blob: c3da4c82f34b4dcb0f563760734bab6ad6e6eafb [file] [log] [blame]
bigbiff7ba75002020-04-11 20:47:09 -04001/*
2 * Copyright (C) 2016 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#ifndef ANDROID_VOLD_KEYMASTER_H
18#define ANDROID_VOLD_KEYMASTER_H
19
20#include "KeyBuffer.h"
21
22#include <memory>
23#include <string>
24#include <utility>
25
26#include <android-base/macros.h>
bigbiff673c7ae2020-12-02 19:44:56 -050027#include <keymasterV4_1/Keymaster.h>
bigbiffa957f072021-03-07 18:20:29 -050028#include <keymasterV4_1/authorization_set.h>
bigbiff7ba75002020-04-11 20:47:09 -040029
bigbiffa957f072021-03-07 18:20:29 -050030namespace km {
bigbiff7ba75002020-04-11 20:47:09 -040031
bigbiffa957f072021-03-07 18:20:29 -050032using namespace ::android::hardware::keymaster::V4_1;
33
34// Surprisingly -- to me, at least -- this is totally fine. You can re-define symbols that were
35// brought in via a using directive (the "using namespace") above. In general this seems like a
36// dangerous thing to rely on, but in this case its implications are simple and straightforward:
37// km::ErrorCode refers to the 4.0 ErrorCode, though we pull everything else from 4.1.
38using ErrorCode = ::android::hardware::keymaster::V4_0::ErrorCode;
39using V4_1_ErrorCode = ::android::hardware::keymaster::V4_1::ErrorCode;
40
41} // namespace km
42
bigbiff7ba75002020-04-11 20:47:09 -040043using KmDevice = km::support::Keymaster;
44
45// C++ wrappers to the Keymaster hidl interface.
46// This is tailored to the needs of KeyStorage, but could be extended to be
47// a more general interface.
48
49// Wrapper for a Keymaster operation handle representing an
50// ongoing Keymaster operation. Aborts the operation
51// in the destructor if it is unfinished. Methods log failures
52// to LOG(ERROR).
53class KeymasterOperation {
54 public:
55 ~KeymasterOperation();
56 // Is this instance valid? This is false if creation fails, and becomes
57 // false on finish or if an update fails.
58 explicit operator bool() const { return mError == km::ErrorCode::OK; }
59 km::ErrorCode errorCode() const { return mError; }
60 // Call "update" repeatedly until all of the input is consumed, and
61 // concatenate the output. Return true on success.
62 template <class TI, class TO>
63 bool updateCompletely(TI& input, TO* output) {
64 if (output) output->clear();
65 return updateCompletely(input.data(), input.size(), [&](const char* b, size_t n) {
66 if (output) std::copy(b, b + n, std::back_inserter(*output));
67 });
68 }
69
70 // Finish and write the output to this string, unless pointer is null.
71 bool finish(std::string* output);
72 // Move constructor
73 KeymasterOperation(KeymasterOperation&& rhs) { *this = std::move(rhs); }
74 // Construct an object in an error state for error returns
75 KeymasterOperation() : mDevice{nullptr}, mOpHandle{0}, mError{km::ErrorCode::UNKNOWN_ERROR} {}
76 // Move Assignment
77 KeymasterOperation& operator=(KeymasterOperation&& rhs) {
78 mDevice = rhs.mDevice;
79 rhs.mDevice = nullptr;
80
81 mOpHandle = rhs.mOpHandle;
82 rhs.mOpHandle = 0;
83
84 mError = rhs.mError;
85 rhs.mError = km::ErrorCode::UNKNOWN_ERROR;
86
87 return *this;
88 }
89
90 private:
91 KeymasterOperation(KmDevice* d, uint64_t h)
92 : mDevice{d}, mOpHandle{h}, mError{km::ErrorCode::OK} {}
93 KeymasterOperation(km::ErrorCode error) : mDevice{nullptr}, mOpHandle{0}, mError{error} {}
94
95 bool updateCompletely(const char* input, size_t inputLen,
96 const std::function<void(const char*, size_t)> consumer);
97
98 KmDevice* mDevice;
99 uint64_t mOpHandle;
100 km::ErrorCode mError;
101 DISALLOW_COPY_AND_ASSIGN(KeymasterOperation);
102 friend class Keymaster;
103};
104
105// Wrapper for a Keymaster device for methods that start a KeymasterOperation or are not
106// part of one.
107class Keymaster {
108 public:
109 Keymaster();
110 // false if we failed to open the keymaster device.
111 explicit operator bool() { return mDevice.get() != nullptr; }
112 // Generate a key in the keymaster from the given params.
113 bool generateKey(const km::AuthorizationSet& inParams, std::string* key);
bigbiffa957f072021-03-07 18:20:29 -0500114 // Exports a keymaster key with STORAGE_KEY tag wrapped with a per-boot ephemeral key
115 bool exportKey(const KeyBuffer& kmKey, std::string* key);
bigbiff7ba75002020-04-11 20:47:09 -0400116 // If the keymaster supports it, permanently delete a key.
117 bool deleteKey(const std::string& key);
118 // Replace stored key blob in response to KM_ERROR_KEY_REQUIRES_UPGRADE.
119 bool upgradeKey(const std::string& oldKey, const km::AuthorizationSet& inParams,
120 std::string* newKey);
121 // Begin a new cryptographic operation, collecting output parameters if pointer is non-null
122 KeymasterOperation begin(km::KeyPurpose purpose, const std::string& key,
123 const km::AuthorizationSet& inParams,
124 const km::HardwareAuthToken& authToken,
125 km::AuthorizationSet* outParams);
126 bool isSecure();
127
bigbiffa957f072021-03-07 18:20:29 -0500128 // Tell all Keymaster instances that early boot has ended and early boot-only keys can no longer
129 // be created or used.
130 static void earlyBootEnded();
131
bigbiff7ba75002020-04-11 20:47:09 -0400132 private:
bigbiffa957f072021-03-07 18:20:29 -0500133 android::sp<KmDevice> mDevice;
bigbiff7ba75002020-04-11 20:47:09 -0400134 DISALLOW_COPY_AND_ASSIGN(Keymaster);
135 static bool hmacKeyGenerated;
136};
137
bigbiff7ba75002020-04-11 20:47:09 -0400138// FIXME no longer needed now cryptfs is in C++.
139
140/*
141 * The following functions provide C bindings to keymaster services
142 * needed by cryptfs scrypt. The compatibility check checks whether
143 * the keymaster implementation is considered secure, i.e., TEE backed.
144 * The create_key function generates an RSA key for signing.
145 * The sign_object function signes an object with the given keymaster
146 * key.
147 */
148
149/* Return values for keymaster_sign_object_for_cryptfs_scrypt */
150
151enum class KeymasterSignResult {
152 ok = 0,
153 error = -1,
154 upgrade = -2,
155};
156
157int keymaster_compatibility_cryptfs_scrypt();
158int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
159 uint32_t ratelimit, uint8_t* key_buffer,
160 uint32_t key_buffer_size, uint32_t* key_out_size);
161
162int keymaster_upgrade_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
163 uint32_t ratelimit, const uint8_t* key_blob,
164 size_t key_blob_size, uint8_t* key_buffer,
165 uint32_t key_buffer_size, uint32_t* key_out_size);
166
167KeymasterSignResult keymaster_sign_object_for_cryptfs_scrypt(
168 const uint8_t* key_blob, size_t key_blob_size, uint32_t ratelimit, const uint8_t* object,
169 const size_t object_size, uint8_t** signature_buffer, size_t* signature_buffer_size);
170
171#endif