blob: fec44ec664e68c0dc7b32232aa2642f522b8180a [file] [log] [blame]
Shawn Willdenc1d1fee2016-01-26 22:44:56 -07001/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef KEYSTORE_KEYSTORE_SERVICE_H_
18#define KEYSTORE_KEYSTORE_SERVICE_H_
19
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -070020#include <android/security/BnKeystoreService.h>
Shawn Willden98c59162016-03-20 09:10:18 -060021
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070022#include "auth_token_table.h"
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -070023
Shawn Willdenfa5702f2017-12-03 15:14:58 -070024#include "KeyStore.h"
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070025#include "keystore_keymaster_enforcement.h"
26#include "operation.h"
27#include "permissions.h"
28
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +010029namespace keystore {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070030
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -070031// Class provides implementation for generated BnKeystoreService.h based on
32// gen/aidl/android/security/BnKeystoreService.h generated from
33// java/android/security/IKeystoreService.aidl Note that all generated methods return binder::Status
34// and use last arguments to send actual result to the caller. Private methods don't need to handle
35// binder::Status. Input parameters cannot be null unless annotated with @nullable in .aidl file.
36class KeyStoreService : public android::security::BnKeystoreService,
37 android::IBinder::DeathRecipient {
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070038 public:
Chih-Hung Hsiehd7791be2016-07-12 11:58:02 -070039 explicit KeyStoreService(KeyStore* keyStore) : mKeyStore(keyStore), mOperationMap(this) {}
Shawn Willdenc67a8aa2017-12-03 17:51:29 -070040 virtual ~KeyStoreService() = default;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070041
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +010042 void binderDied(const android::wp<android::IBinder>& who);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070043
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -070044 ::android::binder::Status getState(int32_t userId, int32_t* _aidl_return) override;
45 ::android::binder::Status get(const ::android::String16& name, int32_t uid,
46 ::std::vector<uint8_t>* _aidl_return) override;
47 ::android::binder::Status insert(const ::android::String16& name,
48 const ::std::vector<uint8_t>& item, int32_t uid, int32_t flags,
49 int32_t* _aidl_return) override;
50 ::android::binder::Status del(const ::android::String16& name, int32_t uid,
51 int32_t* _aidl_return) override;
52 ::android::binder::Status exist(const ::android::String16& name, int32_t uid,
53 int32_t* _aidl_return) override;
54 ::android::binder::Status list(const ::android::String16& namePrefix, int32_t uid,
55 ::std::vector<::android::String16>* _aidl_return) override;
56 ::android::binder::Status reset(int32_t* _aidl_return) override;
57 ::android::binder::Status onUserPasswordChanged(int32_t userId,
58 const ::android::String16& newPassword,
59 int32_t* _aidl_return) override;
60 ::android::binder::Status lock(int32_t userId, int32_t* _aidl_return) override;
61 ::android::binder::Status unlock(int32_t userId, const ::android::String16& userPassword,
62 int32_t* _aidl_return) override;
63 ::android::binder::Status isEmpty(int32_t userId, int32_t* _aidl_return) override;
64 ::android::binder::Status generate(const ::android::String16& name, int32_t uid,
65 int32_t keyType, int32_t keySize, int32_t flags,
66 const ::android::security::KeystoreArguments& args,
67 int32_t* _aidl_return) override;
68 ::android::binder::Status import_key(const ::android::String16& name,
69 const ::std::vector<uint8_t>& data, int32_t uid,
70 int32_t flags, int32_t* _aidl_return) override;
71 ::android::binder::Status sign(const ::android::String16& name,
72 const ::std::vector<uint8_t>& data,
73 ::std::vector<uint8_t>* _aidl_return) override;
74 ::android::binder::Status verify(const ::android::String16& name,
75 const ::std::vector<uint8_t>& data,
76 const ::std::vector<uint8_t>& signature,
77 int32_t* _aidl_return) override;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -070078 /*
79 * TODO: The abstraction between things stored in hardware and regular blobs
80 * of data stored on the filesystem should be moved down to keystore itself.
81 * Unfortunately the Java code that calls this has naming conventions that it
82 * knows about. Ideally keystore shouldn't be used to store random blobs of
83 * data.
84 *
85 * Until that happens, it's necessary to have a separate "get_pubkey" and
86 * "del_key" since the Java code doesn't really communicate what it's
87 * intentions are.
88 */
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -070089 ::android::binder::Status get_pubkey(const ::android::String16& name,
90 ::std::vector<uint8_t>* _aidl_return) override;
91 ::android::binder::Status grant(const ::android::String16& name, int32_t granteeUid,
92 ::android::String16* _aidl_return) override;
93 ::android::binder::Status ungrant(const ::android::String16& name, int32_t granteeUid,
94 int32_t* _aidl_return) override;
95 ::android::binder::Status getmtime(const ::android::String16& name, int32_t uid,
96 int64_t* _aidl_return) override;
97 ::android::binder::Status duplicate(const ::android::String16& srcKey, int32_t srcUid,
98 const ::android::String16& destKey, int32_t destUid,
99 int32_t* _aidl_return) override;
100 ::android::binder::Status is_hardware_backed(const ::android::String16& string,
101 int32_t* _aidl_return) override;
102 ::android::binder::Status clear_uid(int64_t uid, int32_t* _aidl_return) override;
Janis Danisevskisc1460142017-12-18 16:48:46 -0800103 ::android::binder::Status addRngEntropy(const ::std::vector<uint8_t>& data, int32_t flags,
Dmitry Dementyeva447b3c2017-10-27 23:09:53 -0700104 int32_t* _aidl_return) override;
105 ::android::binder::Status
106 generateKey(const ::android::String16& alias,
107 const ::android::security::keymaster::KeymasterArguments& arguments,
108 const ::std::vector<uint8_t>& entropy, int32_t uid, int32_t flags,
109 ::android::security::keymaster::KeyCharacteristics* characteristics,
110 int32_t* _aidl_return) override;
111 ::android::binder::Status
112 getKeyCharacteristics(const ::android::String16& alias,
113 const ::android::security::keymaster::KeymasterBlob& clientId,
114 const ::android::security::keymaster::KeymasterBlob& appId, int32_t uid,
115 ::android::security::keymaster::KeyCharacteristics* characteristics,
116 int32_t* _aidl_return) override;
117 ::android::binder::Status
118 importKey(const ::android::String16& alias,
119 const ::android::security::keymaster::KeymasterArguments& arguments, int32_t format,
120 const ::std::vector<uint8_t>& keyData, int32_t uid, int32_t flags,
121 ::android::security::keymaster::KeyCharacteristics* characteristics,
122 int32_t* _aidl_return) override;
123 ::android::binder::Status
124 exportKey(const ::android::String16& alias, int32_t format,
125 const ::android::security::keymaster::KeymasterBlob& clientId,
126 const ::android::security::keymaster::KeymasterBlob& appId, int32_t uid,
127 ::android::security::keymaster::ExportResult* _aidl_return) override;
128 ::android::binder::Status
129 begin(const ::android::sp<::android::IBinder>& appToken, const ::android::String16& alias,
130 int32_t purpose, bool pruneable,
131 const ::android::security::keymaster::KeymasterArguments& params,
132 const ::std::vector<uint8_t>& entropy, int32_t uid,
133 ::android::security::keymaster::OperationResult* _aidl_return) override;
134 ::android::binder::Status
135 update(const ::android::sp<::android::IBinder>& token,
136 const ::android::security::keymaster::KeymasterArguments& params,
137 const ::std::vector<uint8_t>& input,
138 ::android::security::keymaster::OperationResult* _aidl_return) override;
139 ::android::binder::Status
140 finish(const ::android::sp<::android::IBinder>& token,
141 const ::android::security::keymaster::KeymasterArguments& params,
142 const ::std::vector<uint8_t>& signature, const ::std::vector<uint8_t>& entropy,
143 ::android::security::keymaster::OperationResult* _aidl_return) override;
144 ::android::binder::Status abort(const ::android::sp<::android::IBinder>& handle,
145 int32_t* _aidl_return) override;
146 ::android::binder::Status isOperationAuthorized(const ::android::sp<::android::IBinder>& token,
147 bool* _aidl_return) override;
148 ::android::binder::Status addAuthToken(const ::std::vector<uint8_t>& authToken,
149 int32_t* _aidl_return) override;
150 ::android::binder::Status onUserAdded(int32_t userId, int32_t parentId,
151 int32_t* _aidl_return) override;
152 ::android::binder::Status onUserRemoved(int32_t userId, int32_t* _aidl_return) override;
153 ::android::binder::Status
154 attestKey(const ::android::String16& alias,
155 const ::android::security::keymaster::KeymasterArguments& params,
156 ::android::security::keymaster::KeymasterCertificateChain* chain,
157 int32_t* _aidl_return) override;
158 ::android::binder::Status
159 attestDeviceIds(const ::android::security::keymaster::KeymasterArguments& params,
160 ::android::security::keymaster::KeymasterCertificateChain* chain,
161 int32_t* _aidl_return) override;
162 ::android::binder::Status onDeviceOffBody(int32_t* _aidl_return) override;
Janis Danisevskiscb9267d2017-12-19 16:27:52 -0800163 ::android::binder::Status importWrappedKey(
164 const ::android::String16& wrappedKeyAlias, const ::std::vector<uint8_t>& wrappedKey,
165 const ::android::String16& wrappingKeyAlias, const ::std::vector<uint8_t>& maskingKey,
166 const ::android::security::keymaster::KeymasterArguments& params, int64_t rootSid,
167 int64_t fingerprintSid, ::android::security::keymaster::KeyCharacteristics* characteristics,
168 int32_t* _aidl_return) override;
Tucker Sylvestro0ab28b72016-08-05 18:02:47 -0400169
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700170 private:
171 static const int32_t UID_SELF = -1;
172
173 /**
174 * Prune the oldest pruneable operation.
175 */
176 bool pruneOperation();
177
178 /**
179 * Get the effective target uid for a binder operation that takes an
180 * optional uid as the target.
181 */
182 uid_t getEffectiveUid(int32_t targetUid);
183
184 /**
185 * Check if the caller of the current binder method has the required
186 * permission and if acting on other uids the grants to do so.
187 */
188 bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF);
189
190 /**
191 * Check if the caller of the current binder method has the required
192 * permission and the target uid is the caller or the caller is system.
193 */
194 bool checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid);
195
196 /**
197 * Check if the caller of the current binder method has the required
198 * permission or the target of the operation is the caller's uid. This is
199 * for operation where the permission is only for cross-uid activity and all
200 * uids are allowed to act on their own (ie: clearing all entries for a
201 * given uid).
202 */
203 bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid);
204
205 /**
206 * Helper method to check that the caller has the required permission as
207 * well as the keystore is in the unlocked state if checkUnlocked is true.
208 *
209 * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and
210 * otherwise the state of keystore when not unlocked and checkUnlocked is
211 * true.
212 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100213 KeyStoreServiceReturnCode checkBinderPermissionAndKeystoreState(perm_t permission,
214 int32_t targetUid = -1,
215 bool checkUnlocked = true);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700216
217 bool isKeystoreUnlocked(State state);
218
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700219 /**
220 * Check that all keymaster_key_param_t's provided by the application are
221 * allowed. Any parameter that keystore adds itself should be disallowed here.
222 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100223 bool checkAllowedOperationParams(const hidl_vec<KeyParameter>& params);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700224
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700225 ErrorCode getOperationCharacteristics(const hidl_vec<uint8_t>& key, sp<Keymaster>* dev,
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100226 const AuthorizationSet& params, KeyCharacteristics* out);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700227
228 /**
229 * Get the auth token for this operation from the auth token table.
230 *
Shawn Willden0329a822017-12-04 13:55:14 -0700231 * Returns NO_ERROR if the auth token was found or none was required. If not needed, the
232 * token will be empty (which keymaster interprets as no auth token).
233 * OP_AUTH_NEEDED if it is a per op authorization, no authorization token exists for
234 * that operation and failOnTokenMissing is false.
235 * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth token for the operation
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700236 */
Shawn Willden0329a822017-12-04 13:55:14 -0700237 std::pair<KeyStoreServiceReturnCode, HardwareAuthToken>
238 getAuthToken(const KeyCharacteristics& characteristics, uint64_t handle, KeyPurpose purpose,
239 bool failOnTokenMissing = true);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700240
241 /**
Shawn Willden0329a822017-12-04 13:55:14 -0700242 * Get the auth token for the operation if the operation requires authorization. Uses the cached
243 * result in the OperationMap if available otherwise gets the token from the AuthTokenTable and
244 * caches the result.
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700245 *
Shawn Willden0329a822017-12-04 13:55:14 -0700246 * Returns NO_ERROR if the auth token was found or not needed. If not needed, the token will
247 * be empty (which keymaster interprets as no auth token).
248 * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if the operation is not authenticated.
249 * KM_ERROR_INVALID_OPERATION_HANDLE if token is not a valid operation token.
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700250 */
Shawn Willden0329a822017-12-04 13:55:14 -0700251 std::pair<KeyStoreServiceReturnCode, const HardwareAuthToken&>
252 getOperationAuthTokenIfNeeded(const sp<android::IBinder>& token);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700253
254 /**
255 * Translate a result value to a legacy return value. All keystore errors are
256 * preserved and keymaster errors become SYSTEM_ERRORs
257 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100258 KeyStoreServiceReturnCode translateResultToLegacyResult(int32_t result);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700259
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100260 void addLegacyBeginParams(const android::String16& name, AuthorizationSet* params);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700261
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100262 KeyStoreServiceReturnCode doLegacySignVerify(const android::String16& name,
263 const hidl_vec<uint8_t>& data,
264 hidl_vec<uint8_t>* out,
265 const hidl_vec<uint8_t>& signature,
266 KeyPurpose purpose);
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700267
Shawn Willden98c59162016-03-20 09:10:18 -0600268 /**
269 * Upgrade a key blob under alias "name", returning the new blob in "blob". If "blob"
270 * previously contained data, it will be overwritten.
271 *
272 * Returns ::NO_ERROR if the key was upgraded successfully.
273 * KM_ERROR_VERSION_MISMATCH if called on a key whose patch level is greater than or
274 * equal to the current system patch level.
275 */
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100276 KeyStoreServiceReturnCode upgradeKeyBlob(const android::String16& name, uid_t targetUid,
277 const AuthorizationSet& params, Blob* blob);
Shawn Willden98c59162016-03-20 09:10:18 -0600278
Shawn Willdenc67a8aa2017-12-03 17:51:29 -0700279 KeyStore* mKeyStore;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700280 OperationMap mOperationMap;
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100281 keystore::AuthTokenTable mAuthTokenTable;
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700282 KeystoreKeymasterEnforcement enforcement_policy;
283};
284
Janis Danisevskisc7a9fa22016-10-13 18:43:45 +0100285}; // namespace keystore
Shawn Willdenc1d1fee2016-01-26 22:44:56 -0700286
287#endif // KEYSTORE_KEYSTORE_SERVICE_H_