platform_system_vold/KeyStorage.h

/*
 * Copyright (C) 2016 The Android Open Source Project
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

#ifndef ANDROID_VOLD_KEYSTORAGE_H
#define ANDROID_VOLD_KEYSTORAGE_H

#include <string>

namespace android {
namespace vold {

// Represents the information needed to decrypt a disk encryption key.
// If "token" is nonempty, it is passed in as a required Gatekeeper auth token.
// If "secret" is nonempty, it is appended to the application-specific
// binary needed to unlock.
class KeyAuthentication {
public:
    KeyAuthentication(std::string t, std::string s): token {t}, secret {s} {};
    const std::string token;
    const std::string secret;
};

extern const KeyAuthentication kEmptyAuthentication;

// Create a directory at the named path, and store "key" in it,
// in such a way that it can only be retrieved via Keymaster and
// can be securely deleted.
// It's safe to move/rename the directory after creation.
bool storeKey(const std::string &dir, const KeyAuthentication &auth, const std::string &key);

// Retrieve the key from the named directory.
bool retrieveKey(const std::string &dir, const KeyAuthentication &auth, std::string *key);

// Securely destroy the key stored in the named directory and delete the directory.
bool destroyKey(const std::string &dir);

}  // namespace vold
}  // namespace android

#endif
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322 2016-01-21 21:26:12 +01:00			`/*`
			`* Copyright (C) 2016 The Android Open Source Project`
			`*`
			`* Licensed under the Apache License, Version 2.0 (the "License");`
			`* you may not use this file except in compliance with the License.`
			`* You may obtain a copy of the License at`
			`*`
			`* http://www.apache.org/licenses/LICENSE-2.0`
			`*`
			`* Unless required by applicable law or agreed to in writing, software`
			`* distributed under the License is distributed on an "AS IS" BASIS,`
			`* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.`
			`* See the License for the specific language governing permissions and`
			`* limitations under the License.`
			`*/`

			`#ifndef ANDROID_VOLD_KEYSTORAGE_H`
			`#define ANDROID_VOLD_KEYSTORAGE_H`

			`#include <string>`

			`namespace android {`
			`namespace vold {`

Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf 2016-02-08 16:55:41 +01:00			`// Represents the information needed to decrypt a disk encryption key.`
			`// If "token" is nonempty, it is passed in as a required Gatekeeper auth token.`
			`// If "secret" is nonempty, it is appended to the application-specific`
			`// binary needed to unlock.`
			`class KeyAuthentication {`
			`public:`
			`KeyAuthentication(std::string t, std::string s): token {t}, secret {s} {};`
			`const std::string token;`
			`const std::string secret;`
			`};`

			`extern const KeyAuthentication kEmptyAuthentication;`

Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322 2016-01-21 21:26:12 +01:00			`// Create a directory at the named path, and store "key" in it,`
			`// in such a way that it can only be retrieved via Keymaster and`
			`// can be securely deleted.`
			`// It's safe to move/rename the directory after creation.`
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf 2016-02-08 16:55:41 +01:00			`bool storeKey(const std::string &dir, const KeyAuthentication &auth, const std::string &key);`
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322 2016-01-21 21:26:12 +01:00
			`// Retrieve the key from the named directory.`
Use pointers not references for out arguments Google/Android C++ style requires that arguments passed in for writing should be pointers, not references, so that it's visible in the caller that they'll be written to. Bug: 27566014 Change-Id: I5cd55906cc4b2f61c8b97b223786be0b3ce28862 2016-03-09 01:08:32 +01:00			`bool retrieveKey(const std::string &dir, const KeyAuthentication &auth, std::string *key);`
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322 2016-01-21 21:26:12 +01:00
			`// Securely destroy the key stored in the named directory and delete the directory.`
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2 2016-01-27 15:30:22 +01:00			`bool destroyKey(const std::string &dir);`
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322 2016-01-21 21:26:12 +01:00
			`} // namespace vold`
			`} // namespace android`

			`#endif`