Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2016 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #ifndef KEYSTORE_KEYSTORE_SERVICE_H_ |
| 18 | #define KEYSTORE_KEYSTORE_SERVICE_H_ |
| 19 | |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 20 | #include <android/security/keystore/BnKeystoreService.h> |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 21 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 22 | #include "auth_token_table.h" |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 23 | #include "confirmation_manager.h" |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 24 | |
Shawn Willden | fa5702f | 2017-12-03 15:14:58 -0700 | [diff] [blame] | 25 | #include "KeyStore.h" |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 26 | #include "keystore_keymaster_enforcement.h" |
| 27 | #include "operation.h" |
| 28 | #include "permissions.h" |
| 29 | |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 30 | #include <keystore/ExportResult.h> |
| 31 | #include <keystore/KeyCharacteristics.h> |
| 32 | #include <keystore/KeymasterArguments.h> |
| 33 | #include <keystore/KeymasterBlob.h> |
| 34 | #include <keystore/KeymasterCertificateChain.h> |
| 35 | #include <keystore/OperationResult.h> |
| 36 | #include <keystore/keystore_return_types.h> |
| 37 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 38 | namespace keystore { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 39 | |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 40 | // Class provides implementation for generated BnKeystoreService.h based on |
| 41 | // gen/aidl/android/security/BnKeystoreService.h generated from |
| 42 | // java/android/security/IKeystoreService.aidl Note that all generated methods return binder::Status |
| 43 | // and use last arguments to send actual result to the caller. Private methods don't need to handle |
| 44 | // binder::Status. Input parameters cannot be null unless annotated with @nullable in .aidl file. |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 45 | class KeyStoreService : public android::security::keystore::BnKeystoreService { |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 46 | public: |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 47 | explicit KeyStoreService(sp<KeyStore> keyStore) : mKeyStore(keyStore) {} |
Shawn Willden | c67a8aa | 2017-12-03 17:51:29 -0700 | [diff] [blame] | 48 | virtual ~KeyStoreService() = default; |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 49 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 50 | void binderDied(const android::wp<android::IBinder>& who); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 51 | |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 52 | ::android::binder::Status getState(int32_t userId, int32_t* _aidl_return) override; |
| 53 | ::android::binder::Status get(const ::android::String16& name, int32_t uid, |
| 54 | ::std::vector<uint8_t>* _aidl_return) override; |
| 55 | ::android::binder::Status insert(const ::android::String16& name, |
| 56 | const ::std::vector<uint8_t>& item, int32_t uid, int32_t flags, |
| 57 | int32_t* _aidl_return) override; |
| 58 | ::android::binder::Status del(const ::android::String16& name, int32_t uid, |
| 59 | int32_t* _aidl_return) override; |
| 60 | ::android::binder::Status exist(const ::android::String16& name, int32_t uid, |
| 61 | int32_t* _aidl_return) override; |
| 62 | ::android::binder::Status list(const ::android::String16& namePrefix, int32_t uid, |
| 63 | ::std::vector<::android::String16>* _aidl_return) override; |
Rob Barnes | eb7f79b | 2018-11-08 15:44:10 -0700 | [diff] [blame^] | 64 | ::android::binder::Status listUidsOfAuthBoundKeys(::std::vector<int32_t>* uids, |
| 65 | int32_t* _aidl_return) override; |
| 66 | |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 67 | ::android::binder::Status reset(int32_t* _aidl_return) override; |
| 68 | ::android::binder::Status onUserPasswordChanged(int32_t userId, |
| 69 | const ::android::String16& newPassword, |
| 70 | int32_t* _aidl_return) override; |
| 71 | ::android::binder::Status lock(int32_t userId, int32_t* _aidl_return) override; |
| 72 | ::android::binder::Status unlock(int32_t userId, const ::android::String16& userPassword, |
| 73 | int32_t* _aidl_return) override; |
| 74 | ::android::binder::Status isEmpty(int32_t userId, int32_t* _aidl_return) override; |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 75 | ::android::binder::Status grant(const ::android::String16& name, int32_t granteeUid, |
| 76 | ::android::String16* _aidl_return) override; |
| 77 | ::android::binder::Status ungrant(const ::android::String16& name, int32_t granteeUid, |
| 78 | int32_t* _aidl_return) override; |
| 79 | ::android::binder::Status getmtime(const ::android::String16& name, int32_t uid, |
| 80 | int64_t* _aidl_return) override; |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 81 | ::android::binder::Status is_hardware_backed(const ::android::String16& string, |
| 82 | int32_t* _aidl_return) override; |
| 83 | ::android::binder::Status clear_uid(int64_t uid, int32_t* _aidl_return) override; |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 84 | ::android::binder::Status |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 85 | addRngEntropy(const ::android::sp<::android::security::keystore::IKeystoreResponseCallback>& cb, |
| 86 | const ::std::vector<uint8_t>& data, int32_t flags, |
| 87 | int32_t* _aidl_return) override; |
| 88 | ::android::binder::Status generateKey( |
| 89 | const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb, |
| 90 | const ::android::String16& alias, |
| 91 | const ::android::security::keymaster::KeymasterArguments& arguments, |
| 92 | const ::std::vector<uint8_t>& entropy, int32_t uid, int32_t flags, |
| 93 | int32_t* _aidl_return) override; |
| 94 | ::android::binder::Status getKeyCharacteristics( |
| 95 | const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb, |
| 96 | const ::android::String16& alias, |
| 97 | const ::android::security::keymaster::KeymasterBlob& clientId, |
| 98 | const ::android::security::keymaster::KeymasterBlob& appId, int32_t uid, |
| 99 | int32_t* _aidl_return) override; |
| 100 | ::android::binder::Status importKey( |
| 101 | const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb, |
| 102 | const ::android::String16& alias, |
| 103 | const ::android::security::keymaster::KeymasterArguments& arguments, int32_t format, |
| 104 | const ::std::vector<uint8_t>& keyData, int32_t uid, int32_t flags, |
| 105 | int32_t* _aidl_return) override; |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 106 | ::android::binder::Status |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 107 | exportKey(const ::android::sp<::android::security::keystore::IKeystoreExportKeyCallback>& cb, |
| 108 | const ::android::String16& alias, int32_t format, |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 109 | const ::android::security::keymaster::KeymasterBlob& clientId, |
| 110 | const ::android::security::keymaster::KeymasterBlob& appId, int32_t uid, |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 111 | int32_t* _aidl_return) override; |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 112 | ::android::binder::Status |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 113 | begin(const ::android::sp<::android::security::keystore::IKeystoreOperationResultCallback>& cb, |
| 114 | const ::android::sp<::android::IBinder>& appToken, const ::android::String16& alias, |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 115 | int32_t purpose, bool pruneable, |
| 116 | const ::android::security::keymaster::KeymasterArguments& params, |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 117 | const ::std::vector<uint8_t>& entropy, int32_t uid, int32_t* _aidl_return) override; |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 118 | ::android::binder::Status |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 119 | update(const ::android::sp<::android::security::keystore::IKeystoreOperationResultCallback>& cb, |
| 120 | const ::android::sp<::android::IBinder>& token, |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 121 | const ::android::security::keymaster::KeymasterArguments& params, |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 122 | const ::std::vector<uint8_t>& input, int32_t* _aidl_return) override; |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 123 | ::android::binder::Status |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 124 | finish(const ::android::sp<::android::security::keystore::IKeystoreOperationResultCallback>& cb, |
| 125 | const ::android::sp<::android::IBinder>& token, |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 126 | const ::android::security::keymaster::KeymasterArguments& params, |
| 127 | const ::std::vector<uint8_t>& signature, const ::std::vector<uint8_t>& entropy, |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 128 | int32_t* _aidl_return) override; |
| 129 | ::android::binder::Status |
| 130 | abort(const ::android::sp<::android::security::keystore::IKeystoreResponseCallback>& cb, |
| 131 | const ::android::sp<::android::IBinder>& token, int32_t* _aidl_return) override; |
Brian Young | ccb492d | 2018-02-22 23:36:01 +0000 | [diff] [blame] | 132 | ::android::binder::Status addAuthToken(const ::std::vector<uint8_t>& authToken, |
Brian Young | 1b75929 | 2018-01-29 23:57:29 +0000 | [diff] [blame] | 133 | int32_t* _aidl_return) override; |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 134 | ::android::binder::Status onUserAdded(int32_t userId, int32_t parentId, |
| 135 | int32_t* _aidl_return) override; |
| 136 | ::android::binder::Status onUserRemoved(int32_t userId, int32_t* _aidl_return) override; |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 137 | ::android::binder::Status attestKey( |
| 138 | const ::android::sp<::android::security::keystore::IKeystoreCertificateChainCallback>& cb, |
| 139 | const ::android::String16& alias, |
| 140 | const ::android::security::keymaster::KeymasterArguments& params, |
| 141 | int32_t* _aidl_return) override; |
| 142 | ::android::binder::Status attestDeviceIds( |
| 143 | const ::android::sp<::android::security::keystore::IKeystoreCertificateChainCallback>& cb, |
| 144 | const ::android::security::keymaster::KeymasterArguments& params, |
| 145 | int32_t* _aidl_return) override; |
Dmitry Dementyev | a447b3c | 2017-10-27 23:09:53 -0700 | [diff] [blame] | 146 | ::android::binder::Status onDeviceOffBody(int32_t* _aidl_return) override; |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 147 | |
Janis Danisevskis | cb9267d | 2017-12-19 16:27:52 -0800 | [diff] [blame] | 148 | ::android::binder::Status importWrappedKey( |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 149 | const ::android::sp<::android::security::keystore::IKeystoreKeyCharacteristicsCallback>& cb, |
Janis Danisevskis | cb9267d | 2017-12-19 16:27:52 -0800 | [diff] [blame] | 150 | const ::android::String16& wrappedKeyAlias, const ::std::vector<uint8_t>& wrappedKey, |
| 151 | const ::android::String16& wrappingKeyAlias, const ::std::vector<uint8_t>& maskingKey, |
| 152 | const ::android::security::keymaster::KeymasterArguments& params, int64_t rootSid, |
Rob Barnes | bb6cabd | 2018-10-04 17:10:37 -0600 | [diff] [blame] | 153 | int64_t fingerprintSid, int32_t* _aidl_return) override; |
Tucker Sylvestro | 0ab28b7 | 2016-08-05 18:02:47 -0400 | [diff] [blame] | 154 | |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 155 | ::android::binder::Status presentConfirmationPrompt( |
| 156 | const ::android::sp<::android::IBinder>& listener, const ::android::String16& promptText, |
| 157 | const ::std::vector<uint8_t>& extraData, const ::android::String16& locale, |
| 158 | int32_t uiOptionsAsFlags, int32_t* _aidl_return) override; |
| 159 | ::android::binder::Status |
| 160 | cancelConfirmationPrompt(const ::android::sp<::android::IBinder>& listener, |
| 161 | int32_t* _aidl_return) override; |
David Zeuthen | 1a49231 | 2018-02-26 11:00:30 -0500 | [diff] [blame] | 162 | ::android::binder::Status isConfirmationPromptSupported(bool* _aidl_return) override; |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 163 | |
Brian Young | 9371e95 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 164 | ::android::binder::Status onKeyguardVisibilityChanged(bool isShowing, int32_t userId, |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 165 | int32_t* _aidl_return) override; |
Brian Young | 9371e95 | 2018-02-23 18:03:14 +0000 | [diff] [blame] | 166 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 167 | private: |
| 168 | static const int32_t UID_SELF = -1; |
| 169 | |
| 170 | /** |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 171 | * Get the effective target uid for a binder operation that takes an |
| 172 | * optional uid as the target. |
| 173 | */ |
| 174 | uid_t getEffectiveUid(int32_t targetUid); |
| 175 | |
| 176 | /** |
| 177 | * Check if the caller of the current binder method has the required |
| 178 | * permission and if acting on other uids the grants to do so. |
| 179 | */ |
| 180 | bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF); |
| 181 | |
| 182 | /** |
| 183 | * Check if the caller of the current binder method has the required |
| 184 | * permission and the target uid is the caller or the caller is system. |
| 185 | */ |
| 186 | bool checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid); |
| 187 | |
| 188 | /** |
| 189 | * Check if the caller of the current binder method has the required |
| 190 | * permission or the target of the operation is the caller's uid. This is |
| 191 | * for operation where the permission is only for cross-uid activity and all |
| 192 | * uids are allowed to act on their own (ie: clearing all entries for a |
| 193 | * given uid). |
| 194 | */ |
| 195 | bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid); |
| 196 | |
| 197 | /** |
| 198 | * Helper method to check that the caller has the required permission as |
| 199 | * well as the keystore is in the unlocked state if checkUnlocked is true. |
| 200 | * |
| 201 | * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and |
| 202 | * otherwise the state of keystore when not unlocked and checkUnlocked is |
| 203 | * true. |
| 204 | */ |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 205 | KeyStoreServiceReturnCode checkBinderPermissionAndKeystoreState(perm_t permission, |
| 206 | int32_t targetUid = -1, |
| 207 | bool checkUnlocked = true); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 208 | |
| 209 | bool isKeystoreUnlocked(State state); |
| 210 | |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 211 | /** |
| 212 | * Check that all keymaster_key_param_t's provided by the application are |
| 213 | * allowed. Any parameter that keystore adds itself should be disallowed here. |
| 214 | */ |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 215 | bool checkAllowedOperationParams(const hidl_vec<KeyParameter>& params); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 216 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 217 | void addLegacyBeginParams(const android::String16& name, AuthorizationSet* params); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 218 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 219 | KeyStoreServiceReturnCode doLegacySignVerify(const android::String16& name, |
| 220 | const hidl_vec<uint8_t>& data, |
| 221 | hidl_vec<uint8_t>* out, |
| 222 | const hidl_vec<uint8_t>& signature, |
| 223 | KeyPurpose purpose); |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 224 | |
Shawn Willden | 98c5916 | 2016-03-20 09:10:18 -0600 | [diff] [blame] | 225 | /** |
David Zeuthen | c6eb7cd | 2017-11-27 11:33:55 -0500 | [diff] [blame] | 226 | * Adds a Confirmation Token to the key parameters if needed. |
| 227 | */ |
| 228 | void appendConfirmationTokenIfNeeded(const KeyCharacteristics& keyCharacteristics, |
| 229 | std::vector<KeyParameter>* params); |
| 230 | |
Janis Danisevskis | ff3d7f4 | 2018-10-08 07:15:09 -0700 | [diff] [blame] | 231 | sp<KeyStore> mKeyStore; |
| 232 | |
| 233 | std::mutex operationDeviceMapMutex_; |
| 234 | std::map<sp<IBinder>, std::shared_ptr<KeymasterWorker>> operationDeviceMap_; |
| 235 | |
| 236 | void addOperationDevice(sp<IBinder> token, std::shared_ptr<KeymasterWorker> dev) { |
| 237 | std::lock_guard<std::mutex> lock(operationDeviceMapMutex_); |
| 238 | operationDeviceMap_.emplace(std::move(token), std::move(dev)); |
| 239 | } |
| 240 | std::shared_ptr<KeymasterWorker> getOperationDevice(const sp<IBinder>& token) { |
| 241 | std::lock_guard<std::mutex> lock(operationDeviceMapMutex_); |
| 242 | auto it = operationDeviceMap_.find(token); |
| 243 | if (it != operationDeviceMap_.end()) { |
| 244 | return it->second; |
| 245 | } |
| 246 | return {}; |
| 247 | } |
| 248 | void removeOperationDevice(const sp<IBinder>& token) { |
| 249 | std::lock_guard<std::mutex> lock(operationDeviceMapMutex_); |
| 250 | operationDeviceMap_.erase(token); |
| 251 | } |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 252 | }; |
| 253 | |
Janis Danisevskis | c7a9fa2 | 2016-10-13 18:43:45 +0100 | [diff] [blame] | 254 | }; // namespace keystore |
Shawn Willden | c1d1fee | 2016-01-26 22:44:56 -0700 | [diff] [blame] | 255 | |
| 256 | #endif // KEYSTORE_KEYSTORE_SERVICE_H_ |