Blame - crypto/fscrypt/Keymaster.cpp - android_bootable_recovery

blob: aad438741fa5846e8f432571631a143863e09975 [file] [log] [blame]

bigbiff	7ba7500	2020-04-11 20:47:09 -0400	[diff] [blame^]	1	/*
				2	* Copyright (C) 2016 The Android Open Source Project
				3	*
				4	* Licensed under the Apache License, Version 2.0 (the "License");
				5	* you may not use this file except in compliance with the License.
				6	* You may obtain a copy of the License at
				7	*
				8	* http://www.apache.org/licenses/LICENSE-2.0
				9	*
				10	* Unless required by applicable law or agreed to in writing, software
				11	* distributed under the License is distributed on an "AS IS" BASIS,
				12	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
				13	* See the License for the specific language governing permissions and
				14	* limitations under the License.
				15	*/
				16
				17	#include "Keymaster.h"
				18
				19	#include <android-base/logging.h>
				20	#include <keymasterV4_0/authorization_set.h>
				21	#include <keymasterV4_0/keymaster_utils.h>
				22
				23	namespace android {
				24	namespace vold {
				25
				26	using ::android::hardware::hidl_string;
				27	using ::android::hardware::hidl_vec;
				28	using ::android::hardware::keymaster::V4_0::SecurityLevel;
				29
				30	KeymasterOperation::~KeymasterOperation() {
				31	if (mDevice) mDevice->abort(mOpHandle);
				32	}
				33
				34	bool KeymasterOperation::updateCompletely(const char* input, size_t inputLen,
				35	const std::function<void(const char*, size_t)> consumer) {
				36	uint32_t inputConsumed = 0;
				37
				38	km::ErrorCode km_error;
				39	auto hidlCB = [&](km::ErrorCode ret, uint32_t inputConsumedDelta,
				40	const hidl_vec<km::KeyParameter>& /ignored/,
				41	const hidl_vec<uint8_t>& _output) {
				42	km_error = ret;
				43	if (km_error != km::ErrorCode::OK) return;
				44	inputConsumed += inputConsumedDelta;
				45	consumer(reinterpret_cast<const char*>(&_output[0]), _output.size());
				46	};
				47
				48	while (inputConsumed != inputLen) {
				49	size_t toRead = static_cast<size_t>(inputLen - inputConsumed);
				50	auto inputBlob = km::support::blob2hidlVec(
				51	reinterpret_cast<const uint8_t*>(&input[inputConsumed]), toRead);
				52	auto error = mDevice->update(mOpHandle, hidl_vec<km::KeyParameter>(), inputBlob,
				53	km::HardwareAuthToken(), km::VerificationToken(), hidlCB);
				54	if (!error.isOk()) {
				55	LOG(ERROR) << "update failed: " << error.description();
				56	mDevice = nullptr;
				57	return false;
				58	}
				59	if (km_error != km::ErrorCode::OK) {
				60	LOG(ERROR) << "update failed, code " << int32_t(km_error);
				61	mDevice = nullptr;
				62	return false;
				63	}
				64	if (inputConsumed > inputLen) {
				65	LOG(ERROR) << "update reported too much input consumed";
				66	mDevice = nullptr;
				67	return false;
				68	}
				69	}
				70	return true;
				71	}
				72
				73	bool KeymasterOperation::finish(std::string* output) {
				74	km::ErrorCode km_error;
				75	auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<km::KeyParameter>& /ignored/,
				76	const hidl_vec<uint8_t>& _output) {
				77	km_error = ret;
				78	if (km_error != km::ErrorCode::OK) return;
				79	if (output) output->assign(reinterpret_cast<const char*>(&_output[0]), _output.size());
				80	};
				81	auto error = mDevice->finish(mOpHandle, hidl_vec<km::KeyParameter>(), hidl_vec<uint8_t>(),
				82	hidl_vec<uint8_t>(), km::HardwareAuthToken(),
				83	km::VerificationToken(), hidlCb);
				84	mDevice = nullptr;
				85	if (!error.isOk()) {
				86	LOG(ERROR) << "finish failed: " << error.description();
				87	return false;
				88	}
				89	if (km_error != km::ErrorCode::OK) {
				90	LOG(ERROR) << "finish failed, code " << int32_t(km_error);
				91	return false;
				92	}
				93	return true;
				94	}
				95
				96	/* static */ bool Keymaster::hmacKeyGenerated = false;
				97
				98	Keymaster::Keymaster() {
				99	auto devices = KmDevice::enumerateAvailableDevices();
				100	if (!hmacKeyGenerated) {
				101	KmDevice::performHmacKeyAgreement(devices);
				102	hmacKeyGenerated = true;
				103	}
				104	for (auto& dev : devices) {
				105	// Do not use StrongBox for device encryption / credential encryption. If a security chip
				106	// is present it will have Weaver, which already strengthens CE. We get no additional
				107	// benefit from using StrongBox here, so skip it.
				108	if (dev->halVersion().securityLevel != SecurityLevel::STRONGBOX) {
				109	mDevice = std::move(dev);
				110	break;
				111	}
				112	}
				113	if (!mDevice) return;
				114	auto& version = mDevice->halVersion();
				115	LOG(INFO) << "Using " << version.keymasterName << " from " << version.authorName
				116	<< " for encryption. Security level: " << toString(version.securityLevel)
				117	<< ", HAL: " << mDevice->descriptor() << "/" << mDevice->instanceName();
				118	}
				119
				120	bool Keymaster::generateKey(const km::AuthorizationSet& inParams, std::string* key) {
				121	km::ErrorCode km_error;
				122	auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<uint8_t>& keyBlob,
				123	const km::KeyCharacteristics& /ignored/) {
				124	km_error = ret;
				125	if (km_error != km::ErrorCode::OK) return;
				126	if (key) key->assign(reinterpret_cast<const char*>(&keyBlob[0]), keyBlob.size());
				127	};
				128
				129	auto error = mDevice->generateKey(inParams.hidl_data(), hidlCb);
				130	if (!error.isOk()) {
				131	LOG(ERROR) << "generate_key failed: " << error.description();
				132	return false;
				133	}
				134	if (km_error != km::ErrorCode::OK) {
				135	LOG(ERROR) << "generate_key failed, code " << int32_t(km_error);
				136	return false;
				137	}
				138	return true;
				139	}
				140
				141	bool Keymaster::deleteKey(const std::string& key) {
				142	auto keyBlob = km::support::blob2hidlVec(key);
				143	auto error = mDevice->deleteKey(keyBlob);
				144	if (!error.isOk()) {
				145	LOG(ERROR) << "delete_key failed: " << error.description();
				146	return false;
				147	}
				148	if (error != km::ErrorCode::OK) {
				149	LOG(ERROR) << "delete_key failed, code " << int32_t(km::ErrorCode(error));
				150	return false;
				151	}
				152	return true;
				153	}
				154
				155	bool Keymaster::upgradeKey(const std::string& oldKey, const km::AuthorizationSet& inParams,
				156	std::string* newKey) {
				157	auto oldKeyBlob = km::support::blob2hidlVec(oldKey);
				158	km::ErrorCode km_error;
				159	auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<uint8_t>& upgradedKeyBlob) {
				160	km_error = ret;
				161	if (km_error != km::ErrorCode::OK) return;
				162	if (newKey)
				163	newKey->assign(reinterpret_cast<const char*>(&upgradedKeyBlob[0]),
				164	upgradedKeyBlob.size());
				165	};
				166	auto error = mDevice->upgradeKey(oldKeyBlob, inParams.hidl_data(), hidlCb);
				167	if (!error.isOk()) {
				168	LOG(ERROR) << "upgrade_key failed: " << error.description();
				169	return false;
				170	}
				171	if (km_error != km::ErrorCode::OK) {
				172	LOG(ERROR) << "upgrade_key failed, code " << int32_t(km_error);
				173	return false;
				174	}
				175	return true;
				176	}
				177
				178	KeymasterOperation Keymaster::begin(km::KeyPurpose purpose, const std::string& key,
				179	const km::AuthorizationSet& inParams,
				180	const km::HardwareAuthToken& authToken,
				181	km::AuthorizationSet* outParams) {
				182	auto keyBlob = km::support::blob2hidlVec(key);
				183	uint64_t mOpHandle;
				184	km::ErrorCode km_error;
				185
				186	auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<km::KeyParameter>& _outParams,
				187	uint64_t operationHandle) {
				188	km_error = ret;
				189	if (km_error != km::ErrorCode::OK) return;
				190	if (outParams) *outParams = _outParams;
				191	mOpHandle = operationHandle;
				192	};
				193
				194	auto error = mDevice->begin(purpose, keyBlob, inParams.hidl_data(), authToken, hidlCb);
				195	if (!error.isOk()) {
				196	LOG(ERROR) << "begin failed: " << error.description();
				197	return KeymasterOperation(km::ErrorCode::UNKNOWN_ERROR);
				198	}
				199	if (km_error != km::ErrorCode::OK) {
				200	LOG(ERROR) << "begin failed, code " << int32_t(km_error);
				201	return KeymasterOperation(km_error);
				202	}
				203	return KeymasterOperation(mDevice.get(), mOpHandle);
				204	}
				205
				206	bool Keymaster::isSecure() {
				207	return mDevice->halVersion().securityLevel != km::SecurityLevel::SOFTWARE;
				208	}
				209
				210	} // namespace vold
				211	} // namespace android
				212
				213	using namespace ::android::vold;
				214
				215	int keymaster_compatibility_cryptfs_scrypt() {
				216	Keymaster dev;
				217	if (!dev) {
				218	LOG(ERROR) << "Failed to initiate keymaster session";
				219	return -1;
				220	}
				221	return dev.isSecure();
				222	}
				223
				224	static bool write_string_to_buf(const std::string& towrite, uint8_t* buffer, uint32_t buffer_size,
				225	uint32_t* out_size) {
				226	if (!buffer \|\| !out_size) {
				227	LOG(ERROR) << "Missing target pointers";
				228	return false;
				229	}
				230	*out_size = towrite.size();
				231	if (buffer_size < towrite.size()) {
				232	LOG(ERROR) << "Buffer too small " << buffer_size << " < " << towrite.size();
				233	return false;
				234	}
				235	memset(buffer, '\0', buffer_size);
				236	std::copy(towrite.begin(), towrite.end(), buffer);
				237	return true;
				238	}
				239
				240	static km::AuthorizationSet keyParams(uint32_t rsa_key_size, uint64_t rsa_exponent,
				241	uint32_t ratelimit) {
				242	return km::AuthorizationSetBuilder()
				243	.RsaSigningKey(rsa_key_size, rsa_exponent)
				244	.NoDigestOrPadding()
				245	.Authorization(km::TAG_BLOB_USAGE_REQUIREMENTS, km::KeyBlobUsageRequirements::STANDALONE)
				246	.Authorization(km::TAG_NO_AUTH_REQUIRED)
				247	.Authorization(km::TAG_MIN_SECONDS_BETWEEN_OPS, ratelimit);
				248	}
				249
				250	int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
				251	uint32_t ratelimit, uint8_t* key_buffer,
				252	uint32_t key_buffer_size, uint32_t* key_out_size) {
				253	if (key_out_size) {
				254	*key_out_size = 0;
				255	}
				256	Keymaster dev;
				257	if (!dev) {
				258	LOG(ERROR) << "Failed to initiate keymaster session";
				259	return -1;
				260	}
				261	std::string key;
				262	if (!dev.generateKey(keyParams(rsa_key_size, rsa_exponent, ratelimit), &key)) return -1;
				263	if (!write_string_to_buf(key, key_buffer, key_buffer_size, key_out_size)) return -1;
				264	return 0;
				265	}
				266
				267	int keymaster_upgrade_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
				268	uint32_t ratelimit, const uint8_t* key_blob,
				269	size_t key_blob_size, uint8_t* key_buffer,
				270	uint32_t key_buffer_size, uint32_t* key_out_size) {
				271	if (key_out_size) {
				272	*key_out_size = 0;
				273	}
				274	Keymaster dev;
				275	if (!dev) {
				276	LOG(ERROR) << "Failed to initiate keymaster session";
				277	return -1;
				278	}
				279	std::string old_key(reinterpret_cast<const char*>(key_blob), key_blob_size);
				280	std::string new_key;
				281	if (!dev.upgradeKey(old_key, keyParams(rsa_key_size, rsa_exponent, ratelimit), &new_key))
				282	return -1;
				283	if (!write_string_to_buf(new_key, key_buffer, key_buffer_size, key_out_size)) return -1;
				284	return 0;
				285	}
				286
				287	KeymasterSignResult keymaster_sign_object_for_cryptfs_scrypt(
				288	const uint8_t* key_blob, size_t key_blob_size, uint32_t ratelimit, const uint8_t* object,
				289	const size_t object_size, uint8_t** signature_buffer, size_t* signature_buffer_size) {
				290	Keymaster dev;
				291	if (!dev) {
				292	LOG(ERROR) << "Failed to initiate keymaster session";
				293	return KeymasterSignResult::error;
				294	}
				295	if (!key_blob \|\| !object \|\| !signature_buffer \|\| !signature_buffer_size) {
				296	LOG(ERROR) << __FILE__ << ":" << __LINE__ << ":Invalid argument";
				297	return KeymasterSignResult::error;
				298	}
				299
				300	km::AuthorizationSet outParams;
				301	std::string key(reinterpret_cast<const char*>(key_blob), key_blob_size);
				302	std::string input(reinterpret_cast<const char*>(object), object_size);
				303	std::string output;
				304	KeymasterOperation op;
				305
				306	auto paramBuilder = km::AuthorizationSetBuilder().NoDigestOrPadding();
				307	while (true) {
				308	op = dev.begin(km::KeyPurpose::SIGN, key, paramBuilder, km::HardwareAuthToken(), &outParams);
				309	if (op.errorCode() == km::ErrorCode::KEY_RATE_LIMIT_EXCEEDED) {
				310	sleep(ratelimit);
				311	continue;
				312	} else
				313	break;
				314	}
				315
				316	if (op.errorCode() == km::ErrorCode::KEY_REQUIRES_UPGRADE) {
				317	LOG(ERROR) << "Keymaster key requires upgrade";
				318	return KeymasterSignResult::upgrade;
				319	}
				320
				321	if (op.errorCode() != km::ErrorCode::OK) {
				322	LOG(ERROR) << "Error starting keymaster signature transaction: " << int32_t(op.errorCode());
				323	return KeymasterSignResult::error;
				324	}
				325
				326	if (!op.updateCompletely(input, &output)) {
				327	LOG(ERROR) << "Error sending data to keymaster signature transaction: "
				328	<< uint32_t(op.errorCode());
				329	return KeymasterSignResult::error;
				330	}
				331
				332	if (!op.finish(&output)) {
				333	LOG(ERROR) << "Error finalizing keymaster signature transaction: "
				334	<< int32_t(op.errorCode());
				335	return KeymasterSignResult::error;
				336	}
				337
				338	signature_buffer = reinterpret_cast<uint8_t>(malloc(output.size()));
				339	if (*signature_buffer == nullptr) {
				340	LOG(ERROR) << "Error allocation buffer for keymaster signature";
				341	return KeymasterSignResult::error;
				342	}
				343	*signature_buffer_size = output.size();
				344	std::copy(output.data(), output.data() + output.size(), *signature_buffer);
				345	return KeymasterSignResult::ok;
				346	}