tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_vold/Keystore.cpp

248 lines
9 KiB
C++
Raw Normal View History

Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
#include "Keystore.h"
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
#include <android-base/logging.h>
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
#include <aidl/android/hardware/security/keymint/SecurityLevel.h>
#include <aidl/android/security/maintenance/IKeystoreMaintenance.h>
#include <aidl/android/system/keystore2/Domain.h>
Make vold use the updated keystore 2 API for storage keys. This CL updates vold to use the updated storage key API that provides an optional upgraded key blob. In this patch the upgraded key blob is not yet stored by vold. Bug: 185811713 Test: N/A Change-Id: I39eeb20df0eb2b023479f3adebab264d29d00048
2021-04-20 21:50:58 +02:00
#include <aidl/android/system/keystore2/EphemeralStorageKeyResponse.h>
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
#include <aidl/android/system/keystore2/KeyDescriptor.h>
// Keep these in sync with system/security/keystore2/src/keystore2_main.rs
static constexpr const char keystore2_service_name[] =
"android.system.keystore2.IKeystoreService/default";
static constexpr const char maintenance_service_name[] = "android.security.maintenance";
/*
* Keep this in sync with the description for update() in
* system/hardware/interfaces/keystore2/aidl/android/system/keystore2/IKeystoreOperation.aidl
*/
static constexpr const size_t UPDATE_INPUT_MAX_SIZE = 32 * 1024; // 32 KiB
// Keep this in sync with system/sepolicy/private/keystore2_key_contexts
static constexpr const int VOLD_NAMESPACE = 100;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
namespace android {
namespace vold {
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
namespace ks2_maint = ::aidl::android::security::maintenance;
Support Keymaster4 This CL changes vold from using a KM3 device directly to using the KM4 support wrapper from the KM4 support library, which supports both KM3 and KM4 devices (KM0, 1 and 2 devices are still supported as well, because the default KM3 device is a wrapper that uses them). In addition, I found myself getting confused about which "Keymaster" types were locally-defined vold keymaster types and which were from the KM4 HAL and support library, so I changd the approach to referencing the latter, so all of them are qualified with the "km::" namespace reference. Test: Build & boot Change-Id: I08ed5425641e7496f8597d5716cb3cd0cbd33a7f
2018-01-22 17:08:32 +01:00
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
KeystoreOperation::~KeystoreOperation() {
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
if (ks2Operation) ks2Operation->abort();
}
static void zeroize_vector(std::vector<uint8_t>& vec) {
memset_s(vec.data(), 0, vec.size());
}
static bool logKeystore2ExceptionIfPresent(::ndk::ScopedAStatus& rc, const std::string& func_name) {
if (rc.isOk()) return false;
auto exception_code = rc.getExceptionCode();
if (exception_code == EX_SERVICE_SPECIFIC) {
LOG(ERROR) << "keystore2 Keystore " << func_name
<< " returned service specific error: " << rc.getServiceSpecificError();
} else {
LOG(ERROR) << "keystore2 Communication with Keystore " << func_name
<< " failed error: " << exception_code;
}
return true;
Support Keymaster2 with lots of clever template logic :) Bug: 27718275 Change-Id: I0b2aa74f45fd07a121ce0c342b27426a3fe593ce
2016-03-16 01:04:39 +01:00
}
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
bool KeystoreOperation::updateCompletely(const char* input, size_t inputLen,
const std::function<void(const char*, size_t)> consumer) {
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
if (!ks2Operation) return false;
while (inputLen != 0) {
size_t currLen = std::min(inputLen, UPDATE_INPUT_MAX_SIZE);
std::vector<uint8_t> input_vec(input, input + currLen);
inputLen -= currLen;
input += currLen;
std::optional<std::vector<uint8_t>> output;
auto rc = ks2Operation->update(input_vec, &output);
zeroize_vector(input_vec);
if (logKeystore2ExceptionIfPresent(rc, "update")) {
ks2Operation = nullptr;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
return false;
}
Fix cryptfs RSA signing with keystore2 Fix KeymasterOperation::updateCompletely() to not treat an empty output as an error, since for RSA signing (used by cryptfs / FDE) it is expected that the output from update() be empty. The output is instead produced at the end by finish(). This is one of a set of changes that is needed to get FDE working again so that devices that launched with FDE can be upgraded to Android 12. Bug: 186165644 Change-Id: Icf120f8b9526d051d0ebe16bc8ad1edf712241e1
2021-04-23 01:36:58 +02:00
if (output) consumer((const char*)output->data(), output->size());
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
}
return true;
}
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
bool KeystoreOperation::finish(std::string* output) {
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
std::optional<std::vector<uint8_t>> out_vec;
if (!ks2Operation) return false;
auto rc = ks2Operation->finish(std::nullopt, std::nullopt, &out_vec);
if (logKeystore2ExceptionIfPresent(rc, "finish")) {
ks2Operation = nullptr;
Port to binder based keymaster hal Bug: 32020919 Change-Id: If45ece76fdaf4d2c80eddc537e429633e4d42f9d
2016-10-26 15:27:10 +02:00
return false;
Support Keymaster 2 configuration and key upgrading Bug: 27212248 Change-Id: I96bd9a442f4f535ba6ea44c9e81bcc1fee0ec471
2016-05-16 17:14:56 +02:00
}
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
if (output) *output = std::string(out_vec->begin(), out_vec->end());
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
return true;
}
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
Keystore::Keystore() {
Use AServiceManager_waitForService() to connect to keystore2 Vold currently uses AServiceManager_getService() to connect to keystore2, which has an internal timeout of 5s. Since a lot of vold keystore2 connection failures are fatal, we instead use AServiceManager_waitForService(), which will wait efficiently for keystore2 to start, instead of timing out after 5s. Bug: 185934601 Test: Cuttlefish boots. Change-Id: Ib4e977a997e020082382e0686f448d1aa72834ec
2021-04-13 00:00:33 +02:00
::ndk::SpAIBinder binder(AServiceManager_waitForService(keystore2_service_name));
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
auto keystore2Service = ks2::IKeystoreService::fromBinder(binder);
if (!keystore2Service) {
LOG(ERROR) << "Vold unable to connect to keystore2.";
return;
Disable use of StrongBox for encryption Until VerificationTokens are wired up, StrongBox can't work. Also, this will reduce complications for early StrongBox testing. Bug: 77338527 Test: Boot the device Change-Id: I44a1577c388703aeecb2886e7db52084c17e2afd
2018-03-31 01:06:14 +02:00
}
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
/*
* There are only two options available to vold for the SecurityLevel: TRUSTED_ENVIRONMENT (TEE)
* and STRONGBOX. We don't use STRONGBOX because if a TEE is present it will have Weaver, which
* already strengthens CE, so there's no additional benefit from using StrongBox.
*
* The picture is slightly more complicated because Keystore2 reports a SOFTWARE instance as
* a TEE instance when there isn't a TEE instance available, but in that case, a STRONGBOX
* instance won't be available either, so we'll still be doing the best we can.
*/
auto rc = keystore2Service->getSecurityLevel(km::SecurityLevel::TRUSTED_ENVIRONMENT,
&securityLevel);
if (logKeystore2ExceptionIfPresent(rc, "getSecurityLevel"))
LOG(ERROR) << "Vold unable to get security level from keystore2.";
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
}
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
bool Keystore::generateKey(const km::AuthorizationSet& inParams, std::string* key) {
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
ks2::KeyDescriptor in_key = {
.domain = ks2::Domain::BLOB,
.alias = std::nullopt,
.nspace = VOLD_NAMESPACE,
.blob = std::nullopt,
Port to binder based keymaster hal Bug: 32020919 Change-Id: If45ece76fdaf4d2c80eddc537e429633e4d42f9d
2016-10-26 15:27:10 +02:00
};
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
ks2::KeyMetadata keyMetadata;
auto rc = securityLevel->generateKey(in_key, std::nullopt, inParams.vector_data(), 0, {},
&keyMetadata);
Port to binder based keymaster hal Bug: 32020919 Change-Id: If45ece76fdaf4d2c80eddc537e429633e4d42f9d
2016-10-26 15:27:10 +02:00
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
if (logKeystore2ExceptionIfPresent(rc, "generateKey")) return false;
if (keyMetadata.key.blob == std::nullopt) {
LOG(ERROR) << "keystore2 generated key blob was null";
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
return false;
}
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
if (key) *key = std::string(keyMetadata.key.blob->begin(), keyMetadata.key.blob->end());
zeroize_vector(keyMetadata.key.blob.value());
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
return true;
}
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
bool Keystore::exportKey(const KeyBuffer& ksKey, std::string* key) {
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
bool ret = false;
ks2::KeyDescriptor storageKey = {
.domain = ks2::Domain::BLOB,
.alias = std::nullopt,
.nspace = VOLD_NAMESPACE,
vold: Support Storage keys for FBE To prevent keys from being compromised if an attacker acquires read access to kernel memory, some inline encryption hardware supports protecting the keys in hardware without software having access to or the ability to set the plaintext keys. Instead, software only sees "wrapped keys", which may differ on every boot. 'wrappedkey_v0' fileencryption flag is used to denote that the device supports inline encryption hardware that supports this feature. On such devices keymaster is used to generate keys with STORAGE_KEY tag and export a per-boot ephemerally wrapped storage key to install it in the kernel. The wrapped key framework in the linux kernel ensures the wrapped key is provided to the inline encryption hardware where it is unwrapped and the file contents key is derived to encrypt contents without revealing the plaintext key in the clear. Test: FBE validation with Fscrypt v2 + inline crypt + wrapped key changes kernel. Bug: 147733587 Change-Id: I1f0de61b56534ec1df9baef075acb74bacd00758
2020-02-03 22:06:45 +01:00
};
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
storageKey.blob = std::make_optional<std::vector<uint8_t>>(ksKey.begin(), ksKey.end());
Make vold use the updated keystore 2 API for storage keys. This CL updates vold to use the updated storage key API that provides an optional upgraded key blob. In this patch the upgraded key blob is not yet stored by vold. Bug: 185811713 Test: N/A Change-Id: I39eeb20df0eb2b023479f3adebab264d29d00048
2021-04-20 21:50:58 +02:00
ks2::EphemeralStorageKeyResponse ephemeral_key_response;
auto rc = securityLevel->convertStorageKeyToEphemeral(storageKey, &ephemeral_key_response);
vold: Support Storage keys for FBE To prevent keys from being compromised if an attacker acquires read access to kernel memory, some inline encryption hardware supports protecting the keys in hardware without software having access to or the ability to set the plaintext keys. Instead, software only sees "wrapped keys", which may differ on every boot. 'wrappedkey_v0' fileencryption flag is used to denote that the device supports inline encryption hardware that supports this feature. On such devices keymaster is used to generate keys with STORAGE_KEY tag and export a per-boot ephemerally wrapped storage key to install it in the kernel. The wrapped key framework in the linux kernel ensures the wrapped key is provided to the inline encryption hardware where it is unwrapped and the file contents key is derived to encrypt contents without revealing the plaintext key in the clear. Test: FBE validation with Fscrypt v2 + inline crypt + wrapped key changes kernel. Bug: 147733587 Change-Id: I1f0de61b56534ec1df9baef075acb74bacd00758
2020-02-03 22:06:45 +01:00
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
if (logKeystore2ExceptionIfPresent(rc, "exportKey")) goto out;
Make vold use the updated keystore 2 API for storage keys. This CL updates vold to use the updated storage key API that provides an optional upgraded key blob. In this patch the upgraded key blob is not yet stored by vold. Bug: 185811713 Test: N/A Change-Id: I39eeb20df0eb2b023479f3adebab264d29d00048
2021-04-20 21:50:58 +02:00
if (key)
*key = std::string(ephemeral_key_response.ephemeralKey.begin(),
ephemeral_key_response.ephemeralKey.end());
// TODO b/185811713 store the upgraded key blob if provided and delete the old key blob.
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
ret = true;
out:
Make vold use the updated keystore 2 API for storage keys. This CL updates vold to use the updated storage key API that provides an optional upgraded key blob. In this patch the upgraded key blob is not yet stored by vold. Bug: 185811713 Test: N/A Change-Id: I39eeb20df0eb2b023479f3adebab264d29d00048
2021-04-20 21:50:58 +02:00
zeroize_vector(ephemeral_key_response.ephemeralKey);
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
zeroize_vector(storageKey.blob.value());
return ret;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
}
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
bool Keystore::deleteKey(const std::string& key) {
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
ks2::KeyDescriptor keyDesc = {
.domain = ks2::Domain::BLOB,
.alias = std::nullopt,
.nspace = VOLD_NAMESPACE,
Port to binder based keymaster hal Bug: 32020919 Change-Id: If45ece76fdaf4d2c80eddc537e429633e4d42f9d
2016-10-26 15:27:10 +02:00
};
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
keyDesc.blob =
std::optional<std::vector<uint8_t>>(std::vector<uint8_t>(key.begin(), key.end()));
auto rc = securityLevel->deleteKey(keyDesc);
return !logKeystore2ExceptionIfPresent(rc, "deleteKey");
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
}
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
KeystoreOperation Keystore::begin(const std::string& key, const km::AuthorizationSet& inParams,
km::AuthorizationSet* outParams) {
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
ks2::KeyDescriptor keyDesc = {
.domain = ks2::Domain::BLOB,
.alias = std::nullopt,
.nspace = VOLD_NAMESPACE,
Port to binder based keymaster hal Bug: 32020919 Change-Id: If45ece76fdaf4d2c80eddc537e429633e4d42f9d
2016-10-26 15:27:10 +02:00
};
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
keyDesc.blob =
std::optional<std::vector<uint8_t>>(std::vector<uint8_t>(key.begin(), key.end()));
Port to binder based keymaster hal Bug: 32020919 Change-Id: If45ece76fdaf4d2c80eddc537e429633e4d42f9d
2016-10-26 15:27:10 +02:00
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
ks2::CreateOperationResponse cor;
auto rc = securityLevel->createOperation(keyDesc, inParams.vector_data(), true, &cor);
if (logKeystore2ExceptionIfPresent(rc, "createOperation")) {
if (rc.getExceptionCode() == EX_SERVICE_SPECIFIC)
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
return KeystoreOperation((km::ErrorCode)rc.getServiceSpecificError());
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
else
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
return KeystoreOperation();
Port to binder based keymaster hal Bug: 32020919 Change-Id: If45ece76fdaf4d2c80eddc537e429633e4d42f9d
2016-10-26 15:27:10 +02:00
}
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
if (!cor.iOperation) {
LOG(ERROR) << "keystore2 createOperation didn't return an operation";
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
return KeystoreOperation();
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
}
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
if (outParams && cor.parameters) *outParams = cor.parameters->keyParameter;
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
return KeystoreOperation(cor.iOperation, cor.upgradedBlob);
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
}
Support Keymaster4 This CL changes vold from using a KM3 device directly to using the KM4 support wrapper from the KM4 support library, which supports both KM3 and KM4 devices (KM0, 1 and 2 devices are still supported as well, because the default KM3 device is a wrapper that uses them). In addition, I found myself getting confused about which "Keymaster" types were locally-defined vold keymaster types and which were from the KM4 HAL and support library, so I changd the approach to referencing the latter, so all of them are qualified with the "km::" namespace reference. Test: Build & boot Change-Id: I08ed5425641e7496f8597d5716cb3cd0cbd33a7f
2018-01-22 17:08:32 +01:00
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
void Keystore::earlyBootEnded() {
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
::ndk::SpAIBinder binder(AServiceManager_getService(maintenance_service_name));
auto maint_service = ks2_maint::IKeystoreMaintenance::fromBinder(binder);
if (!maint_service) {
LOG(ERROR) << "Unable to connect to keystore2 maintenance service for earlyBootEnded";
return;
Have vold inform keymaster that early boot ended Just before mounting partition(s) not verified by verified boot, vold should notify keymaster that early boot has ended so it won't allow EARLY_BOOT_ONLY keys to be created or used. Test: VtsHalKeymasterV4_1TargetTest Change-Id: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3 Merged-In: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3
2020-01-16 22:08:36 +01:00
}
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
auto rc = maint_service->earlyBootEnded();
logKeystore2ExceptionIfPresent(rc, "earlyBootEnded");
Have vold inform keymaster that early boot ended Just before mounting partition(s) not verified by verified boot, vold should notify keymaster that early boot has ended so it won't allow EARLY_BOOT_ONLY keys to be created or used. Test: VtsHalKeymasterV4_1TargetTest Change-Id: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3 Merged-In: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3
2020-01-16 22:08:36 +01:00
}
Detect factory reset and deleteAllKeys Where metadata encryption is enabled, if there is no metadata encryption key present and we are generating one anew, then there has been a factory reset, and this is the first key to be generated. We then call deleteAllKeys to ensure data from before the factory reset is securely deleted. This shouldn't really be necessary; the factory reset call itself should be doing this. However there are currently three factory reset paths (settings, recovery, fastboot -w) and it is not clear that all three are doing this correctly on all devices. Obviously an attacker can prevent this code from being run by running a version of the OS that does not include this change; however, if the bootloader is locked, then keys will be version bound such that they will only work on locked devices with a sufficiently recent version of the OS. If every sufficiently recent signed version of the OS includes this change the attack is defeated. Bug: 187105270 Test: booted Cuttlefish twice, checked logs Change-Id: I9c5c547140e8b1bbffb9c1d215f75251f0f1354e
2021-08-07 00:16:10 +02:00
void Keystore::deleteAllKeys() {
::ndk::SpAIBinder binder(AServiceManager_getService(maintenance_service_name));
auto maint_service = ks2_maint::IKeystoreMaintenance::fromBinder(binder);
if (!maint_service) {
LOG(ERROR) << "Unable to connect to keystore2 maintenance service for deleteAllKeys";
return;
}
auto rc = maint_service->deleteAllKeys();
logKeystore2ExceptionIfPresent(rc, "deleteAllKeys");
}
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
} // namespace vold
} // namespace android
Reference in a new issue Copy permalink