platform_system_security/keystore/blob.cpp
David Benjamin e2d3e0b584 Merge "Replace custom BoringSSL scopers with bssl::UniquePtr."
am: 147f3df5c3

Change-Id: Ieb0bb08b000fe2eada74c8884fc4845beadc9d0f
2019-08-19 16:54:11 -07:00

791 lines
27 KiB
C++

/*
* Copyright (C) 2015 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#define LOG_TAG "keystore"
#include <arpa/inet.h>
#include <errno.h>
#include <fcntl.h>
#include <string.h>
#include <log/log.h>
#include "blob.h"
#include "keystore_utils.h"
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <istream>
#include <ostream>
#include <streambuf>
#include <string>
#include <android-base/logging.h>
#include <android-base/unique_fd.h>
namespace {
constexpr size_t kGcmIvSizeBytes = 96 / 8;
#if defined(__clang__)
#define OPTNONE __attribute__((optnone))
#elif defined(__GNUC__)
#define OPTNONE __attribute__((optimize("O0")))
#else
#error Need a definition for OPTNONE
#endif
class ArrayEraser {
public:
ArrayEraser(uint8_t* arr, size_t size) : mArr(arr), mSize(size) {}
OPTNONE ~ArrayEraser() { std::fill(mArr, mArr + mSize, 0); }
private:
volatile uint8_t* mArr;
size_t mSize;
};
/**
* Returns a EVP_CIPHER appropriate for the given key, based on the key's size.
*/
const EVP_CIPHER* getAesCipherForKey(const std::vector<uint8_t>& key) {
const EVP_CIPHER* cipher = EVP_aes_256_gcm();
if (key.size() == kAes128KeySizeBytes) {
cipher = EVP_aes_128_gcm();
}
return cipher;
}
/*
* Encrypt 'len' data at 'in' with AES-GCM, using 128-bit or 256-bit key at 'key', 96-bit IV at
* 'iv' and write output to 'out' (which may be the same location as 'in') and 128-bit tag to
* 'tag'.
*/
ResponseCode AES_gcm_encrypt(const uint8_t* in, uint8_t* out, size_t len,
const std::vector<uint8_t>& key, const uint8_t* iv, uint8_t* tag) {
// There can be 128-bit and 256-bit keys
const EVP_CIPHER* cipher = getAesCipherForKey(key);
bssl::UniquePtr<EVP_CIPHER_CTX> ctx(EVP_CIPHER_CTX_new());
EVP_EncryptInit_ex(ctx.get(), cipher, nullptr /* engine */, key.data(), iv);
EVP_CIPHER_CTX_set_padding(ctx.get(), 0 /* no padding needed with GCM */);
std::unique_ptr<uint8_t[]> out_tmp(new uint8_t[len]);
uint8_t* out_pos = out_tmp.get();
int out_len;
EVP_EncryptUpdate(ctx.get(), out_pos, &out_len, in, len);
out_pos += out_len;
EVP_EncryptFinal_ex(ctx.get(), out_pos, &out_len);
out_pos += out_len;
if (out_pos - out_tmp.get() != static_cast<ssize_t>(len)) {
ALOGD("Encrypted ciphertext is the wrong size, expected %zu, got %zd", len,
out_pos - out_tmp.get());
return ResponseCode::SYSTEM_ERROR;
}
std::copy(out_tmp.get(), out_pos, out);
EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, kGcmTagLength, tag);
return ResponseCode::NO_ERROR;
}
/*
* Decrypt 'len' data at 'in' with AES-GCM, using 128-bit or 256-bit key at 'key', 96-bit IV at
* 'iv', checking 128-bit tag at 'tag' and writing plaintext to 'out'(which may be the same
* location as 'in').
*/
ResponseCode AES_gcm_decrypt(const uint8_t* in, uint8_t* out, size_t len,
const std::vector<uint8_t> key, const uint8_t* iv,
const uint8_t* tag) {
// There can be 128-bit and 256-bit keys
const EVP_CIPHER* cipher = getAesCipherForKey(key);
bssl::UniquePtr<EVP_CIPHER_CTX> ctx(EVP_CIPHER_CTX_new());
EVP_DecryptInit_ex(ctx.get(), cipher, nullptr /* engine */, key.data(), iv);
EVP_CIPHER_CTX_set_padding(ctx.get(), 0 /* no padding needed with GCM */);
EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, kGcmTagLength, const_cast<uint8_t*>(tag));
std::unique_ptr<uint8_t[]> out_tmp(new uint8_t[len]);
ArrayEraser out_eraser(out_tmp.get(), len);
uint8_t* out_pos = out_tmp.get();
int out_len;
EVP_DecryptUpdate(ctx.get(), out_pos, &out_len, in, len);
out_pos += out_len;
if (!EVP_DecryptFinal_ex(ctx.get(), out_pos, &out_len)) {
ALOGE("Failed to decrypt blob; ciphertext or tag is likely corrupted");
return ResponseCode::VALUE_CORRUPTED;
}
out_pos += out_len;
if (out_pos - out_tmp.get() != static_cast<ssize_t>(len)) {
ALOGE("Encrypted plaintext is the wrong size, expected %zu, got %zd", len,
out_pos - out_tmp.get());
return ResponseCode::VALUE_CORRUPTED;
}
std::copy(out_tmp.get(), out_pos, out);
return ResponseCode::NO_ERROR;
}
class ArrayStreamBuffer : public std::streambuf {
public:
template <typename T, size_t size> explicit ArrayStreamBuffer(const T (&data)[size]) {
static_assert(sizeof(T) == 1, "Array element size too large");
std::streambuf::char_type* d = const_cast<std::streambuf::char_type*>(
reinterpret_cast<const std::streambuf::char_type*>(&data[0]));
setg(d, d, d + size);
setp(d, d + size);
}
protected:
pos_type seekoff(off_type off, std::ios_base::seekdir dir,
std::ios_base::openmode which = std::ios_base::in |
std::ios_base::out) override {
bool in = which & std::ios_base::in;
bool out = which & std::ios_base::out;
if ((!in && !out) || (in && out && dir == std::ios_base::cur)) return -1;
std::streambuf::char_type* newPosPtr;
switch (dir) {
case std::ios_base::beg:
newPosPtr = pbase();
break;
case std::ios_base::cur:
// if dir == cur then in xor out due to
// if ((!in && !out) || (in && out && dir == std::ios_base::cur)) return -1; above
if (in)
newPosPtr = gptr();
else
newPosPtr = pptr();
break;
case std::ios_base::end:
// in and out bounds are the same and cannot change, so we can take either range
// regardless of the value of "which"
newPosPtr = epptr();
break;
}
newPosPtr += off;
if (newPosPtr < pbase() || newPosPtr > epptr()) return -1;
if (in) {
gbump(newPosPtr - gptr());
}
if (out) {
pbump(newPosPtr - pptr());
}
return newPosPtr - pbase();
}
};
} // namespace
Blob::Blob(const uint8_t* value, size_t valueLength, const uint8_t* info, uint8_t infoLength,
BlobType type) {
mBlob = std::make_unique<blobv3>();
memset(mBlob.get(), 0, sizeof(blobv3));
if (valueLength > kValueSize) {
valueLength = kValueSize;
ALOGW("Provided blob length too large");
}
if (infoLength + valueLength > kValueSize) {
infoLength = kValueSize - valueLength;
ALOGW("Provided info length too large");
}
mBlob->length = valueLength;
memcpy(mBlob->value, value, valueLength);
mBlob->info = infoLength;
memcpy(mBlob->value + valueLength, info, infoLength);
mBlob->version = CURRENT_BLOB_VERSION;
mBlob->type = uint8_t(type);
if (type == TYPE_MASTER_KEY) {
mBlob->flags = KEYSTORE_FLAG_ENCRYPTED;
} else {
mBlob->flags = KEYSTORE_FLAG_NONE;
}
}
Blob::Blob(blobv3 b) {
mBlob = std::make_unique<blobv3>(b);
}
Blob::Blob() {
if (mBlob) *mBlob = {};
}
Blob::Blob(const Blob& rhs) {
if (rhs.mBlob) {
mBlob = std::make_unique<blobv3>(*rhs.mBlob);
}
}
Blob::Blob(Blob&& rhs) : mBlob(std::move(rhs.mBlob)) {}
Blob& Blob::operator=(const Blob& rhs) {
if (&rhs != this) {
if (mBlob) *mBlob = {};
if (rhs) {
mBlob = std::make_unique<blobv3>(*rhs.mBlob);
} else {
mBlob = {};
}
}
return *this;
}
Blob& Blob::operator=(Blob&& rhs) {
if (mBlob) *mBlob = {};
mBlob = std::move(rhs.mBlob);
return *this;
}
template <typename BlobType> static bool rawBlobIsEncrypted(const BlobType& blob) {
if (blob.version < 2) return true;
return blob.flags & (KEYSTORE_FLAG_ENCRYPTED | KEYSTORE_FLAG_SUPER_ENCRYPTED);
}
bool Blob::isEncrypted() const {
if (mBlob->version < 2) {
return true;
}
return mBlob->flags & KEYSTORE_FLAG_ENCRYPTED;
}
bool Blob::isSuperEncrypted() const {
return mBlob->flags & KEYSTORE_FLAG_SUPER_ENCRYPTED;
}
bool Blob::isCriticalToDeviceEncryption() const {
return mBlob->flags & KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION;
}
inline uint8_t setFlag(uint8_t flags, bool set, KeyStoreFlag flag) {
return set ? (flags | flag) : (flags & ~flag);
}
void Blob::setEncrypted(bool encrypted) {
mBlob->flags = setFlag(mBlob->flags, encrypted, KEYSTORE_FLAG_ENCRYPTED);
}
void Blob::setSuperEncrypted(bool superEncrypted) {
mBlob->flags = setFlag(mBlob->flags, superEncrypted, KEYSTORE_FLAG_SUPER_ENCRYPTED);
}
void Blob::setCriticalToDeviceEncryption(bool critical) {
mBlob->flags = setFlag(mBlob->flags, critical, KEYSTORE_FLAG_CRITICAL_TO_DEVICE_ENCRYPTION);
}
void Blob::setFallback(bool fallback) {
if (fallback) {
mBlob->flags |= KEYSTORE_FLAG_FALLBACK;
} else {
mBlob->flags &= ~KEYSTORE_FLAG_FALLBACK;
}
}
static ResponseCode writeBlob(const std::string& filename, Blob blob, blobv3* rawBlob,
const std::vector<uint8_t>& aes_key, State state) {
ALOGV("writing blob %s", filename.c_str());
const size_t dataLength = rawBlob->length;
rawBlob->length = htonl(rawBlob->length);
if (blob.isEncrypted() || blob.isSuperEncrypted()) {
if (state != STATE_NO_ERROR) {
ALOGD("couldn't insert encrypted blob while not unlocked");
return ResponseCode::LOCKED;
}
memset(rawBlob->initialization_vector, 0, AES_BLOCK_SIZE);
if (!RAND_bytes(rawBlob->initialization_vector, kGcmIvSizeBytes)) {
ALOGW("Could not read random data for: %s", filename.c_str());
return ResponseCode::SYSTEM_ERROR;
}
auto rc = AES_gcm_encrypt(rawBlob->value /* in */, rawBlob->value /* out */, dataLength,
aes_key, rawBlob->initialization_vector, rawBlob->aead_tag);
if (rc != ResponseCode::NO_ERROR) return rc;
}
size_t fileLength = offsetof(blobv3, value) + dataLength + rawBlob->info;
char tmpFileName[] = ".tmpXXXXXX";
{
android::base::unique_fd out(TEMP_FAILURE_RETRY(mkstemp(tmpFileName)));
if (out < 0) {
LOG(ERROR) << "could not open temp file: " << tmpFileName
<< " for writing blob file: " << filename.c_str()
<< " because: " << strerror(errno);
return ResponseCode::SYSTEM_ERROR;
}
const size_t writtenBytes =
writeFully(out, reinterpret_cast<uint8_t*>(rawBlob), fileLength);
if (writtenBytes != fileLength) {
LOG(ERROR) << "blob not fully written " << writtenBytes << " != " << fileLength;
unlink(tmpFileName);
return ResponseCode::SYSTEM_ERROR;
}
}
if (rename(tmpFileName, filename.c_str()) == -1) {
LOG(ERROR) << "could not rename blob file to " << filename
<< " because: " << strerror(errno);
unlink(tmpFileName);
return ResponseCode::SYSTEM_ERROR;
}
fsyncDirectory(getContainingDirectory(filename));
return ResponseCode::NO_ERROR;
}
ResponseCode LockedKeyBlobEntry::writeBlobs(Blob keyBlob, Blob characteristicsBlob,
const std::vector<uint8_t>& aes_key,
State state) const {
if (entry_ == nullptr) {
return ResponseCode::SYSTEM_ERROR;
}
ResponseCode rc;
if (keyBlob) {
blobv3* rawBlob = keyBlob.mBlob.get();
rc = writeBlob(entry_->getKeyBlobPath(), std::move(keyBlob), rawBlob, aes_key, state);
if (rc != ResponseCode::NO_ERROR) {
return rc;
}
}
if (characteristicsBlob) {
blobv3* rawBlob = characteristicsBlob.mBlob.get();
rc = writeBlob(entry_->getCharacteristicsBlobPath(), std::move(characteristicsBlob),
rawBlob, aes_key, state);
}
return rc;
}
ResponseCode Blob::readBlob(const std::string& filename, const std::vector<uint8_t>& aes_key,
State state) {
ResponseCode rc;
ALOGV("reading blob %s", filename.c_str());
std::unique_ptr<blobv3> rawBlob = std::make_unique<blobv3>();
const int in = TEMP_FAILURE_RETRY(open(filename.c_str(), O_RDONLY));
if (in < 0) {
return (errno == ENOENT) ? ResponseCode::KEY_NOT_FOUND : ResponseCode::SYSTEM_ERROR;
}
// fileLength may be less than sizeof(mBlob)
const size_t fileLength = readFully(in, (uint8_t*)rawBlob.get(), sizeof(blobv3));
if (close(in) != 0) {
return ResponseCode::SYSTEM_ERROR;
}
if (fileLength == 0) {
LOG(ERROR) << __func__ << " VALUE_CORRUPTED file length == 0";
return ResponseCode::VALUE_CORRUPTED;
}
if (rawBlobIsEncrypted(*rawBlob)) {
if (state == STATE_LOCKED) {
mBlob = std::move(rawBlob);
return ResponseCode::LOCKED;
}
if (state == STATE_UNINITIALIZED) return ResponseCode::UNINITIALIZED;
}
if (fileLength < offsetof(blobv3, value)) {
LOG(ERROR) << __func__ << " VALUE_CORRUPTED blob file too short: " << fileLength;
return ResponseCode::VALUE_CORRUPTED;
}
if (rawBlob->version == 3) {
const ssize_t encryptedLength = ntohl(rawBlob->length);
if (rawBlobIsEncrypted(*rawBlob)) {
rc = AES_gcm_decrypt(rawBlob->value /* in */, rawBlob->value /* out */, encryptedLength,
aes_key, rawBlob->initialization_vector, rawBlob->aead_tag);
if (rc != ResponseCode::NO_ERROR) {
// If the blob was superencrypted and decryption failed, it is
// almost certain that decryption is failing due to a user's
// changed master key.
if ((rawBlob->flags & KEYSTORE_FLAG_SUPER_ENCRYPTED) &&
(rc == ResponseCode::VALUE_CORRUPTED)) {
return ResponseCode::KEY_PERMANENTLY_INVALIDATED;
}
LOG(ERROR) << __func__ << " AES_gcm_decrypt returned: " << uint32_t(rc);
return rc;
}
}
} else if (rawBlob->version < 3) {
blobv2& v2blob = reinterpret_cast<blobv2&>(*rawBlob);
const size_t headerLength = offsetof(blobv2, encrypted);
const ssize_t encryptedLength = fileLength - headerLength - v2blob.info;
if (encryptedLength < 0) {
LOG(ERROR) << __func__ << " VALUE_CORRUPTED v2blob file too short";
return ResponseCode::VALUE_CORRUPTED;
}
if (rawBlobIsEncrypted(*rawBlob)) {
if (encryptedLength % AES_BLOCK_SIZE != 0) {
LOG(ERROR) << __func__
<< " VALUE_CORRUPTED encrypted length is not a multiple"
" of the AES block size";
return ResponseCode::VALUE_CORRUPTED;
}
AES_KEY key;
AES_set_decrypt_key(aes_key.data(), kAesKeySize * 8, &key);
AES_cbc_encrypt(v2blob.encrypted, v2blob.encrypted, encryptedLength, &key,
v2blob.vector, AES_DECRYPT);
key = {}; // clear key
uint8_t computedDigest[MD5_DIGEST_LENGTH];
ssize_t digestedLength = encryptedLength - MD5_DIGEST_LENGTH;
MD5(v2blob.digested, digestedLength, computedDigest);
if (memcmp(v2blob.digest, computedDigest, MD5_DIGEST_LENGTH) != 0) {
LOG(ERROR) << __func__ << " v2blob MD5 digest mismatch";
return ResponseCode::VALUE_CORRUPTED;
}
}
}
const ssize_t maxValueLength = fileLength - offsetof(blobv3, value) - rawBlob->info;
rawBlob->length = ntohl(rawBlob->length);
if (rawBlob->length < 0 || rawBlob->length > maxValueLength ||
rawBlob->length + rawBlob->info + AES_BLOCK_SIZE >
static_cast<ssize_t>(sizeof(rawBlob->value))) {
LOG(ERROR) << __func__ << " raw blob length is out of bounds";
return ResponseCode::VALUE_CORRUPTED;
}
if (rawBlob->info != 0 && rawBlob->version < 3) {
// move info from after padding to after data
memmove(rawBlob->value + rawBlob->length, rawBlob->value + maxValueLength, rawBlob->info);
}
mBlob = std::move(rawBlob);
return ResponseCode::NO_ERROR;
}
std::tuple<ResponseCode, Blob, Blob>
LockedKeyBlobEntry::readBlobs(const std::vector<uint8_t>& aes_key, State state) const {
std::tuple<ResponseCode, Blob, Blob> result;
auto& [rc, keyBlob, characteristicsBlob] = result;
if (entry_ == nullptr) return rc = ResponseCode::SYSTEM_ERROR, result;
rc = keyBlob.readBlob(entry_->getKeyBlobPath(), aes_key, state);
if (rc != ResponseCode::NO_ERROR && rc != ResponseCode::UNINITIALIZED) {
return result;
}
if (entry_->hasCharacteristicsBlob()) {
characteristicsBlob.readBlob(entry_->getCharacteristicsBlobPath(), aes_key, state);
}
return result;
}
ResponseCode LockedKeyBlobEntry::deleteBlobs() const {
if (entry_ == nullptr) return ResponseCode::NO_ERROR;
// always try to delete both
ResponseCode rc1 = (unlink(entry_->getKeyBlobPath().c_str()) && errno != ENOENT)
? ResponseCode::SYSTEM_ERROR
: ResponseCode::NO_ERROR;
if (rc1 != ResponseCode::NO_ERROR) {
ALOGW("Failed to delete key blob file \"%s\"", entry_->getKeyBlobPath().c_str());
}
ResponseCode rc2 = (unlink(entry_->getCharacteristicsBlobPath().c_str()) && errno != ENOENT)
? ResponseCode::SYSTEM_ERROR
: ResponseCode::NO_ERROR;
if (rc2 != ResponseCode::NO_ERROR) {
ALOGW("Failed to delete key characteristics file \"%s\"",
entry_->getCharacteristicsBlobPath().c_str());
}
// then report the first error that occured
if (rc1 != ResponseCode::NO_ERROR) return rc1;
return rc2;
}
keystore::SecurityLevel Blob::getSecurityLevel() const {
return keystore::flagsToSecurityLevel(mBlob->flags);
}
void Blob::setSecurityLevel(keystore::SecurityLevel secLevel) {
mBlob->flags &= ~(KEYSTORE_FLAG_FALLBACK | KEYSTORE_FLAG_STRONGBOX);
mBlob->flags |= keystore::securityLevelToFlags(secLevel);
}
std::tuple<bool, keystore::AuthorizationSet, keystore::AuthorizationSet>
Blob::getKeyCharacteristics() const {
std::tuple<bool, keystore::AuthorizationSet, keystore::AuthorizationSet> result;
auto& [success, hwEnforced, swEnforced] = result;
success = false;
ArrayStreamBuffer buf(mBlob->value);
std::istream in(&buf);
// only the characteristics cache has both sets
if (getType() == TYPE_KEY_CHARACTERISTICS_CACHE) {
hwEnforced.Deserialize(&in);
} else if (getType() != TYPE_KEY_CHARACTERISTICS) {
// if its not the cache and not the legacy characteristics file we have no business
// here
return result;
}
swEnforced.Deserialize(&in);
success = !in.bad();
return result;
}
bool Blob::putKeyCharacteristics(const keystore::AuthorizationSet& hwEnforced,
const keystore::AuthorizationSet& swEnforced) {
if (!mBlob) mBlob = std::make_unique<blobv3>();
mBlob->version = CURRENT_BLOB_VERSION;
ArrayStreamBuffer buf(mBlob->value);
std::ostream out(&buf);
hwEnforced.Serialize(&out);
swEnforced.Serialize(&out);
if (out.bad()) return false;
setType(TYPE_KEY_CHARACTERISTICS_CACHE);
mBlob->length = out.tellp();
return true;
}
void LockedKeyBlobEntry::put(const KeyBlobEntry& entry) {
std::unique_lock<std::mutex> lock(locked_blobs_mutex_);
locked_blobs_.erase(entry);
lock.unlock();
locked_blobs_mutex_cond_var_.notify_all();
}
LockedKeyBlobEntry::~LockedKeyBlobEntry() {
if (entry_ != nullptr) put(*entry_);
}
LockedKeyBlobEntry LockedKeyBlobEntry::get(KeyBlobEntry entry) {
std::unique_lock<std::mutex> lock(locked_blobs_mutex_);
locked_blobs_mutex_cond_var_.wait(
lock, [&] { return locked_blobs_.find(entry) == locked_blobs_.end(); });
auto [iterator, success] = locked_blobs_.insert(std::move(entry));
if (!success) return {};
return LockedKeyBlobEntry(*iterator);
}
std::set<KeyBlobEntry> LockedKeyBlobEntry::locked_blobs_;
std::mutex LockedKeyBlobEntry::locked_blobs_mutex_;
std::condition_variable LockedKeyBlobEntry::locked_blobs_mutex_cond_var_;
/* Here is the encoding of key names. This is necessary in order to allow arbitrary
* characters in key names. Characters in [0-~] are not encoded. Others are encoded
* into two bytes. The first byte is one of [+-.] which represents the first
* two bits of the character. The second byte encodes the rest of the bits into
* [0-o]. Therefore in the worst case the length of a key gets doubled. Note
* that Base64 cannot be used here due to the need of prefix match on keys. */
std::string encodeKeyName(const std::string& keyName) {
std::string encodedName;
encodedName.reserve(keyName.size() * 2);
auto in = keyName.begin();
while (in != keyName.end()) {
// Input character needs to be encoded.
if (*in < '0' || *in > '~') {
// Encode the two most-significant bits of the input char in the first
// output character, by counting up from 43 ('+').
encodedName.append(1, '+' + (uint8_t(*in) >> 6));
// Encode the six least-significant bits of the input char in the second
// output character, by counting up from 48 ('0').
// This is safe because the maximum value is 112, which is the
// character 'p'.
encodedName.append(1, '0' + (*in & 0x3F));
} else {
// No need to encode input char - append as-is.
encodedName.append(1, *in);
}
++in;
}
return encodedName;
}
std::string decodeKeyName(const std::string& encodedName) {
std::string decodedName;
decodedName.reserve(encodedName.size());
auto in = encodedName.begin();
bool multichar = false;
char c;
while (in != encodedName.end()) {
if (multichar) {
// Second part of a multi-character encoding. Turn off the multichar
// flag and set the six least-significant bits of c to the value originally
// encoded by counting up from '0'.
multichar = false;
decodedName.append(1, c | (uint8_t(*in) - '0'));
} else if (*in >= '+' && *in <= '.') {
// First part of a multi-character encoding. Set the multichar flag
// and set the two most-significant bits of c to be the two bits originally
// encoded by counting up from '+'.
multichar = true;
c = (*in - '+') << 6;
} else {
// Regular character, append as-is.
decodedName.append(1, *in);
}
++in;
}
// mulitchars at the end get truncated
return decodedName;
}
std::string KeyBlobEntry::getKeyBlobBaseName() const {
std::stringstream s;
if (masterkey_) {
s << alias_;
} else {
s << uid_ << "_" << encodeKeyName(alias_);
}
return s.str();
}
std::string KeyBlobEntry::getKeyBlobPath() const {
std::stringstream s;
if (masterkey_) {
s << user_dir_ << "/" << alias_;
} else {
s << user_dir_ << "/" << uid_ << "_" << encodeKeyName(alias_);
}
return s.str();
}
std::string KeyBlobEntry::getCharacteristicsBlobBaseName() const {
std::stringstream s;
if (!masterkey_) s << "." << uid_ << "_chr_" << encodeKeyName(alias_);
return s.str();
}
std::string KeyBlobEntry::getCharacteristicsBlobPath() const {
std::stringstream s;
if (!masterkey_)
s << user_dir_ << "/"
<< "." << uid_ << "_chr_" << encodeKeyName(alias_);
return s.str();
}
bool KeyBlobEntry::hasKeyBlob() const {
int trys = 3;
while (trys--) {
if (!access(getKeyBlobPath().c_str(), R_OK | W_OK)) return true;
if (errno == ENOENT) return false;
LOG(WARNING) << "access encountered " << strerror(errno) << " (" << errno << ")"
<< " while checking for key blob";
if (errno != EAGAIN) break;
}
return false;
}
bool KeyBlobEntry::hasCharacteristicsBlob() const {
int trys = 3;
while (trys--) {
if (!access(getCharacteristicsBlobPath().c_str(), R_OK | W_OK)) return true;
if (errno == ENOENT) return false;
LOG(WARNING) << "access encountered " << strerror(errno) << " (" << errno << ")"
<< " while checking for key characteristics blob";
if (errno != EAGAIN) break;
}
return false;
}
static std::tuple<bool, uid_t, std::string> filename2UidAlias(const std::string& filepath) {
std::tuple<bool, uid_t, std::string> result;
auto& [success, uid, alias] = result;
success = false;
auto filenamebase = filepath.find_last_of('/');
std::string filename =
filenamebase == std::string::npos ? filepath : filepath.substr(filenamebase + 1);
if (filename[0] == '.') return result;
auto sep = filename.find('_');
if (sep == std::string::npos) return result;
std::stringstream s(filename.substr(0, sep));
s >> uid;
if (!s) return result;
alias = decodeKeyName(filename.substr(sep + 1));
success = true;
return result;
}
std::tuple<ResponseCode, std::list<LockedKeyBlobEntry>>
LockedKeyBlobEntry::list(const std::string& user_dir,
std::function<bool(uid_t, const std::string&)> filter) {
std::list<LockedKeyBlobEntry> matches;
// This is a fence against any concurrent database accesses during database iteration.
// Only the keystore thread can lock entries. So it cannot be starved
// by workers grabbing new individual locks. We just wait here until all
// workers have relinquished their locked files.
std::unique_lock<std::mutex> lock(locked_blobs_mutex_);
locked_blobs_mutex_cond_var_.wait(lock, [&] { return locked_blobs_.empty(); });
DIR* dir = opendir(user_dir.c_str());
if (!dir) {
ALOGW("can't open directory for user: %s", strerror(errno));
return std::tuple<ResponseCode, std::list<LockedKeyBlobEntry>&&>{ResponseCode::SYSTEM_ERROR,
std::move(matches)};
}
struct dirent* file;
while ((file = readdir(dir)) != nullptr) {
// We only care about files.
if (file->d_type != DT_REG) {
continue;
}
// Skip anything that starts with a "."
if (file->d_name[0] == '.') {
continue;
}
auto [success, uid, alias] = filename2UidAlias(file->d_name);
if (!success) {
ALOGW("could not parse key filename \"%s\"", file->d_name);
continue;
}
if (!filter(uid, alias)) continue;
auto [iterator, dummy] = locked_blobs_.emplace(alias, user_dir, uid);
matches.push_back(*iterator);
}
closedir(dir);
return std::tuple<ResponseCode, std::list<LockedKeyBlobEntry>&&>{ResponseCode::NO_ERROR,
std::move(matches)};
}