Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2009 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 17 | #include <android-base/logging.h> |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame^] | 18 | #include <android/security/IKeystoreService.h> |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 19 | #include <android/system/wifi/keystore/1.0/IKeystore.h> |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 20 | #include <binder/IPCThreadState.h> |
| 21 | #include <binder/IServiceManager.h> |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame^] | 22 | #include <hidl/HidlTransportSupport.h> |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 23 | #include <utils/StrongPointer.h> |
Roshan Pius | e653c93 | 2017-03-29 10:08:47 -0700 | [diff] [blame] | 24 | #include <wifikeystorehal/keystore.h> |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 25 | |
Shawn Willden | bb22a6c | 2017-12-06 19:35:28 -0700 | [diff] [blame^] | 26 | #include <keystore/keystore_hidl_support.h> |
| 27 | #include <keystore/keystore_return_types.h> |
| 28 | |
Shawn Willden | fa5702f | 2017-12-03 15:14:58 -0700 | [diff] [blame] | 29 | #include "KeyStore.h" |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 30 | #include "Keymaster3.h" |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 31 | #include "entropy.h" |
Shawn Willden | fa5702f | 2017-12-03 15:14:58 -0700 | [diff] [blame] | 32 | #include "key_store_service.h" |
| 33 | #include "legacy_keymaster_device_wrapper.h" |
| 34 | #include "permissions.h" |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 35 | |
| 36 | /* KeyStore is a secured storage for key-value pairs. In this implementation, |
| 37 | * each file stores one key-value pair. Keys are encoded in file names, and |
| 38 | * values are encrypted with checksums. The encryption key is protected by a |
| 39 | * user-defined password. To keep things simple, buffers are always larger than |
| 40 | * the maximum space we needed, so boundary checks on buffers are omitted. */ |
| 41 | |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 42 | using ::android::sp; |
Shawn Willden | fa5702f | 2017-12-03 15:14:58 -0700 | [diff] [blame] | 43 | using ::android::hardware::configureRpcThreadpool; |
Roshan Pius | e653c93 | 2017-03-29 10:08:47 -0700 | [diff] [blame] | 44 | using ::android::system::wifi::keystore::V1_0::IKeystore; |
| 45 | using ::android::system::wifi::keystore::V1_0::implementation::Keystore; |
Roshan Pius | e653c93 | 2017-03-29 10:08:47 -0700 | [diff] [blame] | 46 | |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 47 | using keystore::Keymaster; |
| 48 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 49 | /** |
| 50 | * TODO implement keystore daemon using binderized keymaster HAL. |
| 51 | */ |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 52 | |
| 53 | int main(int argc, char* argv[]) { |
Shawn Willden | b8550a0 | 2017-02-23 11:06:05 -0700 | [diff] [blame] | 54 | using android::hardware::hidl_string; |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 55 | CHECK(argc >= 2) << "A directory must be specified!"; |
| 56 | CHECK(chdir(argv[1]) != -1) << "chdir: " << argv[1] << ": " << strerror(errno); |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 57 | |
| 58 | Entropy entropy; |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 59 | CHECK(entropy.open()) << "Failed to open entropy source."; |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 60 | |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 61 | auto hwdev = android::hardware::keymaster::V3_0::IKeymasterDevice::getService(); |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 62 | CHECK(hwdev.get()) << "Failed to load @3.0::IKeymasterDevice"; |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 63 | sp<Keymaster> dev = new keystore::Keymaster3(hwdev); |
| 64 | |
| 65 | auto fbdev = android::keystore::makeSoftwareKeymasterDevice(); |
| 66 | if (fbdev.get() == nullptr) return -1; |
| 67 | sp<Keymaster> fallback = new keystore::Keymaster3(fbdev); |
Shawn Willden | 814a6e7 | 2016-03-15 08:37:29 -0600 | [diff] [blame] | 68 | |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 69 | CHECK(configure_selinux() != -1) << "Failed to configure SELinux."; |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 70 | |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 71 | auto halVersion = dev->halVersion(); |
| 72 | CHECK(halVersion.error == keystore::ErrorCode::OK) |
| 73 | << "Error " << toString(halVersion.error) << " getting HAL version"; |
Janis Danisevskis | e8ba180 | 2017-01-30 10:49:51 +0000 | [diff] [blame] | 74 | |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 75 | // If the hardware is keymaster 2.0 or higher we will not allow the fallback device for import |
| 76 | // or generation of keys. The fallback device is only used for legacy keys present on the |
| 77 | // device. |
| 78 | bool allowNewFallbackDevice = halVersion.majorVersion >= 2 && halVersion.isSecure; |
Janis Danisevskis | e8ba180 | 2017-01-30 10:49:51 +0000 | [diff] [blame] | 79 | |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 80 | keystore::KeyStore keyStore(&entropy, dev, fallback, allowNewFallbackDevice); |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 81 | keyStore.initialize(); |
| 82 | android::sp<android::IServiceManager> sm = android::defaultServiceManager(); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 83 | android::sp<keystore::KeyStoreService> service = new keystore::KeyStoreService(&keyStore); |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 84 | android::status_t ret = sm->addService(android::String16("android.security.keystore"), service); |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 85 | CHECK(ret == android::OK) << "Couldn't register binder service!"; |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 86 | |
Roshan Pius | e653c93 | 2017-03-29 10:08:47 -0700 | [diff] [blame] | 87 | /** |
| 88 | * Register the wifi keystore HAL service to run in passthrough mode. |
| 89 | * This will spawn off a new thread which will service the HIDL |
| 90 | * transactions. |
| 91 | */ |
| 92 | configureRpcThreadpool(1, false /* callerWillJoin */); |
| 93 | android::sp<IKeystore> wifiKeystoreHalService = new Keystore(); |
| 94 | android::status_t err = wifiKeystoreHalService->registerAsService(); |
Shawn Willden | 0329a82 | 2017-12-04 13:55:14 -0700 | [diff] [blame] | 95 | CHECK(ret == android::OK) << "Cannot register wifi keystore HAL service: " << err; |
Roshan Pius | e653c93 | 2017-03-29 10:08:47 -0700 | [diff] [blame] | 96 | |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 97 | /* |
Roshan Pius | e653c93 | 2017-03-29 10:08:47 -0700 | [diff] [blame] | 98 | * This thread is just going to process Binder transactions. |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 99 | */ |
| 100 | android::IPCThreadState::self()->joinThreadPool(); |
Shawn Willden | 6507c27 | 2016-01-05 22:51:48 -0700 | [diff] [blame] | 101 | return 1; |
| 102 | } |