keystore.cpp revision d80c7b487b2f7f0bf955d0efeaa3db6dcd160639
1a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* 2a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Copyright (C) 2009 The Android Open Source Project 3a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 4a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Licensed under the Apache License, Version 2.0 (the "License"); 5a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * you may not use this file except in compliance with the License. 6a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * You may obtain a copy of the License at 7a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 8a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * http://www.apache.org/licenses/LICENSE-2.0 9a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * 10a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * Unless required by applicable law or agreed to in writing, software 11a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * distributed under the License is distributed on an "AS IS" BASIS, 12a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * See the License for the specific language governing permissions and 14a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * limitations under the License. 15a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root */ 16a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root//#define LOG_NDEBUG 0 1807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#define LOG_TAG "keystore" 1907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 20a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <stdio.h> 21a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <stdint.h> 22a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <string.h> 23aaf9802da6cea710e0777abb852724e1825cad63Elliott Hughes#include <strings.h> 24a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <unistd.h> 25a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <signal.h> 26a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <errno.h> 27a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <dirent.h> 28655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <errno.h> 29a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <fcntl.h> 30a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <limits.h> 31822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <assert.h> 32a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/types.h> 33a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/socket.h> 34a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/stat.h> 35a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <sys/time.h> 36a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <arpa/inet.h> 37a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 38a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/aes.h> 39822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <openssl/bio.h> 40a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/evp.h> 41a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <openssl/md5.h> 42822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root#include <openssl/pem.h> 43a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 44a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willden#include <hardware/keymaster0.h> 4570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 4617208e0de5a42722901d803118745cca25fd10c1Kenny Root#include <keymaster/softkeymaster.h> 47919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker#include <keymaster/soft_keymaster_device.h> 4817208e0de5a42722901d803118745cca25fd10c1Kenny Root 4926cfc08add3966eca5892e3387cf5ed6dc3068fbKenny Root#include <UniquePtr.h> 50655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <utils/String8.h> 51655b958eb2180c7c06889f83f606d23421bf038cKenny Root#include <utils/Vector.h> 5270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 5307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <keystore/IKeystoreService.h> 5407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <binder/IPCThreadState.h> 5507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <binder/IServiceManager.h> 5607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 57a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <cutils/log.h> 58a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <cutils/sockets.h> 59a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#include <private/android_filesystem_config.h> 60a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 6107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root#include <keystore/keystore.h> 62a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 63eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn#include <selinux/android.h> 64eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 65d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker#include "auth_token_table.h" 6696427baf0094d50047049d329b0779c3c910402cKenny Root#include "defaults.h" 6740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker#include "operation.h" 6896427baf0094d50047049d329b0779c3c910402cKenny Root 69a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* KeyStore is a secured storage for key-value pairs. In this implementation, 70a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * each file stores one key-value pair. Keys are encoded in file names, and 71a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * values are encrypted with checksums. The encryption key is protected by a 72a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * user-defined password. To keep things simple, buffers are always larger than 73a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * the maximum space we needed, so boundary checks on buffers are omitted. */ 74a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 75a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define KEY_SIZE ((NAME_MAX - 15) / 2) 76a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define VALUE_SIZE 32768 77a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root#define PASSWORD_SIZE VALUE_SIZE 78a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 79822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 8096427baf0094d50047049d329b0779c3c910402cKenny Rootstruct BIGNUM_Delete { 8196427baf0094d50047049d329b0779c3c910402cKenny Root void operator()(BIGNUM* p) const { 8296427baf0094d50047049d329b0779c3c910402cKenny Root BN_free(p); 8396427baf0094d50047049d329b0779c3c910402cKenny Root } 8496427baf0094d50047049d329b0779c3c910402cKenny Root}; 8596427baf0094d50047049d329b0779c3c910402cKenny Roottypedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; 8696427baf0094d50047049d329b0779c3c910402cKenny Root 87822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct BIO_Delete { 88822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(BIO* p) const { 89822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root BIO_free(p); 90822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 91822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 92822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<BIO, BIO_Delete> Unique_BIO; 93822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 94822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct EVP_PKEY_Delete { 95822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(EVP_PKEY* p) const { 96822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root EVP_PKEY_free(p); 97822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 98822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 99822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<EVP_PKEY, EVP_PKEY_Delete> Unique_EVP_PKEY; 100822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 101822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Rootstruct PKCS8_PRIV_KEY_INFO_Delete { 102822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void operator()(PKCS8_PRIV_KEY_INFO* p) const { 103822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root PKCS8_PRIV_KEY_INFO_free(p); 104822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 105822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root}; 106822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef UniquePtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_Delete> Unique_PKCS8_PRIV_KEY_INFO; 107822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 108822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 109a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willdenstatic int keymaster_device_initialize(keymaster0_device_t** dev) { 11070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root int rc; 11170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 11270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root const hw_module_t* mod; 11370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root rc = hw_get_module_by_class(KEYSTORE_HARDWARE_MODULE_ID, NULL, &mod); 11470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (rc) { 11570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("could not find any keystore module"); 11670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root goto out; 11770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 11870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 119a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willden rc = keymaster0_open(mod, dev); 12070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (rc) { 12170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("could not open keymaster device in %s (%s)", 12270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root KEYSTORE_HARDWARE_MODULE_ID, strerror(-rc)); 12370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root goto out; 12470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 12570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 12670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return 0; 12770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 12870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Rootout: 12970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root *dev = NULL; 13070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return rc; 13170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 13270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 133919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubakerstatic int fallback_keymaster_device_initialize(keymaster1_device_t** dev) { 134919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster::SoftKeymasterDevice* softkeymaster = 135919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker new keymaster::SoftKeymasterDevice(); 136919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker // SoftKeymasterDevice is designed to make this cast safe. 137919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker *dev = reinterpret_cast<keymaster1_device_t*>(softkeymaster); 138fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return 0; 139fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker} 140fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 141a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willdenstatic void keymaster_device_release(keymaster0_device_t* dev) { 142a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willden keymaster0_close(dev); 14370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 14470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 14507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/*************** 14607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * PERMISSIONS * 14707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ***************/ 14807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 14907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/* Here are the permissions, actions, users, and the main function. */ 15007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Roottypedef enum { 1514e865753346fc6a075966972a7a98051818859dbRobin Lee P_TEST = 1 << 0, 1524e865753346fc6a075966972a7a98051818859dbRobin Lee P_GET = 1 << 1, 1534e865753346fc6a075966972a7a98051818859dbRobin Lee P_INSERT = 1 << 2, 1544e865753346fc6a075966972a7a98051818859dbRobin Lee P_DELETE = 1 << 3, 1554e865753346fc6a075966972a7a98051818859dbRobin Lee P_EXIST = 1 << 4, 1564e865753346fc6a075966972a7a98051818859dbRobin Lee P_SAW = 1 << 5, 1574e865753346fc6a075966972a7a98051818859dbRobin Lee P_RESET = 1 << 6, 1584e865753346fc6a075966972a7a98051818859dbRobin Lee P_PASSWORD = 1 << 7, 1594e865753346fc6a075966972a7a98051818859dbRobin Lee P_LOCK = 1 << 8, 1604e865753346fc6a075966972a7a98051818859dbRobin Lee P_UNLOCK = 1 << 9, 1614e865753346fc6a075966972a7a98051818859dbRobin Lee P_ZERO = 1 << 10, 1624e865753346fc6a075966972a7a98051818859dbRobin Lee P_SIGN = 1 << 11, 1634e865753346fc6a075966972a7a98051818859dbRobin Lee P_VERIFY = 1 << 12, 1644e865753346fc6a075966972a7a98051818859dbRobin Lee P_GRANT = 1 << 13, 1654e865753346fc6a075966972a7a98051818859dbRobin Lee P_DUPLICATE = 1 << 14, 1664e865753346fc6a075966972a7a98051818859dbRobin Lee P_CLEAR_UID = 1 << 15, 1674e865753346fc6a075966972a7a98051818859dbRobin Lee P_RESET_UID = 1 << 16, 1684e865753346fc6a075966972a7a98051818859dbRobin Lee P_SYNC_UID = 1 << 17, 1694e865753346fc6a075966972a7a98051818859dbRobin Lee P_PASSWORD_UID = 1 << 18, 170d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker P_ADD_AUTH = 1 << 19, 17107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} perm_t; 17207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 17307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic struct user_euid { 17407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t uid; 17507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t euid; 17607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} user_euids[] = { 17707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_VPN, AID_SYSTEM}, 17807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_WIFI, AID_SYSTEM}, 17907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_ROOT, AID_SYSTEM}, 18007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 18107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 182eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn/* perm_labels associcated with keystore_key SELinux class verbs. */ 183eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnconst char *perm_labels[] = { 184eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "test", 185eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "get", 186eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "insert", 187eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "delete", 188eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "exist", 189eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "saw", 190eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "reset", 191eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "password", 192eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "lock", 193eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "unlock", 194eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "zero", 195eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "sign", 196eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "verify", 197eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "grant", 198eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn "duplicate", 1994e865753346fc6a075966972a7a98051818859dbRobin Lee "clear_uid", 2004e865753346fc6a075966972a7a98051818859dbRobin Lee "reset_uid", 2014e865753346fc6a075966972a7a98051818859dbRobin Lee "sync_uid", 2024e865753346fc6a075966972a7a98051818859dbRobin Lee "password_uid", 203d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker "add_auth", 204eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn}; 205eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 20607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic struct user_perm { 20707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uid_t uid; 20807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root perm_t perms; 20907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} user_perms[] = { 21007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_SYSTEM, static_cast<perm_t>((uint32_t)(~0)) }, 21107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_VPN, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY) }, 21207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_WIFI, static_cast<perm_t>(P_GET | P_SIGN | P_VERIFY) }, 21307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root {AID_ROOT, static_cast<perm_t>(P_GET) }, 21407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 21507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 21607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic const perm_t DEFAULT_PERMS = static_cast<perm_t>(P_TEST | P_GET | P_INSERT | P_DELETE | P_EXIST | P_SAW | P_SIGN 21707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root | P_VERIFY); 21807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 219eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic char *tctx; 220eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic int ks_is_selinux_enabled; 221eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 222eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic const char *get_perm_label(perm_t perm) { 223eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn unsigned int index = ffs(perm); 224eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (index > 0 && index <= (sizeof(perm_labels) / sizeof(perm_labels[0]))) { 225eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return perm_labels[index - 1]; 226eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } else { 227eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("Keystore: Failed to retrieve permission label.\n"); 228eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn abort(); 229eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 230eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn} 231eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 232655b958eb2180c7c06889f83f606d23421bf038cKenny Root/** 233655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns the app ID (in the Android multi-user sense) for the current 234655b958eb2180c7c06889f83f606d23421bf038cKenny Root * UNIX UID. 235655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 236655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic uid_t get_app_id(uid_t uid) { 237655b958eb2180c7c06889f83f606d23421bf038cKenny Root return uid % AID_USER; 238655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 239655b958eb2180c7c06889f83f606d23421bf038cKenny Root 240655b958eb2180c7c06889f83f606d23421bf038cKenny Root/** 241655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns the user ID (in the Android multi-user sense) for the current 242655b958eb2180c7c06889f83f606d23421bf038cKenny Root * UNIX UID. 243655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 244655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic uid_t get_user_id(uid_t uid) { 245655b958eb2180c7c06889f83f606d23421bf038cKenny Root return uid / AID_USER; 246655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 247655b958eb2180c7c06889f83f606d23421bf038cKenny Root 248a25b2a397fff48dea7bce16af2065e6f5f043956Chih-Hung Hsiehstatic bool keystore_selinux_check_access(uid_t /*uid*/, perm_t perm, pid_t spid) { 249eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!ks_is_selinux_enabled) { 250eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return true; 251eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 252eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 253eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn char *sctx = NULL; 254eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn const char *selinux_class = "keystore_key"; 255eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn const char *str_perm = get_perm_label(perm); 256eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 257eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!str_perm) { 258eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return false; 259eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 260eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 261eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (getpidcon(spid, &sctx) != 0) { 262eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("SELinux: Failed to get source pid context.\n"); 263eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return false; 264eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 26566dbf67dd65b4808a15ef64f0ffde1275bdd58a9Nick Kralevich 266eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn bool allowed = selinux_check_access(sctx, tctx, selinux_class, str_perm, 267eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn NULL) == 0; 268eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn freecon(sctx); 269eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return allowed; 270eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn} 271eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 272eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahnstatic bool has_permission(uid_t uid, perm_t perm, pid_t spid) { 273655b958eb2180c7c06889f83f606d23421bf038cKenny Root // All system users are equivalent for multi-user support. 274655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (get_app_id(uid) == AID_SYSTEM) { 275655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid = AID_SYSTEM; 276655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 277655b958eb2180c7c06889f83f606d23421bf038cKenny Root 27807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (size_t i = 0; i < sizeof(user_perms)/sizeof(user_perms[0]); i++) { 27907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct user_perm user = user_perms[i]; 28007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (user.uid == uid) { 281eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return (user.perms & perm) && 282eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn keystore_selinux_check_access(uid, perm, spid); 28307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 28407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 28507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 286eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return (DEFAULT_PERMS & perm) && 287eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn keystore_selinux_check_access(uid, perm, spid); 28807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 28907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 290494689083467ec372a58f094f041c8f102f39393Kenny Root/** 291494689083467ec372a58f094f041c8f102f39393Kenny Root * Returns the UID that the callingUid should act as. This is here for 292494689083467ec372a58f094f041c8f102f39393Kenny Root * legacy support of the WiFi and VPN systems and should be removed 293494689083467ec372a58f094f041c8f102f39393Kenny Root * when WiFi can operate in its own namespace. 294494689083467ec372a58f094f041c8f102f39393Kenny Root */ 29507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic uid_t get_keystore_euid(uid_t uid) { 29607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (size_t i = 0; i < sizeof(user_euids)/sizeof(user_euids[0]); i++) { 29707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct user_euid user = user_euids[i]; 29807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (user.uid == uid) { 29907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return user.euid; 30007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 30107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 30207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 30307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return uid; 30407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 30507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 306494689083467ec372a58f094f041c8f102f39393Kenny Root/** 307494689083467ec372a58f094f041c8f102f39393Kenny Root * Returns true if the callingUid is allowed to interact in the targetUid's 308494689083467ec372a58f094f041c8f102f39393Kenny Root * namespace. 309494689083467ec372a58f094f041c8f102f39393Kenny Root */ 310494689083467ec372a58f094f041c8f102f39393Kenny Rootstatic bool is_granted_to(uid_t callingUid, uid_t targetUid) { 311494689083467ec372a58f094f041c8f102f39393Kenny Root for (size_t i = 0; i < sizeof(user_euids)/sizeof(user_euids[0]); i++) { 312494689083467ec372a58f094f041c8f102f39393Kenny Root struct user_euid user = user_euids[i]; 313494689083467ec372a58f094f041c8f102f39393Kenny Root if (user.euid == callingUid && user.uid == targetUid) { 314494689083467ec372a58f094f041c8f102f39393Kenny Root return true; 315494689083467ec372a58f094f041c8f102f39393Kenny Root } 316494689083467ec372a58f094f041c8f102f39393Kenny Root } 317494689083467ec372a58f094f041c8f102f39393Kenny Root 318494689083467ec372a58f094f041c8f102f39393Kenny Root return false; 319494689083467ec372a58f094f041c8f102f39393Kenny Root} 320494689083467ec372a58f094f041c8f102f39393Kenny Root 321007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root/** 322007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root * Allow the system to perform some privileged tasks that have to do with 323007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root * system maintenance. This should not be used for any function that uses 324007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root * the keys in any way (e.g., signing). 325007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root */ 326007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Rootstatic bool is_self_or_system(uid_t callingUid, uid_t targetUid) { 327007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root return callingUid == targetUid || callingUid == AID_SYSTEM; 328007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root} 329007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root 330a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* Here is the encoding of keys. This is necessary in order to allow arbitrary 331a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * characters in keys. Characters in [0-~] are not encoded. Others are encoded 332a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * into two bytes. The first byte is one of [+-.] which represents the first 333a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * two bits of the character. The second byte encodes the rest of the bits into 334a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * [0-o]. Therefore in the worst case the length of a key gets doubled. Note 335a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * that Base64 cannot be used here due to the need of prefix match on keys. */ 336a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 337655b958eb2180c7c06889f83f606d23421bf038cKenny Rootstatic size_t encode_key_length(const android::String8& keyName) { 338655b958eb2180c7c06889f83f606d23421bf038cKenny Root const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string()); 339655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t length = keyName.length(); 340655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (int i = length; i > 0; --i, ++in) { 341655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (*in < '0' || *in > '~') { 342655b958eb2180c7c06889f83f606d23421bf038cKenny Root ++length; 343655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 344655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 345655b958eb2180c7c06889f83f606d23421bf038cKenny Root return length; 346655b958eb2180c7c06889f83f606d23421bf038cKenny Root} 347655b958eb2180c7c06889f83f606d23421bf038cKenny Root 34807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic int encode_key(char* out, const android::String8& keyName) { 34907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string()); 35007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t length = keyName.length(); 351a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root for (int i = length; i > 0; --i, ++in, ++out) { 352655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (*in < '0' || *in > '~') { 353a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '+' + (*in >> 6); 354a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *++out = '0' + (*in & 0x3F); 355a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ++length; 356655b958eb2180c7c06889f83f606d23421bf038cKenny Root } else { 357655b958eb2180c7c06889f83f606d23421bf038cKenny Root *out = *in; 358a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 359a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 360a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '\0'; 36170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return length; 36270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root} 36370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 36407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root/* 36507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Converts from the "escaped" format on disk to actual name. 36607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * This will be smaller than the input string. 36707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * 36807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Characters that should combine with the next at the end will be truncated. 36907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 37007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic size_t decode_key_length(const char* in, size_t length) { 37107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t outLength = 0; 37207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 37307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (const char* end = in + length; in < end; in++) { 37407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* This combines with the next character. */ 37507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (*in < '0' || *in > '~') { 37607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root continue; 37707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 37807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 37907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root outLength++; 38007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 38107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return outLength; 38207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root} 38307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 38407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootstatic void decode_key(char* out, const char* in, size_t length) { 38507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root for (const char* end = in + length; in < end; in++) { 38607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (*in < '0' || *in > '~') { 38707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* Truncate combining characters at the end. */ 38807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (in + 1 >= end) { 38907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root break; 39007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 39107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 39207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out = (*in++ - '+') << 6; 39307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out++ |= (*in - '0') & 0x3F; 394a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 39507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *out++ = *in; 396a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 397a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 398a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root *out = '\0'; 399a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 400a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 401a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstatic size_t readFully(int fd, uint8_t* data, size_t size) { 402a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t remaining = size; 403a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while (remaining > 0) { 404150ca934edb745de3666a6492b039900df228ff0Kenny Root ssize_t n = TEMP_FAILURE_RETRY(read(fd, data, remaining)); 4055281edbc9445065479e92a6c86da462f3943c2caKenny Root if (n <= 0) { 406150ca934edb745de3666a6492b039900df228ff0Kenny Root return size - remaining; 407a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 408a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root data += n; 409a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root remaining -= n; 410a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 411a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return size; 412a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 413a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 414a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstatic size_t writeFully(int fd, uint8_t* data, size_t size) { 415a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t remaining = size; 416a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while (remaining > 0) { 417150ca934edb745de3666a6492b039900df228ff0Kenny Root ssize_t n = TEMP_FAILURE_RETRY(write(fd, data, remaining)); 418150ca934edb745de3666a6492b039900df228ff0Kenny Root if (n < 0) { 419150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("write failed: %s", strerror(errno)); 420150ca934edb745de3666a6492b039900df228ff0Kenny Root return size - remaining; 421a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 422a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root data += n; 423a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root remaining -= n; 424a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 425a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return size; 426a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 427a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 428a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootclass Entropy { 429a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootpublic: 430a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Entropy() : mRandom(-1) {} 431a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ~Entropy() { 432150ca934edb745de3666a6492b039900df228ff0Kenny Root if (mRandom >= 0) { 433a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root close(mRandom); 434a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 435a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 436a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 437a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root bool open() { 438a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root const char* randomDevice = "/dev/urandom"; 439150ca934edb745de3666a6492b039900df228ff0Kenny Root mRandom = TEMP_FAILURE_RETRY(::open(randomDevice, O_RDONLY)); 440150ca934edb745de3666a6492b039900df228ff0Kenny Root if (mRandom < 0) { 441a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("open: %s: %s", randomDevice, strerror(errno)); 442a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return false; 443a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 444a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 445a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 446a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 4475187818895c4c5f650a611c40531b1dff7764c18Kenny Root bool generate_random_data(uint8_t* data, size_t size) const { 448a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return (readFully(mRandom, data, size) == size); 449a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 450a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 451a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootprivate: 452a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root int mRandom; 453a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 454a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 455a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root/* Here is the file format. There are two parts in blob.value, the secret and 456a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * the description. The secret is stored in ciphertext, and its original size 457a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * can be found in blob.length. The description is stored after the secret in 458a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * plaintext, and its size is specified in blob.info. The total size of the two 459822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * parts must be no more than VALUE_SIZE bytes. The first field is the version, 460f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root * the second is the blob's type, and the third byte is flags. Fields other 461a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * than blob.info, blob.length, and blob.value are modified by encryptBlob() 462a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root * and decryptBlob(). Thus they should not be accessed from outside. */ 463a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 464822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root/* ** Note to future implementors of encryption: ** 465822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Currently this is the construction: 466822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * metadata || Enc(MD5(data) || data) 467822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 468822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * This should be the construction used for encrypting if re-implementing: 469822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 470822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Derive independent keys for encryption and MAC: 471822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Kenc = AES_encrypt(masterKey, "Encrypt") 472822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Kmac = AES_encrypt(masterKey, "MAC") 473822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * 474822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Store this: 475822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * metadata || AES_CTR_encrypt(Kenc, rand_IV, data) || 476822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * HMAC(Kmac, metadata || Enc(data)) 477822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 478a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootstruct __attribute__((packed)) blob { 479822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t version; 480822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t type; 481f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t flags; 482a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t info; 483a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t vector[AES_BLOCK_SIZE]; 484822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t encrypted[0]; // Marks offset to encrypted data. 485a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t digest[MD5_DIGEST_LENGTH]; 486822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t digested[0]; // Marks offset to digested data. 487a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root int32_t length; // in network byte order when encrypted 488a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t value[VALUE_SIZE + AES_BLOCK_SIZE]; 489a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 490a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 491822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Roottypedef enum { 492d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root TYPE_ANY = 0, // meta type that matches anything 493822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_GENERIC = 1, 494822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_MASTER_KEY = 2, 495822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root TYPE_KEY_PAIR = 3, 49617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker TYPE_KEYMASTER_10 = 4, 497822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root} BlobType; 498822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 499f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Rootstatic const uint8_t CURRENT_BLOB_VERSION = 2; 500822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 501a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootclass Blob { 502a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootpublic: 50307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob(const uint8_t* value, int32_t valueLength, const uint8_t* info, uint8_t infoLength, 50407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root BlobType type) { 505a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = valueLength; 506a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mBlob.value, value, valueLength); 507a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 508a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.info = infoLength; 509a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mBlob.value + valueLength, info, infoLength); 510822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 51107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root mBlob.version = CURRENT_BLOB_VERSION; 512822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.type = uint8_t(type); 513f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 514ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root if (type == TYPE_MASTER_KEY) { 515ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root mBlob.flags = KEYSTORE_FLAG_ENCRYPTED; 516ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root } else { 517ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root mBlob.flags = KEYSTORE_FLAG_NONE; 518ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root } 519a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 520a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 521a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob(blob b) { 522a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob = b; 523a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 524a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 525a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob() {} 526a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5275187818895c4c5f650a611c40531b1dff7764c18Kenny Root const uint8_t* getValue() const { 528a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.value; 529a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 530a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5315187818895c4c5f650a611c40531b1dff7764c18Kenny Root int32_t getLength() const { 532a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.length; 533a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 534a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 5355187818895c4c5f650a611c40531b1dff7764c18Kenny Root const uint8_t* getInfo() const { 5365187818895c4c5f650a611c40531b1dff7764c18Kenny Root return mBlob.value + mBlob.length; 5375187818895c4c5f650a611c40531b1dff7764c18Kenny Root } 5385187818895c4c5f650a611c40531b1dff7764c18Kenny Root 5395187818895c4c5f650a611c40531b1dff7764c18Kenny Root uint8_t getInfoLength() const { 540a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mBlob.info; 541a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 542a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 543822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t getVersion() const { 544822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return mBlob.version; 545822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 546822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 547f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root bool isEncrypted() const { 548f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (mBlob.version < 2) { 549f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return true; 550f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 551f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 552f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return mBlob.flags & KEYSTORE_FLAG_ENCRYPTED; 553f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 554f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 555f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root void setEncrypted(bool encrypted) { 556f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encrypted) { 557f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.flags |= KEYSTORE_FLAG_ENCRYPTED; 558f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } else { 559f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.flags &= ~KEYSTORE_FLAG_ENCRYPTED; 560f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 561f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 562f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 56317208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback() const { 56417208e0de5a42722901d803118745cca25fd10c1Kenny Root return mBlob.flags & KEYSTORE_FLAG_FALLBACK; 56517208e0de5a42722901d803118745cca25fd10c1Kenny Root } 56617208e0de5a42722901d803118745cca25fd10c1Kenny Root 56717208e0de5a42722901d803118745cca25fd10c1Kenny Root void setFallback(bool fallback) { 56817208e0de5a42722901d803118745cca25fd10c1Kenny Root if (fallback) { 56917208e0de5a42722901d803118745cca25fd10c1Kenny Root mBlob.flags |= KEYSTORE_FLAG_FALLBACK; 57017208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 57117208e0de5a42722901d803118745cca25fd10c1Kenny Root mBlob.flags &= ~KEYSTORE_FLAG_FALLBACK; 57217208e0de5a42722901d803118745cca25fd10c1Kenny Root } 57317208e0de5a42722901d803118745cca25fd10c1Kenny Root } 57417208e0de5a42722901d803118745cca25fd10c1Kenny Root 575822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void setVersion(uint8_t version) { 576822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.version = version; 577822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 578822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 579822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root BlobType getType() const { 580822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return BlobType(mBlob.type); 581822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 582822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 583822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root void setType(BlobType type) { 584822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root mBlob.type = uint8_t(type); 585822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 586822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 587f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode writeBlob(const char* filename, AES_KEY *aes_key, State state, Entropy* entropy) { 588f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("writing blob %s", filename); 589f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 590f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (state != STATE_NO_ERROR) { 591f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGD("couldn't insert encrypted blob while not unlocked"); 592f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return LOCKED; 593f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 594f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 595f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (!entropy->generate_random_data(mBlob.vector, AES_BLOCK_SIZE)) { 596f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGW("Could not read random data for: %s", filename); 597f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return SYSTEM_ERROR; 598f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 599a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 600a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 601a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // data includes the value and the value's length 602a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t dataLength = mBlob.length + sizeof(mBlob.length); 603a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // pad data to the AES_BLOCK_SIZE 604a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t digestedLength = ((dataLength + AES_BLOCK_SIZE - 1) 605a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root / AES_BLOCK_SIZE * AES_BLOCK_SIZE); 606a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // encrypted data includes the digest value 607a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t encryptedLength = digestedLength + MD5_DIGEST_LENGTH; 608a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // move info after space for padding 609a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memmove(&mBlob.encrypted[encryptedLength], &mBlob.value[mBlob.length], mBlob.info); 610a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // zero padding area 611a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memset(mBlob.value + mBlob.length, 0, digestedLength - dataLength); 612a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 613a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = htonl(mBlob.length); 614a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 615f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 616f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root MD5(mBlob.digested, digestedLength, mBlob.digest); 617f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 618f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t vector[AES_BLOCK_SIZE]; 619f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root memcpy(vector, mBlob.vector, AES_BLOCK_SIZE); 620f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, 621f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root aes_key, vector, AES_ENCRYPT); 622f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 623a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 624a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob); 625a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t fileLength = encryptedLength + headerLength + mBlob.info; 626a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 627a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root const char* tmpFileName = ".tmp"; 628150ca934edb745de3666a6492b039900df228ff0Kenny Root int out = TEMP_FAILURE_RETRY(open(tmpFileName, 629150ca934edb745de3666a6492b039900df228ff0Kenny Root O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); 630150ca934edb745de3666a6492b039900df228ff0Kenny Root if (out < 0) { 631150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("could not open file: %s: %s", tmpFileName, strerror(errno)); 632a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 633a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 634a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t writtenBytes = writeFully(out, (uint8_t*) &mBlob, fileLength); 635a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(out) != 0) { 636a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 637a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 638a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (writtenBytes != fileLength) { 639150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("blob not fully written %zu != %zu", writtenBytes, fileLength); 640a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root unlink(tmpFileName); 641a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 642a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 643150ca934edb745de3666a6492b039900df228ff0Kenny Root if (rename(tmpFileName, filename) == -1) { 644150ca934edb745de3666a6492b039900df228ff0Kenny Root ALOGW("could not rename blob to %s: %s", filename, strerror(errno)); 645150ca934edb745de3666a6492b039900df228ff0Kenny Root return SYSTEM_ERROR; 646150ca934edb745de3666a6492b039900df228ff0Kenny Root } 647150ca934edb745de3666a6492b039900df228ff0Kenny Root return NO_ERROR; 648a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 649a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 650f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode readBlob(const char* filename, AES_KEY *aes_key, State state) { 651f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("reading blob %s", filename); 652150ca934edb745de3666a6492b039900df228ff0Kenny Root int in = TEMP_FAILURE_RETRY(open(filename, O_RDONLY)); 653150ca934edb745de3666a6492b039900df228ff0Kenny Root if (in < 0) { 654a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return (errno == ENOENT) ? KEY_NOT_FOUND : SYSTEM_ERROR; 655a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 656a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // fileLength may be less than sizeof(mBlob) since the in 657a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // memory version has extra padding to tolerate rounding up to 658a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // the AES_BLOCK_SIZE 659a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t fileLength = readFully(in, (uint8_t*) &mBlob, sizeof(mBlob)); 660a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(in) != 0) { 661a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 662a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 663f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 664f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted() && (state != STATE_NO_ERROR)) { 665f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return LOCKED; 666f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 667f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 668a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob); 669a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (fileLength < headerLength) { 670a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 671a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 672a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 673a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ssize_t encryptedLength = fileLength - (headerLength + mBlob.info); 674f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encryptedLength < 0) { 675a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 676a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 677f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 678f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ssize_t digestedLength; 679f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (isEncrypted()) { 680f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (encryptedLength % AES_BLOCK_SIZE != 0) { 681f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return VALUE_CORRUPTED; 682f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 683f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 684f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, aes_key, 685f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mBlob.vector, AES_DECRYPT); 686f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root digestedLength = encryptedLength - MD5_DIGEST_LENGTH; 687f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root uint8_t computedDigest[MD5_DIGEST_LENGTH]; 688f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root MD5(mBlob.digested, digestedLength, computedDigest); 689f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (memcmp(mBlob.digest, computedDigest, MD5_DIGEST_LENGTH) != 0) { 690f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return VALUE_CORRUPTED; 691f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 692f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } else { 693f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root digestedLength = encryptedLength; 694a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 695a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 696a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ssize_t maxValueLength = digestedLength - sizeof(mBlob.length); 697a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root mBlob.length = ntohl(mBlob.length); 698a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mBlob.length < 0 || mBlob.length > maxValueLength) { 699a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return VALUE_CORRUPTED; 700a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 701a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mBlob.info != 0) { 702a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // move info from after padding to after data 703a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memmove(&mBlob.value[mBlob.length], &mBlob.value[maxValueLength], mBlob.info); 704a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 70507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 706a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 707a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 708a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootprivate: 709a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root struct blob mBlob; 710a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root}; 711a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 712655b958eb2180c7c06889f83f606d23421bf038cKenny Rootclass UserState { 713655b958eb2180c7c06889f83f606d23421bf038cKenny Rootpublic: 714655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState(uid_t userId) : mUserId(userId), mRetry(MAX_RETRY) { 715655b958eb2180c7c06889f83f606d23421bf038cKenny Root asprintf(&mUserDir, "user_%u", mUserId); 716655b958eb2180c7c06889f83f606d23421bf038cKenny Root asprintf(&mMasterKeyFile, "%s/.masterkey", mUserDir); 717655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 71870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 719655b958eb2180c7c06889f83f606d23421bf038cKenny Root ~UserState() { 720655b958eb2180c7c06889f83f606d23421bf038cKenny Root free(mUserDir); 721655b958eb2180c7c06889f83f606d23421bf038cKenny Root free(mMasterKeyFile); 722655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 72370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 724655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool initialize() { 725655b958eb2180c7c06889f83f606d23421bf038cKenny Root if ((mkdir(mUserDir, S_IRUSR | S_IWUSR | S_IXUSR) < 0) && (errno != EEXIST)) { 726655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("Could not create directory '%s'", mUserDir); 727655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 728655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 729655b958eb2180c7c06889f83f606d23421bf038cKenny Root 730655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(mMasterKeyFile, R_OK) == 0) { 731a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setState(STATE_LOCKED); 732a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 733a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setState(STATE_UNINITIALIZED); 734a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 73570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 736655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 737655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 738655b958eb2180c7c06889f83f606d23421bf038cKenny Root 739655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t getUserId() const { 740655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mUserId; 741655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 742655b958eb2180c7c06889f83f606d23421bf038cKenny Root 743655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* getUserDirName() const { 744655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mUserDir; 745655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 746655b958eb2180c7c06889f83f606d23421bf038cKenny Root 747655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* getMasterKeyFileName() const { 748655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mMasterKeyFile; 749655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 750655b958eb2180c7c06889f83f606d23421bf038cKenny Root 751655b958eb2180c7c06889f83f606d23421bf038cKenny Root void setState(State state) { 752655b958eb2180c7c06889f83f606d23421bf038cKenny Root mState = state; 753655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (mState == STATE_NO_ERROR || mState == STATE_UNINITIALIZED) { 754655b958eb2180c7c06889f83f606d23421bf038cKenny Root mRetry = MAX_RETRY; 755655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 756a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 757a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7585187818895c4c5f650a611c40531b1dff7764c18Kenny Root State getState() const { 759a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mState; 760a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 761a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7625187818895c4c5f650a611c40531b1dff7764c18Kenny Root int8_t getRetry() const { 763a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return mRetry; 764a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 765a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 766655b958eb2180c7c06889f83f606d23421bf038cKenny Root void zeroizeMasterKeysInMemory() { 767655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(mMasterKey, 0, sizeof(mMasterKey)); 768655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(mSalt, 0, sizeof(mSalt)); 769655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMasterKeyEncryption, 0, sizeof(mMasterKeyEncryption)); 770655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMasterKeyDecryption, 0, sizeof(mMasterKeyDecryption)); 77170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 77270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 773655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initialize(const android::String8& pw, Entropy* entropy) { 774655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateMasterKey(entropy)) { 775a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 776a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 777655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode response = writeMasterKey(pw, entropy); 778a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response != NO_ERROR) { 779a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return response; 780a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 781a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setupMasterKeys(); 78207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 783a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 784a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 7854e865753346fc6a075966972a7a98051818859dbRobin Lee ResponseCode copyMasterKey(UserState* src) { 7864e865753346fc6a075966972a7a98051818859dbRobin Lee if (mState != STATE_UNINITIALIZED) { 7874e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 7884e865753346fc6a075966972a7a98051818859dbRobin Lee } 7894e865753346fc6a075966972a7a98051818859dbRobin Lee if (src->getState() != STATE_NO_ERROR) { 7904e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 7914e865753346fc6a075966972a7a98051818859dbRobin Lee } 7924e865753346fc6a075966972a7a98051818859dbRobin Lee memcpy(mMasterKey, src->mMasterKey, MASTER_KEY_SIZE_BYTES); 7934e865753346fc6a075966972a7a98051818859dbRobin Lee setupMasterKeys(); 7944e865753346fc6a075966972a7a98051818859dbRobin Lee return ::NO_ERROR; 7954e865753346fc6a075966972a7a98051818859dbRobin Lee } 7964e865753346fc6a075966972a7a98051818859dbRobin Lee 797655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode writeMasterKey(const android::String8& pw, Entropy* entropy) { 798a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t passwordKey[MASTER_KEY_SIZE_BYTES]; 799a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, mSalt); 800a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_KEY passwordAesKey; 801a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_set_encrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey); 802822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Blob masterKeyBlob(mMasterKey, sizeof(mMasterKey), mSalt, sizeof(mSalt), TYPE_MASTER_KEY); 803f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return masterKeyBlob.writeBlob(mMasterKeyFile, &passwordAesKey, STATE_NO_ERROR, entropy); 804a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 805a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 806655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode readMasterKey(const android::String8& pw, Entropy* entropy) { 807655b958eb2180c7c06889f83f606d23421bf038cKenny Root int in = TEMP_FAILURE_RETRY(open(mMasterKeyFile, O_RDONLY)); 808150ca934edb745de3666a6492b039900df228ff0Kenny Root if (in < 0) { 809a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 810a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 811a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 812a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // we read the raw blob to just to get the salt to generate 813a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // the AES key, then we create the Blob to use with decryptBlob 814a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root blob rawBlob; 815a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root size_t length = readFully(in, (uint8_t*) &rawBlob, sizeof(rawBlob)); 816a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (close(in) != 0) { 817a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 818a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 819a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // find salt at EOF if present, otherwise we have an old file 820a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t* salt; 821a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (length > SALT_SIZE && rawBlob.info == SALT_SIZE) { 822a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root salt = (uint8_t*) &rawBlob + length - SALT_SIZE; 823a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } else { 824a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root salt = NULL; 825a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 826a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root uint8_t passwordKey[MASTER_KEY_SIZE_BYTES]; 827a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, salt); 828a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_KEY passwordAesKey; 829a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root AES_set_decrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey); 830a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Blob masterKeyBlob(rawBlob); 831f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode response = masterKeyBlob.readBlob(mMasterKeyFile, &passwordAesKey, 832f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root STATE_NO_ERROR); 833a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == SYSTEM_ERROR) { 834f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return response; 835a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 836a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == NO_ERROR && masterKeyBlob.getLength() == MASTER_KEY_SIZE_BYTES) { 837a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root // if salt was missing, generate one and write a new master key file with the salt. 838a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (salt == NULL) { 839655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateSalt(entropy)) { 840a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return SYSTEM_ERROR; 841a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 842655b958eb2180c7c06889f83f606d23421bf038cKenny Root response = writeMasterKey(pw, entropy); 843a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 844a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (response == NO_ERROR) { 845a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root memcpy(mMasterKey, masterKeyBlob.getValue(), MASTER_KEY_SIZE_BYTES); 846a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root setupMasterKeys(); 847a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 848a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return response; 849a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 850a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (mRetry <= 0) { 851a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root reset(); 852a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return UNINITIALIZED; 853a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 854a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root --mRetry; 855a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root switch (mRetry) { 856a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 0: return WRONG_PASSWORD_0; 857a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 1: return WRONG_PASSWORD_1; 858a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 2: return WRONG_PASSWORD_2; 859a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root case 3: return WRONG_PASSWORD_3; 860a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root default: return WRONG_PASSWORD_3; 861a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 862a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 863a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 864655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY* getEncryptionKey() { 865655b958eb2180c7c06889f83f606d23421bf038cKenny Root return &mMasterKeyEncryption; 866655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 867a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 868655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY* getDecryptionKey() { 869655b958eb2180c7c06889f83f606d23421bf038cKenny Root return &mMasterKeyDecryption; 870655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 871a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 872655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool reset() { 873655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir(getUserDirName()); 874a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!dir) { 875655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't open user directory: %s", strerror(errno)); 876a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return false; 877a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 878655b958eb2180c7c06889f83f606d23421bf038cKenny Root 879655b958eb2180c7c06889f83f606d23421bf038cKenny Root struct dirent* file; 880a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while ((file = readdir(dir)) != NULL) { 881655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 882655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 883655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 884655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 885655b958eb2180c7c06889f83f606d23421bf038cKenny Root 886655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 887931fac098f2ae35aa1da26ced57962c9a21f95cfKenny Root if (file->d_name[0] == '.' && strcmp(".masterkey", file->d_name)) { 888655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 889655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 890655b958eb2180c7c06889f83f606d23421bf038cKenny Root 891655b958eb2180c7c06889f83f606d23421bf038cKenny Root unlinkat(dirfd(dir), file->d_name, 0); 892a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 893a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root closedir(dir); 894a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 895a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 896a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 897655b958eb2180c7c06889f83f606d23421bf038cKenny Rootprivate: 898655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MASTER_KEY_SIZE_BYTES = 16; 899655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8; 900655b958eb2180c7c06889f83f606d23421bf038cKenny Root 901655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const int MAX_RETRY = 4; 902655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const size_t SALT_SIZE = 16; 903655b958eb2180c7c06889f83f606d23421bf038cKenny Root 904655b958eb2180c7c06889f83f606d23421bf038cKenny Root void generateKeyFromPassword(uint8_t* key, ssize_t keySize, const android::String8& pw, 905655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t* salt) { 906655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t saltSize; 907655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (salt != NULL) { 908655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize = SALT_SIZE; 909655b958eb2180c7c06889f83f606d23421bf038cKenny Root } else { 910655b958eb2180c7c06889f83f606d23421bf038cKenny Root // pre-gingerbread used this hardwired salt, readMasterKey will rewrite these when found 911655b958eb2180c7c06889f83f606d23421bf038cKenny Root salt = (uint8_t*) "keystore"; 912655b958eb2180c7c06889f83f606d23421bf038cKenny Root // sizeof = 9, not strlen = 8 913655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize = sizeof("keystore"); 914655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 915655b958eb2180c7c06889f83f606d23421bf038cKenny Root 916655b958eb2180c7c06889f83f606d23421bf038cKenny Root PKCS5_PBKDF2_HMAC_SHA1(reinterpret_cast<const char*>(pw.string()), pw.length(), salt, 917655b958eb2180c7c06889f83f606d23421bf038cKenny Root saltSize, 8192, keySize, key); 918655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 919655b958eb2180c7c06889f83f606d23421bf038cKenny Root 920655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool generateSalt(Entropy* entropy) { 921655b958eb2180c7c06889f83f606d23421bf038cKenny Root return entropy->generate_random_data(mSalt, sizeof(mSalt)); 922655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 923655b958eb2180c7c06889f83f606d23421bf038cKenny Root 924655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool generateMasterKey(Entropy* entropy) { 925655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!entropy->generate_random_data(mMasterKey, sizeof(mMasterKey))) { 926655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 927655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 928655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!generateSalt(entropy)) { 929655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 930655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 931655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 932655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 933655b958eb2180c7c06889f83f606d23421bf038cKenny Root 934655b958eb2180c7c06889f83f606d23421bf038cKenny Root void setupMasterKeys() { 935655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_set_encrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyEncryption); 936655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_set_decrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyDecryption); 937655b958eb2180c7c06889f83f606d23421bf038cKenny Root setState(STATE_NO_ERROR); 938655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 939655b958eb2180c7c06889f83f606d23421bf038cKenny Root 940655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t mUserId; 941655b958eb2180c7c06889f83f606d23421bf038cKenny Root 942655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* mUserDir; 943655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* mMasterKeyFile; 944655b958eb2180c7c06889f83f606d23421bf038cKenny Root 945655b958eb2180c7c06889f83f606d23421bf038cKenny Root State mState; 946655b958eb2180c7c06889f83f606d23421bf038cKenny Root int8_t mRetry; 947655b958eb2180c7c06889f83f606d23421bf038cKenny Root 948655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t mMasterKey[MASTER_KEY_SIZE_BYTES]; 949655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint8_t mSalt[SALT_SIZE]; 950655b958eb2180c7c06889f83f606d23421bf038cKenny Root 951655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY mMasterKeyEncryption; 952655b958eb2180c7c06889f83f606d23421bf038cKenny Root AES_KEY mMasterKeyDecryption; 953655b958eb2180c7c06889f83f606d23421bf038cKenny Root}; 954655b958eb2180c7c06889f83f606d23421bf038cKenny Root 955655b958eb2180c7c06889f83f606d23421bf038cKenny Roottypedef struct { 956655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint32_t uid; 957655b958eb2180c7c06889f83f606d23421bf038cKenny Root const uint8_t* filename; 958655b958eb2180c7c06889f83f606d23421bf038cKenny Root} grant_t; 959655b958eb2180c7c06889f83f606d23421bf038cKenny Root 960655b958eb2180c7c06889f83f606d23421bf038cKenny Rootclass KeyStore { 961655b958eb2180c7c06889f83f606d23421bf038cKenny Rootpublic: 962919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker KeyStore(Entropy* entropy, keymaster1_device_t* device, keymaster1_device_t* fallback) 963655b958eb2180c7c06889f83f606d23421bf038cKenny Root : mEntropy(entropy) 964655b958eb2180c7c06889f83f606d23421bf038cKenny Root , mDevice(device) 965fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker , mFallbackDevice(fallback) 966655b958eb2180c7c06889f83f606d23421bf038cKenny Root { 967655b958eb2180c7c06889f83f606d23421bf038cKenny Root memset(&mMetaData, '\0', sizeof(mMetaData)); 968655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 969655b958eb2180c7c06889f83f606d23421bf038cKenny Root 970655b958eb2180c7c06889f83f606d23421bf038cKenny Root ~KeyStore() { 971655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::iterator it(mGrants.begin()); 972655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 973655b958eb2180c7c06889f83f606d23421bf038cKenny Root delete *it; 974655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 975c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5haitao fang mGrants.clear(); 976655b958eb2180c7c06889f83f606d23421bf038cKenny Root 977655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::iterator it(mMasterKeys.begin()); 978655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 979655b958eb2180c7c06889f83f606d23421bf038cKenny Root delete *it; 980655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 981c35d4eb3e66aa69ca17dd83b1bcdcc19276bf8e5haitao fang mMasterKeys.clear(); 982655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 983655b958eb2180c7c06889f83f606d23421bf038cKenny Root 984919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker /** 985919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker * Depending on the hardware keymaster version is this may return a 986919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker * keymaster0_device_t* cast to a keymaster1_device_t*. All methods from 987919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker * keymaster0 are safe to call, calls to keymaster1_device_t methods should 988919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker * be guarded by a check on the device's version. 989919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker */ 990919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t *getDevice() const { 991655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mDevice; 992655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 993655b958eb2180c7c06889f83f606d23421bf038cKenny Root 994919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t *getFallbackDevice() const { 995fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return mFallbackDevice; 996fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 997fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 998919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t *getDeviceForBlob(const Blob& blob) const { 999fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return blob.isFallback() ? mFallbackDevice: mDevice; 1000fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 1001fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 1002655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initialize() { 1003655b958eb2180c7c06889f83f606d23421bf038cKenny Root readMetaData(); 1004655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (upgradeKeystore()) { 1005655b958eb2180c7c06889f83f606d23421bf038cKenny Root writeMetaData(); 1006655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1007655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1008655b958eb2180c7c06889f83f606d23421bf038cKenny Root return ::NO_ERROR; 1009655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1010655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1011655b958eb2180c7c06889f83f606d23421bf038cKenny Root State getState(uid_t uid) { 1012655b958eb2180c7c06889f83f606d23421bf038cKenny Root return getUserState(uid)->getState(); 1013655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1014655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1015655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode initializeUser(const android::String8& pw, uid_t uid) { 1016655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1017655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->initialize(pw, mEntropy); 1018655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1019655b958eb2180c7c06889f83f606d23421bf038cKenny Root 10204e865753346fc6a075966972a7a98051818859dbRobin Lee ResponseCode copyMasterKey(uid_t src, uid_t uid) { 10214e865753346fc6a075966972a7a98051818859dbRobin Lee UserState *userState = getUserState(uid); 10224e865753346fc6a075966972a7a98051818859dbRobin Lee UserState *initState = getUserState(src); 10234e865753346fc6a075966972a7a98051818859dbRobin Lee return userState->copyMasterKey(initState); 10244e865753346fc6a075966972a7a98051818859dbRobin Lee } 10254e865753346fc6a075966972a7a98051818859dbRobin Lee 1026655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode writeMasterKey(const android::String8& pw, uid_t uid) { 102750122db50bcb6c1aab50ef235c8f9d264b50e97aRobin Lee UserState* userState = getUserState(uid); 1028655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->writeMasterKey(pw, mEntropy); 1029655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1030655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1031655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode readMasterKey(const android::String8& pw, uid_t uid) { 103250122db50bcb6c1aab50ef235c8f9d264b50e97aRobin Lee UserState* userState = getUserState(uid); 1033655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->readMasterKey(pw, mEntropy); 1034655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1035655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1036655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyName(const android::String8& keyName) { 1037a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1038655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1039655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8(encoded); 1040655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1041655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1042655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyNameForUid(const android::String8& keyName, uid_t uid) { 1043a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1044655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1045655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8::format("%u_%s", uid, encoded); 1046655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1047655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1048655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::String8 getKeyNameForUidWithDir(const android::String8& keyName, uid_t uid) { 1049a77e809ecff5190790906fb7a3c527259c735071Douglas Leung char encoded[encode_key_length(keyName) + 1]; // add 1 for null char 1050655b958eb2180c7c06889f83f606d23421bf038cKenny Root encode_key(encoded, keyName); 1051655b958eb2180c7c06889f83f606d23421bf038cKenny Root return android::String8::format("%s/%u_%s", getUserState(uid)->getUserDirName(), uid, 1052655b958eb2180c7c06889f83f606d23421bf038cKenny Root encoded); 1053655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1054655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1055655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool reset(uid_t uid) { 10564b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::String8 prefix(""); 10574b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::Vector<android::String16> aliases; 10584b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (saw(prefix, &aliases, uid) != ::NO_ERROR) { 10594b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 10604b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 10614b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 1062655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 10634b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee for (uint32_t i = 0; i < aliases.size(); i++) { 10644b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee android::String8 filename(aliases[i]); 10654b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee filename = android::String8::format("%s/%s", userState->getUserDirName(), 10664b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee getKeyName(filename).string()); 10674b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee del(filename, ::TYPE_ANY, uid); 10684b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 10694b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 1070655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->zeroizeMasterKeysInMemory(); 1071655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->setState(STATE_UNINITIALIZED); 1072655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState->reset(); 1073655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1074655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1075655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool isEmpty(uid_t uid) const { 1076655b958eb2180c7c06889f83f606d23421bf038cKenny Root const UserState* userState = getUserState(uid); 107731e27468b6d822adbd2aec9219a68c206aa6957cKenny Root if (userState == NULL || userState->getState() == STATE_UNINITIALIZED) { 1078655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 1079655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1080655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1081655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir(userState->getUserDirName()); 1082a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!dir) { 1083a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return true; 1084a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1085655b958eb2180c7c06889f83f606d23421bf038cKenny Root 108631e27468b6d822adbd2aec9219a68c206aa6957cKenny Root bool result = true; 108731e27468b6d822adbd2aec9219a68c206aa6957cKenny Root struct dirent* file; 1088a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root while ((file = readdir(dir)) != NULL) { 1089655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 1090655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 1091655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1092655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1093655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1094655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 1095655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_name[0] == '.') { 1096655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1097655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1098655b958eb2180c7c06889f83f606d23421bf038cKenny Root 109931e27468b6d822adbd2aec9219a68c206aa6957cKenny Root result = false; 110031e27468b6d822adbd2aec9219a68c206aa6957cKenny Root break; 1101a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1102a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root closedir(dir); 1103a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return result; 1104a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1105a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1106655b958eb2180c7c06889f83f606d23421bf038cKenny Root void lock(uid_t uid) { 1107655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1108655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->zeroizeMasterKeysInMemory(); 1109655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->setState(STATE_LOCKED); 1110a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1111a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1112655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode get(const char* filename, Blob* keyBlob, const BlobType type, uid_t uid) { 1113655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1114f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode rc = keyBlob->readBlob(filename, userState->getDecryptionKey(), 1115f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root userState->getState()); 1116822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc != NO_ERROR) { 1117822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1118822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1119822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1120822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root const uint8_t version = keyBlob->getVersion(); 112107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (version < CURRENT_BLOB_VERSION) { 1122cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root /* If we upgrade the key, we need to write it to disk again. Then 1123cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root * it must be read it again since the blob is encrypted each time 1124cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root * it's written. 1125cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root */ 1126655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (upgradeBlob(filename, keyBlob, version, type, uid)) { 1127655b958eb2180c7c06889f83f606d23421bf038cKenny Root if ((rc = this->put(filename, keyBlob, uid)) != NO_ERROR 1128f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root || (rc = keyBlob->readBlob(filename, userState->getDecryptionKey(), 1129f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root userState->getState())) != NO_ERROR) { 1130cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root return rc; 1131cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root } 1132cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root } 1133822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1134822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 113517208e0de5a42722901d803118745cca25fd10c1Kenny Root /* 113617208e0de5a42722901d803118745cca25fd10c1Kenny Root * This will upgrade software-backed keys to hardware-backed keys when 113717208e0de5a42722901d803118745cca25fd10c1Kenny Root * the HAL for the device supports the newer key types. 113817208e0de5a42722901d803118745cca25fd10c1Kenny Root */ 113917208e0de5a42722901d803118745cca25fd10c1Kenny Root if (rc == NO_ERROR && type == TYPE_KEY_PAIR 114017208e0de5a42722901d803118745cca25fd10c1Kenny Root && mDevice->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_0_2 114117208e0de5a42722901d803118745cca25fd10c1Kenny Root && keyBlob->isFallback()) { 114217208e0de5a42722901d803118745cca25fd10c1Kenny Root ResponseCode imported = importKey(keyBlob->getValue(), keyBlob->getLength(), filename, 114317208e0de5a42722901d803118745cca25fd10c1Kenny Root uid, keyBlob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); 114417208e0de5a42722901d803118745cca25fd10c1Kenny Root 114517208e0de5a42722901d803118745cca25fd10c1Kenny Root // The HAL allowed the import, reget the key to have the "fresh" 114617208e0de5a42722901d803118745cca25fd10c1Kenny Root // version. 114717208e0de5a42722901d803118745cca25fd10c1Kenny Root if (imported == NO_ERROR) { 114817208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = get(filename, keyBlob, TYPE_KEY_PAIR, uid); 114917208e0de5a42722901d803118745cca25fd10c1Kenny Root } 115017208e0de5a42722901d803118745cca25fd10c1Kenny Root } 115117208e0de5a42722901d803118745cca25fd10c1Kenny Root 1152d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (type != TYPE_ANY && keyBlob->getType() != type) { 1153822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGW("key found but type doesn't match: %d vs %d", keyBlob->getType(), type); 1154822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return KEY_NOT_FOUND; 1155822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1156822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1157822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1158a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1159a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1160655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode put(const char* filename, Blob* keyBlob, uid_t uid) { 1161655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(uid); 1162f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return keyBlob->writeBlob(filename, userState->getEncryptionKey(), userState->getState(), 1163f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root mEntropy); 1164a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1165a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 11664b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode del(const char *filename, const BlobType type, uid_t uid) { 11674b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee Blob keyBlob; 11684b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode rc = get(filename, &keyBlob, type, uid); 11694b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (rc != ::NO_ERROR) { 11704b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return rc; 11714b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11724b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11734b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (keyBlob.getType() == ::TYPE_KEY_PAIR) { 11744b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // A device doesn't have to implement delete_keypair. 11754b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mDevice->delete_keypair != NULL && !keyBlob.isFallback()) { 11764b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mDevice->delete_keypair(mDevice, keyBlob.getValue(), keyBlob.getLength())) { 11774b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee rc = ::SYSTEM_ERROR; 11784b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11794b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11804b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 118117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (keyBlob.getType() == ::TYPE_KEYMASTER_10) { 118217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster1_device_t* dev = getDeviceForBlob(keyBlob); 118317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (dev->delete_key) { 118417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_blob_t blob; 118517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker blob.key_material = keyBlob.getValue(); 118617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker blob.key_material_size = keyBlob.getLength(); 118717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker dev->delete_key(dev, &blob); 118817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 118917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 11904b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (rc != ::NO_ERROR) { 11914b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return rc; 11924b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11934b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11944b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return (unlink(filename) && errno != ENOENT) ? ::SYSTEM_ERROR : ::NO_ERROR; 11954b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 11964b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 11974b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ResponseCode saw(const android::String8& prefix, android::Vector<android::String16> *matches, 11984b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee uid_t uid) { 11994b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12004b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee UserState* userState = getUserState(uid); 12014b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t n = prefix.length(); 12024b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12034b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee DIR* dir = opendir(userState->getUserDirName()); 12044b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (!dir) { 12054b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("can't open directory for user: %s", strerror(errno)); 12064b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 12074b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12084b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12094b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee struct dirent* file; 12104b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee while ((file = readdir(dir)) != NULL) { 12114b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // We only care about files. 12124b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (file->d_type != DT_REG) { 12134b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee continue; 12144b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12154b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12164b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee // Skip anything that starts with a "." 12174b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (file->d_name[0] == '.') { 12184b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee continue; 12194b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12204b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12214b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (!strncmp(prefix.string(), file->d_name, n)) { 12224b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee const char* p = &file->d_name[n]; 12234b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t plen = strlen(p); 12244b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 12254b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee size_t extra = decode_key_length(p, plen); 12264b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee char *match = (char*) malloc(extra + 1); 12274b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (match != NULL) { 12284b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee decode_key(match, p, plen); 12294b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee matches->push(android::String16(match, extra)); 12304b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee free(match); 12314b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } else { 12324b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("could not allocate match of size %zd", extra); 12334b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12344b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12354b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12364b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee closedir(dir); 12374b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::NO_ERROR; 12384b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee } 12394b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 124007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root void addGrant(const char* filename, uid_t granteeUid) { 1241655b958eb2180c7c06889f83f606d23421bf038cKenny Root const grant_t* existing = getGrant(filename, granteeUid); 1242655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (existing == NULL) { 1243655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = new grant_t; 124407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root grant->uid = granteeUid; 1245a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom grant->filename = reinterpret_cast<const uint8_t*>(strdup(filename)); 1246655b958eb2180c7c06889f83f606d23421bf038cKenny Root mGrants.add(grant); 124770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 124870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 124970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 125007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root bool removeGrant(const char* filename, uid_t granteeUid) { 1251655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::iterator it(mGrants.begin()); 1252655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 1253655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = *it; 1254655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (grant->uid == granteeUid 1255655b958eb2180c7c06889f83f606d23421bf038cKenny Root && !strcmp(reinterpret_cast<const char*>(grant->filename), filename)) { 1256655b958eb2180c7c06889f83f606d23421bf038cKenny Root mGrants.erase(it); 1257655b958eb2180c7c06889f83f606d23421bf038cKenny Root return true; 1258655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 125970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 126070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return false; 126170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 126270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1263a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom bool hasGrant(const char* filename, const uid_t uid) const { 1264a8c703d9fdd98e3caefb6e74cd03c2878cecd0a1Brian Carlstrom return getGrant(filename, uid) != NULL; 126570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 126670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1267f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode importKey(const uint8_t* key, size_t keyLen, const char* filename, uid_t uid, 1268f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 1269822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t* data; 1270822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root size_t dataLength; 1271822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root int rc; 1272822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1273822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (mDevice->import_keypair == NULL) { 1274822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Keymaster doesn't support import!"); 1275822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1276822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1277822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 127817208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback = false; 127907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root rc = mDevice->import_keypair(mDevice, key, keyLen, &data, &dataLength); 1280822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc) { 1281a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root /* 1282a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * Maybe the device doesn't support this type of key. Try to use the 1283a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * software fallback keymaster implementation. This is a little bit 1284a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * lazier than checking the PKCS#8 key type, but the software 1285a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root * implementation will do that anyway. 1286a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root */ 12877c1eb75a6898452867ca28a4d7fad2d91edca615Chad Brubaker rc = mFallbackDevice->import_keypair(mFallbackDevice, key, keyLen, &data, &dataLength); 1288a39da5a226975f8b75f93de255a21d526ae8d334Kenny Root isFallback = true; 128917208e0de5a42722901d803118745cca25fd10c1Kenny Root 129017208e0de5a42722901d803118745cca25fd10c1Kenny Root if (rc) { 129117208e0de5a42722901d803118745cca25fd10c1Kenny Root ALOGE("Error while importing keypair: %d", rc); 129217208e0de5a42722901d803118745cca25fd10c1Kenny Root return SYSTEM_ERROR; 129317208e0de5a42722901d803118745cca25fd10c1Kenny Root } 1294822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1295822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1296822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR); 1297822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root free(data); 1298822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1299f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 130017208e0de5a42722901d803118745cca25fd10c1Kenny Root keyBlob.setFallback(isFallback); 1301f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1302655b958eb2180c7c06889f83f606d23421bf038cKenny Root return put(filename, &keyBlob, uid); 1303822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1304822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 13051b0e3933900c7ea21189704d5db64e7346aee7afKenny Root bool isHardwareBacked(const android::String16& keyType) const { 13061b0e3933900c7ea21189704d5db64e7346aee7afKenny Root if (mDevice == NULL) { 13071b0e3933900c7ea21189704d5db64e7346aee7afKenny Root ALOGW("can't get keymaster device"); 13081b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return false; 13091b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } 13101b0e3933900c7ea21189704d5db64e7346aee7afKenny Root 13111b0e3933900c7ea21189704d5db64e7346aee7afKenny Root if (sRSAKeyType == keyType) { 13121b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0; 13131b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } else { 13141b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return (mDevice->flags & KEYMASTER_SOFTWARE_ONLY) == 0 13151b0e3933900c7ea21189704d5db64e7346aee7afKenny Root && (mDevice->common.module->module_api_version 13161b0e3933900c7ea21189704d5db64e7346aee7afKenny Root >= KEYMASTER_MODULE_API_VERSION_0_2); 13171b0e3933900c7ea21189704d5db64e7346aee7afKenny Root } 13188ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root } 13198ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root 1320655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode getKeyForName(Blob* keyBlob, const android::String8& keyName, const uid_t uid, 1321655b958eb2180c7c06889f83f606d23421bf038cKenny Root const BlobType type) { 132286b16e8c0d353af97f0411917789308dba417295Kenny Root android::String8 filepath8(getKeyNameForUidWithDir(keyName, uid)); 1323a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1324655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = get(filepath8.string(), keyBlob, type, uid); 1325655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (responseCode == NO_ERROR) { 1326655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1327655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1328a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1329655b958eb2180c7c06889f83f606d23421bf038cKenny Root // If this is one of the legacy UID->UID mappings, use it. 1330655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t euid = get_keystore_euid(uid); 1331655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (euid != uid) { 133286b16e8c0d353af97f0411917789308dba417295Kenny Root filepath8 = getKeyNameForUidWithDir(keyName, euid); 1333655b958eb2180c7c06889f83f606d23421bf038cKenny Root responseCode = get(filepath8.string(), keyBlob, type, uid); 1334655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (responseCode == NO_ERROR) { 1335655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1336655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1337655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 133870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1339655b958eb2180c7c06889f83f606d23421bf038cKenny Root // They might be using a granted key. 134086b16e8c0d353af97f0411917789308dba417295Kenny Root android::String8 filename8 = getKeyName(keyName); 1341655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* end; 134286b16e8c0d353af97f0411917789308dba417295Kenny Root strtoul(filename8.string(), &end, 10); 1343655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (end[0] != '_' || end[1] == 0) { 1344655b958eb2180c7c06889f83f606d23421bf038cKenny Root return KEY_NOT_FOUND; 1345655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 134686b16e8c0d353af97f0411917789308dba417295Kenny Root filepath8 = android::String8::format("%s/%s", getUserState(uid)->getUserDirName(), 134786b16e8c0d353af97f0411917789308dba417295Kenny Root filename8.string()); 1348655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!hasGrant(filepath8.string(), uid)) { 1349655b958eb2180c7c06889f83f606d23421bf038cKenny Root return responseCode; 1350a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1351a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1352655b958eb2180c7c06889f83f606d23421bf038cKenny Root // It is a granted key. Try to load it. 1353655b958eb2180c7c06889f83f606d23421bf038cKenny Root return get(filepath8.string(), keyBlob, type, uid); 1354a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1355a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1356655b958eb2180c7c06889f83f606d23421bf038cKenny Root /** 1357655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns any existing UserState or creates it if it doesn't exist. 1358655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1359655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* getUserState(uid_t uid) { 1360655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t userId = get_user_id(uid); 1361655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1362655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::iterator it(mMasterKeys.begin()); 1363655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 1364655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* state = *it; 1365655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (state->getUserId() == userId) { 1366655b958eb2180c7c06889f83f606d23421bf038cKenny Root return state; 1367655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1368a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1369655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1370655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = new UserState(userId); 1371655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!userState->initialize()) { 1372655b958eb2180c7c06889f83f606d23421bf038cKenny Root /* There's not much we can do if initialization fails. Trying to 1373655b958eb2180c7c06889f83f606d23421bf038cKenny Root * unlock the keystore for that user will fail as well, so any 1374655b958eb2180c7c06889f83f606d23421bf038cKenny Root * subsequent request for this user will just return SYSTEM_ERROR. 1375655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1376655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("User initialization failed for %u; subsuquent operations will fail", userId); 1377a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1378655b958eb2180c7c06889f83f606d23421bf038cKenny Root mMasterKeys.add(userState); 1379655b958eb2180c7c06889f83f606d23421bf038cKenny Root return userState; 1380a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1381a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1382655b958eb2180c7c06889f83f606d23421bf038cKenny Root /** 1383655b958eb2180c7c06889f83f606d23421bf038cKenny Root * Returns NULL if the UserState doesn't already exist. 1384655b958eb2180c7c06889f83f606d23421bf038cKenny Root */ 1385655b958eb2180c7c06889f83f606d23421bf038cKenny Root const UserState* getUserState(uid_t uid) const { 1386655b958eb2180c7c06889f83f606d23421bf038cKenny Root uid_t userId = get_user_id(uid); 1387655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1388655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<UserState*>::const_iterator it(mMasterKeys.begin()); 1389655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mMasterKeys.end(); it++) { 1390655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* state = *it; 1391655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (state->getUserId() == userId) { 1392655b958eb2180c7c06889f83f606d23421bf038cKenny Root return state; 1393655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1394655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1395a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1396655b958eb2180c7c06889f83f606d23421bf038cKenny Root return NULL; 1397a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1398a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1399655b958eb2180c7c06889f83f606d23421bf038cKenny Rootprivate: 1400655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const char* sOldMasterKey; 1401655b958eb2180c7c06889f83f606d23421bf038cKenny Root static const char* sMetaDataFile; 14021b0e3933900c7ea21189704d5db64e7346aee7afKenny Root static const android::String16 sRSAKeyType; 1403655b958eb2180c7c06889f83f606d23421bf038cKenny Root Entropy* mEntropy; 140407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1405919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t* mDevice; 1406919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t* mFallbackDevice; 1407a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1408655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::Vector<UserState*> mMasterKeys; 1409655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1410655b958eb2180c7c06889f83f606d23421bf038cKenny Root android::Vector<grant_t*> mGrants; 141170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1412655b958eb2180c7c06889f83f606d23421bf038cKenny Root typedef struct { 1413655b958eb2180c7c06889f83f606d23421bf038cKenny Root uint32_t version; 1414655b958eb2180c7c06889f83f606d23421bf038cKenny Root } keystore_metadata_t; 141570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1416655b958eb2180c7c06889f83f606d23421bf038cKenny Root keystore_metadata_t mMetaData; 1417655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1418655b958eb2180c7c06889f83f606d23421bf038cKenny Root const grant_t* getGrant(const char* filename, uid_t uid) const { 1419655b958eb2180c7c06889f83f606d23421bf038cKenny Root for (android::Vector<grant_t*>::const_iterator it(mGrants.begin()); 1420655b958eb2180c7c06889f83f606d23421bf038cKenny Root it != mGrants.end(); it++) { 1421655b958eb2180c7c06889f83f606d23421bf038cKenny Root grant_t* grant = *it; 142270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (grant->uid == uid 1423655b958eb2180c7c06889f83f606d23421bf038cKenny Root && !strcmp(reinterpret_cast<const char*>(grant->filename), filename)) { 142470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return grant; 142570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 142670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 142770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return NULL; 142870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 142970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1430822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /** 1431822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Upgrade code. This will upgrade the key from the current version 1432822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * to whatever is newest. 1433822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 1434655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVersion, 1435655b958eb2180c7c06889f83f606d23421bf038cKenny Root const BlobType type, uid_t uid) { 1436822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root bool updated = false; 1437822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root uint8_t version = oldVersion; 1438822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1439822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /* From V0 -> V1: All old types were unknown */ 1440822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (version == 0) { 1441822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGV("upgrading to version 1 and setting type %d", type); 1442822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1443822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root blob->setType(type); 1444822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (type == TYPE_KEY_PAIR) { 1445655b958eb2180c7c06889f83f606d23421bf038cKenny Root importBlobAsKey(blob, filename, uid); 1446822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1447822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root version = 1; 1448822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root updated = true; 1449822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1450822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1451f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root /* From V1 -> V2: All old keys were encrypted */ 1452f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if (version == 1) { 1453f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGV("upgrading to version 2"); 1454f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1455f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root blob->setEncrypted(true); 1456f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root version = 2; 1457f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root updated = true; 1458f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 1459f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1460822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /* 1461822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * If we've updated, set the key blob to the right version 1462822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * and write it. 1463cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root */ 1464822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (updated) { 1465822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGV("updated and writing file %s", filename); 1466822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root blob->setVersion(version); 1467822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1468cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root 1469cfeae072c96d84f286ddbf0aff8055c12c7c4f15Kenny Root return updated; 1470822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1471822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1472822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root /** 1473822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Takes a blob that is an PEM-encoded RSA key as a byte array and 1474822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * converts it to a DER-encoded PKCS#8 for import into a keymaster. 1475822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * Then it overwrites the original blob with the new blob 1476822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root * format that is returned from the keymaster. 1477822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root */ 1478655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode importBlobAsKey(Blob* blob, const char* filename, uid_t uid) { 1479822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root // We won't even write to the blob directly with this BIO, so const_cast is okay. 1480822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_BIO b(BIO_new_mem_buf(const_cast<uint8_t*>(blob->getValue()), blob->getLength())); 1481822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (b.get() == NULL) { 1482822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Problem instantiating BIO"); 1483822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1484822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1485822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1486822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_EVP_PKEY pkey(PEM_read_bio_PrivateKey(b.get(), NULL, NULL, NULL)); 1487822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (pkey.get() == NULL) { 1488822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't read old PEM file"); 1489822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1490822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1491822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1492822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root Unique_PKCS8_PRIV_KEY_INFO pkcs8(EVP_PKEY2PKCS8(pkey.get())); 1493822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root int len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), NULL); 1494822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (len < 0) { 1495822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't measure PKCS#8 length"); 1496822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1497822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1498822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 149970c9889c5ca912e7c492580e1999f18ab65b267bKenny Root UniquePtr<unsigned char[]> pkcs8key(new unsigned char[len]); 150070c9889c5ca912e7c492580e1999f18ab65b267bKenny Root uint8_t* tmp = pkcs8key.get(); 1501822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &tmp) != len) { 1502822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root ALOGE("Couldn't convert to PKCS#8"); 1503822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return SYSTEM_ERROR; 1504822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1505822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1506f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ResponseCode rc = importKey(pkcs8key.get(), len, filename, uid, 1507f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root blob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); 1508822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root if (rc != NO_ERROR) { 1509822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root return rc; 1510822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 1511822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root 1512655b958eb2180c7c06889f83f606d23421bf038cKenny Root return get(filename, blob, TYPE_KEY_PAIR, uid); 1513822c3a99d930e9299e2fad2fb3e0ff91b119b95aKenny Root } 151470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1515655b958eb2180c7c06889f83f606d23421bf038cKenny Root void readMetaData() { 1516655b958eb2180c7c06889f83f606d23421bf038cKenny Root int in = TEMP_FAILURE_RETRY(open(sMetaDataFile, O_RDONLY)); 1517655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (in < 0) { 1518655b958eb2180c7c06889f83f606d23421bf038cKenny Root return; 1519655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1520655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t fileLength = readFully(in, (uint8_t*) &mMetaData, sizeof(mMetaData)); 1521655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (fileLength != sizeof(mMetaData)) { 1522655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGI("Metadata file is %zd bytes (%zd experted); upgrade?", fileLength, 1523655b958eb2180c7c06889f83f606d23421bf038cKenny Root sizeof(mMetaData)); 1524655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1525655b958eb2180c7c06889f83f606d23421bf038cKenny Root close(in); 152670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 152770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1528655b958eb2180c7c06889f83f606d23421bf038cKenny Root void writeMetaData() { 1529655b958eb2180c7c06889f83f606d23421bf038cKenny Root const char* tmpFileName = ".metadata.tmp"; 1530655b958eb2180c7c06889f83f606d23421bf038cKenny Root int out = TEMP_FAILURE_RETRY(open(tmpFileName, 1531655b958eb2180c7c06889f83f606d23421bf038cKenny Root O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); 1532655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (out < 0) { 1533655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't write metadata file: %s", strerror(errno)); 1534655b958eb2180c7c06889f83f606d23421bf038cKenny Root return; 1535655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1536655b958eb2180c7c06889f83f606d23421bf038cKenny Root size_t fileLength = writeFully(out, (uint8_t*) &mMetaData, sizeof(mMetaData)); 1537655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (fileLength != sizeof(mMetaData)) { 1538655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGI("Could only write %zd bytes to metadata file (%zd expected)", fileLength, 1539655b958eb2180c7c06889f83f606d23421bf038cKenny Root sizeof(mMetaData)); 154070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1541655b958eb2180c7c06889f83f606d23421bf038cKenny Root close(out); 1542655b958eb2180c7c06889f83f606d23421bf038cKenny Root rename(tmpFileName, sMetaDataFile); 154370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 154470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1545655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgradeKeystore() { 1546655b958eb2180c7c06889f83f606d23421bf038cKenny Root bool upgraded = false; 1547655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1548655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (mMetaData.version == 0) { 1549655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* userState = getUserState(0); 1550655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1551655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Initialize first so the directory is made. 1552655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->initialize(); 1553655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1554655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Migrate the old .masterkey file to user 0. 1555655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(sOldMasterKey, R_OK) == 0) { 1556655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (rename(sOldMasterKey, userState->getMasterKeyFileName()) < 0) { 1557655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't migrate old masterkey: %s", strerror(errno)); 1558655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 1559655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1560655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1561655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1562655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Initialize again in case we had a key. 1563655b958eb2180c7c06889f83f606d23421bf038cKenny Root userState->initialize(); 1564655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1565655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Try to migrate existing keys. 1566655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* dir = opendir("."); 1567655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (!dir) { 1568655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Give up now; maybe we can upgrade later. 1569655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGE("couldn't open keystore's directory; something is wrong"); 1570655b958eb2180c7c06889f83f606d23421bf038cKenny Root return false; 1571655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1572655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1573655b958eb2180c7c06889f83f606d23421bf038cKenny Root struct dirent* file; 1574655b958eb2180c7c06889f83f606d23421bf038cKenny Root while ((file = readdir(dir)) != NULL) { 1575655b958eb2180c7c06889f83f606d23421bf038cKenny Root // We only care about files. 1576655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_type != DT_REG) { 1577655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1578655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1579655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1580655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Skip anything that starts with a "." 1581655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (file->d_name[0] == '.') { 1582655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1583655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1584655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1585655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Find the current file's user. 1586655b958eb2180c7c06889f83f606d23421bf038cKenny Root char* end; 1587655b958eb2180c7c06889f83f606d23421bf038cKenny Root unsigned long thisUid = strtoul(file->d_name, &end, 10); 1588655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (end[0] != '_' || end[1] == 0) { 1589655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1590655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1591655b958eb2180c7c06889f83f606d23421bf038cKenny Root UserState* otherUser = getUserState(thisUid); 1592655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (otherUser->getUserId() != 0) { 1593655b958eb2180c7c06889f83f606d23421bf038cKenny Root unlinkat(dirfd(dir), file->d_name, 0); 1594655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1595655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1596655b958eb2180c7c06889f83f606d23421bf038cKenny Root // Rename the file into user directory. 1597655b958eb2180c7c06889f83f606d23421bf038cKenny Root DIR* otherdir = opendir(otherUser->getUserDirName()); 1598655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (otherdir == NULL) { 1599655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't open user directory for rename"); 1600655b958eb2180c7c06889f83f606d23421bf038cKenny Root continue; 1601655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1602655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (renameat(dirfd(dir), file->d_name, dirfd(otherdir), file->d_name) < 0) { 1603655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("couldn't rename blob: %s: %s", file->d_name, strerror(errno)); 1604655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1605655b958eb2180c7c06889f83f606d23421bf038cKenny Root closedir(otherdir); 1606655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1607655b958eb2180c7c06889f83f606d23421bf038cKenny Root closedir(dir); 1608655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1609655b958eb2180c7c06889f83f606d23421bf038cKenny Root mMetaData.version = 1; 1610655b958eb2180c7c06889f83f606d23421bf038cKenny Root upgraded = true; 1611655b958eb2180c7c06889f83f606d23421bf038cKenny Root } 1612655b958eb2180c7c06889f83f606d23421bf038cKenny Root 1613655b958eb2180c7c06889f83f606d23421bf038cKenny Root return upgraded; 161470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1615655b958eb2180c7c06889f83f606d23421bf038cKenny Root}; 161670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1617655b958eb2180c7c06889f83f606d23421bf038cKenny Rootconst char* KeyStore::sOldMasterKey = ".masterkey"; 1618655b958eb2180c7c06889f83f606d23421bf038cKenny Rootconst char* KeyStore::sMetaDataFile = ".metadata"; 161970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 16201b0e3933900c7ea21189704d5db64e7346aee7afKenny Rootconst android::String16 KeyStore::sRSAKeyType("RSA"); 16211b0e3933900c7ea21189704d5db64e7346aee7afKenny Root 162207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootnamespace android { 162307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootclass KeyStoreProxy : public BnKeystoreService, public IBinder::DeathRecipient { 162407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootpublic: 162507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root KeyStoreProxy(KeyStore* keyStore) 162640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker : mKeyStore(keyStore), 162740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap(this) 162807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root { 162907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1630a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 163140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void binderDied(const wp<IBinder>& who) { 163240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker auto operations = mOperationMap.getOperationsForToken(who.unsafe_get()); 163340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker for (auto token: operations) { 163440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker abort(token); 163540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 163607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1637a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 163807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t test() { 1639d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1640eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1641eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_TEST, spid)) { 1642d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: test", callingUid); 164307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 164407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1645a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1646655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->getState(callingUid); 1647a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1648a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 164907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t get(const String16& name, uint8_t** item, size_t* itemLength) { 1650d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1651eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1652eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_GET, spid)) { 1653d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: get", callingUid); 165407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 165507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1656a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 165707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 165807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 165966dbf67dd65b4808a15ef64f0ffde1275bdd58a9Nick Kralevich 1660655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 1661494689083467ec372a58f094f041c8f102f39393Kenny Root TYPE_GENERIC); 166207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 1663655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("Could not read %s", name8.string()); 166407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *item = NULL; 166507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *itemLength = 0; 166607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 166707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 166807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 166907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *item = (uint8_t*) malloc(keyBlob.getLength()); 167007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root memcpy(*item, keyBlob.getValue(), keyBlob.getLength()); 167107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root *itemLength = keyBlob.getLength(); 167207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 167307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1674a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1675a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1676f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int targetUid, 1677f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 1678eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1679d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1680eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_INSERT, spid)) { 1681d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: insert", callingUid); 168207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 168307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 168407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1685f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root State state = mKeyStore->getState(callingUid); 1686f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if ((flags & KEYSTORE_FLAG_ENCRYPTED) && !isKeystoreUnlocked(state)) { 1687f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGD("calling get in state: %d", state); 1688f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root return state; 1689f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root } 1690f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root 1691494689083467ec372a58f094f041c8f102f39393Kenny Root if (targetUid == -1) { 1692494689083467ec372a58f094f041c8f102f39393Kenny Root targetUid = callingUid; 1693494689083467ec372a58f094f041c8f102f39393Kenny Root } else if (!is_granted_to(callingUid, targetUid)) { 1694b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1695b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1696b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 169707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1698655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 169907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 170007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob(item, itemLength, NULL, 0, ::TYPE_GENERIC); 1701ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 1702ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root 1703fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->put(filename.string(), &keyBlob, targetUid); 1704a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1705a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1706494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t del(const String16& name, int targetUid) { 1707d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1708eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1709eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_DELETE, spid)) { 1710d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: del", callingUid); 171107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 171207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 171307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1714494689083467ec372a58f094f041c8f102f39393Kenny Root if (targetUid == -1) { 1715494689083467ec372a58f094f041c8f102f39393Kenny Root targetUid = callingUid; 1716494689083467ec372a58f094f041c8f102f39393Kenny Root } else if (!is_granted_to(callingUid, targetUid)) { 1717b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1718b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1719b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 172007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1721655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 172217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return mKeyStore->del(filename.string(), ::TYPE_ANY, targetUid); 1723298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1724298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 1725494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t exist(const String16& name, int targetUid) { 1726d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1727eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1728eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_EXIST, spid)) { 1729d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: exist", callingUid); 173007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 173107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 173207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1733494689083467ec372a58f094f041c8f102f39393Kenny Root if (targetUid == -1) { 1734494689083467ec372a58f094f041c8f102f39393Kenny Root targetUid = callingUid; 1735494689083467ec372a58f094f041c8f102f39393Kenny Root } else if (!is_granted_to(callingUid, targetUid)) { 1736b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1737b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1738b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 173907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 1740655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 174107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1742655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 174307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 174407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 174507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1746298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1747298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 1748494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t saw(const String16& prefix, int targetUid, Vector<String16>* matches) { 1749d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1750eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1751eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_SAW, spid)) { 1752d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: saw", callingUid); 175307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 175407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 175507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1756494689083467ec372a58f094f041c8f102f39393Kenny Root if (targetUid == -1) { 1757494689083467ec372a58f094f041c8f102f39393Kenny Root targetUid = callingUid; 1758494689083467ec372a58f094f041c8f102f39393Kenny Root } else if (!is_granted_to(callingUid, targetUid)) { 1759b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1760b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1761b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 176207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 prefix8(prefix); 1763655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUid(prefix8, targetUid)); 176407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 17654b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mKeyStore->saw(filename, matches, targetUid) != ::NO_ERROR) { 17664b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::SYSTEM_ERROR; 176707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 176807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 1769298e7b1b0f9116e2054d594d7538379d86585035Kenny Root } 1770298e7b1b0f9116e2054d594d7538379d86585035Kenny Root 177107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t reset() { 1772d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1773eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1774eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_RESET, spid)) { 1775d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: reset", callingUid); 177607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 177707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1778a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 17794b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return mKeyStore->reset(callingUid) ? ::NO_ERROR : ::SYSTEM_ERROR; 1780a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 1781a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 178207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 178307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Here is the history. To improve the security, the parameters to generate the 178407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * master key has been changed. To make a seamless transition, we update the 178507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * file using the same password when the user unlock it for the first time. If 178607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * any thing goes wrong during the transition, the new file will not overwrite 178707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * the old one. This avoids permanent damages of the existing data. 178807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 178907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t password(const String16& password) { 1790d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1791eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1792eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_PASSWORD, spid)) { 1793d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: password", callingUid); 179407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 179507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1796a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 179707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 password8(password); 1798a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 1799655b958eb2180c7c06889f83f606d23421bf038cKenny Root switch (mKeyStore->getState(callingUid)) { 180007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root case ::STATE_UNINITIALIZED: { 180107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root // generate master key, encrypt with password, write to file, initialize mMasterKey*. 1802655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->initializeUser(password8, callingUid); 180307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 180407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root case ::STATE_NO_ERROR: { 180507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root // rewrite master key with new password. 1806655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->writeMasterKey(password8, callingUid); 180707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 180807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root case ::STATE_LOCKED: { 180907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root // read master key, decrypt with password, initialize mMasterKey*. 1810655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->readMasterKey(password8, callingUid); 181107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 181207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 181307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 181407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 1815a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 181607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t lock() { 1817d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1818eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1819eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_LOCK, spid)) { 1820d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: lock", callingUid); 182107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 182207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 182307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1824655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 18259d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (state != ::STATE_NO_ERROR) { 182607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling lock in state: %d", state); 182707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 182807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 182970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1830655b958eb2180c7c06889f83f606d23421bf038cKenny Root mKeyStore->lock(callingUid); 183107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 183270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 1833a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 183407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t unlock(const String16& pw) { 1835d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1836eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1837eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_UNLOCK, spid)) { 1838d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: unlock", callingUid); 183907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 184007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 184107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 1842655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 18439d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (state != ::STATE_LOCKED) { 184407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling unlock when not locked"); 184507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 184607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 184707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 184807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const String8 password8(pw); 184907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return password(pw); 185070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 185170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 185207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t zero() { 1853d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1854eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1855eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_ZERO, spid)) { 1856d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: zero", callingUid); 185707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return -1; 185807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 185970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1860655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->isEmpty(callingUid) ? ::KEY_NOT_FOUND : ::NO_ERROR; 186170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 186270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 186396427baf0094d50047049d329b0779c3c910402cKenny Root int32_t generate(const String16& name, int32_t targetUid, int32_t keyType, int32_t keySize, 186496427baf0094d50047049d329b0779c3c910402cKenny Root int32_t flags, Vector<sp<KeystoreArg> >* args) { 1865d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 1866eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 1867eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_INSERT, spid)) { 1868d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: generate", callingUid); 186907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 187007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 187170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1872494689083467ec372a58f094f041c8f102f39393Kenny Root if (targetUid == -1) { 1873494689083467ec372a58f094f041c8f102f39393Kenny Root targetUid = callingUid; 1874494689083467ec372a58f094f041c8f102f39393Kenny Root } else if (!is_granted_to(callingUid, targetUid)) { 1875b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 1876b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 1877b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 1878655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 1879f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if ((flags & KEYSTORE_FLAG_ENCRYPTED) && !isKeystoreUnlocked(state)) { 1880f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root ALOGW("calling generate in state: %d", state); 188107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 188207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 188370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 188407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root uint8_t* data; 188507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t dataLength; 188607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int rc; 188717208e0de5a42722901d803118745cca25fd10c1Kenny Root bool isFallback = false; 188870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 1889919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 1890919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 189107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 189207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 189307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 189470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 189507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->generate_keypair == NULL) { 189607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 189707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 189870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 189917208e0de5a42722901d803118745cca25fd10c1Kenny Root if (keyType == EVP_PKEY_DSA) { 190096427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_dsa_keygen_params_t dsa_params; 190196427baf0094d50047049d329b0779c3c910402cKenny Root memset(&dsa_params, '\0', sizeof(dsa_params)); 190296427baf0094d50047049d329b0779c3c910402cKenny Root 190396427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 190496427baf0094d50047049d329b0779c3c910402cKenny Root keySize = DSA_DEFAULT_KEY_SIZE; 190596427baf0094d50047049d329b0779c3c910402cKenny Root } else if ((keySize % 64) != 0 || keySize < DSA_MIN_KEY_SIZE 190696427baf0094d50047049d329b0779c3c910402cKenny Root || keySize > DSA_MAX_KEY_SIZE) { 190796427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 190896427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 190996427baf0094d50047049d329b0779c3c910402cKenny Root } 191096427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.key_size = keySize; 191196427baf0094d50047049d329b0779c3c910402cKenny Root 191296427baf0094d50047049d329b0779c3c910402cKenny Root if (args->size() == 3) { 191396427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> gArg = args->itemAt(0); 191496427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> pArg = args->itemAt(1); 191596427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> qArg = args->itemAt(2); 191696427baf0094d50047049d329b0779c3c910402cKenny Root 191796427baf0094d50047049d329b0779c3c910402cKenny Root if (gArg != NULL && pArg != NULL && qArg != NULL) { 191896427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.generator = reinterpret_cast<const uint8_t*>(gArg->data()); 191996427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.generator_len = gArg->size(); 192096427baf0094d50047049d329b0779c3c910402cKenny Root 192196427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_p = reinterpret_cast<const uint8_t*>(pArg->data()); 192296427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_p_len = pArg->size(); 192396427baf0094d50047049d329b0779c3c910402cKenny Root 192496427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_q = reinterpret_cast<const uint8_t*>(qArg->data()); 192596427baf0094d50047049d329b0779c3c910402cKenny Root dsa_params.prime_q_len = qArg->size(); 192696427baf0094d50047049d329b0779c3c910402cKenny Root } else { 192796427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("not all DSA parameters were read"); 192896427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 192996427baf0094d50047049d329b0779c3c910402cKenny Root } 193096427baf0094d50047049d329b0779c3c910402cKenny Root } else if (args->size() != 0) { 193196427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("DSA args must be 3"); 193296427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 193396427baf0094d50047049d329b0779c3c910402cKenny Root } 193496427baf0094d50047049d329b0779c3c910402cKenny Root 19351d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (isKeyTypeSupported(device, TYPE_DSA)) { 193617208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = device->generate_keypair(device, TYPE_DSA, &dsa_params, &data, &dataLength); 193717208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 193817208e0de5a42722901d803118745cca25fd10c1Kenny Root isFallback = true; 1939fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = fallback->generate_keypair(fallback, TYPE_DSA, &dsa_params, &data, 1940fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker &dataLength); 194117208e0de5a42722901d803118745cca25fd10c1Kenny Root } 194217208e0de5a42722901d803118745cca25fd10c1Kenny Root } else if (keyType == EVP_PKEY_EC) { 194396427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_ec_keygen_params_t ec_params; 194496427baf0094d50047049d329b0779c3c910402cKenny Root memset(&ec_params, '\0', sizeof(ec_params)); 194596427baf0094d50047049d329b0779c3c910402cKenny Root 194696427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 194796427baf0094d50047049d329b0779c3c910402cKenny Root keySize = EC_DEFAULT_KEY_SIZE; 194896427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) { 194996427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 195096427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 195196427baf0094d50047049d329b0779c3c910402cKenny Root } 195296427baf0094d50047049d329b0779c3c910402cKenny Root ec_params.field_size = keySize; 195396427baf0094d50047049d329b0779c3c910402cKenny Root 19541d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (isKeyTypeSupported(device, TYPE_EC)) { 195517208e0de5a42722901d803118745cca25fd10c1Kenny Root rc = device->generate_keypair(device, TYPE_EC, &ec_params, &data, &dataLength); 195617208e0de5a42722901d803118745cca25fd10c1Kenny Root } else { 195717208e0de5a42722901d803118745cca25fd10c1Kenny Root isFallback = true; 1958fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = fallback->generate_keypair(fallback, TYPE_EC, &ec_params, &data, &dataLength); 195917208e0de5a42722901d803118745cca25fd10c1Kenny Root } 196096427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keyType == EVP_PKEY_RSA) { 196196427baf0094d50047049d329b0779c3c910402cKenny Root keymaster_rsa_keygen_params_t rsa_params; 196296427baf0094d50047049d329b0779c3c910402cKenny Root memset(&rsa_params, '\0', sizeof(rsa_params)); 196396427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.public_exponent = RSA_DEFAULT_EXPONENT; 196496427baf0094d50047049d329b0779c3c910402cKenny Root 196596427baf0094d50047049d329b0779c3c910402cKenny Root if (keySize == -1) { 196696427baf0094d50047049d329b0779c3c910402cKenny Root keySize = RSA_DEFAULT_KEY_SIZE; 196796427baf0094d50047049d329b0779c3c910402cKenny Root } else if (keySize < RSA_MIN_KEY_SIZE || keySize > RSA_MAX_KEY_SIZE) { 196896427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("invalid key size %d", keySize); 196996427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 197096427baf0094d50047049d329b0779c3c910402cKenny Root } 197196427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.modulus_size = keySize; 197296427baf0094d50047049d329b0779c3c910402cKenny Root 197396427baf0094d50047049d329b0779c3c910402cKenny Root if (args->size() > 1) { 19746489e02e134e4779d35c4a340ff68ad445fde133Matteo Franchin ALOGI("invalid number of arguments: %zu", args->size()); 197596427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 197696427baf0094d50047049d329b0779c3c910402cKenny Root } else if (args->size() == 1) { 197796427baf0094d50047049d329b0779c3c910402cKenny Root sp<KeystoreArg> pubExpBlob = args->itemAt(0); 197896427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExpBlob != NULL) { 197996427baf0094d50047049d329b0779c3c910402cKenny Root Unique_BIGNUM pubExpBn( 198096427baf0094d50047049d329b0779c3c910402cKenny Root BN_bin2bn(reinterpret_cast<const unsigned char*>(pubExpBlob->data()), 198196427baf0094d50047049d329b0779c3c910402cKenny Root pubExpBlob->size(), NULL)); 198296427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExpBn.get() == NULL) { 198396427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("Could not convert public exponent to BN"); 198496427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 198596427baf0094d50047049d329b0779c3c910402cKenny Root } 198696427baf0094d50047049d329b0779c3c910402cKenny Root unsigned long pubExp = BN_get_word(pubExpBn.get()); 198796427baf0094d50047049d329b0779c3c910402cKenny Root if (pubExp == 0xFFFFFFFFL) { 198896427baf0094d50047049d329b0779c3c910402cKenny Root ALOGI("cannot represent public exponent as a long value"); 198996427baf0094d50047049d329b0779c3c910402cKenny Root return ::SYSTEM_ERROR; 199096427baf0094d50047049d329b0779c3c910402cKenny Root } 199196427baf0094d50047049d329b0779c3c910402cKenny Root rsa_params.public_exponent = pubExp; 199296427baf0094d50047049d329b0779c3c910402cKenny Root } 199396427baf0094d50047049d329b0779c3c910402cKenny Root } 199496427baf0094d50047049d329b0779c3c910402cKenny Root 199596427baf0094d50047049d329b0779c3c910402cKenny Root rc = device->generate_keypair(device, TYPE_RSA, &rsa_params, &data, &dataLength); 199696427baf0094d50047049d329b0779c3c910402cKenny Root } else { 199796427baf0094d50047049d329b0779c3c910402cKenny Root ALOGW("Unsupported key type %d", keyType); 199896427baf0094d50047049d329b0779c3c910402cKenny Root rc = -1; 199996427baf0094d50047049d329b0779c3c910402cKenny Root } 200070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 200107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 200207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 200307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 200470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2005655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 name8(name); 2006655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 200770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 200807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob(data, dataLength, NULL, 0, TYPE_KEY_PAIR); 200907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root free(data); 201007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2011ee8068b9e7bfb2770635062fc9c2035be2142bd8Kenny Root keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 201217208e0de5a42722901d803118745cca25fd10c1Kenny Root keyBlob.setFallback(isFallback); 201317208e0de5a42722901d803118745cca25fd10c1Kenny Root 2014655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->put(filename.string(), &keyBlob, callingUid); 201570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 201670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2017f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t import(const String16& name, const uint8_t* data, size_t length, int targetUid, 2018f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root int32_t flags) { 2019d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2020eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2021eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_INSERT, spid)) { 2022d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: import", callingUid); 202307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 202407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 202570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2026494689083467ec372a58f094f041c8f102f39393Kenny Root if (targetUid == -1) { 2027494689083467ec372a58f094f041c8f102f39393Kenny Root targetUid = callingUid; 2028494689083467ec372a58f094f041c8f102f39393Kenny Root } else if (!is_granted_to(callingUid, targetUid)) { 2029b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 2030b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 2031b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 2032fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root State state = mKeyStore->getState(targetUid); 2033f9119d6414f43ef669d64e9e53feb043eda49cf3Kenny Root if ((flags & KEYSTORE_FLAG_ENCRYPTED) && !isKeystoreUnlocked(state)) { 203407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling import in state: %d", state); 203507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 203607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 203770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 203807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 203960898896c3f3b2245d10076cac64346c956dbaa5Kenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 204070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2041fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->importKey(data, length, filename.string(), targetUid, flags); 204270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 204370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 204407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out, 204507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root size_t* outLength) { 2046d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2047eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2048eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_SIGN, spid)) { 2049d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: saw", callingUid); 205007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 205107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 20529a53d3eaf42104ddf02feeccec3cf7f5c1a34baeKenny Root 205307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 205407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 205570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2056d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGV("sign %s from uid %d", name8.string(), callingUid); 205707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int rc; 205870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2059655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2060d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ::TYPE_KEY_PAIR); 206107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 206207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 206307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 206470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2065919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 206607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 206707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("no keymaster device; cannot sign"); 206807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 206907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 207070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 207107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->sign_data == NULL) { 207207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("device doesn't implement signing"); 207307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 207407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 207570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 207607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_rsa_sign_params_t params; 207707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.digest_type = DIGEST_NONE; 207807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.padding_type = PADDING_NONE; 2079fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = device->sign_data(device, ¶ms, keyBlob.getValue(), keyBlob.getLength(), data, 2080fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker length, out, outLength); 208107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 208207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGW("device couldn't sign data"); 208307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 208407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 208570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 208607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 208770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 208870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 208907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t verify(const String16& name, const uint8_t* data, size_t dataLength, 209007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root const uint8_t* signature, size_t signatureLength) { 2091d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2092eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2093eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_VERIFY, spid)) { 2094d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: verify", callingUid); 209507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 209607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 209770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2098655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 20999d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (!isKeystoreUnlocked(state)) { 210007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling verify in state: %d", state); 210107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 210207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 210370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 210407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 210507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 210607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int rc; 210770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2108655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2109494689083467ec372a58f094f041c8f102f39393Kenny Root TYPE_KEY_PAIR); 211007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 211107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 211207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 211370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2114919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 211507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 211607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 211707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 211870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 211907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->verify_data == NULL) { 212007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 212107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 212207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 212307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_rsa_sign_params_t params; 212407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.digest_type = DIGEST_NONE; 212507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root params.padding_type = PADDING_NONE; 212670e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2127fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = device->verify_data(device, ¶ms, keyBlob.getValue(), keyBlob.getLength(), data, 2128fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker dataLength, signature, signatureLength); 212907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 213007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 213107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } else { 213207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 213307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 213470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 213570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 213607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 213707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * TODO: The abstraction between things stored in hardware and regular blobs 213807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * of data stored on the filesystem should be moved down to keystore itself. 213907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Unfortunately the Java code that calls this has naming conventions that it 214007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * knows about. Ideally keystore shouldn't be used to store random blobs of 214107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * data. 214207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * 214307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Until that happens, it's necessary to have a separate "get_pubkey" and 214407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * "del_key" since the Java code doesn't really communicate what it's 214507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * intentions are. 214607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 214707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength) { 2148d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2149eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2150eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_GET, spid)) { 2151d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: get_pubkey", callingUid); 215207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 215307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 215470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 215507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root Blob keyBlob; 215607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 215770e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2158d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGV("get_pubkey '%s' from uid %d", name8.string(), callingUid); 215970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2160655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 216107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root TYPE_KEY_PAIR); 216207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (responseCode != ::NO_ERROR) { 216307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return responseCode; 216407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 216570e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2166919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* device = mKeyStore->getDeviceForBlob(keyBlob); 216707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device == NULL) { 216807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 216907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 217070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 217107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (device->get_keypair_public == NULL) { 217207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("device has no get_keypair_public implementation!"); 217307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 217407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 2175344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 217617208e0de5a42722901d803118745cca25fd10c1Kenny Root int rc; 2177fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker rc = device->get_keypair_public(device, keyBlob.getValue(), keyBlob.getLength(), pubkey, 2178fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker pubkeyLength); 217907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (rc) { 218007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::SYSTEM_ERROR; 218107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 2182344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 218307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 2184344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root } 2185344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 2186494689083467ec372a58f094f041c8f102f39393Kenny Root int32_t del_key(const String16& name, int targetUid) { 2187d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2188eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2189eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_DELETE, spid)) { 2190d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: del_key", callingUid); 219107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 219207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 2193344e0bc23ca46b9acec97ac8bcd87949bde0ccabKenny Root 2194494689083467ec372a58f094f041c8f102f39393Kenny Root if (targetUid == -1) { 2195494689083467ec372a58f094f041c8f102f39393Kenny Root targetUid = callingUid; 2196494689083467ec372a58f094f041c8f102f39393Kenny Root } else if (!is_granted_to(callingUid, targetUid)) { 2197b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root return ::PERMISSION_DENIED; 2198b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root } 2199b88c3eb96625513df4cc998d739d17266ebaf89fKenny Root 220007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2201fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 22024b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return mKeyStore->del(filename.string(), ::TYPE_KEY_PAIR, targetUid); 2203a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 220407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 220507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t grant(const String16& name, int32_t granteeUid) { 2206d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2207eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2208eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_GRANT, spid)) { 2209d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: grant", callingUid); 221007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 221107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 221207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2213655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 22149d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (!isKeystoreUnlocked(state)) { 221507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling grant in state: %d", state); 221607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 221707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 221807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 221907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2220655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 222107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2222655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 222307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 222407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 222507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2226655b958eb2180c7c06889f83f606d23421bf038cKenny Root mKeyStore->addGrant(filename.string(), granteeUid); 222707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::NO_ERROR; 2228a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 222907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 223007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int32_t ungrant(const String16& name, int32_t granteeUid) { 2231d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2232eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2233eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_GRANT, spid)) { 2234d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: ungrant", callingUid); 223507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return ::PERMISSION_DENIED; 223607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 223707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2238655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 22399d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root if (!isKeystoreUnlocked(state)) { 224007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGD("calling ungrant in state: %d", state); 224107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return state; 224207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 224307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 224407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2245655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 224607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2247655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 224807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return (errno != ENOENT) ? ::SYSTEM_ERROR : ::KEY_NOT_FOUND; 224907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 225007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2251655b958eb2180c7c06889f83f606d23421bf038cKenny Root return mKeyStore->removeGrant(filename.string(), granteeUid) ? ::NO_ERROR : ::KEY_NOT_FOUND; 2252a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 225307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 225407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int64_t getmtime(const String16& name) { 2255d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2256eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2257eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_GET, spid)) { 2258d38a0b07a3104fcb1e747a0fa06641dee8fc058fKenny Root ALOGW("permission denied for %d: getmtime", callingUid); 225936a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 226007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 226107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 226207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root String8 name8(name); 2263655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid)); 226407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2265655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(filename.string(), R_OK) == -1) { 2266655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not access %s for getmtime", filename.string()); 226736a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 2268a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 226907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2270655b958eb2180c7c06889f83f606d23421bf038cKenny Root int fd = TEMP_FAILURE_RETRY(open(filename.string(), O_NOFOLLOW, O_RDONLY)); 227107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (fd < 0) { 2272655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not open %s for getmtime", filename.string()); 227336a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 227407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 227507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 227607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root struct stat s; 227707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root int ret = fstat(fd, &s); 227807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root close(fd); 227907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (ret == -1) { 2280655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("could not stat %s for getmtime", filename.string()); 228136a9e231e03734cd2143383d26388455c1764e17Kenny Root return -1L; 228207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root } 228307438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 228436a9e231e03734cd2143383d26388455c1764e17Kenny Root return static_cast<int64_t>(s.st_mtime); 2285a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 228607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2287d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey, 2288d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root int32_t destUid) { 22890225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2290eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2291eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_DUPLICATE, spid)) { 2292d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGW("permission denied for %d: duplicate", callingUid); 22930225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return -1L; 22940225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 22950225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2296655b958eb2180c7c06889f83f606d23421bf038cKenny Root State state = mKeyStore->getState(callingUid); 22970225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root if (!isKeystoreUnlocked(state)) { 2298d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("calling duplicate in state: %d", state); 22990225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return state; 23000225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 23010225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2302d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (srcUid == -1 || static_cast<uid_t>(srcUid) == callingUid) { 2303d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root srcUid = callingUid; 2304d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } else if (!is_granted_to(callingUid, srcUid)) { 2305d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("migrate not granted from source: %d -> %d", callingUid, srcUid); 23060225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return ::PERMISSION_DENIED; 23070225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 23080225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2309d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (destUid == -1) { 2310d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root destUid = callingUid; 2311d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 23120225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2313d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (srcUid != destUid) { 2314d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (static_cast<uid_t>(srcUid) != callingUid) { 2315d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("can only duplicate from caller to other or to same uid: " 2316d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root "calling=%d, srcUid=%d, destUid=%d", callingUid, srcUid, destUid); 2317d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return ::PERMISSION_DENIED; 2318d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 23190225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2320d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (!is_granted_to(callingUid, destUid)) { 2321d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root ALOGD("duplicate not granted to dest: %d -> %d", callingUid, destUid); 2322d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return ::PERMISSION_DENIED; 2323d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root } 23240225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 23250225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2326d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root String8 source8(srcKey); 2327655b958eb2180c7c06889f83f606d23421bf038cKenny Root String8 sourceFile(mKeyStore->getKeyNameForUidWithDir(source8, srcUid)); 2328d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root 2329d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root String8 target8(destKey); 2330fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root String8 targetFile(mKeyStore->getKeyNameForUidWithDir(target8, destUid)); 23310225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2332655b958eb2180c7c06889f83f606d23421bf038cKenny Root if (access(targetFile.string(), W_OK) != -1 || errno != ENOENT) { 2333655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGD("destination already exists: %s", targetFile.string()); 23340225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root return ::SYSTEM_ERROR; 23350225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 23360225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 2337d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root Blob keyBlob; 2338655b958eb2180c7c06889f83f606d23421bf038cKenny Root ResponseCode responseCode = mKeyStore->get(sourceFile.string(), &keyBlob, TYPE_ANY, 2339fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root srcUid); 2340d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root if (responseCode != ::NO_ERROR) { 2341d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root return responseCode; 23420225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 2343d53bc92f1cc4eb669ec015480cebe5ae7aaaf7cfKenny Root 2344fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return mKeyStore->put(targetFile.string(), &keyBlob, destUid); 23450225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root } 23460225407783ee339164a0cd8ca5ef04c99d27c59aKenny Root 23471b0e3933900c7ea21189704d5db64e7346aee7afKenny Root int32_t is_hardware_backed(const String16& keyType) { 23481b0e3933900c7ea21189704d5db64e7346aee7afKenny Root return mKeyStore->isHardwareBacked(keyType) ? 1 : 0; 23498ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root } 23508ddf35a6e1fd80a7d0685041d2bfc77078277c9dKenny Root 2351fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root int32_t clear_uid(int64_t targetUid64) { 2352fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root uid_t targetUid = static_cast<uid_t>(targetUid64); 2353a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2354eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn pid_t spid = IPCThreadState::self()->getCallingPid(); 2355eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (!has_permission(callingUid, P_CLEAR_UID, spid)) { 2356a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root ALOGW("permission denied for %d: clear_uid", callingUid); 2357a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root return ::PERMISSION_DENIED; 2358a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2359a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 2360fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root if (targetUid64 == -1) { 2361fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root targetUid = callingUid; 2362007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root } else if (!is_self_or_system(callingUid, targetUid)) { 2363007cb236ada4b3d70815f03dd07116a5e187f4ddKenny Root ALOGW("permission denied for %d: clear_uid %d", callingUid, targetUid); 2364fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root return ::PERMISSION_DENIED; 2365fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root } 2366fa27d5bbc366e4ecb45aee5ae08565ab3ad3dcbcKenny Root 2367919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 2368a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root if (device == NULL) { 2369655b958eb2180c7c06889f83f606d23421bf038cKenny Root ALOGW("can't get keymaster device"); 2370a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root return ::SYSTEM_ERROR; 2371a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2372a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 23734b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 prefix = String8::format("%u_", targetUid); 23744b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee Vector<String16> aliases; 23754b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (mKeyStore->saw(prefix, &aliases, targetUid) != ::NO_ERROR) { 2376a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root return ::SYSTEM_ERROR; 2377a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2378a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 23794b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee for (uint32_t i = 0; i < aliases.size(); i++) { 23804b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 name8(aliases[i]); 23814b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid)); 23824b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee mKeyStore->del(filename.string(), ::TYPE_ANY, targetUid); 2383a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 23844b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return ::NO_ERROR; 2385a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root } 2386a9bb549868035e05450a9b918f8d7de9deca5343Kenny Root 23874b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee int32_t reset_uid(int32_t targetUid) { 23884e865753346fc6a075966972a7a98051818859dbRobin Lee uid_t callingUid = IPCThreadState::self()->getCallingUid(); 23894e865753346fc6a075966972a7a98051818859dbRobin Lee pid_t spid = IPCThreadState::self()->getCallingPid(); 23904b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee 23914e865753346fc6a075966972a7a98051818859dbRobin Lee if (!has_permission(callingUid, P_RESET_UID, spid)) { 23924b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("permission denied for %d: reset_uid %d", callingUid, targetUid); 23934e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 23944e865753346fc6a075966972a7a98051818859dbRobin Lee } 23954b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee if (!is_self_or_system(callingUid, targetUid)) { 23964b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee ALOGW("permission denied for %d: reset_uid %d", callingUid, targetUid); 23974e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 23984e865753346fc6a075966972a7a98051818859dbRobin Lee } 23994e865753346fc6a075966972a7a98051818859dbRobin Lee 24004b84fdc21457e16b08dc2738f4744c9ca7f7cc46Robin Lee return mKeyStore->reset(targetUid) ? ::NO_ERROR : ::SYSTEM_ERROR; 24014e865753346fc6a075966972a7a98051818859dbRobin Lee } 24024e865753346fc6a075966972a7a98051818859dbRobin Lee 24034e865753346fc6a075966972a7a98051818859dbRobin Lee int32_t sync_uid(int32_t sourceUid, int32_t targetUid) { 24044e865753346fc6a075966972a7a98051818859dbRobin Lee uid_t callingUid = IPCThreadState::self()->getCallingUid(); 24054e865753346fc6a075966972a7a98051818859dbRobin Lee pid_t spid = IPCThreadState::self()->getCallingPid(); 24064e865753346fc6a075966972a7a98051818859dbRobin Lee if (!has_permission(callingUid, P_SYNC_UID, spid)) { 24074e865753346fc6a075966972a7a98051818859dbRobin Lee ALOGW("permission denied for %d: sync_uid %d -> %d", callingUid, sourceUid, targetUid); 24084e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 24094e865753346fc6a075966972a7a98051818859dbRobin Lee } 24104e865753346fc6a075966972a7a98051818859dbRobin Lee if (callingUid != AID_SYSTEM) { 24114e865753346fc6a075966972a7a98051818859dbRobin Lee ALOGW("permission denied for %d: sync_uid %d -> %d", callingUid, sourceUid, targetUid); 24124e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 24134e865753346fc6a075966972a7a98051818859dbRobin Lee } 24144e865753346fc6a075966972a7a98051818859dbRobin Lee if (sourceUid == targetUid) { 24154e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 24164e865753346fc6a075966972a7a98051818859dbRobin Lee } 24174e865753346fc6a075966972a7a98051818859dbRobin Lee 24184e865753346fc6a075966972a7a98051818859dbRobin Lee // Initialise user keystore with existing master key held in-memory 24194e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->copyMasterKey(sourceUid, targetUid); 24204e865753346fc6a075966972a7a98051818859dbRobin Lee } 24214e865753346fc6a075966972a7a98051818859dbRobin Lee 24224e865753346fc6a075966972a7a98051818859dbRobin Lee int32_t password_uid(const String16& pw, int32_t targetUid) { 24234e865753346fc6a075966972a7a98051818859dbRobin Lee uid_t callingUid = IPCThreadState::self()->getCallingUid(); 24244e865753346fc6a075966972a7a98051818859dbRobin Lee pid_t spid = IPCThreadState::self()->getCallingPid(); 24254e865753346fc6a075966972a7a98051818859dbRobin Lee if (!has_permission(callingUid, P_PASSWORD_UID, spid)) { 24264e865753346fc6a075966972a7a98051818859dbRobin Lee ALOGW("permission denied for %d: password_uid %d", callingUid, targetUid); 24274e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 24284e865753346fc6a075966972a7a98051818859dbRobin Lee } 24294e865753346fc6a075966972a7a98051818859dbRobin Lee if (callingUid != AID_SYSTEM) { 24304e865753346fc6a075966972a7a98051818859dbRobin Lee ALOGW("permission denied for %d: password_uid %d", callingUid, targetUid); 24314e865753346fc6a075966972a7a98051818859dbRobin Lee return ::PERMISSION_DENIED; 24324e865753346fc6a075966972a7a98051818859dbRobin Lee } 24334e865753346fc6a075966972a7a98051818859dbRobin Lee 24344e865753346fc6a075966972a7a98051818859dbRobin Lee const String8 password8(pw); 24354e865753346fc6a075966972a7a98051818859dbRobin Lee 24364e865753346fc6a075966972a7a98051818859dbRobin Lee switch (mKeyStore->getState(targetUid)) { 24374e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_UNINITIALIZED: { 24384e865753346fc6a075966972a7a98051818859dbRobin Lee // generate master key, encrypt with password, write to file, initialize mMasterKey*. 24394e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->initializeUser(password8, targetUid); 24404e865753346fc6a075966972a7a98051818859dbRobin Lee } 24414e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_NO_ERROR: { 24424e865753346fc6a075966972a7a98051818859dbRobin Lee // rewrite master key with new password. 24434e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->writeMasterKey(password8, targetUid); 24444e865753346fc6a075966972a7a98051818859dbRobin Lee } 24454e865753346fc6a075966972a7a98051818859dbRobin Lee case ::STATE_LOCKED: { 24464e865753346fc6a075966972a7a98051818859dbRobin Lee // read master key, decrypt with password, initialize mMasterKey*. 24474e865753346fc6a075966972a7a98051818859dbRobin Lee return mKeyStore->readMasterKey(password8, targetUid); 24484e865753346fc6a075966972a7a98051818859dbRobin Lee } 24494e865753346fc6a075966972a7a98051818859dbRobin Lee } 24504e865753346fc6a075966972a7a98051818859dbRobin Lee return ::SYSTEM_ERROR; 24514e865753346fc6a075966972a7a98051818859dbRobin Lee } 24524e865753346fc6a075966972a7a98051818859dbRobin Lee 24539c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t addRngEntropy(const uint8_t* data, size_t dataLength) { 24549c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 24559c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 24569c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t devResult = KM_ERROR_UNIMPLEMENTED; 24579c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker int32_t fallbackResult = KM_ERROR_UNIMPLEMENTED; 24589c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 24599c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker device->add_rng_entropy != NULL) { 24609c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker devResult = device->add_rng_entropy(device, data, dataLength); 24619c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 24629c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (fallback->add_rng_entropy) { 24639c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker fallbackResult = fallback->add_rng_entropy(fallback, data, dataLength); 24649c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 24659c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (devResult) { 24669c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return devResult; 24679c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 24689c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker if (fallbackResult) { 24699c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return fallbackResult; 24709c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker } 24719c8612c88dc03dc52d85e7a482453e04e7e3e2a2Chad Brubaker return ::NO_ERROR; 24729899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 24739899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 247417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker int32_t generateKey(const String16& name, const KeymasterArguments& params, 2475154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker const uint8_t* entropy, size_t entropyLength, int uid, int flags, 2476154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker KeyCharacteristics* outCharacteristics) { 247717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 247817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker pid_t callingPid = IPCThreadState::self()->getCallingPid(); 247917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (!has_permission(callingUid, P_INSERT, callingPid)) { 248017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker ALOGW("permission denied for %d: generateKey", callingUid); 248117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return ::PERMISSION_DENIED; 248217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 248317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 248417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker State state = mKeyStore->getState(callingUid); 248517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if ((flags & KEYSTORE_FLAG_ENCRYPTED) && !isKeystoreUnlocked(state)) { 248617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker ALOGW("calling generate in state: %d", state); 248717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return state; 248817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 248917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 249017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (uid == -1) { 249117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker uid = callingUid; 249217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } else if (!is_granted_to(callingUid, uid)) { 249317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return ::PERMISSION_DENIED; 249417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 249517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 249617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker int rc = KM_ERROR_UNIMPLEMENTED; 249717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker bool isFallback = false; 249817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_blob_t blob; 249917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_key_characteristics_t *out = NULL; 250017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 250117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 250217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 250317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (device == NULL) { 250417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return ::SYSTEM_ERROR; 250517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 2506154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker // TODO: Seed from Linux RNG before this. 250717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 250817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker device->generate_key != NULL) { 2509154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (!entropy) { 2510154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_OK; 2511154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else if (device->add_rng_entropy) { 2512154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = device->add_rng_entropy(device, entropy, entropyLength); 2513154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2514154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 2515154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2516154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (rc == KM_ERROR_OK) { 2517154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = device->generate_key(device, params.params.data(), params.params.size(), 2518154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker &blob, &out); 2519154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 252017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 252117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker // If the HW device didn't support generate_key or generate_key failed 252217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker // fall back to the software implementation. 252317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (rc && fallback->generate_key != NULL) { 252417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker isFallback = true; 2525154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (!entropy) { 2526154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_OK; 2527154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else if (fallback->add_rng_entropy) { 2528154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = fallback->add_rng_entropy(fallback, entropy, entropyLength); 2529154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2530154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = KM_ERROR_UNIMPLEMENTED; 2531154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2532154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (rc == KM_ERROR_OK) { 2533154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker rc = fallback->generate_key(fallback, params.params.data(), params.params.size(), 2534154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker &blob, 2535154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker &out); 2536154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 253717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 253817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 253917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (out) { 254017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (outCharacteristics) { 254117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker outCharacteristics->characteristics = *out; 254217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } else { 254317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keymaster_free_characteristics(out); 254417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 254517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker free(out); 254617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 254717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 254817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker if (rc) { 254917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return rc; 255017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker } 255117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 255217d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker String8 name8(name); 255317d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid)); 255417d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 255517d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker Blob keyBlob(blob.key_material, blob.key_material_size, NULL, 0, ::TYPE_KEYMASTER_10); 255617d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keyBlob.setFallback(isFallback); 255717d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 255817d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 255917d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker free(const_cast<uint8_t*>(blob.key_material)); 256017d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker 256117d68b9520e66226f1c7b2e1b3bd183ac80ca58bChad Brubaker return mKeyStore->put(filename.string(), &keyBlob, uid); 25629899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 25639899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 2564f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker int32_t getKeyCharacteristics(const String16& name, 2565d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* clientId, 2566d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* appData, 2567f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker KeyCharacteristics* outCharacteristics) { 2568f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2569f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (!outCharacteristics) { 2570f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return KM_ERROR_UNEXPECTED_NULL_POINTER; 2571f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2572f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2573f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2574f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2575f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker Blob keyBlob; 2576f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker String8 name8(name); 2577f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker int rc; 2578f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker 2579f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 2580f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker TYPE_KEYMASTER_10); 2581f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (responseCode != ::NO_ERROR) { 2582f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return responseCode; 2583f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2584f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster_key_blob_t key; 2585f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker key.key_material_size = keyBlob.getLength(); 2586f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker key.key_material = keyBlob.getValue(); 2587f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 2588f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker keymaster_key_characteristics_t *out = NULL; 2589f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (!dev->get_key_characteristics) { 2590f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker ALOGW("device does not implement get_key_characteristics"); 2591f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return KM_ERROR_UNIMPLEMENTED; 2592f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2593d663442b590b59250062335cc057478001b8e439Chad Brubaker rc = dev->get_key_characteristics(dev, &key, clientId, appData, &out); 2594f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker if (out) { 2595f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker outCharacteristics->characteristics = *out; 2596f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker free(out); 2597f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker } 2598f3f071fc5020fa5255f49e898a7c4a1cbf824a99Chad Brubaker return rc ? rc : ::NO_ERROR; 25999899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 26009899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 26014c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker int32_t importKey(const String16& name, const KeymasterArguments& params, 26024c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_format_t format, const uint8_t *keyData, 26034c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker size_t keyLength, int uid, int flags, 26044c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker KeyCharacteristics* outCharacteristics) { 26054c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 26064c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker pid_t spid = IPCThreadState::self()->getCallingPid(); 26074c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (!has_permission(callingUid, P_INSERT, spid)) { 26084c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker ALOGW("permission denied for %d: importKey", callingUid); 26094c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return ::PERMISSION_DENIED; 26104c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 26114c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 26124c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker State state = mKeyStore->getState(callingUid); 26134c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if ((flags & KEYSTORE_FLAG_ENCRYPTED) && !isKeystoreUnlocked(state)) { 26144c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker ALOGW("calling importKey in state: %d", state); 26154c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return state; 26164c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 26174c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 26184c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (uid == -1) { 26194c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker uid = callingUid; 26204c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } else if (!is_granted_to(callingUid, uid)) { 26214c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker ALOGW("not granted to %d %d", callingUid, uid); 26224c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return ::PERMISSION_DENIED; 26234c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 26244c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 26254c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker int rc = KM_ERROR_UNIMPLEMENTED; 26264c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker bool isFallback = false; 26274c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_blob_t blob; 26284c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_key_characteristics_t *out = NULL; 26294c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 26304c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker const keymaster1_device_t* device = mKeyStore->getDevice(); 26314c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker const keymaster1_device_t* fallback = mKeyStore->getFallbackDevice(); 26324c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (device == NULL) { 26334c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return ::SYSTEM_ERROR; 26344c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 26354c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (device->common.module->module_api_version >= KEYMASTER_MODULE_API_VERSION_1_0 && 26364c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker device->import_key != NULL) { 26374c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker rc = device->import_key(device, params.params.data(), params.params.size(), 26384c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker format, keyData, keyLength, &blob, &out); 26394c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 26404c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (rc && fallback->import_key != NULL) { 26414c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker isFallback = true; 26424c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker rc = fallback->import_key(fallback, params.params.data(), params.params.size(), 26434c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker format, keyData, keyLength, &blob, &out); 26444c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 26454c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (out) { 26464c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (outCharacteristics) { 26474c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker outCharacteristics->characteristics = *out; 26484c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } else { 26494c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keymaster_free_characteristics(out); 26504c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 26514c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker free(out); 26524c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 26534c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker if (rc) { 26544c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return rc; 26554c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker } 26564c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 26574c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker String8 name8(name); 26584c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid)); 26594c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 26604c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker Blob keyBlob(blob.key_material, blob.key_material_size, NULL, 0, ::TYPE_KEYMASTER_10); 26614c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keyBlob.setFallback(isFallback); 26624c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 26634c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 26644c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker free((void*) blob.key_material); 26654c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker 26664c353cb98e52e2ea8f051b517fec064f1d3fa99fChad Brubaker return mKeyStore->put(filename.string(), &keyBlob, uid); 26679899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 26689899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 266907b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker void exportKey(const String16& name, keymaster_key_format_t format, 2670d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* clientId, 2671d663442b590b59250062335cc057478001b8e439Chad Brubaker const keymaster_blob_t* appData, ExportResult* result) { 267207b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 267307b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 267407b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 267507b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker Blob keyBlob; 267607b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker String8 name8(name); 267707b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker int rc; 267807b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker 267907b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 268007b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker TYPE_KEYMASTER_10); 268107b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker if (responseCode != ::NO_ERROR) { 268207b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = responseCode; 268307b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker return; 268407b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker } 268507b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker keymaster_key_blob_t key; 268607b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker key.key_material_size = keyBlob.getLength(); 268707b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker key.key_material = keyBlob.getValue(); 268807b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 268907b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker if (!dev->export_key) { 269007b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = KM_ERROR_UNIMPLEMENTED; 269107b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker return; 269207b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker } 269307b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker uint8_t* ptr = NULL; 2694d663442b590b59250062335cc057478001b8e439Chad Brubaker rc = dev->export_key(dev, format, &key, clientId, appData, 269507b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker &ptr, &result->dataLength); 269607b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->exportData.reset(ptr); 269707b0cda3b14d16205ce3040d00bc18d15eda5fdcChad Brubaker result->resultCode = rc ? rc : ::NO_ERROR; 26989899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 26999899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 270040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void begin(const sp<IBinder>& appToken, const String16& name, keymaster_purpose_t purpose, 2701154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker bool pruneable, const KeymasterArguments& params, const uint8_t* entropy, 2702154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker size_t entropyLength, KeymasterArguments* outParams, OperationResult* result) { 270340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!result || !outParams) { 270440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ALOGE("Unexpected null arguments to begin()"); 270540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 270640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 270740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 270840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!pruneable && get_app_id(callingUid) != AID_SYSTEM) { 270940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ALOGE("Non-system uid %d trying to start non-pruneable operation", callingUid); 271040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = ::PERMISSION_DENIED; 271140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 271240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 271340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker Blob keyBlob; 271440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker String8 name8(name); 271540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ResponseCode responseCode = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, 271640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker TYPE_KEYMASTER_10); 271740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (responseCode != ::NO_ERROR) { 271840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = responseCode; 271940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 272040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 272140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_key_blob_t key; 272240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker key.key_material_size = keyBlob.getLength(); 272340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker key.key_material = keyBlob.getValue(); 272440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_key_param_t* out; 272540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t outSize; 272640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 272740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster1_device_t* dev = mKeyStore->getDeviceForBlob(keyBlob); 2728154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker keymaster_error_t err = KM_ERROR_UNIMPLEMENTED; 2729154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker // Add entropy to the device first. 2730154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (entropy) { 2731154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (dev->add_rng_entropy) { 2732154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker err = dev->add_rng_entropy(dev, entropy, entropyLength); 2733154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } else { 2734154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker err = KM_ERROR_UNIMPLEMENTED; 2735154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2736154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker if (err) { 2737154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker result->resultCode = err; 2738154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker return; 2739154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 2740154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker } 274140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // TODO: Check authorization. 2742154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker err = dev->begin(dev, purpose, &key, params.params.data(), params.params.size(), &out, 2743154d7699cc30ef5156d6497258c4dd350fcb1286Chad Brubaker &outSize, &handle); 274440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 274540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // If there are too many operations abort the oldest operation that was 274640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // started as pruneable and try again. 274740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker while (err == KM_ERROR_TOO_MANY_OPERATIONS && mOperationMap.hasPruneableOperation()) { 274840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker sp<IBinder> oldest = mOperationMap.getOldestPruneableOperation(); 274940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker ALOGD("Ran out of operation handles, trying to prune %p", oldest.get()); 275040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (abort(oldest) != ::NO_ERROR) { 275140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker break; 275240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 275340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker err = dev->begin(dev, purpose, &key, params.params.data(), 275440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker params.params.size(), &out, &outSize, 275540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker &handle); 275640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 275740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (err) { 275840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err; 275940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 276040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 276140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (out) { 276240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker outParams->params.assign(out, out + outSize); 276340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker free(out); 276440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 27659899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 276640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker sp<IBinder> operationToken = mOperationMap.addOperation(handle, dev, appToken, pruneable); 276740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = ::NO_ERROR; 276840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->token = operationToken; 2769c3a1856bbe2e39d5b3430f5f088b12fd710a159fChad Brubaker result->handle = handle; 27709899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 27719899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 277240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void update(const sp<IBinder>& token, const KeymasterArguments& params, const uint8_t* data, 277340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t dataLength, OperationResult* result) { 277440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 277540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 277640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev)) { 277740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = KM_ERROR_INVALID_OPERATION_HANDLE; 277840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 277940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 278040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker uint8_t* output_buf = NULL; 278140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t output_length = 0; 278240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t consumed = 0; 278340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // TODO: Check authorization. 278440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_error_t err = dev->update(dev, handle, params.params.data(), 278540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker params.params.size(), data, dataLength, 278640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker &consumed, &output_buf, &output_length); 278740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->data.reset(output_buf); 278840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->dataLength = output_length; 278940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->inputConsumed = consumed; 279040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err ? (int32_t) err : ::NO_ERROR; 279140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 279240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 279340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker void finish(const sp<IBinder>& token, const KeymasterArguments& params, 279440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const uint8_t* signature, size_t signatureLength, OperationResult* result) { 279540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 279640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 279740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev)) { 279840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = KM_ERROR_INVALID_OPERATION_HANDLE; 279940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return; 280040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 280140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker uint8_t* output_buf = NULL; 280240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker size_t output_length = 0; 280340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // TODO: Check authorization. 280440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_error_t err = dev->finish(dev, handle, params.params.data(), 280540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker params.params.size(), signature, signatureLength, 280640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker &output_buf, &output_length); 280740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker // Remove the operation regardless of the result 280840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap.removeOperation(token); 280940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->data.reset(output_buf); 281040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->dataLength = output_length; 281140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker result->resultCode = err ? (int32_t) err : ::NO_ERROR; 281240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 281340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker 281440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker int32_t abort(const sp<IBinder>& token) { 281540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker const keymaster1_device_t* dev; 281640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker keymaster_operation_handle_t handle; 281740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!mOperationMap.getOperation(token, &handle, &dev)) { 281840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return KM_ERROR_INVALID_OPERATION_HANDLE; 281940a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 282040a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker mOperationMap.removeOperation(token); 282140a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (!dev->abort) { 282240a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return KM_ERROR_UNIMPLEMENTED; 282340a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 282440a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker int32_t rc = dev->abort(dev, handle); 282540a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker if (rc) { 282640a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return rc; 282740a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker } 282840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker return ::NO_ERROR; 28299899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker } 28309899d6b392e8223c3c00bfccadd43b18cdc96b4fChad Brubaker 28312ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker bool isOperationAuthorized(const sp<IBinder>& token) { 28322ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker const keymaster1_device_t* dev; 28332ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker keymaster_operation_handle_t handle; 28342ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker if(!mOperationMap.getOperation(token, &handle, &dev)) { 28352ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker return false; 28362ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 28372ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker // TODO: Check authorization. 28382ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker return true; 28392ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 28402ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker 2841d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker int32_t addAuthToken(const uint8_t* token, size_t length) { 2842d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker uid_t callingUid = IPCThreadState::self()->getCallingUid(); 2843d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker pid_t spid = IPCThreadState::self()->getCallingPid(); 2844d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker if (!has_permission(callingUid, P_ADD_AUTH, spid)) { 2845d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker ALOGW("permission denied for %d: addAuthToken", callingUid); 2846d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return ::PERMISSION_DENIED; 2847d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker } 2848d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker if (length != sizeof(hw_auth_token_t)) { 2849d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return KM_ERROR_INVALID_ARGUMENT; 2850d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker } 2851d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker hw_auth_token_t* authToken = new hw_auth_token_t; 2852d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker memcpy(reinterpret_cast<void*>(authToken), token, sizeof(hw_auth_token_t)); 2853d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker // The table takes ownership of authToken. 2854d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker mAuthTokenTable.AddAuthenticationToken(authToken); 2855d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker return ::NO_ERROR; 28562ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker } 28572ed2baa7de690b09430b40625e6b18d10757a2fdChad Brubaker 285807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Rootprivate: 28599d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root inline bool isKeystoreUnlocked(State state) { 28609d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root switch (state) { 28619d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_NO_ERROR: 28629d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return true; 28639d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_UNINITIALIZED: 28649d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root case ::STATE_LOCKED: 28659d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return false; 28669d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root } 28679d45d1caba5135e6b8bd6d05d449e8dcf52b6802Kenny Root return false; 2868a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 286907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 2870919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker bool isKeyTypeSupported(const keymaster1_device_t* device, keymaster_keypair_t keyType) { 28711d448c074a86ef5d05a22fdf1358718976628a86Kenny Root const int32_t device_api = device->common.module->module_api_version; 28721d448c074a86ef5d05a22fdf1358718976628a86Kenny Root if (device_api == KEYMASTER_MODULE_API_VERSION_0_2) { 28731d448c074a86ef5d05a22fdf1358718976628a86Kenny Root switch (keyType) { 28741d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_RSA: 28751d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_DSA: 28761d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_EC: 28771d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return true; 28781d448c074a86ef5d05a22fdf1358718976628a86Kenny Root default: 28791d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return false; 28801d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28811d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } else if (device_api >= KEYMASTER_MODULE_API_VERSION_0_3) { 28821d448c074a86ef5d05a22fdf1358718976628a86Kenny Root switch (keyType) { 28831d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_RSA: 28841d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return true; 28851d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_DSA: 28861d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return device->flags & KEYMASTER_SUPPORTS_DSA; 28871d448c074a86ef5d05a22fdf1358718976628a86Kenny Root case TYPE_EC: 28881d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return device->flags & KEYMASTER_SUPPORTS_EC; 28891d448c074a86ef5d05a22fdf1358718976628a86Kenny Root default: 28901d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return false; 28911d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28921d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } else { 28931d448c074a86ef5d05a22fdf1358718976628a86Kenny Root return keyType == TYPE_RSA; 28941d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28951d448c074a86ef5d05a22fdf1358718976628a86Kenny Root } 28961d448c074a86ef5d05a22fdf1358718976628a86Kenny Root 289707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ::KeyStore* mKeyStore; 289840a1a9b306d4e3c85b24f80ff39841507cf42357Chad Brubaker OperationMap mOperationMap; 2899d80c7b487b2f7f0bf955d0efeaa3db6dcd160639Chad Brubaker keymaster::AuthTokenTable mAuthTokenTable; 290007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; 290107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root 290207438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root}; // namespace android 2903a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 2904a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Rootint main(int argc, char* argv[]) { 2905a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (argc < 2) { 2906a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("A directory must be specified!"); 2907a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2908a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 2909a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (chdir(argv[1]) == -1) { 2910a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root ALOGE("chdir: %s: %s", argv[1], strerror(errno)); 2911a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2912a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 2913a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root 2914a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root Entropy entropy; 2915a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root if (!entropy.open()) { 2916a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2917a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 291870e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2919a5bbf2fb2a4853ecf6ae77ffee3efeb7a862498aShawn Willden keymaster0_device_t* dev; 292070e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root if (keymaster_device_initialize(&dev)) { 292170e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root ALOGE("keystore keymaster could not be initialized; exiting"); 292270e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root return 1; 292370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root } 292470e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 2925919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker keymaster1_device_t* fallback; 2926fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker if (fallback_keymaster_device_initialize(&fallback)) { 2927fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker ALOGE("software keymaster could not be initialized; exiting"); 2928fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker return 1; 2929fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker } 2930fc18edcdfe2f7774e621030d51338f3216170b97Chad Brubaker 2931eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ks_is_selinux_enabled = is_selinux_enabled(); 2932eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (ks_is_selinux_enabled) { 2933eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn union selinux_callback cb; 2934eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn cb.func_log = selinux_log_callback; 2935eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn selinux_set_callback(SELINUX_CB_LOG, cb); 2936eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn if (getcon(&tctx) != 0) { 2937eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGE("SELinux: Could not acquire target context. Aborting keystore.\n"); 2938eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn return -1; 2939eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 2940eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } else { 2941eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn ALOGI("SELinux: Keystore SELinux is disabled.\n"); 2942eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn } 2943eaabae9bf8ff0873b0ece2a835f71ee6c6b49437Riley Spahn 2944919cb2a5a9dabd61cb02eff7a589f9f1f0f793eeChad Brubaker KeyStore keyStore(&entropy, reinterpret_cast<keymaster1_device_t*>(dev), fallback); 2945655b958eb2180c7c06889f83f606d23421bf038cKenny Root keyStore.initialize(); 294607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::sp<android::IServiceManager> sm = android::defaultServiceManager(); 294707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::sp<android::KeyStoreProxy> proxy = new android::KeyStoreProxy(&keyStore); 294807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::status_t ret = sm->addService(android::String16("android.security.keystore"), proxy); 294907438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root if (ret != android::OK) { 295007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root ALOGE("Couldn't register binder service!"); 295107438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root return -1; 2952a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root } 295370e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 295407438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root /* 295507438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * We're the only thread in existence, so we're just going to process 295607438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root * Binder transaction as a single-threaded program. 295707438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root */ 295807438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root android::IPCThreadState::self()->joinThreadPool(); 295970e3a86abd2c412d602a018967c01c177eb6cf4eKenny Root 296007438c8d7256d3788dac323b4d0055f201e0bec9Kenny Root keymaster_device_release(dev); 2961a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root return 1; 2962a91203b08350b2fc7efda5b1eab39e7541476b3aKenny Root} 2963