1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 // TODO: Maybe "Keymaster" should be replaced with Keystore2 everywhere? 17 #ifndef ANDROID_VOLD_KEYMASTER_H 18 #define ANDROID_VOLD_KEYMASTER_H 19 20 #include "KeyBuffer.h" 21 22 #include <memory> 23 #include <string> 24 #include <utility> 25 26 #include <android-base/macros.h> 27 #include <keymint_support/authorization_set.h> 28 #include <keymint_support/keymint_tags.h> 29 30 #include <aidl/android/hardware/security/keymint/ErrorCode.h> 31 #include <aidl/android/system/keystore2/IKeystoreService.h> 32 #include <android/binder_manager.h> 33 34 namespace android { 35 namespace vold { 36 37 namespace ks2 = ::aidl::android::system::keystore2; 38 namespace km = ::aidl::android::hardware::security::keymint; 39 40 // C++ wrappers to the Keystore2 AIDL interface. 41 // This is tailored to the needs of KeyStorage, but could be extended to be 42 // a more general interface. 43 44 // Wrapper for a Keystore2 operation handle representing an 45 // ongoing Keystore2 operation. Aborts the operation 46 // in the destructor if it is unfinished. Methods log failures 47 // to LOG(ERROR). 48 class KeymasterOperation { 49 public: 50 ~KeymasterOperation(); 51 // Is this instance valid? This is false if creation fails, and becomes 52 // false on finish or if an update fails. 53 explicit operator bool() const { return (bool)ks2Operation; } getErrorCode()54 km::ErrorCode getErrorCode() const { return errorCode; } getUpgradedBlob()55 std::optional<std::string> getUpgradedBlob() const { return upgradedBlob; } 56 // Call "update" repeatedly until all of the input is consumed, and 57 // concatenate the output. Return true on success. 58 template <class TI, class TO> updateCompletely(TI & input,TO * output)59 bool updateCompletely(TI& input, TO* output) { 60 if (output) output->clear(); 61 return updateCompletely(input.data(), input.size(), [&](const char* b, size_t n) { 62 if (output) std::copy(b, b + n, std::back_inserter(*output)); 63 }); 64 } 65 66 // Finish and write the output to this string, unless pointer is null. 67 bool finish(std::string* output); 68 // Move constructor KeymasterOperation(KeymasterOperation && rhs)69 KeymasterOperation(KeymasterOperation&& rhs) { *this = std::move(rhs); } 70 // Construct an object in an error state for error returns KeymasterOperation()71 KeymasterOperation() { errorCode = km::ErrorCode::UNKNOWN_ERROR; } 72 // Move Assignment 73 KeymasterOperation& operator=(KeymasterOperation&& rhs) { 74 ks2Operation = rhs.ks2Operation; 75 rhs.ks2Operation = nullptr; 76 77 upgradedBlob = rhs.upgradedBlob; 78 rhs.upgradedBlob = std::nullopt; 79 80 errorCode = rhs.errorCode; 81 rhs.errorCode = km::ErrorCode::UNKNOWN_ERROR; 82 83 return *this; 84 } 85 86 private: KeymasterOperation(std::shared_ptr<ks2::IKeystoreOperation> ks2Op,std::optional<std::vector<uint8_t>> blob)87 KeymasterOperation(std::shared_ptr<ks2::IKeystoreOperation> ks2Op, 88 std::optional<std::vector<uint8_t>> blob) 89 : ks2Operation{ks2Op}, errorCode{km::ErrorCode::OK} { 90 if (blob) 91 upgradedBlob = std::optional(std::string(blob->begin(), blob->end())); 92 else 93 upgradedBlob = std::nullopt; 94 } 95 KeymasterOperation(km::ErrorCode errCode)96 KeymasterOperation(km::ErrorCode errCode) : errorCode{errCode} {} 97 98 bool updateCompletely(const char* input, size_t inputLen, 99 const std::function<void(const char*, size_t)> consumer); 100 101 std::shared_ptr<ks2::IKeystoreOperation> ks2Operation; 102 std::optional<std::string> upgradedBlob; 103 km::ErrorCode errorCode; 104 DISALLOW_COPY_AND_ASSIGN(KeymasterOperation); 105 friend class Keymaster; 106 }; 107 108 // Wrapper for keystore2 methods that vold uses. 109 class Keymaster { 110 public: 111 Keymaster(); 112 // false if we failed to get a keystore2 security level. 113 explicit operator bool() { return (bool)securityLevel; } 114 // Generate a key using keystore2 from the given params. 115 bool generateKey(const km::AuthorizationSet& inParams, std::string* key); 116 // Exports a keystore2 key with STORAGE_KEY tag wrapped with a per-boot ephemeral key 117 bool exportKey(const KeyBuffer& kmKey, std::string* key); 118 // If supported, permanently delete a key from the keymint device it belongs to. 119 bool deleteKey(const std::string& key); 120 // Begin a new cryptographic operation, collecting output parameters if pointer is non-null 121 // If the key was upgraded as a result of a call to this method, the returned KeymasterOperation 122 // also stores the upgraded key blob. 123 KeymasterOperation begin(const std::string& key, const km::AuthorizationSet& inParams, 124 km::AuthorizationSet* outParams); 125 126 // Tell all Keymint devices that early boot has ended and early boot-only keys can no longer 127 // be created or used. 128 static void earlyBootEnded(); 129 130 // Tell all Keymint devices to delete all rollback-protected keys. 131 static void deleteAllKeys(); 132 133 private: 134 std::shared_ptr<ks2::IKeystoreSecurityLevel> securityLevel; 135 DISALLOW_COPY_AND_ASSIGN(Keymaster); 136 }; 137 138 } // namespace vold 139 } // namespace android 140 141 #endif 142