tequilaOS/platform_system_vold
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
platform_system_vold/Keystore.h

141 lines
5.2 KiB
C
Raw Normal View History

Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
#ifndef ANDROID_VOLD_KEYSTORE_H
#define ANDROID_VOLD_KEYSTORE_H
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
Zero memory used for encryuption keys. std::vector with custom zeroing allocator is used instead of std::string for data that can contain encryption keys. Bug: 64201177 Test: manually created a managed profile, changed it's credentials Test: manually upgraded a phone with profile from O to MR1. Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd
2017-08-01 18:15:53 +02:00
#include "KeyBuffer.h"
Support Keymaster2 with lots of clever template logic :) Bug: 27718275 Change-Id: I0b2aa74f45fd07a121ce0c342b27426a3fe593ce
2016-03-16 01:04:39 +01:00
#include <memory>
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
#include <string>
Support Keymaster2 with lots of clever template logic :) Bug: 27718275 Change-Id: I0b2aa74f45fd07a121ce0c342b27426a3fe593ce
2016-03-16 01:04:39 +01:00
#include <utility>
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
Keymaster: IWYU Was depending on this transitively from MQDescriptor.h Test: links Bug: 37791060 Change-Id: I9b52bbe9ac6c3a54fdb6e352e90eba50914633d4
2017-05-01 21:45:32 +02:00
#include <android-base/macros.h>
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
#include <keymint_support/authorization_set.h>
#include <keymint_support/keymint_tags.h>
#include <aidl/android/hardware/security/keymint/ErrorCode.h>
#include <aidl/android/system/keystore2/IKeystoreService.h>
#include <android/binder_manager.h>
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
namespace android {
namespace vold {
Support Keymaster4 This CL changes vold from using a KM3 device directly to using the KM4 support wrapper from the KM4 support library, which supports both KM3 and KM4 devices (KM0, 1 and 2 devices are still supported as well, because the default KM3 device is a wrapper that uses them). In addition, I found myself getting confused about which "Keymaster" types were locally-defined vold keymaster types and which were from the KM4 HAL and support library, so I changd the approach to referencing the latter, so all of them are qualified with the "km::" namespace reference. Test: Build & boot Change-Id: I08ed5425641e7496f8597d5716cb3cd0cbd33a7f
2018-01-22 17:08:32 +01:00
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
namespace ks2 = ::aidl::android::system::keystore2;
namespace km = ::aidl::android::hardware::security::keymint;
Update vold to use KM4.1 This CL updates vold to use the Keymaster 4.1 interface, but does not yet call any of the new methods. Test: Boot the device Change-Id: I4574a2f6eead3b71d1e89488b496b734694620c7
2020-01-16 21:21:42 +01:00
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
// C++ wrappers to the Keystore2 AIDL interface.
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
// This is tailored to the needs of KeyStorage, but could be extended to be
// a more general interface.
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
// Wrapper for a Keystore2 operation handle representing an
// ongoing Keystore2 operation. Aborts the operation
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
// in the destructor if it is unfinished. Methods log failures
// to LOG(ERROR).
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
class KeystoreOperation {
Run clang-format over ext4crypt related code The formatting here is inconsistent with Android house style; use clang-format to bring it back into line. Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
2016-03-09 18:31:37 +01:00
public:
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
~KeystoreOperation();
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
// Is this instance valid? This is false if creation fails, and becomes
// false on finish or if an update fails.
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
explicit operator bool() const { return (bool)ks2Operation; }
km::ErrorCode getErrorCode() const { return errorCode; }
std::optional<std::string> getUpgradedBlob() const { return upgradedBlob; }
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
2016-01-27 15:30:22 +01:00
// Call "update" repeatedly until all of the input is consumed, and
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
// concatenate the output. Return true on success.
Zero memory used for encryuption keys. std::vector with custom zeroing allocator is used instead of std::string for data that can contain encryption keys. Bug: 64201177 Test: manually created a managed profile, changed it's credentials Test: manually upgraded a phone with profile from O to MR1. Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd
2017-08-01 18:15:53 +02:00
template <class TI, class TO>
bool updateCompletely(TI& input, TO* output) {
if (output) output->clear();
return updateCompletely(input.data(), input.size(), [&](const char* b, size_t n) {
Clang-format Keymaster.{cpp|h} and KeyStorage.{cpp|h} Test: Build & boot Change-Id: I92bb107409f493770028cf6fd637d34af7644262
2018-01-20 17:37:36 +01:00
if (output) std::copy(b, b + n, std::back_inserter(*output));
Zero memory used for encryuption keys. std::vector with custom zeroing allocator is used instead of std::string for data that can contain encryption keys. Bug: 64201177 Test: manually created a managed profile, changed it's credentials Test: manually upgraded a phone with profile from O to MR1. Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd
2017-08-01 18:15:53 +02:00
});
}
Support Keymaster 2 configuration and key upgrading Bug: 27212248 Change-Id: I96bd9a442f4f535ba6ea44c9e81bcc1fee0ec471
2016-05-16 17:14:56 +02:00
// Finish and write the output to this string, unless pointer is null.
bool finish(std::string* output);
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
// Move constructor
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
KeystoreOperation(KeystoreOperation&& rhs) { *this = std::move(rhs); }
Support Keymaster 2 configuration and key upgrading Bug: 27212248 Change-Id: I96bd9a442f4f535ba6ea44c9e81bcc1fee0ec471
2016-05-16 17:14:56 +02:00
// Construct an object in an error state for error returns
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
KeystoreOperation() { errorCode = km::ErrorCode::UNKNOWN_ERROR; }
Port cryptfs to HILD keymaster HAL Cryptfs uses keymaster for key derivation. Vold has a C++ abstraction for Keymaster. However, cryptfs, being a pure C implementation, uses its own abstraction of the keymaster HAL. This patch expresses cryptfs' keymaster abstraction in terms of vold's C++ Keymaster abstraction, consolidating the code base to a single point where the actual keymaster HAL is beeing used. Test: successfully upgrade bullhead/angler while using FDE and having a PIN set run vold_cryptfs_scrypt_hidlization_equivalence_test Bug: 35028230 Bug: 32020919 Change-Id: Ic3b765720be0cf7899dda5005fa89347ffb59b9f
2017-01-31 12:31:08 +01:00
// Move Assignment
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
KeystoreOperation& operator=(KeystoreOperation&& rhs) {
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
ks2Operation = rhs.ks2Operation;
rhs.ks2Operation = nullptr;
Prevent spurious call to keymaster abort(). During the analysis of b/72953784 it was noticed that vold was calling keymaster abort() and failing, though vold was succeeding with its keymaster operation. This had nothing to do with the bug, but the presence of the error appeared to implicate keymaster, and it's bad form in any case. This CL correctly clears the mDevice member during a move, so the destructor will not attempt to call abort. Test: Build & boot Bug: 72953784 Change-Id: Ib0700f829e87f19b089396087085585ddd6b96a5
2018-02-07 23:06:06 +01:00
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
upgradedBlob = rhs.upgradedBlob;
rhs.upgradedBlob = std::nullopt;
Prevent spurious call to keymaster abort(). During the analysis of b/72953784 it was noticed that vold was calling keymaster abort() and failing, though vold was succeeding with its keymaster operation. This had nothing to do with the bug, but the presence of the error appeared to implicate keymaster, and it's bad form in any case. This CL correctly clears the mDevice member during a move, so the destructor will not attempt to call abort. Test: Build & boot Bug: 72953784 Change-Id: Ib0700f829e87f19b089396087085585ddd6b96a5
2018-02-07 23:06:06 +01:00
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
errorCode = rhs.errorCode;
rhs.errorCode = km::ErrorCode::UNKNOWN_ERROR;
Prevent spurious call to keymaster abort(). During the analysis of b/72953784 it was noticed that vold was calling keymaster abort() and failing, though vold was succeeding with its keymaster operation. This had nothing to do with the bug, but the presence of the error appeared to implicate keymaster, and it's bad form in any case. This CL correctly clears the mDevice member during a move, so the destructor will not attempt to call abort. Test: Build & boot Bug: 72953784 Change-Id: Ib0700f829e87f19b089396087085585ddd6b96a5
2018-02-07 23:06:06 +01:00
Port cryptfs to HILD keymaster HAL Cryptfs uses keymaster for key derivation. Vold has a C++ abstraction for Keymaster. However, cryptfs, being a pure C implementation, uses its own abstraction of the keymaster HAL. This patch expresses cryptfs' keymaster abstraction in terms of vold's C++ Keymaster abstraction, consolidating the code base to a single point where the actual keymaster HAL is beeing used. Test: successfully upgrade bullhead/angler while using FDE and having a PIN set run vold_cryptfs_scrypt_hidlization_equivalence_test Bug: 35028230 Bug: 32020919 Change-Id: Ic3b765720be0cf7899dda5005fa89347ffb59b9f
2017-01-31 12:31:08 +01:00
return *this;
}
Run clang-format over ext4crypt related code The formatting here is inconsistent with Android house style; use clang-format to bring it back into line. Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
2016-03-09 18:31:37 +01:00
private:
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
KeystoreOperation(std::shared_ptr<ks2::IKeystoreOperation> ks2Op,
std::optional<std::vector<uint8_t>> blob)
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
: ks2Operation{ks2Op}, errorCode{km::ErrorCode::OK} {
if (blob)
upgradedBlob = std::optional(std::string(blob->begin(), blob->end()));
else
upgradedBlob = std::nullopt;
}
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
KeystoreOperation(km::ErrorCode errCode) : errorCode{errCode} {}
Zero memory used for encryuption keys. std::vector with custom zeroing allocator is used instead of std::string for data that can contain encryption keys. Bug: 64201177 Test: manually created a managed profile, changed it's credentials Test: manually upgraded a phone with profile from O to MR1. Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd
2017-08-01 18:15:53 +02:00
bool updateCompletely(const char* input, size_t inputLen,
const std::function<void(const char*, size_t)> consumer);
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
std::shared_ptr<ks2::IKeystoreOperation> ks2Operation;
std::optional<std::string> upgradedBlob;
km::ErrorCode errorCode;
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
DISALLOW_COPY_AND_ASSIGN(KeystoreOperation);
friend class Keystore;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
};
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
// Wrapper for keystore2 methods that vold uses.
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
class Keystore {
Run clang-format over ext4crypt related code The formatting here is inconsistent with Android house style; use clang-format to bring it back into line. Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
2016-03-09 18:31:37 +01:00
public:
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
Keystore();
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
// false if we failed to get a keystore2 security level.
explicit operator bool() { return (bool)securityLevel; }
// Generate a key using keystore2 from the given params.
Support Keymaster4 This CL changes vold from using a KM3 device directly to using the KM4 support wrapper from the KM4 support library, which supports both KM3 and KM4 devices (KM0, 1 and 2 devices are still supported as well, because the default KM3 device is a wrapper that uses them). In addition, I found myself getting confused about which "Keymaster" types were locally-defined vold keymaster types and which were from the KM4 HAL and support library, so I changd the approach to referencing the latter, so all of them are qualified with the "km::" namespace reference. Test: Build & boot Change-Id: I08ed5425641e7496f8597d5716cb3cd0cbd33a7f
2018-01-22 17:08:32 +01:00
bool generateKey(const km::AuthorizationSet& inParams, std::string* key);
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
// Exports a keystore2 key with STORAGE_KEY tag wrapped with a per-boot ephemeral key
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
bool exportKey(const KeyBuffer& ksKey, std::string* key);
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
// If supported, permanently delete a key from the keymint device it belongs to.
Run clang-format over ext4crypt related code The formatting here is inconsistent with Android house style; use clang-format to bring it back into line. Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
2016-03-09 18:31:37 +01:00
bool deleteKey(const std::string& key);
Support Keymaster 2 configuration and key upgrading Bug: 27212248 Change-Id: I96bd9a442f4f535ba6ea44c9e81bcc1fee0ec471
2016-05-16 17:14:56 +02:00
// Begin a new cryptographic operation, collecting output parameters if pointer is non-null
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
// If the key was upgraded as a result of a call to this method, the returned KeystoreOperation
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
// also stores the upgraded key blob.
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
KeystoreOperation begin(const std::string& key, const km::AuthorizationSet& inParams,
km::AuthorizationSet* outParams);
Run clang-format over ext4crypt related code The formatting here is inconsistent with Android house style; use clang-format to bring it back into line. Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
2016-03-09 18:31:37 +01:00
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
// Tell all Keymint devices that early boot has ended and early boot-only keys can no longer
Send earlyBootEnded notice to all Keymasters Vold incorrectly sends the earlyBootEnded signal only to the Keymaster instance used for device encryption, but all of them need it. Bug: 152932559 Test: VtsHalKeymasterV4_1TargetTest Change-Id: Id8f01a1dc7d2398395f369c3ea74656a82888829
2020-04-01 18:02:16 +02:00
// be created or used.
static void earlyBootEnded();
Have vold inform keymaster that early boot ended Just before mounting partition(s) not verified by verified boot, vold should notify keymaster that early boot has ended so it won't allow EARLY_BOOT_ONLY keys to be created or used. Test: VtsHalKeymasterV4_1TargetTest Change-Id: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3 Merged-In: I74ffec8d5b33f01e62f845a8fc824b3a3cad50f3
2020-01-16 22:08:36 +01:00
Detect factory reset and deleteAllKeys Where metadata encryption is enabled, if there is no metadata encryption key present and we are generating one anew, then there has been a factory reset, and this is the first key to be generated. We then call deleteAllKeys to ensure data from before the factory reset is securely deleted. This shouldn't really be necessary; the factory reset call itself should be doing this. However there are currently three factory reset paths (settings, recovery, fastboot -w) and it is not clear that all three are doing this correctly on all devices. Obviously an attacker can prevent this code from being run by running a version of the OS that does not include this change; however, if the bootloader is locked, then keys will be version bound such that they will only work on locked devices with a sufficiently recent version of the OS. If every sufficiently recent signed version of the OS includes this change the attack is defeated. Bug: 187105270 Test: booted Cuttlefish twice, checked logs Change-Id: I9c5c547140e8b1bbffb9c1d215f75251f0f1354e
2021-08-07 00:16:10 +02:00
// Tell all Keymint devices to delete all rollback-protected keys.
static void deleteAllKeys();
Run clang-format over ext4crypt related code The formatting here is inconsistent with Android house style; use clang-format to bring it back into line. Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
2016-03-09 18:31:37 +01:00
private:
Make vold use keystore2 instead of keymaster Make vold use keystore2 for all its operations instead of directly using keymaster. This way, we won't have any clients that bypass keystore2, and we'll no longer need to reserve a keymaster operation for vold. Note that we now hardcode "SecurityLevel::TRUSTED_ENVIRONMENT" (TEE) when talking to Keystore2 since Keystore2 only allows TEE and STRONGBOX. Keystore2 presents any SOFTWARE implementation as a TEE to callers when no "real" TEE is present. As far as storage encryption is concerned, there's no advantage to using a STRONGBOX when a "real" TEE is present, and a STRONGBOX can't be present if a "real" TEE isn't, so asking Keystore2 for a TEE is the best we can do in any situation. The difference in behaviour only really affects the full disk encryption code in cryptfs.cpp, which used to explicitly check that the keymaster device is a "real" TEE (as opposed to a SOFTWARE implementation) before using it (it can no longer do so since Keystore2 doesn't provide a way to do this). A little code history digging (7c49ab0a0b in particular) shows that cryptfs.cpp cared about two things when using a keymaster. - 1) that the keys generated by the keymaster were "standalone" keys - i.e. that the keymaster could operate on those keys without requiring /data or any other service to be available. - 2) that the keymaster was a non-SOFTWARE implementation so that things would still work in case a "real" TEE keymaster was ever somehow added to the device after first boot. Today, all "real" TEE keymasters always generate "standalone" keys, and a TEE has been required in Android devices since at least Android N. The only two exceptions are Goldfish and ARC++, which have SOFTWARE keymasters, but both those keymasters also generate "standalone" keys. We're also no longer worried about possibly adding a "real" TEE KM to either of those devices after first boot. So there's no longer a reason cryptfs.cpp can't use the SOFTWARE keymaster on those devices. There's also already an upgrade path in place (see test_mount_encrypted_fs() in cryptfs.cpp) to upgrade the kdf that's being used once a TEE keymaster is added to the device. So it's safe for cryptfs.cpp to ask for a TEE keymaster from Keystore2 and use it blindly, without checking whether or not it's a "real" TEE, which is why Keymaster::isSecure() just returns true now. A future patch will remove that function and simplify its callers. Bug: 181910578 Test: cuttlefish and bramble boot. Adding, switching between, stopping and removing users work. Change-Id: Iaebfef082eca0da8a305043fafb6d85e5de14cf8
2021-03-01 07:32:07 +01:00
std::shared_ptr<ks2::IKeystoreSecurityLevel> securityLevel;
Replace most references to Keymaster with Keystore Now that vold uses Keystore2 rather than the Keymaster HAL directly, and also the new version of Keymaster is called "KeyMint" instead, replace most of the references to Keymaster in vold with Keystore. (I decided not to include the "2" in most places, as it seemed unnecessarily precise in most places, and it would be something that might need to keep being updated. Only Keystore.{cpp,h} really need to care about the version number.) I didn't rename many things in cryptfs.cpp, as that file will be going away soon anyway. I also left "wait_for_keymaster" and "vdc keymaster earlyBootEnded" as-is for now, as those are referenced outside vold. Bug: 183669495 Change-Id: I92cd648fae09f8c9769f7cf34dbf6c6e956be4e8
2021-06-15 20:34:00 +02:00
DISALLOW_COPY_AND_ASSIGN(Keystore);
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
2016-01-21 21:26:12 +01:00
};
} // namespace vold
} // namespace android
#endif
Reference in a new issue Copy permalink