bigbiff | 7ba7500 | 2020-04-11 20:47:09 -0400 | [diff] [blame^] | 1 | /* |
| 2 | * Copyright (C) 2016 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | #include "Keymaster.h" |
| 18 | |
| 19 | #include <android-base/logging.h> |
| 20 | #include <keymasterV4_0/authorization_set.h> |
| 21 | #include <keymasterV4_0/keymaster_utils.h> |
| 22 | |
| 23 | namespace android { |
| 24 | namespace vold { |
| 25 | |
| 26 | using ::android::hardware::hidl_string; |
| 27 | using ::android::hardware::hidl_vec; |
| 28 | using ::android::hardware::keymaster::V4_0::SecurityLevel; |
| 29 | |
| 30 | KeymasterOperation::~KeymasterOperation() { |
| 31 | if (mDevice) mDevice->abort(mOpHandle); |
| 32 | } |
| 33 | |
| 34 | bool KeymasterOperation::updateCompletely(const char* input, size_t inputLen, |
| 35 | const std::function<void(const char*, size_t)> consumer) { |
| 36 | uint32_t inputConsumed = 0; |
| 37 | |
| 38 | km::ErrorCode km_error; |
| 39 | auto hidlCB = [&](km::ErrorCode ret, uint32_t inputConsumedDelta, |
| 40 | const hidl_vec<km::KeyParameter>& /*ignored*/, |
| 41 | const hidl_vec<uint8_t>& _output) { |
| 42 | km_error = ret; |
| 43 | if (km_error != km::ErrorCode::OK) return; |
| 44 | inputConsumed += inputConsumedDelta; |
| 45 | consumer(reinterpret_cast<const char*>(&_output[0]), _output.size()); |
| 46 | }; |
| 47 | |
| 48 | while (inputConsumed != inputLen) { |
| 49 | size_t toRead = static_cast<size_t>(inputLen - inputConsumed); |
| 50 | auto inputBlob = km::support::blob2hidlVec( |
| 51 | reinterpret_cast<const uint8_t*>(&input[inputConsumed]), toRead); |
| 52 | auto error = mDevice->update(mOpHandle, hidl_vec<km::KeyParameter>(), inputBlob, |
| 53 | km::HardwareAuthToken(), km::VerificationToken(), hidlCB); |
| 54 | if (!error.isOk()) { |
| 55 | LOG(ERROR) << "update failed: " << error.description(); |
| 56 | mDevice = nullptr; |
| 57 | return false; |
| 58 | } |
| 59 | if (km_error != km::ErrorCode::OK) { |
| 60 | LOG(ERROR) << "update failed, code " << int32_t(km_error); |
| 61 | mDevice = nullptr; |
| 62 | return false; |
| 63 | } |
| 64 | if (inputConsumed > inputLen) { |
| 65 | LOG(ERROR) << "update reported too much input consumed"; |
| 66 | mDevice = nullptr; |
| 67 | return false; |
| 68 | } |
| 69 | } |
| 70 | return true; |
| 71 | } |
| 72 | |
| 73 | bool KeymasterOperation::finish(std::string* output) { |
| 74 | km::ErrorCode km_error; |
| 75 | auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<km::KeyParameter>& /*ignored*/, |
| 76 | const hidl_vec<uint8_t>& _output) { |
| 77 | km_error = ret; |
| 78 | if (km_error != km::ErrorCode::OK) return; |
| 79 | if (output) output->assign(reinterpret_cast<const char*>(&_output[0]), _output.size()); |
| 80 | }; |
| 81 | auto error = mDevice->finish(mOpHandle, hidl_vec<km::KeyParameter>(), hidl_vec<uint8_t>(), |
| 82 | hidl_vec<uint8_t>(), km::HardwareAuthToken(), |
| 83 | km::VerificationToken(), hidlCb); |
| 84 | mDevice = nullptr; |
| 85 | if (!error.isOk()) { |
| 86 | LOG(ERROR) << "finish failed: " << error.description(); |
| 87 | return false; |
| 88 | } |
| 89 | if (km_error != km::ErrorCode::OK) { |
| 90 | LOG(ERROR) << "finish failed, code " << int32_t(km_error); |
| 91 | return false; |
| 92 | } |
| 93 | return true; |
| 94 | } |
| 95 | |
| 96 | /* static */ bool Keymaster::hmacKeyGenerated = false; |
| 97 | |
| 98 | Keymaster::Keymaster() { |
| 99 | auto devices = KmDevice::enumerateAvailableDevices(); |
| 100 | if (!hmacKeyGenerated) { |
| 101 | KmDevice::performHmacKeyAgreement(devices); |
| 102 | hmacKeyGenerated = true; |
| 103 | } |
| 104 | for (auto& dev : devices) { |
| 105 | // Do not use StrongBox for device encryption / credential encryption. If a security chip |
| 106 | // is present it will have Weaver, which already strengthens CE. We get no additional |
| 107 | // benefit from using StrongBox here, so skip it. |
| 108 | if (dev->halVersion().securityLevel != SecurityLevel::STRONGBOX) { |
| 109 | mDevice = std::move(dev); |
| 110 | break; |
| 111 | } |
| 112 | } |
| 113 | if (!mDevice) return; |
| 114 | auto& version = mDevice->halVersion(); |
| 115 | LOG(INFO) << "Using " << version.keymasterName << " from " << version.authorName |
| 116 | << " for encryption. Security level: " << toString(version.securityLevel) |
| 117 | << ", HAL: " << mDevice->descriptor() << "/" << mDevice->instanceName(); |
| 118 | } |
| 119 | |
| 120 | bool Keymaster::generateKey(const km::AuthorizationSet& inParams, std::string* key) { |
| 121 | km::ErrorCode km_error; |
| 122 | auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<uint8_t>& keyBlob, |
| 123 | const km::KeyCharacteristics& /*ignored*/) { |
| 124 | km_error = ret; |
| 125 | if (km_error != km::ErrorCode::OK) return; |
| 126 | if (key) key->assign(reinterpret_cast<const char*>(&keyBlob[0]), keyBlob.size()); |
| 127 | }; |
| 128 | |
| 129 | auto error = mDevice->generateKey(inParams.hidl_data(), hidlCb); |
| 130 | if (!error.isOk()) { |
| 131 | LOG(ERROR) << "generate_key failed: " << error.description(); |
| 132 | return false; |
| 133 | } |
| 134 | if (km_error != km::ErrorCode::OK) { |
| 135 | LOG(ERROR) << "generate_key failed, code " << int32_t(km_error); |
| 136 | return false; |
| 137 | } |
| 138 | return true; |
| 139 | } |
| 140 | |
| 141 | bool Keymaster::deleteKey(const std::string& key) { |
| 142 | auto keyBlob = km::support::blob2hidlVec(key); |
| 143 | auto error = mDevice->deleteKey(keyBlob); |
| 144 | if (!error.isOk()) { |
| 145 | LOG(ERROR) << "delete_key failed: " << error.description(); |
| 146 | return false; |
| 147 | } |
| 148 | if (error != km::ErrorCode::OK) { |
| 149 | LOG(ERROR) << "delete_key failed, code " << int32_t(km::ErrorCode(error)); |
| 150 | return false; |
| 151 | } |
| 152 | return true; |
| 153 | } |
| 154 | |
| 155 | bool Keymaster::upgradeKey(const std::string& oldKey, const km::AuthorizationSet& inParams, |
| 156 | std::string* newKey) { |
| 157 | auto oldKeyBlob = km::support::blob2hidlVec(oldKey); |
| 158 | km::ErrorCode km_error; |
| 159 | auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<uint8_t>& upgradedKeyBlob) { |
| 160 | km_error = ret; |
| 161 | if (km_error != km::ErrorCode::OK) return; |
| 162 | if (newKey) |
| 163 | newKey->assign(reinterpret_cast<const char*>(&upgradedKeyBlob[0]), |
| 164 | upgradedKeyBlob.size()); |
| 165 | }; |
| 166 | auto error = mDevice->upgradeKey(oldKeyBlob, inParams.hidl_data(), hidlCb); |
| 167 | if (!error.isOk()) { |
| 168 | LOG(ERROR) << "upgrade_key failed: " << error.description(); |
| 169 | return false; |
| 170 | } |
| 171 | if (km_error != km::ErrorCode::OK) { |
| 172 | LOG(ERROR) << "upgrade_key failed, code " << int32_t(km_error); |
| 173 | return false; |
| 174 | } |
| 175 | return true; |
| 176 | } |
| 177 | |
| 178 | KeymasterOperation Keymaster::begin(km::KeyPurpose purpose, const std::string& key, |
| 179 | const km::AuthorizationSet& inParams, |
| 180 | const km::HardwareAuthToken& authToken, |
| 181 | km::AuthorizationSet* outParams) { |
| 182 | auto keyBlob = km::support::blob2hidlVec(key); |
| 183 | uint64_t mOpHandle; |
| 184 | km::ErrorCode km_error; |
| 185 | |
| 186 | auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<km::KeyParameter>& _outParams, |
| 187 | uint64_t operationHandle) { |
| 188 | km_error = ret; |
| 189 | if (km_error != km::ErrorCode::OK) return; |
| 190 | if (outParams) *outParams = _outParams; |
| 191 | mOpHandle = operationHandle; |
| 192 | }; |
| 193 | |
| 194 | auto error = mDevice->begin(purpose, keyBlob, inParams.hidl_data(), authToken, hidlCb); |
| 195 | if (!error.isOk()) { |
| 196 | LOG(ERROR) << "begin failed: " << error.description(); |
| 197 | return KeymasterOperation(km::ErrorCode::UNKNOWN_ERROR); |
| 198 | } |
| 199 | if (km_error != km::ErrorCode::OK) { |
| 200 | LOG(ERROR) << "begin failed, code " << int32_t(km_error); |
| 201 | return KeymasterOperation(km_error); |
| 202 | } |
| 203 | return KeymasterOperation(mDevice.get(), mOpHandle); |
| 204 | } |
| 205 | |
| 206 | bool Keymaster::isSecure() { |
| 207 | return mDevice->halVersion().securityLevel != km::SecurityLevel::SOFTWARE; |
| 208 | } |
| 209 | |
| 210 | } // namespace vold |
| 211 | } // namespace android |
| 212 | |
| 213 | using namespace ::android::vold; |
| 214 | |
| 215 | int keymaster_compatibility_cryptfs_scrypt() { |
| 216 | Keymaster dev; |
| 217 | if (!dev) { |
| 218 | LOG(ERROR) << "Failed to initiate keymaster session"; |
| 219 | return -1; |
| 220 | } |
| 221 | return dev.isSecure(); |
| 222 | } |
| 223 | |
| 224 | static bool write_string_to_buf(const std::string& towrite, uint8_t* buffer, uint32_t buffer_size, |
| 225 | uint32_t* out_size) { |
| 226 | if (!buffer || !out_size) { |
| 227 | LOG(ERROR) << "Missing target pointers"; |
| 228 | return false; |
| 229 | } |
| 230 | *out_size = towrite.size(); |
| 231 | if (buffer_size < towrite.size()) { |
| 232 | LOG(ERROR) << "Buffer too small " << buffer_size << " < " << towrite.size(); |
| 233 | return false; |
| 234 | } |
| 235 | memset(buffer, '\0', buffer_size); |
| 236 | std::copy(towrite.begin(), towrite.end(), buffer); |
| 237 | return true; |
| 238 | } |
| 239 | |
| 240 | static km::AuthorizationSet keyParams(uint32_t rsa_key_size, uint64_t rsa_exponent, |
| 241 | uint32_t ratelimit) { |
| 242 | return km::AuthorizationSetBuilder() |
| 243 | .RsaSigningKey(rsa_key_size, rsa_exponent) |
| 244 | .NoDigestOrPadding() |
| 245 | .Authorization(km::TAG_BLOB_USAGE_REQUIREMENTS, km::KeyBlobUsageRequirements::STANDALONE) |
| 246 | .Authorization(km::TAG_NO_AUTH_REQUIRED) |
| 247 | .Authorization(km::TAG_MIN_SECONDS_BETWEEN_OPS, ratelimit); |
| 248 | } |
| 249 | |
| 250 | int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent, |
| 251 | uint32_t ratelimit, uint8_t* key_buffer, |
| 252 | uint32_t key_buffer_size, uint32_t* key_out_size) { |
| 253 | if (key_out_size) { |
| 254 | *key_out_size = 0; |
| 255 | } |
| 256 | Keymaster dev; |
| 257 | if (!dev) { |
| 258 | LOG(ERROR) << "Failed to initiate keymaster session"; |
| 259 | return -1; |
| 260 | } |
| 261 | std::string key; |
| 262 | if (!dev.generateKey(keyParams(rsa_key_size, rsa_exponent, ratelimit), &key)) return -1; |
| 263 | if (!write_string_to_buf(key, key_buffer, key_buffer_size, key_out_size)) return -1; |
| 264 | return 0; |
| 265 | } |
| 266 | |
| 267 | int keymaster_upgrade_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent, |
| 268 | uint32_t ratelimit, const uint8_t* key_blob, |
| 269 | size_t key_blob_size, uint8_t* key_buffer, |
| 270 | uint32_t key_buffer_size, uint32_t* key_out_size) { |
| 271 | if (key_out_size) { |
| 272 | *key_out_size = 0; |
| 273 | } |
| 274 | Keymaster dev; |
| 275 | if (!dev) { |
| 276 | LOG(ERROR) << "Failed to initiate keymaster session"; |
| 277 | return -1; |
| 278 | } |
| 279 | std::string old_key(reinterpret_cast<const char*>(key_blob), key_blob_size); |
| 280 | std::string new_key; |
| 281 | if (!dev.upgradeKey(old_key, keyParams(rsa_key_size, rsa_exponent, ratelimit), &new_key)) |
| 282 | return -1; |
| 283 | if (!write_string_to_buf(new_key, key_buffer, key_buffer_size, key_out_size)) return -1; |
| 284 | return 0; |
| 285 | } |
| 286 | |
| 287 | KeymasterSignResult keymaster_sign_object_for_cryptfs_scrypt( |
| 288 | const uint8_t* key_blob, size_t key_blob_size, uint32_t ratelimit, const uint8_t* object, |
| 289 | const size_t object_size, uint8_t** signature_buffer, size_t* signature_buffer_size) { |
| 290 | Keymaster dev; |
| 291 | if (!dev) { |
| 292 | LOG(ERROR) << "Failed to initiate keymaster session"; |
| 293 | return KeymasterSignResult::error; |
| 294 | } |
| 295 | if (!key_blob || !object || !signature_buffer || !signature_buffer_size) { |
| 296 | LOG(ERROR) << __FILE__ << ":" << __LINE__ << ":Invalid argument"; |
| 297 | return KeymasterSignResult::error; |
| 298 | } |
| 299 | |
| 300 | km::AuthorizationSet outParams; |
| 301 | std::string key(reinterpret_cast<const char*>(key_blob), key_blob_size); |
| 302 | std::string input(reinterpret_cast<const char*>(object), object_size); |
| 303 | std::string output; |
| 304 | KeymasterOperation op; |
| 305 | |
| 306 | auto paramBuilder = km::AuthorizationSetBuilder().NoDigestOrPadding(); |
| 307 | while (true) { |
| 308 | op = dev.begin(km::KeyPurpose::SIGN, key, paramBuilder, km::HardwareAuthToken(), &outParams); |
| 309 | if (op.errorCode() == km::ErrorCode::KEY_RATE_LIMIT_EXCEEDED) { |
| 310 | sleep(ratelimit); |
| 311 | continue; |
| 312 | } else |
| 313 | break; |
| 314 | } |
| 315 | |
| 316 | if (op.errorCode() == km::ErrorCode::KEY_REQUIRES_UPGRADE) { |
| 317 | LOG(ERROR) << "Keymaster key requires upgrade"; |
| 318 | return KeymasterSignResult::upgrade; |
| 319 | } |
| 320 | |
| 321 | if (op.errorCode() != km::ErrorCode::OK) { |
| 322 | LOG(ERROR) << "Error starting keymaster signature transaction: " << int32_t(op.errorCode()); |
| 323 | return KeymasterSignResult::error; |
| 324 | } |
| 325 | |
| 326 | if (!op.updateCompletely(input, &output)) { |
| 327 | LOG(ERROR) << "Error sending data to keymaster signature transaction: " |
| 328 | << uint32_t(op.errorCode()); |
| 329 | return KeymasterSignResult::error; |
| 330 | } |
| 331 | |
| 332 | if (!op.finish(&output)) { |
| 333 | LOG(ERROR) << "Error finalizing keymaster signature transaction: " |
| 334 | << int32_t(op.errorCode()); |
| 335 | return KeymasterSignResult::error; |
| 336 | } |
| 337 | |
| 338 | *signature_buffer = reinterpret_cast<uint8_t*>(malloc(output.size())); |
| 339 | if (*signature_buffer == nullptr) { |
| 340 | LOG(ERROR) << "Error allocation buffer for keymaster signature"; |
| 341 | return KeymasterSignResult::error; |
| 342 | } |
| 343 | *signature_buffer_size = output.size(); |
| 344 | std::copy(output.data(), output.data() + output.size(), *signature_buffer); |
| 345 | return KeymasterSignResult::ok; |
| 346 | } |