Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2016 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
Paul Crowley | 0323afd | 2016-03-15 17:04:39 -0700 | [diff] [blame] | 17 | #ifndef ANDROID_VOLD_KEYMASTER_H |
| 18 | #define ANDROID_VOLD_KEYMASTER_H |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 19 | |
Janis Danisevskis | 015ec30 | 2017-01-31 11:31:08 +0000 | [diff] [blame] | 20 | #ifdef __cplusplus |
| 21 | |
Pavel Grafov | e2e2d30 | 2017-08-01 17:15:53 +0100 | [diff] [blame] | 22 | #include "KeyBuffer.h" |
| 23 | |
Paul Crowley | 0323afd | 2016-03-15 17:04:39 -0700 | [diff] [blame] | 24 | #include <memory> |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 25 | #include <string> |
Paul Crowley | 0323afd | 2016-03-15 17:04:39 -0700 | [diff] [blame] | 26 | #include <utility> |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 27 | |
Janis Danisevskis | 8e537b8 | 2016-10-26 14:27:10 +0100 | [diff] [blame] | 28 | #include <android/hardware/keymaster/3.0/IKeymasterDevice.h> |
Steven Moreland | 25e8b4b | 2017-05-01 12:45:32 -0700 | [diff] [blame] | 29 | #include <android-base/macros.h> |
Janis Danisevskis | 8e537b8 | 2016-10-26 14:27:10 +0100 | [diff] [blame] | 30 | #include <keystore/authorization_set.h> |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 31 | |
| 32 | namespace android { |
| 33 | namespace vold { |
Janis Danisevskis | 8e537b8 | 2016-10-26 14:27:10 +0100 | [diff] [blame] | 34 | using ::android::hardware::keymaster::V3_0::IKeymasterDevice; |
| 35 | using ::keystore::ErrorCode; |
| 36 | using ::keystore::KeyPurpose; |
| 37 | using ::keystore::AuthorizationSet; |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 38 | |
Janis Danisevskis | 8e537b8 | 2016-10-26 14:27:10 +0100 | [diff] [blame] | 39 | // C++ wrappers to the Keymaster hidl interface. |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 40 | // This is tailored to the needs of KeyStorage, but could be extended to be |
| 41 | // a more general interface. |
| 42 | |
Janis Danisevskis | 8e537b8 | 2016-10-26 14:27:10 +0100 | [diff] [blame] | 43 | // Wrapper for a Keymaster operation handle representing an |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 44 | // ongoing Keymaster operation. Aborts the operation |
| 45 | // in the destructor if it is unfinished. Methods log failures |
| 46 | // to LOG(ERROR). |
| 47 | class KeymasterOperation { |
Paul Crowley | df528a7 | 2016-03-09 09:31:37 -0800 | [diff] [blame] | 48 | public: |
Paul Crowley | 0323afd | 2016-03-15 17:04:39 -0700 | [diff] [blame] | 49 | ~KeymasterOperation(); |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 50 | // Is this instance valid? This is false if creation fails, and becomes |
| 51 | // false on finish or if an update fails. |
Janis Danisevskis | 8e537b8 | 2016-10-26 14:27:10 +0100 | [diff] [blame] | 52 | explicit operator bool() { return mError == ErrorCode::OK; } |
Wei Wang | 4375f1b | 2017-02-24 17:43:01 -0800 | [diff] [blame] | 53 | ErrorCode errorCode() { return mError; } |
Paul Crowley | 13ffd8e | 2016-01-27 14:30:22 +0000 | [diff] [blame] | 54 | // Call "update" repeatedly until all of the input is consumed, and |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 55 | // concatenate the output. Return true on success. |
Pavel Grafov | e2e2d30 | 2017-08-01 17:15:53 +0100 | [diff] [blame] | 56 | template <class TI, class TO> |
| 57 | bool updateCompletely(TI& input, TO* output) { |
| 58 | if (output) output->clear(); |
| 59 | return updateCompletely(input.data(), input.size(), [&](const char* b, size_t n) { |
| 60 | if (output) std::copy(b, b+n, std::back_inserter(*output)); |
| 61 | }); |
| 62 | } |
| 63 | |
Paul Crowley | dff8c72 | 2016-05-16 08:14:56 -0700 | [diff] [blame] | 64 | // Finish and write the output to this string, unless pointer is null. |
| 65 | bool finish(std::string* output); |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 66 | // Move constructor |
| 67 | KeymasterOperation(KeymasterOperation&& rhs) { |
Paul Crowley | 0323afd | 2016-03-15 17:04:39 -0700 | [diff] [blame] | 68 | mDevice = std::move(rhs.mDevice); |
Paul Crowley | dff8c72 | 2016-05-16 08:14:56 -0700 | [diff] [blame] | 69 | mOpHandle = std::move(rhs.mOpHandle); |
| 70 | mError = std::move(rhs.mError); |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 71 | } |
Paul Crowley | dff8c72 | 2016-05-16 08:14:56 -0700 | [diff] [blame] | 72 | // Construct an object in an error state for error returns |
Janis Danisevskis | 8e537b8 | 2016-10-26 14:27:10 +0100 | [diff] [blame] | 73 | KeymasterOperation() |
Janis Danisevskis | 015ec30 | 2017-01-31 11:31:08 +0000 | [diff] [blame] | 74 | : mDevice{nullptr}, mOpHandle{0}, |
Janis Danisevskis | 8e537b8 | 2016-10-26 14:27:10 +0100 | [diff] [blame] | 75 | mError {ErrorCode::UNKNOWN_ERROR} {} |
Janis Danisevskis | 015ec30 | 2017-01-31 11:31:08 +0000 | [diff] [blame] | 76 | // Move Assignment |
| 77 | KeymasterOperation& operator= (KeymasterOperation&& rhs) { |
| 78 | mDevice = std::move(rhs.mDevice); |
| 79 | mOpHandle = std::move(rhs.mOpHandle); |
| 80 | mError = std::move(rhs.mError); |
| 81 | rhs.mError = ErrorCode::UNKNOWN_ERROR; |
| 82 | rhs.mOpHandle = 0; |
| 83 | return *this; |
| 84 | } |
Paul Crowley | df528a7 | 2016-03-09 09:31:37 -0800 | [diff] [blame] | 85 | |
| 86 | private: |
Janis Danisevskis | 8e537b8 | 2016-10-26 14:27:10 +0100 | [diff] [blame] | 87 | KeymasterOperation(const sp<IKeymasterDevice>& d, uint64_t h) |
| 88 | : mDevice{d}, mOpHandle{h}, mError {ErrorCode::OK} {} |
| 89 | KeymasterOperation(ErrorCode error) |
| 90 | : mDevice{nullptr}, mOpHandle{0}, |
Paul Crowley | dff8c72 | 2016-05-16 08:14:56 -0700 | [diff] [blame] | 91 | mError {error} {} |
Pavel Grafov | e2e2d30 | 2017-08-01 17:15:53 +0100 | [diff] [blame] | 92 | |
| 93 | bool updateCompletely(const char* input, size_t inputLen, |
| 94 | const std::function<void(const char*, size_t)> consumer); |
| 95 | |
Janis Danisevskis | 8e537b8 | 2016-10-26 14:27:10 +0100 | [diff] [blame] | 96 | sp<IKeymasterDevice> mDevice; |
| 97 | uint64_t mOpHandle; |
| 98 | ErrorCode mError; |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 99 | DISALLOW_COPY_AND_ASSIGN(KeymasterOperation); |
| 100 | friend class Keymaster; |
| 101 | }; |
| 102 | |
Paul Crowley | 0323afd | 2016-03-15 17:04:39 -0700 | [diff] [blame] | 103 | // Wrapper for a Keymaster device for methods that start a KeymasterOperation or are not |
| 104 | // part of one. |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 105 | class Keymaster { |
Paul Crowley | df528a7 | 2016-03-09 09:31:37 -0800 | [diff] [blame] | 106 | public: |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 107 | Keymaster(); |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 108 | // false if we failed to open the keymaster device. |
Janis Danisevskis | 8e537b8 | 2016-10-26 14:27:10 +0100 | [diff] [blame] | 109 | explicit operator bool() { return mDevice.get() != nullptr; } |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 110 | // Generate a key in the keymaster from the given params. |
Paul Crowley | df528a7 | 2016-03-09 09:31:37 -0800 | [diff] [blame] | 111 | bool generateKey(const AuthorizationSet& inParams, std::string* key); |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 112 | // If the keymaster supports it, permanently delete a key. |
Paul Crowley | df528a7 | 2016-03-09 09:31:37 -0800 | [diff] [blame] | 113 | bool deleteKey(const std::string& key); |
Paul Crowley | dff8c72 | 2016-05-16 08:14:56 -0700 | [diff] [blame] | 114 | // Replace stored key blob in response to KM_ERROR_KEY_REQUIRES_UPGRADE. |
| 115 | bool upgradeKey(const std::string& oldKey, const AuthorizationSet& inParams, |
| 116 | std::string* newKey); |
| 117 | // Begin a new cryptographic operation, collecting output parameters if pointer is non-null |
Janis Danisevskis | 8e537b8 | 2016-10-26 14:27:10 +0100 | [diff] [blame] | 118 | KeymasterOperation begin(KeyPurpose purpose, const std::string& key, |
Paul Crowley | df528a7 | 2016-03-09 09:31:37 -0800 | [diff] [blame] | 119 | const AuthorizationSet& inParams, AuthorizationSet* outParams); |
Janis Danisevskis | 015ec30 | 2017-01-31 11:31:08 +0000 | [diff] [blame] | 120 | bool isSecure(); |
Paul Crowley | df528a7 | 2016-03-09 09:31:37 -0800 | [diff] [blame] | 121 | |
| 122 | private: |
Janis Danisevskis | 8e537b8 | 2016-10-26 14:27:10 +0100 | [diff] [blame] | 123 | sp<hardware::keymaster::V3_0::IKeymasterDevice> mDevice; |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 124 | DISALLOW_COPY_AND_ASSIGN(Keymaster); |
| 125 | }; |
| 126 | |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 127 | } // namespace vold |
| 128 | } // namespace android |
| 129 | |
Janis Danisevskis | 015ec30 | 2017-01-31 11:31:08 +0000 | [diff] [blame] | 130 | #endif // __cplusplus |
| 131 | |
| 132 | |
| 133 | /* |
| 134 | * The following functions provide C bindings to keymaster services |
| 135 | * needed by cryptfs scrypt. The compatibility check checks whether |
| 136 | * the keymaster implementation is considered secure, i.e., TEE backed. |
| 137 | * The create_key function generates an RSA key for signing. |
| 138 | * The sign_object function signes an object with the given keymaster |
| 139 | * key. |
| 140 | */ |
| 141 | __BEGIN_DECLS |
| 142 | |
Paul Crowley | 7347333 | 2017-11-21 15:43:51 -0800 | [diff] [blame] | 143 | /* Return values for keymaster_sign_object_for_cryptfs_scrypt */ |
| 144 | |
| 145 | enum class KeymasterSignResult { |
| 146 | ok = 0, |
| 147 | error = -1, |
| 148 | upgrade = -2, |
| 149 | }; |
| 150 | |
Janis Danisevskis | 015ec30 | 2017-01-31 11:31:08 +0000 | [diff] [blame] | 151 | int keymaster_compatibility_cryptfs_scrypt(); |
| 152 | int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, |
| 153 | uint64_t rsa_exponent, |
| 154 | uint32_t ratelimit, |
| 155 | uint8_t* key_buffer, |
| 156 | uint32_t key_buffer_size, |
| 157 | uint32_t* key_out_size); |
| 158 | |
Paul Crowley | 7347333 | 2017-11-21 15:43:51 -0800 | [diff] [blame] | 159 | int keymaster_upgrade_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent, |
| 160 | uint32_t ratelimit, const uint8_t* key_blob, |
| 161 | size_t key_blob_size, uint8_t* key_buffer, |
| 162 | uint32_t key_buffer_size, uint32_t* key_out_size); |
| 163 | |
| 164 | KeymasterSignResult keymaster_sign_object_for_cryptfs_scrypt( |
| 165 | const uint8_t* key_blob, size_t key_blob_size, uint32_t ratelimit, const uint8_t* object, |
| 166 | const size_t object_size, uint8_t** signature_buffer, size_t* signature_buffer_size); |
Janis Danisevskis | 015ec30 | 2017-01-31 11:31:08 +0000 | [diff] [blame] | 167 | |
| 168 | __END_DECLS |
| 169 | |
Paul Crowley | 1ef2558 | 2016-01-21 20:26:12 +0000 | [diff] [blame] | 170 | #endif |