Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2016 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Janis Danisevskis | 011675d | 2016-09-01 11:41:29 +0100 | [diff] [blame] | 17 | #define LOG_TAG "keystore" |
| 18 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 19 | #include "key_store_service.h" |
| 20 | |
| 21 | #include <fcntl.h> |
| 22 | #include <sys/stat.h> |
| 23 | |
Janis Danisevskis | 7612fd4 | 2016-09-01 11:50:02 +0100 | [diff] [blame] | 24 | #include <algorithm> |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 25 | #include <sstream> |
| 26 | |
Bartosz Fabianowski | a9452d9 | 2017-01-23 22:21:11 +0100 | [diff] [blame] | 27 | #include <binder/IInterface.h> |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 28 | #include <binder/IPCThreadState.h> |
Bartosz Fabianowski | a9452d9 | 2017-01-23 22:21:11 +0100 | [diff] [blame] | 29 | #include <binder/IPermissionController.h> |
| 30 | #include <binder/IServiceManager.h> |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 31 | |
| 32 | #include <private/android_filesystem_config.h> |
| 33 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 34 | #include <android/hardware/keymaster/3.0/IHwKeymasterDevice.h> |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 35 | |
| 36 | #include "defaults.h" |
Janis Danisevskis | 18f27ad | 2016-06-01 13:57:40 -0700 | [diff] [blame] | 37 | #include "keystore_attestation_id.h" |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 38 | #include "keystore_keymaster_enforcement.h" |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 39 | #include "keystore_utils.h" |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 40 | #include <keystore/keystore_hidl_support.h> |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 41 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 42 | namespace keystore { |
Shawn Willden | d5a24e6 | 2017-02-28 13:53:24 -0700 | [diff] [blame] | 43 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 44 | using namespace android; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 45 | |
Shawn Willden | e2a7b52 | 2017-04-11 09:27:40 -0600 | [diff] [blame] | 46 | namespace { |
| 47 | |
| 48 | constexpr size_t kMaxOperations = 15; |
| 49 | constexpr double kIdRotationPeriod = 30 * 24 * 60 * 60; /* Thirty days, in seconds */ |
| 50 | const char* kTimestampFilePath = "timestamp"; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 51 | |
| 52 | struct BIGNUM_Delete { |
| 53 | void operator()(BIGNUM* p) const { BN_free(p); } |
| 54 | }; |
Janis Danisevskis | ccfff10 | 2017-05-01 11:02:51 -0700 | [diff] [blame] | 55 | typedef std::unique_ptr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 56 | |
Shawn Willden | e2a7b52 | 2017-04-11 09:27:40 -0600 | [diff] [blame] | 57 | bool containsTag(const hidl_vec<KeyParameter>& params, Tag tag) { |
| 58 | return params.end() != std::find_if(params.begin(), params.end(), |
| 59 | [&](auto& param) { return param.tag == tag; }); |
| 60 | } |
| 61 | |
Shawn Willden | d5a24e6 | 2017-02-28 13:53:24 -0700 | [diff] [blame] | 62 | bool isAuthenticationBound(const hidl_vec<KeyParameter>& params) { |
| 63 | return !containsTag(params, Tag::NO_AUTH_REQUIRED); |
| 64 | } |
| 65 | |
Shawn Willden | e2a7b52 | 2017-04-11 09:27:40 -0600 | [diff] [blame] | 66 | std::pair<KeyStoreServiceReturnCode, bool> hadFactoryResetSinceIdRotation() { |
| 67 | struct stat sbuf; |
| 68 | if (stat(kTimestampFilePath, &sbuf) == 0) { |
| 69 | double diff_secs = difftime(time(NULL), sbuf.st_ctime); |
| 70 | return {ResponseCode::NO_ERROR, diff_secs < kIdRotationPeriod}; |
| 71 | } |
| 72 | |
| 73 | if (errno != ENOENT) { |
| 74 | ALOGE("Failed to stat \"timestamp\" file, with error %d", errno); |
| 75 | return {ResponseCode::SYSTEM_ERROR, false /* don't care */}; |
| 76 | } |
| 77 | |
| 78 | int fd = creat(kTimestampFilePath, 0600); |
| 79 | if (fd < 0) { |
| 80 | ALOGE("Couldn't create \"timestamp\" file, with error %d", errno); |
| 81 | return {ResponseCode::SYSTEM_ERROR, false /* don't care */}; |
| 82 | } |
| 83 | |
| 84 | if (close(fd)) { |
| 85 | ALOGE("Couldn't close \"timestamp\" file, with error %d", errno); |
| 86 | return {ResponseCode::SYSTEM_ERROR, false /* don't care */}; |
| 87 | } |
| 88 | |
| 89 | return {ResponseCode::NO_ERROR, true}; |
| 90 | } |
| 91 | |
Bartosz Fabianowski | 5aa93e0 | 2017-04-24 13:54:49 +0200 | [diff] [blame] | 92 | constexpr size_t KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE = 1024; |
| 93 | |
| 94 | KeyStoreServiceReturnCode updateParamsForAttestation(uid_t callingUid, AuthorizationSet* params) { |
| 95 | KeyStoreServiceReturnCode responseCode; |
| 96 | bool factoryResetSinceIdRotation; |
| 97 | std::tie(responseCode, factoryResetSinceIdRotation) = hadFactoryResetSinceIdRotation(); |
| 98 | |
| 99 | if (!responseCode.isOk()) return responseCode; |
| 100 | if (factoryResetSinceIdRotation) params->push_back(TAG_RESET_SINCE_ID_ROTATION); |
| 101 | |
| 102 | auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid); |
| 103 | if (!asn1_attestation_id_result.isOk()) { |
| 104 | ALOGE("failed to gather attestation_id"); |
| 105 | return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING; |
| 106 | } |
| 107 | std::vector<uint8_t>& asn1_attestation_id = asn1_attestation_id_result; |
| 108 | |
| 109 | /* |
| 110 | * The attestation application ID cannot be longer than |
| 111 | * KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE, so we truncate if too long. |
| 112 | */ |
| 113 | if (asn1_attestation_id.size() > KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE) { |
| 114 | asn1_attestation_id.resize(KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE); |
| 115 | } |
| 116 | |
| 117 | params->push_back(TAG_ATTESTATION_APPLICATION_ID, asn1_attestation_id); |
| 118 | |
| 119 | return ResponseCode::NO_ERROR; |
| 120 | } |
| 121 | |
Shawn Willden | e2a7b52 | 2017-04-11 09:27:40 -0600 | [diff] [blame] | 122 | } // anonymous namespace |
| 123 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 124 | void KeyStoreService::binderDied(const wp<IBinder>& who) { |
| 125 | auto operations = mOperationMap.getOperationsForToken(who.unsafe_get()); |
Chih-Hung Hsieh | 24b2a39 | 2016-07-28 10:35:24 -0700 | [diff] [blame] | 126 | for (const auto& token : operations) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 127 | abort(token); |
| 128 | } |
| 129 | } |
| 130 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 131 | KeyStoreServiceReturnCode KeyStoreService::getState(int32_t userId) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 132 | if (!checkBinderPermission(P_GET_STATE)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 133 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 134 | } |
| 135 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 136 | return ResponseCode(mKeyStore->getState(userId)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 137 | } |
| 138 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 139 | KeyStoreServiceReturnCode KeyStoreService::get(const String16& name, int32_t uid, |
| 140 | hidl_vec<uint8_t>* item) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 141 | uid_t targetUid = getEffectiveUid(uid); |
| 142 | if (!checkBinderPermission(P_GET, targetUid)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 143 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 144 | } |
| 145 | |
| 146 | String8 name8(name); |
| 147 | Blob keyBlob; |
| 148 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 149 | KeyStoreServiceReturnCode rc = |
| 150 | mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_GENERIC); |
| 151 | if (!rc.isOk()) { |
| 152 | if (item) *item = hidl_vec<uint8_t>(); |
| 153 | return rc; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 154 | } |
| 155 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 156 | // Do not replace this with "if (item) *item = blob2hidlVec(keyBlob)"! |
| 157 | // blob2hidlVec creates a hidl_vec<uint8_t> that references, but not owns, the data in keyBlob |
| 158 | // the subsequent assignment (*item = resultBlob) makes a deep copy, so that *item will own the |
| 159 | // corresponding resources. |
| 160 | auto resultBlob = blob2hidlVec(keyBlob); |
| 161 | if (item) { |
| 162 | *item = resultBlob; |
| 163 | } |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 164 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 165 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 166 | } |
| 167 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 168 | KeyStoreServiceReturnCode KeyStoreService::insert(const String16& name, |
| 169 | const hidl_vec<uint8_t>& item, int targetUid, |
| 170 | int32_t flags) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 171 | targetUid = getEffectiveUid(targetUid); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 172 | auto result = |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 173 | checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, flags & KEYSTORE_FLAG_ENCRYPTED); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 174 | if (!result.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 175 | return result; |
| 176 | } |
| 177 | |
| 178 | String8 name8(name); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 179 | String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_GENERIC)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 180 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 181 | Blob keyBlob(&item[0], item.size(), NULL, 0, ::TYPE_GENERIC); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 182 | keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); |
| 183 | |
| 184 | return mKeyStore->put(filename.string(), &keyBlob, get_user_id(targetUid)); |
| 185 | } |
| 186 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 187 | KeyStoreServiceReturnCode KeyStoreService::del(const String16& name, int targetUid) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 188 | targetUid = getEffectiveUid(targetUid); |
| 189 | if (!checkBinderPermission(P_DELETE, targetUid)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 190 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 191 | } |
| 192 | String8 name8(name); |
Rubin Xu | 7675c9f | 2017-03-15 19:26:52 +0000 | [diff] [blame] | 193 | ALOGI("del %s %d", name8.string(), targetUid); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 194 | String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_ANY)); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 195 | ResponseCode result = mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(targetUid)); |
| 196 | if (result != ResponseCode::NO_ERROR) { |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 197 | return result; |
| 198 | } |
| 199 | |
| 200 | // Also delete any characteristics files |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 201 | String8 chrFilename( |
| 202 | mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_KEY_CHARACTERISTICS)); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 203 | return mKeyStore->del(chrFilename.string(), ::TYPE_KEY_CHARACTERISTICS, get_user_id(targetUid)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 204 | } |
| 205 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 206 | KeyStoreServiceReturnCode KeyStoreService::exist(const String16& name, int targetUid) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 207 | targetUid = getEffectiveUid(targetUid); |
| 208 | if (!checkBinderPermission(P_EXIST, targetUid)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 209 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 210 | } |
| 211 | |
| 212 | String8 name8(name); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 213 | String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_ANY)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 214 | |
| 215 | if (access(filename.string(), R_OK) == -1) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 216 | return (errno != ENOENT) ? ResponseCode::SYSTEM_ERROR : ResponseCode::KEY_NOT_FOUND; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 217 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 218 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 219 | } |
| 220 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 221 | KeyStoreServiceReturnCode KeyStoreService::list(const String16& prefix, int targetUid, |
| 222 | Vector<String16>* matches) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 223 | targetUid = getEffectiveUid(targetUid); |
| 224 | if (!checkBinderPermission(P_LIST, targetUid)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 225 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 226 | } |
| 227 | const String8 prefix8(prefix); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 228 | String8 filename(mKeyStore->getKeyNameForUid(prefix8, targetUid, TYPE_ANY)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 229 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 230 | if (mKeyStore->list(filename, matches, get_user_id(targetUid)) != ResponseCode::NO_ERROR) { |
| 231 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 232 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 233 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 234 | } |
| 235 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 236 | KeyStoreServiceReturnCode KeyStoreService::reset() { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 237 | if (!checkBinderPermission(P_RESET)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 238 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 239 | } |
| 240 | |
| 241 | uid_t callingUid = IPCThreadState::self()->getCallingUid(); |
| 242 | mKeyStore->resetUser(get_user_id(callingUid), false); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 243 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 244 | } |
| 245 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 246 | KeyStoreServiceReturnCode KeyStoreService::onUserPasswordChanged(int32_t userId, |
| 247 | const String16& password) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 248 | if (!checkBinderPermission(P_PASSWORD)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 249 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 250 | } |
| 251 | |
| 252 | const String8 password8(password); |
| 253 | // Flush the auth token table to prevent stale tokens from sticking |
| 254 | // around. |
| 255 | mAuthTokenTable.Clear(); |
| 256 | |
| 257 | if (password.size() == 0) { |
| 258 | ALOGI("Secure lockscreen for user %d removed, deleting encrypted entries", userId); |
| 259 | mKeyStore->resetUser(userId, true); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 260 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 261 | } else { |
| 262 | switch (mKeyStore->getState(userId)) { |
| 263 | case ::STATE_UNINITIALIZED: { |
| 264 | // generate master key, encrypt with password, write to file, |
| 265 | // initialize mMasterKey*. |
| 266 | return mKeyStore->initializeUser(password8, userId); |
| 267 | } |
| 268 | case ::STATE_NO_ERROR: { |
| 269 | // rewrite master key with new password. |
| 270 | return mKeyStore->writeMasterKey(password8, userId); |
| 271 | } |
| 272 | case ::STATE_LOCKED: { |
| 273 | ALOGE("Changing user %d's password while locked, clearing old encryption", userId); |
| 274 | mKeyStore->resetUser(userId, true); |
| 275 | return mKeyStore->initializeUser(password8, userId); |
| 276 | } |
| 277 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 278 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 279 | } |
| 280 | } |
| 281 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 282 | KeyStoreServiceReturnCode KeyStoreService::onUserAdded(int32_t userId, int32_t parentId) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 283 | if (!checkBinderPermission(P_USER_CHANGED)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 284 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 285 | } |
| 286 | |
| 287 | // Sanity check that the new user has an empty keystore. |
| 288 | if (!mKeyStore->isEmpty(userId)) { |
| 289 | ALOGW("New user %d's keystore not empty. Clearing old entries.", userId); |
| 290 | } |
| 291 | // Unconditionally clear the keystore, just to be safe. |
| 292 | mKeyStore->resetUser(userId, false); |
| 293 | if (parentId != -1) { |
| 294 | // This profile must share the same master key password as the parent profile. Because the |
| 295 | // password of the parent profile is not known here, the best we can do is copy the parent's |
| 296 | // master key and master key file. This makes this profile use the same master key as the |
| 297 | // parent profile, forever. |
| 298 | return mKeyStore->copyMasterKey(parentId, userId); |
| 299 | } else { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 300 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 301 | } |
| 302 | } |
| 303 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 304 | KeyStoreServiceReturnCode KeyStoreService::onUserRemoved(int32_t userId) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 305 | if (!checkBinderPermission(P_USER_CHANGED)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 306 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 307 | } |
| 308 | |
| 309 | mKeyStore->resetUser(userId, false); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 310 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 311 | } |
| 312 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 313 | KeyStoreServiceReturnCode KeyStoreService::lock(int32_t userId) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 314 | if (!checkBinderPermission(P_LOCK)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 315 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 316 | } |
| 317 | |
| 318 | State state = mKeyStore->getState(userId); |
| 319 | if (state != ::STATE_NO_ERROR) { |
| 320 | ALOGD("calling lock in state: %d", state); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 321 | return ResponseCode(state); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 322 | } |
| 323 | |
| 324 | mKeyStore->lock(userId); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 325 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 326 | } |
| 327 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 328 | KeyStoreServiceReturnCode KeyStoreService::unlock(int32_t userId, const String16& pw) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 329 | if (!checkBinderPermission(P_UNLOCK)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 330 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 331 | } |
| 332 | |
| 333 | State state = mKeyStore->getState(userId); |
| 334 | if (state != ::STATE_LOCKED) { |
| 335 | switch (state) { |
| 336 | case ::STATE_NO_ERROR: |
| 337 | ALOGI("calling unlock when already unlocked, ignoring."); |
| 338 | break; |
| 339 | case ::STATE_UNINITIALIZED: |
| 340 | ALOGE("unlock called on uninitialized keystore."); |
| 341 | break; |
| 342 | default: |
| 343 | ALOGE("unlock called on keystore in unknown state: %d", state); |
| 344 | break; |
| 345 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 346 | return ResponseCode(state); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 347 | } |
| 348 | |
| 349 | const String8 password8(pw); |
| 350 | // read master key, decrypt with password, initialize mMasterKey*. |
| 351 | return mKeyStore->readMasterKey(password8, userId); |
| 352 | } |
| 353 | |
| 354 | bool KeyStoreService::isEmpty(int32_t userId) { |
| 355 | if (!checkBinderPermission(P_IS_EMPTY)) { |
| 356 | return false; |
| 357 | } |
| 358 | |
| 359 | return mKeyStore->isEmpty(userId); |
| 360 | } |
| 361 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 362 | KeyStoreServiceReturnCode KeyStoreService::generate(const String16& name, int32_t targetUid, |
| 363 | int32_t keyType, int32_t keySize, int32_t flags, |
| 364 | Vector<sp<KeystoreArg>>* args) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 365 | targetUid = getEffectiveUid(targetUid); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 366 | auto result = |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 367 | checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, flags & KEYSTORE_FLAG_ENCRYPTED); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 368 | if (!result.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 369 | return result; |
| 370 | } |
| 371 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 372 | keystore::AuthorizationSet params; |
| 373 | add_legacy_key_authorizations(keyType, ¶ms); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 374 | |
| 375 | switch (keyType) { |
| 376 | case EVP_PKEY_EC: { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 377 | params.push_back(TAG_ALGORITHM, Algorithm::EC); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 378 | if (keySize == -1) { |
| 379 | keySize = EC_DEFAULT_KEY_SIZE; |
| 380 | } else if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) { |
| 381 | ALOGI("invalid key size %d", keySize); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 382 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 383 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 384 | params.push_back(TAG_KEY_SIZE, keySize); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 385 | break; |
| 386 | } |
| 387 | case EVP_PKEY_RSA: { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 388 | params.push_back(TAG_ALGORITHM, Algorithm::RSA); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 389 | if (keySize == -1) { |
| 390 | keySize = RSA_DEFAULT_KEY_SIZE; |
| 391 | } else if (keySize < RSA_MIN_KEY_SIZE || keySize > RSA_MAX_KEY_SIZE) { |
| 392 | ALOGI("invalid key size %d", keySize); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 393 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 394 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 395 | params.push_back(TAG_KEY_SIZE, keySize); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 396 | unsigned long exponent = RSA_DEFAULT_EXPONENT; |
| 397 | if (args->size() > 1) { |
| 398 | ALOGI("invalid number of arguments: %zu", args->size()); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 399 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 400 | } else if (args->size() == 1) { |
Chih-Hung Hsieh | 24b2a39 | 2016-07-28 10:35:24 -0700 | [diff] [blame] | 401 | const sp<KeystoreArg>& expArg = args->itemAt(0); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 402 | if (expArg != NULL) { |
| 403 | Unique_BIGNUM pubExpBn(BN_bin2bn( |
| 404 | reinterpret_cast<const unsigned char*>(expArg->data()), expArg->size(), NULL)); |
| 405 | if (pubExpBn.get() == NULL) { |
| 406 | ALOGI("Could not convert public exponent to BN"); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 407 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 408 | } |
| 409 | exponent = BN_get_word(pubExpBn.get()); |
| 410 | if (exponent == 0xFFFFFFFFL) { |
| 411 | ALOGW("cannot represent public exponent as a long value"); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 412 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 413 | } |
| 414 | } else { |
| 415 | ALOGW("public exponent not read"); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 416 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 417 | } |
| 418 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 419 | params.push_back(TAG_RSA_PUBLIC_EXPONENT, exponent); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 420 | break; |
| 421 | } |
| 422 | default: { |
| 423 | ALOGW("Unsupported key type %d", keyType); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 424 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 425 | } |
| 426 | } |
| 427 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 428 | auto rc = generateKey(name, params.hidl_data(), hidl_vec<uint8_t>(), targetUid, flags, |
| 429 | /*outCharacteristics*/ NULL); |
| 430 | if (!rc.isOk()) { |
| 431 | ALOGW("generate failed: %d", int32_t(rc)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 432 | } |
| 433 | return translateResultToLegacyResult(rc); |
| 434 | } |
| 435 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 436 | KeyStoreServiceReturnCode KeyStoreService::import(const String16& name, |
| 437 | const hidl_vec<uint8_t>& data, int targetUid, |
| 438 | int32_t flags) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 439 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 440 | const uint8_t* ptr = &data[0]; |
| 441 | |
| 442 | Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &ptr, data.size())); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 443 | if (!pkcs8.get()) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 444 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 445 | } |
| 446 | Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get())); |
| 447 | if (!pkey.get()) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 448 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 449 | } |
| 450 | int type = EVP_PKEY_type(pkey->type); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 451 | AuthorizationSet params; |
| 452 | add_legacy_key_authorizations(type, ¶ms); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 453 | switch (type) { |
| 454 | case EVP_PKEY_RSA: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 455 | params.push_back(TAG_ALGORITHM, Algorithm::RSA); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 456 | break; |
| 457 | case EVP_PKEY_EC: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 458 | params.push_back(TAG_ALGORITHM, Algorithm::EC); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 459 | break; |
| 460 | default: |
| 461 | ALOGW("Unsupported key type %d", type); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 462 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 463 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 464 | |
| 465 | auto rc = importKey(name, params.hidl_data(), KeyFormat::PKCS8, data, targetUid, flags, |
| 466 | /*outCharacteristics*/ NULL); |
| 467 | |
| 468 | if (!rc.isOk()) { |
| 469 | ALOGW("importKey failed: %d", int32_t(rc)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 470 | } |
| 471 | return translateResultToLegacyResult(rc); |
| 472 | } |
| 473 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 474 | KeyStoreServiceReturnCode KeyStoreService::sign(const String16& name, const hidl_vec<uint8_t>& data, |
| 475 | hidl_vec<uint8_t>* out) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 476 | if (!checkBinderPermission(P_SIGN)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 477 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 478 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 479 | return doLegacySignVerify(name, data, out, hidl_vec<uint8_t>(), KeyPurpose::SIGN); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 480 | } |
| 481 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 482 | KeyStoreServiceReturnCode KeyStoreService::verify(const String16& name, |
| 483 | const hidl_vec<uint8_t>& data, |
| 484 | const hidl_vec<uint8_t>& signature) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 485 | if (!checkBinderPermission(P_VERIFY)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 486 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 487 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 488 | return doLegacySignVerify(name, data, nullptr, signature, KeyPurpose::VERIFY); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 489 | } |
| 490 | |
| 491 | /* |
| 492 | * TODO: The abstraction between things stored in hardware and regular blobs |
| 493 | * of data stored on the filesystem should be moved down to keystore itself. |
| 494 | * Unfortunately the Java code that calls this has naming conventions that it |
| 495 | * knows about. Ideally keystore shouldn't be used to store random blobs of |
| 496 | * data. |
| 497 | * |
| 498 | * Until that happens, it's necessary to have a separate "get_pubkey" and |
| 499 | * "del_key" since the Java code doesn't really communicate what it's |
| 500 | * intentions are. |
| 501 | */ |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 502 | KeyStoreServiceReturnCode KeyStoreService::get_pubkey(const String16& name, |
| 503 | hidl_vec<uint8_t>* pubKey) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 504 | ExportResult result; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 505 | exportKey(name, KeyFormat::X509, hidl_vec<uint8_t>(), hidl_vec<uint8_t>(), UID_SELF, &result); |
| 506 | if (!result.resultCode.isOk()) { |
| 507 | ALOGW("export failed: %d", int32_t(result.resultCode)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 508 | return translateResultToLegacyResult(result.resultCode); |
| 509 | } |
| 510 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 511 | if (pubKey) *pubKey = std::move(result.exportData); |
| 512 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 513 | } |
| 514 | |
Janis Danisevskis | 6d449e8 | 2017-06-07 18:03:31 -0700 | [diff] [blame] | 515 | String16 KeyStoreService::grant(const String16& name, int32_t granteeUid) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 516 | uid_t callingUid = IPCThreadState::self()->getCallingUid(); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 517 | auto result = checkBinderPermissionAndKeystoreState(P_GRANT); |
| 518 | if (!result.isOk()) { |
Janis Danisevskis | 6d449e8 | 2017-06-07 18:03:31 -0700 | [diff] [blame] | 519 | return String16(); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 520 | } |
| 521 | |
| 522 | String8 name8(name); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 523 | String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid, ::TYPE_ANY)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 524 | |
| 525 | if (access(filename.string(), R_OK) == -1) { |
Janis Danisevskis | 6d449e8 | 2017-06-07 18:03:31 -0700 | [diff] [blame] | 526 | return String16(); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 527 | } |
| 528 | |
Janis Danisevskis | 6d449e8 | 2017-06-07 18:03:31 -0700 | [diff] [blame] | 529 | return String16(mKeyStore->addGrant(filename.string(), String8(name).string(), granteeUid).c_str()); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 530 | } |
| 531 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 532 | KeyStoreServiceReturnCode KeyStoreService::ungrant(const String16& name, int32_t granteeUid) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 533 | uid_t callingUid = IPCThreadState::self()->getCallingUid(); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 534 | auto result = checkBinderPermissionAndKeystoreState(P_GRANT); |
| 535 | if (!result.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 536 | return result; |
| 537 | } |
| 538 | |
| 539 | String8 name8(name); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 540 | String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid, ::TYPE_ANY)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 541 | |
| 542 | if (access(filename.string(), R_OK) == -1) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 543 | return (errno != ENOENT) ? ResponseCode::SYSTEM_ERROR : ResponseCode::KEY_NOT_FOUND; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 544 | } |
| 545 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 546 | return mKeyStore->removeGrant(filename.string(), granteeUid) ? ResponseCode::NO_ERROR |
| 547 | : ResponseCode::KEY_NOT_FOUND; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 548 | } |
| 549 | |
| 550 | int64_t KeyStoreService::getmtime(const String16& name, int32_t uid) { |
| 551 | uid_t targetUid = getEffectiveUid(uid); |
| 552 | if (!checkBinderPermission(P_GET, targetUid)) { |
| 553 | ALOGW("permission denied for %d: getmtime", targetUid); |
| 554 | return -1L; |
| 555 | } |
| 556 | |
| 557 | String8 name8(name); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 558 | String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_ANY)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 559 | |
| 560 | if (access(filename.string(), R_OK) == -1) { |
| 561 | ALOGW("could not access %s for getmtime", filename.string()); |
| 562 | return -1L; |
| 563 | } |
| 564 | |
| 565 | int fd = TEMP_FAILURE_RETRY(open(filename.string(), O_NOFOLLOW, O_RDONLY)); |
| 566 | if (fd < 0) { |
| 567 | ALOGW("could not open %s for getmtime", filename.string()); |
| 568 | return -1L; |
| 569 | } |
| 570 | |
| 571 | struct stat s; |
| 572 | int ret = fstat(fd, &s); |
| 573 | close(fd); |
| 574 | if (ret == -1) { |
| 575 | ALOGW("could not stat %s for getmtime", filename.string()); |
| 576 | return -1L; |
| 577 | } |
| 578 | |
| 579 | return static_cast<int64_t>(s.st_mtime); |
| 580 | } |
| 581 | |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 582 | // TODO(tuckeris): This is dead code, remove it. Don't bother copying over key characteristics here |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 583 | KeyStoreServiceReturnCode KeyStoreService::duplicate(const String16& srcKey, int32_t srcUid, |
| 584 | const String16& destKey, int32_t destUid) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 585 | uid_t callingUid = IPCThreadState::self()->getCallingUid(); |
| 586 | pid_t spid = IPCThreadState::self()->getCallingPid(); |
| 587 | if (!has_permission(callingUid, P_DUPLICATE, spid)) { |
| 588 | ALOGW("permission denied for %d: duplicate", callingUid); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 589 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 590 | } |
| 591 | |
| 592 | State state = mKeyStore->getState(get_user_id(callingUid)); |
| 593 | if (!isKeystoreUnlocked(state)) { |
| 594 | ALOGD("calling duplicate in state: %d", state); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 595 | return ResponseCode(state); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 596 | } |
| 597 | |
| 598 | if (srcUid == -1 || static_cast<uid_t>(srcUid) == callingUid) { |
| 599 | srcUid = callingUid; |
| 600 | } else if (!is_granted_to(callingUid, srcUid)) { |
| 601 | ALOGD("migrate not granted from source: %d -> %d", callingUid, srcUid); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 602 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 603 | } |
| 604 | |
| 605 | if (destUid == -1) { |
| 606 | destUid = callingUid; |
| 607 | } |
| 608 | |
| 609 | if (srcUid != destUid) { |
| 610 | if (static_cast<uid_t>(srcUid) != callingUid) { |
| 611 | ALOGD("can only duplicate from caller to other or to same uid: " |
| 612 | "calling=%d, srcUid=%d, destUid=%d", |
| 613 | callingUid, srcUid, destUid); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 614 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 615 | } |
| 616 | |
| 617 | if (!is_granted_to(callingUid, destUid)) { |
| 618 | ALOGD("duplicate not granted to dest: %d -> %d", callingUid, destUid); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 619 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 620 | } |
| 621 | } |
| 622 | |
| 623 | String8 source8(srcKey); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 624 | String8 sourceFile(mKeyStore->getKeyNameForUidWithDir(source8, srcUid, ::TYPE_ANY)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 625 | |
| 626 | String8 target8(destKey); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 627 | String8 targetFile(mKeyStore->getKeyNameForUidWithDir(target8, destUid, ::TYPE_ANY)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 628 | |
| 629 | if (access(targetFile.string(), W_OK) != -1 || errno != ENOENT) { |
| 630 | ALOGD("destination already exists: %s", targetFile.string()); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 631 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 632 | } |
| 633 | |
| 634 | Blob keyBlob; |
| 635 | ResponseCode responseCode = |
| 636 | mKeyStore->get(sourceFile.string(), &keyBlob, TYPE_ANY, get_user_id(srcUid)); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 637 | if (responseCode != ResponseCode::NO_ERROR) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 638 | return responseCode; |
| 639 | } |
| 640 | |
| 641 | return mKeyStore->put(targetFile.string(), &keyBlob, get_user_id(destUid)); |
| 642 | } |
| 643 | |
| 644 | int32_t KeyStoreService::is_hardware_backed(const String16& keyType) { |
| 645 | return mKeyStore->isHardwareBacked(keyType) ? 1 : 0; |
| 646 | } |
| 647 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 648 | KeyStoreServiceReturnCode KeyStoreService::clear_uid(int64_t targetUid64) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 649 | uid_t targetUid = getEffectiveUid(targetUid64); |
| 650 | if (!checkBinderPermissionSelfOrSystem(P_CLEAR_UID, targetUid)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 651 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 652 | } |
Rubin Xu | 7675c9f | 2017-03-15 19:26:52 +0000 | [diff] [blame] | 653 | ALOGI("clear_uid %" PRId64, targetUid64); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 654 | |
| 655 | String8 prefix = String8::format("%u_", targetUid); |
| 656 | Vector<String16> aliases; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 657 | if (mKeyStore->list(prefix, &aliases, get_user_id(targetUid)) != ResponseCode::NO_ERROR) { |
| 658 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 659 | } |
| 660 | |
| 661 | for (uint32_t i = 0; i < aliases.size(); i++) { |
| 662 | String8 name8(aliases[i]); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 663 | String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_ANY)); |
Rubin Xu | 85c85e9 | 2017-04-26 20:07:30 +0100 | [diff] [blame] | 664 | |
| 665 | if (get_app_id(targetUid) == AID_SYSTEM) { |
| 666 | Blob keyBlob; |
| 667 | ResponseCode responseCode = |
| 668 | mKeyStore->get(filename.string(), &keyBlob, ::TYPE_ANY, get_user_id(targetUid)); |
| 669 | if (responseCode == ResponseCode::NO_ERROR && keyBlob.isCriticalToDeviceEncryption()) { |
| 670 | // Do not clear keys critical to device encryption under system uid. |
| 671 | continue; |
| 672 | } |
| 673 | } |
| 674 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 675 | mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(targetUid)); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 676 | |
| 677 | // del() will fail silently if no cached characteristics are present for this alias. |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 678 | String8 chr_filename( |
| 679 | mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_KEY_CHARACTERISTICS)); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 680 | mKeyStore->del(chr_filename.string(), ::TYPE_KEY_CHARACTERISTICS, get_user_id(targetUid)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 681 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 682 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 683 | } |
| 684 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 685 | KeyStoreServiceReturnCode KeyStoreService::addRngEntropy(const hidl_vec<uint8_t>& entropy) { |
| 686 | const auto& device = mKeyStore->getDevice(); |
| 687 | return KS_HANDLE_HIDL_ERROR(device->addRngEntropy(entropy)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 688 | } |
| 689 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 690 | KeyStoreServiceReturnCode KeyStoreService::generateKey(const String16& name, |
| 691 | const hidl_vec<KeyParameter>& params, |
| 692 | const hidl_vec<uint8_t>& entropy, int uid, |
| 693 | int flags, |
| 694 | KeyCharacteristics* outCharacteristics) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 695 | uid = getEffectiveUid(uid); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 696 | KeyStoreServiceReturnCode rc = |
| 697 | checkBinderPermissionAndKeystoreState(P_INSERT, uid, flags & KEYSTORE_FLAG_ENCRYPTED); |
| 698 | if (!rc.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 699 | return rc; |
| 700 | } |
Rubin Xu | 67899de | 2017-04-21 19:15:13 +0100 | [diff] [blame] | 701 | if ((flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION) && get_app_id(uid) != AID_SYSTEM) { |
| 702 | ALOGE("Non-system uid %d cannot set FLAG_CRITICAL_TO_DEVICE_ENCRYPTION", uid); |
| 703 | return ResponseCode::PERMISSION_DENIED; |
| 704 | } |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 705 | |
Shawn Willden | e2a7b52 | 2017-04-11 09:27:40 -0600 | [diff] [blame] | 706 | if (containsTag(params, Tag::INCLUDE_UNIQUE_ID)) { |
| 707 | if (!checkBinderPermission(P_GEN_UNIQUE_ID)) return ResponseCode::PERMISSION_DENIED; |
| 708 | } |
| 709 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 710 | bool usingFallback = false; |
| 711 | auto& dev = mKeyStore->getDevice(); |
| 712 | AuthorizationSet keyCharacteristics = params; |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 713 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 714 | // TODO: Seed from Linux RNG before this. |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 715 | rc = addRngEntropy(entropy); |
| 716 | if (!rc.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 717 | return rc; |
| 718 | } |
| 719 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 720 | KeyStoreServiceReturnCode error; |
| 721 | auto hidl_cb = [&](ErrorCode ret, const hidl_vec<uint8_t>& hidlKeyBlob, |
| 722 | const KeyCharacteristics& keyCharacteristics) { |
| 723 | error = ret; |
| 724 | if (!error.isOk()) { |
| 725 | return; |
| 726 | } |
| 727 | if (outCharacteristics) *outCharacteristics = keyCharacteristics; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 728 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 729 | // Write the key |
| 730 | String8 name8(name); |
| 731 | String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEYMASTER_10)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 732 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 733 | Blob keyBlob(&hidlKeyBlob[0], hidlKeyBlob.size(), NULL, 0, ::TYPE_KEYMASTER_10); |
| 734 | keyBlob.setFallback(usingFallback); |
Rubin Xu | 67899de | 2017-04-21 19:15:13 +0100 | [diff] [blame] | 735 | keyBlob.setCriticalToDeviceEncryption(flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION); |
| 736 | if (isAuthenticationBound(params) && !keyBlob.isCriticalToDeviceEncryption()) { |
Shawn Willden | d5a24e6 | 2017-02-28 13:53:24 -0700 | [diff] [blame] | 737 | keyBlob.setSuperEncrypted(true); |
| 738 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 739 | keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 740 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 741 | error = mKeyStore->put(filename.string(), &keyBlob, get_user_id(uid)); |
| 742 | }; |
| 743 | |
| 744 | rc = KS_HANDLE_HIDL_ERROR(dev->generateKey(params, hidl_cb)); |
| 745 | if (!rc.isOk()) { |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 746 | return rc; |
| 747 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 748 | if (!error.isOk()) { |
| 749 | ALOGE("Failed to generate key -> falling back to software keymaster"); |
| 750 | usingFallback = true; |
Janis Danisevskis | e8ba180 | 2017-01-30 10:49:51 +0000 | [diff] [blame] | 751 | auto fallback = mKeyStore->getFallbackDevice(); |
| 752 | if (!fallback.isOk()) { |
| 753 | return error; |
| 754 | } |
| 755 | rc = KS_HANDLE_HIDL_ERROR(fallback.value()->generateKey(params, hidl_cb)); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 756 | if (!rc.isOk()) { |
| 757 | return rc; |
| 758 | } |
| 759 | if (!error.isOk()) { |
| 760 | return error; |
| 761 | } |
| 762 | } |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 763 | |
| 764 | // Write the characteristics: |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 765 | String8 name8(name); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 766 | String8 cFilename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEY_CHARACTERISTICS)); |
| 767 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 768 | std::stringstream kc_stream; |
| 769 | keyCharacteristics.Serialize(&kc_stream); |
| 770 | if (kc_stream.bad()) { |
| 771 | return ResponseCode::SYSTEM_ERROR; |
| 772 | } |
| 773 | auto kc_buf = kc_stream.str(); |
| 774 | Blob charBlob(reinterpret_cast<const uint8_t*>(kc_buf.data()), kc_buf.size(), NULL, 0, |
| 775 | ::TYPE_KEY_CHARACTERISTICS); |
| 776 | charBlob.setFallback(usingFallback); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 777 | charBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); |
| 778 | |
| 779 | return mKeyStore->put(cFilename.string(), &charBlob, get_user_id(uid)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 780 | } |
| 781 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 782 | KeyStoreServiceReturnCode |
| 783 | KeyStoreService::getKeyCharacteristics(const String16& name, const hidl_vec<uint8_t>& clientId, |
| 784 | const hidl_vec<uint8_t>& appData, int32_t uid, |
| 785 | KeyCharacteristics* outCharacteristics) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 786 | if (!outCharacteristics) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 787 | return ErrorCode::UNEXPECTED_NULL_POINTER; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 788 | } |
| 789 | |
| 790 | uid_t targetUid = getEffectiveUid(uid); |
| 791 | uid_t callingUid = IPCThreadState::self()->getCallingUid(); |
| 792 | if (!is_granted_to(callingUid, targetUid)) { |
| 793 | ALOGW("uid %d not permitted to act for uid %d in getKeyCharacteristics", callingUid, |
| 794 | targetUid); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 795 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 796 | } |
| 797 | |
| 798 | Blob keyBlob; |
| 799 | String8 name8(name); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 800 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 801 | KeyStoreServiceReturnCode rc = |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 802 | mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_KEYMASTER_10); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 803 | if (!rc.isOk()) { |
| 804 | return rc; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 805 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 806 | |
| 807 | auto hidlKeyBlob = blob2hidlVec(keyBlob); |
| 808 | auto& dev = mKeyStore->getDevice(keyBlob); |
| 809 | |
| 810 | KeyStoreServiceReturnCode error; |
| 811 | |
| 812 | auto hidlCb = [&](ErrorCode ret, const KeyCharacteristics& keyCharacteristics) { |
| 813 | error = ret; |
| 814 | if (!error.isOk()) { |
| 815 | return; |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 816 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 817 | *outCharacteristics = keyCharacteristics; |
| 818 | }; |
| 819 | |
| 820 | rc = KS_HANDLE_HIDL_ERROR(dev->getKeyCharacteristics(hidlKeyBlob, clientId, appData, hidlCb)); |
| 821 | if (!rc.isOk()) { |
| 822 | return rc; |
| 823 | } |
| 824 | |
| 825 | if (error == ErrorCode::KEY_REQUIRES_UPGRADE) { |
| 826 | AuthorizationSet upgradeParams; |
| 827 | if (clientId.size()) { |
| 828 | upgradeParams.push_back(TAG_APPLICATION_ID, clientId); |
| 829 | } |
| 830 | if (appData.size()) { |
| 831 | upgradeParams.push_back(TAG_APPLICATION_DATA, appData); |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 832 | } |
| 833 | rc = upgradeKeyBlob(name, targetUid, upgradeParams, &keyBlob); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 834 | if (!rc.isOk()) { |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 835 | return rc; |
| 836 | } |
Shawn Willden | 715d023 | 2016-01-21 00:45:13 -0700 | [diff] [blame] | 837 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 838 | auto upgradedHidlKeyBlob = blob2hidlVec(keyBlob); |
| 839 | |
| 840 | rc = KS_HANDLE_HIDL_ERROR( |
| 841 | dev->getKeyCharacteristics(upgradedHidlKeyBlob, clientId, appData, hidlCb)); |
| 842 | if (!rc.isOk()) { |
| 843 | return rc; |
| 844 | } |
| 845 | // Note that, on success, "error" will have been updated by the hidlCB callback. |
| 846 | // So it is fine to return "error" below. |
| 847 | } |
| 848 | return error; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 849 | } |
| 850 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 851 | KeyStoreServiceReturnCode |
| 852 | KeyStoreService::importKey(const String16& name, const hidl_vec<KeyParameter>& params, |
| 853 | KeyFormat format, const hidl_vec<uint8_t>& keyData, int uid, int flags, |
| 854 | KeyCharacteristics* outCharacteristics) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 855 | uid = getEffectiveUid(uid); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 856 | KeyStoreServiceReturnCode rc = |
| 857 | checkBinderPermissionAndKeystoreState(P_INSERT, uid, flags & KEYSTORE_FLAG_ENCRYPTED); |
| 858 | if (!rc.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 859 | return rc; |
| 860 | } |
Rubin Xu | 67899de | 2017-04-21 19:15:13 +0100 | [diff] [blame] | 861 | if ((flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION) && get_app_id(uid) != AID_SYSTEM) { |
| 862 | ALOGE("Non-system uid %d cannot set FLAG_CRITICAL_TO_DEVICE_ENCRYPTION", uid); |
| 863 | return ResponseCode::PERMISSION_DENIED; |
| 864 | } |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 865 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 866 | bool usingFallback = false; |
| 867 | auto& dev = mKeyStore->getDevice(); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 868 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 869 | String8 name8(name); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 870 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 871 | KeyStoreServiceReturnCode error; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 872 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 873 | auto hidlCb = [&](ErrorCode ret, const hidl_vec<uint8_t>& keyBlob, |
| 874 | const KeyCharacteristics& keyCharacteristics) { |
| 875 | error = ret; |
| 876 | if (!error.isOk()) { |
| 877 | return; |
| 878 | } |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 879 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 880 | if (outCharacteristics) *outCharacteristics = keyCharacteristics; |
| 881 | |
| 882 | // Write the key: |
| 883 | String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEYMASTER_10)); |
| 884 | |
| 885 | Blob ksBlob(&keyBlob[0], keyBlob.size(), NULL, 0, ::TYPE_KEYMASTER_10); |
| 886 | ksBlob.setFallback(usingFallback); |
Rubin Xu | 67899de | 2017-04-21 19:15:13 +0100 | [diff] [blame] | 887 | ksBlob.setCriticalToDeviceEncryption(flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION); |
| 888 | if (isAuthenticationBound(params) && !ksBlob.isCriticalToDeviceEncryption()) { |
Shawn Willden | d5a24e6 | 2017-02-28 13:53:24 -0700 | [diff] [blame] | 889 | ksBlob.setSuperEncrypted(true); |
| 890 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 891 | ksBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); |
| 892 | |
| 893 | error = mKeyStore->put(filename.string(), &ksBlob, get_user_id(uid)); |
| 894 | }; |
| 895 | |
| 896 | rc = KS_HANDLE_HIDL_ERROR(dev->importKey(params, format, keyData, hidlCb)); |
| 897 | // possible hidl error |
| 898 | if (!rc.isOk()) { |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 899 | return rc; |
| 900 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 901 | // now check error from callback |
| 902 | if (!error.isOk()) { |
| 903 | ALOGE("Failed to import key -> falling back to software keymaster"); |
| 904 | usingFallback = true; |
Janis Danisevskis | e8ba180 | 2017-01-30 10:49:51 +0000 | [diff] [blame] | 905 | auto fallback = mKeyStore->getFallbackDevice(); |
| 906 | if (!fallback.isOk()) { |
| 907 | return error; |
| 908 | } |
| 909 | rc = KS_HANDLE_HIDL_ERROR(fallback.value()->importKey(params, format, keyData, hidlCb)); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 910 | // possible hidl error |
| 911 | if (!rc.isOk()) { |
| 912 | return rc; |
| 913 | } |
| 914 | // now check error from callback |
| 915 | if (!error.isOk()) { |
| 916 | return error; |
| 917 | } |
| 918 | } |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 919 | |
| 920 | // Write the characteristics: |
| 921 | String8 cFilename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEY_CHARACTERISTICS)); |
| 922 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 923 | AuthorizationSet opParams = params; |
| 924 | std::stringstream kcStream; |
| 925 | opParams.Serialize(&kcStream); |
| 926 | if (kcStream.bad()) return ResponseCode::SYSTEM_ERROR; |
| 927 | auto kcBuf = kcStream.str(); |
| 928 | |
| 929 | Blob charBlob(reinterpret_cast<const uint8_t*>(kcBuf.data()), kcBuf.size(), NULL, 0, |
| 930 | ::TYPE_KEY_CHARACTERISTICS); |
| 931 | charBlob.setFallback(usingFallback); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 932 | charBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); |
| 933 | |
| 934 | return mKeyStore->put(cFilename.string(), &charBlob, get_user_id(uid)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 935 | } |
| 936 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 937 | void KeyStoreService::exportKey(const String16& name, KeyFormat format, |
| 938 | const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData, |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 939 | int32_t uid, ExportResult* result) { |
| 940 | |
| 941 | uid_t targetUid = getEffectiveUid(uid); |
| 942 | uid_t callingUid = IPCThreadState::self()->getCallingUid(); |
| 943 | if (!is_granted_to(callingUid, targetUid)) { |
| 944 | ALOGW("uid %d not permitted to act for uid %d in exportKey", callingUid, targetUid); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 945 | result->resultCode = ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 946 | return; |
| 947 | } |
| 948 | |
| 949 | Blob keyBlob; |
| 950 | String8 name8(name); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 951 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 952 | result->resultCode = mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_KEYMASTER_10); |
| 953 | if (!result->resultCode.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 954 | return; |
| 955 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 956 | |
| 957 | auto key = blob2hidlVec(keyBlob); |
| 958 | auto& dev = mKeyStore->getDevice(keyBlob); |
| 959 | |
| 960 | auto hidlCb = [&](ErrorCode ret, const ::android::hardware::hidl_vec<uint8_t>& keyMaterial) { |
| 961 | result->resultCode = ret; |
| 962 | if (!result->resultCode.isOk()) { |
Ji Wang | 2c14231 | 2016-10-14 17:21:10 +0800 | [diff] [blame] | 963 | return; |
| 964 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 965 | result->exportData = keyMaterial; |
| 966 | }; |
| 967 | KeyStoreServiceReturnCode rc = |
| 968 | KS_HANDLE_HIDL_ERROR(dev->exportKey(format, key, clientId, appData, hidlCb)); |
| 969 | // Overwrite result->resultCode only on HIDL error. Otherwise we want the result set in the |
| 970 | // callback hidlCb. |
| 971 | if (!rc.isOk()) { |
| 972 | result->resultCode = rc; |
Ji Wang | 2c14231 | 2016-10-14 17:21:10 +0800 | [diff] [blame] | 973 | } |
| 974 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 975 | if (result->resultCode == ErrorCode::KEY_REQUIRES_UPGRADE) { |
| 976 | AuthorizationSet upgradeParams; |
| 977 | if (clientId.size()) { |
| 978 | upgradeParams.push_back(TAG_APPLICATION_ID, clientId); |
| 979 | } |
| 980 | if (appData.size()) { |
| 981 | upgradeParams.push_back(TAG_APPLICATION_DATA, appData); |
| 982 | } |
| 983 | result->resultCode = upgradeKeyBlob(name, targetUid, upgradeParams, &keyBlob); |
| 984 | if (!result->resultCode.isOk()) { |
| 985 | return; |
| 986 | } |
| 987 | |
| 988 | auto upgradedHidlKeyBlob = blob2hidlVec(keyBlob); |
| 989 | |
| 990 | result->resultCode = KS_HANDLE_HIDL_ERROR( |
| 991 | dev->exportKey(format, upgradedHidlKeyBlob, clientId, appData, hidlCb)); |
| 992 | if (!result->resultCode.isOk()) { |
| 993 | return; |
| 994 | } |
| 995 | } |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 996 | } |
| 997 | |
Shawn Willden | d3ed3a2 | 2017-03-28 00:39:16 +0000 | [diff] [blame] | 998 | static inline void addAuthTokenToParams(AuthorizationSet* params, const HardwareAuthToken* token) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 999 | if (token) { |
Shawn Willden | d3ed3a2 | 2017-03-28 00:39:16 +0000 | [diff] [blame] | 1000 | params->push_back(TAG_AUTH_TOKEN, authToken2HidlVec(*token)); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1001 | } |
| 1002 | } |
| 1003 | |
| 1004 | void KeyStoreService::begin(const sp<IBinder>& appToken, const String16& name, KeyPurpose purpose, |
| 1005 | bool pruneable, const hidl_vec<KeyParameter>& params, |
| 1006 | const hidl_vec<uint8_t>& entropy, int32_t uid, |
| 1007 | OperationResult* result) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1008 | uid_t callingUid = IPCThreadState::self()->getCallingUid(); |
| 1009 | uid_t targetUid = getEffectiveUid(uid); |
| 1010 | if (!is_granted_to(callingUid, targetUid)) { |
| 1011 | ALOGW("uid %d not permitted to act for uid %d in begin", callingUid, targetUid); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1012 | result->resultCode = ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1013 | return; |
| 1014 | } |
| 1015 | if (!pruneable && get_app_id(callingUid) != AID_SYSTEM) { |
| 1016 | ALOGE("Non-system uid %d trying to start non-pruneable operation", callingUid); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1017 | result->resultCode = ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1018 | return; |
| 1019 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1020 | if (!checkAllowedOperationParams(params)) { |
| 1021 | result->resultCode = ErrorCode::INVALID_ARGUMENT; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1022 | return; |
| 1023 | } |
| 1024 | Blob keyBlob; |
| 1025 | String8 name8(name); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1026 | result->resultCode = mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_KEYMASTER_10); |
Shawn Willden | d5a24e6 | 2017-02-28 13:53:24 -0700 | [diff] [blame] | 1027 | if (result->resultCode == ResponseCode::LOCKED && keyBlob.isSuperEncrypted()) { |
| 1028 | result->resultCode = ErrorCode::KEY_USER_NOT_AUTHENTICATED; |
| 1029 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1030 | if (!result->resultCode.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1031 | return; |
| 1032 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1033 | |
| 1034 | auto key = blob2hidlVec(keyBlob); |
| 1035 | auto& dev = mKeyStore->getDevice(keyBlob); |
| 1036 | AuthorizationSet opParams = params; |
| 1037 | KeyCharacteristics characteristics; |
| 1038 | result->resultCode = getOperationCharacteristics(key, &dev, opParams, &characteristics); |
| 1039 | |
| 1040 | if (result->resultCode == ErrorCode::KEY_REQUIRES_UPGRADE) { |
| 1041 | result->resultCode = upgradeKeyBlob(name, targetUid, opParams, &keyBlob); |
| 1042 | if (!result->resultCode.isOk()) { |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 1043 | return; |
| 1044 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1045 | key = blob2hidlVec(keyBlob); |
| 1046 | result->resultCode = getOperationCharacteristics(key, &dev, opParams, &characteristics); |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 1047 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1048 | if (!result->resultCode.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1049 | return; |
| 1050 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1051 | |
Shawn Willden | d3ed3a2 | 2017-03-28 00:39:16 +0000 | [diff] [blame] | 1052 | const HardwareAuthToken* authToken = NULL; |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 1053 | |
| 1054 | // Merge these characteristics with the ones cached when the key was generated or imported |
| 1055 | Blob charBlob; |
| 1056 | AuthorizationSet persistedCharacteristics; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1057 | result->resultCode = |
| 1058 | mKeyStore->getKeyForName(&charBlob, name8, targetUid, TYPE_KEY_CHARACTERISTICS); |
| 1059 | if (result->resultCode.isOk()) { |
| 1060 | // TODO write one shot stream buffer to avoid copying (twice here) |
| 1061 | std::string charBuffer(reinterpret_cast<const char*>(charBlob.getValue()), |
| 1062 | charBlob.getLength()); |
| 1063 | std::stringstream charStream(charBuffer); |
| 1064 | persistedCharacteristics.Deserialize(&charStream); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 1065 | } else { |
| 1066 | ALOGD("Unable to read cached characteristics for key"); |
| 1067 | } |
| 1068 | |
| 1069 | // Replace the sw_enforced set with those persisted to disk, minus hw_enforced |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1070 | AuthorizationSet softwareEnforced = characteristics.softwareEnforced; |
| 1071 | AuthorizationSet teeEnforced = characteristics.teeEnforced; |
| 1072 | persistedCharacteristics.Union(softwareEnforced); |
| 1073 | persistedCharacteristics.Subtract(teeEnforced); |
| 1074 | characteristics.softwareEnforced = persistedCharacteristics.hidl_data(); |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 1075 | |
Shawn Willden | c5e8f36 | 2017-08-31 09:23:06 -0600 | [diff] [blame^] | 1076 | auto authResult = getAuthToken(characteristics, 0, purpose, &authToken, |
| 1077 | /*failOnTokenMissing*/ false); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1078 | // If per-operation auth is needed we need to begin the operation and |
| 1079 | // the client will need to authorize that operation before calling |
| 1080 | // update. Any other auth issues stop here. |
Shawn Willden | c5e8f36 | 2017-08-31 09:23:06 -0600 | [diff] [blame^] | 1081 | if (!authResult.isOk() && authResult != ResponseCode::OP_AUTH_NEEDED) return; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1082 | |
| 1083 | addAuthTokenToParams(&opParams, authToken); |
| 1084 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1085 | // Add entropy to the device first. |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1086 | if (entropy.size()) { |
| 1087 | result->resultCode = addRngEntropy(entropy); |
| 1088 | if (!result->resultCode.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1089 | return; |
| 1090 | } |
| 1091 | } |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1092 | |
| 1093 | // Create a keyid for this key. |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1094 | km_id_t keyid; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1095 | if (!enforcement_policy.CreateKeyId(key, &keyid)) { |
| 1096 | ALOGE("Failed to create a key ID for authorization checking."); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1097 | result->resultCode = ErrorCode::UNKNOWN_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1098 | return; |
| 1099 | } |
| 1100 | |
| 1101 | // Check that all key authorization policy requirements are met. |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1102 | AuthorizationSet key_auths = characteristics.teeEnforced; |
| 1103 | key_auths.append(&characteristics.softwareEnforced[0], |
| 1104 | &characteristics.softwareEnforced[characteristics.softwareEnforced.size()]); |
| 1105 | |
| 1106 | result->resultCode = enforcement_policy.AuthorizeOperation( |
| 1107 | purpose, keyid, key_auths, opParams, 0 /* op_handle */, true /* is_begin_operation */); |
| 1108 | if (!result->resultCode.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1109 | return; |
| 1110 | } |
| 1111 | |
Shawn Willden | e2a7b52 | 2017-04-11 09:27:40 -0600 | [diff] [blame] | 1112 | // If there are more than kMaxOperations, abort the oldest operation that was started as |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1113 | // pruneable. |
Shawn Willden | e2a7b52 | 2017-04-11 09:27:40 -0600 | [diff] [blame] | 1114 | while (mOperationMap.getOperationCount() >= kMaxOperations) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1115 | ALOGD("Reached or exceeded concurrent operations limit"); |
| 1116 | if (!pruneOperation()) { |
| 1117 | break; |
| 1118 | } |
| 1119 | } |
| 1120 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1121 | auto hidlCb = [&](ErrorCode ret, const hidl_vec<KeyParameter>& outParams, |
| 1122 | uint64_t operationHandle) { |
| 1123 | result->resultCode = ret; |
| 1124 | if (!result->resultCode.isOk()) { |
| 1125 | return; |
| 1126 | } |
| 1127 | result->handle = operationHandle; |
| 1128 | result->outParams = outParams; |
| 1129 | }; |
| 1130 | |
| 1131 | ErrorCode rc = KS_HANDLE_HIDL_ERROR(dev->begin(purpose, key, opParams.hidl_data(), hidlCb)); |
| 1132 | if (rc != ErrorCode::OK) { |
| 1133 | ALOGW("Got error %d from begin()", rc); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1134 | } |
| 1135 | |
| 1136 | // If there are too many operations abort the oldest operation that was |
| 1137 | // started as pruneable and try again. |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1138 | while (rc == ErrorCode::TOO_MANY_OPERATIONS && mOperationMap.hasPruneableOperation()) { |
| 1139 | ALOGW("Ran out of operation handles"); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1140 | if (!pruneOperation()) { |
| 1141 | break; |
| 1142 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1143 | rc = KS_HANDLE_HIDL_ERROR(dev->begin(purpose, key, opParams.hidl_data(), hidlCb)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1144 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1145 | if (rc != ErrorCode::OK) { |
| 1146 | result->resultCode = rc; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1147 | return; |
| 1148 | } |
| 1149 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1150 | // Note: The operation map takes possession of the contents of "characteristics". |
| 1151 | // It is safe to use characteristics after the following line but it will be empty. |
| 1152 | sp<IBinder> operationToken = mOperationMap.addOperation( |
| 1153 | result->handle, keyid, purpose, dev, appToken, std::move(characteristics), pruneable); |
| 1154 | assert(characteristics.teeEnforced.size() == 0); |
| 1155 | assert(characteristics.softwareEnforced.size() == 0); |
Shawn Willden | c5e8f36 | 2017-08-31 09:23:06 -0600 | [diff] [blame^] | 1156 | result->token = operationToken; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1157 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1158 | if (authToken) { |
Shawn Willden | d3ed3a2 | 2017-03-28 00:39:16 +0000 | [diff] [blame] | 1159 | mOperationMap.setOperationAuthToken(operationToken, authToken); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1160 | } |
| 1161 | // Return the authentication lookup result. If this is a per operation |
| 1162 | // auth'd key then the resultCode will be ::OP_AUTH_NEEDED and the |
| 1163 | // application should get an auth token using the handle before the |
| 1164 | // first call to update, which will fail if keystore hasn't received the |
| 1165 | // auth token. |
Shawn Willden | c5e8f36 | 2017-08-31 09:23:06 -0600 | [diff] [blame^] | 1166 | result->resultCode = authResult; |
| 1167 | |
| 1168 | // Other result fields were set in the begin operation's callback. |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1169 | } |
| 1170 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1171 | void KeyStoreService::update(const sp<IBinder>& token, const hidl_vec<KeyParameter>& params, |
| 1172 | const hidl_vec<uint8_t>& data, OperationResult* result) { |
| 1173 | if (!checkAllowedOperationParams(params)) { |
| 1174 | result->resultCode = ErrorCode::INVALID_ARGUMENT; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1175 | return; |
| 1176 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1177 | km_device_t dev; |
| 1178 | uint64_t handle; |
| 1179 | KeyPurpose purpose; |
| 1180 | km_id_t keyid; |
| 1181 | const KeyCharacteristics* characteristics; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1182 | if (!mOperationMap.getOperation(token, &handle, &keyid, &purpose, &dev, &characteristics)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1183 | result->resultCode = ErrorCode::INVALID_OPERATION_HANDLE; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1184 | return; |
| 1185 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1186 | AuthorizationSet opParams = params; |
| 1187 | result->resultCode = addOperationAuthTokenIfNeeded(token, &opParams); |
| 1188 | if (!result->resultCode.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1189 | return; |
| 1190 | } |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1191 | |
| 1192 | // Check that all key authorization policy requirements are met. |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1193 | AuthorizationSet key_auths(characteristics->teeEnforced); |
| 1194 | key_auths.append(&characteristics->softwareEnforced[0], |
| 1195 | &characteristics->softwareEnforced[characteristics->softwareEnforced.size()]); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1196 | result->resultCode = enforcement_policy.AuthorizeOperation( |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1197 | purpose, keyid, key_auths, opParams, handle, false /* is_begin_operation */); |
| 1198 | if (!result->resultCode.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1199 | return; |
| 1200 | } |
| 1201 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1202 | auto hidlCb = [&](ErrorCode ret, uint32_t inputConsumed, |
| 1203 | const hidl_vec<KeyParameter>& outParams, const hidl_vec<uint8_t>& output) { |
| 1204 | result->resultCode = ret; |
| 1205 | if (!result->resultCode.isOk()) { |
| 1206 | return; |
| 1207 | } |
| 1208 | result->inputConsumed = inputConsumed; |
| 1209 | result->outParams = outParams; |
| 1210 | result->data = output; |
| 1211 | }; |
| 1212 | |
Janis Danisevskis | b0245ee | 2017-01-25 15:43:01 +0000 | [diff] [blame] | 1213 | KeyStoreServiceReturnCode rc = KS_HANDLE_HIDL_ERROR(dev->update(handle, opParams.hidl_data(), |
| 1214 | data, hidlCb)); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1215 | // just a reminder: on success result->resultCode was set in the callback. So we only overwrite |
| 1216 | // it if there was a communication error indicated by the ErrorCode. |
| 1217 | if (!rc.isOk()) { |
| 1218 | result->resultCode = rc; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1219 | } |
| 1220 | } |
| 1221 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1222 | void KeyStoreService::finish(const sp<IBinder>& token, const hidl_vec<KeyParameter>& params, |
| 1223 | const hidl_vec<uint8_t>& signature, const hidl_vec<uint8_t>& entropy, |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1224 | OperationResult* result) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1225 | if (!checkAllowedOperationParams(params)) { |
| 1226 | result->resultCode = ErrorCode::INVALID_ARGUMENT; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1227 | return; |
| 1228 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1229 | km_device_t dev; |
| 1230 | uint64_t handle; |
| 1231 | KeyPurpose purpose; |
| 1232 | km_id_t keyid; |
| 1233 | const KeyCharacteristics* characteristics; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1234 | if (!mOperationMap.getOperation(token, &handle, &keyid, &purpose, &dev, &characteristics)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1235 | result->resultCode = ErrorCode::INVALID_OPERATION_HANDLE; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1236 | return; |
| 1237 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1238 | AuthorizationSet opParams = params; |
| 1239 | result->resultCode = addOperationAuthTokenIfNeeded(token, &opParams); |
| 1240 | if (!result->resultCode.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1241 | return; |
| 1242 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1243 | |
| 1244 | if (entropy.size()) { |
| 1245 | result->resultCode = addRngEntropy(entropy); |
| 1246 | if (!result->resultCode.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1247 | return; |
| 1248 | } |
| 1249 | } |
| 1250 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1251 | // Check that all key authorization policy requirements are met. |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1252 | AuthorizationSet key_auths(characteristics->teeEnforced); |
| 1253 | key_auths.append(&characteristics->softwareEnforced[0], |
| 1254 | &characteristics->softwareEnforced[characteristics->softwareEnforced.size()]); |
| 1255 | result->resultCode = enforcement_policy.AuthorizeOperation( |
| 1256 | purpose, keyid, key_auths, opParams, handle, false /* is_begin_operation */); |
| 1257 | if (!result->resultCode.isOk()) return; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1258 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1259 | auto hidlCb = [&](ErrorCode ret, const hidl_vec<KeyParameter>& outParams, |
| 1260 | const hidl_vec<uint8_t>& output) { |
| 1261 | result->resultCode = ret; |
| 1262 | if (!result->resultCode.isOk()) { |
| 1263 | return; |
| 1264 | } |
| 1265 | result->outParams = outParams; |
| 1266 | result->data = output; |
| 1267 | }; |
| 1268 | |
| 1269 | KeyStoreServiceReturnCode rc = KS_HANDLE_HIDL_ERROR(dev->finish( |
| 1270 | handle, opParams.hidl_data(), |
| 1271 | hidl_vec<uint8_t>() /* TODO(swillden): wire up input to finish() */, signature, hidlCb)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1272 | // Remove the operation regardless of the result |
| 1273 | mOperationMap.removeOperation(token); |
| 1274 | mAuthTokenTable.MarkCompleted(handle); |
| 1275 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1276 | // just a reminder: on success result->resultCode was set in the callback. So we only overwrite |
| 1277 | // it if there was a communication error indicated by the ErrorCode. |
| 1278 | if (!rc.isOk()) { |
| 1279 | result->resultCode = rc; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1280 | } |
| 1281 | } |
| 1282 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1283 | KeyStoreServiceReturnCode KeyStoreService::abort(const sp<IBinder>& token) { |
| 1284 | km_device_t dev; |
| 1285 | uint64_t handle; |
| 1286 | KeyPurpose purpose; |
| 1287 | km_id_t keyid; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1288 | if (!mOperationMap.getOperation(token, &handle, &keyid, &purpose, &dev, NULL)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1289 | return ErrorCode::INVALID_OPERATION_HANDLE; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1290 | } |
| 1291 | mOperationMap.removeOperation(token); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1292 | |
| 1293 | ErrorCode rc = KS_HANDLE_HIDL_ERROR(dev->abort(handle)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1294 | mAuthTokenTable.MarkCompleted(handle); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1295 | return rc; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1296 | } |
| 1297 | |
| 1298 | bool KeyStoreService::isOperationAuthorized(const sp<IBinder>& token) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1299 | km_device_t dev; |
| 1300 | uint64_t handle; |
| 1301 | const KeyCharacteristics* characteristics; |
| 1302 | KeyPurpose purpose; |
| 1303 | km_id_t keyid; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1304 | if (!mOperationMap.getOperation(token, &handle, &keyid, &purpose, &dev, &characteristics)) { |
| 1305 | return false; |
| 1306 | } |
Shawn Willden | d3ed3a2 | 2017-03-28 00:39:16 +0000 | [diff] [blame] | 1307 | const HardwareAuthToken* authToken = NULL; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1308 | mOperationMap.getOperationAuthToken(token, &authToken); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1309 | AuthorizationSet ignored; |
| 1310 | auto authResult = addOperationAuthTokenIfNeeded(token, &ignored); |
| 1311 | return authResult.isOk(); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1312 | } |
| 1313 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1314 | KeyStoreServiceReturnCode KeyStoreService::addAuthToken(const uint8_t* token, size_t length) { |
Shawn Willden | d3ed3a2 | 2017-03-28 00:39:16 +0000 | [diff] [blame] | 1315 | // TODO(swillden): When gatekeeper and fingerprint are ready, this should be updated to |
| 1316 | // receive a HardwareAuthToken, rather than an opaque byte array. |
| 1317 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1318 | if (!checkBinderPermission(P_ADD_AUTH)) { |
| 1319 | ALOGW("addAuthToken: permission denied for %d", IPCThreadState::self()->getCallingUid()); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1320 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1321 | } |
Shawn Willden | d3ed3a2 | 2017-03-28 00:39:16 +0000 | [diff] [blame] | 1322 | if (length != sizeof(hw_auth_token_t)) { |
| 1323 | return ErrorCode::INVALID_ARGUMENT; |
| 1324 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1325 | |
Shawn Willden | d3ed3a2 | 2017-03-28 00:39:16 +0000 | [diff] [blame] | 1326 | hw_auth_token_t authToken; |
| 1327 | memcpy(reinterpret_cast<void*>(&authToken), token, sizeof(hw_auth_token_t)); |
| 1328 | if (authToken.version != 0) { |
| 1329 | return ErrorCode::INVALID_ARGUMENT; |
| 1330 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1331 | |
Shawn Willden | d3ed3a2 | 2017-03-28 00:39:16 +0000 | [diff] [blame] | 1332 | std::unique_ptr<HardwareAuthToken> hidlAuthToken(new HardwareAuthToken); |
| 1333 | hidlAuthToken->challenge = authToken.challenge; |
| 1334 | hidlAuthToken->userId = authToken.user_id; |
| 1335 | hidlAuthToken->authenticatorId = authToken.authenticator_id; |
| 1336 | hidlAuthToken->authenticatorType = authToken.authenticator_type; |
| 1337 | hidlAuthToken->timestamp = authToken.timestamp; |
| 1338 | static_assert( |
| 1339 | std::is_same<decltype(hidlAuthToken->hmac), |
| 1340 | ::android::hardware::hidl_array<uint8_t, sizeof(authToken.hmac)>>::value, |
| 1341 | "This function assumes token HMAC is 32 bytes, but it might not be."); |
| 1342 | std::copy(authToken.hmac, authToken.hmac + sizeof(authToken.hmac), hidlAuthToken->hmac.data()); |
| 1343 | |
| 1344 | // The table takes ownership of authToken. |
| 1345 | mAuthTokenTable.AddAuthenticationToken(hidlAuthToken.release()); |
| 1346 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1347 | } |
| 1348 | |
Bartosz Fabianowski | a9452d9 | 2017-01-23 22:21:11 +0100 | [diff] [blame] | 1349 | bool isDeviceIdAttestationRequested(const hidl_vec<KeyParameter>& params) { |
| 1350 | for (size_t i = 0; i < params.size(); ++i) { |
| 1351 | switch (params[i].tag) { |
Shawn Willden | e2a7b52 | 2017-04-11 09:27:40 -0600 | [diff] [blame] | 1352 | case Tag::ATTESTATION_ID_BRAND: |
| 1353 | case Tag::ATTESTATION_ID_DEVICE: |
| 1354 | case Tag::ATTESTATION_ID_IMEI: |
| 1355 | case Tag::ATTESTATION_ID_MANUFACTURER: |
| 1356 | case Tag::ATTESTATION_ID_MEID: |
| 1357 | case Tag::ATTESTATION_ID_MODEL: |
| 1358 | case Tag::ATTESTATION_ID_PRODUCT: |
| 1359 | case Tag::ATTESTATION_ID_SERIAL: |
| 1360 | return true; |
| 1361 | default: |
| 1362 | break; |
Bartosz Fabianowski | a9452d9 | 2017-01-23 22:21:11 +0100 | [diff] [blame] | 1363 | } |
| 1364 | } |
| 1365 | return false; |
| 1366 | } |
| 1367 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1368 | KeyStoreServiceReturnCode KeyStoreService::attestKey(const String16& name, |
| 1369 | const hidl_vec<KeyParameter>& params, |
| 1370 | hidl_vec<hidl_vec<uint8_t>>* outChain) { |
| 1371 | if (!outChain) { |
| 1372 | return ErrorCode::OUTPUT_PARAMETER_NULL; |
| 1373 | } |
Shawn Willden | 50eb1b2 | 2016-01-21 12:41:23 -0700 | [diff] [blame] | 1374 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1375 | if (!checkAllowedOperationParams(params)) { |
| 1376 | return ErrorCode::INVALID_ARGUMENT; |
Shawn Willden | 50eb1b2 | 2016-01-21 12:41:23 -0700 | [diff] [blame] | 1377 | } |
| 1378 | |
Bartosz Fabianowski | 5aa93e0 | 2017-04-24 13:54:49 +0200 | [diff] [blame] | 1379 | if (isDeviceIdAttestationRequested(params)) { |
| 1380 | // There is a dedicated attestDeviceIds() method for device ID attestation. |
| 1381 | return ErrorCode::INVALID_ARGUMENT; |
Bartosz Fabianowski | a9452d9 | 2017-01-23 22:21:11 +0100 | [diff] [blame] | 1382 | } |
| 1383 | |
Bartosz Fabianowski | 5aa93e0 | 2017-04-24 13:54:49 +0200 | [diff] [blame] | 1384 | uid_t callingUid = IPCThreadState::self()->getCallingUid(); |
| 1385 | |
Shawn Willden | e2a7b52 | 2017-04-11 09:27:40 -0600 | [diff] [blame] | 1386 | AuthorizationSet mutableParams = params; |
Bartosz Fabianowski | 5aa93e0 | 2017-04-24 13:54:49 +0200 | [diff] [blame] | 1387 | KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams); |
| 1388 | if (!rc.isOk()) { |
| 1389 | return rc; |
| 1390 | } |
Shawn Willden | e2a7b52 | 2017-04-11 09:27:40 -0600 | [diff] [blame] | 1391 | |
Shawn Willden | 50eb1b2 | 2016-01-21 12:41:23 -0700 | [diff] [blame] | 1392 | Blob keyBlob; |
| 1393 | String8 name8(name); |
Bartosz Fabianowski | 5aa93e0 | 2017-04-24 13:54:49 +0200 | [diff] [blame] | 1394 | rc = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, TYPE_KEYMASTER_10); |
| 1395 | if (!rc.isOk()) { |
| 1396 | return rc; |
Shawn Willden | 50eb1b2 | 2016-01-21 12:41:23 -0700 | [diff] [blame] | 1397 | } |
| 1398 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1399 | KeyStoreServiceReturnCode error; |
| 1400 | auto hidlCb = [&](ErrorCode ret, const hidl_vec<hidl_vec<uint8_t>>& certChain) { |
| 1401 | error = ret; |
| 1402 | if (!error.isOk()) { |
| 1403 | return; |
| 1404 | } |
| 1405 | if (outChain) *outChain = certChain; |
| 1406 | }; |
| 1407 | |
| 1408 | auto hidlKey = blob2hidlVec(keyBlob); |
| 1409 | auto& dev = mKeyStore->getDevice(keyBlob); |
Bartosz Fabianowski | 5aa93e0 | 2017-04-24 13:54:49 +0200 | [diff] [blame] | 1410 | rc = KS_HANDLE_HIDL_ERROR(dev->attestKey(hidlKey, mutableParams.hidl_data(), hidlCb)); |
| 1411 | if (!rc.isOk()) { |
| 1412 | return rc; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1413 | } |
Bartosz Fabianowski | 5aa93e0 | 2017-04-24 13:54:49 +0200 | [diff] [blame] | 1414 | return error; |
| 1415 | } |
| 1416 | |
| 1417 | KeyStoreServiceReturnCode KeyStoreService::attestDeviceIds(const hidl_vec<KeyParameter>& params, |
| 1418 | hidl_vec<hidl_vec<uint8_t>>* outChain) { |
| 1419 | if (!outChain) { |
| 1420 | return ErrorCode::OUTPUT_PARAMETER_NULL; |
| 1421 | } |
| 1422 | |
| 1423 | if (!checkAllowedOperationParams(params)) { |
| 1424 | return ErrorCode::INVALID_ARGUMENT; |
| 1425 | } |
| 1426 | |
| 1427 | if (!isDeviceIdAttestationRequested(params)) { |
| 1428 | // There is an attestKey() method for attesting keys without device ID attestation. |
| 1429 | return ErrorCode::INVALID_ARGUMENT; |
| 1430 | } |
| 1431 | |
| 1432 | uid_t callingUid = IPCThreadState::self()->getCallingUid(); |
| 1433 | sp<IBinder> binder = defaultServiceManager()->getService(String16("permission")); |
| 1434 | if (binder == 0) { |
| 1435 | return ErrorCode::CANNOT_ATTEST_IDS; |
| 1436 | } |
| 1437 | if (!interface_cast<IPermissionController>(binder)->checkPermission( |
| 1438 | String16("android.permission.READ_PRIVILEGED_PHONE_STATE"), |
| 1439 | IPCThreadState::self()->getCallingPid(), callingUid)) { |
| 1440 | return ErrorCode::CANNOT_ATTEST_IDS; |
| 1441 | } |
| 1442 | |
| 1443 | AuthorizationSet mutableParams = params; |
| 1444 | KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams); |
| 1445 | if (!rc.isOk()) { |
| 1446 | return rc; |
| 1447 | } |
| 1448 | |
| 1449 | // Generate temporary key. |
| 1450 | auto& dev = mKeyStore->getDevice(); |
| 1451 | KeyStoreServiceReturnCode error; |
| 1452 | hidl_vec<uint8_t> hidlKey; |
| 1453 | |
| 1454 | AuthorizationSet keyCharacteristics; |
| 1455 | keyCharacteristics.push_back(TAG_PURPOSE, KeyPurpose::VERIFY); |
| 1456 | keyCharacteristics.push_back(TAG_ALGORITHM, Algorithm::EC); |
| 1457 | keyCharacteristics.push_back(TAG_DIGEST, Digest::SHA_2_256); |
| 1458 | keyCharacteristics.push_back(TAG_NO_AUTH_REQUIRED); |
| 1459 | keyCharacteristics.push_back(TAG_EC_CURVE, EcCurve::P_256); |
| 1460 | auto generateHidlCb = [&](ErrorCode ret, const hidl_vec<uint8_t>& hidlKeyBlob, |
| 1461 | const KeyCharacteristics&) { |
| 1462 | error = ret; |
| 1463 | if (!error.isOk()) { |
| 1464 | return; |
| 1465 | } |
| 1466 | hidlKey = hidlKeyBlob; |
| 1467 | }; |
| 1468 | |
| 1469 | rc = KS_HANDLE_HIDL_ERROR(dev->generateKey(keyCharacteristics.hidl_data(), generateHidlCb)); |
| 1470 | if (!rc.isOk()) { |
| 1471 | return rc; |
| 1472 | } |
| 1473 | if (!error.isOk()) { |
| 1474 | return error; |
| 1475 | } |
| 1476 | |
| 1477 | // Attest key and device IDs. |
| 1478 | auto attestHidlCb = [&](ErrorCode ret, const hidl_vec<hidl_vec<uint8_t>>& certChain) { |
| 1479 | error = ret; |
| 1480 | if (!error.isOk()) { |
| 1481 | return; |
| 1482 | } |
| 1483 | *outChain = certChain; |
| 1484 | }; |
| 1485 | KeyStoreServiceReturnCode attestationRc = |
| 1486 | KS_HANDLE_HIDL_ERROR(dev->attestKey(hidlKey, mutableParams.hidl_data(), attestHidlCb)); |
| 1487 | |
| 1488 | // Delete temporary key. |
| 1489 | KeyStoreServiceReturnCode deletionRc = KS_HANDLE_HIDL_ERROR(dev->deleteKey(hidlKey)); |
Bartosz Fabianowski | a9452d9 | 2017-01-23 22:21:11 +0100 | [diff] [blame] | 1490 | |
| 1491 | if (!attestationRc.isOk()) { |
| 1492 | return attestationRc; |
| 1493 | } |
| 1494 | if (!error.isOk()) { |
| 1495 | return error; |
| 1496 | } |
| 1497 | return deletionRc; |
Shawn Willden | 50eb1b2 | 2016-01-21 12:41:23 -0700 | [diff] [blame] | 1498 | } |
| 1499 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1500 | KeyStoreServiceReturnCode KeyStoreService::onDeviceOffBody() { |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 1501 | // TODO(tuckeris): add permission check. This should be callable from ClockworkHome only. |
| 1502 | mAuthTokenTable.onDeviceOffBody(); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1503 | return ResponseCode::NO_ERROR; |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 1504 | } |
| 1505 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1506 | /** |
| 1507 | * Prune the oldest pruneable operation. |
| 1508 | */ |
| 1509 | bool KeyStoreService::pruneOperation() { |
| 1510 | sp<IBinder> oldest = mOperationMap.getOldestPruneableOperation(); |
| 1511 | ALOGD("Trying to prune operation %p", oldest.get()); |
| 1512 | size_t op_count_before_abort = mOperationMap.getOperationCount(); |
| 1513 | // We mostly ignore errors from abort() because all we care about is whether at least |
| 1514 | // one operation has been removed. |
| 1515 | int abort_error = abort(oldest); |
| 1516 | if (mOperationMap.getOperationCount() >= op_count_before_abort) { |
| 1517 | ALOGE("Failed to abort pruneable operation %p, error: %d", oldest.get(), abort_error); |
| 1518 | return false; |
| 1519 | } |
| 1520 | return true; |
| 1521 | } |
| 1522 | |
| 1523 | /** |
| 1524 | * Get the effective target uid for a binder operation that takes an |
| 1525 | * optional uid as the target. |
| 1526 | */ |
| 1527 | uid_t KeyStoreService::getEffectiveUid(int32_t targetUid) { |
| 1528 | if (targetUid == UID_SELF) { |
| 1529 | return IPCThreadState::self()->getCallingUid(); |
| 1530 | } |
| 1531 | return static_cast<uid_t>(targetUid); |
| 1532 | } |
| 1533 | |
| 1534 | /** |
| 1535 | * Check if the caller of the current binder method has the required |
| 1536 | * permission and if acting on other uids the grants to do so. |
| 1537 | */ |
| 1538 | bool KeyStoreService::checkBinderPermission(perm_t permission, int32_t targetUid) { |
| 1539 | uid_t callingUid = IPCThreadState::self()->getCallingUid(); |
| 1540 | pid_t spid = IPCThreadState::self()->getCallingPid(); |
| 1541 | if (!has_permission(callingUid, permission, spid)) { |
| 1542 | ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid); |
| 1543 | return false; |
| 1544 | } |
| 1545 | if (!is_granted_to(callingUid, getEffectiveUid(targetUid))) { |
| 1546 | ALOGW("uid %d not granted to act for %d", callingUid, targetUid); |
| 1547 | return false; |
| 1548 | } |
| 1549 | return true; |
| 1550 | } |
| 1551 | |
| 1552 | /** |
| 1553 | * Check if the caller of the current binder method has the required |
| 1554 | * permission and the target uid is the caller or the caller is system. |
| 1555 | */ |
| 1556 | bool KeyStoreService::checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid) { |
| 1557 | uid_t callingUid = IPCThreadState::self()->getCallingUid(); |
| 1558 | pid_t spid = IPCThreadState::self()->getCallingPid(); |
| 1559 | if (!has_permission(callingUid, permission, spid)) { |
| 1560 | ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid); |
| 1561 | return false; |
| 1562 | } |
| 1563 | return getEffectiveUid(targetUid) == callingUid || callingUid == AID_SYSTEM; |
| 1564 | } |
| 1565 | |
| 1566 | /** |
| 1567 | * Check if the caller of the current binder method has the required |
| 1568 | * permission or the target of the operation is the caller's uid. This is |
| 1569 | * for operation where the permission is only for cross-uid activity and all |
| 1570 | * uids are allowed to act on their own (ie: clearing all entries for a |
| 1571 | * given uid). |
| 1572 | */ |
| 1573 | bool KeyStoreService::checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid) { |
| 1574 | uid_t callingUid = IPCThreadState::self()->getCallingUid(); |
| 1575 | if (getEffectiveUid(targetUid) == callingUid) { |
| 1576 | return true; |
| 1577 | } else { |
| 1578 | return checkBinderPermission(permission, targetUid); |
| 1579 | } |
| 1580 | } |
| 1581 | |
| 1582 | /** |
| 1583 | * Helper method to check that the caller has the required permission as |
| 1584 | * well as the keystore is in the unlocked state if checkUnlocked is true. |
| 1585 | * |
| 1586 | * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and |
| 1587 | * otherwise the state of keystore when not unlocked and checkUnlocked is |
| 1588 | * true. |
| 1589 | */ |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1590 | KeyStoreServiceReturnCode |
| 1591 | KeyStoreService::checkBinderPermissionAndKeystoreState(perm_t permission, int32_t targetUid, |
| 1592 | bool checkUnlocked) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1593 | if (!checkBinderPermission(permission, targetUid)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1594 | return ResponseCode::PERMISSION_DENIED; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1595 | } |
| 1596 | State state = mKeyStore->getState(get_user_id(getEffectiveUid(targetUid))); |
| 1597 | if (checkUnlocked && !isKeystoreUnlocked(state)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1598 | // All State values coincide with ResponseCodes |
| 1599 | return static_cast<ResponseCode>(state); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1600 | } |
| 1601 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1602 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1603 | } |
| 1604 | |
| 1605 | bool KeyStoreService::isKeystoreUnlocked(State state) { |
| 1606 | switch (state) { |
| 1607 | case ::STATE_NO_ERROR: |
| 1608 | return true; |
| 1609 | case ::STATE_UNINITIALIZED: |
| 1610 | case ::STATE_LOCKED: |
| 1611 | return false; |
| 1612 | } |
| 1613 | return false; |
| 1614 | } |
| 1615 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1616 | /** |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1617 | * Check that all KeyParameter's provided by the application are |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1618 | * allowed. Any parameter that keystore adds itself should be disallowed here. |
| 1619 | */ |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1620 | bool KeyStoreService::checkAllowedOperationParams(const hidl_vec<KeyParameter>& params) { |
| 1621 | for (size_t i = 0; i < params.size(); ++i) { |
| 1622 | switch (params[i].tag) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1623 | case Tag::ATTESTATION_APPLICATION_ID: |
Shawn Willden | e2a7b52 | 2017-04-11 09:27:40 -0600 | [diff] [blame] | 1624 | case Tag::AUTH_TOKEN: |
| 1625 | case Tag::RESET_SINCE_ID_ROTATION: |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1626 | return false; |
| 1627 | default: |
| 1628 | break; |
| 1629 | } |
| 1630 | } |
| 1631 | return true; |
| 1632 | } |
| 1633 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1634 | ErrorCode KeyStoreService::getOperationCharacteristics(const hidl_vec<uint8_t>& key, |
| 1635 | km_device_t* dev, |
| 1636 | const AuthorizationSet& params, |
| 1637 | KeyCharacteristics* out) { |
| 1638 | hidl_vec<uint8_t> appId; |
| 1639 | hidl_vec<uint8_t> appData; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1640 | for (auto param : params) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1641 | if (param.tag == Tag::APPLICATION_ID) { |
| 1642 | appId = authorizationValue(TAG_APPLICATION_ID, param).value(); |
| 1643 | } else if (param.tag == Tag::APPLICATION_DATA) { |
| 1644 | appData = authorizationValue(TAG_APPLICATION_DATA, param).value(); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1645 | } |
| 1646 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1647 | ErrorCode error = ErrorCode::OK; |
| 1648 | |
| 1649 | auto hidlCb = [&](ErrorCode ret, const KeyCharacteristics& keyCharacteristics) { |
| 1650 | error = ret; |
| 1651 | if (error != ErrorCode::OK) { |
| 1652 | return; |
| 1653 | } |
| 1654 | if (out) *out = keyCharacteristics; |
| 1655 | }; |
| 1656 | |
| 1657 | ErrorCode rc = KS_HANDLE_HIDL_ERROR((*dev)->getKeyCharacteristics(key, appId, appData, hidlCb)); |
| 1658 | if (rc != ErrorCode::OK) { |
| 1659 | return rc; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1660 | } |
| 1661 | return error; |
| 1662 | } |
| 1663 | |
| 1664 | /** |
Shawn Willden | d3ed3a2 | 2017-03-28 00:39:16 +0000 | [diff] [blame] | 1665 | * Get the auth token for this operation from the auth token table. |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1666 | * |
Shawn Willden | d3ed3a2 | 2017-03-28 00:39:16 +0000 | [diff] [blame] | 1667 | * Returns ResponseCode::NO_ERROR if the auth token was set or none was required. |
| 1668 | * ::OP_AUTH_NEEDED if it is a per op authorization, no |
| 1669 | * authorization token exists for that operation and |
| 1670 | * failOnTokenMissing is false. |
| 1671 | * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth |
| 1672 | * token for the operation |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1673 | */ |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1674 | KeyStoreServiceReturnCode KeyStoreService::getAuthToken(const KeyCharacteristics& characteristics, |
| 1675 | uint64_t handle, KeyPurpose purpose, |
Shawn Willden | d3ed3a2 | 2017-03-28 00:39:16 +0000 | [diff] [blame] | 1676 | const HardwareAuthToken** authToken, |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1677 | bool failOnTokenMissing) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1678 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1679 | AuthorizationSet allCharacteristics; |
| 1680 | for (size_t i = 0; i < characteristics.softwareEnforced.size(); i++) { |
| 1681 | allCharacteristics.push_back(characteristics.softwareEnforced[i]); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1682 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1683 | for (size_t i = 0; i < characteristics.teeEnforced.size(); i++) { |
| 1684 | allCharacteristics.push_back(characteristics.teeEnforced[i]); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1685 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1686 | AuthTokenTable::Error err = |
| 1687 | mAuthTokenTable.FindAuthorization(allCharacteristics, purpose, handle, authToken); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1688 | switch (err) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1689 | case AuthTokenTable::OK: |
| 1690 | case AuthTokenTable::AUTH_NOT_REQUIRED: |
| 1691 | return ResponseCode::NO_ERROR; |
| 1692 | case AuthTokenTable::AUTH_TOKEN_NOT_FOUND: |
| 1693 | case AuthTokenTable::AUTH_TOKEN_EXPIRED: |
| 1694 | case AuthTokenTable::AUTH_TOKEN_WRONG_SID: |
| 1695 | return ErrorCode::KEY_USER_NOT_AUTHENTICATED; |
| 1696 | case AuthTokenTable::OP_HANDLE_REQUIRED: |
| 1697 | return failOnTokenMissing ? KeyStoreServiceReturnCode(ErrorCode::KEY_USER_NOT_AUTHENTICATED) |
| 1698 | : KeyStoreServiceReturnCode(ResponseCode::OP_AUTH_NEEDED); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1699 | default: |
| 1700 | ALOGE("Unexpected FindAuthorization return value %d", err); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1701 | return ErrorCode::INVALID_ARGUMENT; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1702 | } |
| 1703 | } |
| 1704 | |
| 1705 | /** |
| 1706 | * Add the auth token for the operation to the param list if the operation |
| 1707 | * requires authorization. Uses the cached result in the OperationMap if available |
| 1708 | * otherwise gets the token from the AuthTokenTable and caches the result. |
| 1709 | * |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1710 | * Returns ResponseCode::NO_ERROR if the auth token was added or not needed. |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1711 | * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if the operation is not |
| 1712 | * authenticated. |
| 1713 | * KM_ERROR_INVALID_OPERATION_HANDLE if token is not a valid |
| 1714 | * operation token. |
| 1715 | */ |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1716 | KeyStoreServiceReturnCode KeyStoreService::addOperationAuthTokenIfNeeded(const sp<IBinder>& token, |
| 1717 | AuthorizationSet* params) { |
Shawn Willden | d3ed3a2 | 2017-03-28 00:39:16 +0000 | [diff] [blame] | 1718 | const HardwareAuthToken* authToken = nullptr; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1719 | mOperationMap.getOperationAuthToken(token, &authToken); |
| 1720 | if (!authToken) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1721 | km_device_t dev; |
| 1722 | uint64_t handle; |
| 1723 | const KeyCharacteristics* characteristics = nullptr; |
| 1724 | KeyPurpose purpose; |
| 1725 | km_id_t keyid; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1726 | if (!mOperationMap.getOperation(token, &handle, &keyid, &purpose, &dev, &characteristics)) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1727 | return ErrorCode::INVALID_OPERATION_HANDLE; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1728 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1729 | auto result = getAuthToken(*characteristics, handle, purpose, &authToken); |
| 1730 | if (!result.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1731 | return result; |
| 1732 | } |
| 1733 | if (authToken) { |
Shawn Willden | d3ed3a2 | 2017-03-28 00:39:16 +0000 | [diff] [blame] | 1734 | mOperationMap.setOperationAuthToken(token, authToken); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1735 | } |
| 1736 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1737 | addAuthTokenToParams(params, authToken); |
| 1738 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1739 | } |
| 1740 | |
| 1741 | /** |
| 1742 | * Translate a result value to a legacy return value. All keystore errors are |
| 1743 | * preserved and keymaster errors become SYSTEM_ERRORs |
| 1744 | */ |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1745 | KeyStoreServiceReturnCode KeyStoreService::translateResultToLegacyResult(int32_t result) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1746 | if (result > 0) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1747 | return static_cast<ResponseCode>(result); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1748 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1749 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1750 | } |
| 1751 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1752 | static NullOr<const Algorithm&> |
| 1753 | getKeyAlgoritmFromKeyCharacteristics(const KeyCharacteristics& characteristics) { |
| 1754 | for (size_t i = 0; i < characteristics.teeEnforced.size(); ++i) { |
| 1755 | auto algo = authorizationValue(TAG_ALGORITHM, characteristics.teeEnforced[i]); |
| 1756 | if (algo.isOk()) return algo.value(); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1757 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1758 | for (size_t i = 0; i < characteristics.softwareEnforced.size(); ++i) { |
| 1759 | auto algo = authorizationValue(TAG_ALGORITHM, characteristics.softwareEnforced[i]); |
| 1760 | if (algo.isOk()) return algo.value(); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1761 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1762 | return {}; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1763 | } |
| 1764 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1765 | void KeyStoreService::addLegacyBeginParams(const String16& name, AuthorizationSet* params) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1766 | // All legacy keys are DIGEST_NONE/PAD_NONE. |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1767 | params->push_back(TAG_DIGEST, Digest::NONE); |
| 1768 | params->push_back(TAG_PADDING, PaddingMode::NONE); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1769 | |
| 1770 | // Look up the algorithm of the key. |
| 1771 | KeyCharacteristics characteristics; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1772 | auto rc = getKeyCharacteristics(name, hidl_vec<uint8_t>(), hidl_vec<uint8_t>(), UID_SELF, |
| 1773 | &characteristics); |
| 1774 | if (!rc.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1775 | ALOGE("Failed to get key characteristics"); |
| 1776 | return; |
| 1777 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1778 | auto algorithm = getKeyAlgoritmFromKeyCharacteristics(characteristics); |
| 1779 | if (!algorithm.isOk()) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1780 | ALOGE("getKeyCharacteristics did not include KM_TAG_ALGORITHM"); |
| 1781 | return; |
| 1782 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1783 | params->push_back(TAG_ALGORITHM, algorithm.value()); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1784 | } |
| 1785 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1786 | KeyStoreServiceReturnCode KeyStoreService::doLegacySignVerify(const String16& name, |
| 1787 | const hidl_vec<uint8_t>& data, |
| 1788 | hidl_vec<uint8_t>* out, |
| 1789 | const hidl_vec<uint8_t>& signature, |
| 1790 | KeyPurpose purpose) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1791 | |
| 1792 | std::basic_stringstream<uint8_t> outBuffer; |
| 1793 | OperationResult result; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1794 | AuthorizationSet inArgs; |
| 1795 | addLegacyBeginParams(name, &inArgs); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1796 | sp<IBinder> appToken(new BBinder); |
| 1797 | sp<IBinder> token; |
| 1798 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1799 | begin(appToken, name, purpose, true, inArgs.hidl_data(), hidl_vec<uint8_t>(), UID_SELF, |
| 1800 | &result); |
| 1801 | if (!result.resultCode.isOk()) { |
| 1802 | if (result.resultCode == ResponseCode::KEY_NOT_FOUND) { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1803 | ALOGW("Key not found"); |
| 1804 | } else { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1805 | ALOGW("Error in begin: %d", int32_t(result.resultCode)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1806 | } |
| 1807 | return translateResultToLegacyResult(result.resultCode); |
| 1808 | } |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1809 | inArgs.Clear(); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1810 | token = result.token; |
| 1811 | size_t consumed = 0; |
| 1812 | size_t lastConsumed = 0; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1813 | hidl_vec<uint8_t> data_view; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1814 | do { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1815 | data_view.setToExternal(const_cast<uint8_t*>(&data[consumed]), data.size() - consumed); |
| 1816 | update(token, inArgs.hidl_data(), data_view, &result); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1817 | if (result.resultCode != ResponseCode::NO_ERROR) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1818 | ALOGW("Error in update: %d", int32_t(result.resultCode)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1819 | return translateResultToLegacyResult(result.resultCode); |
| 1820 | } |
| 1821 | if (out) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1822 | outBuffer.write(&result.data[0], result.data.size()); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1823 | } |
| 1824 | lastConsumed = result.inputConsumed; |
| 1825 | consumed += lastConsumed; |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1826 | } while (consumed < data.size() && lastConsumed > 0); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1827 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1828 | if (consumed != data.size()) { |
| 1829 | ALOGW("Not all data consumed. Consumed %zu of %zu", consumed, data.size()); |
| 1830 | return ResponseCode::SYSTEM_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1831 | } |
| 1832 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1833 | finish(token, inArgs.hidl_data(), signature, hidl_vec<uint8_t>(), &result); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1834 | if (result.resultCode != ResponseCode::NO_ERROR) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1835 | ALOGW("Error in finish: %d", int32_t(result.resultCode)); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1836 | return translateResultToLegacyResult(result.resultCode); |
| 1837 | } |
| 1838 | if (out) { |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1839 | outBuffer.write(&result.data[0], result.data.size()); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1840 | } |
| 1841 | |
| 1842 | if (out) { |
| 1843 | auto buf = outBuffer.str(); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1844 | out->resize(buf.size()); |
| 1845 | memcpy(&(*out)[0], buf.data(), out->size()); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1846 | } |
| 1847 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1848 | return ResponseCode::NO_ERROR; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1849 | } |
| 1850 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1851 | KeyStoreServiceReturnCode KeyStoreService::upgradeKeyBlob(const String16& name, uid_t uid, |
| 1852 | const AuthorizationSet& params, |
| 1853 | Blob* blob) { |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 1854 | // Read the blob rather than assuming the caller provided the right name/uid/blob triplet. |
| 1855 | String8 name8(name); |
| 1856 | ResponseCode responseCode = mKeyStore->getKeyForName(blob, name8, uid, TYPE_KEYMASTER_10); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1857 | if (responseCode != ResponseCode::NO_ERROR) { |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 1858 | return responseCode; |
| 1859 | } |
Rubin Xu | 7675c9f | 2017-03-15 19:26:52 +0000 | [diff] [blame] | 1860 | ALOGI("upgradeKeyBlob %s %d", name8.string(), uid); |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 1861 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1862 | auto hidlKey = blob2hidlVec(*blob); |
| 1863 | auto& dev = mKeyStore->getDevice(*blob); |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 1864 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1865 | KeyStoreServiceReturnCode error; |
| 1866 | auto hidlCb = [&](ErrorCode ret, const hidl_vec<uint8_t>& upgradedKeyBlob) { |
| 1867 | error = ret; |
| 1868 | if (!error.isOk()) { |
| 1869 | return; |
| 1870 | } |
| 1871 | |
| 1872 | String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEYMASTER_10)); |
| 1873 | error = mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(uid)); |
| 1874 | if (!error.isOk()) { |
Rubin Xu | 7675c9f | 2017-03-15 19:26:52 +0000 | [diff] [blame] | 1875 | ALOGI("upgradeKeyBlob keystore->del failed %d", (int)error); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1876 | return; |
| 1877 | } |
| 1878 | |
| 1879 | Blob newBlob(&upgradedKeyBlob[0], upgradedKeyBlob.size(), nullptr /* info */, |
| 1880 | 0 /* infoLength */, ::TYPE_KEYMASTER_10); |
| 1881 | newBlob.setFallback(blob->isFallback()); |
| 1882 | newBlob.setEncrypted(blob->isEncrypted()); |
Rubin Xu | 67899de | 2017-04-21 19:15:13 +0100 | [diff] [blame] | 1883 | newBlob.setSuperEncrypted(blob->isSuperEncrypted()); |
| 1884 | newBlob.setCriticalToDeviceEncryption(blob->isCriticalToDeviceEncryption()); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1885 | |
| 1886 | error = mKeyStore->put(filename.string(), &newBlob, get_user_id(uid)); |
| 1887 | if (!error.isOk()) { |
Rubin Xu | 7675c9f | 2017-03-15 19:26:52 +0000 | [diff] [blame] | 1888 | ALOGI("upgradeKeyBlob keystore->put failed %d", (int)error); |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1889 | return; |
| 1890 | } |
| 1891 | |
| 1892 | // Re-read blob for caller. We can't use newBlob because writing it modified it. |
| 1893 | error = mKeyStore->getKeyForName(blob, name8, uid, TYPE_KEYMASTER_10); |
| 1894 | }; |
| 1895 | |
| 1896 | KeyStoreServiceReturnCode rc = |
| 1897 | KS_HANDLE_HIDL_ERROR(dev->upgradeKey(hidlKey, params.hidl_data(), hidlCb)); |
| 1898 | if (!rc.isOk()) { |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 1899 | return rc; |
| 1900 | } |
| 1901 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 1902 | return error; |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 1903 | } |
| 1904 | |
Shawn Willden | e2a7b52 | 2017-04-11 09:27:40 -0600 | [diff] [blame] | 1905 | } // namespace keystore |