/* * Copyright (C) 2016 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ #include "Keystore.h" #include #include #include #include #include #include // Keep these in sync with system/security/keystore2/src/keystore2_main.rs static constexpr const char keystore2_service_name[] = "android.system.keystore2.IKeystoreService/default"; static constexpr const char maintenance_service_name[] = "android.security.maintenance"; /* * Keep this in sync with the description for update() in * system/hardware/interfaces/keystore2/aidl/android/system/keystore2/IKeystoreOperation.aidl */ static constexpr const size_t UPDATE_INPUT_MAX_SIZE = 32 * 1024; // 32 KiB // Keep this in sync with system/sepolicy/private/keystore2_key_contexts static constexpr const int VOLD_NAMESPACE = 100; namespace android { namespace vold { namespace ks2_maint = ::aidl::android::security::maintenance; KeystoreOperation::~KeystoreOperation() { if (ks2Operation) ks2Operation->abort(); } static void zeroize_vector(std::vector& vec) { memset_explicit(vec.data(), 0, vec.size()); } static bool logKeystore2ExceptionIfPresent(::ndk::ScopedAStatus& rc, const std::string& func_name) { if (rc.isOk()) return false; auto exception_code = rc.getExceptionCode(); if (exception_code == EX_SERVICE_SPECIFIC) { LOG(ERROR) << "keystore2 Keystore " << func_name << " returned service specific error: " << rc.getServiceSpecificError(); } else { LOG(ERROR) << "keystore2 Communication with Keystore " << func_name << " failed error: " << exception_code; } return true; } bool KeystoreOperation::updateCompletely(const char* input, size_t inputLen, const std::function consumer) { if (!ks2Operation) return false; while (inputLen != 0) { size_t currLen = std::min(inputLen, UPDATE_INPUT_MAX_SIZE); std::vector input_vec(input, input + currLen); inputLen -= currLen; input += currLen; std::optional> output; auto rc = ks2Operation->update(input_vec, &output); zeroize_vector(input_vec); if (logKeystore2ExceptionIfPresent(rc, "update")) { ks2Operation = nullptr; return false; } if (output) consumer((const char*)output->data(), output->size()); } return true; } bool KeystoreOperation::finish(std::string* output) { std::optional> out_vec; if (!ks2Operation) return false; auto rc = ks2Operation->finish(std::nullopt, std::nullopt, &out_vec); if (logKeystore2ExceptionIfPresent(rc, "finish")) { ks2Operation = nullptr; return false; } if (output) *output = std::string(out_vec->begin(), out_vec->end()); return true; } Keystore::Keystore() { ::ndk::SpAIBinder binder(AServiceManager_waitForService(keystore2_service_name)); auto keystore2Service = ks2::IKeystoreService::fromBinder(binder); if (!keystore2Service) { LOG(ERROR) << "Vold unable to connect to keystore2."; return; } /* * There are only two options available to vold for the SecurityLevel: TRUSTED_ENVIRONMENT (TEE) * and STRONGBOX. We don't use STRONGBOX because if a TEE is present it will have Weaver, which * already strengthens CE, so there's no additional benefit from using StrongBox. * * The picture is slightly more complicated because Keystore2 reports a SOFTWARE instance as * a TEE instance when there isn't a TEE instance available, but in that case, a STRONGBOX * instance won't be available either, so we'll still be doing the best we can. */ auto rc = keystore2Service->getSecurityLevel(km::SecurityLevel::TRUSTED_ENVIRONMENT, &securityLevel); if (logKeystore2ExceptionIfPresent(rc, "getSecurityLevel")) LOG(ERROR) << "Vold unable to get security level from keystore2."; } bool Keystore::generateKey(const km::AuthorizationSet& inParams, std::string* key) { ks2::KeyDescriptor in_key = { .domain = ks2::Domain::BLOB, .alias = std::nullopt, .nspace = VOLD_NAMESPACE, .blob = std::nullopt, }; ks2::KeyMetadata keyMetadata; auto rc = securityLevel->generateKey(in_key, std::nullopt, inParams.vector_data(), 0, {}, &keyMetadata); if (logKeystore2ExceptionIfPresent(rc, "generateKey")) return false; if (keyMetadata.key.blob == std::nullopt) { LOG(ERROR) << "keystore2 generated key blob was null"; return false; } if (key) *key = std::string(keyMetadata.key.blob->begin(), keyMetadata.key.blob->end()); zeroize_vector(keyMetadata.key.blob.value()); return true; } bool Keystore::exportKey(const KeyBuffer& ksKey, std::string* key) { bool ret = false; ks2::KeyDescriptor storageKey = { .domain = ks2::Domain::BLOB, .alias = std::nullopt, .nspace = VOLD_NAMESPACE, }; storageKey.blob = std::make_optional>(ksKey.begin(), ksKey.end()); ks2::EphemeralStorageKeyResponse ephemeral_key_response; auto rc = securityLevel->convertStorageKeyToEphemeral(storageKey, &ephemeral_key_response); if (logKeystore2ExceptionIfPresent(rc, "exportKey")) goto out; if (key) *key = std::string(ephemeral_key_response.ephemeralKey.begin(), ephemeral_key_response.ephemeralKey.end()); // vold intentionally ignores ephemeral_key_response.upgradedBlob, since the // concept of "upgrading" doesn't make sense for TAG_STORAGE_KEY keys // (hardware-wrapped inline encryption keys). These keys are only meant as // a substitute for raw keys; they still go through vold's usual layer of // key wrapping, which already handles version binding. So, vold just keeps // using the original blobs for TAG_STORAGE_KEY keys. If KeyMint "upgrades" // them anyway, then they'll just get re-upgraded before each use. ret = true; out: zeroize_vector(ephemeral_key_response.ephemeralKey); zeroize_vector(storageKey.blob.value()); return ret; } bool Keystore::deleteKey(const std::string& key) { ks2::KeyDescriptor keyDesc = { .domain = ks2::Domain::BLOB, .alias = std::nullopt, .nspace = VOLD_NAMESPACE, }; keyDesc.blob = std::optional>(std::vector(key.begin(), key.end())); auto rc = securityLevel->deleteKey(keyDesc); return !logKeystore2ExceptionIfPresent(rc, "deleteKey"); } KeystoreOperation Keystore::begin(const std::string& key, const km::AuthorizationSet& inParams, km::AuthorizationSet* outParams) { ks2::KeyDescriptor keyDesc = { .domain = ks2::Domain::BLOB, .alias = std::nullopt, .nspace = VOLD_NAMESPACE, }; keyDesc.blob = std::optional>(std::vector(key.begin(), key.end())); ks2::CreateOperationResponse cor; auto rc = securityLevel->createOperation(keyDesc, inParams.vector_data(), true, &cor); if (logKeystore2ExceptionIfPresent(rc, "createOperation")) { if (rc.getExceptionCode() == EX_SERVICE_SPECIFIC) return KeystoreOperation((km::ErrorCode)rc.getServiceSpecificError()); else return KeystoreOperation(); } if (!cor.iOperation) { LOG(ERROR) << "keystore2 createOperation didn't return an operation"; return KeystoreOperation(); } if (outParams && cor.parameters) *outParams = cor.parameters->keyParameter; return KeystoreOperation(cor.iOperation, cor.upgradedBlob); } void Keystore::earlyBootEnded() { ::ndk::SpAIBinder binder(AServiceManager_getService(maintenance_service_name)); auto maint_service = ks2_maint::IKeystoreMaintenance::fromBinder(binder); if (!maint_service) { LOG(ERROR) << "Unable to connect to keystore2 maintenance service for earlyBootEnded"; return; } auto rc = maint_service->earlyBootEnded(); logKeystore2ExceptionIfPresent(rc, "earlyBootEnded"); } void Keystore::deleteAllKeys() { ::ndk::SpAIBinder binder(AServiceManager_getService(maintenance_service_name)); auto maint_service = ks2_maint::IKeystoreMaintenance::fromBinder(binder); if (!maint_service) { LOG(ERROR) << "Unable to connect to keystore2 maintenance service for deleteAllKeys"; return; } auto rc = maint_service->deleteAllKeys(); logKeystore2ExceptionIfPresent(rc, "deleteAllKeys"); } } // namespace vold } // namespace android