1c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden/*
2c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Copyright (C) 2016 The Android Open Source Project
3c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden *
4c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Licensed under the Apache License, Version 2.0 (the "License");
5c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * you may not use this file except in compliance with the License.
6c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * You may obtain a copy of the License at
7c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden *
8c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden *      http://www.apache.org/licenses/LICENSE-2.0
9c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden *
10c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * Unless required by applicable law or agreed to in writing, software
11c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * distributed under the License is distributed on an "AS IS" BASIS,
12c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * See the License for the specific language governing permissions and
14c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden * limitations under the License.
15c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden */
16c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
17c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#ifndef KEYSTORE_KEYSTORE_H_
18c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#define KEYSTORE_KEYSTORE_H_
19c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
20c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#include "user_state.h"
21c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
22715d023c9294cf4860f73c8d83e82c5aa699add6Shawn Willden#include <hardware/keymaster2.h>
23c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
24c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#include <utils/Vector.h>
25c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
26c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#include "blob.h"
27c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
28c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willdentypedef struct {
29c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    uint32_t uid;
30c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    const uint8_t* filename;
31c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden} grant_t;
32c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
33c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willdenclass KeyStore {
34c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden  public:
35715d023c9294cf4860f73c8d83e82c5aa699add6Shawn Willden    KeyStore(Entropy* entropy, keymaster2_device_t* device, keymaster2_device_t* fallback);
36c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    ~KeyStore();
37c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
38715d023c9294cf4860f73c8d83e82c5aa699add6Shawn Willden    keymaster2_device_t* getDevice() const { return mDevice; }
39c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
40715d023c9294cf4860f73c8d83e82c5aa699add6Shawn Willden    keymaster2_device_t* getFallbackDevice() const { return mFallbackDevice; }
41c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
42715d023c9294cf4860f73c8d83e82c5aa699add6Shawn Willden    keymaster2_device_t* getDeviceForBlob(const Blob& blob) const {
43c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden        return blob.isFallback() ? mFallbackDevice : mDevice;
44c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    }
45c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
46c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    ResponseCode initialize();
47c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
48c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    State getState(uid_t userId) { return getUserState(userId)->getState(); }
49c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
50c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    ResponseCode initializeUser(const android::String8& pw, uid_t userId);
51c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
52c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    ResponseCode copyMasterKey(uid_t srcUser, uid_t dstUser);
53c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    ResponseCode writeMasterKey(const android::String8& pw, uid_t userId);
54c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    ResponseCode readMasterKey(const android::String8& pw, uid_t userId);
55c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
560ab28b78bd06a06a0ffa150cef5876d56212902aTucker Sylvestro    android::String8 getKeyName(const android::String8& keyName, const BlobType type);
570ab28b78bd06a06a0ffa150cef5876d56212902aTucker Sylvestro    android::String8 getKeyNameForUid(const android::String8& keyName, uid_t uid,
580ab28b78bd06a06a0ffa150cef5876d56212902aTucker Sylvestro                                      const BlobType type);
590ab28b78bd06a06a0ffa150cef5876d56212902aTucker Sylvestro    android::String8 getKeyNameForUidWithDir(const android::String8& keyName, uid_t uid,
600ab28b78bd06a06a0ffa150cef5876d56212902aTucker Sylvestro                                             const BlobType type);
61c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
62c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    /*
63c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     * Delete entries owned by userId. If keepUnencryptedEntries is true
64c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     * then only encrypted entries will be removed, otherwise all entries will
65c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     * be removed.
66c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     */
67c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    void resetUser(uid_t userId, bool keepUnenryptedEntries);
68c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    bool isEmpty(uid_t userId) const;
69c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
70c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    void lock(uid_t userId);
71c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
72c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    ResponseCode get(const char* filename, Blob* keyBlob, const BlobType type, uid_t userId);
73c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    ResponseCode put(const char* filename, Blob* keyBlob, uid_t userId);
74c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    ResponseCode del(const char* filename, const BlobType type, uid_t userId);
75c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    ResponseCode list(const android::String8& prefix, android::Vector<android::String16>* matches,
76c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden                      uid_t userId);
77c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
78c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    void addGrant(const char* filename, uid_t granteeUid);
79c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    bool removeGrant(const char* filename, uid_t granteeUid);
80c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    bool hasGrant(const char* filename, const uid_t uid) const {
81c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden        return getGrant(filename, uid) != NULL;
82c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    }
83c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
84c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    ResponseCode importKey(const uint8_t* key, size_t keyLen, const char* filename, uid_t userId,
85c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden                           int32_t flags);
86c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
87c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    bool isHardwareBacked(const android::String16& keyType) const;
88c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
89c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    ResponseCode getKeyForName(Blob* keyBlob, const android::String8& keyName, const uid_t uid,
90c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden                               const BlobType type);
91c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
92c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    /**
93c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     * Returns any existing UserState or creates it if it doesn't exist.
94c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     */
95c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    UserState* getUserState(uid_t userId);
96c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
97c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    /**
98c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     * Returns any existing UserState or creates it if it doesn't exist.
99c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     */
100c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    UserState* getUserStateByUid(uid_t uid);
101c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
102c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    /**
103c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     * Returns NULL if the UserState doesn't already exist.
104c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     */
105c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    const UserState* getUserState(uid_t userId) const;
106c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
107c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    /**
108c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     * Returns NULL if the UserState doesn't already exist.
109c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     */
110c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    const UserState* getUserStateByUid(uid_t uid) const;
111c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
112c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden  private:
113c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    static const char* sOldMasterKey;
114c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    static const char* sMetaDataFile;
115c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    static const android::String16 sRSAKeyType;
116c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    Entropy* mEntropy;
117c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
118715d023c9294cf4860f73c8d83e82c5aa699add6Shawn Willden    keymaster2_device_t* mDevice;
119715d023c9294cf4860f73c8d83e82c5aa699add6Shawn Willden    keymaster2_device_t* mFallbackDevice;
120c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
121c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    android::Vector<UserState*> mMasterKeys;
122c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
123c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    android::Vector<grant_t*> mGrants;
124c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
125c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    typedef struct { uint32_t version; } keystore_metadata_t;
126c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
127c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    keystore_metadata_t mMetaData;
128c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
129c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    const grant_t* getGrant(const char* filename, uid_t uid) const;
130c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
131c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    /**
132c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     * Upgrade the key from the current version to whatever is newest.
133c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     */
134c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    bool upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVersion,
135c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden                     const BlobType type, uid_t uid);
136c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
137c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    /**
138c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     * Takes a blob that is an PEM-encoded RSA key as a byte array and converts it to a DER-encoded
139c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     * PKCS#8 for import into a keymaster.  Then it overwrites the original blob with the new blob
140c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     * format that is returned from the keymaster.
141c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden     */
142c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    ResponseCode importBlobAsKey(Blob* blob, const char* filename, uid_t uid);
143c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
144c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    void readMetaData();
145c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    void writeMetaData();
146c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
147c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden    bool upgradeKeystore();
148c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden};
149c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden
150c1d1feee514e6138e1ed8ff924f5453ba8e1408aShawn Willden#endif  // KEYSTORE_KEYSTORE_H_
151