Make vold use keystore2 instead of keymaster
Make vold use keystore2 for all its operations instead of directly using
keymaster. This way, we won't have any clients that bypass keystore2,
and we'll no longer need to reserve a keymaster operation for vold.
Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE)
when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX.
Keystore2 presents any SOFTWARE implementation as a TEE to callers when
no "real" TEE is present. As far as storage encryption is concerned,
there's no advantage to using a STRONGBOX when a "real" TEE is present,
and a STRONGBOX can't be present if a "real" TEE isn't, so asking
Keystore2 for a TEE is the best we can do in any situation.
The difference in behaviour only really affects the full disk encryption
code in cryptfs.cpp, which used to explicitly check that the keymaster
device is a "real" TEE (as opposed to a SOFTWARE implementation) before
using it (it can no longer do so since Keystore2 doesn't provide a way
to do this).
A little code history digging (7c49ab0a0b in particular) shows that
cryptfs.cpp cared about two things when using a keymaster.
- 1) that the keys generated by the keymaster were "standalone" keys -
i.e. that the keymaster could operate on those keys without
requiring /data or any other service to be available.
- 2) that the keymaster was a non-SOFTWARE implementation so that things
would still work in case a "real" TEE keymaster was ever somehow
added to the device after first boot.
Today, all "real" TEE keymasters always generate "standalone" keys, and
a TEE has been required in Android devices since at least Android N. The
only two exceptions are Goldfish and ARC++, which have SOFTWARE
keymasters, but both those keymasters also generate "standalone" keys.
We're also no longer worried about possibly adding a "real" TEE KM to
either of those devices after first boot. So there's no longer a reason
cryptfs.cpp can't use the SOFTWARE keymaster on those devices.
There's also already an upgrade path in place (see
test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's
being used once a TEE keymaster is added to the device. So it's safe for
cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it
blindly, without checking whether or not it's a "real" TEE, which is why
Keymaster::isSecure() just returns true now. A future patch will remove
that function and simplify its callers.
Bug: 181910578
Test: cuttlefish and bramble boot. Adding, switching between, stopping
and removing users work.
Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
diff --git a/KeyStorage.cpp b/KeyStorage.cpp
index 11e85fd..8d518de 100644
--- a/KeyStorage.cpp
+++ b/KeyStorage.cpp
@@ -46,8 +46,6 @@
#include <cutils/properties.h>
#include <hardware/hw_auth_token.h>
-#include <keymasterV4_1/authorization_set.h>
-#include <keymasterV4_1/keymaster_utils.h>
extern "C" {
@@ -151,12 +149,11 @@
static bool generateKeyStorageKey(Keymaster& keymaster, const std::string& appId,
std::string* key) {
- auto paramBuilder =
- km::AuthorizationSetBuilder()
- .AesEncryptionKey(AES_KEY_BYTES * 8)
- .GcmModeMinMacLen(GCM_MAC_BYTES * 8)
- .Authorization(km::TAG_APPLICATION_ID, km::support::blob2hidlVec(appId))
- .Authorization(km::TAG_NO_AUTH_REQUIRED);
+ auto paramBuilder = km::AuthorizationSetBuilder()
+ .AesEncryptionKey(AES_KEY_BYTES * 8)
+ .GcmModeMinMacLen(GCM_MAC_BYTES * 8)
+ .Authorization(km::TAG_APPLICATION_ID, appId)
+ .Authorization(km::TAG_NO_AUTH_REQUIRED);
LOG(DEBUG) << "Generating \"key storage\" key that doesn't need auth token";
return generateKeymasterKey(keymaster, paramBuilder, key);
}
@@ -187,7 +184,7 @@
static km::AuthorizationSet beginParams(const std::string& appId) {
return km::AuthorizationSetBuilder()
.GcmModeMacLen(GCM_MAC_BYTES * 8)
- .Authorization(km::TAG_APPLICATION_ID, km::support::blob2hidlVec(appId));
+ .Authorization(km::TAG_APPLICATION_ID, appId);
}
static bool readFileToString(const std::string& filename, std::string* result) {
@@ -320,7 +317,6 @@
// Begins a Keymaster operation using the key stored in |dir|.
static KeymasterOperation BeginKeymasterOp(Keymaster& keymaster, const std::string& dir,
- km::KeyPurpose purpose,
const km::AuthorizationSet& keyParams,
const km::AuthorizationSet& opParams,
km::AuthorizationSet* outParams) {
@@ -344,9 +340,11 @@
if (!readFileToString(blob_file, &blob)) return KeymasterOperation();
}
- auto opHandle = keymaster.begin(purpose, blob, inParams, outParams);
- if (opHandle) return opHandle;
- if (opHandle.errorCode() != km::ErrorCode::KEY_REQUIRES_UPGRADE) return opHandle;
+ auto opHandle = keymaster.begin(blob, inParams, outParams);
+ if (!opHandle) return opHandle;
+
+ // If key blob wasn't upgraded, nothing left to do.
+ if (!opHandle.getUpgradedBlob()) return opHandle;
if (already_upgraded) {
LOG(ERROR) << "Unexpected case; already-upgraded key " << upgraded_blob_file
@@ -354,8 +352,8 @@
return KeymasterOperation();
}
LOG(INFO) << "Upgrading key: " << blob_file;
- if (!keymaster.upgradeKey(blob, keyParams, &blob)) return KeymasterOperation();
- if (!writeStringToFile(blob, upgraded_blob_file)) return KeymasterOperation();
+ if (!writeStringToFile(*opHandle.getUpgradedBlob(), upgraded_blob_file))
+ return KeymasterOperation();
if (cp_needsCheckpoint()) {
LOG(INFO) << "Wrote upgraded key to " << upgraded_blob_file
<< "; delaying commit due to checkpoint";
@@ -364,26 +362,24 @@
if (!CommitUpgradedKey(keymaster, dir)) return KeymasterOperation();
LOG(INFO) << "Key upgraded: " << blob_file;
}
-
- return keymaster.begin(purpose, blob, inParams, outParams);
+ return opHandle;
}
static bool encryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir,
const km::AuthorizationSet& keyParams,
const KeyBuffer& message, std::string* ciphertext) {
- km::AuthorizationSet opParams;
+ km::AuthorizationSet opParams =
+ km::AuthorizationSetBuilder().Authorization(km::TAG_PURPOSE, km::KeyPurpose::ENCRYPT);
km::AuthorizationSet outParams;
- auto opHandle = BeginKeymasterOp(keymaster, dir, km::KeyPurpose::ENCRYPT, keyParams, opParams,
- &outParams);
+ auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, &outParams);
if (!opHandle) return false;
auto nonceBlob = outParams.GetTagValue(km::TAG_NONCE);
- if (!nonceBlob.isOk()) {
+ if (!nonceBlob) {
LOG(ERROR) << "GCM encryption but no nonce generated";
return false;
}
// nonceBlob here is just a pointer into existing data, must not be freed
- std::string nonce(reinterpret_cast<const char*>(&nonceBlob.value()[0]),
- nonceBlob.value().size());
+ std::string nonce(nonceBlob.value().get().begin(), nonceBlob.value().get().end());
if (!checkSize("nonce", nonce.size(), GCM_NONCE_BYTES)) return false;
std::string body;
if (!opHandle.updateCompletely(message, &body)) return false;
@@ -398,12 +394,12 @@
static bool decryptWithKeymasterKey(Keymaster& keymaster, const std::string& dir,
const km::AuthorizationSet& keyParams,
const std::string& ciphertext, KeyBuffer* message) {
- auto nonce = ciphertext.substr(0, GCM_NONCE_BYTES);
+ const std::string nonce = ciphertext.substr(0, GCM_NONCE_BYTES);
auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
- auto opParams = km::AuthorizationSetBuilder().Authorization(km::TAG_NONCE,
- km::support::blob2hidlVec(nonce));
- auto opHandle =
- BeginKeymasterOp(keymaster, dir, km::KeyPurpose::DECRYPT, keyParams, opParams, nullptr);
+ auto opParams = km::AuthorizationSetBuilder()
+ .Authorization(km::TAG_NONCE, nonce)
+ .Authorization(km::TAG_PURPOSE, km::KeyPurpose::DECRYPT);
+ auto opHandle = BeginKeymasterOp(keymaster, dir, keyParams, opParams, nullptr);
if (!opHandle) return false;
if (!opHandle.updateCompletely(bodyAndMac, message)) return false;
if (!opHandle.finish(nullptr)) return false;