Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2009 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 17 | #define LOG_TAG "keystore" |
| 18 | |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 19 | #include <android-base/logging.h> |
Steven Moreland | 13e5a2c | 2019-05-13 12:55:54 -0700 | [diff] [blame] | 20 | #include <android/hidl/manager/1.2/IServiceManager.h> |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 21 | #include <android/security/keystore/IKeystoreService.h> |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 22 | #include <binder/IPCThreadState.h> |
| 23 | #include <binder/IServiceManager.h> |
Shawn Willden | eedcfe9 | 2018-01-18 15:35:46 -0700 | [diff] [blame] | 24 | #include <keymasterV4_0/Keymaster3.h> |
| 25 | #include <keymasterV4_0/Keymaster4.h> |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 26 | #include <utils/StrongPointer.h> |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 27 | |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame] | 28 | #include <keystore/keystore_hidl_support.h> |
| 29 | #include <keystore/keystore_return_types.h> |
| 30 | |
Shawn Willden | fa5702f | 2017-12-03 15:14:58 -0700 | [diff] [blame] | 31 | #include "KeyStore.h" |
Shawn Willden | fa5702f | 2017-12-03 15:14:58 -0700 | [diff] [blame] | 32 | #include "key_store_service.h" |
| 33 | #include "legacy_keymaster_device_wrapper.h" |
| 34 | #include "permissions.h" |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 35 | |
| 36 | /* KeyStore is a secured storage for key-value pairs. In this implementation, |
| 37 | * each file stores one key-value pair. Keys are encoded in file names, and |
| 38 | * values are encrypted with checksums. The encryption key is protected by a |
| 39 | * user-defined password. To keep things simple, buffers are always larger than |
| 40 | * the maximum space we needed, so boundary checks on buffers are omitted. */ |
| 41 | |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 42 | using ::android::sp; |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 43 | using ::android::hardware::hidl_string; |
| 44 | using ::android::hardware::hidl_vec; |
Janis Danisevskis | 3506d33 | 2017-12-19 16:27:28 -0800 | [diff] [blame] | 45 | using ::android::hardware::keymaster::V4_0::ErrorCode; |
Steven Moreland | 13e5a2c | 2019-05-13 12:55:54 -0700 | [diff] [blame] | 46 | using ::android::hardware::keymaster::V4_0::HmacSharingParameters; |
| 47 | using ::android::hardware::keymaster::V4_0::SecurityLevel; |
| 48 | using ::android::hidl::manager::V1_2::IServiceManager; |
Roshan Pius | e653c93 | 2017-03-29 10:08:47 -0700 | [diff] [blame] | 49 | |
Shawn Willden | eedcfe9 | 2018-01-18 15:35:46 -0700 | [diff] [blame] | 50 | using ::keystore::keymaster::support::Keymaster; |
| 51 | using ::keystore::keymaster::support::Keymaster3; |
| 52 | using ::keystore::keymaster::support::Keymaster4; |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 53 | |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 54 | using keystore::KeymasterDevices; |
| 55 | |
| 56 | template <typename Wrapper> |
| 57 | KeymasterDevices enumerateKeymasterDevices(IServiceManager* serviceManager) { |
| 58 | KeymasterDevices result; |
Steven Moreland | 13e5a2c | 2019-05-13 12:55:54 -0700 | [diff] [blame] | 59 | serviceManager->listManifestByInterface( |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 60 | Wrapper::WrappedIKeymasterDevice::descriptor, [&](const hidl_vec<hidl_string>& names) { |
| 61 | auto try_get_device = [&](const auto& name, bool fail_silent) { |
| 62 | auto device = Wrapper::WrappedIKeymasterDevice::getService(name); |
| 63 | if (fail_silent && !device) return; |
| 64 | CHECK(device) << "Failed to get service for \"" |
| 65 | << Wrapper::WrappedIKeymasterDevice::descriptor |
| 66 | << "\" with interface name \"" << name << "\""; |
| 67 | |
Shawn Willden | cd416c5 | 2018-01-22 09:37:43 -0700 | [diff] [blame] | 68 | sp<Keymaster> kmDevice(new Wrapper(device, name)); |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 69 | auto halVersion = kmDevice->halVersion(); |
| 70 | SecurityLevel securityLevel = halVersion.securityLevel; |
| 71 | LOG(INFO) << "found " << Wrapper::WrappedIKeymasterDevice::descriptor |
| 72 | << " with interface name " << name << " and seclevel " |
| 73 | << toString(securityLevel); |
| 74 | CHECK(static_cast<uint32_t>(securityLevel) < result.size()) |
| 75 | << "Security level of \"" << Wrapper::WrappedIKeymasterDevice::descriptor |
| 76 | << "\" with interface name \"" << name << "\" out of range"; |
| 77 | auto& deviceSlot = result[securityLevel]; |
| 78 | if (deviceSlot) { |
| 79 | if (!fail_silent) { |
| 80 | LOG(WARNING) << "Implementation of \"" |
| 81 | << Wrapper::WrappedIKeymasterDevice::descriptor |
| 82 | << "\" with interface name \"" << name |
| 83 | << "\" and security level: " << toString(securityLevel) |
| 84 | << " Masked by other implementation of Keymaster"; |
| 85 | } |
| 86 | } else { |
| 87 | deviceSlot = kmDevice; |
| 88 | } |
| 89 | }; |
| 90 | bool has_default = false; |
| 91 | for (auto& n : names) { |
| 92 | try_get_device(n, false); |
| 93 | if (n == "default") has_default = true; |
| 94 | } |
| 95 | // Make sure that we always check the default device. If we enumerate only what is |
| 96 | // known to hwservicemanager, we miss a possible passthrough HAL. |
| 97 | if (!has_default) { |
| 98 | try_get_device("default", true /* fail_silent */); |
| 99 | } |
| 100 | }); |
| 101 | return result; |
| 102 | } |
| 103 | |
| 104 | KeymasterDevices initializeKeymasters() { |
Steven Moreland | 13e5a2c | 2019-05-13 12:55:54 -0700 | [diff] [blame] | 105 | auto serviceManager = IServiceManager::getService(); |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 106 | CHECK(serviceManager.get()) << "Failed to get ServiceManager"; |
| 107 | auto result = enumerateKeymasterDevices<Keymaster4>(serviceManager.get()); |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 108 | auto softKeymaster = result[SecurityLevel::SOFTWARE]; |
Shawn Willden | 5a6afd0 | 2018-05-09 15:47:15 -0600 | [diff] [blame] | 109 | if (!result[SecurityLevel::TRUSTED_ENVIRONMENT]) { |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 110 | result = enumerateKeymasterDevices<Keymaster3>(serviceManager.get()); |
| 111 | } |
| 112 | if (softKeymaster) result[SecurityLevel::SOFTWARE] = softKeymaster; |
| 113 | if (result[SecurityLevel::SOFTWARE] && !result[SecurityLevel::TRUSTED_ENVIRONMENT]) { |
| 114 | LOG(WARNING) << "No secure Keymaster implementation found, but device offers insecure" |
| 115 | " Keymaster HAL. Using as default."; |
| 116 | result[SecurityLevel::TRUSTED_ENVIRONMENT] = result[SecurityLevel::SOFTWARE]; |
| 117 | result[SecurityLevel::SOFTWARE] = nullptr; |
| 118 | } |
| 119 | if (!result[SecurityLevel::SOFTWARE]) { |
| 120 | auto fbdev = android::keystore::makeSoftwareKeymasterDevice(); |
| 121 | CHECK(fbdev.get()) << "Unable to create Software Keymaster Device"; |
Shawn Willden | cd416c5 | 2018-01-22 09:37:43 -0700 | [diff] [blame] | 122 | result[SecurityLevel::SOFTWARE] = new Keymaster3(fbdev, "Software"); |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 123 | } |
| 124 | return result; |
| 125 | } |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 126 | |
| 127 | int main(int argc, char* argv[]) { |
Shawn Willden | b8550a0 | 2017-02-23 11:06:05 -0700 | [diff] [blame] | 128 | using android::hardware::hidl_string; |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 129 | CHECK(argc >= 2) << "A directory must be specified!"; |
| 130 | CHECK(chdir(argv[1]) != -1) << "chdir: " << argv[1] << ": " << strerror(errno); |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 131 | |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 132 | auto kmDevices = initializeKeymasters(); |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 133 | |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 134 | CHECK(kmDevices[SecurityLevel::SOFTWARE]) << "Missing software Keymaster device"; |
| 135 | CHECK(kmDevices[SecurityLevel::TRUSTED_ENVIRONMENT]) |
| 136 | << "Error no viable keymaster device found"; |
Shawn Willden | 814a6e7 | 2016-03-15 08:37:29 -0600 | [diff] [blame] | 137 | |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 138 | CHECK(configure_selinux() != -1) << "Failed to configure SELinux."; |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 139 | |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 140 | auto halVersion = kmDevices[SecurityLevel::TRUSTED_ENVIRONMENT]->halVersion(); |
Janis Danisevskis | e8ba180 | 2017-01-30 10:49:51 +0000 | [diff] [blame] | 141 | |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 142 | // If the hardware is keymaster 2.0 or higher we will not allow the fallback device for import |
| 143 | // or generation of keys. The fallback device is only used for legacy keys present on the |
| 144 | // device. |
Janis Danisevskis | c146014 | 2017-12-18 16:48:46 -0800 | [diff] [blame] | 145 | SecurityLevel minimalAllowedSecurityLevelForNewKeys = |
| 146 | halVersion.majorVersion >= 2 ? SecurityLevel::TRUSTED_ENVIRONMENT : SecurityLevel::SOFTWARE; |
Janis Danisevskis | e8ba180 | 2017-01-30 10:49:51 +0000 | [diff] [blame] | 147 | |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 148 | android::sp<keystore::KeyStore> keyStore( |
Branden Archer | 44d1afa | 2018-12-28 09:10:49 -0800 | [diff] [blame] | 149 | new keystore::KeyStore(kmDevices, minimalAllowedSecurityLevelForNewKeys)); |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 150 | keyStore->initialize(); |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 151 | android::sp<android::IServiceManager> sm = android::defaultServiceManager(); |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 152 | android::sp<keystore::KeyStoreService> service = new keystore::KeyStoreService(keyStore); |
Steven Moreland | 23115b0 | 2019-01-10 16:20:20 -0800 | [diff] [blame] | 153 | service->setRequestingSid(true); |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 154 | android::status_t ret = sm->addService(android::String16("android.security.keystore"), service); |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 155 | CHECK(ret == android::OK) << "Couldn't register binder service!"; |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 156 | |
| 157 | /* |
Roshan Pius | e653c93 | 2017-03-29 10:08:47 -0700 | [diff] [blame] | 158 | * This thread is just going to process Binder transactions. |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 159 | */ |
| 160 | android::IPCThreadState::self()->joinThreadPool(); |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 161 | return 1; |
| 162 | } |