platform_system_vold/KeyStorage.h

/*
 * Copyright (C) 2016 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef ANDROID_VOLD_KEYSTORAGE_H
#define ANDROID_VOLD_KEYSTORAGE_H

#include "KeyBuffer.h"

#include <string>

namespace android {
namespace vold {

// Represents the information needed to decrypt a disk encryption key.
// If "token" is nonempty, it is passed in as a required Gatekeeper auth token.
// If "token" and "secret" are nonempty, "secret" is appended to the application-specific
// binary needed to unlock.
// If only "secret" is nonempty, it is used to decrypt in a non-Keymaster process.
class KeyAuthentication {
  public:
    KeyAuthentication(const std::string& t, const std::string& s) : token{t}, secret{s} {};

    bool usesKeymaster() const { return !token.empty() || secret.empty(); };

    const std::string token;
    const std::string secret;
};

extern const KeyAuthentication kEmptyAuthentication;

// Checks if path "path" exists.
bool pathExists(const std::string& path);

bool createSecdiscardable(const std::string& path, std::string* hash);
bool readSecdiscardable(const std::string& path, std::string* hash);

// Create a directory at the named path, and store "key" in it,
// in such a way that it can only be retrieved via Keymaster and
// can be securely deleted.
// It's safe to move/rename the directory after creation.
bool storeKey(const std::string& dir, const KeyAuthentication& auth, const KeyBuffer& key);

// Create a directory at the named path, and store "key" in it as storeKey
// This version creates the key in "tmp_path" then atomically renames "tmp_path"
// to "key_path" thereby ensuring that the key is either stored entirely or
// not at all.
bool storeKeyAtomically(const std::string& key_path, const std::string& tmp_path,
                        const KeyAuthentication& auth, const KeyBuffer& key);

// Retrieve the key from the named directory.
bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, KeyBuffer* key);

// Securely destroy the key stored in the named directory and delete the directory.
bool destroyKey(const std::string& dir);

bool runSecdiscardSingle(const std::string& file);

// Generate wrapped storage key using keymaster. Uses STORAGE_KEY tag in keymaster.
bool generateWrappedStorageKey(KeyBuffer* key);
// Export the per-boot boot wrapped storage key using keymaster.
bool exportWrappedStorageKey(const KeyBuffer& kmKey, KeyBuffer* key);
}  // namespace vold
}  // namespace android

#endif
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322 2016-01-21 21:26:12 +01:00			`/*`
			`* Copyright (C) 2016 The Android Open Source Project`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

			`#ifndef ANDROID_VOLD_KEYSTORAGE_H`
			`#define ANDROID_VOLD_KEYSTORAGE_H`

Zero memory used for encryuption keys. std::vector with custom zeroing allocator is used instead of std::string for data that can contain encryption keys. Bug: 64201177 Test: manually created a managed profile, changed it's credentials Test: manually upgraded a phone with profile from O to MR1. Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd 2017-08-01 18:15:53 +02:00			`#include "KeyBuffer.h"`

Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322 2016-01-21 21:26:12 +01:00			`#include <string>`

			`namespace android {`
			`namespace vold {`

Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf 2016-02-08 16:55:41 +01:00			`// Represents the information needed to decrypt a disk encryption key.`
			`// If "token" is nonempty, it is passed in as a required Gatekeeper auth token.`
Support keys with a secret but no token, which are handled not using Keymaster but in-process crypto. Bug: 33384925 Test: manual for now: patch KeyAuthentication.usesKeymaster() to always return true; flash a FBE device, add a device PIN, reboot and verify PIN can unlock FBE. Then clear device PIN, reboot and verify FBE is unlocked automatically. In both cases, check there is no keymaster_key_blob in /data/misc/vold/user_keys/ce/0/current/ Unit tests to be added. Change-Id: Ia94e2b39d60bfd98c7a8347a5ba043eeab6928c5 2017-01-05 07:32:40 +01:00			`// If "token" and "secret" are nonempty, "secret" is appended to the application-specific`
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf 2016-02-08 16:55:41 +01:00			`// binary needed to unlock.`
Support keys with a secret but no token, which are handled not using Keymaster but in-process crypto. Bug: 33384925 Test: manual for now: patch KeyAuthentication.usesKeymaster() to always return true; flash a FBE device, add a device PIN, reboot and verify PIN can unlock FBE. Then clear device PIN, reboot and verify FBE is unlocked automatically. In both cases, check there is no keymaster_key_blob in /data/misc/vold/user_keys/ce/0/current/ Unit tests to be added. Change-Id: Ia94e2b39d60bfd98c7a8347a5ba043eeab6928c5 2017-01-05 07:32:40 +01:00			`// If only "secret" is nonempty, it is used to decrypt in a non-Keymaster process.`
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf 2016-02-08 16:55:41 +01:00			`class KeyAuthentication {`
Run clang-format over ext4crypt related code The formatting here is inconsistent with Android house style; use clang-format to bring it back into line. Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb 2016-03-09 18:31:37 +01:00			`public:`
vold: Pass std::string by const reference In a couple places, we change to pass a std::string argument instead of by copy. Test: TreeHugger Change-Id: Ib179299a2322fcbab4e6d192051218823ad66a36 2018-12-18 20:10:31 +01:00			`KeyAuthentication(const std::string& t, const std::string& s) : token{t}, secret{s} {};`
Support keys with a secret but no token, which are handled not using Keymaster but in-process crypto. Bug: 33384925 Test: manual for now: patch KeyAuthentication.usesKeymaster() to always return true; flash a FBE device, add a device PIN, reboot and verify PIN can unlock FBE. Then clear device PIN, reboot and verify FBE is unlocked automatically. In both cases, check there is no keymaster_key_blob in /data/misc/vold/user_keys/ce/0/current/ Unit tests to be added. Change-Id: Ia94e2b39d60bfd98c7a8347a5ba043eeab6928c5 2017-01-05 07:32:40 +01:00
			`bool usesKeymaster() const { return !token.empty() \|\| secret.empty(); };`

Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf 2016-02-08 16:55:41 +01:00			`const std::string token;`
			`const std::string secret;`
			`};`

			`extern const KeyAuthentication kEmptyAuthentication;`

Refactor to lay the groundwork for metadata encryption Bug: 26778031 Test: Angler, Marlin build and boot Change-Id: Ic136dfe6195a650f7db76d3489f36da6a1929dc5 2016-06-02 20:01:19 +02:00			`// Checks if path "path" exists.`
			`bool pathExists(const std::string& path);`

When we forget a volume, forget per-volume key Protect all per-volume-per-user keys with a per-volume key, which is forgotten when the volume is forgotten. This means that the user's key is securely lost even when their storage is encrypted at forgetting time. Bug: 25861755 Test: create a volume, forget it, check logs and filesystem. Change-Id: I8df77bc91bbfa2258e082ddd54d6160dbf39b378 2017-10-26 20:16:39 +02:00			`bool createSecdiscardable(const std::string& path, std::string* hash);`
			`bool readSecdiscardable(const std::string& path, std::string* hash);`

Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322 2016-01-21 21:26:12 +01:00			`// Create a directory at the named path, and store "key" in it,`
			`// in such a way that it can only be retrieved via Keymaster and`
			`// can be securely deleted.`
			`// It's safe to move/rename the directory after creation.`
Zero memory used for encryuption keys. std::vector with custom zeroing allocator is used instead of std::string for data that can contain encryption keys. Bug: 64201177 Test: manually created a managed profile, changed it's credentials Test: manually upgraded a phone with profile from O to MR1. Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd 2017-08-01 18:15:53 +02:00			`bool storeKey(const std::string& dir, const KeyAuthentication& auth, const KeyBuffer& key);`
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322 2016-01-21 21:26:12 +01:00
Refactor to lay the groundwork for metadata encryption Bug: 26778031 Test: Angler, Marlin build and boot Change-Id: Ic136dfe6195a650f7db76d3489f36da6a1929dc5 2016-06-02 20:01:19 +02:00			`// Create a directory at the named path, and store "key" in it as storeKey`
			`// This version creates the key in "tmp_path" then atomically renames "tmp_path"`
			`// to "key_path" thereby ensuring that the key is either stored entirely or`
			`// not at all.`
			`bool storeKeyAtomically(const std::string& key_path, const std::string& tmp_path,`
Zero memory used for encryuption keys. std::vector with custom zeroing allocator is used instead of std::string for data that can contain encryption keys. Bug: 64201177 Test: manually created a managed profile, changed it's credentials Test: manually upgraded a phone with profile from O to MR1. Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd 2017-08-01 18:15:53 +02:00			`const KeyAuthentication& auth, const KeyBuffer& key);`
Refactor to lay the groundwork for metadata encryption Bug: 26778031 Test: Angler, Marlin build and boot Change-Id: Ic136dfe6195a650f7db76d3489f36da6a1929dc5 2016-06-02 20:01:19 +02:00
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322 2016-01-21 21:26:12 +01:00			`// Retrieve the key from the named directory.`
KeyStorage: rework key upgrade handling Remove the error-prone 'keepOld' parameter, and instead make begin() (renamed to BeginKeymasterOp()) do all the key upgrade handling. Don't handle /data and /metadata differently anymore. Previously, when a checkpoint is active, key blob files were replaced on /data immediately; only the actual Keymaster key deletion was delayed until checkpoint commit. But it's easier to just delay the key blob file replacement too, as we have to implement that for /metadata anyway. Also be more vigilant about deleting any leftover upgraded keys. Test: Tested on bramble using an OTA rvc-d1-release => master. In OTA success case, verified via logcat that the keys were upgraded and then were committed after the boot succeeded. In OTA failure case, verified that the device still boots -- i.e., the old keys weren't lost. Verified that in either case, no keymaster_key_blob_upgraded files were left over. Finally, also tried 'pm create-user' and 'pm remove-user' and verified via logcat that the Keymaster keys still get deleted. Change-Id: Ic9c3e63e0bcae0c608fc79050ca4a1676b3852ee 2020-11-06 04:58:26 +01:00			`bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, KeyBuffer* key);`
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322 2016-01-21 21:26:12 +01:00
			`// Securely destroy the key stored in the named directory and delete the directory.`
Run clang-format over ext4crypt related code The formatting here is inconsistent with Android house style; use clang-format to bring it back into line. Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb 2016-03-09 18:31:37 +01:00			`bool destroyKey(const std::string& dir);`
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322 2016-01-21 21:26:12 +01:00
Add secdiscard command for secure deletion of files This is used by LockSettingsService to delete sensitive credential files. Bug: 34600579 Test: manual - change device lock under synthetic password, verify old data on disk is erased. Change-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555 2017-04-27 21:43:10 +02:00			`bool runSecdiscardSingle(const std::string& file);`
vold: Support Storage keys for FBE To prevent keys from being compromised if an attacker acquires read access to kernel memory, some inline encryption hardware supports protecting the keys in hardware without software having access to or the ability to set the plaintext keys. Instead, software only sees "wrapped keys", which may differ on every boot. 'wrappedkey_v0' fileencryption flag is used to denote that the device supports inline encryption hardware that supports this feature. On such devices keymaster is used to generate keys with STORAGE_KEY tag and export a per-boot ephemerally wrapped storage key to install it in the kernel. The wrapped key framework in the linux kernel ensures the wrapped key is provided to the inline encryption hardware where it is unwrapped and the file contents key is derived to encrypt contents without revealing the plaintext key in the clear. Test: FBE validation with Fscrypt v2 + inline crypt + wrapped key changes kernel. Bug: 147733587 Change-Id: I1f0de61b56534ec1df9baef075acb74bacd00758 2020-02-03 22:06:45 +01:00
			`// Generate wrapped storage key using keymaster. Uses STORAGE_KEY tag in keymaster.`
			`bool generateWrappedStorageKey(KeyBuffer* key);`
			`// Export the per-boot boot wrapped storage key using keymaster.`
			`bool exportWrappedStorageKey(const KeyBuffer& kmKey, KeyBuffer* key);`
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322 2016-01-21 21:26:12 +01:00			`} // namespace vold`
			`} // namespace android`

			`#endif`