| bigbiff | 7ba7500 | 2020-04-11 20:47:09 -0400 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2016 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #ifndef ANDROID_VOLD_KEYMASTER_H |
| 18 | #define ANDROID_VOLD_KEYMASTER_H |
| 19 | |
| 20 | #include "KeyBuffer.h" |
| 21 | |
| 22 | #include <memory> |
| 23 | #include <string> |
| 24 | #include <utility> |
| 25 | |
| 26 | #include <android-base/macros.h> |
| bigbiff | 673c7ae | 2020-12-02 19:44:56 -0500 | [diff] [blame^] | 27 | #include <keymasterV4_1/Keymaster.h> |
| bigbiff | 7ba7500 | 2020-04-11 20:47:09 -0400 | [diff] [blame] | 28 | #include <keymasterV4_0/authorization_set.h> |
| 29 | |
| 30 | namespace android { |
| 31 | namespace vold { |
| 32 | |
| bigbiff | 673c7ae | 2020-12-02 19:44:56 -0500 | [diff] [blame^] | 33 | namespace km = ::android::hardware::keymaster::V4_1; |
| bigbiff | 7ba7500 | 2020-04-11 20:47:09 -0400 | [diff] [blame] | 34 | using KmDevice = km::support::Keymaster; |
| 35 | |
| 36 | // C++ wrappers to the Keymaster hidl interface. |
| 37 | // This is tailored to the needs of KeyStorage, but could be extended to be |
| 38 | // a more general interface. |
| 39 | |
| 40 | // Wrapper for a Keymaster operation handle representing an |
| 41 | // ongoing Keymaster operation. Aborts the operation |
| 42 | // in the destructor if it is unfinished. Methods log failures |
| 43 | // to LOG(ERROR). |
| 44 | class KeymasterOperation { |
| 45 | public: |
| 46 | ~KeymasterOperation(); |
| 47 | // Is this instance valid? This is false if creation fails, and becomes |
| 48 | // false on finish or if an update fails. |
| 49 | explicit operator bool() const { return mError == km::ErrorCode::OK; } |
| 50 | km::ErrorCode errorCode() const { return mError; } |
| 51 | // Call "update" repeatedly until all of the input is consumed, and |
| 52 | // concatenate the output. Return true on success. |
| 53 | template <class TI, class TO> |
| 54 | bool updateCompletely(TI& input, TO* output) { |
| 55 | if (output) output->clear(); |
| 56 | return updateCompletely(input.data(), input.size(), [&](const char* b, size_t n) { |
| 57 | if (output) std::copy(b, b + n, std::back_inserter(*output)); |
| 58 | }); |
| 59 | } |
| 60 | |
| 61 | // Finish and write the output to this string, unless pointer is null. |
| 62 | bool finish(std::string* output); |
| 63 | // Move constructor |
| 64 | KeymasterOperation(KeymasterOperation&& rhs) { *this = std::move(rhs); } |
| 65 | // Construct an object in an error state for error returns |
| 66 | KeymasterOperation() : mDevice{nullptr}, mOpHandle{0}, mError{km::ErrorCode::UNKNOWN_ERROR} {} |
| 67 | // Move Assignment |
| 68 | KeymasterOperation& operator=(KeymasterOperation&& rhs) { |
| 69 | mDevice = rhs.mDevice; |
| 70 | rhs.mDevice = nullptr; |
| 71 | |
| 72 | mOpHandle = rhs.mOpHandle; |
| 73 | rhs.mOpHandle = 0; |
| 74 | |
| 75 | mError = rhs.mError; |
| 76 | rhs.mError = km::ErrorCode::UNKNOWN_ERROR; |
| 77 | |
| 78 | return *this; |
| 79 | } |
| 80 | |
| 81 | private: |
| 82 | KeymasterOperation(KmDevice* d, uint64_t h) |
| 83 | : mDevice{d}, mOpHandle{h}, mError{km::ErrorCode::OK} {} |
| 84 | KeymasterOperation(km::ErrorCode error) : mDevice{nullptr}, mOpHandle{0}, mError{error} {} |
| 85 | |
| 86 | bool updateCompletely(const char* input, size_t inputLen, |
| 87 | const std::function<void(const char*, size_t)> consumer); |
| 88 | |
| 89 | KmDevice* mDevice; |
| 90 | uint64_t mOpHandle; |
| 91 | km::ErrorCode mError; |
| 92 | DISALLOW_COPY_AND_ASSIGN(KeymasterOperation); |
| 93 | friend class Keymaster; |
| 94 | }; |
| 95 | |
| 96 | // Wrapper for a Keymaster device for methods that start a KeymasterOperation or are not |
| 97 | // part of one. |
| 98 | class Keymaster { |
| 99 | public: |
| 100 | Keymaster(); |
| 101 | // false if we failed to open the keymaster device. |
| 102 | explicit operator bool() { return mDevice.get() != nullptr; } |
| 103 | // Generate a key in the keymaster from the given params. |
| 104 | bool generateKey(const km::AuthorizationSet& inParams, std::string* key); |
| mauronofrio matarrese | 7982032 | 2020-05-25 19:48:56 +0200 | [diff] [blame] | 105 | // Export a key from keymaster. |
| mauronofrio matarrese | bd79db4 | 2020-05-25 20:18:52 +0200 | [diff] [blame] | 106 | km::ErrorCode exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId, |
| mauronofrio matarrese | 7982032 | 2020-05-25 19:48:56 +0200 | [diff] [blame] | 107 | const std::string& appData, std::string* key); |
| bigbiff | 7ba7500 | 2020-04-11 20:47:09 -0400 | [diff] [blame] | 108 | // If the keymaster supports it, permanently delete a key. |
| 109 | bool deleteKey(const std::string& key); |
| 110 | // Replace stored key blob in response to KM_ERROR_KEY_REQUIRES_UPGRADE. |
| 111 | bool upgradeKey(const std::string& oldKey, const km::AuthorizationSet& inParams, |
| 112 | std::string* newKey); |
| 113 | // Begin a new cryptographic operation, collecting output parameters if pointer is non-null |
| 114 | KeymasterOperation begin(km::KeyPurpose purpose, const std::string& key, |
| 115 | const km::AuthorizationSet& inParams, |
| 116 | const km::HardwareAuthToken& authToken, |
| 117 | km::AuthorizationSet* outParams); |
| 118 | bool isSecure(); |
| 119 | |
| 120 | private: |
| 121 | std::unique_ptr<KmDevice> mDevice; |
| 122 | DISALLOW_COPY_AND_ASSIGN(Keymaster); |
| 123 | static bool hmacKeyGenerated; |
| 124 | }; |
| 125 | |
| 126 | } // namespace vold |
| 127 | } // namespace android |
| 128 | |
| 129 | // FIXME no longer needed now cryptfs is in C++. |
| 130 | |
| 131 | /* |
| 132 | * The following functions provide C bindings to keymaster services |
| 133 | * needed by cryptfs scrypt. The compatibility check checks whether |
| 134 | * the keymaster implementation is considered secure, i.e., TEE backed. |
| 135 | * The create_key function generates an RSA key for signing. |
| 136 | * The sign_object function signes an object with the given keymaster |
| 137 | * key. |
| 138 | */ |
| 139 | |
| 140 | /* Return values for keymaster_sign_object_for_cryptfs_scrypt */ |
| 141 | |
| 142 | enum class KeymasterSignResult { |
| 143 | ok = 0, |
| 144 | error = -1, |
| 145 | upgrade = -2, |
| 146 | }; |
| 147 | |
| 148 | int keymaster_compatibility_cryptfs_scrypt(); |
| 149 | int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent, |
| 150 | uint32_t ratelimit, uint8_t* key_buffer, |
| 151 | uint32_t key_buffer_size, uint32_t* key_out_size); |
| 152 | |
| 153 | int keymaster_upgrade_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent, |
| 154 | uint32_t ratelimit, const uint8_t* key_blob, |
| 155 | size_t key_blob_size, uint8_t* key_buffer, |
| 156 | uint32_t key_buffer_size, uint32_t* key_out_size); |
| 157 | |
| 158 | KeymasterSignResult keymaster_sign_object_for_cryptfs_scrypt( |
| 159 | const uint8_t* key_blob, size_t key_blob_size, uint32_t ratelimit, const uint8_t* object, |
| 160 | const size_t object_size, uint8_t** signature_buffer, size_t* signature_buffer_size); |
| 161 | |
| 162 | #endif |