Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / system / security / c7a9fa29c185a8c1889486d4acf00fd59c513870 / . / keystore / key_store_service.h
blob: 432e7808f7c10e749582131bc9aa26d7e09bb037 [file] [log] [blame]
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]1/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef KEYSTORE_KEYSTORE_SERVICE_H_
18#define KEYSTORE_KEYSTORE_SERVICE_H_
19
20#include <keystore/IKeystoreService.h>
21
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]22#include <keystore/authorization_set.h>
Shawn Willden98c59162016-03-20 09:10:18 -0600[diff] [blame]23
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]24#include "auth_token_table.h"
25#include "keystore.h"
26#include "keystore_keymaster_enforcement.h"
27#include "operation.h"
28#include "permissions.h"
29
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]30namespace keystore {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]31
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]32class KeyStoreService : public android::BnKeystoreService, public android::IBinder::DeathRecipient {
33 typedef ::android::sp<::android::hardware::keymaster::V3_0::IKeymasterDevice> km_device_t;
34
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]35 public:
Chih-Hung Hsiehd7791be2016-07-12 11:58:02 -0700[diff] [blame]36 explicit KeyStoreService(KeyStore* keyStore) : mKeyStore(keyStore), mOperationMap(this) {}
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]37
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]38 void binderDied(const android::wp<android::IBinder>& who);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]39
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]40 KeyStoreServiceReturnCode getState(int32_t userId) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]41
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]42 KeyStoreServiceReturnCode get(const android::String16& name, int32_t uid,
43 hidl_vec<uint8_t>* item) override;
44 KeyStoreServiceReturnCode insert(const android::String16& name, const hidl_vec<uint8_t>& item,
45 int targetUid, int32_t flags) override;
46 KeyStoreServiceReturnCode del(const android::String16& name, int targetUid) override;
47 KeyStoreServiceReturnCode exist(const android::String16& name, int targetUid) override;
48 KeyStoreServiceReturnCode list(const android::String16& prefix, int targetUid,
49 android::Vector<android::String16>* matches) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]50
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]51 KeyStoreServiceReturnCode reset() override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]52
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]53 KeyStoreServiceReturnCode onUserPasswordChanged(int32_t userId,
54 const android::String16& password) override;
55 KeyStoreServiceReturnCode onUserAdded(int32_t userId, int32_t parentId) override;
56 KeyStoreServiceReturnCode onUserRemoved(int32_t userId) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]57
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]58 KeyStoreServiceReturnCode lock(int32_t userId) override;
59 KeyStoreServiceReturnCode unlock(int32_t userId, const android::String16& pw) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]60
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]61 bool isEmpty(int32_t userId) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]62
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]63 KeyStoreServiceReturnCode
64 generate(const android::String16& name, int32_t targetUid, int32_t keyType, int32_t keySize,
65 int32_t flags, android::Vector<android::sp<android::KeystoreArg>>* args) override;
66 KeyStoreServiceReturnCode import(const android::String16& name, const hidl_vec<uint8_t>& data,
67 int targetUid, int32_t flags) override;
68 KeyStoreServiceReturnCode sign(const android::String16& name, const hidl_vec<uint8_t>& data,
69 hidl_vec<uint8_t>* out) override;
70 KeyStoreServiceReturnCode verify(const android::String16& name, const hidl_vec<uint8_t>& data,
71 const hidl_vec<uint8_t>& signature) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]72
73 /*
74 * TODO: The abstraction between things stored in hardware and regular blobs
75 * of data stored on the filesystem should be moved down to keystore itself.
76 * Unfortunately the Java code that calls this has naming conventions that it
77 * knows about. Ideally keystore shouldn't be used to store random blobs of
78 * data.
79 *
80 * Until that happens, it's necessary to have a separate "get_pubkey" and
81 * "del_key" since the Java code doesn't really communicate what it's
82 * intentions are.
83 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]84 KeyStoreServiceReturnCode get_pubkey(const android::String16& name,
85 hidl_vec<uint8_t>* pubKey) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]86
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]87 KeyStoreServiceReturnCode grant(const android::String16& name, int32_t granteeUid) override;
88 KeyStoreServiceReturnCode ungrant(const android::String16& name, int32_t granteeUid) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]89
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]90 int64_t getmtime(const android::String16& name, int32_t uid) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]91
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]92 KeyStoreServiceReturnCode duplicate(const android::String16& srcKey, int32_t srcUid,
93 const android::String16& destKey, int32_t destUid) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]94
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]95 int32_t is_hardware_backed(const android::String16& keyType) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]96
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]97 KeyStoreServiceReturnCode clear_uid(int64_t targetUid64) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]98
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]99 KeyStoreServiceReturnCode addRngEntropy(const hidl_vec<uint8_t>& entropy) override;
100 KeyStoreServiceReturnCode generateKey(const android::String16& name,
101 const hidl_vec<KeyParameter>& params,
102 const hidl_vec<uint8_t>& entropy, int uid, int flags,
103 KeyCharacteristics* outCharacteristics) override;
104 KeyStoreServiceReturnCode
105 getKeyCharacteristics(const android::String16& name, const hidl_vec<uint8_t>& clientId,
106 const hidl_vec<uint8_t>& appData, int32_t uid,
107 KeyCharacteristics* outCharacteristics) override;
108 KeyStoreServiceReturnCode importKey(const android::String16& name,
109 const hidl_vec<KeyParameter>& params, KeyFormat format,
110 const hidl_vec<uint8_t>& keyData, int uid, int flags,
111 KeyCharacteristics* outCharacteristics) override;
112 void exportKey(const android::String16& name, KeyFormat format,
113 const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData, int32_t uid,
114 android::ExportResult* result) override;
115 void begin(const sp<android::IBinder>& appToken, const android::String16& name,
116 KeyPurpose purpose, bool pruneable, const hidl_vec<KeyParameter>& params,
117 const hidl_vec<uint8_t>& entropy, int32_t uid,
118 android::OperationResult* result) override;
119 void update(const sp<android::IBinder>& token, const hidl_vec<KeyParameter>& params,
120 const hidl_vec<uint8_t>& data, android::OperationResult* result) override;
121 void finish(const sp<android::IBinder>& token, const hidl_vec<KeyParameter>& params,
122 const hidl_vec<uint8_t>& signature, const hidl_vec<uint8_t>& entropy,
123 android::OperationResult* result) override;
124 KeyStoreServiceReturnCode abort(const sp<android::IBinder>& token) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]125
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]126 bool isOperationAuthorized(const sp<android::IBinder>& token) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]127
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]128 KeyStoreServiceReturnCode addAuthToken(const uint8_t* token, size_t length) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]129
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]130 KeyStoreServiceReturnCode attestKey(const android::String16& name,
131 const hidl_vec<KeyParameter>& params,
132 hidl_vec<hidl_vec<uint8_t>>* outChain) override;
Shawn Willden50eb1b22016-01-21 12:41:23 -0700[diff] [blame]133
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]134 KeyStoreServiceReturnCode onDeviceOffBody() override;
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400[diff] [blame]135
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]136 private:
137 static const int32_t UID_SELF = -1;
138
139 /**
140 * Prune the oldest pruneable operation.
141 */
142 bool pruneOperation();
143
144 /**
145 * Get the effective target uid for a binder operation that takes an
146 * optional uid as the target.
147 */
148 uid_t getEffectiveUid(int32_t targetUid);
149
150 /**
151 * Check if the caller of the current binder method has the required
152 * permission and if acting on other uids the grants to do so.
153 */
154 bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF);
155
156 /**
157 * Check if the caller of the current binder method has the required
158 * permission and the target uid is the caller or the caller is system.
159 */
160 bool checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid);
161
162 /**
163 * Check if the caller of the current binder method has the required
164 * permission or the target of the operation is the caller's uid. This is
165 * for operation where the permission is only for cross-uid activity and all
166 * uids are allowed to act on their own (ie: clearing all entries for a
167 * given uid).
168 */
169 bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid);
170
171 /**
172 * Helper method to check that the caller has the required permission as
173 * well as the keystore is in the unlocked state if checkUnlocked is true.
174 *
175 * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and
176 * otherwise the state of keystore when not unlocked and checkUnlocked is
177 * true.
178 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]179 KeyStoreServiceReturnCode checkBinderPermissionAndKeystoreState(perm_t permission,
180 int32_t targetUid = -1,
181 bool checkUnlocked = true);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]182
183 bool isKeystoreUnlocked(State state);
184
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]185 /**
186 * Check that all keymaster_key_param_t's provided by the application are
187 * allowed. Any parameter that keystore adds itself should be disallowed here.
188 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]189 bool checkAllowedOperationParams(const hidl_vec<KeyParameter>& params);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]190
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]191 ErrorCode getOperationCharacteristics(const hidl_vec<uint8_t>& key, km_device_t* dev,
192 const AuthorizationSet& params, KeyCharacteristics* out);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]193
194 /**
195 * Get the auth token for this operation from the auth token table.
196 *
197 * Returns ::NO_ERROR if the auth token was set or none was required.
198 * ::OP_AUTH_NEEDED if it is a per op authorization, no
199 * authorization token exists for that operation and
200 * failOnTokenMissing is false.
201 * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth
202 * token for the operation
203 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]204 KeyStoreServiceReturnCode getAuthToken(const KeyCharacteristics& characteristics,
205 uint64_t handle, KeyPurpose purpose,
206 const HardwareAuthToken** authToken,
207 bool failOnTokenMissing = true);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]208
209 /**
210 * Add the auth token for the operation to the param list if the operation
211 * requires authorization. Uses the cached result in the OperationMap if available
212 * otherwise gets the token from the AuthTokenTable and caches the result.
213 *
214 * Returns ::NO_ERROR if the auth token was added or not needed.
215 * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if the operation is not
216 * authenticated.
217 * KM_ERROR_INVALID_OPERATION_HANDLE if token is not a valid
218 * operation token.
219 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]220 KeyStoreServiceReturnCode addOperationAuthTokenIfNeeded(const sp<android::IBinder>& token,
221 AuthorizationSet* params);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]222
223 /**
224 * Translate a result value to a legacy return value. All keystore errors are
225 * preserved and keymaster errors become SYSTEM_ERRORs
226 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]227 KeyStoreServiceReturnCode translateResultToLegacyResult(int32_t result);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]228
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]229 void addLegacyBeginParams(const android::String16& name, AuthorizationSet* params);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]230
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]231 KeyStoreServiceReturnCode doLegacySignVerify(const android::String16& name,
232 const hidl_vec<uint8_t>& data,
233 hidl_vec<uint8_t>* out,
234 const hidl_vec<uint8_t>& signature,
235 KeyPurpose purpose);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]236
Shawn Willden98c59162016-03-20 09:10:18 -0600[diff] [blame]237 /**
238 * Upgrade a key blob under alias "name", returning the new blob in "blob". If "blob"
239 * previously contained data, it will be overwritten.
240 *
241 * Returns ::NO_ERROR if the key was upgraded successfully.
242 * KM_ERROR_VERSION_MISMATCH if called on a key whose patch level is greater than or
243 * equal to the current system patch level.
244 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]245 KeyStoreServiceReturnCode upgradeKeyBlob(const android::String16& name, uid_t targetUid,
246 const AuthorizationSet& params, Blob* blob);
Shawn Willden98c59162016-03-20 09:10:18 -0600[diff] [blame]247
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]248 ::KeyStore* mKeyStore;
249 OperationMap mOperationMap;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]250 keystore::AuthTokenTable mAuthTokenTable;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]251 KeystoreKeymasterEnforcement enforcement_policy;
252};
253
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100[diff] [blame^]254}; // namespace keystore
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700[diff] [blame]255
256#endif // KEYSTORE_KEYSTORE_SERVICE_H_