Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #define LOG_TAG "keystore" |
| 18 | |
| 19 | #include "keymaster_enforcement.h" |
| 20 | |
| 21 | #include <assert.h> |
| 22 | #include <inttypes.h> |
| 23 | #include <limits.h> |
| 24 | #include <string.h> |
| 25 | |
| 26 | #include <openssl/evp.h> |
| 27 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 28 | #include <hardware/hw_auth_token.h> |
Logan Chien | cdc813f | 2018-04-23 13:52:28 +0800 | [diff] [blame] | 29 | #include <log/log.h> |
| 30 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 31 | #include <list> |
| 32 | |
Janis Danisevskis | 8f737ad | 2017-11-21 12:30:15 -0800 | [diff] [blame] | 33 | #include <keystore/keystore_hidl_support.h> |
| 34 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 35 | namespace keystore { |
| 36 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 37 | bool is_public_key_algorithm(const AuthorizationSet& auth_set) { |
| 38 | auto algorithm = auth_set.GetTagValue(TAG_ALGORITHM); |
| 39 | return algorithm.isOk() && |
| 40 | (algorithm.value() == Algorithm::RSA || algorithm.value() == Algorithm::EC); |
| 41 | } |
| 42 | |
| 43 | static ErrorCode authorized_purpose(const KeyPurpose purpose, const AuthorizationSet& auth_set) { |
| 44 | switch (purpose) { |
| 45 | case KeyPurpose::VERIFY: |
| 46 | case KeyPurpose::ENCRYPT: |
| 47 | case KeyPurpose::SIGN: |
| 48 | case KeyPurpose::DECRYPT: |
| 49 | if (auth_set.Contains(TAG_PURPOSE, purpose)) return ErrorCode::OK; |
| 50 | return ErrorCode::INCOMPATIBLE_PURPOSE; |
| 51 | |
| 52 | default: |
| 53 | return ErrorCode::UNSUPPORTED_PURPOSE; |
| 54 | } |
| 55 | } |
| 56 | |
| 57 | inline bool is_origination_purpose(KeyPurpose purpose) { |
| 58 | return purpose == KeyPurpose::ENCRYPT || purpose == KeyPurpose::SIGN; |
| 59 | } |
| 60 | |
| 61 | inline bool is_usage_purpose(KeyPurpose purpose) { |
| 62 | return purpose == KeyPurpose::DECRYPT || purpose == KeyPurpose::VERIFY; |
| 63 | } |
| 64 | |
| 65 | KeymasterEnforcement::KeymasterEnforcement(uint32_t max_access_time_map_size, |
| 66 | uint32_t max_access_count_map_size) |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 67 | : access_time_map_(max_access_time_map_size), access_count_map_(max_access_count_map_size) {} |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 68 | |
| 69 | KeymasterEnforcement::~KeymasterEnforcement() { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 70 | } |
| 71 | |
| 72 | ErrorCode KeymasterEnforcement::AuthorizeOperation(const KeyPurpose purpose, const km_id_t keyid, |
| 73 | const AuthorizationSet& auth_set, |
| 74 | const AuthorizationSet& operation_params, |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 75 | const HardwareAuthToken& auth_token, |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 76 | uint64_t op_handle, bool is_begin_operation) { |
| 77 | if (is_public_key_algorithm(auth_set)) { |
| 78 | switch (purpose) { |
| 79 | case KeyPurpose::ENCRYPT: |
| 80 | case KeyPurpose::VERIFY: |
| 81 | /* Public key operations are always authorized. */ |
| 82 | return ErrorCode::OK; |
| 83 | |
| 84 | case KeyPurpose::DECRYPT: |
| 85 | case KeyPurpose::SIGN: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 86 | break; |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 87 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 88 | case KeyPurpose::WRAP_KEY: |
| 89 | return ErrorCode::INCOMPATIBLE_PURPOSE; |
| 90 | }; |
| 91 | }; |
| 92 | |
| 93 | if (is_begin_operation) |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 94 | return AuthorizeBegin(purpose, keyid, auth_set, operation_params, auth_token); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 95 | else |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 96 | return AuthorizeUpdateOrFinish(auth_set, auth_token, op_handle); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 97 | } |
| 98 | |
| 99 | // For update and finish the only thing to check is user authentication, and then only if it's not |
| 100 | // timeout-based. |
| 101 | ErrorCode KeymasterEnforcement::AuthorizeUpdateOrFinish(const AuthorizationSet& auth_set, |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 102 | const HardwareAuthToken& auth_token, |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 103 | uint64_t op_handle) { |
| 104 | int auth_type_index = -1; |
| 105 | for (size_t pos = 0; pos < auth_set.size(); ++pos) { |
| 106 | switch (auth_set[pos].tag) { |
| 107 | case Tag::NO_AUTH_REQUIRED: |
| 108 | case Tag::AUTH_TIMEOUT: |
| 109 | // If no auth is required or if auth is timeout-based, we have nothing to check. |
| 110 | return ErrorCode::OK; |
| 111 | |
| 112 | case Tag::USER_AUTH_TYPE: |
| 113 | auth_type_index = pos; |
| 114 | break; |
| 115 | |
| 116 | default: |
| 117 | break; |
| 118 | } |
| 119 | } |
| 120 | |
| 121 | // Note that at this point we should be able to assume that authentication is required, because |
| 122 | // authentication is required if KM_TAG_NO_AUTH_REQUIRED is absent. However, there are legacy |
| 123 | // keys which have no authentication-related tags, so we assume that absence is equivalent to |
| 124 | // presence of KM_TAG_NO_AUTH_REQUIRED. |
| 125 | // |
| 126 | // So, if we found KM_TAG_USER_AUTH_TYPE or if we find KM_TAG_USER_SECURE_ID then authentication |
| 127 | // is required. If we find neither, then we assume authentication is not required and return |
| 128 | // success. |
| 129 | bool authentication_required = (auth_type_index != -1); |
| 130 | for (auto& param : auth_set) { |
| 131 | auto user_secure_id = authorizationValue(TAG_USER_SECURE_ID, param); |
| 132 | if (user_secure_id.isOk()) { |
| 133 | authentication_required = true; |
| 134 | int auth_timeout_index = -1; |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 135 | if (auth_token.mac.size() && |
| 136 | AuthTokenMatches(auth_set, auth_token, user_secure_id.value(), auth_type_index, |
| 137 | auth_timeout_index, op_handle, false /* is_begin_operation */)) |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 138 | return ErrorCode::OK; |
| 139 | } |
| 140 | } |
| 141 | |
| 142 | if (authentication_required) return ErrorCode::KEY_USER_NOT_AUTHENTICATED; |
| 143 | |
| 144 | return ErrorCode::OK; |
| 145 | } |
| 146 | |
| 147 | ErrorCode KeymasterEnforcement::AuthorizeBegin(const KeyPurpose purpose, const km_id_t keyid, |
| 148 | const AuthorizationSet& auth_set, |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 149 | const AuthorizationSet& operation_params, |
| 150 | NullOr<const HardwareAuthToken&> auth_token) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 151 | // Find some entries that may be needed to handle KM_TAG_USER_SECURE_ID |
| 152 | int auth_timeout_index = -1; |
| 153 | int auth_type_index = -1; |
| 154 | int no_auth_required_index = -1; |
| 155 | for (size_t pos = 0; pos < auth_set.size(); ++pos) { |
| 156 | switch (auth_set[pos].tag) { |
| 157 | case Tag::AUTH_TIMEOUT: |
| 158 | auth_timeout_index = pos; |
| 159 | break; |
| 160 | case Tag::USER_AUTH_TYPE: |
| 161 | auth_type_index = pos; |
| 162 | break; |
| 163 | case Tag::NO_AUTH_REQUIRED: |
| 164 | no_auth_required_index = pos; |
| 165 | break; |
| 166 | default: |
| 167 | break; |
| 168 | } |
| 169 | } |
| 170 | |
| 171 | ErrorCode error = authorized_purpose(purpose, auth_set); |
| 172 | if (error != ErrorCode::OK) return error; |
| 173 | |
| 174 | // If successful, and if key has a min time between ops, this will be set to the time limit |
| 175 | uint32_t min_ops_timeout = UINT32_MAX; |
| 176 | |
| 177 | bool update_access_count = false; |
| 178 | bool caller_nonce_authorized_by_key = false; |
| 179 | bool authentication_required = false; |
| 180 | bool auth_token_matched = false; |
Brian Young | 9a947d5 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 181 | bool unlocked_device_required = false; |
| 182 | int32_t user_id = -1; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 183 | |
| 184 | for (auto& param : auth_set) { |
| 185 | |
| 186 | // KM_TAG_PADDING_OLD and KM_TAG_DIGEST_OLD aren't actually members of the enum, so we can't |
| 187 | // switch on them. There's nothing to validate for them, though, so just ignore them. |
| 188 | if (int32_t(param.tag) == KM_TAG_PADDING_OLD || int32_t(param.tag) == KM_TAG_DIGEST_OLD) |
| 189 | continue; |
| 190 | |
| 191 | switch (param.tag) { |
| 192 | |
| 193 | case Tag::ACTIVE_DATETIME: { |
| 194 | auto date = authorizationValue(TAG_ACTIVE_DATETIME, param); |
| 195 | if (date.isOk() && !activation_date_valid(date.value())) |
| 196 | return ErrorCode::KEY_NOT_YET_VALID; |
| 197 | break; |
| 198 | } |
| 199 | case Tag::ORIGINATION_EXPIRE_DATETIME: { |
| 200 | auto date = authorizationValue(TAG_ORIGINATION_EXPIRE_DATETIME, param); |
| 201 | if (is_origination_purpose(purpose) && date.isOk() && |
| 202 | expiration_date_passed(date.value())) |
| 203 | return ErrorCode::KEY_EXPIRED; |
| 204 | break; |
| 205 | } |
| 206 | case Tag::USAGE_EXPIRE_DATETIME: { |
| 207 | auto date = authorizationValue(TAG_USAGE_EXPIRE_DATETIME, param); |
| 208 | if (is_usage_purpose(purpose) && date.isOk() && expiration_date_passed(date.value())) |
| 209 | return ErrorCode::KEY_EXPIRED; |
| 210 | break; |
| 211 | } |
| 212 | case Tag::MIN_SECONDS_BETWEEN_OPS: { |
| 213 | auto min_ops_timeout = authorizationValue(TAG_MIN_SECONDS_BETWEEN_OPS, param); |
| 214 | if (min_ops_timeout.isOk() && !MinTimeBetweenOpsPassed(min_ops_timeout.value(), keyid)) |
| 215 | return ErrorCode::KEY_RATE_LIMIT_EXCEEDED; |
| 216 | break; |
| 217 | } |
| 218 | case Tag::MAX_USES_PER_BOOT: { |
| 219 | auto max_users = authorizationValue(TAG_MAX_USES_PER_BOOT, param); |
| 220 | update_access_count = true; |
| 221 | if (max_users.isOk() && !MaxUsesPerBootNotExceeded(keyid, max_users.value())) |
| 222 | return ErrorCode::KEY_MAX_OPS_EXCEEDED; |
| 223 | break; |
| 224 | } |
| 225 | case Tag::USER_SECURE_ID: |
| 226 | if (no_auth_required_index != -1) { |
| 227 | // Key has both KM_TAG_USER_SECURE_ID and KM_TAG_NO_AUTH_REQUIRED |
| 228 | return ErrorCode::INVALID_KEY_BLOB; |
| 229 | } |
| 230 | |
| 231 | if (auth_timeout_index != -1) { |
| 232 | auto secure_id = authorizationValue(TAG_USER_SECURE_ID, param); |
| 233 | authentication_required = true; |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 234 | if (secure_id.isOk() && auth_token.isOk() && |
| 235 | AuthTokenMatches(auth_set, auth_token.value(), secure_id.value(), |
| 236 | auth_type_index, auth_timeout_index, 0 /* op_handle */, |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 237 | true /* is_begin_operation */)) |
| 238 | auth_token_matched = true; |
| 239 | } |
| 240 | break; |
| 241 | |
Brian Young | 9371e95 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 242 | case Tag::USER_ID: |
Brian Young | 9a947d5 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 243 | user_id = authorizationValue(TAG_USER_ID, param).value(); |
Brian Young | 9371e95 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 244 | break; |
| 245 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 246 | case Tag::CALLER_NONCE: |
| 247 | caller_nonce_authorized_by_key = true; |
| 248 | break; |
| 249 | |
Brian Young | 9371e95 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 250 | case Tag::UNLOCKED_DEVICE_REQUIRED: |
Brian Young | 9a947d5 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 251 | unlocked_device_required = true; |
Brian Young | 9371e95 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 252 | break; |
| 253 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 254 | /* Tags should never be in key auths. */ |
| 255 | case Tag::INVALID: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 256 | case Tag::ROOT_OF_TRUST: |
| 257 | case Tag::APPLICATION_DATA: |
| 258 | case Tag::ATTESTATION_CHALLENGE: |
| 259 | case Tag::ATTESTATION_APPLICATION_ID: |
Bartosz Fabianowski | a9452d9 | 2017-01-23 22:21:11 +0100 | [diff] [blame] | 260 | case Tag::ATTESTATION_ID_BRAND: |
| 261 | case Tag::ATTESTATION_ID_DEVICE: |
| 262 | case Tag::ATTESTATION_ID_PRODUCT: |
| 263 | case Tag::ATTESTATION_ID_SERIAL: |
| 264 | case Tag::ATTESTATION_ID_IMEI: |
| 265 | case Tag::ATTESTATION_ID_MEID: |
Bartosz Fabianowski | 634a1aa | 2017-03-20 14:02:32 +0100 | [diff] [blame] | 266 | case Tag::ATTESTATION_ID_MANUFACTURER: |
| 267 | case Tag::ATTESTATION_ID_MODEL: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 268 | return ErrorCode::INVALID_KEY_BLOB; |
| 269 | |
| 270 | /* Tags used for cryptographic parameters in keygen. Nothing to enforce. */ |
| 271 | case Tag::PURPOSE: |
| 272 | case Tag::ALGORITHM: |
| 273 | case Tag::KEY_SIZE: |
| 274 | case Tag::BLOCK_MODE: |
| 275 | case Tag::DIGEST: |
| 276 | case Tag::MAC_LENGTH: |
| 277 | case Tag::PADDING: |
| 278 | case Tag::NONCE: |
| 279 | case Tag::MIN_MAC_LENGTH: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 280 | case Tag::EC_CURVE: |
| 281 | |
| 282 | /* Tags not used for operations. */ |
| 283 | case Tag::BLOB_USAGE_REQUIREMENTS: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 284 | |
| 285 | /* Algorithm specific parameters not used for access control. */ |
| 286 | case Tag::RSA_PUBLIC_EXPONENT: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 287 | |
| 288 | /* Informational tags. */ |
| 289 | case Tag::CREATION_DATETIME: |
| 290 | case Tag::ORIGIN: |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 291 | case Tag::ROLLBACK_RESISTANCE: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 292 | |
| 293 | /* Tags handled when KM_TAG_USER_SECURE_ID is handled */ |
| 294 | case Tag::NO_AUTH_REQUIRED: |
| 295 | case Tag::USER_AUTH_TYPE: |
| 296 | case Tag::AUTH_TIMEOUT: |
| 297 | |
| 298 | /* Tag to provide data to operations. */ |
| 299 | case Tag::ASSOCIATED_DATA: |
| 300 | |
| 301 | /* Tags that are implicitly verified by secure side */ |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 302 | case Tag::APPLICATION_ID: |
Shawn Willden | 30adb49 | 2018-01-18 18:48:29 -0700 | [diff] [blame] | 303 | case Tag::BOOT_PATCHLEVEL: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 304 | case Tag::OS_PATCHLEVEL: |
Shawn Willden | 30adb49 | 2018-01-18 18:48:29 -0700 | [diff] [blame] | 305 | case Tag::OS_VERSION: |
Shawn Willden | 35b6e6c | 2018-01-10 09:30:12 -0700 | [diff] [blame] | 306 | case Tag::TRUSTED_USER_PRESENCE_REQUIRED: |
Shawn Willden | 30adb49 | 2018-01-18 18:48:29 -0700 | [diff] [blame] | 307 | case Tag::VENDOR_PATCHLEVEL: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 308 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 309 | /* TODO(swillden): Handle these */ |
| 310 | case Tag::INCLUDE_UNIQUE_ID: |
| 311 | case Tag::UNIQUE_ID: |
| 312 | case Tag::RESET_SINCE_ID_ROTATION: |
| 313 | case Tag::ALLOW_WHILE_ON_BODY: |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 314 | case Tag::HARDWARE_TYPE: |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 315 | case Tag::TRUSTED_CONFIRMATION_REQUIRED: |
| 316 | case Tag::CONFIRMATION_TOKEN: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 317 | break; |
| 318 | |
| 319 | case Tag::BOOTLOADER_ONLY: |
| 320 | return ErrorCode::INVALID_KEY_BLOB; |
| 321 | } |
| 322 | } |
| 323 | |
Brian Young | 9a947d5 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 324 | if (unlocked_device_required && is_device_locked(user_id)) { |
| 325 | switch (purpose) { |
| 326 | case KeyPurpose::ENCRYPT: |
| 327 | case KeyPurpose::VERIFY: |
| 328 | /* These are okay */ |
| 329 | break; |
| 330 | case KeyPurpose::DECRYPT: |
| 331 | case KeyPurpose::SIGN: |
| 332 | case KeyPurpose::WRAP_KEY: |
| 333 | return ErrorCode::DEVICE_LOCKED; |
| 334 | }; |
| 335 | } |
| 336 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 337 | if (authentication_required && !auth_token_matched) { |
| 338 | ALOGE("Auth required but no matching auth token found"); |
| 339 | return ErrorCode::KEY_USER_NOT_AUTHENTICATED; |
| 340 | } |
| 341 | |
| 342 | if (!caller_nonce_authorized_by_key && is_origination_purpose(purpose) && |
| 343 | operation_params.Contains(Tag::NONCE)) |
| 344 | return ErrorCode::CALLER_NONCE_PROHIBITED; |
| 345 | |
| 346 | if (min_ops_timeout != UINT32_MAX) { |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 347 | if (!access_time_map_.UpdateKeyAccessTime(keyid, get_current_time(), min_ops_timeout)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 348 | ALOGE("Rate-limited keys table full. Entries will time out."); |
| 349 | return ErrorCode::TOO_MANY_OPERATIONS; |
| 350 | } |
| 351 | } |
| 352 | |
| 353 | if (update_access_count) { |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 354 | if (!access_count_map_.IncrementKeyAccessCount(keyid)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 355 | ALOGE("Usage count-limited keys table full, until reboot."); |
| 356 | return ErrorCode::TOO_MANY_OPERATIONS; |
| 357 | } |
| 358 | } |
| 359 | |
| 360 | return ErrorCode::OK; |
| 361 | } |
| 362 | |
| 363 | class EvpMdCtx { |
| 364 | public: |
| 365 | EvpMdCtx() { EVP_MD_CTX_init(&ctx_); } |
| 366 | ~EvpMdCtx() { EVP_MD_CTX_cleanup(&ctx_); } |
| 367 | |
| 368 | EVP_MD_CTX* get() { return &ctx_; } |
| 369 | |
| 370 | private: |
| 371 | EVP_MD_CTX ctx_; |
| 372 | }; |
| 373 | |
| 374 | /* static */ |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 375 | std::optional<km_id_t> KeymasterEnforcement::CreateKeyId(const hidl_vec<uint8_t>& key_blob) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 376 | EvpMdCtx ctx; |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 377 | km_id_t keyid; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 378 | |
| 379 | uint8_t hash[EVP_MAX_MD_SIZE]; |
| 380 | unsigned int hash_len; |
| 381 | if (EVP_DigestInit_ex(ctx.get(), EVP_sha256(), nullptr /* ENGINE */) && |
| 382 | EVP_DigestUpdate(ctx.get(), &key_blob[0], key_blob.size()) && |
| 383 | EVP_DigestFinal_ex(ctx.get(), hash, &hash_len)) { |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 384 | assert(hash_len >= sizeof(keyid)); |
| 385 | memcpy(&keyid, hash, sizeof(keyid)); |
| 386 | return keyid; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 387 | } |
| 388 | |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 389 | return {}; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 390 | } |
| 391 | |
| 392 | bool KeymasterEnforcement::MinTimeBetweenOpsPassed(uint32_t min_time_between, const km_id_t keyid) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 393 | uint32_t last_access_time; |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 394 | if (!access_time_map_.LastKeyAccessTime(keyid, &last_access_time)) return true; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 395 | return min_time_between <= static_cast<int64_t>(get_current_time()) - last_access_time; |
| 396 | } |
| 397 | |
| 398 | bool KeymasterEnforcement::MaxUsesPerBootNotExceeded(const km_id_t keyid, uint32_t max_uses) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 399 | uint32_t key_access_count; |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 400 | if (!access_count_map_.KeyAccessCount(keyid, &key_access_count)) return true; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 401 | return key_access_count < max_uses; |
| 402 | } |
| 403 | |
| 404 | template <typename IntType, uint32_t byteOrder> struct choose_hton; |
| 405 | |
| 406 | template <typename IntType> struct choose_hton<IntType, __ORDER_LITTLE_ENDIAN__> { |
| 407 | inline static IntType hton(const IntType& value) { |
| 408 | IntType result = 0; |
| 409 | const unsigned char* inbytes = reinterpret_cast<const unsigned char*>(&value); |
| 410 | unsigned char* outbytes = reinterpret_cast<unsigned char*>(&result); |
| 411 | for (int i = sizeof(IntType) - 1; i >= 0; --i) { |
| 412 | *(outbytes++) = inbytes[i]; |
| 413 | } |
| 414 | return result; |
| 415 | } |
| 416 | }; |
| 417 | |
| 418 | template <typename IntType> struct choose_hton<IntType, __ORDER_BIG_ENDIAN__> { |
| 419 | inline static IntType hton(const IntType& value) { return value; } |
| 420 | }; |
| 421 | |
| 422 | template <typename IntType> inline IntType hton(const IntType& value) { |
| 423 | return choose_hton<IntType, __BYTE_ORDER__>::hton(value); |
| 424 | } |
| 425 | |
| 426 | template <typename IntType> inline IntType ntoh(const IntType& value) { |
| 427 | // same operation and hton |
| 428 | return choose_hton<IntType, __BYTE_ORDER__>::hton(value); |
| 429 | } |
| 430 | |
| 431 | bool KeymasterEnforcement::AuthTokenMatches(const AuthorizationSet& auth_set, |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 432 | const HardwareAuthToken& auth_token, |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 433 | const uint64_t user_secure_id, |
| 434 | const int auth_type_index, const int auth_timeout_index, |
| 435 | const uint64_t op_handle, |
| 436 | bool is_begin_operation) const { |
| 437 | assert(auth_type_index < static_cast<int>(auth_set.size())); |
| 438 | assert(auth_timeout_index < static_cast<int>(auth_set.size())); |
| 439 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 440 | if (!ValidateTokenSignature(auth_token)) { |
| 441 | ALOGE("Auth token signature invalid"); |
| 442 | return false; |
| 443 | } |
| 444 | |
| 445 | if (auth_timeout_index == -1 && op_handle && op_handle != auth_token.challenge) { |
| 446 | ALOGE("Auth token has the challenge %" PRIu64 ", need %" PRIu64, auth_token.challenge, |
| 447 | op_handle); |
| 448 | return false; |
| 449 | } |
| 450 | |
Janis Danisevskis | 8f737ad | 2017-11-21 12:30:15 -0800 | [diff] [blame] | 451 | if (user_secure_id != auth_token.userId && user_secure_id != auth_token.authenticatorId) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 452 | ALOGI("Auth token SIDs %" PRIu64 " and %" PRIu64 " do not match key SID %" PRIu64, |
Janis Danisevskis | 8f737ad | 2017-11-21 12:30:15 -0800 | [diff] [blame] | 453 | auth_token.userId, auth_token.authenticatorId, user_secure_id); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 454 | return false; |
| 455 | } |
| 456 | |
| 457 | if (auth_type_index < 0 || auth_type_index > static_cast<int>(auth_set.size())) { |
| 458 | ALOGE("Auth required but no auth type found"); |
| 459 | return false; |
| 460 | } |
| 461 | |
Janis Danisevskis | 8f737ad | 2017-11-21 12:30:15 -0800 | [diff] [blame] | 462 | assert(auth_set[auth_type_index].tag == TAG_USER_AUTH_TYPE); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 463 | auto key_auth_type_mask = authorizationValue(TAG_USER_AUTH_TYPE, auth_set[auth_type_index]); |
| 464 | if (!key_auth_type_mask.isOk()) return false; |
| 465 | |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 466 | if ((uint32_t(key_auth_type_mask.value()) & auth_token.authenticatorType) == 0) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 467 | ALOGE("Key requires match of auth type mask 0%uo, but token contained 0%uo", |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 468 | key_auth_type_mask.value(), auth_token.authenticatorType); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 469 | return false; |
| 470 | } |
| 471 | |
| 472 | if (auth_timeout_index != -1 && is_begin_operation) { |
Janis Danisevskis | 8f737ad | 2017-11-21 12:30:15 -0800 | [diff] [blame] | 473 | assert(auth_set[auth_timeout_index].tag == TAG_AUTH_TIMEOUT); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 474 | auto auth_token_timeout = |
| 475 | authorizationValue(TAG_AUTH_TIMEOUT, auth_set[auth_timeout_index]); |
| 476 | if (!auth_token_timeout.isOk()) return false; |
| 477 | |
| 478 | if (auth_token_timed_out(auth_token, auth_token_timeout.value())) { |
| 479 | ALOGE("Auth token has timed out"); |
| 480 | return false; |
| 481 | } |
| 482 | } |
| 483 | |
| 484 | // Survived the whole gauntlet. We have authentage! |
| 485 | return true; |
| 486 | } |
| 487 | |
| 488 | bool AccessTimeMap::LastKeyAccessTime(km_id_t keyid, uint32_t* last_access_time) const { |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 489 | std::lock_guard<std::mutex> lock(list_lock_); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 490 | for (auto& entry : last_access_list_) |
| 491 | if (entry.keyid == keyid) { |
| 492 | *last_access_time = entry.access_time; |
| 493 | return true; |
| 494 | } |
| 495 | return false; |
| 496 | } |
| 497 | |
| 498 | bool AccessTimeMap::UpdateKeyAccessTime(km_id_t keyid, uint32_t current_time, uint32_t timeout) { |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 499 | std::lock_guard<std::mutex> lock(list_lock_); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 500 | for (auto iter = last_access_list_.begin(); iter != last_access_list_.end();) { |
| 501 | if (iter->keyid == keyid) { |
| 502 | iter->access_time = current_time; |
| 503 | return true; |
| 504 | } |
| 505 | |
| 506 | // Expire entry if possible. |
| 507 | assert(current_time >= iter->access_time); |
| 508 | if (current_time - iter->access_time >= iter->timeout) |
| 509 | iter = last_access_list_.erase(iter); |
| 510 | else |
| 511 | ++iter; |
| 512 | } |
| 513 | |
| 514 | if (last_access_list_.size() >= max_size_) return false; |
| 515 | |
| 516 | AccessTime new_entry; |
| 517 | new_entry.keyid = keyid; |
| 518 | new_entry.access_time = current_time; |
| 519 | new_entry.timeout = timeout; |
| 520 | last_access_list_.push_front(new_entry); |
| 521 | return true; |
| 522 | } |
| 523 | |
| 524 | bool AccessCountMap::KeyAccessCount(km_id_t keyid, uint32_t* count) const { |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 525 | std::lock_guard<std::mutex> lock(list_lock_); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 526 | for (auto& entry : access_count_list_) |
| 527 | if (entry.keyid == keyid) { |
| 528 | *count = entry.access_count; |
| 529 | return true; |
| 530 | } |
| 531 | return false; |
| 532 | } |
| 533 | |
| 534 | bool AccessCountMap::IncrementKeyAccessCount(km_id_t keyid) { |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 535 | std::lock_guard<std::mutex> lock(list_lock_); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 536 | for (auto& entry : access_count_list_) |
| 537 | if (entry.keyid == keyid) { |
| 538 | // Note that the 'if' below will always be true because KM_TAG_MAX_USES_PER_BOOT is a |
| 539 | // uint32_t, and as soon as entry.access_count reaches the specified maximum value |
| 540 | // operation requests will be rejected and access_count won't be incremented any more. |
| 541 | // And, besides, UINT64_MAX is huge. But we ensure that it doesn't wrap anyway, out of |
| 542 | // an abundance of caution. |
| 543 | if (entry.access_count < UINT64_MAX) ++entry.access_count; |
| 544 | return true; |
| 545 | } |
| 546 | |
| 547 | if (access_count_list_.size() >= max_size_) return false; |
| 548 | |
| 549 | AccessCount new_entry; |
| 550 | new_entry.keyid = keyid; |
| 551 | new_entry.access_count = 1; |
| 552 | access_count_list_.push_front(new_entry); |
| 553 | return true; |
| 554 | } |
| 555 | }; /* namespace keystore */ |