1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #define LOG_TAG "keystore"
18
19 #include "key_store_service.h"
20
21 #include <fcntl.h>
22 #include <sys/stat.h>
23
24 #include <algorithm>
25 #include <sstream>
26
27 #include <binder/IInterface.h>
28 #include <binder/IPCThreadState.h>
29 #include <binder/IPermissionController.h>
30 #include <binder/IServiceManager.h>
31
32 #include <private/android_filesystem_config.h>
33
34 #include <android/hardware/keymaster/3.0/IHwKeymasterDevice.h>
35
36 #include "defaults.h"
37 #include "keystore_attestation_id.h"
38 #include "keystore_keymaster_enforcement.h"
39 #include "keystore_utils.h"
40 #include <keystore/keystore_hidl_support.h>
41
42 namespace keystore {
43
44 using namespace android;
45
46 namespace {
47
48 constexpr size_t kMaxOperations = 15;
49 constexpr double kIdRotationPeriod = 30 * 24 * 60 * 60; /* Thirty days, in seconds */
50 const char* kTimestampFilePath = "timestamp";
51
52 struct BIGNUM_Delete {
operator ()keystore::__anonf8b934350111::BIGNUM_Delete53 void operator()(BIGNUM* p) const { BN_free(p); }
54 };
55 typedef UniquePtr<BIGNUM, BIGNUM_Delete> Unique_BIGNUM;
56
containsTag(const hidl_vec<KeyParameter> & params,Tag tag)57 bool containsTag(const hidl_vec<KeyParameter>& params, Tag tag) {
58 return params.end() != std::find_if(params.begin(), params.end(),
59 [&](auto& param) { return param.tag == tag; });
60 }
61
isAuthenticationBound(const hidl_vec<KeyParameter> & params)62 bool isAuthenticationBound(const hidl_vec<KeyParameter>& params) {
63 return !containsTag(params, Tag::NO_AUTH_REQUIRED);
64 }
65
hadFactoryResetSinceIdRotation()66 std::pair<KeyStoreServiceReturnCode, bool> hadFactoryResetSinceIdRotation() {
67 struct stat sbuf;
68 if (stat(kTimestampFilePath, &sbuf) == 0) {
69 double diff_secs = difftime(time(NULL), sbuf.st_ctime);
70 return {ResponseCode::NO_ERROR, diff_secs < kIdRotationPeriod};
71 }
72
73 if (errno != ENOENT) {
74 ALOGE("Failed to stat \"timestamp\" file, with error %d", errno);
75 return {ResponseCode::SYSTEM_ERROR, false /* don't care */};
76 }
77
78 int fd = creat(kTimestampFilePath, 0600);
79 if (fd < 0) {
80 ALOGE("Couldn't create \"timestamp\" file, with error %d", errno);
81 return {ResponseCode::SYSTEM_ERROR, false /* don't care */};
82 }
83
84 if (close(fd)) {
85 ALOGE("Couldn't close \"timestamp\" file, with error %d", errno);
86 return {ResponseCode::SYSTEM_ERROR, false /* don't care */};
87 }
88
89 return {ResponseCode::NO_ERROR, true};
90 }
91
92 constexpr size_t KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE = 1024;
93
updateParamsForAttestation(uid_t callingUid,AuthorizationSet * params)94 KeyStoreServiceReturnCode updateParamsForAttestation(uid_t callingUid, AuthorizationSet* params) {
95 KeyStoreServiceReturnCode responseCode;
96 bool factoryResetSinceIdRotation;
97 std::tie(responseCode, factoryResetSinceIdRotation) = hadFactoryResetSinceIdRotation();
98
99 if (!responseCode.isOk()) return responseCode;
100 if (factoryResetSinceIdRotation) params->push_back(TAG_RESET_SINCE_ID_ROTATION);
101
102 auto asn1_attestation_id_result = security::gather_attestation_application_id(callingUid);
103 if (!asn1_attestation_id_result.isOk()) {
104 ALOGE("failed to gather attestation_id");
105 return ErrorCode::ATTESTATION_APPLICATION_ID_MISSING;
106 }
107 std::vector<uint8_t>& asn1_attestation_id = asn1_attestation_id_result;
108
109 /*
110 * The attestation application ID cannot be longer than
111 * KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE, so we truncate if too long.
112 */
113 if (asn1_attestation_id.size() > KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE) {
114 asn1_attestation_id.resize(KEY_ATTESTATION_APPLICATION_ID_MAX_SIZE);
115 }
116
117 params->push_back(TAG_ATTESTATION_APPLICATION_ID, asn1_attestation_id);
118
119 return ResponseCode::NO_ERROR;
120 }
121
122 } // anonymous namespace
123
binderDied(const wp<IBinder> & who)124 void KeyStoreService::binderDied(const wp<IBinder>& who) {
125 auto operations = mOperationMap.getOperationsForToken(who.unsafe_get());
126 for (const auto& token : operations) {
127 abort(token);
128 }
129 }
130
getState(int32_t userId)131 KeyStoreServiceReturnCode KeyStoreService::getState(int32_t userId) {
132 if (!checkBinderPermission(P_GET_STATE)) {
133 return ResponseCode::PERMISSION_DENIED;
134 }
135
136 return ResponseCode(mKeyStore->getState(userId));
137 }
138
get(const String16 & name,int32_t uid,hidl_vec<uint8_t> * item)139 KeyStoreServiceReturnCode KeyStoreService::get(const String16& name, int32_t uid,
140 hidl_vec<uint8_t>* item) {
141 uid_t targetUid = getEffectiveUid(uid);
142 if (!checkBinderPermission(P_GET, targetUid)) {
143 return ResponseCode::PERMISSION_DENIED;
144 }
145
146 String8 name8(name);
147 Blob keyBlob;
148
149 KeyStoreServiceReturnCode rc =
150 mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_GENERIC);
151 if (!rc.isOk()) {
152 if (item) *item = hidl_vec<uint8_t>();
153 return rc;
154 }
155
156 // Do not replace this with "if (item) *item = blob2hidlVec(keyBlob)"!
157 // blob2hidlVec creates a hidl_vec<uint8_t> that references, but not owns, the data in keyBlob
158 // the subsequent assignment (*item = resultBlob) makes a deep copy, so that *item will own the
159 // corresponding resources.
160 auto resultBlob = blob2hidlVec(keyBlob);
161 if (item) {
162 *item = resultBlob;
163 }
164
165 return ResponseCode::NO_ERROR;
166 }
167
insert(const String16 & name,const hidl_vec<uint8_t> & item,int targetUid,int32_t flags)168 KeyStoreServiceReturnCode KeyStoreService::insert(const String16& name,
169 const hidl_vec<uint8_t>& item, int targetUid,
170 int32_t flags) {
171 targetUid = getEffectiveUid(targetUid);
172 auto result =
173 checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, flags & KEYSTORE_FLAG_ENCRYPTED);
174 if (!result.isOk()) {
175 return result;
176 }
177
178 String8 name8(name);
179 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_GENERIC));
180
181 Blob keyBlob(&item[0], item.size(), NULL, 0, ::TYPE_GENERIC);
182 keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
183
184 return mKeyStore->put(filename.string(), &keyBlob, get_user_id(targetUid));
185 }
186
del(const String16 & name,int targetUid)187 KeyStoreServiceReturnCode KeyStoreService::del(const String16& name, int targetUid) {
188 targetUid = getEffectiveUid(targetUid);
189 if (!checkBinderPermission(P_DELETE, targetUid)) {
190 return ResponseCode::PERMISSION_DENIED;
191 }
192 String8 name8(name);
193 ALOGI("del %s %d", name8.string(), targetUid);
194 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_ANY));
195 ResponseCode result = mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(targetUid));
196 if (result != ResponseCode::NO_ERROR) {
197 return result;
198 }
199
200 // Also delete any characteristics files
201 String8 chrFilename(
202 mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_KEY_CHARACTERISTICS));
203 return mKeyStore->del(chrFilename.string(), ::TYPE_KEY_CHARACTERISTICS, get_user_id(targetUid));
204 }
205
exist(const String16 & name,int targetUid)206 KeyStoreServiceReturnCode KeyStoreService::exist(const String16& name, int targetUid) {
207 targetUid = getEffectiveUid(targetUid);
208 if (!checkBinderPermission(P_EXIST, targetUid)) {
209 return ResponseCode::PERMISSION_DENIED;
210 }
211
212 String8 name8(name);
213 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_ANY));
214
215 if (access(filename.string(), R_OK) == -1) {
216 return (errno != ENOENT) ? ResponseCode::SYSTEM_ERROR : ResponseCode::KEY_NOT_FOUND;
217 }
218 return ResponseCode::NO_ERROR;
219 }
220
list(const String16 & prefix,int targetUid,Vector<String16> * matches)221 KeyStoreServiceReturnCode KeyStoreService::list(const String16& prefix, int targetUid,
222 Vector<String16>* matches) {
223 targetUid = getEffectiveUid(targetUid);
224 if (!checkBinderPermission(P_LIST, targetUid)) {
225 return ResponseCode::PERMISSION_DENIED;
226 }
227 const String8 prefix8(prefix);
228 String8 filename(mKeyStore->getKeyNameForUid(prefix8, targetUid, TYPE_ANY));
229
230 if (mKeyStore->list(filename, matches, get_user_id(targetUid)) != ResponseCode::NO_ERROR) {
231 return ResponseCode::SYSTEM_ERROR;
232 }
233 return ResponseCode::NO_ERROR;
234 }
235
reset()236 KeyStoreServiceReturnCode KeyStoreService::reset() {
237 if (!checkBinderPermission(P_RESET)) {
238 return ResponseCode::PERMISSION_DENIED;
239 }
240
241 uid_t callingUid = IPCThreadState::self()->getCallingUid();
242 mKeyStore->resetUser(get_user_id(callingUid), false);
243 return ResponseCode::NO_ERROR;
244 }
245
onUserPasswordChanged(int32_t userId,const String16 & password)246 KeyStoreServiceReturnCode KeyStoreService::onUserPasswordChanged(int32_t userId,
247 const String16& password) {
248 if (!checkBinderPermission(P_PASSWORD)) {
249 return ResponseCode::PERMISSION_DENIED;
250 }
251
252 const String8 password8(password);
253 // Flush the auth token table to prevent stale tokens from sticking
254 // around.
255 mAuthTokenTable.Clear();
256
257 if (password.size() == 0) {
258 ALOGI("Secure lockscreen for user %d removed, deleting encrypted entries", userId);
259 mKeyStore->resetUser(userId, true);
260 return ResponseCode::NO_ERROR;
261 } else {
262 switch (mKeyStore->getState(userId)) {
263 case ::STATE_UNINITIALIZED: {
264 // generate master key, encrypt with password, write to file,
265 // initialize mMasterKey*.
266 return mKeyStore->initializeUser(password8, userId);
267 }
268 case ::STATE_NO_ERROR: {
269 // rewrite master key with new password.
270 return mKeyStore->writeMasterKey(password8, userId);
271 }
272 case ::STATE_LOCKED: {
273 ALOGE("Changing user %d's password while locked, clearing old encryption", userId);
274 mKeyStore->resetUser(userId, true);
275 return mKeyStore->initializeUser(password8, userId);
276 }
277 }
278 return ResponseCode::SYSTEM_ERROR;
279 }
280 }
281
onUserAdded(int32_t userId,int32_t parentId)282 KeyStoreServiceReturnCode KeyStoreService::onUserAdded(int32_t userId, int32_t parentId) {
283 if (!checkBinderPermission(P_USER_CHANGED)) {
284 return ResponseCode::PERMISSION_DENIED;
285 }
286
287 // Sanity check that the new user has an empty keystore.
288 if (!mKeyStore->isEmpty(userId)) {
289 ALOGW("New user %d's keystore not empty. Clearing old entries.", userId);
290 }
291 // Unconditionally clear the keystore, just to be safe.
292 mKeyStore->resetUser(userId, false);
293 if (parentId != -1) {
294 // This profile must share the same master key password as the parent profile. Because the
295 // password of the parent profile is not known here, the best we can do is copy the parent's
296 // master key and master key file. This makes this profile use the same master key as the
297 // parent profile, forever.
298 return mKeyStore->copyMasterKey(parentId, userId);
299 } else {
300 return ResponseCode::NO_ERROR;
301 }
302 }
303
onUserRemoved(int32_t userId)304 KeyStoreServiceReturnCode KeyStoreService::onUserRemoved(int32_t userId) {
305 if (!checkBinderPermission(P_USER_CHANGED)) {
306 return ResponseCode::PERMISSION_DENIED;
307 }
308
309 mKeyStore->resetUser(userId, false);
310 return ResponseCode::NO_ERROR;
311 }
312
lock(int32_t userId)313 KeyStoreServiceReturnCode KeyStoreService::lock(int32_t userId) {
314 if (!checkBinderPermission(P_LOCK)) {
315 return ResponseCode::PERMISSION_DENIED;
316 }
317
318 State state = mKeyStore->getState(userId);
319 if (state != ::STATE_NO_ERROR) {
320 ALOGD("calling lock in state: %d", state);
321 return ResponseCode(state);
322 }
323
324 mKeyStore->lock(userId);
325 return ResponseCode::NO_ERROR;
326 }
327
unlock(int32_t userId,const String16 & pw)328 KeyStoreServiceReturnCode KeyStoreService::unlock(int32_t userId, const String16& pw) {
329 if (!checkBinderPermission(P_UNLOCK)) {
330 return ResponseCode::PERMISSION_DENIED;
331 }
332
333 State state = mKeyStore->getState(userId);
334 if (state != ::STATE_LOCKED) {
335 switch (state) {
336 case ::STATE_NO_ERROR:
337 ALOGI("calling unlock when already unlocked, ignoring.");
338 break;
339 case ::STATE_UNINITIALIZED:
340 ALOGE("unlock called on uninitialized keystore.");
341 break;
342 default:
343 ALOGE("unlock called on keystore in unknown state: %d", state);
344 break;
345 }
346 return ResponseCode(state);
347 }
348
349 const String8 password8(pw);
350 // read master key, decrypt with password, initialize mMasterKey*.
351 return mKeyStore->readMasterKey(password8, userId);
352 }
353
isEmpty(int32_t userId)354 bool KeyStoreService::isEmpty(int32_t userId) {
355 if (!checkBinderPermission(P_IS_EMPTY)) {
356 return false;
357 }
358
359 return mKeyStore->isEmpty(userId);
360 }
361
generate(const String16 & name,int32_t targetUid,int32_t keyType,int32_t keySize,int32_t flags,Vector<sp<KeystoreArg>> * args)362 KeyStoreServiceReturnCode KeyStoreService::generate(const String16& name, int32_t targetUid,
363 int32_t keyType, int32_t keySize, int32_t flags,
364 Vector<sp<KeystoreArg>>* args) {
365 targetUid = getEffectiveUid(targetUid);
366 auto result =
367 checkBinderPermissionAndKeystoreState(P_INSERT, targetUid, flags & KEYSTORE_FLAG_ENCRYPTED);
368 if (!result.isOk()) {
369 return result;
370 }
371
372 keystore::AuthorizationSet params;
373 add_legacy_key_authorizations(keyType, ¶ms);
374
375 switch (keyType) {
376 case EVP_PKEY_EC: {
377 params.push_back(TAG_ALGORITHM, Algorithm::EC);
378 if (keySize == -1) {
379 keySize = EC_DEFAULT_KEY_SIZE;
380 } else if (keySize < EC_MIN_KEY_SIZE || keySize > EC_MAX_KEY_SIZE) {
381 ALOGI("invalid key size %d", keySize);
382 return ResponseCode::SYSTEM_ERROR;
383 }
384 params.push_back(TAG_KEY_SIZE, keySize);
385 break;
386 }
387 case EVP_PKEY_RSA: {
388 params.push_back(TAG_ALGORITHM, Algorithm::RSA);
389 if (keySize == -1) {
390 keySize = RSA_DEFAULT_KEY_SIZE;
391 } else if (keySize < RSA_MIN_KEY_SIZE || keySize > RSA_MAX_KEY_SIZE) {
392 ALOGI("invalid key size %d", keySize);
393 return ResponseCode::SYSTEM_ERROR;
394 }
395 params.push_back(TAG_KEY_SIZE, keySize);
396 unsigned long exponent = RSA_DEFAULT_EXPONENT;
397 if (args->size() > 1) {
398 ALOGI("invalid number of arguments: %zu", args->size());
399 return ResponseCode::SYSTEM_ERROR;
400 } else if (args->size() == 1) {
401 const sp<KeystoreArg>& expArg = args->itemAt(0);
402 if (expArg != NULL) {
403 Unique_BIGNUM pubExpBn(BN_bin2bn(
404 reinterpret_cast<const unsigned char*>(expArg->data()), expArg->size(), NULL));
405 if (pubExpBn.get() == NULL) {
406 ALOGI("Could not convert public exponent to BN");
407 return ResponseCode::SYSTEM_ERROR;
408 }
409 exponent = BN_get_word(pubExpBn.get());
410 if (exponent == 0xFFFFFFFFL) {
411 ALOGW("cannot represent public exponent as a long value");
412 return ResponseCode::SYSTEM_ERROR;
413 }
414 } else {
415 ALOGW("public exponent not read");
416 return ResponseCode::SYSTEM_ERROR;
417 }
418 }
419 params.push_back(TAG_RSA_PUBLIC_EXPONENT, exponent);
420 break;
421 }
422 default: {
423 ALOGW("Unsupported key type %d", keyType);
424 return ResponseCode::SYSTEM_ERROR;
425 }
426 }
427
428 auto rc = generateKey(name, params.hidl_data(), hidl_vec<uint8_t>(), targetUid, flags,
429 /*outCharacteristics*/ NULL);
430 if (!rc.isOk()) {
431 ALOGW("generate failed: %d", int32_t(rc));
432 }
433 return translateResultToLegacyResult(rc);
434 }
435
import(const String16 & name,const hidl_vec<uint8_t> & data,int targetUid,int32_t flags)436 KeyStoreServiceReturnCode KeyStoreService::import(const String16& name,
437 const hidl_vec<uint8_t>& data, int targetUid,
438 int32_t flags) {
439
440 const uint8_t* ptr = &data[0];
441
442 Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &ptr, data.size()));
443 if (!pkcs8.get()) {
444 return ResponseCode::SYSTEM_ERROR;
445 }
446 Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get()));
447 if (!pkey.get()) {
448 return ResponseCode::SYSTEM_ERROR;
449 }
450 int type = EVP_PKEY_type(pkey->type);
451 AuthorizationSet params;
452 add_legacy_key_authorizations(type, ¶ms);
453 switch (type) {
454 case EVP_PKEY_RSA:
455 params.push_back(TAG_ALGORITHM, Algorithm::RSA);
456 break;
457 case EVP_PKEY_EC:
458 params.push_back(TAG_ALGORITHM, Algorithm::EC);
459 break;
460 default:
461 ALOGW("Unsupported key type %d", type);
462 return ResponseCode::SYSTEM_ERROR;
463 }
464
465 auto rc = importKey(name, params.hidl_data(), KeyFormat::PKCS8, data, targetUid, flags,
466 /*outCharacteristics*/ NULL);
467
468 if (!rc.isOk()) {
469 ALOGW("importKey failed: %d", int32_t(rc));
470 }
471 return translateResultToLegacyResult(rc);
472 }
473
sign(const String16 & name,const hidl_vec<uint8_t> & data,hidl_vec<uint8_t> * out)474 KeyStoreServiceReturnCode KeyStoreService::sign(const String16& name, const hidl_vec<uint8_t>& data,
475 hidl_vec<uint8_t>* out) {
476 if (!checkBinderPermission(P_SIGN)) {
477 return ResponseCode::PERMISSION_DENIED;
478 }
479 return doLegacySignVerify(name, data, out, hidl_vec<uint8_t>(), KeyPurpose::SIGN);
480 }
481
verify(const String16 & name,const hidl_vec<uint8_t> & data,const hidl_vec<uint8_t> & signature)482 KeyStoreServiceReturnCode KeyStoreService::verify(const String16& name,
483 const hidl_vec<uint8_t>& data,
484 const hidl_vec<uint8_t>& signature) {
485 if (!checkBinderPermission(P_VERIFY)) {
486 return ResponseCode::PERMISSION_DENIED;
487 }
488 return doLegacySignVerify(name, data, nullptr, signature, KeyPurpose::VERIFY);
489 }
490
491 /*
492 * TODO: The abstraction between things stored in hardware and regular blobs
493 * of data stored on the filesystem should be moved down to keystore itself.
494 * Unfortunately the Java code that calls this has naming conventions that it
495 * knows about. Ideally keystore shouldn't be used to store random blobs of
496 * data.
497 *
498 * Until that happens, it's necessary to have a separate "get_pubkey" and
499 * "del_key" since the Java code doesn't really communicate what it's
500 * intentions are.
501 */
get_pubkey(const String16 & name,hidl_vec<uint8_t> * pubKey)502 KeyStoreServiceReturnCode KeyStoreService::get_pubkey(const String16& name,
503 hidl_vec<uint8_t>* pubKey) {
504 ExportResult result;
505 exportKey(name, KeyFormat::X509, hidl_vec<uint8_t>(), hidl_vec<uint8_t>(), UID_SELF, &result);
506 if (!result.resultCode.isOk()) {
507 ALOGW("export failed: %d", int32_t(result.resultCode));
508 return translateResultToLegacyResult(result.resultCode);
509 }
510
511 if (pubKey) *pubKey = std::move(result.exportData);
512 return ResponseCode::NO_ERROR;
513 }
514
grant(const String16 & name,int32_t granteeUid)515 KeyStoreServiceReturnCode KeyStoreService::grant(const String16& name, int32_t granteeUid) {
516 uid_t callingUid = IPCThreadState::self()->getCallingUid();
517 auto result = checkBinderPermissionAndKeystoreState(P_GRANT);
518 if (!result.isOk()) {
519 return result;
520 }
521
522 String8 name8(name);
523 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid, ::TYPE_ANY));
524
525 if (access(filename.string(), R_OK) == -1) {
526 return (errno != ENOENT) ? ResponseCode::SYSTEM_ERROR : ResponseCode::KEY_NOT_FOUND;
527 }
528
529 mKeyStore->addGrant(filename.string(), granteeUid);
530 return ResponseCode::NO_ERROR;
531 }
532
ungrant(const String16 & name,int32_t granteeUid)533 KeyStoreServiceReturnCode KeyStoreService::ungrant(const String16& name, int32_t granteeUid) {
534 uid_t callingUid = IPCThreadState::self()->getCallingUid();
535 auto result = checkBinderPermissionAndKeystoreState(P_GRANT);
536 if (!result.isOk()) {
537 return result;
538 }
539
540 String8 name8(name);
541 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, callingUid, ::TYPE_ANY));
542
543 if (access(filename.string(), R_OK) == -1) {
544 return (errno != ENOENT) ? ResponseCode::SYSTEM_ERROR : ResponseCode::KEY_NOT_FOUND;
545 }
546
547 return mKeyStore->removeGrant(filename.string(), granteeUid) ? ResponseCode::NO_ERROR
548 : ResponseCode::KEY_NOT_FOUND;
549 }
550
getmtime(const String16 & name,int32_t uid)551 int64_t KeyStoreService::getmtime(const String16& name, int32_t uid) {
552 uid_t targetUid = getEffectiveUid(uid);
553 if (!checkBinderPermission(P_GET, targetUid)) {
554 ALOGW("permission denied for %d: getmtime", targetUid);
555 return -1L;
556 }
557
558 String8 name8(name);
559 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_ANY));
560
561 if (access(filename.string(), R_OK) == -1) {
562 ALOGW("could not access %s for getmtime", filename.string());
563 return -1L;
564 }
565
566 int fd = TEMP_FAILURE_RETRY(open(filename.string(), O_NOFOLLOW, O_RDONLY));
567 if (fd < 0) {
568 ALOGW("could not open %s for getmtime", filename.string());
569 return -1L;
570 }
571
572 struct stat s;
573 int ret = fstat(fd, &s);
574 close(fd);
575 if (ret == -1) {
576 ALOGW("could not stat %s for getmtime", filename.string());
577 return -1L;
578 }
579
580 return static_cast<int64_t>(s.st_mtime);
581 }
582
583 // TODO(tuckeris): This is dead code, remove it. Don't bother copying over key characteristics here
duplicate(const String16 & srcKey,int32_t srcUid,const String16 & destKey,int32_t destUid)584 KeyStoreServiceReturnCode KeyStoreService::duplicate(const String16& srcKey, int32_t srcUid,
585 const String16& destKey, int32_t destUid) {
586 uid_t callingUid = IPCThreadState::self()->getCallingUid();
587 pid_t spid = IPCThreadState::self()->getCallingPid();
588 if (!has_permission(callingUid, P_DUPLICATE, spid)) {
589 ALOGW("permission denied for %d: duplicate", callingUid);
590 return ResponseCode::PERMISSION_DENIED;
591 }
592
593 State state = mKeyStore->getState(get_user_id(callingUid));
594 if (!isKeystoreUnlocked(state)) {
595 ALOGD("calling duplicate in state: %d", state);
596 return ResponseCode(state);
597 }
598
599 if (srcUid == -1 || static_cast<uid_t>(srcUid) == callingUid) {
600 srcUid = callingUid;
601 } else if (!is_granted_to(callingUid, srcUid)) {
602 ALOGD("migrate not granted from source: %d -> %d", callingUid, srcUid);
603 return ResponseCode::PERMISSION_DENIED;
604 }
605
606 if (destUid == -1) {
607 destUid = callingUid;
608 }
609
610 if (srcUid != destUid) {
611 if (static_cast<uid_t>(srcUid) != callingUid) {
612 ALOGD("can only duplicate from caller to other or to same uid: "
613 "calling=%d, srcUid=%d, destUid=%d",
614 callingUid, srcUid, destUid);
615 return ResponseCode::PERMISSION_DENIED;
616 }
617
618 if (!is_granted_to(callingUid, destUid)) {
619 ALOGD("duplicate not granted to dest: %d -> %d", callingUid, destUid);
620 return ResponseCode::PERMISSION_DENIED;
621 }
622 }
623
624 String8 source8(srcKey);
625 String8 sourceFile(mKeyStore->getKeyNameForUidWithDir(source8, srcUid, ::TYPE_ANY));
626
627 String8 target8(destKey);
628 String8 targetFile(mKeyStore->getKeyNameForUidWithDir(target8, destUid, ::TYPE_ANY));
629
630 if (access(targetFile.string(), W_OK) != -1 || errno != ENOENT) {
631 ALOGD("destination already exists: %s", targetFile.string());
632 return ResponseCode::SYSTEM_ERROR;
633 }
634
635 Blob keyBlob;
636 ResponseCode responseCode =
637 mKeyStore->get(sourceFile.string(), &keyBlob, TYPE_ANY, get_user_id(srcUid));
638 if (responseCode != ResponseCode::NO_ERROR) {
639 return responseCode;
640 }
641
642 return mKeyStore->put(targetFile.string(), &keyBlob, get_user_id(destUid));
643 }
644
is_hardware_backed(const String16 & keyType)645 int32_t KeyStoreService::is_hardware_backed(const String16& keyType) {
646 return mKeyStore->isHardwareBacked(keyType) ? 1 : 0;
647 }
648
clear_uid(int64_t targetUid64)649 KeyStoreServiceReturnCode KeyStoreService::clear_uid(int64_t targetUid64) {
650 uid_t targetUid = getEffectiveUid(targetUid64);
651 if (!checkBinderPermissionSelfOrSystem(P_CLEAR_UID, targetUid)) {
652 return ResponseCode::PERMISSION_DENIED;
653 }
654 ALOGI("clear_uid %" PRId64, targetUid64);
655
656 String8 prefix = String8::format("%u_", targetUid);
657 Vector<String16> aliases;
658 if (mKeyStore->list(prefix, &aliases, get_user_id(targetUid)) != ResponseCode::NO_ERROR) {
659 return ResponseCode::SYSTEM_ERROR;
660 }
661
662 for (uint32_t i = 0; i < aliases.size(); i++) {
663 String8 name8(aliases[i]);
664 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_ANY));
665
666 if (get_app_id(targetUid) == AID_SYSTEM) {
667 Blob keyBlob;
668 ResponseCode responseCode =
669 mKeyStore->get(filename.string(), &keyBlob, ::TYPE_ANY, get_user_id(targetUid));
670 if (responseCode == ResponseCode::NO_ERROR && keyBlob.isCriticalToDeviceEncryption()) {
671 // Do not clear keys critical to device encryption under system uid.
672 continue;
673 }
674 }
675
676 mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(targetUid));
677
678 // del() will fail silently if no cached characteristics are present for this alias.
679 String8 chr_filename(
680 mKeyStore->getKeyNameForUidWithDir(name8, targetUid, ::TYPE_KEY_CHARACTERISTICS));
681 mKeyStore->del(chr_filename.string(), ::TYPE_KEY_CHARACTERISTICS, get_user_id(targetUid));
682 }
683 return ResponseCode::NO_ERROR;
684 }
685
addRngEntropy(const hidl_vec<uint8_t> & entropy)686 KeyStoreServiceReturnCode KeyStoreService::addRngEntropy(const hidl_vec<uint8_t>& entropy) {
687 const auto& device = mKeyStore->getDevice();
688 return KS_HANDLE_HIDL_ERROR(device->addRngEntropy(entropy));
689 }
690
generateKey(const String16 & name,const hidl_vec<KeyParameter> & params,const hidl_vec<uint8_t> & entropy,int uid,int flags,KeyCharacteristics * outCharacteristics)691 KeyStoreServiceReturnCode KeyStoreService::generateKey(const String16& name,
692 const hidl_vec<KeyParameter>& params,
693 const hidl_vec<uint8_t>& entropy, int uid,
694 int flags,
695 KeyCharacteristics* outCharacteristics) {
696 uid = getEffectiveUid(uid);
697 KeyStoreServiceReturnCode rc =
698 checkBinderPermissionAndKeystoreState(P_INSERT, uid, flags & KEYSTORE_FLAG_ENCRYPTED);
699 if (!rc.isOk()) {
700 return rc;
701 }
702 if ((flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION) && get_app_id(uid) != AID_SYSTEM) {
703 ALOGE("Non-system uid %d cannot set FLAG_CRITICAL_TO_DEVICE_ENCRYPTION", uid);
704 return ResponseCode::PERMISSION_DENIED;
705 }
706
707 if (containsTag(params, Tag::INCLUDE_UNIQUE_ID)) {
708 if (!checkBinderPermission(P_GEN_UNIQUE_ID)) return ResponseCode::PERMISSION_DENIED;
709 }
710
711 bool usingFallback = false;
712 auto& dev = mKeyStore->getDevice();
713 AuthorizationSet keyCharacteristics = params;
714
715 // TODO: Seed from Linux RNG before this.
716 rc = addRngEntropy(entropy);
717 if (!rc.isOk()) {
718 return rc;
719 }
720
721 KeyStoreServiceReturnCode error;
722 auto hidl_cb = [&](ErrorCode ret, const hidl_vec<uint8_t>& hidlKeyBlob,
723 const KeyCharacteristics& keyCharacteristics) {
724 error = ret;
725 if (!error.isOk()) {
726 return;
727 }
728 if (outCharacteristics) *outCharacteristics = keyCharacteristics;
729
730 // Write the key
731 String8 name8(name);
732 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEYMASTER_10));
733
734 Blob keyBlob(&hidlKeyBlob[0], hidlKeyBlob.size(), NULL, 0, ::TYPE_KEYMASTER_10);
735 keyBlob.setFallback(usingFallback);
736 keyBlob.setCriticalToDeviceEncryption(flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION);
737 if (isAuthenticationBound(params) && !keyBlob.isCriticalToDeviceEncryption()) {
738 keyBlob.setSuperEncrypted(true);
739 }
740 keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
741
742 error = mKeyStore->put(filename.string(), &keyBlob, get_user_id(uid));
743 };
744
745 rc = KS_HANDLE_HIDL_ERROR(dev->generateKey(params, hidl_cb));
746 if (!rc.isOk()) {
747 return rc;
748 }
749 if (!error.isOk()) {
750 ALOGE("Failed to generate key -> falling back to software keymaster");
751 usingFallback = true;
752 auto fallback = mKeyStore->getFallbackDevice();
753 if (!fallback.isOk()) {
754 return error;
755 }
756 rc = KS_HANDLE_HIDL_ERROR(fallback.value()->generateKey(params, hidl_cb));
757 if (!rc.isOk()) {
758 return rc;
759 }
760 if (!error.isOk()) {
761 return error;
762 }
763 }
764
765 // Write the characteristics:
766 String8 name8(name);
767 String8 cFilename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEY_CHARACTERISTICS));
768
769 std::stringstream kc_stream;
770 keyCharacteristics.Serialize(&kc_stream);
771 if (kc_stream.bad()) {
772 return ResponseCode::SYSTEM_ERROR;
773 }
774 auto kc_buf = kc_stream.str();
775 Blob charBlob(reinterpret_cast<const uint8_t*>(kc_buf.data()), kc_buf.size(), NULL, 0,
776 ::TYPE_KEY_CHARACTERISTICS);
777 charBlob.setFallback(usingFallback);
778 charBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
779
780 return mKeyStore->put(cFilename.string(), &charBlob, get_user_id(uid));
781 }
782
783 KeyStoreServiceReturnCode
getKeyCharacteristics(const String16 & name,const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,int32_t uid,KeyCharacteristics * outCharacteristics)784 KeyStoreService::getKeyCharacteristics(const String16& name, const hidl_vec<uint8_t>& clientId,
785 const hidl_vec<uint8_t>& appData, int32_t uid,
786 KeyCharacteristics* outCharacteristics) {
787 if (!outCharacteristics) {
788 return ErrorCode::UNEXPECTED_NULL_POINTER;
789 }
790
791 uid_t targetUid = getEffectiveUid(uid);
792 uid_t callingUid = IPCThreadState::self()->getCallingUid();
793 if (!is_granted_to(callingUid, targetUid)) {
794 ALOGW("uid %d not permitted to act for uid %d in getKeyCharacteristics", callingUid,
795 targetUid);
796 return ResponseCode::PERMISSION_DENIED;
797 }
798
799 Blob keyBlob;
800 String8 name8(name);
801
802 KeyStoreServiceReturnCode rc =
803 mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_KEYMASTER_10);
804 if (!rc.isOk()) {
805 return rc;
806 }
807
808 auto hidlKeyBlob = blob2hidlVec(keyBlob);
809 auto& dev = mKeyStore->getDevice(keyBlob);
810
811 KeyStoreServiceReturnCode error;
812
813 auto hidlCb = [&](ErrorCode ret, const KeyCharacteristics& keyCharacteristics) {
814 error = ret;
815 if (!error.isOk()) {
816 return;
817 }
818 *outCharacteristics = keyCharacteristics;
819 };
820
821 rc = KS_HANDLE_HIDL_ERROR(dev->getKeyCharacteristics(hidlKeyBlob, clientId, appData, hidlCb));
822 if (!rc.isOk()) {
823 return rc;
824 }
825
826 if (error == ErrorCode::KEY_REQUIRES_UPGRADE) {
827 AuthorizationSet upgradeParams;
828 if (clientId.size()) {
829 upgradeParams.push_back(TAG_APPLICATION_ID, clientId);
830 }
831 if (appData.size()) {
832 upgradeParams.push_back(TAG_APPLICATION_DATA, appData);
833 }
834 rc = upgradeKeyBlob(name, targetUid, upgradeParams, &keyBlob);
835 if (!rc.isOk()) {
836 return rc;
837 }
838
839 auto upgradedHidlKeyBlob = blob2hidlVec(keyBlob);
840
841 rc = KS_HANDLE_HIDL_ERROR(
842 dev->getKeyCharacteristics(upgradedHidlKeyBlob, clientId, appData, hidlCb));
843 if (!rc.isOk()) {
844 return rc;
845 }
846 // Note that, on success, "error" will have been updated by the hidlCB callback.
847 // So it is fine to return "error" below.
848 }
849 return error;
850 }
851
852 KeyStoreServiceReturnCode
importKey(const String16 & name,const hidl_vec<KeyParameter> & params,KeyFormat format,const hidl_vec<uint8_t> & keyData,int uid,int flags,KeyCharacteristics * outCharacteristics)853 KeyStoreService::importKey(const String16& name, const hidl_vec<KeyParameter>& params,
854 KeyFormat format, const hidl_vec<uint8_t>& keyData, int uid, int flags,
855 KeyCharacteristics* outCharacteristics) {
856 uid = getEffectiveUid(uid);
857 KeyStoreServiceReturnCode rc =
858 checkBinderPermissionAndKeystoreState(P_INSERT, uid, flags & KEYSTORE_FLAG_ENCRYPTED);
859 if (!rc.isOk()) {
860 return rc;
861 }
862 if ((flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION) && get_app_id(uid) != AID_SYSTEM) {
863 ALOGE("Non-system uid %d cannot set FLAG_CRITICAL_TO_DEVICE_ENCRYPTION", uid);
864 return ResponseCode::PERMISSION_DENIED;
865 }
866
867 bool usingFallback = false;
868 auto& dev = mKeyStore->getDevice();
869
870 String8 name8(name);
871
872 KeyStoreServiceReturnCode error;
873
874 auto hidlCb = [&](ErrorCode ret, const hidl_vec<uint8_t>& keyBlob,
875 const KeyCharacteristics& keyCharacteristics) {
876 error = ret;
877 if (!error.isOk()) {
878 return;
879 }
880
881 if (outCharacteristics) *outCharacteristics = keyCharacteristics;
882
883 // Write the key:
884 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEYMASTER_10));
885
886 Blob ksBlob(&keyBlob[0], keyBlob.size(), NULL, 0, ::TYPE_KEYMASTER_10);
887 ksBlob.setFallback(usingFallback);
888 ksBlob.setCriticalToDeviceEncryption(flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION);
889 if (isAuthenticationBound(params) && !ksBlob.isCriticalToDeviceEncryption()) {
890 ksBlob.setSuperEncrypted(true);
891 }
892 ksBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
893
894 error = mKeyStore->put(filename.string(), &ksBlob, get_user_id(uid));
895 };
896
897 rc = KS_HANDLE_HIDL_ERROR(dev->importKey(params, format, keyData, hidlCb));
898 // possible hidl error
899 if (!rc.isOk()) {
900 return rc;
901 }
902 // now check error from callback
903 if (!error.isOk()) {
904 ALOGE("Failed to import key -> falling back to software keymaster");
905 usingFallback = true;
906 auto fallback = mKeyStore->getFallbackDevice();
907 if (!fallback.isOk()) {
908 return error;
909 }
910 rc = KS_HANDLE_HIDL_ERROR(fallback.value()->importKey(params, format, keyData, hidlCb));
911 // possible hidl error
912 if (!rc.isOk()) {
913 return rc;
914 }
915 // now check error from callback
916 if (!error.isOk()) {
917 return error;
918 }
919 }
920
921 // Write the characteristics:
922 String8 cFilename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEY_CHARACTERISTICS));
923
924 AuthorizationSet opParams = params;
925 std::stringstream kcStream;
926 opParams.Serialize(&kcStream);
927 if (kcStream.bad()) return ResponseCode::SYSTEM_ERROR;
928 auto kcBuf = kcStream.str();
929
930 Blob charBlob(reinterpret_cast<const uint8_t*>(kcBuf.data()), kcBuf.size(), NULL, 0,
931 ::TYPE_KEY_CHARACTERISTICS);
932 charBlob.setFallback(usingFallback);
933 charBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED);
934
935 return mKeyStore->put(cFilename.string(), &charBlob, get_user_id(uid));
936 }
937
exportKey(const String16 & name,KeyFormat format,const hidl_vec<uint8_t> & clientId,const hidl_vec<uint8_t> & appData,int32_t uid,ExportResult * result)938 void KeyStoreService::exportKey(const String16& name, KeyFormat format,
939 const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData,
940 int32_t uid, ExportResult* result) {
941
942 uid_t targetUid = getEffectiveUid(uid);
943 uid_t callingUid = IPCThreadState::self()->getCallingUid();
944 if (!is_granted_to(callingUid, targetUid)) {
945 ALOGW("uid %d not permitted to act for uid %d in exportKey", callingUid, targetUid);
946 result->resultCode = ResponseCode::PERMISSION_DENIED;
947 return;
948 }
949
950 Blob keyBlob;
951 String8 name8(name);
952
953 result->resultCode = mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_KEYMASTER_10);
954 if (!result->resultCode.isOk()) {
955 return;
956 }
957
958 auto key = blob2hidlVec(keyBlob);
959 auto& dev = mKeyStore->getDevice(keyBlob);
960
961 auto hidlCb = [&](ErrorCode ret, const ::android::hardware::hidl_vec<uint8_t>& keyMaterial) {
962 result->resultCode = ret;
963 if (!result->resultCode.isOk()) {
964 return;
965 }
966 result->exportData = keyMaterial;
967 };
968 KeyStoreServiceReturnCode rc =
969 KS_HANDLE_HIDL_ERROR(dev->exportKey(format, key, clientId, appData, hidlCb));
970 // Overwrite result->resultCode only on HIDL error. Otherwise we want the result set in the
971 // callback hidlCb.
972 if (!rc.isOk()) {
973 result->resultCode = rc;
974 }
975
976 if (result->resultCode == ErrorCode::KEY_REQUIRES_UPGRADE) {
977 AuthorizationSet upgradeParams;
978 if (clientId.size()) {
979 upgradeParams.push_back(TAG_APPLICATION_ID, clientId);
980 }
981 if (appData.size()) {
982 upgradeParams.push_back(TAG_APPLICATION_DATA, appData);
983 }
984 result->resultCode = upgradeKeyBlob(name, targetUid, upgradeParams, &keyBlob);
985 if (!result->resultCode.isOk()) {
986 return;
987 }
988
989 auto upgradedHidlKeyBlob = blob2hidlVec(keyBlob);
990
991 result->resultCode = KS_HANDLE_HIDL_ERROR(
992 dev->exportKey(format, upgradedHidlKeyBlob, clientId, appData, hidlCb));
993 if (!result->resultCode.isOk()) {
994 return;
995 }
996 }
997 }
998
addAuthTokenToParams(AuthorizationSet * params,const HardwareAuthToken * token)999 static inline void addAuthTokenToParams(AuthorizationSet* params, const HardwareAuthToken* token) {
1000 if (token) {
1001 params->push_back(TAG_AUTH_TOKEN, authToken2HidlVec(*token));
1002 }
1003 }
1004
begin(const sp<IBinder> & appToken,const String16 & name,KeyPurpose purpose,bool pruneable,const hidl_vec<KeyParameter> & params,const hidl_vec<uint8_t> & entropy,int32_t uid,OperationResult * result)1005 void KeyStoreService::begin(const sp<IBinder>& appToken, const String16& name, KeyPurpose purpose,
1006 bool pruneable, const hidl_vec<KeyParameter>& params,
1007 const hidl_vec<uint8_t>& entropy, int32_t uid,
1008 OperationResult* result) {
1009 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1010 uid_t targetUid = getEffectiveUid(uid);
1011 if (!is_granted_to(callingUid, targetUid)) {
1012 ALOGW("uid %d not permitted to act for uid %d in begin", callingUid, targetUid);
1013 result->resultCode = ResponseCode::PERMISSION_DENIED;
1014 return;
1015 }
1016 if (!pruneable && get_app_id(callingUid) != AID_SYSTEM) {
1017 ALOGE("Non-system uid %d trying to start non-pruneable operation", callingUid);
1018 result->resultCode = ResponseCode::PERMISSION_DENIED;
1019 return;
1020 }
1021 if (!checkAllowedOperationParams(params)) {
1022 result->resultCode = ErrorCode::INVALID_ARGUMENT;
1023 return;
1024 }
1025 Blob keyBlob;
1026 String8 name8(name);
1027 result->resultCode = mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_KEYMASTER_10);
1028 if (result->resultCode == ResponseCode::LOCKED && keyBlob.isSuperEncrypted()) {
1029 result->resultCode = ErrorCode::KEY_USER_NOT_AUTHENTICATED;
1030 }
1031 if (!result->resultCode.isOk()) {
1032 return;
1033 }
1034
1035 auto key = blob2hidlVec(keyBlob);
1036 auto& dev = mKeyStore->getDevice(keyBlob);
1037 AuthorizationSet opParams = params;
1038 KeyCharacteristics characteristics;
1039 result->resultCode = getOperationCharacteristics(key, &dev, opParams, &characteristics);
1040
1041 if (result->resultCode == ErrorCode::KEY_REQUIRES_UPGRADE) {
1042 result->resultCode = upgradeKeyBlob(name, targetUid, opParams, &keyBlob);
1043 if (!result->resultCode.isOk()) {
1044 return;
1045 }
1046 key = blob2hidlVec(keyBlob);
1047 result->resultCode = getOperationCharacteristics(key, &dev, opParams, &characteristics);
1048 }
1049 if (!result->resultCode.isOk()) {
1050 return;
1051 }
1052
1053 const HardwareAuthToken* authToken = NULL;
1054
1055 // Merge these characteristics with the ones cached when the key was generated or imported
1056 Blob charBlob;
1057 AuthorizationSet persistedCharacteristics;
1058 result->resultCode =
1059 mKeyStore->getKeyForName(&charBlob, name8, targetUid, TYPE_KEY_CHARACTERISTICS);
1060 if (result->resultCode.isOk()) {
1061 // TODO write one shot stream buffer to avoid copying (twice here)
1062 std::string charBuffer(reinterpret_cast<const char*>(charBlob.getValue()),
1063 charBlob.getLength());
1064 std::stringstream charStream(charBuffer);
1065 persistedCharacteristics.Deserialize(&charStream);
1066 } else {
1067 ALOGD("Unable to read cached characteristics for key");
1068 }
1069
1070 // Replace the sw_enforced set with those persisted to disk, minus hw_enforced
1071 AuthorizationSet softwareEnforced = characteristics.softwareEnforced;
1072 AuthorizationSet teeEnforced = characteristics.teeEnforced;
1073 persistedCharacteristics.Union(softwareEnforced);
1074 persistedCharacteristics.Subtract(teeEnforced);
1075 characteristics.softwareEnforced = persistedCharacteristics.hidl_data();
1076
1077 result->resultCode = getAuthToken(characteristics, 0, purpose, &authToken,
1078 /*failOnTokenMissing*/ false);
1079 // If per-operation auth is needed we need to begin the operation and
1080 // the client will need to authorize that operation before calling
1081 // update. Any other auth issues stop here.
1082 if (!result->resultCode.isOk() && result->resultCode != ResponseCode::OP_AUTH_NEEDED) return;
1083
1084 addAuthTokenToParams(&opParams, authToken);
1085
1086 // Add entropy to the device first.
1087 if (entropy.size()) {
1088 result->resultCode = addRngEntropy(entropy);
1089 if (!result->resultCode.isOk()) {
1090 return;
1091 }
1092 }
1093
1094 // Create a keyid for this key.
1095 km_id_t keyid;
1096 if (!enforcement_policy.CreateKeyId(key, &keyid)) {
1097 ALOGE("Failed to create a key ID for authorization checking.");
1098 result->resultCode = ErrorCode::UNKNOWN_ERROR;
1099 return;
1100 }
1101
1102 // Check that all key authorization policy requirements are met.
1103 AuthorizationSet key_auths = characteristics.teeEnforced;
1104 key_auths.append(&characteristics.softwareEnforced[0],
1105 &characteristics.softwareEnforced[characteristics.softwareEnforced.size()]);
1106
1107 result->resultCode = enforcement_policy.AuthorizeOperation(
1108 purpose, keyid, key_auths, opParams, 0 /* op_handle */, true /* is_begin_operation */);
1109 if (!result->resultCode.isOk()) {
1110 return;
1111 }
1112
1113 // If there are more than kMaxOperations, abort the oldest operation that was started as
1114 // pruneable.
1115 while (mOperationMap.getOperationCount() >= kMaxOperations) {
1116 ALOGD("Reached or exceeded concurrent operations limit");
1117 if (!pruneOperation()) {
1118 break;
1119 }
1120 }
1121
1122 auto hidlCb = [&](ErrorCode ret, const hidl_vec<KeyParameter>& outParams,
1123 uint64_t operationHandle) {
1124 result->resultCode = ret;
1125 if (!result->resultCode.isOk()) {
1126 return;
1127 }
1128 result->handle = operationHandle;
1129 result->outParams = outParams;
1130 };
1131
1132 ErrorCode rc = KS_HANDLE_HIDL_ERROR(dev->begin(purpose, key, opParams.hidl_data(), hidlCb));
1133 if (rc != ErrorCode::OK) {
1134 ALOGW("Got error %d from begin()", rc);
1135 }
1136
1137 // If there are too many operations abort the oldest operation that was
1138 // started as pruneable and try again.
1139 while (rc == ErrorCode::TOO_MANY_OPERATIONS && mOperationMap.hasPruneableOperation()) {
1140 ALOGW("Ran out of operation handles");
1141 if (!pruneOperation()) {
1142 break;
1143 }
1144 rc = KS_HANDLE_HIDL_ERROR(dev->begin(purpose, key, opParams.hidl_data(), hidlCb));
1145 }
1146 if (rc != ErrorCode::OK) {
1147 result->resultCode = rc;
1148 return;
1149 }
1150
1151 // Note: The operation map takes possession of the contents of "characteristics".
1152 // It is safe to use characteristics after the following line but it will be empty.
1153 sp<IBinder> operationToken = mOperationMap.addOperation(
1154 result->handle, keyid, purpose, dev, appToken, std::move(characteristics), pruneable);
1155 assert(characteristics.teeEnforced.size() == 0);
1156 assert(characteristics.softwareEnforced.size() == 0);
1157
1158 if (authToken) {
1159 mOperationMap.setOperationAuthToken(operationToken, authToken);
1160 }
1161 // Return the authentication lookup result. If this is a per operation
1162 // auth'd key then the resultCode will be ::OP_AUTH_NEEDED and the
1163 // application should get an auth token using the handle before the
1164 // first call to update, which will fail if keystore hasn't received the
1165 // auth token.
1166 // All fields but "token" were set in the begin operation's callback.
1167 result->token = operationToken;
1168 }
1169
update(const sp<IBinder> & token,const hidl_vec<KeyParameter> & params,const hidl_vec<uint8_t> & data,OperationResult * result)1170 void KeyStoreService::update(const sp<IBinder>& token, const hidl_vec<KeyParameter>& params,
1171 const hidl_vec<uint8_t>& data, OperationResult* result) {
1172 if (!checkAllowedOperationParams(params)) {
1173 result->resultCode = ErrorCode::INVALID_ARGUMENT;
1174 return;
1175 }
1176 km_device_t dev;
1177 uint64_t handle;
1178 KeyPurpose purpose;
1179 km_id_t keyid;
1180 const KeyCharacteristics* characteristics;
1181 if (!mOperationMap.getOperation(token, &handle, &keyid, &purpose, &dev, &characteristics)) {
1182 result->resultCode = ErrorCode::INVALID_OPERATION_HANDLE;
1183 return;
1184 }
1185 AuthorizationSet opParams = params;
1186 result->resultCode = addOperationAuthTokenIfNeeded(token, &opParams);
1187 if (!result->resultCode.isOk()) {
1188 return;
1189 }
1190
1191 // Check that all key authorization policy requirements are met.
1192 AuthorizationSet key_auths(characteristics->teeEnforced);
1193 key_auths.append(&characteristics->softwareEnforced[0],
1194 &characteristics->softwareEnforced[characteristics->softwareEnforced.size()]);
1195 result->resultCode = enforcement_policy.AuthorizeOperation(
1196 purpose, keyid, key_auths, opParams, handle, false /* is_begin_operation */);
1197 if (!result->resultCode.isOk()) {
1198 return;
1199 }
1200
1201 auto hidlCb = [&](ErrorCode ret, uint32_t inputConsumed,
1202 const hidl_vec<KeyParameter>& outParams, const hidl_vec<uint8_t>& output) {
1203 result->resultCode = ret;
1204 if (!result->resultCode.isOk()) {
1205 return;
1206 }
1207 result->inputConsumed = inputConsumed;
1208 result->outParams = outParams;
1209 result->data = output;
1210 };
1211
1212 KeyStoreServiceReturnCode rc = KS_HANDLE_HIDL_ERROR(dev->update(handle, opParams.hidl_data(),
1213 data, hidlCb));
1214 // just a reminder: on success result->resultCode was set in the callback. So we only overwrite
1215 // it if there was a communication error indicated by the ErrorCode.
1216 if (!rc.isOk()) {
1217 result->resultCode = rc;
1218 }
1219 }
1220
finish(const sp<IBinder> & token,const hidl_vec<KeyParameter> & params,const hidl_vec<uint8_t> & signature,const hidl_vec<uint8_t> & entropy,OperationResult * result)1221 void KeyStoreService::finish(const sp<IBinder>& token, const hidl_vec<KeyParameter>& params,
1222 const hidl_vec<uint8_t>& signature, const hidl_vec<uint8_t>& entropy,
1223 OperationResult* result) {
1224 if (!checkAllowedOperationParams(params)) {
1225 result->resultCode = ErrorCode::INVALID_ARGUMENT;
1226 return;
1227 }
1228 km_device_t dev;
1229 uint64_t handle;
1230 KeyPurpose purpose;
1231 km_id_t keyid;
1232 const KeyCharacteristics* characteristics;
1233 if (!mOperationMap.getOperation(token, &handle, &keyid, &purpose, &dev, &characteristics)) {
1234 result->resultCode = ErrorCode::INVALID_OPERATION_HANDLE;
1235 return;
1236 }
1237 AuthorizationSet opParams = params;
1238 result->resultCode = addOperationAuthTokenIfNeeded(token, &opParams);
1239 if (!result->resultCode.isOk()) {
1240 return;
1241 }
1242
1243 if (entropy.size()) {
1244 result->resultCode = addRngEntropy(entropy);
1245 if (!result->resultCode.isOk()) {
1246 return;
1247 }
1248 }
1249
1250 // Check that all key authorization policy requirements are met.
1251 AuthorizationSet key_auths(characteristics->teeEnforced);
1252 key_auths.append(&characteristics->softwareEnforced[0],
1253 &characteristics->softwareEnforced[characteristics->softwareEnforced.size()]);
1254 result->resultCode = enforcement_policy.AuthorizeOperation(
1255 purpose, keyid, key_auths, opParams, handle, false /* is_begin_operation */);
1256 if (!result->resultCode.isOk()) return;
1257
1258 auto hidlCb = [&](ErrorCode ret, const hidl_vec<KeyParameter>& outParams,
1259 const hidl_vec<uint8_t>& output) {
1260 result->resultCode = ret;
1261 if (!result->resultCode.isOk()) {
1262 return;
1263 }
1264 result->outParams = outParams;
1265 result->data = output;
1266 };
1267
1268 KeyStoreServiceReturnCode rc = KS_HANDLE_HIDL_ERROR(dev->finish(
1269 handle, opParams.hidl_data(),
1270 hidl_vec<uint8_t>() /* TODO(swillden): wire up input to finish() */, signature, hidlCb));
1271 // Remove the operation regardless of the result
1272 mOperationMap.removeOperation(token);
1273 mAuthTokenTable.MarkCompleted(handle);
1274
1275 // just a reminder: on success result->resultCode was set in the callback. So we only overwrite
1276 // it if there was a communication error indicated by the ErrorCode.
1277 if (!rc.isOk()) {
1278 result->resultCode = rc;
1279 }
1280 }
1281
abort(const sp<IBinder> & token)1282 KeyStoreServiceReturnCode KeyStoreService::abort(const sp<IBinder>& token) {
1283 km_device_t dev;
1284 uint64_t handle;
1285 KeyPurpose purpose;
1286 km_id_t keyid;
1287 if (!mOperationMap.getOperation(token, &handle, &keyid, &purpose, &dev, NULL)) {
1288 return ErrorCode::INVALID_OPERATION_HANDLE;
1289 }
1290 mOperationMap.removeOperation(token);
1291
1292 ErrorCode rc = KS_HANDLE_HIDL_ERROR(dev->abort(handle));
1293 mAuthTokenTable.MarkCompleted(handle);
1294 return rc;
1295 }
1296
isOperationAuthorized(const sp<IBinder> & token)1297 bool KeyStoreService::isOperationAuthorized(const sp<IBinder>& token) {
1298 km_device_t dev;
1299 uint64_t handle;
1300 const KeyCharacteristics* characteristics;
1301 KeyPurpose purpose;
1302 km_id_t keyid;
1303 if (!mOperationMap.getOperation(token, &handle, &keyid, &purpose, &dev, &characteristics)) {
1304 return false;
1305 }
1306 const HardwareAuthToken* authToken = NULL;
1307 mOperationMap.getOperationAuthToken(token, &authToken);
1308 AuthorizationSet ignored;
1309 auto authResult = addOperationAuthTokenIfNeeded(token, &ignored);
1310 return authResult.isOk();
1311 }
1312
addAuthToken(const uint8_t * token,size_t length)1313 KeyStoreServiceReturnCode KeyStoreService::addAuthToken(const uint8_t* token, size_t length) {
1314 // TODO(swillden): When gatekeeper and fingerprint are ready, this should be updated to
1315 // receive a HardwareAuthToken, rather than an opaque byte array.
1316
1317 if (!checkBinderPermission(P_ADD_AUTH)) {
1318 ALOGW("addAuthToken: permission denied for %d", IPCThreadState::self()->getCallingUid());
1319 return ResponseCode::PERMISSION_DENIED;
1320 }
1321 if (length != sizeof(hw_auth_token_t)) {
1322 return ErrorCode::INVALID_ARGUMENT;
1323 }
1324
1325 hw_auth_token_t authToken;
1326 memcpy(reinterpret_cast<void*>(&authToken), token, sizeof(hw_auth_token_t));
1327 if (authToken.version != 0) {
1328 return ErrorCode::INVALID_ARGUMENT;
1329 }
1330
1331 std::unique_ptr<HardwareAuthToken> hidlAuthToken(new HardwareAuthToken);
1332 hidlAuthToken->challenge = authToken.challenge;
1333 hidlAuthToken->userId = authToken.user_id;
1334 hidlAuthToken->authenticatorId = authToken.authenticator_id;
1335 hidlAuthToken->authenticatorType = authToken.authenticator_type;
1336 hidlAuthToken->timestamp = authToken.timestamp;
1337 static_assert(
1338 std::is_same<decltype(hidlAuthToken->hmac),
1339 ::android::hardware::hidl_array<uint8_t, sizeof(authToken.hmac)>>::value,
1340 "This function assumes token HMAC is 32 bytes, but it might not be.");
1341 std::copy(authToken.hmac, authToken.hmac + sizeof(authToken.hmac), hidlAuthToken->hmac.data());
1342
1343 // The table takes ownership of authToken.
1344 mAuthTokenTable.AddAuthenticationToken(hidlAuthToken.release());
1345 return ResponseCode::NO_ERROR;
1346 }
1347
isDeviceIdAttestationRequested(const hidl_vec<KeyParameter> & params)1348 bool isDeviceIdAttestationRequested(const hidl_vec<KeyParameter>& params) {
1349 for (size_t i = 0; i < params.size(); ++i) {
1350 switch (params[i].tag) {
1351 case Tag::ATTESTATION_ID_BRAND:
1352 case Tag::ATTESTATION_ID_DEVICE:
1353 case Tag::ATTESTATION_ID_IMEI:
1354 case Tag::ATTESTATION_ID_MANUFACTURER:
1355 case Tag::ATTESTATION_ID_MEID:
1356 case Tag::ATTESTATION_ID_MODEL:
1357 case Tag::ATTESTATION_ID_PRODUCT:
1358 case Tag::ATTESTATION_ID_SERIAL:
1359 return true;
1360 default:
1361 break;
1362 }
1363 }
1364 return false;
1365 }
1366
attestKey(const String16 & name,const hidl_vec<KeyParameter> & params,hidl_vec<hidl_vec<uint8_t>> * outChain)1367 KeyStoreServiceReturnCode KeyStoreService::attestKey(const String16& name,
1368 const hidl_vec<KeyParameter>& params,
1369 hidl_vec<hidl_vec<uint8_t>>* outChain) {
1370 if (!outChain) {
1371 return ErrorCode::OUTPUT_PARAMETER_NULL;
1372 }
1373
1374 if (!checkAllowedOperationParams(params)) {
1375 return ErrorCode::INVALID_ARGUMENT;
1376 }
1377
1378 if (isDeviceIdAttestationRequested(params)) {
1379 // There is a dedicated attestDeviceIds() method for device ID attestation.
1380 return ErrorCode::INVALID_ARGUMENT;
1381 }
1382
1383 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1384
1385 AuthorizationSet mutableParams = params;
1386 KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams);
1387 if (!rc.isOk()) {
1388 return rc;
1389 }
1390
1391 Blob keyBlob;
1392 String8 name8(name);
1393 rc = mKeyStore->getKeyForName(&keyBlob, name8, callingUid, TYPE_KEYMASTER_10);
1394 if (!rc.isOk()) {
1395 return rc;
1396 }
1397
1398 KeyStoreServiceReturnCode error;
1399 auto hidlCb = [&](ErrorCode ret, const hidl_vec<hidl_vec<uint8_t>>& certChain) {
1400 error = ret;
1401 if (!error.isOk()) {
1402 return;
1403 }
1404 if (outChain) *outChain = certChain;
1405 };
1406
1407 auto hidlKey = blob2hidlVec(keyBlob);
1408 auto& dev = mKeyStore->getDevice(keyBlob);
1409 rc = KS_HANDLE_HIDL_ERROR(dev->attestKey(hidlKey, mutableParams.hidl_data(), hidlCb));
1410 if (!rc.isOk()) {
1411 return rc;
1412 }
1413 return error;
1414 }
1415
attestDeviceIds(const hidl_vec<KeyParameter> & params,hidl_vec<hidl_vec<uint8_t>> * outChain)1416 KeyStoreServiceReturnCode KeyStoreService::attestDeviceIds(const hidl_vec<KeyParameter>& params,
1417 hidl_vec<hidl_vec<uint8_t>>* outChain) {
1418 if (!outChain) {
1419 return ErrorCode::OUTPUT_PARAMETER_NULL;
1420 }
1421
1422 if (!checkAllowedOperationParams(params)) {
1423 return ErrorCode::INVALID_ARGUMENT;
1424 }
1425
1426 if (!isDeviceIdAttestationRequested(params)) {
1427 // There is an attestKey() method for attesting keys without device ID attestation.
1428 return ErrorCode::INVALID_ARGUMENT;
1429 }
1430
1431 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1432 sp<IBinder> binder = defaultServiceManager()->getService(String16("permission"));
1433 if (binder == 0) {
1434 return ErrorCode::CANNOT_ATTEST_IDS;
1435 }
1436 if (!interface_cast<IPermissionController>(binder)->checkPermission(
1437 String16("android.permission.READ_PRIVILEGED_PHONE_STATE"),
1438 IPCThreadState::self()->getCallingPid(), callingUid)) {
1439 return ErrorCode::CANNOT_ATTEST_IDS;
1440 }
1441
1442 AuthorizationSet mutableParams = params;
1443 KeyStoreServiceReturnCode rc = updateParamsForAttestation(callingUid, &mutableParams);
1444 if (!rc.isOk()) {
1445 return rc;
1446 }
1447
1448 // Generate temporary key.
1449 auto& dev = mKeyStore->getDevice();
1450 KeyStoreServiceReturnCode error;
1451 hidl_vec<uint8_t> hidlKey;
1452
1453 AuthorizationSet keyCharacteristics;
1454 keyCharacteristics.push_back(TAG_PURPOSE, KeyPurpose::VERIFY);
1455 keyCharacteristics.push_back(TAG_ALGORITHM, Algorithm::EC);
1456 keyCharacteristics.push_back(TAG_DIGEST, Digest::SHA_2_256);
1457 keyCharacteristics.push_back(TAG_NO_AUTH_REQUIRED);
1458 keyCharacteristics.push_back(TAG_EC_CURVE, EcCurve::P_256);
1459 auto generateHidlCb = [&](ErrorCode ret, const hidl_vec<uint8_t>& hidlKeyBlob,
1460 const KeyCharacteristics&) {
1461 error = ret;
1462 if (!error.isOk()) {
1463 return;
1464 }
1465 hidlKey = hidlKeyBlob;
1466 };
1467
1468 rc = KS_HANDLE_HIDL_ERROR(dev->generateKey(keyCharacteristics.hidl_data(), generateHidlCb));
1469 if (!rc.isOk()) {
1470 return rc;
1471 }
1472 if (!error.isOk()) {
1473 return error;
1474 }
1475
1476 // Attest key and device IDs.
1477 auto attestHidlCb = [&](ErrorCode ret, const hidl_vec<hidl_vec<uint8_t>>& certChain) {
1478 error = ret;
1479 if (!error.isOk()) {
1480 return;
1481 }
1482 *outChain = certChain;
1483 };
1484 KeyStoreServiceReturnCode attestationRc =
1485 KS_HANDLE_HIDL_ERROR(dev->attestKey(hidlKey, mutableParams.hidl_data(), attestHidlCb));
1486
1487 // Delete temporary key.
1488 KeyStoreServiceReturnCode deletionRc = KS_HANDLE_HIDL_ERROR(dev->deleteKey(hidlKey));
1489
1490 if (!attestationRc.isOk()) {
1491 return attestationRc;
1492 }
1493 if (!error.isOk()) {
1494 return error;
1495 }
1496 return deletionRc;
1497 }
1498
onDeviceOffBody()1499 KeyStoreServiceReturnCode KeyStoreService::onDeviceOffBody() {
1500 // TODO(tuckeris): add permission check. This should be callable from ClockworkHome only.
1501 mAuthTokenTable.onDeviceOffBody();
1502 return ResponseCode::NO_ERROR;
1503 }
1504
1505 /**
1506 * Prune the oldest pruneable operation.
1507 */
pruneOperation()1508 bool KeyStoreService::pruneOperation() {
1509 sp<IBinder> oldest = mOperationMap.getOldestPruneableOperation();
1510 ALOGD("Trying to prune operation %p", oldest.get());
1511 size_t op_count_before_abort = mOperationMap.getOperationCount();
1512 // We mostly ignore errors from abort() because all we care about is whether at least
1513 // one operation has been removed.
1514 int abort_error = abort(oldest);
1515 if (mOperationMap.getOperationCount() >= op_count_before_abort) {
1516 ALOGE("Failed to abort pruneable operation %p, error: %d", oldest.get(), abort_error);
1517 return false;
1518 }
1519 return true;
1520 }
1521
1522 /**
1523 * Get the effective target uid for a binder operation that takes an
1524 * optional uid as the target.
1525 */
getEffectiveUid(int32_t targetUid)1526 uid_t KeyStoreService::getEffectiveUid(int32_t targetUid) {
1527 if (targetUid == UID_SELF) {
1528 return IPCThreadState::self()->getCallingUid();
1529 }
1530 return static_cast<uid_t>(targetUid);
1531 }
1532
1533 /**
1534 * Check if the caller of the current binder method has the required
1535 * permission and if acting on other uids the grants to do so.
1536 */
checkBinderPermission(perm_t permission,int32_t targetUid)1537 bool KeyStoreService::checkBinderPermission(perm_t permission, int32_t targetUid) {
1538 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1539 pid_t spid = IPCThreadState::self()->getCallingPid();
1540 if (!has_permission(callingUid, permission, spid)) {
1541 ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid);
1542 return false;
1543 }
1544 if (!is_granted_to(callingUid, getEffectiveUid(targetUid))) {
1545 ALOGW("uid %d not granted to act for %d", callingUid, targetUid);
1546 return false;
1547 }
1548 return true;
1549 }
1550
1551 /**
1552 * Check if the caller of the current binder method has the required
1553 * permission and the target uid is the caller or the caller is system.
1554 */
checkBinderPermissionSelfOrSystem(perm_t permission,int32_t targetUid)1555 bool KeyStoreService::checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid) {
1556 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1557 pid_t spid = IPCThreadState::self()->getCallingPid();
1558 if (!has_permission(callingUid, permission, spid)) {
1559 ALOGW("permission %s denied for %d", get_perm_label(permission), callingUid);
1560 return false;
1561 }
1562 return getEffectiveUid(targetUid) == callingUid || callingUid == AID_SYSTEM;
1563 }
1564
1565 /**
1566 * Check if the caller of the current binder method has the required
1567 * permission or the target of the operation is the caller's uid. This is
1568 * for operation where the permission is only for cross-uid activity and all
1569 * uids are allowed to act on their own (ie: clearing all entries for a
1570 * given uid).
1571 */
checkBinderPermissionOrSelfTarget(perm_t permission,int32_t targetUid)1572 bool KeyStoreService::checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid) {
1573 uid_t callingUid = IPCThreadState::self()->getCallingUid();
1574 if (getEffectiveUid(targetUid) == callingUid) {
1575 return true;
1576 } else {
1577 return checkBinderPermission(permission, targetUid);
1578 }
1579 }
1580
1581 /**
1582 * Helper method to check that the caller has the required permission as
1583 * well as the keystore is in the unlocked state if checkUnlocked is true.
1584 *
1585 * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and
1586 * otherwise the state of keystore when not unlocked and checkUnlocked is
1587 * true.
1588 */
1589 KeyStoreServiceReturnCode
checkBinderPermissionAndKeystoreState(perm_t permission,int32_t targetUid,bool checkUnlocked)1590 KeyStoreService::checkBinderPermissionAndKeystoreState(perm_t permission, int32_t targetUid,
1591 bool checkUnlocked) {
1592 if (!checkBinderPermission(permission, targetUid)) {
1593 return ResponseCode::PERMISSION_DENIED;
1594 }
1595 State state = mKeyStore->getState(get_user_id(getEffectiveUid(targetUid)));
1596 if (checkUnlocked && !isKeystoreUnlocked(state)) {
1597 // All State values coincide with ResponseCodes
1598 return static_cast<ResponseCode>(state);
1599 }
1600
1601 return ResponseCode::NO_ERROR;
1602 }
1603
isKeystoreUnlocked(State state)1604 bool KeyStoreService::isKeystoreUnlocked(State state) {
1605 switch (state) {
1606 case ::STATE_NO_ERROR:
1607 return true;
1608 case ::STATE_UNINITIALIZED:
1609 case ::STATE_LOCKED:
1610 return false;
1611 }
1612 return false;
1613 }
1614
1615 /**
1616 * Check that all KeyParameter's provided by the application are
1617 * allowed. Any parameter that keystore adds itself should be disallowed here.
1618 */
checkAllowedOperationParams(const hidl_vec<KeyParameter> & params)1619 bool KeyStoreService::checkAllowedOperationParams(const hidl_vec<KeyParameter>& params) {
1620 for (size_t i = 0; i < params.size(); ++i) {
1621 switch (params[i].tag) {
1622 case Tag::ATTESTATION_APPLICATION_ID:
1623 case Tag::AUTH_TOKEN:
1624 case Tag::RESET_SINCE_ID_ROTATION:
1625 return false;
1626 default:
1627 break;
1628 }
1629 }
1630 return true;
1631 }
1632
getOperationCharacteristics(const hidl_vec<uint8_t> & key,km_device_t * dev,const AuthorizationSet & params,KeyCharacteristics * out)1633 ErrorCode KeyStoreService::getOperationCharacteristics(const hidl_vec<uint8_t>& key,
1634 km_device_t* dev,
1635 const AuthorizationSet& params,
1636 KeyCharacteristics* out) {
1637 hidl_vec<uint8_t> appId;
1638 hidl_vec<uint8_t> appData;
1639 for (auto param : params) {
1640 if (param.tag == Tag::APPLICATION_ID) {
1641 appId = authorizationValue(TAG_APPLICATION_ID, param).value();
1642 } else if (param.tag == Tag::APPLICATION_DATA) {
1643 appData = authorizationValue(TAG_APPLICATION_DATA, param).value();
1644 }
1645 }
1646 ErrorCode error = ErrorCode::OK;
1647
1648 auto hidlCb = [&](ErrorCode ret, const KeyCharacteristics& keyCharacteristics) {
1649 error = ret;
1650 if (error != ErrorCode::OK) {
1651 return;
1652 }
1653 if (out) *out = keyCharacteristics;
1654 };
1655
1656 ErrorCode rc = KS_HANDLE_HIDL_ERROR((*dev)->getKeyCharacteristics(key, appId, appData, hidlCb));
1657 if (rc != ErrorCode::OK) {
1658 return rc;
1659 }
1660 return error;
1661 }
1662
1663 /**
1664 * Get the auth token for this operation from the auth token table.
1665 *
1666 * Returns ResponseCode::NO_ERROR if the auth token was set or none was required.
1667 * ::OP_AUTH_NEEDED if it is a per op authorization, no
1668 * authorization token exists for that operation and
1669 * failOnTokenMissing is false.
1670 * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth
1671 * token for the operation
1672 */
getAuthToken(const KeyCharacteristics & characteristics,uint64_t handle,KeyPurpose purpose,const HardwareAuthToken ** authToken,bool failOnTokenMissing)1673 KeyStoreServiceReturnCode KeyStoreService::getAuthToken(const KeyCharacteristics& characteristics,
1674 uint64_t handle, KeyPurpose purpose,
1675 const HardwareAuthToken** authToken,
1676 bool failOnTokenMissing) {
1677
1678 AuthorizationSet allCharacteristics;
1679 for (size_t i = 0; i < characteristics.softwareEnforced.size(); i++) {
1680 allCharacteristics.push_back(characteristics.softwareEnforced[i]);
1681 }
1682 for (size_t i = 0; i < characteristics.teeEnforced.size(); i++) {
1683 allCharacteristics.push_back(characteristics.teeEnforced[i]);
1684 }
1685 AuthTokenTable::Error err =
1686 mAuthTokenTable.FindAuthorization(allCharacteristics, purpose, handle, authToken);
1687 switch (err) {
1688 case AuthTokenTable::OK:
1689 case AuthTokenTable::AUTH_NOT_REQUIRED:
1690 return ResponseCode::NO_ERROR;
1691 case AuthTokenTable::AUTH_TOKEN_NOT_FOUND:
1692 case AuthTokenTable::AUTH_TOKEN_EXPIRED:
1693 case AuthTokenTable::AUTH_TOKEN_WRONG_SID:
1694 return ErrorCode::KEY_USER_NOT_AUTHENTICATED;
1695 case AuthTokenTable::OP_HANDLE_REQUIRED:
1696 return failOnTokenMissing ? KeyStoreServiceReturnCode(ErrorCode::KEY_USER_NOT_AUTHENTICATED)
1697 : KeyStoreServiceReturnCode(ResponseCode::OP_AUTH_NEEDED);
1698 default:
1699 ALOGE("Unexpected FindAuthorization return value %d", err);
1700 return ErrorCode::INVALID_ARGUMENT;
1701 }
1702 }
1703
1704 /**
1705 * Add the auth token for the operation to the param list if the operation
1706 * requires authorization. Uses the cached result in the OperationMap if available
1707 * otherwise gets the token from the AuthTokenTable and caches the result.
1708 *
1709 * Returns ResponseCode::NO_ERROR if the auth token was added or not needed.
1710 * KM_ERROR_KEY_USER_NOT_AUTHENTICATED if the operation is not
1711 * authenticated.
1712 * KM_ERROR_INVALID_OPERATION_HANDLE if token is not a valid
1713 * operation token.
1714 */
addOperationAuthTokenIfNeeded(const sp<IBinder> & token,AuthorizationSet * params)1715 KeyStoreServiceReturnCode KeyStoreService::addOperationAuthTokenIfNeeded(const sp<IBinder>& token,
1716 AuthorizationSet* params) {
1717 const HardwareAuthToken* authToken = nullptr;
1718 mOperationMap.getOperationAuthToken(token, &authToken);
1719 if (!authToken) {
1720 km_device_t dev;
1721 uint64_t handle;
1722 const KeyCharacteristics* characteristics = nullptr;
1723 KeyPurpose purpose;
1724 km_id_t keyid;
1725 if (!mOperationMap.getOperation(token, &handle, &keyid, &purpose, &dev, &characteristics)) {
1726 return ErrorCode::INVALID_OPERATION_HANDLE;
1727 }
1728 auto result = getAuthToken(*characteristics, handle, purpose, &authToken);
1729 if (!result.isOk()) {
1730 return result;
1731 }
1732 if (authToken) {
1733 mOperationMap.setOperationAuthToken(token, authToken);
1734 }
1735 }
1736 addAuthTokenToParams(params, authToken);
1737 return ResponseCode::NO_ERROR;
1738 }
1739
1740 /**
1741 * Translate a result value to a legacy return value. All keystore errors are
1742 * preserved and keymaster errors become SYSTEM_ERRORs
1743 */
translateResultToLegacyResult(int32_t result)1744 KeyStoreServiceReturnCode KeyStoreService::translateResultToLegacyResult(int32_t result) {
1745 if (result > 0) {
1746 return static_cast<ResponseCode>(result);
1747 }
1748 return ResponseCode::SYSTEM_ERROR;
1749 }
1750
1751 static NullOr<const Algorithm&>
getKeyAlgoritmFromKeyCharacteristics(const KeyCharacteristics & characteristics)1752 getKeyAlgoritmFromKeyCharacteristics(const KeyCharacteristics& characteristics) {
1753 for (size_t i = 0; i < characteristics.teeEnforced.size(); ++i) {
1754 auto algo = authorizationValue(TAG_ALGORITHM, characteristics.teeEnforced[i]);
1755 if (algo.isOk()) return algo.value();
1756 }
1757 for (size_t i = 0; i < characteristics.softwareEnforced.size(); ++i) {
1758 auto algo = authorizationValue(TAG_ALGORITHM, characteristics.softwareEnforced[i]);
1759 if (algo.isOk()) return algo.value();
1760 }
1761 return {};
1762 }
1763
addLegacyBeginParams(const String16 & name,AuthorizationSet * params)1764 void KeyStoreService::addLegacyBeginParams(const String16& name, AuthorizationSet* params) {
1765 // All legacy keys are DIGEST_NONE/PAD_NONE.
1766 params->push_back(TAG_DIGEST, Digest::NONE);
1767 params->push_back(TAG_PADDING, PaddingMode::NONE);
1768
1769 // Look up the algorithm of the key.
1770 KeyCharacteristics characteristics;
1771 auto rc = getKeyCharacteristics(name, hidl_vec<uint8_t>(), hidl_vec<uint8_t>(), UID_SELF,
1772 &characteristics);
1773 if (!rc.isOk()) {
1774 ALOGE("Failed to get key characteristics");
1775 return;
1776 }
1777 auto algorithm = getKeyAlgoritmFromKeyCharacteristics(characteristics);
1778 if (!algorithm.isOk()) {
1779 ALOGE("getKeyCharacteristics did not include KM_TAG_ALGORITHM");
1780 return;
1781 }
1782 params->push_back(TAG_ALGORITHM, algorithm.value());
1783 }
1784
doLegacySignVerify(const String16 & name,const hidl_vec<uint8_t> & data,hidl_vec<uint8_t> * out,const hidl_vec<uint8_t> & signature,KeyPurpose purpose)1785 KeyStoreServiceReturnCode KeyStoreService::doLegacySignVerify(const String16& name,
1786 const hidl_vec<uint8_t>& data,
1787 hidl_vec<uint8_t>* out,
1788 const hidl_vec<uint8_t>& signature,
1789 KeyPurpose purpose) {
1790
1791 std::basic_stringstream<uint8_t> outBuffer;
1792 OperationResult result;
1793 AuthorizationSet inArgs;
1794 addLegacyBeginParams(name, &inArgs);
1795 sp<IBinder> appToken(new BBinder);
1796 sp<IBinder> token;
1797
1798 begin(appToken, name, purpose, true, inArgs.hidl_data(), hidl_vec<uint8_t>(), UID_SELF,
1799 &result);
1800 if (!result.resultCode.isOk()) {
1801 if (result.resultCode == ResponseCode::KEY_NOT_FOUND) {
1802 ALOGW("Key not found");
1803 } else {
1804 ALOGW("Error in begin: %d", int32_t(result.resultCode));
1805 }
1806 return translateResultToLegacyResult(result.resultCode);
1807 }
1808 inArgs.Clear();
1809 token = result.token;
1810 size_t consumed = 0;
1811 size_t lastConsumed = 0;
1812 hidl_vec<uint8_t> data_view;
1813 do {
1814 data_view.setToExternal(const_cast<uint8_t*>(&data[consumed]), data.size() - consumed);
1815 update(token, inArgs.hidl_data(), data_view, &result);
1816 if (result.resultCode != ResponseCode::NO_ERROR) {
1817 ALOGW("Error in update: %d", int32_t(result.resultCode));
1818 return translateResultToLegacyResult(result.resultCode);
1819 }
1820 if (out) {
1821 outBuffer.write(&result.data[0], result.data.size());
1822 }
1823 lastConsumed = result.inputConsumed;
1824 consumed += lastConsumed;
1825 } while (consumed < data.size() && lastConsumed > 0);
1826
1827 if (consumed != data.size()) {
1828 ALOGW("Not all data consumed. Consumed %zu of %zu", consumed, data.size());
1829 return ResponseCode::SYSTEM_ERROR;
1830 }
1831
1832 finish(token, inArgs.hidl_data(), signature, hidl_vec<uint8_t>(), &result);
1833 if (result.resultCode != ResponseCode::NO_ERROR) {
1834 ALOGW("Error in finish: %d", int32_t(result.resultCode));
1835 return translateResultToLegacyResult(result.resultCode);
1836 }
1837 if (out) {
1838 outBuffer.write(&result.data[0], result.data.size());
1839 }
1840
1841 if (out) {
1842 auto buf = outBuffer.str();
1843 out->resize(buf.size());
1844 memcpy(&(*out)[0], buf.data(), out->size());
1845 }
1846
1847 return ResponseCode::NO_ERROR;
1848 }
1849
upgradeKeyBlob(const String16 & name,uid_t uid,const AuthorizationSet & params,Blob * blob)1850 KeyStoreServiceReturnCode KeyStoreService::upgradeKeyBlob(const String16& name, uid_t uid,
1851 const AuthorizationSet& params,
1852 Blob* blob) {
1853 // Read the blob rather than assuming the caller provided the right name/uid/blob triplet.
1854 String8 name8(name);
1855 ResponseCode responseCode = mKeyStore->getKeyForName(blob, name8, uid, TYPE_KEYMASTER_10);
1856 if (responseCode != ResponseCode::NO_ERROR) {
1857 return responseCode;
1858 }
1859 ALOGI("upgradeKeyBlob %s %d", name8.string(), uid);
1860
1861 auto hidlKey = blob2hidlVec(*blob);
1862 auto& dev = mKeyStore->getDevice(*blob);
1863
1864 KeyStoreServiceReturnCode error;
1865 auto hidlCb = [&](ErrorCode ret, const hidl_vec<uint8_t>& upgradedKeyBlob) {
1866 error = ret;
1867 if (!error.isOk()) {
1868 return;
1869 }
1870
1871 String8 filename(mKeyStore->getKeyNameForUidWithDir(name8, uid, ::TYPE_KEYMASTER_10));
1872 error = mKeyStore->del(filename.string(), ::TYPE_ANY, get_user_id(uid));
1873 if (!error.isOk()) {
1874 ALOGI("upgradeKeyBlob keystore->del failed %d", (int)error);
1875 return;
1876 }
1877
1878 Blob newBlob(&upgradedKeyBlob[0], upgradedKeyBlob.size(), nullptr /* info */,
1879 0 /* infoLength */, ::TYPE_KEYMASTER_10);
1880 newBlob.setFallback(blob->isFallback());
1881 newBlob.setEncrypted(blob->isEncrypted());
1882 newBlob.setSuperEncrypted(blob->isSuperEncrypted());
1883 newBlob.setCriticalToDeviceEncryption(blob->isCriticalToDeviceEncryption());
1884
1885 error = mKeyStore->put(filename.string(), &newBlob, get_user_id(uid));
1886 if (!error.isOk()) {
1887 ALOGI("upgradeKeyBlob keystore->put failed %d", (int)error);
1888 return;
1889 }
1890
1891 // Re-read blob for caller. We can't use newBlob because writing it modified it.
1892 error = mKeyStore->getKeyForName(blob, name8, uid, TYPE_KEYMASTER_10);
1893 };
1894
1895 KeyStoreServiceReturnCode rc =
1896 KS_HANDLE_HIDL_ERROR(dev->upgradeKey(hidlKey, params.hidl_data(), hidlCb));
1897 if (!rc.isOk()) {
1898 return rc;
1899 }
1900
1901 return error;
1902 }
1903
1904 } // namespace keystore
1905