Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2016 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #define LOG_TAG "keystore" |
| 18 | |
| 19 | #include "user_state.h" |
| 20 | |
| 21 | #include <dirent.h> |
| 22 | #include <fcntl.h> |
| 23 | #include <stdio.h> |
| 24 | #include <stdlib.h> |
| 25 | #include <sys/stat.h> |
| 26 | |
Branden Archer | cefbcbc | 2018-12-28 12:24:53 -0800 | [diff] [blame] | 27 | #include <openssl/digest.h> |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 28 | #include <openssl/evp.h> |
Branden Archer | 44d1afa | 2018-12-28 09:10:49 -0800 | [diff] [blame] | 29 | #include <openssl/rand.h> |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 30 | |
Logan Chien | cdc813f | 2018-04-23 13:52:28 +0800 | [diff] [blame] | 31 | #include <log/log.h> |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 32 | |
| 33 | #include "blob.h" |
| 34 | #include "keystore_utils.h" |
| 35 | |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 36 | namespace keystore { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 37 | |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 38 | UserState::UserState(uid_t userId) |
| 39 | : mMasterKeyEntry(".masterkey", "user_" + std::to_string(userId), userId, /* masterkey */ true), |
| 40 | mUserId(userId), mState(STATE_UNINITIALIZED), mRetry(MAX_RETRY) {} |
| 41 | |
| 42 | bool UserState::operator<(const UserState& rhs) const { |
| 43 | return getUserId() < rhs.getUserId(); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 44 | } |
| 45 | |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 46 | bool UserState::operator<(uid_t userId) const { |
| 47 | return getUserId() < userId; |
| 48 | } |
| 49 | |
| 50 | bool operator<(uid_t userId, const UserState& rhs) { |
| 51 | return userId < rhs.getUserId(); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 52 | } |
| 53 | |
| 54 | bool UserState::initialize() { |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 55 | if ((mkdir(mMasterKeyEntry.user_dir().c_str(), S_IRUSR | S_IWUSR | S_IXUSR) < 0) && |
| 56 | (errno != EEXIST)) { |
| 57 | ALOGE("Could not create directory '%s'", mMasterKeyEntry.user_dir().c_str()); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 58 | return false; |
| 59 | } |
| 60 | |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 61 | if (mMasterKeyEntry.hasKeyBlob()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 62 | setState(STATE_LOCKED); |
| 63 | } else { |
| 64 | setState(STATE_UNINITIALIZED); |
| 65 | } |
| 66 | |
| 67 | return true; |
| 68 | } |
| 69 | |
| 70 | void UserState::setState(State state) { |
| 71 | mState = state; |
| 72 | if (mState == STATE_NO_ERROR || mState == STATE_UNINITIALIZED) { |
| 73 | mRetry = MAX_RETRY; |
| 74 | } |
| 75 | } |
| 76 | |
| 77 | void UserState::zeroizeMasterKeysInMemory() { |
Branden Archer | f5953d7 | 2019-01-10 09:08:18 -0800 | [diff] [blame] | 78 | memset(mMasterKey.data(), 0, mMasterKey.size()); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 79 | memset(mSalt, 0, sizeof(mSalt)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 80 | } |
| 81 | |
| 82 | bool UserState::deleteMasterKey() { |
| 83 | setState(STATE_UNINITIALIZED); |
| 84 | zeroizeMasterKeysInMemory(); |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 85 | return unlink(mMasterKeyEntry.getKeyBlobPath().c_str()) == 0 || errno == ENOENT; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 86 | } |
| 87 | |
Branden Archer | 44d1afa | 2018-12-28 09:10:49 -0800 | [diff] [blame] | 88 | ResponseCode UserState::initialize(const android::String8& pw) { |
| 89 | if (!generateMasterKey()) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 90 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 91 | } |
Branden Archer | 44d1afa | 2018-12-28 09:10:49 -0800 | [diff] [blame] | 92 | ResponseCode response = writeMasterKey(pw); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 93 | if (response != ResponseCode::NO_ERROR) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 94 | return response; |
| 95 | } |
| 96 | setupMasterKeys(); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 97 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 98 | } |
| 99 | |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 100 | ResponseCode UserState::copyMasterKey(LockedUserState<UserState>* src) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 101 | if (mState != STATE_UNINITIALIZED) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 102 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 103 | } |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 104 | if ((*src)->getState() != STATE_NO_ERROR) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 105 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 106 | } |
Branden Archer | f5953d7 | 2019-01-10 09:08:18 -0800 | [diff] [blame] | 107 | mMasterKey = (*src)->mMasterKey; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 108 | setupMasterKeys(); |
| 109 | return copyMasterKeyFile(src); |
| 110 | } |
| 111 | |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 112 | ResponseCode UserState::copyMasterKeyFile(LockedUserState<UserState>* src) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 113 | /* Copy the master key file to the new user. Unfortunately we don't have the src user's |
| 114 | * password so we cannot generate a new file with a new salt. |
| 115 | */ |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 116 | int in = TEMP_FAILURE_RETRY(open((*src)->getMasterKeyFileName().c_str(), O_RDONLY)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 117 | if (in < 0) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 118 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 119 | } |
Shawn Willden | e983058 | 2017-04-18 10:47:57 -0600 | [diff] [blame] | 120 | blobv3 rawBlob; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 121 | size_t length = readFully(in, (uint8_t*)&rawBlob, sizeof(rawBlob)); |
| 122 | if (close(in) != 0) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 123 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 124 | } |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 125 | int out = TEMP_FAILURE_RETRY(open(mMasterKeyEntry.getKeyBlobPath().c_str(), |
| 126 | O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 127 | if (out < 0) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 128 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 129 | } |
| 130 | size_t outLength = writeFully(out, (uint8_t*)&rawBlob, length); |
| 131 | if (close(out) != 0) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 132 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 133 | } |
| 134 | if (outLength != length) { |
| 135 | ALOGW("blob not fully written %zu != %zu", outLength, length); |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 136 | unlink(mMasterKeyEntry.getKeyBlobPath().c_str()); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 137 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 138 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 139 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 140 | } |
| 141 | |
Branden Archer | 44d1afa | 2018-12-28 09:10:49 -0800 | [diff] [blame] | 142 | ResponseCode UserState::writeMasterKey(const android::String8& pw) { |
Branden Archer | f5953d7 | 2019-01-10 09:08:18 -0800 | [diff] [blame] | 143 | std::vector<uint8_t> passwordKey(MASTER_KEY_SIZE_BYTES); |
| 144 | generateKeyFromPassword(passwordKey, pw, mSalt); |
Branden Archer | d031573 | 2019-01-10 14:56:05 -0800 | [diff] [blame] | 145 | Blob masterKeyBlob(mMasterKey.data(), mMasterKey.size(), mSalt, sizeof(mSalt), |
| 146 | TYPE_MASTER_KEY_AES256); |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 147 | auto lockedEntry = LockedKeyBlobEntry::get(mMasterKeyEntry); |
Branden Archer | 44d1afa | 2018-12-28 09:10:49 -0800 | [diff] [blame] | 148 | return lockedEntry.writeBlobs(masterKeyBlob, {}, passwordKey, STATE_NO_ERROR); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 149 | } |
| 150 | |
Branden Archer | 44d1afa | 2018-12-28 09:10:49 -0800 | [diff] [blame] | 151 | ResponseCode UserState::readMasterKey(const android::String8& pw) { |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 152 | |
| 153 | auto lockedEntry = LockedKeyBlobEntry::get(mMasterKeyEntry); |
| 154 | |
| 155 | int in = TEMP_FAILURE_RETRY(open(mMasterKeyEntry.getKeyBlobPath().c_str(), O_RDONLY)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 156 | if (in < 0) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 157 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 158 | } |
| 159 | |
| 160 | // We read the raw blob to just to get the salt to generate the AES key, then we create the Blob |
| 161 | // to use with decryptBlob |
Shawn Willden | e983058 | 2017-04-18 10:47:57 -0600 | [diff] [blame] | 162 | blobv3 rawBlob; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 163 | size_t length = readFully(in, (uint8_t*)&rawBlob, sizeof(rawBlob)); |
| 164 | if (close(in) != 0) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 165 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 166 | } |
| 167 | // find salt at EOF if present, otherwise we have an old file |
| 168 | uint8_t* salt; |
| 169 | if (length > SALT_SIZE && rawBlob.info == SALT_SIZE) { |
| 170 | salt = (uint8_t*)&rawBlob + length - SALT_SIZE; |
| 171 | } else { |
Yi Kong | d291675 | 2018-07-26 17:44:27 -0700 | [diff] [blame] | 172 | salt = nullptr; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 173 | } |
Branden Archer | f5953d7 | 2019-01-10 09:08:18 -0800 | [diff] [blame] | 174 | |
Branden Archer | d031573 | 2019-01-10 14:56:05 -0800 | [diff] [blame] | 175 | size_t masterKeySize = MASTER_KEY_SIZE_BYTES; |
| 176 | if (rawBlob.type == TYPE_MASTER_KEY) { |
| 177 | masterKeySize = SHA1_DIGEST_SIZE_BYTES; |
| 178 | } |
| 179 | |
| 180 | std::vector<uint8_t> passwordKey(masterKeySize); |
Branden Archer | f5953d7 | 2019-01-10 09:08:18 -0800 | [diff] [blame] | 181 | generateKeyFromPassword(passwordKey, pw, salt); |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 182 | Blob masterKeyBlob, dummyBlob; |
| 183 | ResponseCode response; |
| 184 | std::tie(response, masterKeyBlob, dummyBlob) = |
| 185 | lockedEntry.readBlobs(passwordKey, STATE_NO_ERROR); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 186 | if (response == ResponseCode::SYSTEM_ERROR) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 187 | return response; |
| 188 | } |
Branden Archer | d031573 | 2019-01-10 14:56:05 -0800 | [diff] [blame] | 189 | |
| 190 | size_t masterKeyBlobLength = static_cast<size_t>(masterKeyBlob.getLength()); |
| 191 | |
| 192 | if (response == ResponseCode::NO_ERROR && masterKeyBlobLength == masterKeySize) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 193 | // If salt was missing, generate one and write a new master key file with the salt. |
Yi Kong | d291675 | 2018-07-26 17:44:27 -0700 | [diff] [blame] | 194 | if (salt == nullptr) { |
Branden Archer | 44d1afa | 2018-12-28 09:10:49 -0800 | [diff] [blame] | 195 | if (!generateSalt()) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 196 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 197 | } |
Branden Archer | 44d1afa | 2018-12-28 09:10:49 -0800 | [diff] [blame] | 198 | response = writeMasterKey(pw); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 199 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 200 | if (response == ResponseCode::NO_ERROR) { |
Branden Archer | f5953d7 | 2019-01-10 09:08:18 -0800 | [diff] [blame] | 201 | mMasterKey = std::vector<uint8_t>(masterKeyBlob.getValue(), |
| 202 | masterKeyBlob.getValue() + masterKeyBlob.getLength()); |
| 203 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 204 | setupMasterKeys(); |
| 205 | } |
| 206 | return response; |
| 207 | } |
| 208 | if (mRetry <= 0) { |
| 209 | reset(); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 210 | return ResponseCode::UNINITIALIZED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 211 | } |
| 212 | --mRetry; |
| 213 | switch (mRetry) { |
| 214 | case 0: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 215 | return ResponseCode::WRONG_PASSWORD_0; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 216 | case 1: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 217 | return ResponseCode::WRONG_PASSWORD_1; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 218 | case 2: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 219 | return ResponseCode::WRONG_PASSWORD_2; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 220 | case 3: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 221 | return ResponseCode::WRONG_PASSWORD_3; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 222 | default: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 223 | return ResponseCode::WRONG_PASSWORD_3; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 224 | } |
| 225 | } |
| 226 | |
| 227 | bool UserState::reset() { |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 228 | DIR* dir = opendir(mMasterKeyEntry.user_dir().c_str()); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 229 | if (!dir) { |
| 230 | // If the directory doesn't exist then nothing to do. |
| 231 | if (errno == ENOENT) { |
| 232 | return true; |
| 233 | } |
| 234 | ALOGW("couldn't open user directory: %s", strerror(errno)); |
| 235 | return false; |
| 236 | } |
| 237 | |
| 238 | struct dirent* file; |
Yi Kong | d291675 | 2018-07-26 17:44:27 -0700 | [diff] [blame] | 239 | while ((file = readdir(dir)) != nullptr) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 240 | // skip . and .. |
| 241 | if (!strcmp(".", file->d_name) || !strcmp("..", file->d_name)) { |
| 242 | continue; |
| 243 | } |
| 244 | |
| 245 | unlinkat(dirfd(dir), file->d_name, 0); |
| 246 | } |
| 247 | closedir(dir); |
| 248 | return true; |
| 249 | } |
| 250 | |
Branden Archer | f5953d7 | 2019-01-10 09:08:18 -0800 | [diff] [blame] | 251 | void UserState::generateKeyFromPassword(std::vector<uint8_t>& key, const android::String8& pw, |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 252 | uint8_t* salt) { |
| 253 | size_t saltSize; |
Yi Kong | d291675 | 2018-07-26 17:44:27 -0700 | [diff] [blame] | 254 | if (salt != nullptr) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 255 | saltSize = SALT_SIZE; |
| 256 | } else { |
| 257 | // Pre-gingerbread used this hardwired salt, readMasterKey will rewrite these when found |
| 258 | salt = (uint8_t*)"keystore"; |
| 259 | // sizeof = 9, not strlen = 8 |
| 260 | saltSize = sizeof("keystore"); |
| 261 | } |
| 262 | |
Branden Archer | cefbcbc | 2018-12-28 12:24:53 -0800 | [diff] [blame] | 263 | const EVP_MD* digest = EVP_sha256(); |
| 264 | |
| 265 | // SHA1 was used prior to increasing the key size |
Branden Archer | f5953d7 | 2019-01-10 09:08:18 -0800 | [diff] [blame] | 266 | if (key.size() == SHA1_DIGEST_SIZE_BYTES) { |
Branden Archer | cefbcbc | 2018-12-28 12:24:53 -0800 | [diff] [blame] | 267 | digest = EVP_sha1(); |
| 268 | } |
| 269 | |
| 270 | PKCS5_PBKDF2_HMAC(reinterpret_cast<const char*>(pw.string()), pw.length(), salt, saltSize, 8192, |
Branden Archer | f5953d7 | 2019-01-10 09:08:18 -0800 | [diff] [blame] | 271 | digest, key.size(), key.data()); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 272 | } |
| 273 | |
Branden Archer | 44d1afa | 2018-12-28 09:10:49 -0800 | [diff] [blame] | 274 | bool UserState::generateSalt() { |
| 275 | return RAND_bytes(mSalt, sizeof(mSalt)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 276 | } |
| 277 | |
Branden Archer | 44d1afa | 2018-12-28 09:10:49 -0800 | [diff] [blame] | 278 | bool UserState::generateMasterKey() { |
Branden Archer | f5953d7 | 2019-01-10 09:08:18 -0800 | [diff] [blame] | 279 | mMasterKey.resize(MASTER_KEY_SIZE_BYTES); |
| 280 | if (!RAND_bytes(mMasterKey.data(), mMasterKey.size())) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 281 | return false; |
| 282 | } |
Branden Archer | 44d1afa | 2018-12-28 09:10:49 -0800 | [diff] [blame] | 283 | if (!generateSalt()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 284 | return false; |
| 285 | } |
| 286 | return true; |
| 287 | } |
| 288 | |
| 289 | void UserState::setupMasterKeys() { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 290 | setState(STATE_NO_ERROR); |
| 291 | } |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 292 | |
| 293 | LockedUserState<UserState> UserStateDB::getUserState(uid_t userId) { |
| 294 | std::unique_lock<std::mutex> lock(locked_state_mutex_); |
| 295 | decltype(mMasterKeys.begin()) it; |
| 296 | bool inserted; |
| 297 | std::tie(it, inserted) = mMasterKeys.emplace(userId, userId); |
| 298 | if (inserted) { |
| 299 | if (!it->second.initialize()) { |
| 300 | /* There's not much we can do if initialization fails. Trying to |
| 301 | * unlock the keystore for that user will fail as well, so any |
| 302 | * subsequent request for this user will just return SYSTEM_ERROR. |
| 303 | */ |
| 304 | ALOGE("User initialization failed for %u; subsequent operations will fail", userId); |
| 305 | } |
| 306 | } |
| 307 | return get(std::move(lock), &it->second); |
| 308 | } |
| 309 | |
| 310 | LockedUserState<UserState> UserStateDB::getUserStateByUid(uid_t uid) { |
| 311 | return getUserState(get_user_id(uid)); |
| 312 | } |
| 313 | |
| 314 | LockedUserState<const UserState> UserStateDB::getUserState(uid_t userId) const { |
| 315 | std::unique_lock<std::mutex> lock(locked_state_mutex_); |
| 316 | auto it = mMasterKeys.find(userId); |
| 317 | if (it == mMasterKeys.end()) return {}; |
| 318 | return get(std::move(lock), &it->second); |
| 319 | } |
| 320 | |
| 321 | LockedUserState<const UserState> UserStateDB::getUserStateByUid(uid_t uid) const { |
| 322 | return getUserState(get_user_id(uid)); |
| 323 | } |
| 324 | |
| 325 | } // namespace keystore |