1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 *      http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef KEYSTORE_KEYSTORE_H_
18#define KEYSTORE_KEYSTORE_H_
19
20#include "user_state.h"
21
22#include <android/hardware/keymaster/3.0/IKeymasterDevice.h>
23
24#include <utils/Vector.h>
25
26#include "blob.h"
27#include "include/keystore/keymaster_tags.h"
28
29typedef struct {
30    uint32_t uid;
31    const uint8_t* filename;
32} grant_t;
33
34using ::keystore::NullOr;
35
36class KeyStore {
37    typedef ::android::sp<::android::hardware::keymaster::V3_0::IKeymasterDevice> km_device_t;
38
39  public:
40    KeyStore(Entropy* entropy, const km_device_t& device, const km_device_t& fallback,
41             bool allowNewFallback);
42    ~KeyStore();
43
44    km_device_t& getDevice() { return mDevice; }
45
46    NullOr<km_device_t&> getFallbackDevice() {
47        // we only return the fallback device if the creation of new fallback key blobs is
48        // allowed. (also see getDevice below)
49        if (mAllowNewFallback) {
50            return mFallbackDevice;
51        } else {
52            return {};
53        }
54    }
55
56    km_device_t& getDevice(const Blob& blob) {
57        // We return a device, based on the nature of the blob to provide backward
58        // compatibility with old key blobs generated using the fallback device.
59        return blob.isFallback() ? mFallbackDevice : mDevice;
60    }
61
62    ResponseCode initialize();
63
64    State getState(uid_t userId) { return getUserState(userId)->getState(); }
65
66    ResponseCode initializeUser(const android::String8& pw, uid_t userId);
67
68    ResponseCode copyMasterKey(uid_t srcUser, uid_t dstUser);
69    ResponseCode writeMasterKey(const android::String8& pw, uid_t userId);
70    ResponseCode readMasterKey(const android::String8& pw, uid_t userId);
71
72    android::String8 getKeyName(const android::String8& keyName, const BlobType type);
73    android::String8 getKeyNameForUid(const android::String8& keyName, uid_t uid,
74                                      const BlobType type);
75    android::String8 getKeyNameForUidWithDir(const android::String8& keyName, uid_t uid,
76                                             const BlobType type);
77
78    /*
79     * Delete entries owned by userId. If keepUnencryptedEntries is true
80     * then only encrypted entries will be removed, otherwise all entries will
81     * be removed.
82     */
83    void resetUser(uid_t userId, bool keepUnenryptedEntries);
84    bool isEmpty(uid_t userId) const;
85
86    void lock(uid_t userId);
87
88    ResponseCode get(const char* filename, Blob* keyBlob, const BlobType type, uid_t userId);
89    ResponseCode put(const char* filename, Blob* keyBlob, uid_t userId);
90    ResponseCode del(const char* filename, const BlobType type, uid_t userId);
91    ResponseCode list(const android::String8& prefix, android::Vector<android::String16>* matches,
92                      uid_t userId);
93
94    void addGrant(const char* filename, uid_t granteeUid);
95    bool removeGrant(const char* filename, uid_t granteeUid);
96    bool hasGrant(const char* filename, const uid_t uid) const {
97        return getGrant(filename, uid) != NULL;
98    }
99
100    ResponseCode importKey(const uint8_t* key, size_t keyLen, const char* filename, uid_t userId,
101                           int32_t flags);
102
103    bool isHardwareBacked(const android::String16& keyType) const;
104
105    ResponseCode getKeyForName(Blob* keyBlob, const android::String8& keyName, const uid_t uid,
106                               const BlobType type);
107
108    /**
109     * Returns any existing UserState or creates it if it doesn't exist.
110     */
111    UserState* getUserState(uid_t userId);
112
113    /**
114     * Returns any existing UserState or creates it if it doesn't exist.
115     */
116    UserState* getUserStateByUid(uid_t uid);
117
118    /**
119     * Returns NULL if the UserState doesn't already exist.
120     */
121    const UserState* getUserState(uid_t userId) const;
122
123    /**
124     * Returns NULL if the UserState doesn't already exist.
125     */
126    const UserState* getUserStateByUid(uid_t uid) const;
127
128  private:
129    static const char* sOldMasterKey;
130    static const char* sMetaDataFile;
131    static const android::String16 sRSAKeyType;
132    Entropy* mEntropy;
133
134    km_device_t mDevice;
135    km_device_t mFallbackDevice;
136    bool mAllowNewFallback;
137
138    android::Vector<UserState*> mMasterKeys;
139
140    android::Vector<grant_t*> mGrants;
141
142    typedef struct { uint32_t version; } keystore_metadata_t;
143
144    keystore_metadata_t mMetaData;
145
146    const grant_t* getGrant(const char* filename, uid_t uid) const;
147
148    /**
149     * Upgrade the key from the current version to whatever is newest.
150     */
151    bool upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVersion,
152                     const BlobType type, uid_t uid);
153
154    /**
155     * Takes a blob that is an PEM-encoded RSA key as a byte array and converts it to a DER-encoded
156     * PKCS#8 for import into a keymaster.  Then it overwrites the original blob with the new blob
157     * format that is returned from the keymaster.
158     */
159    ResponseCode importBlobAsKey(Blob* blob, const char* filename, uid_t uid);
160
161    void readMetaData();
162    void writeMetaData();
163
164    bool upgradeKeystore();
165};
166
167#endif  // KEYSTORE_KEYSTORE_H_
168