vold: Wrapped key support for FBE
Changes to key management in vold such that no keys
are present in the clear in HLOS. Using keymaster to
generate and manage keys.
CRs-Fixed: 2288316
Change-Id: Iaf5bf2eb60c60364f495e6d176e19b4848850028
diff --git a/Ext4Crypt.cpp b/Ext4Crypt.cpp
index 67b7e90..4432a21 100644
--- a/Ext4Crypt.cpp
+++ b/Ext4Crypt.cpp
@@ -16,6 +16,7 @@
#include "Ext4Crypt.h"
+#include "Keymaster.h"
#include "KeyStorage.h"
#include "KeyUtil.h"
#include "Utils.h"
@@ -62,6 +63,8 @@
using android::base::WriteStringToFile;
using android::vold::kEmptyAuthentication;
using android::vold::KeyBuffer;
+using android::vold::Keymaster;
+using android::hardware::keymaster::V4_0::KeyFormat;
namespace {
@@ -196,12 +199,46 @@
return false;
}
+static bool is_wrapped_key_supported_common(const std::string& mount_point) {
+ struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab_default, mount_point);
+ char const* contents_mode = NULL;
+ char const* filenames_mode = NULL;
+
+ fs_mgr_get_file_encryption_modes(rec, &contents_mode, &filenames_mode);
+ if (!contents_mode || !filenames_mode) {
+ LOG(ERROR) << "Couldn't read file or contents mode, returning false";
+ return false;
+ }
+
+ if (strcmp(contents_mode, "ice_wrapped_key_supported") == 0)
+ return true;
+ else
+ return false;
+}
+
+bool is_wrapped_key_supported() {
+ return is_wrapped_key_supported_common(DATA_MNT_POINT);
+}
+
+bool is_wrapped_key_supported_external() {
+ return false;
+}
+
static bool read_and_install_user_ce_key(userid_t user_id,
const android::vold::KeyAuthentication& auth) {
if (s_ce_key_raw_refs.count(user_id) != 0) return true;
KeyBuffer ce_key;
if (!read_and_fixate_user_ce_key(user_id, auth, &ce_key)) return false;
std::string ce_raw_ref;
+
+ if (is_wrapped_key_supported()) {
+ KeyBuffer ephemeral_wrapped_key;
+ if (!getEphemeralWrappedKey(KeyFormat::RAW, ce_key, &ephemeral_wrapped_key)) {
+ LOG(ERROR) << "Failed to export ce key";
+ return false;
+ }
+ ce_key = std::move(ephemeral_wrapped_key);
+ }
if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false;
s_ce_keys[user_id] = std::move(ce_key);
s_ce_key_raw_refs[user_id] = ce_raw_ref;
@@ -231,8 +268,15 @@
// it creates keys in a fixed location.
static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral) {
KeyBuffer de_key, ce_key;
- if (!android::vold::randomKey(&de_key)) return false;
- if (!android::vold::randomKey(&ce_key)) return false;
+
+ if(is_wrapped_key_supported()) {
+ if (!generateWrappedKey(user_id, android::vold::KeyType::DE_USER, &de_key)) return false;
+ if (!generateWrappedKey(user_id, android::vold::KeyType::CE_USER, &ce_key)) return false;
+ } else {
+ if (!android::vold::randomKey(&de_key)) return false;
+ if (!android::vold::randomKey(&ce_key)) return false;
+ }
+
if (create_ephemeral) {
// If the key should be created as ephemeral, don't store it.
s_ephemeral_users.insert(user_id);
@@ -249,13 +293,36 @@
if (!android::vold::storeKeyAtomically(get_de_key_path(user_id), user_key_temp,
kEmptyAuthentication, de_key)) return false;
}
+
+ /* Install the DE keys */
std::string de_raw_ref;
- if (!android::vold::installKey(de_key, &de_raw_ref)) return false;
- s_de_key_raw_refs[user_id] = de_raw_ref;
std::string ce_raw_ref;
+
+ if (is_wrapped_key_supported()) {
+ KeyBuffer ephemeral_wrapped_de_key;
+ KeyBuffer ephemeral_wrapped_ce_key;
+
+ /* Export and install the DE keys */
+ if (!getEphemeralWrappedKey(KeyFormat::RAW, de_key, &ephemeral_wrapped_de_key)) {
+ LOG(ERROR) << "Failed to export de_key";
+ return false;
+ }
+ /* Export and install the CE keys */
+ if (!getEphemeralWrappedKey(KeyFormat::RAW, ce_key, &ephemeral_wrapped_ce_key)) {
+ LOG(ERROR) << "Failed to export de_key";
+ return false;
+ }
+
+ de_key = std::move(ephemeral_wrapped_de_key);
+ ce_key = std::move(ephemeral_wrapped_ce_key);
+ }
+ if (!android::vold::installKey(de_key, &de_raw_ref)) return false;
if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false;
- s_ce_keys[user_id] = ce_key;
+ s_ce_keys[user_id] = std::move(ce_key);
+
+ s_de_key_raw_refs[user_id] = de_raw_ref;
s_ce_key_raw_refs[user_id] = ce_raw_ref;
+
LOG(DEBUG) << "Created keys for user " << user_id;
return true;
}
@@ -320,6 +387,14 @@
KeyBuffer key;
if (!android::vold::retrieveKey(key_path, kEmptyAuthentication, &key)) return false;
std::string raw_ref;
+ if (is_wrapped_key_supported()) {
+ KeyBuffer ephemeral_wrapped_key;
+ if (!getEphemeralWrappedKey(KeyFormat::RAW, key, &ephemeral_wrapped_key)) {
+ LOG(ERROR) << "Failed to export de_key in create_and_install_user_keys";
+ return false;
+ }
+ key = std::move(ephemeral_wrapped_key);
+ }
if (!android::vold::installKey(key, &raw_ref)) return false;
s_de_key_raw_refs[user_id] = raw_ref;
LOG(DEBUG) << "Installed de key for user " << user_id;
@@ -332,6 +407,7 @@
bool e4crypt_initialize_global_de() {
LOG(INFO) << "e4crypt_initialize_global_de";
+ bool wrapped_key_supported = false;
if (s_global_de_initialized) {
LOG(INFO) << "Already initialized";
@@ -339,8 +415,11 @@
}
PolicyKeyRef device_ref;
- if (!android::vold::retrieveAndInstallKey(true, kEmptyAuthentication, device_key_path,
- device_key_temp, &device_ref.key_raw_ref))
+ wrapped_key_supported = is_wrapped_key_supported();
+
+ if (!android::vold::retrieveAndInstallKey(true, kEmptyAuthentication,
+ device_key_path, device_key_temp,
+ &device_ref.key_raw_ref, wrapped_key_supported))
return false;
get_data_file_encryption_modes(&device_ref);
@@ -514,6 +593,7 @@
PolicyKeyRef* key_ref) {
auto secdiscardable_path = volume_secdiscardable_path(volume_uuid);
std::string secdiscardable_hash;
+ bool wrapped_key_supported = false;
if (android::vold::pathExists(secdiscardable_path)) {
if (!android::vold::readSecdiscardable(secdiscardable_path, &secdiscardable_hash))
return false;
@@ -531,8 +611,10 @@
return false;
}
android::vold::KeyAuthentication auth("", secdiscardable_hash);
+ wrapped_key_supported = is_wrapped_key_supported_external();
+
if (!android::vold::retrieveAndInstallKey(true, auth, key_path, key_path + "_tmp",
- &key_ref->key_raw_ref))
+ &key_ref->key_raw_ref, wrapped_key_supported))
return false;
key_ref->contents_mode =
android::base::GetProperty("ro.crypto.volume.contents_mode", "aes-256-xts");
@@ -558,20 +640,74 @@
if (!parse_hex(secret_hex, &secret)) return false;
auto auth = secret.empty() ? kEmptyAuthentication
: android::vold::KeyAuthentication(token, secret);
- auto it = s_ce_keys.find(user_id);
- if (it == s_ce_keys.end()) {
- LOG(ERROR) << "Key not loaded into memory, can't change for user " << user_id;
- return false;
- }
- const auto &ce_key = it->second;
auto const directory_path = get_ce_key_directory_path(user_id);
auto const paths = get_ce_key_paths(directory_path);
+
+ KeyBuffer ce_key;
+ if(is_wrapped_key_supported()) {
+ std::string ce_key_current_path = get_ce_key_current_path(directory_path);
+ if (android::vold::retrieveKey(ce_key_current_path, kEmptyAuthentication, &ce_key)) {
+ LOG(DEBUG) << "Successfully retrieved key";
+ } else {
+ if (android::vold::retrieveKey(ce_key_current_path, auth, &ce_key)) {
+ LOG(DEBUG) << "Successfully retrieved key";
+ }
+ }
+ } else {
+ auto it = s_ce_keys.find(user_id);
+ if (it == s_ce_keys.end()) {
+ LOG(ERROR) << "Key not loaded into memory, can't change for user " << user_id;
+ return false;
+ }
+ ce_key = it->second;
+ }
+
std::string ce_key_path;
if (!get_ce_key_new_path(directory_path, paths, &ce_key_path)) return false;
if (!android::vold::storeKeyAtomically(ce_key_path, user_key_temp, auth, ce_key)) return false;
return true;
}
+bool e4crypt_clear_user_key_auth(userid_t user_id, int serial, const std::string& token_hex,
+ const std::string& secret_hex) {
+ LOG(DEBUG) << "e4crypt_clear_user_key_auth " << user_id << " serial=" << serial
+ << " token_present=" << (token_hex != "!");
+ if (!e4crypt_is_native()) return true;
+ if (s_ephemeral_users.count(user_id) != 0) return true;
+ std::string token, secret;
+
+ if (!parse_hex(token_hex, &token)) return false;
+ if (!parse_hex(secret_hex, &secret)) return false;
+
+ if (is_wrapped_key_supported()) {
+ auto const directory_path = get_ce_key_directory_path(user_id);
+ auto const paths = get_ce_key_paths(directory_path);
+
+ KeyBuffer ce_key;
+ std::string ce_key_current_path = get_ce_key_current_path(directory_path);
+
+ auto auth = android::vold::KeyAuthentication(token, secret);
+ /* Retrieve key while removing a pin. A secret is needed */
+ if (android::vold::retrieveKey(ce_key_current_path, auth, &ce_key)) {
+ LOG(DEBUG) << "Successfully retrieved key";
+ } else {
+ /* Retrieve key when going None to swipe and vice versa when a
+ synthetic password is present */
+ if (android::vold::retrieveKey(ce_key_current_path, kEmptyAuthentication, &ce_key)) {
+ LOG(DEBUG) << "Successfully retrieved key";
+ }
+ }
+
+ std::string ce_key_path;
+ if (!get_ce_key_new_path(directory_path, paths, &ce_key_path)) return false;
+ if (!android::vold::storeKeyAtomically(ce_key_path, user_key_temp, kEmptyAuthentication, ce_key))
+ return false;
+ } else {
+ if(!e4crypt_add_user_key_auth(user_id, serial, "!", "!")) return false;
+ }
+ return true;
+}
+
bool e4crypt_fixate_newest_user_key_auth(userid_t user_id) {
LOG(DEBUG) << "e4crypt_fixate_newest_user_key_auth " << user_id;
if (!e4crypt_is_native()) return true;
diff --git a/Ext4Crypt.h b/Ext4Crypt.h
index a43a68a..5101bf6 100644
--- a/Ext4Crypt.h
+++ b/Ext4Crypt.h
@@ -25,6 +25,8 @@
bool e4crypt_destroy_user_key(userid_t user_id);
bool e4crypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token,
const std::string& secret);
+bool e4crypt_clear_user_key_auth(userid_t user_id, int serial, const std::string& token_hex,
+ const std::string& secret_hex);
bool e4crypt_fixate_newest_user_key_auth(userid_t user_id);
bool e4crypt_unlock_user_key(userid_t user_id, int serial, const std::string& token,
@@ -36,3 +38,5 @@
bool e4crypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags);
bool e4crypt_destroy_volume_keys(const std::string& volume_uuid);
+bool is_wrapped_key_supported();
+bool is_wrapped_key_supported_external();
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 0518930..69cd41c 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -61,6 +61,7 @@
static constexpr size_t STRETCHED_BYTES = 1 << 6;
static constexpr uint32_t AUTH_TIMEOUT = 30; // Seconds
+constexpr int EXT4_AES_256_XTS_KEY_SIZE = 64;
static const char* kCurrentVersion = "1";
static const char* kRmPath = "/system/bin/rm";
@@ -126,6 +127,47 @@
return keymaster.generateKey(paramBuilder, key);
}
+bool generateWrappedKey(userid_t user_id, KeyType key_type,
+ KeyBuffer* key) {
+ Keymaster keymaster;
+ if (!keymaster) return false;
+ *key = KeyBuffer(EXT4_AES_256_XTS_KEY_SIZE);
+ std::string key_temp;
+ auto paramBuilder = km::AuthorizationSetBuilder()
+ .AesEncryptionKey(AES_KEY_BYTES * 8)
+ .GcmModeMinMacLen(GCM_MAC_BYTES * 8)
+ .Authorization(km::TAG_USER_ID, user_id);
+ km::KeyParameter param1;
+ param1.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_FBE_ICE);
+ param1.f.boolValue = true;
+ paramBuilder.push_back(param1);
+
+ km::KeyParameter param2;
+ if ((key_type == KeyType::DE_USER) || (key_type == KeyType::DE_SYS)) {
+ param2.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_KEY_TYPE);
+ param2.f.integer = 0;
+ } else if (key_type == KeyType::CE_USER) {
+ param2.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_KEY_TYPE);
+ param2.f.integer = 1;
+ }
+ paramBuilder.push_back(param2);
+
+ if (!keymaster.generateKey(paramBuilder, &key_temp)) return false;
+ *key = KeyBuffer(key_temp.size());
+ memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
+ return true;
+}
+
+bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* key) {
+ std::string key_temp;
+ Keymaster keymaster;
+ if (!keymaster) return false;
+ if (!keymaster.exportKey(format, kmKey, "!", "!", &key_temp)) return false;
+ *key = KeyBuffer(key_temp.size());
+ memcpy(reinterpret_cast<void*>(key->data()), key_temp.c_str(), key->size());
+ return true;
+}
+
static std::pair<km::AuthorizationSet, km::HardwareAuthToken> beginParams(
const KeyAuthentication& auth, const std::string& appId) {
auto paramBuilder = km::AuthorizationSetBuilder()
diff --git a/KeyStorage.h b/KeyStorage.h
index 786e5b4..0c2609e 100644
--- a/KeyStorage.h
+++ b/KeyStorage.h
@@ -17,8 +17,9 @@
#ifndef ANDROID_VOLD_KEYSTORAGE_H
#define ANDROID_VOLD_KEYSTORAGE_H
+#include "Keymaster.h"
#include "KeyBuffer.h"
-
+#include <ext4_utils/ext4_crypt.h>
#include <string>
namespace android {
@@ -39,6 +40,12 @@
const std::string secret;
};
+enum class KeyType {
+ DE_SYS,
+ DE_USER,
+ CE_USER
+};
+
extern const KeyAuthentication kEmptyAuthentication;
// Checks if path "path" exists.
@@ -67,6 +74,8 @@
bool destroyKey(const std::string& dir);
bool runSecdiscardSingle(const std::string& file);
+bool generateWrappedKey(userid_t user_id, KeyType key_type, KeyBuffer* key);
+bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* key);
} // namespace vold
} // namespace android
diff --git a/KeyUtil.cpp b/KeyUtil.cpp
index 9885440..e8c366f 100644
--- a/KeyUtil.cpp
+++ b/KeyUtil.cpp
@@ -27,8 +27,13 @@
#include <keyutils.h>
#include "KeyStorage.h"
+#include "Ext4Crypt.h"
#include "Utils.h"
+#define MAX_USER_ID 0xFFFFFFFF
+
+using android::hardware::keymaster::V4_0::KeyFormat;
+using android::vold::KeyType;
namespace android {
namespace vold {
@@ -122,7 +127,14 @@
ext4_encryption_key &ext4_key = *reinterpret_cast<ext4_encryption_key*>(ext4KeyBuffer.data());
if (!fillKey(key, &ext4_key)) return false;
- *raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size);
+ if (is_wrapped_key_supported()) {
+ /* When wrapped key is supported, only the first 32 bytes are
+ the same per boot. The second 32 bytes can change as the ephemeral
+ key is different. */
+ *raw_ref = generateKeyRef(ext4_key.raw, (ext4_key.size)/2);
+ } else {
+ *raw_ref = generateKeyRef(ext4_key.raw, ext4_key.size);
+ }
key_serial_t device_keyring;
if (!e4cryptKeyring(&device_keyring)) return false;
for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) {
@@ -163,7 +175,7 @@
bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
const std::string& key_path, const std::string& tmp_path,
- std::string* key_ref) {
+ std::string* key_ref, bool wrapped_key_supported) {
KeyBuffer key;
if (pathExists(key_path)) {
LOG(DEBUG) << "Key exists, using: " << key_path;
@@ -174,10 +186,23 @@
return false;
}
LOG(INFO) << "Creating new key in " << key_path;
- if (!randomKey(&key)) return false;
+ if (wrapped_key_supported) {
+ if(!generateWrappedKey(MAX_USER_ID, KeyType::DE_SYS, &key)) return false;
+ } else {
+ if (!randomKey(&key)) return false;
+ }
if (!storeKeyAtomically(key_path, tmp_path, key_authentication, key)) return false;
}
+ if (wrapped_key_supported) {
+ KeyBuffer ephemeral_wrapped_key;
+ if (!getEphemeralWrappedKey(KeyFormat::RAW, key, &ephemeral_wrapped_key)) {
+ LOG(ERROR) << "Failed to export key in retrieveAndInstallKey";
+ return false;
+ }
+ key = std::move(ephemeral_wrapped_key);
+ }
+
if (!installKey(key, key_ref)) {
LOG(ERROR) << "Failed to install key in " << key_path;
return false;
diff --git a/KeyUtil.h b/KeyUtil.h
index a85eca1..e73c065 100644
--- a/KeyUtil.h
+++ b/KeyUtil.h
@@ -19,6 +19,7 @@
#include "KeyBuffer.h"
#include "KeyStorage.h"
+#include "Keymaster.h"
#include <string>
#include <memory>
@@ -31,10 +32,9 @@
bool evictKey(const std::string& raw_ref);
bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication,
const std::string& key_path, const std::string& tmp_path,
- std::string* key_ref);
+ std::string* key_ref, bool wrapped_key_supported);
bool retrieveKey(bool create_if_absent, const std::string& key_path,
const std::string& tmp_path, KeyBuffer* key);
-
} // namespace vold
} // namespace android
diff --git a/Keymaster.cpp b/Keymaster.cpp
index aad4387..ab39ef8 100644
--- a/Keymaster.cpp
+++ b/Keymaster.cpp
@@ -138,6 +138,32 @@
return true;
}
+bool Keymaster::exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId,
+ const std::string& appData, std::string* key) {
+ auto kmKeyBlob = km::support::blob2hidlVec(std::string(kmKey.data(), kmKey.size()));
+ auto emptyAssign = NULL;
+ auto kmClientId = (clientId == "!") ? emptyAssign: km::support::blob2hidlVec(clientId);
+ auto kmAppData = (appData == "!") ? emptyAssign: km::support::blob2hidlVec(appData);
+ km::ErrorCode km_error;
+ auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<uint8_t>& exportedKeyBlob) {
+ km_error = ret;
+ if (km_error != km::ErrorCode::OK) return;
+ if(key)
+ key->assign(reinterpret_cast<const char*>(&exportedKeyBlob[0]),
+ exportedKeyBlob.size());
+ };
+ auto error = mDevice->exportKey(format, kmKeyBlob, kmClientId, kmAppData, hidlCb);
+ if (!error.isOk()) {
+ LOG(ERROR) << "export_key failed: " << error.description();
+ return false;
+ }
+ if (km_error != km::ErrorCode::OK) {
+ LOG(ERROR) << "export_key failed, code " << int32_t(km_error);
+ return false;
+ }
+ return true;
+}
+
bool Keymaster::deleteKey(const std::string& key) {
auto keyBlob = km::support::blob2hidlVec(key);
auto error = mDevice->deleteKey(keyBlob);
diff --git a/Keymaster.h b/Keymaster.h
index fabe0f4..c0ec4d3 100644
--- a/Keymaster.h
+++ b/Keymaster.h
@@ -102,6 +102,9 @@
explicit operator bool() { return mDevice.get() != nullptr; }
// Generate a key in the keymaster from the given params.
bool generateKey(const km::AuthorizationSet& inParams, std::string* key);
+ // Export a key from keymaster.
+ bool exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId,
+ const std::string& appData, std::string* key);
// If the keymaster supports it, permanently delete a key.
bool deleteKey(const std::string& key);
// Replace stored key blob in response to KM_ERROR_KEY_REQUIRES_UPGRADE.
diff --git a/VoldNativeService.cpp b/VoldNativeService.cpp
index 81523c6..a049437 100644
--- a/VoldNativeService.cpp
+++ b/VoldNativeService.cpp
@@ -715,6 +715,14 @@
return translateBool(e4crypt_add_user_key_auth(userId, userSerial, token, secret));
}
+binder::Status VoldNativeService::clearUserKeyAuth(int32_t userId, int32_t userSerial,
+ const std::string& token, const std::string& secret) {
+ ENFORCE_UID(AID_SYSTEM);
+ ACQUIRE_CRYPT_LOCK;
+
+ return translateBool(e4crypt_clear_user_key_auth(userId, userSerial, token, secret));
+}
+
binder::Status VoldNativeService::fixateNewestUserKeyAuth(int32_t userId) {
ENFORCE_UID(AID_SYSTEM);
ACQUIRE_CRYPT_LOCK;
diff --git a/VoldNativeService.h b/VoldNativeService.h
index 2e90101..8d8e2a4 100644
--- a/VoldNativeService.h
+++ b/VoldNativeService.h
@@ -103,6 +103,8 @@
binder::Status addUserKeyAuth(int32_t userId, int32_t userSerial,
const std::string& token, const std::string& secret);
+ binder::Status clearUserKeyAuth(int32_t userId, int32_t userSerial,
+ const std::string& token, const std::string& secret);
binder::Status fixateNewestUserKeyAuth(int32_t userId);
binder::Status unlockUserKey(int32_t userId, int32_t userSerial,
diff --git a/binder/android/os/IVold.aidl b/binder/android/os/IVold.aidl
index 8300a8e..9119720 100644
--- a/binder/android/os/IVold.aidl
+++ b/binder/android/os/IVold.aidl
@@ -85,6 +85,7 @@
void destroyUserKey(int userId);
void addUserKeyAuth(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
+ void clearUserKeyAuth(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);
void fixateNewestUserKeyAuth(int userId);
void unlockUserKey(int userId, int userSerial, @utf8InCpp String token, @utf8InCpp String secret);