Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / security / bb22a6c50d609dffc7002f906f4d385d7c7cbfdc / . / keystore / keystore_main.cpp
blob: 56fe0d5664f9be64a0458bb92ea64a00a69277cd [file] [log] [blame]
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]1/*
2 * Copyright (C) 2009 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]17#include <android-base/logging.h>
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]18#include <android/security/IKeystoreService.h>
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]19#include <android/system/wifi/keystore/1.0/IKeystore.h>
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]20#include <binder/IPCThreadState.h>
21#include <binder/IServiceManager.h>
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]22#include <hidl/HidlTransportSupport.h>
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]23#include <utils/StrongPointer.h>
Roshan Piuse653c932017-03-29 10:08:47 -0700[diff] [blame]24#include <wifikeystorehal/keystore.h>
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]25
Shawn Willdenbb22a6c2017-12-06 19:35:28 -0700[diff] [blame^]26#include <keystore/keystore_hidl_support.h>
27#include <keystore/keystore_return_types.h>
28
Shawn Willdenfa5702f2017-12-03 15:14:58 -0700[diff] [blame]29#include "KeyStore.h"
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]30#include "Keymaster3.h"
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]31#include "entropy.h"
Shawn Willdenfa5702f2017-12-03 15:14:58 -0700[diff] [blame]32#include "key_store_service.h"
33#include "legacy_keymaster_device_wrapper.h"
34#include "permissions.h"
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]35
36/* KeyStore is a secured storage for key-value pairs. In this implementation,
37 * each file stores one key-value pair. Keys are encoded in file names, and
38 * values are encrypted with checksums. The encryption key is protected by a
39 * user-defined password. To keep things simple, buffers are always larger than
40 * the maximum space we needed, so boundary checks on buffers are omitted. */
41
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]42using ::android::sp;
Shawn Willdenfa5702f2017-12-03 15:14:58 -0700[diff] [blame]43using ::android::hardware::configureRpcThreadpool;
Roshan Piuse653c932017-03-29 10:08:47 -0700[diff] [blame]44using ::android::system::wifi::keystore::V1_0::IKeystore;
45using ::android::system::wifi::keystore::V1_0::implementation::Keystore;
Roshan Piuse653c932017-03-29 10:08:47 -0700[diff] [blame]46
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]47using keystore::Keymaster;
48
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]49/**
50 * TODO implement keystore daemon using binderized keymaster HAL.
51 */
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]52
53int main(int argc, char* argv[]) {
Shawn Willdenb8550a02017-02-23 11:06:05 -0700[diff] [blame]54 using android::hardware::hidl_string;
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]55 CHECK(argc >= 2) << "A directory must be specified!";
56 CHECK(chdir(argv[1]) != -1) << "chdir: " << argv[1] << ": " << strerror(errno);
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]57
58 Entropy entropy;
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]59 CHECK(entropy.open()) << "Failed to open entropy source.";
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]60
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]61 auto hwdev = android::hardware::keymaster::V3_0::IKeymasterDevice::getService();
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]62 CHECK(hwdev.get()) << "Failed to load @3.0::IKeymasterDevice";
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]63 sp<Keymaster> dev = new keystore::Keymaster3(hwdev);
64
65 auto fbdev = android::keystore::makeSoftwareKeymasterDevice();
66 if (fbdev.get() == nullptr) return -1;
67 sp<Keymaster> fallback = new keystore::Keymaster3(fbdev);
Shawn Willden814a6e72016-03-15 08:37:29 -0600[diff] [blame]68
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]69 CHECK(configure_selinux() != -1) << "Failed to configure SELinux.";
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]70
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]71 auto halVersion = dev->halVersion();
72 CHECK(halVersion.error == keystore::ErrorCode::OK)
73 << "Error " << toString(halVersion.error) << " getting HAL version";
Janis Danisevskise8ba1802017-01-30 10:49:51 +0000[diff] [blame]74
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]75 // If the hardware is keymaster 2.0 or higher we will not allow the fallback device for import
76 // or generation of keys. The fallback device is only used for legacy keys present on the
77 // device.
78 bool allowNewFallbackDevice = halVersion.majorVersion >= 2 && halVersion.isSecure;
Janis Danisevskise8ba1802017-01-30 10:49:51 +0000[diff] [blame]79
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700[diff] [blame]80 keystore::KeyStore keyStore(&entropy, dev, fallback, allowNewFallbackDevice);
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]81 keyStore.initialize();
82 android::sp<android::IServiceManager> sm = android::defaultServiceManager();
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame]83 android::sp<keystore::KeyStoreService> service = new keystore::KeyStoreService(&keyStore);
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]84 android::status_t ret = sm->addService(android::String16("android.security.keystore"), service);
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]85 CHECK(ret == android::OK) << "Couldn't register binder service!";
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]86
Roshan Piuse653c932017-03-29 10:08:47 -0700[diff] [blame]87 /**
88 * Register the wifi keystore HAL service to run in passthrough mode.
89 * This will spawn off a new thread which will service the HIDL
90 * transactions.
91 */
92 configureRpcThreadpool(1, false /* callerWillJoin */);
93 android::sp<IKeystore> wifiKeystoreHalService = new Keystore();
94 android::status_t err = wifiKeystoreHalService->registerAsService();
Shawn Willden0329a822017-12-04 13:55:14 -0700[diff] [blame]95 CHECK(ret == android::OK) << "Cannot register wifi keystore HAL service: " << err;
Roshan Piuse653c932017-03-29 10:08:47 -0700[diff] [blame]96
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]97 /*
Roshan Piuse653c932017-03-29 10:08:47 -0700[diff] [blame]98 * This thread is just going to process Binder transactions.
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]99 */
100 android::IPCThreadState::self()->joinThreadPool();
Shawn Willden6507c272016-01-05 22:51:48 -0700[diff] [blame]101 return 1;
102}