eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "password", 189eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "lock", 190eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "unlock", 191eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "zero", 192eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "sign", 193eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "verify", 194eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "grant", 195eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "duplicate", 1964e865753346fc6a075966972a7a98051818859dbRobin Lee "clear_uid", 1974e865753346fc6a075966972a7a98051818859dbRobin Lee "reset_uid", 1984e865753346fc6a075966972a7a98051818859dbRobin Lee "sync_uid", 1994e865753346fc6a075966972a7a98051818859dbRobin Lee "password_uid", 200eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn}; 201eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 20207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic struct user_perm { 20307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t uid; 20407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root perm_t perms; 20507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} user_perms[] = { 20607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_SYSTEM, static_cast<perm_t>((uint32_t)(~0)) }, 20707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_VPN, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY) }, 20807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_WIFI, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY) }, 20907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_ROOT, static_cast<perm_t>(P_GET) }, 21007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 21107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 21207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic const perm_t DEFAULT_PERMS = static_cast<perm_t>(P_TEST | P_GET | P_INSERT | P_DELETE | P_EXIST | P_SAW | P_SIGN 21307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root | P_VERIFY); 21407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 215eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic char *tctx; 216eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic int ks_is_selinux_enabled; 217eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 218eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic const char *get_perm_label(perm_t perm) { 219eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn unsigned int index = ffs(perm); 220eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (index > 0 && index <= (sizeof(perm_labels) / sizeof(perm_labels[0]))) { 221eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return perm_labels[index - 1]; 222eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } else { 223eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("Keystore: Failed to retrieve permission label.\n"); 224eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn abort(); 225eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 226eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn} 227eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 228655b958eb2180c7c06889f83f606d23421bf038cKenny Root/** 229655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns the app ID (in the Android multi-user sense) for the current 230655b958eb2180c7c06889f83f606d23421bf038cKenny Root * UNIX UID. 231655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 232655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic uid_t get_app_id(uid_t uid) { 233655b958eb2180c7c06889f83f606d23421bf038cKenny Root return uid % AID_USER; 234655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 235655b958eb2180c7c06889f83f606d23421bf038cKenny Root 236655b958eb2180c7c06889f83f606d23421bf038cKenny Root/** 237655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns the user ID (in the Android multi-user sense) for the current 238655b958eb2180c7c06889f83f606d23421bf038cKenny Root * UNIX UID. 239655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 240655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic uid_t get_user_id(uid_t uid) { 241655b958eb2180c7c06889f83f606d23421bf038cKenny Root return uid / AID_USER; 242655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 243655b958eb2180c7c06889f83f606d23421bf038cKenny Root 244a25b2a397fff48dea7bce16af2065e6f5f043956Chih-Hung Hsiehstatic bool keystore_selinux_check_access(uid_t /*uid*/, perm_t perm, pid_t spid) { 245eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!ks_is_selinux_enabled) { 246eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return true; 247eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 248eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 249eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn char *sctx = NULL; 250eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn const char *selinux_class = "keystore_key"; 251eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn const char *str_perm = get_perm_label(perm); 252eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 253eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!str_perm) { 254eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return false; 255eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 256eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 257eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (getpidcon(spid, &sctx) != 0) { 258eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("SELinux: Failed to get source pid context.\n"); 259eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return false; 260eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 26166dbf67dd65b4808a15ef64f0ffde1275bdd58a9Nick Kralevich 262eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn bool allowed = selinux_check_access(sctx, tctx, selinux_class, str_perm, 263eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn NULL) == 0; 264eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn freecon(sctx); 265eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return allowed; 266eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn} 267eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 268eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic bool has_permission(uid_t uid, perm_t perm, pid_t spid) { 269655b958eb2180c7c06889f83f606d23421bf038cKenny Root // All system users are equivalent for multi-user support. 270655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (get_app_id(uid) == AID_SYSTEM) { 271655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid = AID_SYSTEM; 272655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 273655b958eb2180c7c06889f83f606d23421bf038cKenny Root 27407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (size_t i = 0; i < sizeof(user_perms)/sizeof(user_perms[0]); i++) { 27507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct user_perm user = user_perms[i]; 27607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (user.uid == uid) { 277eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return (user.perms & perm) && 278eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn keystore_selinux_check_access(uid, perm, spid); 27907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 28007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 28107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 282eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return (DEFAULT_PERMS & perm) && 283eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn keystore_selinux_check_access(uid, perm, spid); 28407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 28507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 286494689083467ec372a58f094f041c8f102f39393Kenny Root/** 287494689083467ec372a58f094f041c8f102f39393Kenny Root * Returns the UID that the callingUid should act as. This is here for 288494689083467ec372a58f094f041c8f102f39393Kenny Root * legacy support of the WiFi and VPN systems and should be removed 289494689083467ec372a58f094f041c8f102f39393Kenny Root * when WiFi can operate in its own namespace. 290494689083467ec372a58f094f041c8f102f39393Kenny Root */ 29107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic uid_t get_keystore_euid(uid_t uid) { 29207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (size_t i = 0; i < sizeof(user_euids)/sizeof(user_euids[0]); i++) { 29307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct user_euid user = user_euids[i]; 29407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (user.uid == uid) { 29507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return user.euid; 29607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 29707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 29807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 29907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return uid; 30007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 30107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 302494689083467ec372a58f094f041c8f102f39393Kenny Root/** 303494689083467ec372a58f094f041c8f102f39393Kenny Root * Returns true if the callingUid is allowed to interact in the targetUid's 304494689083467ec372a58f094f041c8f102f39393Kenny Root * namespace. 305494689083467ec372a58f094f041c8f102f39393Kenny Root */ 306494689083467ec372a58f094f041c8f102f39393Kenny Rootstatic bool is_granted_to(uid_t callingUid, uid_t targetUid) { 307494689083467ec372a58f094f041c8f102f39393Kenny Root for (size_t i = 0; i < sizeof(user_euids)/sizeof(user_euids[0]); i++) { 308494689083467ec372a58f094f041c8f102f39393Kenny Root struct user_euid user = user_euids[i]; 309494689083467ec372a58f094f041c8f102f39393Kenny Root if (user.euid == callingUid && user.uid == targetUid) { 310494689083467ec372a58f094f041c8f102f39393Kenny Root return true; 311494689083467ec372a58f094f041c8f102f39393Kenny Root } 312494689083467ec372a58f094f041c8f102f39393Kenny Root } 313494689083467ec372a58f094f041c8f102f39393Kenny Root 314494689083467ec372a58f094f041c8f102f39393Kenny Root return false; 315494689083467ec372a58f094f041c8f102f39393Kenny Root} 316494689083467ec372a58f094f041c8f102f39393Kenny Root 317007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root/** 318007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root * Allow the system to perform some privileged tasks that have to do with 319007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root * system maintenance. This should not be used for any function that uses 320007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root * the keys in any way (e.g., signing). 321007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root */ 322007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Rootstatic bool is_self_or_system(uid_t callingUid, uid_t targetUid) { 323007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root return callingUid == targetUid || callingUid == AID_SYSTEM; 324007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root} 325007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root 326a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* Here is the encoding of keys. This is necessary in order to allow arbitrary 327a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * characters in keys. Characters in [0-~] are not encoded. Others are encoded 328a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * into two bytes. The first byte is one of [+-.] which represents the first 329a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * two bits of the character. The second byte encodes the rest of the bits into 330a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * [0-o]. Therefore in the worst case the length of a key gets doubled. Note 331a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * that Base64 cannot be used here due to the need of prefix match on keys. */ 332a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 333655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic size_t encode_key_length(const android::String8& keyName) { 334655b958eb2180c7c06889f83f606d23421bf038cKenny Root const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string()); 335655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t length = keyName.length(); 336655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (int i = length; i > 0; --i, ++in) { 337655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (*in < '0' || *in > '~') { 338655b958eb2180c7c06889f83f606d23421bf038cKenny Root ++length; 339655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 340655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 341655b958eb2180c7c06889f83f606d23421bf038cKenny Root return length; 342655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 343655b958eb2180c7c06889f83f606d23421bf038cKenny Root 34407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic int encode_key(char* out, const android::String8& keyName) { 34507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string()); 34607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t length = keyName.length(); 347a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root for (int i = length; i > 0; --i, ++in, ++out) { 348655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (*in < '0' || *in > '~') { 349a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '+' + (*in >> 6); 350a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *++out = '0' + (*in & 0x3F); 351a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ++length; 352655b958eb2180c7c06889f83f606d23421bf038cKenny Root } else { 353655b958eb2180c7c06889f83f606d23421bf038cKenny Root *out = *in; 354a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 355a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 356a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '\0'; 35770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return length; 35870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 35970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 36007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/* 36107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Converts from the "escaped" format on disk to actual name. 36207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * This will be smaller than the input string. 36307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * 36407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Characters that should combine with the next at the end will be truncated. 36507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 36607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic size_t decode_key_length(const char* in, size_t length) { 36707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t outLength = 0; 36807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 36907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (const char* end = in + length; in < end; in++) { 37007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* This combines with the next character. */ 37107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (*in < '0' || *in > '~') { 37207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root continue; 37307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 37407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 37507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root outLength++; 37607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 37707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return outLength; 37807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 37907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 38007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic void decode_key(char* out, const char* in, size_t length) { 38107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (const char* end = in + length; in < end; in++) { 38207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (*in < '0' || *in > '~') { 38307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* Truncate combining characters at the end. */ 38407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (in + 1 >= end) { 38507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root break; 38607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 38707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 38807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out = (*in++ - '+') << 6; 38907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out++ |= (*in - '0') & 0x3F; 390a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 39107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out++ = *in; 392a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 393a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 394a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '\0'; 395a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 396a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 397a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstatic size_t readFully(int fd, uint8_t* data, size_t size) { 398a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t remaining = size; 399a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while (remaining > 0) { 400150ca934edb745de3666a6492b039900df228ff0Kenny Root ssize_t n = TEMP_FAILURE_RETRY(read(fd, data, remaining)); 4015281edbc9445065479e92a6c86da462f3943c2caKenny Root if (n <= 0) { 402150ca934edb745de3666a6492b039900df228ff0Kenny Root return size - remaining; 403a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 404a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root data += n; 405a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root remaining -= n; 406a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 407a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return size; 408a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 409a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 410a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstatic size_t writeFully(int fd, uint8_t* data, size_t size) { 411a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t remaining = size; 412a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while (remaining > 0) { 413150ca934edb745de3666a6492b039900df228ff0Kenny Root ssize_t n = TEMP_FAILURE_RETRY(write(fd, data, remaining)); 414150ca934edb745de3666a6492b039900df228ff0Kenny Root if (n < 0) { 415150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("write failed: %s", strerror(errno)); 416150ca934edb745de3666a6492b039900df228ff0Kenny Root return size - remaining; 417a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 418a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root data += n; 419a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root remaining -= n; 420a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 421a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return size; 422a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 423a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 424a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootclass Entropy { 425a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootpublic: 426a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Entropy() : mRandom(-1) {} 427a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ~Entropy() { 428150ca934edb745de3666a6492b039900df228ff0Kenny Root if (mRandom >= 0) { 429a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root close(mRandom); 430a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 431a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 432a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 433a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root bool open() { 434a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root const char* randomDevice = "/dev/urandom"; 435150ca934edb745de3666a6492b039900df228ff0Kenny Root mRandom = TEMP_FAILURE_RETRY(::open(randomDevice, O_RDONLY)); 436150ca934edb745de3666a6492b039900df228ff0Kenny Root if (mRandom < 0) { 437a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("open: %s: %s", randomDevice, strerror(errno)); 438a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return false; 439a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 440a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 441a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 442a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 4435187818895c4c5f650a611c40531b1dff7764c18Kenny Root bool generate_random_data(uint8_t* data, size_t size) const { 444a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return (readFully(mRandom, data, size) == size); 445a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 446a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 447a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootprivate: 448a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root int mRandom; 449a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 450a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 451a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* Here is the file format. There are two parts in blob.value, the secret and 452a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * the description. The secret is stored in ciphertext, and its original size 453a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * can be found in blob.length. The description is stored after the secret in 454a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * plaintext, and its size is specified in blob.info. The total size of the two 455822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * parts must be no more than VALUE_SIZE bytes. The first field is the version, 456f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root * the second is the blob's type, and the third byte is flags. Fields other 457a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * than blob.info, blob.length, and blob.value are modified by encryptBlob() 458a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * and decryptBlob(). Thus they should not be accessed from outside. */ 459a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 460822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root/* ** Note to future implementors of encryption: ** 461822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Currently this is the construction: 462822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * metadata || Enc(MD5(data) || data) 463822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 464822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * This should be the construction used for encrypting if re-implementing: 465822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 466822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Derive independent keys for encryption and MAC: 467822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Kenc = AES_encrypt(masterKey, "Encrypt") 468822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Kmac = AES_encrypt(masterKey, "MAC") 469822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 470822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Store this: 471822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * metadata || AES_CTR_encrypt(Kenc, rand_IV, data) || 472822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * HMAC(Kmac, metadata || Enc(data)) 473822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 474a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstruct __attribute__((packed)) blob { 475822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t version; 476822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t type; 477f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t flags; 478a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t info; 479a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t vector[AES_BLOCK_SIZE]; 480822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t encrypted[0]; // Marks offset to encrypted data. 481a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t digest[MD5_DIGEST_LENGTH]; 482822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t digested[0]; // Marks offset to digested data. 483a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root int32_t length; // in network byte order when encrypted 484a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t value[VALUE_SIZE + AES_BLOCK_SIZE]; 485a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 486a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 487822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef enum { 488d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root TYPE_ANY = 0, // meta type that matches anything 489822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_GENERIC = 1, 490822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_MASTER_KEY = 2, 491822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_KEY_PAIR = 3, 492822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root} BlobType; 493822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 494f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Rootstatic const uint8_t CURRENT_BLOB_VERSION = 2; 495822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 496a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootclass Blob { 497a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootpublic: 49807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob(const uint8_t* value, int32_t valueLength, const uint8_t* info, uint8_t infoLength, 49907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root BlobType type) { 500a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = valueLength; 501a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mBlob.value, value, valueLength); 502a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 503a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.info = infoLength; 504a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mBlob.value + valueLength, info, infoLength); 505822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 50607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root mBlob.version = CURRENT_BLOB_VERSION; 507822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.type = uint8_t(type); 508f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 509ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root if (type == TYPE_MASTER_KEY) { 510ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root mBlob.flags = KEYSTORE_FLAG_ENCRYPTED; 511ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root } else { 512ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root mBlob.flags = KEYSTORE_FLAG_NONE; 513ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root } 514a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 515a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 516a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob(blob b) { 517a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob = b; 518a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 519a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 520a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob() {} 521a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5225187818895c4c5f650a611c40531b1dff7764c18Kenny Root const uint8_t* getValue() const { 523a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.value; 524a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 525a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5265187818895c4c5f650a611c40531b1dff7764c18Kenny Root int32_t getLength() const { 527a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.length; 528a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 529a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5305187818895c4c5f650a611c40531b1dff7764c18Kenny Root const uint8_t* getInfo() const { 5315187818895c4c5f650a611c40531b1dff7764c18Kenny Root return mBlob.value + mBlob.length; 5325187818895c4c5f650a611c40531b1dff7764c18Kenny Root } 5335187818895c4c5f650a611c40531b1dff7764c18Kenny Root 5345187818895c4c5f650a611c40531b1dff7764c18Kenny Root uint8_t getInfoLength() const { 535a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.info; 536a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 537a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 538822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t getVersion() const { 539822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return mBlob.version; 540822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 541822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 542f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root bool isEncrypted() const { 543f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (mBlob.version < 2) { 544f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return true; 545f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 546f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 547f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return mBlob.flags & KEYSTORE_FLAG_ENCRYPTED; 548f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 549f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 550f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root void setEncrypted(bool encrypted) { 551f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encrypted) { 552f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.flags |= KEYSTORE_FLAG_ENCRYPTED; 553f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } else { 554f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.flags &= ~KEYSTORE_FLAG_ENCRYPTED; 555f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 556f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 557f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 55817208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback() const { 55917208e0de5a42722901d803118745cca25fd10c1Kenny Root return mBlob.flags & KEYSTORE_FLAG_FALLBACK; 56017208e0de5a42722901d803118745cca25fd10c1Kenny Root } 56117208e0de5a42722901d803118745cca25fd10c1Kenny Root 56217208e0de5a42722901d803118745cca25fd10c1Kenny Root void setFallback(bool fallback) { 56317208e0de5a42722901d803118745cca25fd10c1Kenny Root if (fallback) { 56417208e0de5a42722901d803118745cca25fd10c1Kenny Root mBlob.flags |= KEYSTORE_FLAG_FALLBACK; 56517208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 56617208e0de5a42722901d803118745cca25fd10c1Kenny Root mBlob.flags &= ~KEYSTORE_FLAG_FALLBACK; 56717208e0de5a42722901d803118745cca25fd10c1Kenny Root } 56817208e0de5a42722901d803118745cca25fd10c1Kenny Root } 56917208e0de5a42722901d803118745cca25fd10c1Kenny Root 570822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void setVersion(uint8_t version) { 571822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.version = version; 572822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 573822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 574822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root BlobType getType() const { 575822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return BlobType(mBlob.type); 576822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 577822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 578822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void setType(BlobType type) { 579822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.type = uint8_t(type); 580822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 581822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 582f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode writeBlob(const char* filename, AES_KEY *aes_key, State state, Entropy* entropy) { 583f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("writing blob %s", filename); 584f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 585f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (state != STATE_NO_ERROR) { 586f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGD("couldn't insert encrypted blob while not unlocked"); 587f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return LOCKED; 588f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 589f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 590f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (!entropy->generate_random_data(mBlob.vector, AES_BLOCK_SIZE)) { 591f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGW("Could not read random data for: %s", filename); 592f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return SYSTEM_ERROR; 593f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 594a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 595a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 596a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // data includes the value and the value's length 597a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t dataLength = mBlob.length + sizeof(mBlob.length); 598a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // pad data to the AES_BLOCK_SIZE 599a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t digestedLength = ((dataLength + AES_BLOCK_SIZE - 1) 600a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root / AES_BLOCK_SIZE * AES_BLOCK_SIZE); 601a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // encrypted data includes the digest value 602a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t encryptedLength = digestedLength + MD5_DIGEST_LENGTH; 603a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // move info after space for padding 604a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memmove(&mBlob.encrypted[encryptedLength], &mBlob.value[mBlob.length], mBlob.info); 605a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // zero padding area 606a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memset(mBlob.value + mBlob.length, 0, digestedLength - dataLength); 607a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 608a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = htonl(mBlob.length); 609a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 610f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 611f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root MD5(mBlob.digested, digestedLength, mBlob.digest); 612f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 613f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t vector[AES_BLOCK_SIZE]; 614f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root memcpy(vector, mBlob.vector, AES_BLOCK_SIZE); 615f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, 616f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root aes_key, vector, AES_ENCRYPT); 617f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 618a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 619a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob); 620a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t fileLength = encryptedLength + headerLength + mBlob.info; 621a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 622a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root const char* tmpFileName = ".tmp"; 623150ca934edb745de3666a6492b039900df228ff0Kenny Root int out = TEMP_FAILURE_RETRY(open(tmpFileName, 624150ca934edb745de3666a6492b039900df228ff0Kenny Root O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); 625150ca934edb745de3666a6492b039900df228ff0Kenny Root if (out < 0) { 626150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("could not open file: %s: %s", tmpFileName, strerror(errno)); 627a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 628a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 629a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t writtenBytes = writeFully(out, (uint8_t*) &mBlob, fileLength); 630a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(out) != 0) { 631a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 632a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 633a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (writtenBytes != fileLength) { 634150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("blob not fully written %zu != %zu", writtenBytes, fileLength); 635a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root unlink(tmpFileName); 636a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 637a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 638150ca934edb745de3666a6492b039900df228ff0Kenny Root if (rename(tmpFileName, filename) == -1) { 639150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("could not rename blob to %s: %s", filename, strerror(errno)); 640150ca934edb745de3666a6492b039900df228ff0Kenny Root return SYSTEM_ERROR; 641150ca934edb745de3666a6492b039900df228ff0Kenny Root } 642150ca934edb745de3666a6492b039900df228ff0Kenny Root return NO_ERROR; 643a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 644a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 645f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode readBlob(const char* filename, AES_KEY *aes_key, State state) { 646f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("reading blob %s", filename); 647150ca934edb745de3666a6492b039900df228ff0Kenny Root int in = TEMP_FAILURE_RETRY(open(filename, O_RDONLY)); 648150ca934edb745de3666a6492b039900df228ff0Kenny Root if (in < 0) { 649a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return (errno == ENOENT) ? KEY_NOT_FOUND : SYSTEM_ERROR; 650a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 651a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // fileLength may be less than sizeof(mBlob) since the in 652a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // memory version has extra padding to tolerate rounding up to 653a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // the AES_BLOCK_SIZE 654a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t fileLength = readFully(in, (uint8_t*) &mBlob, sizeof(mBlob)); 655a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(in) != 0) { 656a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 657a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 658f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 659f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted() && (state != STATE_NO_ERROR)) { 660f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return LOCKED; 661f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 662f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 663a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob); 664a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (fileLength < headerLength) { 665a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 666a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 667a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 668a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ssize_t encryptedLength = fileLength - (headerLength + mBlob.info); 669f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encryptedLength < 0) { 670a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 671a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 672f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 673f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ssize_t digestedLength; 674f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 675f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encryptedLength % AES_BLOCK_SIZE != 0) { 676f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return VALUE_CORRUPTED; 677f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 678f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 679f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, aes_key, 680f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.vector, AES_DECRYPT); 681f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root digestedLength = encryptedLength - MD5_DIGEST_LENGTH; 682f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t computedDigest[MD5_DIGEST_LENGTH]; 683f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root MD5(mBlob.digested, digestedLength, computedDigest); 684f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (memcmp(mBlob.digest, computedDigest, MD5_DIGEST_LENGTH) != 0) { 685f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return VALUE_CORRUPTED; 686f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 687f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } else { 688f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root digestedLength = encryptedLength; 689a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 690a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 691a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ssize_t maxValueLength = digestedLength - sizeof(mBlob.length); 692a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = ntohl(mBlob.length); 693a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mBlob.length < 0 || mBlob.length > maxValueLength) { 694a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 695a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 696a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mBlob.info != 0) { 697a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // move info from after padding to after data 698a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memmove(&mBlob.value[mBlob.length], &mBlob.value[maxValueLength], mBlob.info); 699a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 70007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 701a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 702a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 703a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootprivate: 704a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root struct blob mBlob; 705a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 706a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 707655b958eb2180c7c06889f83f606d23421bf038cKenny Rootclass UserState { 708655b958eb2180c7c06889f83f606d23421bf038cKenny Rootpublic: 709655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState(uid_t userId) : mUserId(userId), mRetry(MAX_RETRY) { 710655b958eb2180c7c06889f83f606d23421bf038cKenny Root asprintf(&mUserDir, "user_%u", mUserId); 711655b958eb2180c7c06889f83f606d23421bf038cKenny Root asprintf(&mMasterKeyFile, "%s/.masterkey", mUserDir); 712655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 71370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 714655b958eb2180c7c06889f83f606d23421bf038cKenny Root ~UserState() { 715655b958eb2180c7c06889f83f606d23421bf038cKenny Root free(mUserDir); 716655b958eb2180c7c06889f83f606d23421bf038cKenny Root free(mMasterKeyFile); 717655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 71870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 719655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool initialize() { 720655b958eb2180c7c06889f83f606d23421bf038cKenny Root if ((mkdir(mUserDir, S_IRUSR | S_IWUSR | S_IXUSR) < 0) && (errno != EEXIST)) { 721655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("Could not create directory '%s'", mUserDir); 722655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 723655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 724655b958eb2180c7c06889f83f606d23421bf038cKenny Root 725655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(mMasterKeyFile, R_OK) == 0) { 726a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setState(STATE_LOCKED); 727a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 728a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setState(STATE_UNINITIALIZED); 729a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 73070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 731655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 732655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 733655b958eb2180c7c06889f83f606d23421bf038cKenny Root 734655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t getUserId() const { 735655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mUserId; 736655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 737655b958eb2180c7c06889f83f606d23421bf038cKenny Root 738655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* getUserDirName() const { 739655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mUserDir; 740655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 741655b958eb2180c7c06889f83f606d23421bf038cKenny Root 742655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* getMasterKeyFileName() const { 743655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mMasterKeyFile; 744655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 745655b958eb2180c7c06889f83f606d23421bf038cKenny Root 746655b958eb2180c7c06889f83f606d23421bf038cKenny Root void setState(State state) { 747655b958eb2180c7c06889f83f606d23421bf038cKenny Root mState = state; 748655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (mState == STATE_NO_ERROR || mState == STATE_UNINITIALIZED) { 749655b958eb2180c7c06889f83f606d23421bf038cKenny Root mRetry = MAX_RETRY; 750655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 751a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 752a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7535187818895c4c5f650a611c40531b1dff7764c18Kenny Root State getState() const { 754a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mState; 755a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 756a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7575187818895c4c5f650a611c40531b1dff7764c18Kenny Root int8_t getRetry() const { 758a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mRetry; 759a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 760a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 761655b958eb2180c7c06889f83f606d23421bf038cKenny Root void zeroizeMasterKeysInMemory() { 762655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(mMasterKey, 0, sizeof(mMasterKey)); 763655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(mSalt, 0, sizeof(mSalt)); 764655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMasterKeyEncryption, 0, sizeof(mMasterKeyEncryption)); 765655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMasterKeyDecryption, 0, sizeof(mMasterKeyDecryption)); 76670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 76770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 768655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initialize(const android::String8& pw, Entropy* entropy) { 769655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateMasterKey(entropy)) { 770a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 771a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 772655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode response = writeMasterKey(pw, entropy); 773a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response != NO_ERROR) { 774a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return response; 775a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 776a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setupMasterKeys(); 77707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 778a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 779a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7804e865753346fc6a075966972a7a98051818859dbRobin Lee ResponseCode copyMasterKey(UserState* src) { 7814e865753346fc6a075966972a7a98051818859dbRobin Lee if (mState != STATE_UNINITIALIZED) { 7824e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 7834e865753346fc6a075966972a7a98051818859dbRobin Lee } 7844e865753346fc6a075966972a7a98051818859dbRobin Lee if (src->getState() != STATE_NO_ERROR) { 7854e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 7864e865753346fc6a075966972a7a98051818859dbRobin Lee } 7874e865753346fc6a075966972a7a98051818859dbRobin Lee memcpy(mMasterKey, src->mMasterKey, MASTER_KEY_SIZE_BYTES); 7884e865753346fc6a075966972a7a98051818859dbRobin Lee setupMasterKeys(); 7894e865753346fc6a075966972a7a98051818859dbRobin Lee return ::NO_ERROR; 7904e865753346fc6a075966972a7a98051818859dbRobin Lee } 7914e865753346fc6a075966972a7a98051818859dbRobin Lee 792655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode writeMasterKey(const android::String8& pw, Entropy* entropy) { 793a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t passwordKey[MASTER_KEY_SIZE_BYTES]; 794a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, mSalt); 795a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_KEY passwordAesKey; 796a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_set_encrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey); 797822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Blob masterKeyBlob(mMasterKey, sizeof(mMasterKey), mSalt, sizeof(mSalt), TYPE_MASTER_KEY); 798f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return masterKeyBlob.writeBlob(mMasterKeyFile, &passwordAesKey, STATE_NO_ERROR, entropy); 799a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 800a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 801655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode readMasterKey(const android::String8& pw, Entropy* entropy) { 802655b958eb2180c7c06889f83f606d23421bf038cKenny Root int in = TEMP_FAILURE_RETRY(open(mMasterKeyFile, O_RDONLY)); 803150ca934edb745de3666a6492b039900df228ff0Kenny Root if (in < 0) { 804a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 805a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 806a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 807a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // we read the raw blob to just to get the salt to generate 808a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // the AES key, then we create the Blob to use with decryptBlob 809a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root blob rawBlob; 810a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t length = readFully(in, (uint8_t*) &rawBlob, sizeof(rawBlob)); 811a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(in) != 0) { 812a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 813a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 814a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // find salt at EOF if present, otherwise we have an old file 815a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t* salt; 816a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (length > SALT_SIZE && rawBlob.info == SALT_SIZE) { 817a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root salt = (uint8_t*) &rawBlob + length - SALT_SIZE; 818a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 819a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root salt = NULL; 820a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 821a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t passwordKey[MASTER_KEY_SIZE_BYTES]; 822a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, salt); 823a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_KEY passwordAesKey; 824a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_set_decrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey); 825a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob masterKeyBlob(rawBlob); 826f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode response = masterKeyBlob.readBlob(mMasterKeyFile, &passwordAesKey, 827f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root STATE_NO_ERROR); 828a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == SYSTEM_ERROR) { 829f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return response; 830a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 831a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == NO_ERROR && masterKeyBlob.getLength() == MASTER_KEY_SIZE_BYTES) { 832a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // if salt was missing, generate one and write a new master key file with the salt. 833a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (salt == NULL) { 834655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateSalt(entropy)) { 835a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 836a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 837655b958eb2180c7c06889f83f606d23421bf038cKenny Root response = writeMasterKey(pw, entropy); 838a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 839a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == NO_ERROR) { 840a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mMasterKey, masterKeyBlob.getValue(), MASTER_KEY_SIZE_BYTES); 841a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setupMasterKeys(); 842a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 843a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return response; 844a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 845a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mRetry <= 0) { 846a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root reset(); 847a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return UNINITIALIZED; 848a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 849a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root --mRetry; 850a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root switch (mRetry) { 851a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 0: return WRONG_PASSWORD_0; 852a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 1: return WRONG_PASSWORD_1; 853a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 2: return WRONG_PASSWORD_2; 854a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 3: return WRONG_PASSWORD_3; 855a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root default: return WRONG_PASSWORD_3; 856a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 857a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 858a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 859655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY* getEncryptionKey() { 860655b958eb2180c7c06889f83f606d23421bf038cKenny Root return &mMasterKeyEncryption; 861655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 862a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 863655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY* getDecryptionKey() { 864655b958eb2180c7c06889f83f606d23421bf038cKenny Root return &mMasterKeyDecryption; 865655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 866a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 867655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool reset() { 868655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir(getUserDirName()); 869a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!dir) { 870655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't open user directory: %s", strerror(errno)); 871a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return false; 872a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 873655b958eb2180c7c06889f83f606d23421bf038cKenny Root 874655b958eb2180c7c06889f83f606d23421bf038cKenny Root struct dirent* file; 875a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while ((file = readdir(dir)) != NULL) { 876655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 877655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 878655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 879655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 880655b958eb2180c7c06889f83f606d23421bf038cKenny Root 881655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 882931fac098f2ae35aa1da26ced57962c9a21f95cfKenny Root if (file->d_name[0] == '.' && strcmp(".masterkey", file->d_name)) { 883655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 884655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 885655b958eb2180c7c06889f83f606d23421bf038cKenny Root 886655b958eb2180c7c06889f83f606d23421bf038cKenny Root unlinkat(dirfd(dir), file->d_name, 0); 887a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 888a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root closedir(dir); 889a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 890a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 891a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 892655b958eb2180c7c06889f83f606d23421bf038cKenny Rootprivate: 893655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MASTER_KEY_SIZE_BYTES = 16; 894655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8; 895655b958eb2180c7c06889f83f606d23421bf038cKenny Root 896655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MAX_RETRY = 4; 897655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const size_t SALT_SIZE = 16; 898655b958eb2180c7c06889f83f606d23421bf038cKenny Root 899655b958eb2180c7c06889f83f606d23421bf038cKenny Root void generateKeyFromPassword(uint8_t* key, ssize_t keySize, const android::String8& pw, 900655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t* salt) { 901655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t saltSize; 902655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (salt != NULL) { 903655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize = SALT_SIZE; 904655b958eb2180c7c06889f83f606d23421bf038cKenny Root } else { 905655b958eb2180c7c06889f83f606d23421bf038cKenny Root // pre-gingerbread used this hardwired salt, readMasterKey will rewrite these when found 906655b958eb2180c7c06889f83f606d23421bf038cKenny Root salt = (uint8_t*) "keystore"; 907655b958eb2180c7c06889f83f606d23421bf038cKenny Root // sizeof = 9, not strlen = 8 908655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize = sizeof("keystore"); 909655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 910655b958eb2180c7c06889f83f606d23421bf038cKenny Root 911655b958eb2180c7c06889f83f606d23421bf038cKenny Root PKCS5_PBKDF2_HMAC_SHA1(reinterpret_cast<const char*>(pw.string()), pw.length(), salt, 912655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize, 8192, keySize, key); 913655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 914655b958eb2180c7c06889f83f606d23421bf038cKenny Root 915655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool generateSalt(Entropy* entropy) { 916655b958eb2180c7c06889f83f606d23421bf038cKenny Root return entropy->generate_random_data(mSalt, sizeof(mSalt)); 917655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 918655b958eb2180c7c06889f83f606d23421bf038cKenny Root 919655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool generateMasterKey(Entropy* entropy) { 920655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!entropy->generate_random_data(mMasterKey, sizeof(mMasterKey))) { 921655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 922655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 923655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateSalt(entropy)) { 924655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 925655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 926655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 927655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 928655b958eb2180c7c06889f83f606d23421bf038cKenny Root 929655b958eb2180c7c06889f83f606d23421bf038cKenny Root void setupMasterKeys() { 930655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_set_encrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyEncryption); 931655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_set_decrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyDecryption); 932655b958eb2180c7c06889f83f606d23421bf038cKenny Root setState(STATE_NO_ERROR); 933655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 934655b958eb2180c7c06889f83f606d23421bf038cKenny Root 935655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t mUserId; 936655b958eb2180c7c06889f83f606d23421bf038cKenny Root 937655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* mUserDir; 938655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* mMasterKeyFile; 939655b958eb2180c7c06889f83f606d23421bf038cKenny Root 940655b958eb2180c7c06889f83f606d23421bf038cKenny Root State mState; 941655b958eb2180c7c06889f83f606d23421bf038cKenny Root int8_t mRetry; 942655b958eb2180c7c06889f83f606d23421bf038cKenny Root 943655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t mMasterKey[MASTER_KEY_SIZE_BYTES]; 944655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t mSalt[SALT_SIZE]; 945655b958eb2180c7c06889f83f606d23421bf038cKenny Root 946655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY mMasterKeyEncryption; 947655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY mMasterKeyDecryption; 948655b958eb2180c7c06889f83f606d23421bf038cKenny Root}; 949655b958eb2180c7c06889f83f606d23421bf038cKenny Root 950655b958eb2180c7c06889f83f606d23421bf038cKenny Roottypedef struct { 951655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint32_t uid; 952655b958eb2180c7c06889f83f606d23421bf038cKenny Root const uint8_t* filename; 953655b958eb2180c7c06889f83f606d23421bf038cKenny Root} grant_t; 954655b958eb2180c7c06889f83f606d23421bf038cKenny Root 955655b958eb2180c7c06889f83f606d23421bf038cKenny Rootclass KeyStore { 956655b958eb2180c7c06889f83f606d23421bf038cKenny Rootpublic: 957919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker KeyStore(Entropy* entropy, keymaster1_device_t* device, keymaster1_device_t* fallback) 958655b958eb2180c7c06889f83f606d23421bf038cKenny Root : mEntropy(entropy) 959655b958eb2180c7c06889f83f606d23421bf038cKenny Root , mDevice(device) 960fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker , mFallbackDevice(fallback) 961655b958eb2180c7c06889f83f606d23421bf038cKenny Root { 962655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMetaData, '\0', sizeof(mMetaData)); 963655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 964655b958eb2180c7c06889f83f606d23421bf038cKenny Root 965655b958eb2180c7c06889f83f606d23421bf038cKenny Root ~KeyStore() { 966655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::iterator it(mGrants.begin()); 967655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 968655b958eb2180c7c06889f83f606d23421bf038cKenny Root delete *it; 969655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 970c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5haitao fang mGrants.clear(); 971655b958eb2180c7c06889f83f606d23421bf038cKenny Root 972655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::iterator it(mMasterKeys.begin()); 973655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 974655b958eb2180c7c06889f83f606d23421bf038cKenny Root delete *it; 975655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 976c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5haitao fang mMasterKeys.clear(); 977655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 978655b958eb2180c7c06889f83f606d23421bf038cKenny Root 979919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker /** 980919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker * Depending on the hardware keymaster version is this may return a 981919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker * keymaster0_device_t* cast to a keymaster1_device_t*. All methods from 982919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker * keymaster0 are safe to call, calls to keymaster1_device_t methods should 983919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker * be guarded by a check on the device's version. 984919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker */ 985919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t *getDevice() const { 986655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mDevice; 987655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 988655b958eb2180c7c06889f83f606d23421bf038cKenny Root 989919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t *getFallbackDevice() const { 990fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return mFallbackDevice; 991fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 992fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 993919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t *getDeviceForBlob(const Blob& blob) const { 994fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return blob.isFallback() ? mFallbackDevice: mDevice; 995fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 996fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 997655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initialize() { 998655b958eb2180c7c06889f83f606d23421bf038cKenny Root readMetaData(); 999655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (upgradeKeystore()) { 1000655b958eb2180c7c06889f83f606d23421bf038cKenny Root writeMetaData(); 1001655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1002655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1003655b958eb2180c7c06889f83f606d23421bf038cKenny Root return ::NO_ERROR; 1004655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1005655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1006655b958eb2180c7c06889f83f606d23421bf038cKenny Root State getState(uid_t uid) { 1007655b958eb2180c7c06889f83f606d23421bf038cKenny Root return getUserState(uid)->getState(); 1008655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1009655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1010655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initializeUser(const android::String8& pw, uid_t uid) { 1011655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1012655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->initialize(pw, mEntropy); 1013655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1014655b958eb2180c7c06889f83f606d23421bf038cKenny Root 10154e865753346fc6a075966972a7a98051818859dbRobin Lee ResponseCode copyMasterKey(uid_t src, uid_t uid) { 10164e865753346fc6a075966972a7a98051818859dbRobin Lee UserState *userState = getUserState(uid); 10174e865753346fc6a075966972a7a98051818859dbRobin Lee UserState *initState = getUserState(src); 10184e865753346fc6a075966972a7a98051818859dbRobin Lee return userState->copyMasterKey(initState); 10194e865753346fc6a075966972a7a98051818859dbRobin Lee } 10204e865753346fc6a075966972a7a98051818859dbRobin Lee 1021655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode writeMasterKey(const android::String8& pw, uid_t uid) { 102250122db50bcb6c1aab50ef235c8f9d264b50e97aRobin Lee UserState* userState = getUserState(uid); 1023655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->writeMasterKey(pw, mEntropy); 1024655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1025655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1026655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode readMasterKey(const android::String8& pw, uid_t uid) { 102750122db50bcb6c1aab50ef235c8f9d264b50e97aRobin Lee UserState* userState = getUserState(uid); 1028655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->readMasterKey(pw, mEntropy); 1029655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1030655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1031655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyName(const android::String8& keyName) { 1032a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1033655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1034655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8(encoded); 1035655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1036655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1037655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyNameForUid(const android::String8& keyName, uid_t uid) { 1038a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1039655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1040655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8::format("%u_%s", uid, encoded); 1041655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1042655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1043655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyNameForUidWithDir(const android::String8& keyName, uid_t uid) { 1044a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1045655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1046655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8::format("%s/%u_%s", getUserState(uid)->getUserDirName(), uid, 1047655b958eb2180c7c06889f83f606d23421bf038cKenny Root encoded); 1048655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1049655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1050655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool reset(uid_t uid) { 10514b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::String8 prefix(""); 10524b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::Vector<android::String16> aliases; 10534b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (saw(prefix, &aliases, uid) != ::NO_ERROR) { 10544b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 10554b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 10564b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 1057655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 10584b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee for (uint32_t i = 0; i < aliases.size(); i++) { 10594b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::String8 filename(aliases[i]); 10604b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee filename = android::String8::format("%s/%s", userState->getUserDirName(), 10614b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee getKeyName(filename).string()); 10624b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee del(filename, ::TYPE_ANY, uid); 10634b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 10644b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 1065655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->zeroizeMasterKeysInMemory(); 1066655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->setState(STATE_UNINITIALIZED); 1067655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->reset(); 1068655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1069655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1070655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool isEmpty(uid_t uid) const { 1071655b958eb2180c7c06889f83f606d23421bf038cKenny Root const UserState* userState = getUserState(uid); 107231e27468b6d822adbd2aec9219a68c206aa6957cKenny Root if (userState == NULL || userState->getState() == STATE_UNINITIALIZED) { 1073655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 1074655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1075655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1076655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir(userState->getUserDirName()); 1077a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!dir) { 1078a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 1079a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1080655b958eb2180c7c06889f83f606d23421bf038cKenny Root 108131e27468b6d822adbd2aec9219a68c206aa6957cKenny Root bool result = true; 108231e27468b6d822adbd2aec9219a68c206aa6957cKenny Root struct dirent* file; 1083a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while ((file = readdir(dir)) != NULL) { 1084655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 1085655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 1086655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1087655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1088655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1089655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 1090655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_name[0] == '.') { 1091655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1092655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1093655b958eb2180c7c06889f83f606d23421bf038cKenny Root 109431e27468b6d822adbd2aec9219a68c206aa6957cKenny Root result = false; 109531e27468b6d822adbd2aec9219a68c206aa6957cKenny Root break; 1096a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1097a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root closedir(dir); 1098a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return result; 1099a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1100a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1101655b958eb2180c7c06889f83f606d23421bf038cKenny Root void lock(uid_t uid) { 1102655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1103655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->zeroizeMasterKeysInMemory(); 1104655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->setState(STATE_LOCKED); 1105a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1106a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1107655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode get(const char* filename, Blob* keyBlob, const BlobType type, uid_t uid) { 1108655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1109f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode rc = keyBlob->readBlob(filename, userState->getDecryptionKey(), 1110f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root userState->getState()); 1111822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc != NO_ERROR) { 1112822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1113822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1114822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1115822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root const uint8_t version = keyBlob->getVersion(); 111607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (version < CURRENT_BLOB_VERSION) { 1117cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root /* If we upgrade the key, we need to write it to disk again. Then 1118cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root * it must be read it again since the blob is encrypted each time 1119cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root * it's written. 1120cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root */ 1121655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (upgradeBlob(filename, keyBlob, version, type, uid)) { 1122655b958eb2180c7c06889f83f606d23421bf038cKenny Root if ((rc = this->put(filename, keyBlob, uid)) != NO_ERROR 1123f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root || (rc = keyBlob->readBlob(filename, userState->getDecryptionKey(), 1124f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root userState->getState())) != NO_ERROR) { 1125cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root return rc; 1126cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root } 1127cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root } 1128822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1129822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 113017208e0de5a42722901d803118745cca25fd10c1Kenny Root /* 113117208e0de5a42722901d803118745cca25fd10c1Kenny Root * This will upgrade software-backed keys to hardware-backed keys when 113217208e0de5a42722901d803118745cca25fd10c1Kenny Root * the HAL for the device supports the newer key types. 113317208e0de5a42722901d803118745cca25fd10c1Kenny Root */ 113417208e0de5a42722901d803118745cca25fd10c1Kenny Root if (rc == NO_ERROR && type == TYPE_KEY_PAIR 113517208e0de5a42722901d803118745cca25fd10c1Kenny Root && mDevice->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_0_2 113617208e0de5a42722901d803118745cca25fd10c1Kenny Root && keyBlob->isFallback()) { 113717208e0de5a42722901d803118745cca25fd10c1Kenny Root ResponseCode imported = importKey(keyBlob->getValue(), keyBlob->getLength(), filename, 113817208e0de5a42722901d803118745cca25fd10c1Kenny Root uid, keyBlob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); 113917208e0de5a42722901d803118745cca25fd10c1Kenny Root 114017208e0de5a42722901d803118745cca25fd10c1Kenny Root // The HAL allowed the import, reget the key to have the "fresh" 114117208e0de5a42722901d803118745cca25fd10c1Kenny Root // version. 114217208e0de5a42722901d803118745cca25fd10c1Kenny Root if (imported == NO_ERROR) { 114317208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = get(filename, keyBlob, TYPE_KEY_PAIR, uid); 114417208e0de5a42722901d803118745cca25fd10c1Kenny Root } 114517208e0de5a42722901d803118745cca25fd10c1Kenny Root } 114617208e0de5a42722901d803118745cca25fd10c1Kenny Root 1147d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (type != TYPE_ANY && keyBlob->getType() != type) { 1148822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGW("key found but type doesn't match: %d vs %d", keyBlob->getType(), type); 1149822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return KEY_NOT_FOUND; 1150822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1151822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1152822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1153a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1154a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1155655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode put(const char* filename, Blob* keyBlob, uid_t uid) { 1156655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1157f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return keyBlob->writeBlob(filename, userState->getEncryptionKey(), userState->getState(), 1158f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mEntropy); 1159a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1160a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 11614b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode del(const char *filename, const BlobType type, uid_t uid) { 11624b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee Blob keyBlob; 11634b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode rc = get(filename, &keyBlob, type, uid); 11644b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (rc != ::NO_ERROR) { 11654b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return rc; 11664b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11674b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11684b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (keyBlob.getType() == ::TYPE_KEY_PAIR) { 11694b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // A device doesn't have to implement delete_keypair. 11704b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mDevice->delete_keypair != NULL && !keyBlob.isFallback()) { 11714b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mDevice->delete_keypair(mDevice, keyBlob.getValue(), keyBlob.getLength())) { 11724b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee rc = ::SYSTEM_ERROR; 11734b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11744b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11754b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11764b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (rc != ::NO_ERROR) { 11774b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return rc; 11784b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11794b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11804b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return (unlink(filename) && errno != ENOENT) ? ::SYSTEM_ERROR : ::NO_ERROR; 11814b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11824b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11834b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode saw(const android::String8& prefix, android::Vector<android::String16> *matches, 11844b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee uid_t uid) { 11854b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11864b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee UserState* userState = getUserState(uid); 11874b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t n = prefix.length(); 11884b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11894b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee DIR* dir = opendir(userState->getUserDirName()); 11904b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (!dir) { 11914b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("can't open directory for user: %s", strerror(errno)); 11924b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 11934b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11944b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11954b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee struct dirent* file; 11964b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee while ((file = readdir(dir)) != NULL) { 11974b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // We only care about files. 11984b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (file->d_type != DT_REG) { 11994b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee continue; 12004b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12014b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12024b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // Skip anything that starts with a "." 12034b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (file->d_name[0] == '.') { 12044b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee continue; 12054b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12064b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12074b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (!strncmp(prefix.string(), file->d_name, n)) { 12084b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee const char* p = &file->d_name[n]; 12094b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t plen = strlen(p); 12104b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12114b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t extra = decode_key_length(p, plen); 12124b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee char *match = (char*) malloc(extra + 1); 12134b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (match != NULL) { 12144b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee decode_key(match, p, plen); 12154b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee matches->push(android::String16(match, extra)); 12164b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee free(match); 12174b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } else { 12184b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("could not allocate match of size %zd", extra); 12194b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12204b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12214b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12224b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee closedir(dir); 12234b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::NO_ERROR; 12244b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12254b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 122607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root void addGrant(const char* filename, uid_t granteeUid) { 1227655b958eb2180c7c06889f83f606d23421bf038cKenny Root const grant_t* existing = getGrant(filename, granteeUid); 1228655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (existing == NULL) { 1229655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = new grant_t; 123007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root grant->uid = granteeUid; 1231a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom grant->filename = reinterpret_cast<const uint8_t*>(strdup(filename)); 1232655b958eb2180c7c06889f83f606d23421bf038cKenny Root mGrants.add(grant); 123370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 123470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 123570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 123607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root bool removeGrant(const char* filename, uid_t granteeUid) { 1237655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::iterator it(mGrants.begin()); 1238655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 1239655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = *it; 1240655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (grant->uid == granteeUid 1241655b958eb2180c7c06889f83f606d23421bf038cKenny Root && !strcmp(reinterpret_cast<const char*>(grant->filename), filename)) { 1242655b958eb2180c7c06889f83f606d23421bf038cKenny Root mGrants.erase(it); 1243655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 1244655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 124570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 124670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return false; 124770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 124870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1249a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom bool hasGrant(const char* filename, const uid_t uid) const { 1250a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom return getGrant(filename, uid) != NULL; 125170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 125270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1253f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode importKey(const uint8_t* key, size_t keyLen, const char* filename, uid_t uid, 1254f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 1255822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t* data; 1256822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root size_t dataLength; 1257822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root int rc; 1258822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1259822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (mDevice->import_keypair == NULL) { 1260822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Keymaster doesn't support import!"); 1261822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1262822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1263822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 126417208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback = false; 126507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root rc = mDevice->import_keypair(mDevice, key, keyLen, &data, &dataLength); 1266822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc) { 1267a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root /* 1268a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * Maybe the device doesn't support this type of key. Try to use the 1269a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * software fallback keymaster implementation. This is a little bit 1270a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * lazier than checking the PKCS#8 key type, but the software 1271a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * implementation will do that anyway. 1272a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root */ 12737c1eb75a6898452867ca28a4d7fad2d91edca615Chad Brubaker rc = mFallbackDevice->import_keypair(mFallbackDevice, key, keyLen, &data, &dataLength); 1274a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root isFallback = true; 127517208e0de5a42722901d803118745cca25fd10c1Kenny Root 127617208e0de5a42722901d803118745cca25fd10c1Kenny Root if (rc) { 127717208e0de5a42722901d803118745cca25fd10c1Kenny Root ALOGE("Error while importing keypair: %d", rc); 127817208e0de5a42722901d803118745cca25fd10c1Kenny Root return SYSTEM_ERROR; 127917208e0de5a42722901d803118745cca25fd10c1Kenny Root } 1280822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1281822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1282822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR); 1283822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root free(data); 1284822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1285f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 128617208e0de5a42722901d803118745cca25fd10c1Kenny Root keyBlob.setFallback(isFallback); 1287f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1288655b958eb2180c7c06889f83f606d23421bf038cKenny Root return put(filename, &keyBlob, uid); 1289822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1290822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 12911b0e3933900c7ea21189704d5db64e7346aee7afKenny Root bool isHardwareBacked(const android::String16& keyType) const { 12921b0e3933900c7ea21189704d5db64e7346aee7afKenny Root if (mDevice == NULL) { 12931b0e3933900c7ea21189704d5db64e7346aee7afKenny Root ALOGW("can't get keymaster device"); 12941b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return false; 12951b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } 12961b0e3933900c7ea21189704d5db64e7346aee7afKenny Root 12971b0e3933900c7ea21189704d5db64e7346aee7afKenny Root if (sRSAKeyType == keyType) { 12981b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0; 12991b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } else { 13001b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0 13011b0e3933900c7ea21189704d5db64e7346aee7afKenny Root && (mDevice->common.module->module_api_version 13021b0e3933900c7ea21189704d5db64e7346aee7afKenny Root >= KEYMASTER_MODULE_API_VERSION_0_2); 13031b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } 13048ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root } 13058ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root 1306655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode getKeyForName(Blob* keyBlob, const android::String8& keyName, const uid_t uid, 1307655b958eb2180c7c06889f83f606d23421bf038cKenny Root const BlobType type) { 130886b16e8c0d353af97f0411917789308dba417295Kenny Root android::String8 filepath8(getKeyNameForUidWithDir(keyName, uid)); 1309a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1310655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = get(filepath8.string(), keyBlob, type, uid); 1311655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (responseCode == NO_ERROR) { 1312655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1313655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1314a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1315655b958eb2180c7c06889f83f606d23421bf038cKenny Root // If this is one of the legacy UID->UID mappings, use it. 1316655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t euid = get_keystore_euid(uid); 1317655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (euid != uid) { 131886b16e8c0d353af97f0411917789308dba417295Kenny Root filepath8 = getKeyNameForUidWithDir(keyName, euid); 1319655b958eb2180c7c06889f83f606d23421bf038cKenny Root responseCode = get(filepath8.string(), keyBlob, type, uid); 1320655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (responseCode == NO_ERROR) { 1321655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1322655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1323655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 132470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1325655b958eb2180c7c06889f83f606d23421bf038cKenny Root // They might be using a granted key. 132686b16e8c0d353af97f0411917789308dba417295Kenny Root android::String8 filename8 = getKeyName(keyName); 1327655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* end; 132886b16e8c0d353af97f0411917789308dba417295Kenny Root strtoul(filename8.string(), &end, 10); 1329655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (end[0] != '_' || end[1] == 0) { 1330655b958eb2180c7c06889f83f606d23421bf038cKenny Root return KEY_NOT_FOUND; 1331655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 133286b16e8c0d353af97f0411917789308dba417295Kenny Root filepath8 = android::String8::format("%s/%s", getUserState(uid)->getUserDirName(), 133386b16e8c0d353af97f0411917789308dba417295Kenny Root filename8.string()); 1334655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!hasGrant(filepath8.string(), uid)) { 1335655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1336a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1337a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1338655b958eb2180c7c06889f83f606d23421bf038cKenny Root // It is a granted key. Try to load it. 1339655b958eb2180c7c06889f83f606d23421bf038cKenny Root return get(filepath8.string(), keyBlob, type, uid); 1340a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1341a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1342655b958eb2180c7c06889f83f606d23421bf038cKenny Root /** 1343655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns any existing UserState or creates it if it doesn't exist. 1344655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1345655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* getUserState(uid_t uid) { 1346655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t userId = get_user_id(uid); 1347655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1348655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::iterator it(mMasterKeys.begin()); 1349655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 1350655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* state = *it; 1351655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (state->getUserId() == userId) { 1352655b958eb2180c7c06889f83f606d23421bf038cKenny Root return state; 1353655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1354a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1355655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1356655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = new UserState(userId); 1357655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!userState->initialize()) { 1358655b958eb2180c7c06889f83f606d23421bf038cKenny Root /* There's not much we can do if initialization fails. Trying to 1359655b958eb2180c7c06889f83f606d23421bf038cKenny Root * unlock the keystore for that user will fail as well, so any 1360655b958eb2180c7c06889f83f606d23421bf038cKenny Root * subsequent request for this user will just return SYSTEM_ERROR. 1361655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1362655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("User initialization failed for %u; subsuquent operations will fail", userId); 1363a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1364655b958eb2180c7c06889f83f606d23421bf038cKenny Root mMasterKeys.add(userState); 1365655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState; 1366a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1367a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1368655b958eb2180c7c06889f83f606d23421bf038cKenny Root /** 1369655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns NULL if the UserState doesn't already exist. 1370655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1371655b958eb2180c7c06889f83f606d23421bf038cKenny Root const UserState* getUserState(uid_t uid) const { 1372655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t userId = get_user_id(uid); 1373655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1374655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::const_iterator it(mMasterKeys.begin()); 1375655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 1376655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* state = *it; 1377655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (state->getUserId() == userId) { 1378655b958eb2180c7c06889f83f606d23421bf038cKenny Root return state; 1379655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1380655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1381a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1382655b958eb2180c7c06889f83f606d23421bf038cKenny Root return NULL; 1383a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1384a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1385655b958eb2180c7c06889f83f606d23421bf038cKenny Rootprivate: 1386655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const char* sOldMasterKey; 1387655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const char* sMetaDataFile; 13881b0e3933900c7ea21189704d5db64e7346aee7afKenny Root static const android::String16 sRSAKeyType; 1389655b958eb2180c7c06889f83f606d23421bf038cKenny Root Entropy* mEntropy; 139007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1391919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t* mDevice; 1392919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t* mFallbackDevice; 1393a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1394655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::Vector<UserState*> mMasterKeys; 1395655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1396655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::Vector<grant_t*> mGrants; 139770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1398655b958eb2180c7c06889f83f606d23421bf038cKenny Root typedef struct { 1399655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint32_t version; 1400655b958eb2180c7c06889f83f606d23421bf038cKenny Root } keystore_metadata_t; 140170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1402655b958eb2180c7c06889f83f606d23421bf038cKenny Root keystore_metadata_t mMetaData; 1403655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1404655b958eb2180c7c06889f83f606d23421bf038cKenny Root const grant_t* getGrant(const char* filename, uid_t uid) const { 1405655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::const_iterator it(mGrants.begin()); 1406655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 1407655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = *it; 140870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (grant->uid == uid 1409655b958eb2180c7c06889f83f606d23421bf038cKenny Root && !strcmp(reinterpret_cast<const char*>(grant->filename), filename)) { 141070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return grant; 141170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 141270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 141370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return NULL; 141470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 141570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1416822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /** 1417822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Upgrade code. This will upgrade the key from the current version 1418822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * to whatever is newest. 1419822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 1420655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVersion, 1421655b958eb2180c7c06889f83f606d23421bf038cKenny Root const BlobType type, uid_t uid) { 1422822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root bool updated = false; 1423822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t version = oldVersion; 1424822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1425822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /* From V0 -> V1: All old types were unknown */ 1426822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (version == 0) { 1427822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGV("upgrading to version 1 and setting type %d", type); 1428822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1429822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root blob->setType(type); 1430822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (type == TYPE_KEY_PAIR) { 1431655b958eb2180c7c06889f83f606d23421bf038cKenny Root importBlobAsKey(blob, filename, uid); 1432822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1433822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root version = 1; 1434822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root updated = true; 1435822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1436822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1437f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root /* From V1 -> V2: All old keys were encrypted */ 1438f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (version == 1) { 1439f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("upgrading to version 2"); 1440f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1441f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root blob->setEncrypted(true); 1442f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root version = 2; 1443f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root updated = true; 1444f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 1445f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1446822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /* 1447822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * If we've updated, set the key blob to the right version 1448822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * and write it. 1449cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root */ 1450822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (updated) { 1451822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGV("updated and writing file %s", filename); 1452822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root blob->setVersion(version); 1453822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1454cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root 1455cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root return updated; 1456822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1457822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1458822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /** 1459822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Takes a blob that is an PEM-encoded RSA key as a byte array and 1460822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * converts it to a DER-encoded PKCS#8 for import into a keymaster. 1461822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Then it overwrites the original blob with the new blob 1462822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * format that is returned from the keymaster. 1463822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 1464655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode importBlobAsKey(Blob* blob, const char* filename, uid_t uid) { 1465822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root // We won't even write to the blob directly with this BIO, so const_cast is okay. 1466822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_BIO b(BIO_new_mem_buf(const_cast<uint8_t*>(blob->getValue()), blob->getLength())); 1467822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (b.get() == NULL) { 1468822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Problem instantiating BIO"); 1469822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1470822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1471822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1472822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_EVP_PKEY pkey(PEM_read_bio_PrivateKey(b.get(), NULL, NULL, NULL)); 1473822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (pkey.get() == NULL) { 1474822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't read old PEM file"); 1475822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1476822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1477822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1478822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_PKCS8_PRIV_KEY_INFO pkcs8(EVP_PKEY2PKCS8(pkey.get())); 1479822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root int len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), NULL); 1480822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (len < 0) { 1481822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't measure PKCS#8 length"); 1482822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1483822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1484822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 148570c9889c5ca912e7c492580e1999f18ab65b267bKenny Root UniquePtr<unsigned char[]> pkcs8key(new unsigned char[len]); 148670c9889c5ca912e7c492580e1999f18ab65b267bKenny Root uint8_t* tmp = pkcs8key.get(); 1487822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &tmp) != len) { 1488822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't convert to PKCS#8"); 1489822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1490822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1491822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1492f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode rc = importKey(pkcs8key.get(), len, filename, uid, 1493f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root blob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); 1494822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc != NO_ERROR) { 1495822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1496822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1497822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1498655b958eb2180c7c06889f83f606d23421bf038cKenny Root return get(filename, blob, TYPE_KEY_PAIR, uid); 1499822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 150070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1501655b958eb2180c7c06889f83f606d23421bf038cKenny Root void readMetaData() { 1502655b958eb2180c7c06889f83f606d23421bf038cKenny Root int in = TEMP_FAILURE_RETRY(open(sMetaDataFile, O_RDONLY)); 1503655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (in < 0) { 1504655b958eb2180c7c06889f83f606d23421bf038cKenny Root return; 1505655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1506655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t fileLength = readFully(in, (uint8_t*) &mMetaData, sizeof(mMetaData)); 1507655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (fileLength != sizeof(mMetaData)) { 1508655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGI("Metadata file is %zd bytes (%zd experted); upgrade?", fileLength, 1509655b958eb2180c7c06889f83f606d23421bf038cKenny Root sizeof(mMetaData)); 1510655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1511655b958eb2180c7c06889f83f606d23421bf038cKenny Root close(in); 151270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 151370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1514655b958eb2180c7c06889f83f606d23421bf038cKenny Root void writeMetaData() { 1515655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* tmpFileName = ".metadata.tmp"; 1516655b958eb2180c7c06889f83f606d23421bf038cKenny Root int out = TEMP_FAILURE_RETRY(open(tmpFileName, 1517655b958eb2180c7c06889f83f606d23421bf038cKenny Root O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); 1518655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (out < 0) { 1519655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't write metadata file: %s", strerror(errno)); 1520655b958eb2180c7c06889f83f606d23421bf038cKenny Root return; 1521655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1522655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t fileLength = writeFully(out, (uint8_t*) &mMetaData, sizeof(mMetaData)); 1523655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (fileLength != sizeof(mMetaData)) { 1524655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGI("Could only write %zd bytes to metadata file (%zd expected)", fileLength, 1525655b958eb2180c7c06889f83f606d23421bf038cKenny Root sizeof(mMetaData)); 152670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1527655b958eb2180c7c06889f83f606d23421bf038cKenny Root close(out); 1528655b958eb2180c7c06889f83f606d23421bf038cKenny Root rename(tmpFileName, sMetaDataFile); 152970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 153070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1531655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgradeKeystore() { 1532655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgraded = false; 1533655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1534655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (mMetaData.version == 0) { 1535655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(0); 1536655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1537655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Initialize first so the directory is made. 1538655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->initialize(); 1539655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1540655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Migrate the old .masterkey file to user 0. 1541655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(sOldMasterKey, R_OK) == 0) { 1542655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (rename(sOldMasterKey, userState->getMasterKeyFileName()) < 0) { 1543655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't migrate old masterkey: %s", strerror(errno)); 1544655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 1545655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1546655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1547655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1548655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Initialize again in case we had a key. 1549655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->initialize(); 1550655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1551655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Try to migrate existing keys. 1552655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir("."); 1553655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!dir) { 1554655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Give up now; maybe we can upgrade later. 1555655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't open keystore's directory; something is wrong"); 1556655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 1557655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1558655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1559655b958eb2180c7c06889f83f606d23421bf038cKenny Root struct dirent* file; 1560655b958eb2180c7c06889f83f606d23421bf038cKenny Root while ((file = readdir(dir)) != NULL) { 1561655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 1562655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 1563655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1564655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1565655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1566655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 1567655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_name[0] == '.') { 1568655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1569655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1570655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1571655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Find the current file's user. 1572655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* end; 1573655b958eb2180c7c06889f83f606d23421bf038cKenny Root unsigned long thisUid = strtoul(file->d_name, &end, 10); 1574655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (end[0] != '_' || end[1] == 0) { 1575655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1576655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1577655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* otherUser = getUserState(thisUid); 1578655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (otherUser->getUserId() != 0) { 1579655b958eb2180c7c06889f83f606d23421bf038cKenny Root unlinkat(dirfd(dir), file->d_name, 0); 1580655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1581655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1582655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Rename the file into user directory. 1583655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* otherdir = opendir(otherUser->getUserDirName()); 1584655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (otherdir == NULL) { 1585655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't open user directory for rename"); 1586655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1587655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1588655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (renameat(dirfd(dir), file->d_name, dirfd(otherdir), file->d_name) < 0) { 1589655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't rename blob: %s: %s", file->d_name, strerror(errno)); 1590655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1591655b958eb2180c7c06889f83f606d23421bf038cKenny Root closedir(otherdir); 1592655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1593655b958eb2180c7c06889f83f606d23421bf038cKenny Root closedir(dir); 1594655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1595655b958eb2180c7c06889f83f606d23421bf038cKenny Root mMetaData.version = 1; 1596655b958eb2180c7c06889f83f606d23421bf038cKenny Root upgraded = true; 1597655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1598655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1599655b958eb2180c7c06889f83f606d23421bf038cKenny Root return upgraded; 160070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1601655b958eb2180c7c06889f83f606d23421bf038cKenny Root}; 160270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1603655b958eb2180c7c06889f83f606d23421bf038cKenny Rootconst char* KeyStore::sOldMasterKey = ".masterkey"; 1604655b958eb2180c7c06889f83f606d23421bf038cKenny Rootconst char* KeyStore::sMetaDataFile = ".metadata"; 160570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 16061b0e3933900c7ea21189704d5db64e7346aee7afKenny Rootconst android::String16 KeyStore::sRSAKeyType("RSA"); 16071b0e3933900c7ea21189704d5db64e7346aee7afKenny Root 160807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootnamespace android { 160907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootclass KeyStoreProxy : public BnKeystoreService, public IBinder::DeathRecipient { 161007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootpublic: 161107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root KeyStoreProxy(KeyStore* keyStore) 161207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root : mKeyStore(keyStore) 161307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root { 161407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1615a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 161607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root void binderDied(const wp<IBinder>&) { 161707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("binder death detected"); 161807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1619a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 162007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t test() { 1621d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1622eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1623eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_TEST, spid)) { 1624d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: test", callingUid); 162507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 162607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1627a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1628655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->getState(callingUid); 1629a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1630a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 163107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t get(const String16& name, uint8_t** item, size_t* itemLength) { 1632d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1633eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1634eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_GET, spid)) { 1635d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: get", callingUid); 163607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 163707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1638a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 163907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 164007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 164166dbf67dd65b4808a15ef64f0ffde1275bdd58a9Nick Kralevich 1642655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 1643494689083467ec372a58f094f041c8f102f39393Kenny Root TYPE_GENERIC); 164407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 1645655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("Could not read %s", name8.string()); 164607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *item = NULL; 164707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *itemLength = 0; 164807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 164907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 165007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 165107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *item = (uint8_t*) malloc(keyBlob.getLength()); 165207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root memcpy(*item, keyBlob.getValue(), keyBlob.getLength()); 165307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *itemLength = keyBlob.getLength(); 165407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 165507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1656a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1657a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1658f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int targetUid, 1659f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 1660eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1661d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1662eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_INSERT, spid)) { 1663d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: insert", callingUid); 166407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 166507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 166607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1667f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root State state = mKeyStore->getState(callingUid); 1668f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if ((flags & KEYSTORE_FLAG_ENCRYPTED) && !isKeystoreUnlocked(state)) { 1669f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGD("calling get in state: %d", state); 1670f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return state; 1671f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 1672f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1673494689083467ec372a58f094f041c8f102f39393Kenny Root if (targetUid == -1) { 1674494689083467ec372a58f094f041c8f102f39393Kenny Root targetUid = callingUid; 1675494689083467ec372a58f094f041c8f102f39393Kenny Root } else if (!is_granted_to(callingUid, targetUid)) { 1676b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1677b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1678b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 167907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1680655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 168107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 168207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob(item, itemLength, NULL, 0, ::TYPE_GENERIC); 1683ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 1684ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root 1685fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->put(filename.string(), &keyBlob, targetUid); 1686a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1687a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1688494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t del(const String16& name, int targetUid) { 1689d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1690eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1691eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_DELETE, spid)) { 1692d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: del", callingUid); 169307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 169407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 169507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1696494689083467ec372a58f094f041c8f102f39393Kenny Root if (targetUid == -1) { 1697494689083467ec372a58f094f041c8f102f39393Kenny Root targetUid = callingUid; 1698494689083467ec372a58f094f041c8f102f39393Kenny Root } else if (!is_granted_to(callingUid, targetUid)) { 1699b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1700b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1701b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 170207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1703655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 17044b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return mKeyStore->del(filename.string(), ::TYPE_GENERIC, targetUid); 1705298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1706298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 1707494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t exist(const String16& name, int targetUid) { 1708d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1709eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1710eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_EXIST, spid)) { 1711d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: exist", callingUid); 171207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 171307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 171407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1715494689083467ec372a58f094f041c8f102f39393Kenny Root if (targetUid == -1) { 1716494689083467ec372a58f094f041c8f102f39393Kenny Root targetUid = callingUid; 1717494689083467ec372a58f094f041c8f102f39393Kenny Root } else if (!is_granted_to(callingUid, targetUid)) { 1718b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1719b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1720b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 172107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1722655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 172307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1724655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 172507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 172607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 172707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1728298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1729298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 1730494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t saw(const String16& prefix, int targetUid, Vector<String16>* matches) { 1731d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1732eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1733eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_SAW, spid)) { 1734d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: saw", callingUid); 173507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 173607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 173707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1738494689083467ec372a58f094f041c8f102f39393Kenny Root if (targetUid == -1) { 1739494689083467ec372a58f094f041c8f102f39393Kenny Root targetUid = callingUid; 1740494689083467ec372a58f094f041c8f102f39393Kenny Root } else if (!is_granted_to(callingUid, targetUid)) { 1741b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1742b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1743b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 174407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 prefix8(prefix); 1745655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUid(prefix8, targetUid)); 174607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 17474b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mKeyStore->saw(filename, matches, targetUid) != ::NO_ERROR) { 17484b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 174907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 175007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1751298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1752298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 175307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t reset() { 1754d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1755eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1756eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_RESET, spid)) { 1757d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: reset", callingUid); 175807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 175907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1760a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 17614b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return mKeyStore->reset(callingUid) ? ::NO_ERROR : ::SYSTEM_ERROR; 1762a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1763a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 176407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 176507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Here is the history. To improve the security, the parameters to generate the 176607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * master key has been changed. To make a seamless transition, we update the 176707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * file using the same password when the user unlock it for the first time. If 176807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * any thing goes wrong during the transition, the new file will not overwrite 176907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * the old one. This avoids permanent damages of the existing data. 177007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 177107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t password(const String16& password) { 1772d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1773eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1774eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_PASSWORD, spid)) { 1775d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: password", callingUid); 177607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 177707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1778a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 177907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 password8(password); 1780a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1781655b958eb2180c7c06889f83f606d23421bf038cKenny Root switch (mKeyStore->getState(callingUid)) { 178207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root case ::STATE_UNINITIALIZED: { 178307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root // generate master key, encrypt with password, write to file, initialize mMasterKey*. 1784655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->initializeUser(password8, callingUid); 178507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 178607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root case ::STATE_NO_ERROR: { 178707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root // rewrite master key with new password. 1788655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->writeMasterKey(password8, callingUid); 178907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 179007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root case ::STATE_LOCKED: { 179107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root // read master key, decrypt with password, initialize mMasterKey*. 1792655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->readMasterKey(password8, callingUid); 179307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 179407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 179507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 179607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1797a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 179807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t lock() { 1799d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1800eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1801eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_LOCK, spid)) { 1802d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: lock", callingUid); 180307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 180407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 180507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1806655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 18079d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (state != ::STATE_NO_ERROR) { 180807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling lock in state: %d", state); 180907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 181007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 181170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1812655b958eb2180c7c06889f83f606d23421bf038cKenny Root mKeyStore->lock(callingUid); 181307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 181470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1815a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 181607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t unlock(const String16& pw) { 1817d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1818eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1819eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_UNLOCK, spid)) { 1820d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: unlock", callingUid); 182107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 182207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 182307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1824655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 18259d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (state != ::STATE_LOCKED) { 182607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling unlock when not locked"); 182707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 182807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 182907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 183007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 password8(pw); 183107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return password(pw); 183270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 183370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 183407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t zero() { 1835d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1836eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1837eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_ZERO, spid)) { 1838d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: zero", callingUid); 183907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return -1; 184007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 184170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1842655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->isEmpty(callingUid) ? ::KEY_NOT_FOUND : ::NO_ERROR; 184370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 184470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 184596427baf0094d50047049d329b0779c3c910402cKenny Root int32_t generate(const String16& name, int32_t targetUid, int32_t keyType, int32_t keySize, 184696427baf0094d50047049d329b0779c3c910402cKenny Root int32_t flags, Vector<sp<KeystoreArg> >* args) { 1847d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1848eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1849eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_INSERT, spid)) { 1850d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: generate", callingUid); 185107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 185207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 185370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1854494689083467ec372a58f094f041c8f102f39393Kenny Root if (targetUid == -1) { 1855494689083467ec372a58f094f041c8f102f39393Kenny Root targetUid = callingUid; 1856494689083467ec372a58f094f041c8f102f39393Kenny Root } else if (!is_granted_to(callingUid, targetUid)) { 1857b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1858b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1859b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 1860655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 1861f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if ((flags & KEYSTORE_FLAG_ENCRYPTED) && !isKeystoreUnlocked(state)) { 1862f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGW("calling generate in state: %d", state); 186307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 186407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 186570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 186607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uint8_t* data; 186707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t dataLength; 186807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int rc; 186917208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback = false; 187070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1871919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 1872919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 187307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 187407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 187507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 187670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 187707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->generate_keypair == NULL) { 187807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 187907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 188070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 188117208e0de5a42722901d803118745cca25fd10c1Kenny Root if (keyType == EVP_PKEY_DSA) { 188296427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_dsa_keygen_params_t dsa_params; 188396427baf0094d50047049d329b0779c3c910402cKenny Root memset(&dsa_params, '\0', sizeof(dsa_params)); 188496427baf0094d50047049d329b0779c3c910402cKenny Root 188596427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 188696427baf0094d50047049d329b0779c3c910402cKenny Root keySize = DSA_DEFAULT_KEY_SIZE; 188796427baf0094d50047049d329b0779c3c910402cKenny Root } else if ((keySize % 64) != 0 || keySize < DSA_MIN_KEY_SIZE 188896427baf0094d50047049d329b0779c3c910402cKenny Root || keySize > DSA_MAX_KEY_SIZE) { 188996427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 189096427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 189196427baf0094d50047049d329b0779c3c910402cKenny Root } 189296427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.key_size = keySize; 189396427baf0094d50047049d329b0779c3c910402cKenny Root 189496427baf0094d50047049d329b0779c3c910402cKenny Root if (args->size() == 3) { 189596427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> gArg = args->itemAt(0); 189696427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> pArg = args->itemAt(1); 189796427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> qArg = args->itemAt(2); 189896427baf0094d50047049d329b0779c3c910402cKenny Root 189996427baf0094d50047049d329b0779c3c910402cKenny Root if (gArg != NULL && pArg != NULL && qArg != NULL) { 190096427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.generator = reinterpret_cast<const uint8_t*>(gArg->data()); 190196427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.generator_len = gArg->size(); 190296427baf0094d50047049d329b0779c3c910402cKenny Root 190396427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_p = reinterpret_cast<const uint8_t*>(pArg->data()); 190496427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_p_len = pArg->size(); 190596427baf0094d50047049d329b0779c3c910402cKenny Root 190696427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_q = reinterpret_cast<const uint8_t*>(qArg->data()); 190796427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_q_len = qArg->size(); 190896427baf0094d50047049d329b0779c3c910402cKenny Root } else { 190996427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("not all DSA parameters were read"); 191096427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 191196427baf0094d50047049d329b0779c3c910402cKenny Root } 191296427baf0094d50047049d329b0779c3c910402cKenny Root } else if (args->size() != 0) { 191396427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("DSA args must be 3"); 191496427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 191596427baf0094d50047049d329b0779c3c910402cKenny Root } 191696427baf0094d50047049d329b0779c3c910402cKenny Root 19171d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (isKeyTypeSupported(device, TYPE_DSA)) { 191817208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = device->generate_keypair(device, TYPE_DSA, &dsa_params, &data, &dataLength); 191917208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 192017208e0de5a42722901d803118745cca25fd10c1Kenny Root isFallback = true; 1921fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = fallback->generate_keypair(fallback, TYPE_DSA, &dsa_params, &data, 1922fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker &dataLength); 192317208e0de5a42722901d803118745cca25fd10c1Kenny Root } 192417208e0de5a42722901d803118745cca25fd10c1Kenny Root } else if (keyType == EVP_PKEY_EC) { 192596427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_ec_keygen_params_t ec_params; 192696427baf0094d50047049d329b0779c3c910402cKenny Root memset(&ec_params, '\0', sizeof(ec_params)); 192796427baf0094d50047049d329b0779c3c910402cKenny Root 192896427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 192996427baf0094d50047049d329b0779c3c910402cKenny Root keySize = EC_DEFAULT_KEY_SIZE; 193096427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) { 193196427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 193296427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 193396427baf0094d50047049d329b0779c3c910402cKenny Root } 193496427baf0094d50047049d329b0779c3c910402cKenny Root ec_params.field_size = keySize; 193596427baf0094d50047049d329b0779c3c910402cKenny Root 19361d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (isKeyTypeSupported(device, TYPE_EC)) { 193717208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = device->generate_keypair(device, TYPE_EC, &ec_params, &data, &dataLength); 193817208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 193917208e0de5a42722901d803118745cca25fd10c1Kenny Root isFallback = true; 1940fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = fallback->generate_keypair(fallback, TYPE_EC, &ec_params, &data, &dataLength); 194117208e0de5a42722901d803118745cca25fd10c1Kenny Root } 194296427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keyType == EVP_PKEY_RSA) { 194396427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_rsa_keygen_params_t rsa_params; 194496427baf0094d50047049d329b0779c3c910402cKenny Root memset(&rsa_params, '\0', sizeof(rsa_params)); 194596427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.public_exponent = RSA_DEFAULT_EXPONENT; 194696427baf0094d50047049d329b0779c3c910402cKenny Root 194796427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 194896427baf0094d50047049d329b0779c3c910402cKenny Root keySize = RSA_DEFAULT_KEY_SIZE; 194996427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keySize < RSA_MIN_KEY_SIZE || keySize > RSA_MAX_KEY_SIZE) { 195096427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 195196427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 195296427baf0094d50047049d329b0779c3c910402cKenny Root } 195396427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.modulus_size = keySize; 195496427baf0094d50047049d329b0779c3c910402cKenny Root 195596427baf0094d50047049d329b0779c3c910402cKenny Root if (args->size() > 1) { 19566489e02e134e4779d35c4a340ff68ad445fde133Matteo Franchin ALOGI("invalid number of arguments: %zu", args->size()); 195796427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 195896427baf0094d50047049d329b0779c3c910402cKenny Root } else if (args->size() == 1) { 195996427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> pubExpBlob = args->itemAt(0); 196096427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExpBlob != NULL) { 196196427baf0094d50047049d329b0779c3c910402cKenny Root Unique_BIGNUM pubExpBn( 196296427baf0094d50047049d329b0779c3c910402cKenny Root BN_bin2bn(reinterpret_cast<const unsigned char*>(pubExpBlob->data()), 196396427baf0094d50047049d329b0779c3c910402cKenny Root pubExpBlob->size(), NULL)); 196496427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExpBn.get() == NULL) { 196596427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("Could not convert public exponent to BN"); 196696427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 196796427baf0094d50047049d329b0779c3c910402cKenny Root } 196896427baf0094d50047049d329b0779c3c910402cKenny Root unsigned long pubExp = BN_get_word(pubExpBn.get()); 196996427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExp == 0xFFFFFFFFL) { 197096427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("cannot represent public exponent as a long value"); 197196427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 197296427baf0094d50047049d329b0779c3c910402cKenny Root } 197396427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.public_exponent = pubExp; 197496427baf0094d50047049d329b0779c3c910402cKenny Root } 197596427baf0094d50047049d329b0779c3c910402cKenny Root } 197696427baf0094d50047049d329b0779c3c910402cKenny Root 197796427baf0094d50047049d329b0779c3c910402cKenny Root rc = device->generate_keypair(device, TYPE_RSA, &rsa_params, &data, &dataLength); 197896427baf0094d50047049d329b0779c3c910402cKenny Root } else { 197996427baf0094d50047049d329b0779c3c910402cKenny Root ALOGW("Unsupported key type %d", keyType); 198096427baf0094d50047049d329b0779c3c910402cKenny Root rc = -1; 198196427baf0094d50047049d329b0779c3c910402cKenny Root } 198270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 198307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 198407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 198507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 198670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1987655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 name8(name); 1988655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 198970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 199007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR); 199107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root free(data); 199207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1993ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 199417208e0de5a42722901d803118745cca25fd10c1Kenny Root keyBlob.setFallback(isFallback); 199517208e0de5a42722901d803118745cca25fd10c1Kenny Root 1996655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->put(filename.string(), &keyBlob, callingUid); 199770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 199870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1999f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t import(const String16& name, const uint8_t* data, size_t length, int targetUid, 2000f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 2001d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2002eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2003eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_INSERT, spid)) { 2004d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: import", callingUid); 200507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 200607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 200770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2008494689083467ec372a58f094f041c8f102f39393Kenny Root if (targetUid == -1) { 2009494689083467ec372a58f094f041c8f102f39393Kenny Root targetUid = callingUid; 2010494689083467ec372a58f094f041c8f102f39393Kenny Root } else if (!is_granted_to(callingUid, targetUid)) { 2011b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 2012b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 2013b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 2014fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root State state = mKeyStore->getState(targetUid); 2015f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if ((flags & KEYSTORE_FLAG_ENCRYPTED) && !isKeystoreUnlocked(state)) { 201607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling import in state: %d", state); 201707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 201807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 201970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 202007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 202160898896c3f3b2245d10076cac64346c956dbaa5Kenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 202270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2023fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->importKey(data, length, filename.string(), targetUid, flags); 202470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 202570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 202607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out, 202707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t* outLength) { 2028d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2029eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2030eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_SIGN, spid)) { 2031d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: saw", callingUid); 203207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 203307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 20349a53d3eaf42104ddf02feeccec3cf7f5c1a34baeKenny Root 203507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 203607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 203770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2038d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGV("sign %s from uid %d", name8.string(), callingUid); 203907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int rc; 204070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2041655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2042d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ::TYPE_KEY_PAIR); 204307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 204407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 204507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 204670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2047919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 204807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 204907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("no keymaster device; cannot sign"); 205007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 205107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 205270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 205307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->sign_data == NULL) { 205407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("device doesn't implement signing"); 205507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 205607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 205770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 205807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_rsa_sign_params_t params; 205907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.digest_type = DIGEST_NONE; 206007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.padding_type = PADDING_NONE; 2061fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = device->sign_data(device, ¶ms, keyBlob.getValue(), keyBlob.getLength(), data, 2062fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker length, out, outLength); 206307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 206407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGW("device couldn't sign data"); 206507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 206607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 206770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 206807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 206970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 207070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 207107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t verify(const String16& name, const uint8_t* data, size_t dataLength, 207207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const uint8_t* signature, size_t signatureLength) { 2073d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2074eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2075eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_VERIFY, spid)) { 2076d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: verify", callingUid); 207707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 207807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 207970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2080655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 20819d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (!isKeystoreUnlocked(state)) { 208207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling verify in state: %d", state); 208307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 208407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 208570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 208607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 208707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 208807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int rc; 208970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2090655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2091494689083467ec372a58f094f041c8f102f39393Kenny Root TYPE_KEY_PAIR); 209207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 209307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 209407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 209570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2096919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 209707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 209807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 209907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 210070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 210107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->verify_data == NULL) { 210207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 210307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 210407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 210507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_rsa_sign_params_t params; 210607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.digest_type = DIGEST_NONE; 210707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.padding_type = PADDING_NONE; 210870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2109fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = device->verify_data(device, ¶ms, keyBlob.getValue(), keyBlob.getLength(), data, 2110fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker dataLength, signature, signatureLength); 211107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 211207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 211307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } else { 211407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 211507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 211670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 211770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 211807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 211907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * TODO: The abstraction between things stored in hardware and regular blobs 212007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * of data stored on the filesystem should be moved down to keystore itself. 212107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Unfortunately the Java code that calls this has naming conventions that it 212207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * knows about. Ideally keystore shouldn't be used to store random blobs of 212307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * data. 212407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * 212507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Until that happens, it's necessary to have a separate "get_pubkey" and 212607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * "del_key" since the Java code doesn't really communicate what it's 212707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * intentions are. 212807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 212907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) { 2130d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2131eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2132eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_GET, spid)) { 2133d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: get_pubkey", callingUid); 213407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 213507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 213670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 213707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 213807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 213970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2140d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGV("get_pubkey '%s' from uid %d", name8.string(), callingUid); 214170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2142655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 214307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root TYPE_KEY_PAIR); 214407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 214507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 214607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 214770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2148919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 214907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 215007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 215107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 215270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 215307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->get_keypair_public == NULL) { 215407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("device has no get_keypair_public implementation!"); 215507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 215607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 2157344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 215817208e0de5a42722901d803118745cca25fd10c1Kenny Root int rc; 2159fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = device->get_keypair_public(device, keyBlob.getValue(), keyBlob.getLength(), pubkey, 2160fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker pubkeyLength); 216107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 216207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 216307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 2164344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 216507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 2166344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root } 2167344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 2168494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t del_key(const String16& name, int targetUid) { 2169d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2170eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2171eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_DELETE, spid)) { 2172d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: del_key", callingUid); 217307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 217407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 2175344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 2176494689083467ec372a58f094f041c8f102f39393Kenny Root if (targetUid == -1) { 2177494689083467ec372a58f094f041c8f102f39393Kenny Root targetUid = callingUid; 2178494689083467ec372a58f094f041c8f102f39393Kenny Root } else if (!is_granted_to(callingUid, targetUid)) { 2179b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 2180b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 2181b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 218207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2183fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 21844b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return mKeyStore->del(filename.string(), ::TYPE_KEY_PAIR, targetUid); 2185a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 218607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 218707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t grant(const String16& name, int32_t granteeUid) { 2188d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2189eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2190eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_GRANT, spid)) { 2191d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: grant", callingUid); 219207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 219307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 219407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2195655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 21969d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (!isKeystoreUnlocked(state)) { 219707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling grant in state: %d", state); 219807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 219907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 220007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 220107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2202655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 220307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2204655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 220507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 220607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 220707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2208655b958eb2180c7c06889f83f606d23421bf038cKenny Root mKeyStore->addGrant(filename.string(), granteeUid); 220907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 2210a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 221107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 221207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t ungrant(const String16& name, int32_t granteeUid) { 2213d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2214eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2215eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_GRANT, spid)) { 2216d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: ungrant", callingUid); 221707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 221807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 221907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2220655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 22219d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (!isKeystoreUnlocked(state)) { 222207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling ungrant in state: %d", state); 222307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 222407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 222507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 222607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2227655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 222807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2229655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 223007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 223107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 223207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2233655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->removeGrant(filename.string(), granteeUid) ? ::NO_ERROR : ::KEY_NOT_FOUND; 2234a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 223507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 223607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int64_t getmtime(const String16& name) { 2237d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2238eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2239eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_GET, spid)) { 2240d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: getmtime", callingUid); 224136a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 224207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 224307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 224407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2245655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 224607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2247655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 2248655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not access %s for getmtime", filename.string()); 224936a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 2250a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 225107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2252655b958eb2180c7c06889f83f606d23421bf038cKenny Root int fd = TEMP_FAILURE_RETRY(open(filename.string(), O_NOFOLLOW, O_RDONLY)); 225307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (fd < 0) { 2254655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not open %s for getmtime", filename.string()); 225536a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 225607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 225707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 225807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct stat s; 225907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int ret = fstat(fd, &s); 226007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root close(fd); 226107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (ret == -1) { 2262655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not stat %s for getmtime", filename.string()); 226336a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 226407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 226507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 226636a9e231e03734cd2143383d26388455c1764e17Kenny Root return static_cast<int64_t>(s.st_mtime); 2267a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 226807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2269d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, 2270d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root int32_t destUid) { 22710225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2272eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2273eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_DUPLICATE, spid)) { 2274d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGW("permission denied for %d: duplicate", callingUid); 22750225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return -1L; 22760225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22770225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2278655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 22790225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root if (!isKeystoreUnlocked(state)) { 2280d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("calling duplicate in state: %d", state); 22810225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return state; 22820225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22830225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2284d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (srcUid == -1 || static_cast<uid_t>(srcUid) == callingUid) { 2285d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root srcUid = callingUid; 2286d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } else if (!is_granted_to(callingUid, srcUid)) { 2287d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("migrate not granted from source: %d -> %d", callingUid, srcUid); 22880225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return ::PERMISSION_DENIED; 22890225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22900225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2291d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (destUid == -1) { 2292d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root destUid = callingUid; 2293d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 22940225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2295d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (srcUid != destUid) { 2296d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (static_cast<uid_t>(srcUid) != callingUid) { 2297d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("can only duplicate from caller to other or to same uid: " 2298d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root "calling=%d, srcUid=%d, destUid=%d", callingUid, srcUid, destUid); 2299d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return ::PERMISSION_DENIED; 2300d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 23010225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2302d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (!is_granted_to(callingUid, destUid)) { 2303d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("duplicate not granted to dest: %d -> %d", callingUid, destUid); 2304d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return ::PERMISSION_DENIED; 2305d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 23060225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 23070225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2308d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root String8 source8(srcKey); 2309655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 sourceFile(mKeyStore->getKeyNameForUidWithDir(source8, srcUid)); 2310d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root 2311d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root String8 target8(destKey); 2312fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root String8 targetFile(mKeyStore->getKeyNameForUidWithDir(target8, destUid)); 23130225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2314655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(targetFile.string(), W_OK) != -1 || errno != ENOENT) { 2315655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGD("destination already exists: %s", targetFile.string()); 23160225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return ::SYSTEM_ERROR; 23170225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 23180225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2319d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root Blob keyBlob; 2320655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->get(sourceFile.string(), &keyBlob, TYPE_ANY, 2321fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root srcUid); 2322d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (responseCode != ::NO_ERROR) { 2323d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return responseCode; 23240225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 2325d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root 2326fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->put(targetFile.string(), &keyBlob, destUid); 23270225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 23280225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 23291b0e3933900c7ea21189704d5db64e7346aee7afKenny Root int32_t is_hardware_backed(const String16& keyType) { 23301b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return mKeyStore->isHardwareBacked(keyType) ? 1 : 0; 23318ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root } 23328ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root 2333fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root int32_t clear_uid(int64_t targetUid64) { 2334fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root uid_t targetUid = static_cast<uid_t>(targetUid64); 2335a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2336eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2337eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_CLEAR_UID, spid)) { 2338a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root ALOGW("permission denied for %d: clear_uid", callingUid); 2339a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root return ::PERMISSION_DENIED; 2340a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2341a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 2342fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root if (targetUid64 == -1) { 2343fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root targetUid = callingUid; 2344007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root } else if (!is_self_or_system(callingUid, targetUid)) { 2345007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root ALOGW("permission denied for %d: clear_uid %d", callingUid, targetUid); 2346fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return ::PERMISSION_DENIED; 2347fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root } 2348fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root 2349919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 2350a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root if (device == NULL) { 2351655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("can't get keymaster device"); 2352a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root return ::SYSTEM_ERROR; 2353a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2354a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 23554b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 prefix = String8::format("%u_", targetUid); 23564b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee Vector<String16> aliases; 23574b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mKeyStore->saw(prefix, &aliases, targetUid) != ::NO_ERROR) { 2358a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root return ::SYSTEM_ERROR; 2359a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2360a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 23614b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee for (uint32_t i = 0; i < aliases.size(); i++) { 23624b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 name8(aliases[i]); 23634b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 23644b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee mKeyStore->del(filename.string(), ::TYPE_ANY, targetUid); 2365a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 23664b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::NO_ERROR; 2367a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2368a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 23694b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee int32_t reset_uid(int32_t targetUid) { 23704e865753346fc6a075966972a7a98051818859dbRobin Lee uid_t callingUid = IPCThreadState::self()->getCallingUid(); 23714e865753346fc6a075966972a7a98051818859dbRobin Lee pid_t spid = IPCThreadState::self()->getCallingPid(); 23724b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 23734e865753346fc6a075966972a7a98051818859dbRobin Lee if (!has_permission(callingUid, P_RESET_UID, spid)) { 23744b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("permission denied for %d: reset_uid %d", callingUid, targetUid); 23754e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 23764e865753346fc6a075966972a7a98051818859dbRobin Lee } 23774b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (!is_self_or_system(callingUid, targetUid)) { 23784b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("permission denied for %d: reset_uid %d", callingUid, targetUid); 23794e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 23804e865753346fc6a075966972a7a98051818859dbRobin Lee } 23814e865753346fc6a075966972a7a98051818859dbRobin Lee 23824b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return mKeyStore->reset(targetUid) ? ::NO_ERROR : ::SYSTEM_ERROR; 23834e865753346fc6a075966972a7a98051818859dbRobin Lee } 23844e865753346fc6a075966972a7a98051818859dbRobin Lee 23854e865753346fc6a075966972a7a98051818859dbRobin Lee int32_t sync_uid(int32_t sourceUid, int32_t targetUid) { 23864e865753346fc6a075966972a7a98051818859dbRobin Lee uid_t callingUid = IPCThreadState::self()->getCallingUid(); 23874e865753346fc6a075966972a7a98051818859dbRobin Lee pid_t spid = IPCThreadState::self()->getCallingPid(); 23884e865753346fc6a075966972a7a98051818859dbRobin Lee if (!has_permission(callingUid, P_SYNC_UID, spid)) { 23894e865753346fc6a075966972a7a98051818859dbRobin Lee ALOGW("permission denied for %d: sync_uid %d -> %d", callingUid, sourceUid, targetUid); 23904e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 23914e865753346fc6a075966972a7a98051818859dbRobin Lee } 23924e865753346fc6a075966972a7a98051818859dbRobin Lee if (callingUid != AID_SYSTEM) { 23934e865753346fc6a075966972a7a98051818859dbRobin Lee ALOGW("permission denied for %d: sync_uid %d -> %d", callingUid, sourceUid, targetUid); 23944e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 23954e865753346fc6a075966972a7a98051818859dbRobin Lee } 23964e865753346fc6a075966972a7a98051818859dbRobin Lee if (sourceUid == targetUid) { 23974e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 23984e865753346fc6a075966972a7a98051818859dbRobin Lee } 23994e865753346fc6a075966972a7a98051818859dbRobin Lee 24004e865753346fc6a075966972a7a98051818859dbRobin Lee // Initialise user keystore with existing master key held in-memory 24014e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->copyMasterKey(sourceUid, targetUid); 24024e865753346fc6a075966972a7a98051818859dbRobin Lee } 24034e865753346fc6a075966972a7a98051818859dbRobin Lee 24044e865753346fc6a075966972a7a98051818859dbRobin Lee int32_t password_uid(const String16& pw, int32_t targetUid) { 24054e865753346fc6a075966972a7a98051818859dbRobin Lee uid_t callingUid = IPCThreadState::self()->getCallingUid(); 24064e865753346fc6a075966972a7a98051818859dbRobin Lee pid_t spid = IPCThreadState::self()->getCallingPid(); 24074e865753346fc6a075966972a7a98051818859dbRobin Lee if (!has_permission(callingUid, P_PASSWORD_UID, spid)) { 24084e865753346fc6a075966972a7a98051818859dbRobin Lee ALOGW("permission denied for %d: password_uid %d", callingUid, targetUid); 24094e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 24104e865753346fc6a075966972a7a98051818859dbRobin Lee } 24114e865753346fc6a075966972a7a98051818859dbRobin Lee if (callingUid != AID_SYSTEM) { 24124e865753346fc6a075966972a7a98051818859dbRobin Lee ALOGW("permission denied for %d: password_uid %d", callingUid, targetUid); 24134e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 24144e865753346fc6a075966972a7a98051818859dbRobin Lee } 24154e865753346fc6a075966972a7a98051818859dbRobin Lee 24164e865753346fc6a075966972a7a98051818859dbRobin Lee const String8 password8(pw); 24174e865753346fc6a075966972a7a98051818859dbRobin Lee 24184e865753346fc6a075966972a7a98051818859dbRobin Lee switch (mKeyStore->getState(targetUid)) { 24194e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_UNINITIALIZED: { 24204e865753346fc6a075966972a7a98051818859dbRobin Lee // generate master key, encrypt with password, write to file, initialize mMasterKey*. 24214e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->initializeUser(password8, targetUid); 24224e865753346fc6a075966972a7a98051818859dbRobin Lee } 24234e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_NO_ERROR: { 24244e865753346fc6a075966972a7a98051818859dbRobin Lee // rewrite master key with new password. 24254e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->writeMasterKey(password8, targetUid); 24264e865753346fc6a075966972a7a98051818859dbRobin Lee } 24274e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_LOCKED: { 24284e865753346fc6a075966972a7a98051818859dbRobin Lee // read master key, decrypt with password, initialize mMasterKey*. 24294e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->readMasterKey(password8, targetUid); 24304e865753346fc6a075966972a7a98051818859dbRobin Lee } 24314e865753346fc6a075966972a7a98051818859dbRobin Lee } 24324e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 24334e865753346fc6a075966972a7a98051818859dbRobin Lee } 24344e865753346fc6a075966972a7a98051818859dbRobin Lee 24359c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t addRngEntropy(const uint8_t* data, size_t dataLength) { 24369c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 24379c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 24389c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t devResult = KM_ERROR_UNIMPLEMENTED; 24399c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t fallbackResult = KM_ERROR_UNIMPLEMENTED; 24409c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 24419c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker device->add_rng_entropy != NULL) { 24429c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker devResult = device->add_rng_entropy(device, data, dataLength); 24439c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 24449c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (fallback->add_rng_entropy) { 24459c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker fallbackResult = fallback->add_rng_entropy(fallback, data, dataLength); 24469c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 24479c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (devResult) { 24489c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return devResult; 24499c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 24509c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (fallbackResult) { 24519c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return fallbackResult; 24529c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 24539c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return ::NO_ERROR; 24549899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24559899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 24569899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker int32_t generateKey(const String16& /*name*/, const KeymasterArguments& /*params*/, 24579899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker int /*uid*/, int /*flags*/, KeyCharacteristics* /*outCharacteristics*/) { 24589899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker return KM_ERROR_UNIMPLEMENTED; 24599899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24609899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 24619899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker int32_t getKeyCharacteristics(const String16& /*name*/, 24629899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker const keymaster_blob_t& /*clientId*/, 24639899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker const keymaster_blob_t& /*appData*/, 24649899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker KeyCharacteristics* /*outCharacteristics*/) { 24659899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker return KM_ERROR_UNIMPLEMENTED; 24669899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24679899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 24689899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker int32_t importKey(const String16& /*name*/, const KeymasterArguments& /*params*/, 24699899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker keymaster_key_format_t /*format*/, const uint8_t* /*keyData*/, 24709899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker size_t /*keyLength*/, int /*uid*/, int /*flags*/, 24719899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker KeyCharacteristics* /*outCharacteristics*/) { 24729899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker return KM_ERROR_UNIMPLEMENTED; 24739899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24749899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 24759899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker void exportKey(const String16& /*name*/, keymaster_key_format_t /*format*/, 24769899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker const keymaster_blob_t& /*clientId*/, 24779899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker const keymaster_blob_t& /*appData*/, ExportResult* result) { 24789899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker result->resultCode = KM_ERROR_UNIMPLEMENTED; 24799899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24809899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 24819899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker void begin(const sp<IBinder>& /*appToken*/, const String16& /*name*/, 24829899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker keymaster_purpose_t /*purpose*/, bool /*pruneable*/, 24839899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker const KeymasterArguments& /*params*/, KeymasterArguments* /*outParams*/, 24849899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker OperationResult* result) { 24859899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker result->resultCode = KM_ERROR_UNIMPLEMENTED; 24869899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24879899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 24889899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker void update(const sp<IBinder>& /*token*/, const KeymasterArguments& /*params*/, 24899899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker uint8_t* /*data*/, size_t /*dataLength*/, OperationResult* result) { 24909899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker result->resultCode = KM_ERROR_UNIMPLEMENTED; 24919899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24929899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 24939899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker void finish(const sp<IBinder>& /*token*/, const KeymasterArguments& /*args*/, 24949899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker uint8_t* /*signature*/, size_t /*signatureLength*/, OperationResult* result) { 24959899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker result->resultCode = KM_ERROR_UNIMPLEMENTED; 24969899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24979899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 24989899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker int32_t abort(const sp<IBinder>& /*token*/) { 24999899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker return KM_ERROR_UNIMPLEMENTED; 25009899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 25019899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 250207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootprivate: 25039d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root inline bool isKeystoreUnlocked(State state) { 25049d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root switch (state) { 25059d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_NO_ERROR: 25069d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return true; 25079d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_UNINITIALIZED: 25089d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_LOCKED: 25099d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return false; 25109d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root } 25119d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return false; 2512a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 251307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2514919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker bool isKeyTypeSupported(const keymaster1_device_t* device, keymaster_keypair_t keyType) { 25151d448c074a86ef5d05a22fdf1358718976628a86Kenny Root const int32_t device_api = device->common.module->module_api_version; 25161d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (device_api == KEYMASTER_MODULE_API_VERSION_0_2) { 25171d448c074a86ef5d05a22fdf1358718976628a86Kenny Root switch (keyType) { 25181d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_RSA: 25191d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_DSA: 25201d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_EC: 25211d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return true; 25221d448c074a86ef5d05a22fdf1358718976628a86Kenny Root default: 25231d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return false; 25241d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 25251d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } else if (device_api >= KEYMASTER_MODULE_API_VERSION_0_3) { 25261d448c074a86ef5d05a22fdf1358718976628a86Kenny Root switch (keyType) { 25271d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_RSA: 25281d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return true; 25291d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_DSA: 25301d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return device->flags & KEYMASTER_SUPPORTS_DSA; 25311d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_EC: 25321d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return device->flags & KEYMASTER_SUPPORTS_EC; 25331d448c074a86ef5d05a22fdf1358718976628a86Kenny Root default: 25341d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return false; 25351d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 25361d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } else { 25371d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return keyType == TYPE_RSA; 25381d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 25391d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 25401d448c074a86ef5d05a22fdf1358718976628a86Kenny Root 254107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ::KeyStore* mKeyStore; 254207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 254307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 254407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; // namespace android 2545a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 2546a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootint main(int argc, char* argv[]) { 2547a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (argc < 2) { 2548a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("A directory must be specified!"); 2549a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2550a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 2551a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (chdir(argv[1]) == -1) { 2552a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("chdir: %s: %s", argv[1], strerror(errno)); 2553a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2554a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 2555a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 2556a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Entropy entropy; 2557a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!entropy.open()) { 2558a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2559a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 256070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2561a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willden keymaster0_device_t* dev; 256270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (keymaster_device_initialize(&dev)) { 256370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("keystore keymaster could not be initialized; exiting"); 256470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return 1; 256570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 256670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2567919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t* fallback; 2568fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker if (fallback_keymaster_device_initialize(&fallback)) { 2569fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker ALOGE("software keymaster could not be initialized; exiting"); 2570fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return 1; 2571fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 2572fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 2573eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ks_is_selinux_enabled = is_selinux_enabled(); 2574eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (ks_is_selinux_enabled) { 2575eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn union selinux_callback cb; 2576eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn cb.func_log = selinux_log_callback; 2577eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn selinux_set_callback(SELINUX_CB_LOG, cb); 2578eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (getcon(&tctx) != 0) { 2579eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("SELinux: Could not acquire target context. Aborting keystore.\n"); 2580eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return -1; 2581eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 2582eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } else { 2583eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGI("SELinux: Keystore SELinux is disabled.\n"); 2584eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 2585eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 2586919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker KeyStore keyStore(&entropy, reinterpret_cast<keymaster1_device_t*>(dev), fallback); 2587655b958eb2180c7c06889f83f606d23421bf038cKenny Root keyStore.initialize(); 258807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::sp<android::IServiceManager> sm = android::defaultServiceManager(); 258907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::sp<android::KeyStoreProxy> proxy = new android::KeyStoreProxy(&keyStore); 259007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::status_t ret = sm->addService(android::String16("android.security.keystore"), proxy); 259107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (ret != android::OK) { 259207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("Couldn't register binder service!"); 259307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return -1; 2594a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 259570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 259607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 259707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * We're the only thread in existence, so we're just going to process 259807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Binder transaction as a single-threaded program. 259907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 260007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::IPCThreadState::self()->joinThreadPool(); 260170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 260207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_device_release(dev); 2603a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2604a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 2605