| /* |
| * Copyright (C) 2016 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #define LOG_TAG "keystore" |
| |
| #include "user_state.h" |
| |
| #include <dirent.h> |
| #include <fcntl.h> |
| #include <stdio.h> |
| #include <stdlib.h> |
| #include <sys/stat.h> |
| |
| #include <openssl/digest.h> |
| #include <openssl/evp.h> |
| #include <openssl/rand.h> |
| |
| #include <log/log.h> |
| |
| #include "blob.h" |
| #include "keystore_utils.h" |
| |
| namespace keystore { |
| |
| UserState::UserState(uid_t userId) |
| : mMasterKeyEntry(".masterkey", "user_" + std::to_string(userId), userId, /* masterkey */ true), |
| mUserId(userId), mState(STATE_UNINITIALIZED), mRetry(MAX_RETRY) {} |
| |
| bool UserState::operator<(const UserState& rhs) const { |
| return getUserId() < rhs.getUserId(); |
| } |
| |
| bool UserState::operator<(uid_t userId) const { |
| return getUserId() < userId; |
| } |
| |
| bool operator<(uid_t userId, const UserState& rhs) { |
| return userId < rhs.getUserId(); |
| } |
| |
| bool UserState::initialize() { |
| if ((mkdir(mMasterKeyEntry.user_dir().c_str(), S_IRUSR | S_IWUSR | S_IXUSR) < 0) && |
| (errno != EEXIST)) { |
| ALOGE("Could not create directory '%s'", mMasterKeyEntry.user_dir().c_str()); |
| return false; |
| } |
| |
| if (mMasterKeyEntry.hasKeyBlob()) { |
| setState(STATE_LOCKED); |
| } else { |
| setState(STATE_UNINITIALIZED); |
| } |
| |
| return true; |
| } |
| |
| void UserState::setState(State state) { |
| mState = state; |
| if (mState == STATE_NO_ERROR || mState == STATE_UNINITIALIZED) { |
| mRetry = MAX_RETRY; |
| } |
| } |
| |
| void UserState::zeroizeMasterKeysInMemory() { |
| memset(mMasterKey.data(), 0, mMasterKey.size()); |
| memset(mSalt, 0, sizeof(mSalt)); |
| } |
| |
| bool UserState::deleteMasterKey() { |
| setState(STATE_UNINITIALIZED); |
| zeroizeMasterKeysInMemory(); |
| return unlink(mMasterKeyEntry.getKeyBlobPath().c_str()) == 0 || errno == ENOENT; |
| } |
| |
| ResponseCode UserState::initialize(const android::String8& pw) { |
| if (!generateMasterKey()) { |
| return ResponseCode::SYSTEM_ERROR; |
| } |
| ResponseCode response = writeMasterKey(pw); |
| if (response != ResponseCode::NO_ERROR) { |
| return response; |
| } |
| setupMasterKeys(); |
| return ResponseCode::NO_ERROR; |
| } |
| |
| ResponseCode UserState::copyMasterKey(LockedUserState<UserState>* src) { |
| if (mState != STATE_UNINITIALIZED) { |
| return ResponseCode::SYSTEM_ERROR; |
| } |
| if ((*src)->getState() != STATE_NO_ERROR) { |
| return ResponseCode::SYSTEM_ERROR; |
| } |
| mMasterKey = (*src)->mMasterKey; |
| setupMasterKeys(); |
| return copyMasterKeyFile(src); |
| } |
| |
| ResponseCode UserState::copyMasterKeyFile(LockedUserState<UserState>* src) { |
| /* Copy the master key file to the new user. Unfortunately we don't have the src user's |
| * password so we cannot generate a new file with a new salt. |
| */ |
| int in = TEMP_FAILURE_RETRY(open((*src)->getMasterKeyFileName().c_str(), O_RDONLY)); |
| if (in < 0) { |
| return ResponseCode::SYSTEM_ERROR; |
| } |
| blobv3 rawBlob; |
| size_t length = readFully(in, (uint8_t*)&rawBlob, sizeof(rawBlob)); |
| if (close(in) != 0) { |
| return ResponseCode::SYSTEM_ERROR; |
| } |
| int out = TEMP_FAILURE_RETRY(open(mMasterKeyEntry.getKeyBlobPath().c_str(), |
| O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); |
| if (out < 0) { |
| return ResponseCode::SYSTEM_ERROR; |
| } |
| size_t outLength = writeFully(out, (uint8_t*)&rawBlob, length); |
| if (close(out) != 0) { |
| return ResponseCode::SYSTEM_ERROR; |
| } |
| if (outLength != length) { |
| ALOGW("blob not fully written %zu != %zu", outLength, length); |
| unlink(mMasterKeyEntry.getKeyBlobPath().c_str()); |
| return ResponseCode::SYSTEM_ERROR; |
| } |
| return ResponseCode::NO_ERROR; |
| } |
| |
| ResponseCode UserState::writeMasterKey(const android::String8& pw) { |
| std::vector<uint8_t> passwordKey(MASTER_KEY_SIZE_BYTES); |
| generateKeyFromPassword(passwordKey, pw, mSalt); |
| Blob masterKeyBlob(mMasterKey.data(), mMasterKey.size(), mSalt, sizeof(mSalt), |
| TYPE_MASTER_KEY_AES256); |
| auto lockedEntry = LockedKeyBlobEntry::get(mMasterKeyEntry); |
| return lockedEntry.writeBlobs(masterKeyBlob, {}, passwordKey, STATE_NO_ERROR); |
| } |
| |
| ResponseCode UserState::readMasterKey(const android::String8& pw) { |
| |
| auto lockedEntry = LockedKeyBlobEntry::get(mMasterKeyEntry); |
| |
| int in = TEMP_FAILURE_RETRY(open(mMasterKeyEntry.getKeyBlobPath().c_str(), O_RDONLY)); |
| if (in < 0) { |
| return ResponseCode::SYSTEM_ERROR; |
| } |
| |
| // We read the raw blob to just to get the salt to generate the AES key, then we create the Blob |
| // to use with decryptBlob |
| blobv3 rawBlob; |
| size_t length = readFully(in, (uint8_t*)&rawBlob, sizeof(rawBlob)); |
| if (close(in) != 0) { |
| return ResponseCode::SYSTEM_ERROR; |
| } |
| // find salt at EOF if present, otherwise we have an old file |
| uint8_t* salt; |
| if (length > SALT_SIZE && rawBlob.info == SALT_SIZE) { |
| salt = (uint8_t*)&rawBlob + length - SALT_SIZE; |
| } else { |
| salt = nullptr; |
| } |
| |
| size_t masterKeySize = MASTER_KEY_SIZE_BYTES; |
| if (rawBlob.type == TYPE_MASTER_KEY) { |
| masterKeySize = SHA1_DIGEST_SIZE_BYTES; |
| } |
| |
| std::vector<uint8_t> passwordKey(masterKeySize); |
| generateKeyFromPassword(passwordKey, pw, salt); |
| Blob masterKeyBlob, dummyBlob; |
| ResponseCode response; |
| std::tie(response, masterKeyBlob, dummyBlob) = |
| lockedEntry.readBlobs(passwordKey, STATE_NO_ERROR); |
| if (response == ResponseCode::SYSTEM_ERROR) { |
| return response; |
| } |
| |
| size_t masterKeyBlobLength = static_cast<size_t>(masterKeyBlob.getLength()); |
| |
| if (response == ResponseCode::NO_ERROR && masterKeyBlobLength == masterKeySize) { |
| // If salt was missing, generate one and write a new master key file with the salt. |
| if (salt == nullptr) { |
| if (!generateSalt()) { |
| return ResponseCode::SYSTEM_ERROR; |
| } |
| response = writeMasterKey(pw); |
| } |
| if (response == ResponseCode::NO_ERROR) { |
| mMasterKey = std::vector<uint8_t>(masterKeyBlob.getValue(), |
| masterKeyBlob.getValue() + masterKeyBlob.getLength()); |
| |
| setupMasterKeys(); |
| } |
| return response; |
| } |
| if (mRetry <= 0) { |
| reset(); |
| return ResponseCode::UNINITIALIZED; |
| } |
| --mRetry; |
| switch (mRetry) { |
| case 0: |
| return ResponseCode::WRONG_PASSWORD_0; |
| case 1: |
| return ResponseCode::WRONG_PASSWORD_1; |
| case 2: |
| return ResponseCode::WRONG_PASSWORD_2; |
| case 3: |
| return ResponseCode::WRONG_PASSWORD_3; |
| default: |
| return ResponseCode::WRONG_PASSWORD_3; |
| } |
| } |
| |
| bool UserState::reset() { |
| DIR* dir = opendir(mMasterKeyEntry.user_dir().c_str()); |
| if (!dir) { |
| // If the directory doesn't exist then nothing to do. |
| if (errno == ENOENT) { |
| return true; |
| } |
| ALOGW("couldn't open user directory: %s", strerror(errno)); |
| return false; |
| } |
| |
| struct dirent* file; |
| while ((file = readdir(dir)) != nullptr) { |
| // skip . and .. |
| if (!strcmp(".", file->d_name) || !strcmp("..", file->d_name)) { |
| continue; |
| } |
| |
| unlinkat(dirfd(dir), file->d_name, 0); |
| } |
| closedir(dir); |
| return true; |
| } |
| |
| void UserState::generateKeyFromPassword(std::vector<uint8_t>& key, const android::String8& pw, |
| uint8_t* salt) { |
| size_t saltSize; |
| if (salt != nullptr) { |
| saltSize = SALT_SIZE; |
| } else { |
| // Pre-gingerbread used this hardwired salt, readMasterKey will rewrite these when found |
| salt = (uint8_t*)"keystore"; |
| // sizeof = 9, not strlen = 8 |
| saltSize = sizeof("keystore"); |
| } |
| |
| const EVP_MD* digest = EVP_sha256(); |
| |
| // SHA1 was used prior to increasing the key size |
| if (key.size() == SHA1_DIGEST_SIZE_BYTES) { |
| digest = EVP_sha1(); |
| } |
| |
| PKCS5_PBKDF2_HMAC(reinterpret_cast<const char*>(pw.string()), pw.length(), salt, saltSize, 8192, |
| digest, key.size(), key.data()); |
| } |
| |
| bool UserState::generateSalt() { |
| return RAND_bytes(mSalt, sizeof(mSalt)); |
| } |
| |
| bool UserState::generateMasterKey() { |
| mMasterKey.resize(MASTER_KEY_SIZE_BYTES); |
| if (!RAND_bytes(mMasterKey.data(), mMasterKey.size())) { |
| return false; |
| } |
| if (!generateSalt()) { |
| return false; |
| } |
| return true; |
| } |
| |
| void UserState::setupMasterKeys() { |
| setState(STATE_NO_ERROR); |
| } |
| |
| LockedUserState<UserState> UserStateDB::getUserState(uid_t userId) { |
| std::unique_lock<std::mutex> lock(locked_state_mutex_); |
| decltype(mMasterKeys.begin()) it; |
| bool inserted; |
| std::tie(it, inserted) = mMasterKeys.emplace(userId, userId); |
| if (inserted) { |
| if (!it->second.initialize()) { |
| /* There's not much we can do if initialization fails. Trying to |
| * unlock the keystore for that user will fail as well, so any |
| * subsequent request for this user will just return SYSTEM_ERROR. |
| */ |
| ALOGE("User initialization failed for %u; subsequent operations will fail", userId); |
| } |
| } |
| return get(std::move(lock), &it->second); |
| } |
| |
| LockedUserState<UserState> UserStateDB::getUserStateByUid(uid_t uid) { |
| return getUserState(get_user_id(uid)); |
| } |
| |
| LockedUserState<const UserState> UserStateDB::getUserState(uid_t userId) const { |
| std::unique_lock<std::mutex> lock(locked_state_mutex_); |
| auto it = mMasterKeys.find(userId); |
| if (it == mMasterKeys.end()) return {}; |
| return get(std::move(lock), &it->second); |
| } |
| |
| LockedUserState<const UserState> UserStateDB::getUserStateByUid(uid_t uid) const { |
| return getUserState(get_user_id(uid)); |
| } |
| |
| } // namespace keystore |