Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / security / 6507c27ab7ea34dd150d7ef9fda41878ed32547c / . / keystore / key_store_service.h
blob: 1f0f2ccf8cff97d1dbb73682874c71f21a910ad1 [file] [log] [blame]
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame^]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef KEYSTORE_KEYSTORE_SERVICE_H_
18#define KEYSTORE_KEYSTORE_SERVICE_H_
19
20#include <keystore/IKeystoreService.h>
21
22#include "auth_token_table.h"
23#include "keystore.h"
24#include "keystore_keymaster_enforcement.h"
25#include "operation.h"
26#include "permissions.h"
27
28namespace android {
29
30class KeyStoreService : public BnKeystoreService, public IBinder::DeathRecipient {
31 public:
32 KeyStoreService(KeyStore* keyStore) : mKeyStore(keyStore), mOperationMap(this) {}
33
34 void binderDied(const wp<IBinder>& who);
35
36 int32_t getState(int32_t userId);
37
38 int32_t get(const String16& name, uint8_t** item, size_t* itemLength);
39 int32_t insert(const String16& name, const uint8_t* item, size_t itemLength, int targetUid,
40 int32_t flags);
41 int32_t del(const String16& name, int targetUid);
42 int32_t exist(const String16& name, int targetUid);
43 int32_t list(const String16& prefix, int targetUid, Vector<String16>* matches);
44
45 int32_t reset();
46
47 int32_t onUserPasswordChanged(int32_t userId, const String16& password);
48 int32_t onUserAdded(int32_t userId, int32_t parentId);
49 int32_t onUserRemoved(int32_t userId);
50
51 int32_t lock(int32_t userId);
52 int32_t unlock(int32_t userId, const String16& pw);
53
54 bool isEmpty(int32_t userId);
55
56 int32_t generate(const String16& name, int32_t targetUid, int32_t keyType, int32_t keySize,
57 int32_t flags, Vector<sp<KeystoreArg>>* args);
58 int32_t import(const String16& name, const uint8_t* data, size_t length, int targetUid,
59 int32_t flags);
60 int32_t sign(const String16& name, const uint8_t* data, size_t length, uint8_t** out,
61 size_t* outLength);
62 int32_t verify(const String16& name, const uint8_t* data, size_t dataLength,
63 const uint8_t* signature, size_t signatureLength);
64
65 /*
66 * TODO: The abstraction between things stored in hardware and regular blobs
67 * of data stored on the filesystem should be moved down to keystore itself.
68 * Unfortunately the Java code that calls this has naming conventions that it
69 * knows about. Ideally keystore shouldn't be used to store random blobs of
70 * data.
71 *
72 * Until that happens, it's necessary to have a separate "get_pubkey" and
73 * "del_key" since the Java code doesn't really communicate what it's
74 * intentions are.
75 */
76 int32_t get_pubkey(const String16& name, uint8_t** pubkey, size_t* pubkeyLength);
77
78 int32_t grant(const String16& name, int32_t granteeUid);
79 int32_t ungrant(const String16& name, int32_t granteeUid);
80
81 int64_t getmtime(const String16& name);
82
83 int32_t duplicate(const String16& srcKey, int32_t srcUid, const String16& destKey,
84 int32_t destUid);
85
86 int32_t is_hardware_backed(const String16& keyType);
87
88 int32_t clear_uid(int64_t targetUid64);
89
90 int32_t addRngEntropy(const uint8_t* data, size_t dataLength);
91 int32_t generateKey(const String16& name, const KeymasterArguments& params,
92 const uint8_t* entropy, size_t entropyLength, int uid, int flags,
93 KeyCharacteristics* outCharacteristics);
94 int32_t getKeyCharacteristics(const String16& name, const keymaster_blob_t* clientId,
95 const keymaster_blob_t* appData,
96 KeyCharacteristics* outCharacteristics);
97 int32_t importKey(const String16& name, const KeymasterArguments& params,
98 keymaster_key_format_t format, const uint8_t* keyData, size_t keyLength,
99 int uid, int flags, KeyCharacteristics* outCharacteristics);
100 void exportKey(const String16& name, keymaster_key_format_t format,
101 const keymaster_blob_t* clientId, const keymaster_blob_t* appData,
102 ExportResult* result);
103 void begin(const sp<IBinder>& appToken, const String16& name, keymaster_purpose_t purpose,
104 bool pruneable, const KeymasterArguments& params, const uint8_t* entropy,
105 size_t entropyLength, OperationResult* result);
106 void update(const sp<IBinder>& token, const KeymasterArguments& params, const uint8_t* data,
107 size_t dataLength, OperationResult* result);
108 void finish(const sp<IBinder>& token, const KeymasterArguments& params,
109 const uint8_t* signature, size_t signatureLength, const uint8_t* entropy,
110 size_t entropyLength, OperationResult* result);
111 int32_t abort(const sp<IBinder>& token);
112
113 bool isOperationAuthorized(const sp<IBinder>& token);
114
115 int32_t addAuthToken(const uint8_t* token, size_t length);
116
117 private:
118 static const int32_t UID_SELF = -1;
119
120 /**
121 * Prune the oldest pruneable operation.
122 */
123 bool pruneOperation();
124
125 /**
126 * Get the effective target uid for a binder operation that takes an
127 * optional uid as the target.
128 */
129 uid_t getEffectiveUid(int32_t targetUid);
130
131 /**
132 * Check if the caller of the current binder method has the required
133 * permission and if acting on other uids the grants to do so.
134 */
135 bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF);
136
137 /**
138 * Check if the caller of the current binder method has the required
139 * permission and the target uid is the caller or the caller is system.
140 */
141 bool checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid);
142
143 /**
144 * Check if the caller of the current binder method has the required
145 * permission or the target of the operation is the caller's uid. This is
146 * for operation where the permission is only for cross-uid activity and all
147 * uids are allowed to act on their own (ie: clearing all entries for a
148 * given uid).
149 */
150 bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid);
151
152 /**
153 * Helper method to check that the caller has the required permission as
154 * well as the keystore is in the unlocked state if checkUnlocked is true.
155 *
156 * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and
157 * otherwise the state of keystore when not unlocked and checkUnlocked is
158 * true.
159 */
160 int32_t checkBinderPermissionAndKeystoreState(perm_t permission, int32_t targetUid = -1,
161 bool checkUnlocked = true);
162
163 bool isKeystoreUnlocked(State state);
164
165 bool isKeyTypeSupported(const keymaster1_device_t* device, keymaster_keypair_t keyType);
166
167 /**
168 * Check that all keymaster_key_param_t's provided by the application are
169 * allowed. Any parameter that keystore adds itself should be disallowed here.
170 */
171 bool checkAllowedOperationParams(const std::vector<keymaster_key_param_t>& params);
172
173 keymaster_error_t getOperationCharacteristics(const keymaster_key_blob_t& key,
174 const keymaster1_device_t* dev,
175 const std::vector<keymaster_key_param_t>& params,
176 keymaster_key_characteristics_t* out);
177
178 /**
179 * Get the auth token for this operation from the auth token table.
180 *
181 * Returns ::NO_ERROR if the auth token was set or none was required.
182 * ::OP_AUTH_NEEDED if it is a per op authorization, no
183 * authorization token exists for that operation and
184 * failOnTokenMissing is false.
185 * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth
186 * token for the operation
187 */
188 int32_t getAuthToken(const keymaster_key_characteristics_t* characteristics,
189 keymaster_operation_handle_t handle, keymaster_purpose_t purpose,
190 const hw_auth_token_t** authToken, bool failOnTokenMissing = true);
191
192 void addAuthToParams(std::vector<keymaster_key_param_t>* params, const hw_auth_token_t* token);
193
194 /**
195 * Add the auth token for the operation to the param list if the operation
196 * requires authorization. Uses the cached result in the OperationMap if available
197 * otherwise gets the token from the AuthTokenTable and caches the result.
198 *
199 * Returns ::NO_ERROR if the auth token was added or not needed.
200 * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if the operation is not
201 * authenticated.
202 * KM_ERROR_INVALID_OPERATION_HANDLE if token is not a valid
203 * operation token.
204 */
205 int32_t addOperationAuthTokenIfNeeded(sp<IBinder> token,
206 std::vector<keymaster_key_param_t>* params);
207
208 /**
209 * Translate a result value to a legacy return value. All keystore errors are
210 * preserved and keymaster errors become SYSTEM_ERRORs
211 */
212 int32_t translateResultToLegacyResult(int32_t result);
213
214 keymaster_key_param_t* getKeyAlgorithm(keymaster_key_characteristics_t* characteristics);
215
216 void addLegacyBeginParams(const String16& name, std::vector<keymaster_key_param_t>& params);
217
218 int32_t doLegacySignVerify(const String16& name, const uint8_t* data, size_t length,
219 uint8_t** out, size_t* outLength, const uint8_t* signature,
220 size_t signatureLength, keymaster_purpose_t purpose);
221
222 ::KeyStore* mKeyStore;
223 OperationMap mOperationMap;
224 keymaster::AuthTokenTable mAuthTokenTable;
225 KeystoreKeymasterEnforcement enforcement_policy;
226};
227
228}; // namespace android
229
230#endif // KEYSTORE_KEYSTORE_SERVICE_H_