1 // Copyright 2020, The Android Open Source Project 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 //! This crate implements the IKeystoreSecurityLevel interface. 16 17 use crate::attestation_key_utils::{get_attest_key_info, AttestationKeyInfo}; 18 use crate::audit_log::{ 19 log_key_deleted, log_key_generated, log_key_imported, log_key_integrity_violation, 20 }; 21 use crate::database::{BlobInfo, CertificateInfo, KeyIdGuard}; 22 use crate::error::{self, map_km_error, map_or_log_err, Error, ErrorCode}; 23 use crate::globals::{DB, ENFORCEMENTS, LEGACY_IMPORTER, SUPER_KEY}; 24 use crate::key_parameter::KeyParameter as KsKeyParam; 25 use crate::key_parameter::KeyParameterValue as KsKeyParamValue; 26 use crate::ks_err; 27 use crate::metrics_store::log_key_creation_event_stats; 28 use crate::remote_provisioning::RemProvState; 29 use crate::rkpd_client::store_rkpd_attestation_key; 30 use crate::super_key::{KeyBlob, SuperKeyManager}; 31 use crate::utils::{ 32 check_device_attestation_permissions, check_key_permission, 33 check_unique_id_attestation_permissions, is_device_id_attestation_tag, 34 key_characteristics_to_internal, uid_to_android_user, watchdog as wd, 35 }; 36 use crate::{ 37 database::{ 38 BlobMetaData, BlobMetaEntry, DateTime, KeyEntry, KeyEntryLoadBits, KeyMetaData, 39 KeyMetaEntry, KeyType, SubComponentType, Uuid, 40 }, 41 operation::KeystoreOperation, 42 operation::LoggingInfo, 43 operation::OperationDb, 44 permission::KeyPerm, 45 }; 46 use crate::{globals::get_keymint_device, id_rotation::IdRotationState}; 47 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{ 48 Algorithm::Algorithm, AttestationKey::AttestationKey, 49 HardwareAuthenticatorType::HardwareAuthenticatorType, IKeyMintDevice::IKeyMintDevice, 50 KeyCreationResult::KeyCreationResult, KeyFormat::KeyFormat, 51 KeyMintHardwareInfo::KeyMintHardwareInfo, KeyParameter::KeyParameter, 52 KeyParameterValue::KeyParameterValue, SecurityLevel::SecurityLevel, Tag::Tag, 53 }; 54 use android_hardware_security_keymint::binder::{BinderFeatures, Strong, ThreadState}; 55 use android_system_keystore2::aidl::android::system::keystore2::{ 56 AuthenticatorSpec::AuthenticatorSpec, CreateOperationResponse::CreateOperationResponse, 57 Domain::Domain, EphemeralStorageKeyResponse::EphemeralStorageKeyResponse, 58 IKeystoreOperation::IKeystoreOperation, IKeystoreSecurityLevel::BnKeystoreSecurityLevel, 59 IKeystoreSecurityLevel::IKeystoreSecurityLevel, KeyDescriptor::KeyDescriptor, 60 KeyMetadata::KeyMetadata, KeyParameters::KeyParameters, ResponseCode::ResponseCode, 61 }; 62 use anyhow::{anyhow, Context, Result}; 63 use std::convert::TryInto; 64 use std::time::SystemTime; 65 66 /// Implementation of the IKeystoreSecurityLevel Interface. 67 pub struct KeystoreSecurityLevel { 68 security_level: SecurityLevel, 69 keymint: Strong<dyn IKeyMintDevice>, 70 hw_info: KeyMintHardwareInfo, 71 km_uuid: Uuid, 72 operation_db: OperationDb, 73 rem_prov_state: RemProvState, 74 id_rotation_state: IdRotationState, 75 } 76 77 // Blob of 32 zeroes used as empty masking key. 78 static ZERO_BLOB_32: &[u8] = &[0; 32]; 79 80 // Per RFC 5280 4.1.2.5, an undefined expiration (not-after) field should be set to GeneralizedTime 81 // 999912312359559, which is 253402300799000 ms from Jan 1, 1970. 82 const UNDEFINED_NOT_AFTER: i64 = 253402300799000i64; 83 84 impl KeystoreSecurityLevel { 85 /// Creates a new security level instance wrapped in a 86 /// BnKeystoreSecurityLevel proxy object. It also enables 87 /// `BinderFeatures::set_requesting_sid` on the new interface, because 88 /// we need it for checking keystore permissions. new_native_binder( security_level: SecurityLevel, id_rotation_state: IdRotationState, ) -> Result<(Strong<dyn IKeystoreSecurityLevel>, Uuid)>89 pub fn new_native_binder( 90 security_level: SecurityLevel, 91 id_rotation_state: IdRotationState, 92 ) -> Result<(Strong<dyn IKeystoreSecurityLevel>, Uuid)> { 93 let (dev, hw_info, km_uuid) = get_keymint_device(&security_level) 94 .context(ks_err!("KeystoreSecurityLevel::new_native_binder."))?; 95 let result = BnKeystoreSecurityLevel::new_binder( 96 Self { 97 security_level, 98 keymint: dev, 99 hw_info, 100 km_uuid, 101 operation_db: OperationDb::new(), 102 rem_prov_state: RemProvState::new(security_level, km_uuid), 103 id_rotation_state, 104 }, 105 BinderFeatures { set_requesting_sid: true, ..BinderFeatures::default() }, 106 ); 107 Ok((result, km_uuid)) 108 } 109 watch_millis(&self, id: &'static str, millis: u64) -> Option<wd::WatchPoint>110 fn watch_millis(&self, id: &'static str, millis: u64) -> Option<wd::WatchPoint> { 111 let sec_level = self.security_level; 112 wd::watch_millis_with(id, millis, move || format!("SecurityLevel {:?}", sec_level)) 113 } 114 store_new_key( &self, key: KeyDescriptor, creation_result: KeyCreationResult, user_id: u32, flags: Option<i32>, ) -> Result<KeyMetadata>115 fn store_new_key( 116 &self, 117 key: KeyDescriptor, 118 creation_result: KeyCreationResult, 119 user_id: u32, 120 flags: Option<i32>, 121 ) -> Result<KeyMetadata> { 122 let KeyCreationResult { 123 keyBlob: key_blob, 124 keyCharacteristics: key_characteristics, 125 certificateChain: mut certificate_chain, 126 } = creation_result; 127 128 let mut cert_info: CertificateInfo = CertificateInfo::new( 129 match certificate_chain.len() { 130 0 => None, 131 _ => Some(certificate_chain.remove(0).encodedCertificate), 132 }, 133 match certificate_chain.len() { 134 0 => None, 135 _ => Some( 136 certificate_chain 137 .iter() 138 .flat_map(|c| c.encodedCertificate.iter()) 139 .copied() 140 .collect(), 141 ), 142 }, 143 ); 144 145 let mut key_parameters = key_characteristics_to_internal(key_characteristics); 146 147 key_parameters.push(KsKeyParam::new( 148 KsKeyParamValue::UserID(user_id as i32), 149 SecurityLevel::SOFTWARE, 150 )); 151 152 let creation_date = DateTime::now().context(ks_err!("Trying to make creation time."))?; 153 154 let key = match key.domain { 155 Domain::BLOB => KeyDescriptor { 156 domain: Domain::BLOB, 157 blob: Some(key_blob.to_vec()), 158 ..Default::default() 159 }, 160 _ => DB 161 .with::<_, Result<KeyDescriptor>>(|db| { 162 let mut db = db.borrow_mut(); 163 164 let (key_blob, mut blob_metadata) = SUPER_KEY 165 .read() 166 .unwrap() 167 .handle_super_encryption_on_key_init( 168 &mut db, 169 &LEGACY_IMPORTER, 170 &(key.domain), 171 &key_parameters, 172 flags, 173 user_id, 174 &key_blob, 175 ) 176 .context(ks_err!("Failed to handle super encryption."))?; 177 178 let mut key_metadata = KeyMetaData::new(); 179 key_metadata.add(KeyMetaEntry::CreationDate(creation_date)); 180 blob_metadata.add(BlobMetaEntry::KmUuid(self.km_uuid)); 181 182 let key_id = db 183 .store_new_key( 184 &key, 185 KeyType::Client, 186 &key_parameters, 187 &BlobInfo::new(&key_blob, &blob_metadata), 188 &cert_info, 189 &key_metadata, 190 &self.km_uuid, 191 ) 192 .context(ks_err!())?; 193 Ok(KeyDescriptor { 194 domain: Domain::KEY_ID, 195 nspace: key_id.id(), 196 ..Default::default() 197 }) 198 }) 199 .context(ks_err!())?, 200 }; 201 202 Ok(KeyMetadata { 203 key, 204 keySecurityLevel: self.security_level, 205 certificate: cert_info.take_cert(), 206 certificateChain: cert_info.take_cert_chain(), 207 authorizations: crate::utils::key_parameters_to_authorizations(key_parameters), 208 modificationTimeMs: creation_date.to_millis_epoch(), 209 }) 210 } 211 create_operation( &self, key: &KeyDescriptor, operation_parameters: &[KeyParameter], forced: bool, ) -> Result<CreateOperationResponse>212 fn create_operation( 213 &self, 214 key: &KeyDescriptor, 215 operation_parameters: &[KeyParameter], 216 forced: bool, 217 ) -> Result<CreateOperationResponse> { 218 let caller_uid = ThreadState::get_calling_uid(); 219 // We use `scoping_blob` to extend the life cycle of the blob loaded from the database, 220 // so that we can use it by reference like the blob provided by the key descriptor. 221 // Otherwise, we would have to clone the blob from the key descriptor. 222 let scoping_blob: Vec<u8>; 223 let (km_blob, key_properties, key_id_guard, blob_metadata) = match key.domain { 224 Domain::BLOB => { 225 check_key_permission(KeyPerm::Use, key, &None) 226 .context(ks_err!("checking use permission for Domain::BLOB."))?; 227 if forced { 228 check_key_permission(KeyPerm::ReqForcedOp, key, &None) 229 .context(ks_err!("checking forced permission for Domain::BLOB."))?; 230 } 231 ( 232 match &key.blob { 233 Some(blob) => blob, 234 None => { 235 return Err(Error::sys()).context(ks_err!( 236 "Key blob must be specified when \ 237 using Domain::BLOB." 238 )); 239 } 240 }, 241 None, 242 None, 243 BlobMetaData::new(), 244 ) 245 } 246 _ => { 247 let super_key = SUPER_KEY 248 .read() 249 .unwrap() 250 .get_per_boot_key_by_user_id(uid_to_android_user(caller_uid)); 251 let (key_id_guard, mut key_entry) = DB 252 .with::<_, Result<(KeyIdGuard, KeyEntry)>>(|db| { 253 LEGACY_IMPORTER.with_try_import(key, caller_uid, super_key, || { 254 db.borrow_mut().load_key_entry( 255 key, 256 KeyType::Client, 257 KeyEntryLoadBits::KM, 258 caller_uid, 259 |k, av| { 260 check_key_permission(KeyPerm::Use, k, &av)?; 261 if forced { 262 check_key_permission(KeyPerm::ReqForcedOp, k, &av)?; 263 } 264 Ok(()) 265 }, 266 ) 267 }) 268 }) 269 .context(ks_err!("Failed to load key blob."))?; 270 271 let (blob, blob_metadata) = 272 key_entry.take_key_blob_info().ok_or_else(Error::sys).context(ks_err!( 273 "Successfully loaded key entry, \ 274 but KM blob was missing." 275 ))?; 276 scoping_blob = blob; 277 278 ( 279 &scoping_blob, 280 Some((key_id_guard.id(), key_entry.into_key_parameters())), 281 Some(key_id_guard), 282 blob_metadata, 283 ) 284 } 285 }; 286 287 let purpose = operation_parameters.iter().find(|p| p.tag == Tag::PURPOSE).map_or( 288 Err(Error::Km(ErrorCode::INVALID_ARGUMENT)) 289 .context(ks_err!("No operation purpose specified.")), 290 |kp| match kp.value { 291 KeyParameterValue::KeyPurpose(p) => Ok(p), 292 _ => Err(Error::Km(ErrorCode::INVALID_ARGUMENT)) 293 .context(ks_err!("Malformed KeyParameter.")), 294 }, 295 )?; 296 297 // Remove Tag::PURPOSE from the operation_parameters, since some keymaster devices return 298 // an error on begin() if Tag::PURPOSE is in the operation_parameters. 299 let op_params: Vec<KeyParameter> = 300 operation_parameters.iter().filter(|p| p.tag != Tag::PURPOSE).cloned().collect(); 301 let operation_parameters = op_params.as_slice(); 302 303 let (immediate_hat, mut auth_info) = ENFORCEMENTS 304 .authorize_create( 305 purpose, 306 key_properties.as_ref(), 307 operation_parameters.as_ref(), 308 self.hw_info.timestampTokenRequired, 309 ) 310 .context(ks_err!())?; 311 312 let km_blob = SUPER_KEY 313 .read() 314 .unwrap() 315 .unwrap_key_if_required(&blob_metadata, km_blob) 316 .context(ks_err!("Failed to handle super encryption."))?; 317 318 let (begin_result, upgraded_blob) = self 319 .upgrade_keyblob_if_required_with( 320 &*self.keymint, 321 key_id_guard, 322 &km_blob, 323 blob_metadata.km_uuid().copied(), 324 operation_parameters, 325 |blob| loop { 326 match map_km_error({ 327 let _wp = self.watch_millis( 328 "In KeystoreSecurityLevel::create_operation: calling begin", 329 500, 330 ); 331 self.keymint.begin( 332 purpose, 333 blob, 334 operation_parameters, 335 immediate_hat.as_ref(), 336 ) 337 }) { 338 Err(Error::Km(ErrorCode::TOO_MANY_OPERATIONS)) => { 339 self.operation_db.prune(caller_uid, forced)?; 340 continue; 341 } 342 v @ Err(Error::Km(ErrorCode::INVALID_KEY_BLOB)) => { 343 if let Some((key_id, _)) = key_properties { 344 if let Ok(Some(key)) = 345 DB.with(|db| db.borrow_mut().load_key_descriptor(key_id)) 346 { 347 log_key_integrity_violation(&key); 348 } else { 349 log::error!("Failed to load key descriptor for audit log"); 350 } 351 } 352 return v; 353 } 354 v => return v, 355 } 356 }, 357 ) 358 .context(ks_err!("Failed to begin operation."))?; 359 360 let operation_challenge = auth_info.finalize_create_authorization(begin_result.challenge); 361 362 let op_params: Vec<KeyParameter> = operation_parameters.to_vec(); 363 364 let operation = match begin_result.operation { 365 Some(km_op) => self.operation_db.create_operation( 366 km_op, 367 caller_uid, 368 auth_info, 369 forced, 370 LoggingInfo::new(self.security_level, purpose, op_params, upgraded_blob.is_some()), 371 ), 372 None => { 373 return Err(Error::sys()).context(ks_err!( 374 "Begin operation returned successfully, \ 375 but did not return a valid operation." 376 )); 377 } 378 }; 379 380 let op_binder: binder::Strong<dyn IKeystoreOperation> = 381 KeystoreOperation::new_native_binder(operation) 382 .as_binder() 383 .into_interface() 384 .context(ks_err!("Failed to create IKeystoreOperation."))?; 385 386 Ok(CreateOperationResponse { 387 iOperation: Some(op_binder), 388 operationChallenge: operation_challenge, 389 parameters: match begin_result.params.len() { 390 0 => None, 391 _ => Some(KeyParameters { keyParameter: begin_result.params }), 392 }, 393 // An upgraded blob should only be returned if the caller has permission 394 // to use Domain::BLOB keys. If we got to this point, we already checked 395 // that the caller had that permission. 396 upgradedBlob: if key.domain == Domain::BLOB { upgraded_blob } else { None }, 397 }) 398 } 399 add_required_parameters( &self, uid: u32, params: &[KeyParameter], key: &KeyDescriptor, ) -> Result<Vec<KeyParameter>>400 fn add_required_parameters( 401 &self, 402 uid: u32, 403 params: &[KeyParameter], 404 key: &KeyDescriptor, 405 ) -> Result<Vec<KeyParameter>> { 406 let mut result = params.to_vec(); 407 408 // Unconditionally add the CREATION_DATETIME tag and prevent callers from 409 // specifying it. 410 if params.iter().any(|kp| kp.tag == Tag::CREATION_DATETIME) { 411 return Err(Error::Rc(ResponseCode::INVALID_ARGUMENT)).context(ks_err!( 412 "KeystoreSecurityLevel::add_required_parameters: \ 413 Specifying Tag::CREATION_DATETIME is not allowed." 414 )); 415 } 416 417 // Add CREATION_DATETIME only if the backend version Keymint V1 (100) or newer. 418 if self.hw_info.versionNumber >= 100 { 419 result.push(KeyParameter { 420 tag: Tag::CREATION_DATETIME, 421 value: KeyParameterValue::DateTime( 422 SystemTime::now() 423 .duration_since(SystemTime::UNIX_EPOCH) 424 .context(ks_err!( 425 "KeystoreSecurityLevel::add_required_parameters: \ 426 Failed to get epoch time." 427 ))? 428 .as_millis() 429 .try_into() 430 .context(ks_err!( 431 "KeystoreSecurityLevel::add_required_parameters: \ 432 Failed to convert epoch time." 433 ))?, 434 ), 435 }); 436 } 437 438 // If there is an attestation challenge we need to get an application id. 439 if params.iter().any(|kp| kp.tag == Tag::ATTESTATION_CHALLENGE) { 440 let aaid = { 441 let _wp = self.watch_millis( 442 "In KeystoreSecurityLevel::add_required_parameters calling: get_aaid", 443 500, 444 ); 445 keystore2_aaid::get_aaid(uid) 446 .map_err(|e| anyhow!(ks_err!("get_aaid returned status {}.", e))) 447 }?; 448 449 result.push(KeyParameter { 450 tag: Tag::ATTESTATION_APPLICATION_ID, 451 value: KeyParameterValue::Blob(aaid), 452 }); 453 } 454 455 if params.iter().any(|kp| kp.tag == Tag::INCLUDE_UNIQUE_ID) { 456 if check_key_permission(KeyPerm::GenUniqueId, key, &None).is_err() 457 && check_unique_id_attestation_permissions().is_err() 458 { 459 return Err(Error::perm()).context(ks_err!( 460 "Caller does not have the permission to generate a unique ID" 461 )); 462 } 463 if self 464 .id_rotation_state 465 .had_factory_reset_since_id_rotation() 466 .context(ks_err!("Call to had_factory_reset_since_id_rotation failed."))? 467 { 468 result.push(KeyParameter { 469 tag: Tag::RESET_SINCE_ID_ROTATION, 470 value: KeyParameterValue::BoolValue(true), 471 }) 472 } 473 } 474 475 // If the caller requests any device identifier attestation tag, check that they hold the 476 // correct Android permission. 477 if params.iter().any(|kp| is_device_id_attestation_tag(kp.tag)) { 478 check_device_attestation_permissions().context(ks_err!( 479 "Caller does not have the permission to attest device identifiers." 480 ))?; 481 } 482 483 // If we are generating/importing an asymmetric key, we need to make sure 484 // that NOT_BEFORE and NOT_AFTER are present. 485 match params.iter().find(|kp| kp.tag == Tag::ALGORITHM) { 486 Some(KeyParameter { tag: _, value: KeyParameterValue::Algorithm(Algorithm::RSA) }) 487 | Some(KeyParameter { tag: _, value: KeyParameterValue::Algorithm(Algorithm::EC) }) => { 488 if !params.iter().any(|kp| kp.tag == Tag::CERTIFICATE_NOT_BEFORE) { 489 result.push(KeyParameter { 490 tag: Tag::CERTIFICATE_NOT_BEFORE, 491 value: KeyParameterValue::DateTime(0), 492 }) 493 } 494 if !params.iter().any(|kp| kp.tag == Tag::CERTIFICATE_NOT_AFTER) { 495 result.push(KeyParameter { 496 tag: Tag::CERTIFICATE_NOT_AFTER, 497 value: KeyParameterValue::DateTime(UNDEFINED_NOT_AFTER), 498 }) 499 } 500 } 501 _ => {} 502 } 503 Ok(result) 504 } 505 generate_key( &self, key: &KeyDescriptor, attest_key_descriptor: Option<&KeyDescriptor>, params: &[KeyParameter], flags: i32, _entropy: &[u8], ) -> Result<KeyMetadata>506 fn generate_key( 507 &self, 508 key: &KeyDescriptor, 509 attest_key_descriptor: Option<&KeyDescriptor>, 510 params: &[KeyParameter], 511 flags: i32, 512 _entropy: &[u8], 513 ) -> Result<KeyMetadata> { 514 if key.domain != Domain::BLOB && key.alias.is_none() { 515 return Err(error::Error::Km(ErrorCode::INVALID_ARGUMENT)) 516 .context(ks_err!("Alias must be specified")); 517 } 518 let caller_uid = ThreadState::get_calling_uid(); 519 520 let key = match key.domain { 521 Domain::APP => KeyDescriptor { 522 domain: key.domain, 523 nspace: caller_uid as i64, 524 alias: key.alias.clone(), 525 blob: None, 526 }, 527 _ => key.clone(), 528 }; 529 530 // generate_key requires the rebind permission. 531 // Must return on error for security reasons. 532 check_key_permission(KeyPerm::Rebind, &key, &None).context(ks_err!())?; 533 534 let attestation_key_info = match (key.domain, attest_key_descriptor) { 535 (Domain::BLOB, _) => None, 536 _ => DB 537 .with(|db| { 538 get_attest_key_info( 539 &key, 540 caller_uid, 541 attest_key_descriptor, 542 params, 543 &self.rem_prov_state, 544 &mut db.borrow_mut(), 545 ) 546 }) 547 .context(ks_err!("Trying to get an attestation key"))?, 548 }; 549 let params = self 550 .add_required_parameters(caller_uid, params, &key) 551 .context(ks_err!("Trying to get aaid."))?; 552 553 let creation_result = match attestation_key_info { 554 Some(AttestationKeyInfo::UserGenerated { 555 key_id_guard, 556 blob, 557 blob_metadata, 558 issuer_subject, 559 }) => self 560 .upgrade_keyblob_if_required_with( 561 &*self.keymint, 562 Some(key_id_guard), 563 &KeyBlob::Ref(&blob), 564 blob_metadata.km_uuid().copied(), 565 ¶ms, 566 |blob| { 567 let attest_key = Some(AttestationKey { 568 keyBlob: blob.to_vec(), 569 attestKeyParams: vec![], 570 issuerSubjectName: issuer_subject.clone(), 571 }); 572 map_km_error({ 573 let _wp = self.watch_millis( 574 concat!( 575 "In KeystoreSecurityLevel::generate_key (UserGenerated): ", 576 "calling generate_key." 577 ), 578 5000, // Generate can take a little longer. 579 ); 580 self.keymint.generateKey(¶ms, attest_key.as_ref()) 581 }) 582 }, 583 ) 584 .context(ks_err!("Using user generated attestation key.")) 585 .map(|(result, _)| result), 586 Some(AttestationKeyInfo::RkpdProvisioned { attestation_key, attestation_certs }) => { 587 self.upgrade_rkpd_keyblob_if_required_with(&attestation_key.keyBlob, &[], |blob| { 588 map_km_error({ 589 let _wp = self.watch_millis( 590 concat!( 591 "In KeystoreSecurityLevel::generate_key (RkpdProvisioned): ", 592 "calling generate_key.", 593 ), 594 5000, // Generate can take a little longer. 595 ); 596 let dynamic_attest_key = Some(AttestationKey { 597 keyBlob: blob.to_vec(), 598 attestKeyParams: vec![], 599 issuerSubjectName: attestation_key.issuerSubjectName.clone(), 600 }); 601 self.keymint.generateKey(¶ms, dynamic_attest_key.as_ref()) 602 }) 603 }) 604 .context(ks_err!("While generating Key with remote provisioned attestation key.")) 605 .map(|(mut result, _)| { 606 result.certificateChain.push(attestation_certs); 607 result 608 }) 609 } 610 None => map_km_error({ 611 let _wp = self.watch_millis( 612 concat!( 613 "In KeystoreSecurityLevel::generate_key (No attestation): ", 614 "calling generate_key.", 615 ), 616 5000, // Generate can take a little longer. 617 ); 618 self.keymint.generateKey(¶ms, None) 619 }) 620 .context(ks_err!("While generating Key without explicit attestation key.")), 621 } 622 .context(ks_err!())?; 623 624 let user_id = uid_to_android_user(caller_uid); 625 self.store_new_key(key, creation_result, user_id, Some(flags)).context(ks_err!()) 626 } 627 import_key( &self, key: &KeyDescriptor, _attestation_key: Option<&KeyDescriptor>, params: &[KeyParameter], flags: i32, key_data: &[u8], ) -> Result<KeyMetadata>628 fn import_key( 629 &self, 630 key: &KeyDescriptor, 631 _attestation_key: Option<&KeyDescriptor>, 632 params: &[KeyParameter], 633 flags: i32, 634 key_data: &[u8], 635 ) -> Result<KeyMetadata> { 636 if key.domain != Domain::BLOB && key.alias.is_none() { 637 return Err(error::Error::Km(ErrorCode::INVALID_ARGUMENT)) 638 .context(ks_err!("Alias must be specified")); 639 } 640 let caller_uid = ThreadState::get_calling_uid(); 641 642 let key = match key.domain { 643 Domain::APP => KeyDescriptor { 644 domain: key.domain, 645 nspace: caller_uid as i64, 646 alias: key.alias.clone(), 647 blob: None, 648 }, 649 _ => key.clone(), 650 }; 651 652 // import_key requires the rebind permission. 653 check_key_permission(KeyPerm::Rebind, &key, &None).context(ks_err!("In import_key."))?; 654 655 let params = self 656 .add_required_parameters(caller_uid, params, &key) 657 .context(ks_err!("Trying to get aaid."))?; 658 659 let format = params 660 .iter() 661 .find(|p| p.tag == Tag::ALGORITHM) 662 .ok_or(error::Error::Km(ErrorCode::INVALID_ARGUMENT)) 663 .context(ks_err!("No KeyParameter 'Algorithm'.")) 664 .and_then(|p| match &p.value { 665 KeyParameterValue::Algorithm(Algorithm::AES) 666 | KeyParameterValue::Algorithm(Algorithm::HMAC) 667 | KeyParameterValue::Algorithm(Algorithm::TRIPLE_DES) => Ok(KeyFormat::RAW), 668 KeyParameterValue::Algorithm(Algorithm::RSA) 669 | KeyParameterValue::Algorithm(Algorithm::EC) => Ok(KeyFormat::PKCS8), 670 v => Err(error::Error::Km(ErrorCode::INVALID_ARGUMENT)) 671 .context(ks_err!("Unknown Algorithm {:?}.", v)), 672 }) 673 .context(ks_err!())?; 674 675 let km_dev = &self.keymint; 676 let creation_result = map_km_error({ 677 let _wp = 678 self.watch_millis("In KeystoreSecurityLevel::import_key: calling importKey.", 500); 679 km_dev.importKey(¶ms, format, key_data, None /* attestKey */) 680 }) 681 .context(ks_err!("Trying to call importKey"))?; 682 683 let user_id = uid_to_android_user(caller_uid); 684 self.store_new_key(key, creation_result, user_id, Some(flags)).context(ks_err!()) 685 } 686 import_wrapped_key( &self, key: &KeyDescriptor, wrapping_key: &KeyDescriptor, masking_key: Option<&[u8]>, params: &[KeyParameter], authenticators: &[AuthenticatorSpec], ) -> Result<KeyMetadata>687 fn import_wrapped_key( 688 &self, 689 key: &KeyDescriptor, 690 wrapping_key: &KeyDescriptor, 691 masking_key: Option<&[u8]>, 692 params: &[KeyParameter], 693 authenticators: &[AuthenticatorSpec], 694 ) -> Result<KeyMetadata> { 695 let wrapped_data: &[u8] = match key { 696 KeyDescriptor { domain: Domain::APP, blob: Some(ref blob), alias: Some(_), .. } 697 | KeyDescriptor { 698 domain: Domain::SELINUX, blob: Some(ref blob), alias: Some(_), .. 699 } => blob, 700 _ => { 701 return Err(error::Error::Km(ErrorCode::INVALID_ARGUMENT)).context(ks_err!( 702 "Alias and blob must be specified and domain must be APP or SELINUX. {:?}", 703 key 704 )); 705 } 706 }; 707 708 if wrapping_key.domain == Domain::BLOB { 709 return Err(error::Error::Km(ErrorCode::INVALID_ARGUMENT)) 710 .context(ks_err!("Import wrapped key not supported for self managed blobs.")); 711 } 712 713 let caller_uid = ThreadState::get_calling_uid(); 714 let user_id = uid_to_android_user(caller_uid); 715 716 let key = match key.domain { 717 Domain::APP => KeyDescriptor { 718 domain: key.domain, 719 nspace: caller_uid as i64, 720 alias: key.alias.clone(), 721 blob: None, 722 }, 723 Domain::SELINUX => KeyDescriptor { 724 domain: Domain::SELINUX, 725 nspace: key.nspace, 726 alias: key.alias.clone(), 727 blob: None, 728 }, 729 _ => panic!("Unreachable."), 730 }; 731 732 // Import_wrapped_key requires the rebind permission for the new key. 733 check_key_permission(KeyPerm::Rebind, &key, &None).context(ks_err!())?; 734 735 let super_key = SUPER_KEY.read().unwrap().get_per_boot_key_by_user_id(user_id); 736 737 let (wrapping_key_id_guard, mut wrapping_key_entry) = DB 738 .with(|db| { 739 LEGACY_IMPORTER.with_try_import(&key, caller_uid, super_key, || { 740 db.borrow_mut().load_key_entry( 741 wrapping_key, 742 KeyType::Client, 743 KeyEntryLoadBits::KM, 744 caller_uid, 745 |k, av| check_key_permission(KeyPerm::Use, k, &av), 746 ) 747 }) 748 }) 749 .context(ks_err!("Failed to load wrapping key."))?; 750 751 let (wrapping_key_blob, wrapping_blob_metadata) = 752 wrapping_key_entry.take_key_blob_info().ok_or_else(error::Error::sys).context( 753 ks_err!("No km_blob after successfully loading key. This should never happen."), 754 )?; 755 756 let wrapping_key_blob = SUPER_KEY 757 .read() 758 .unwrap() 759 .unwrap_key_if_required(&wrapping_blob_metadata, &wrapping_key_blob) 760 .context(ks_err!("Failed to handle super encryption for wrapping key."))?; 761 762 // km_dev.importWrappedKey does not return a certificate chain. 763 // TODO Do we assume that all wrapped keys are symmetric? 764 // let certificate_chain: Vec<KmCertificate> = Default::default(); 765 766 let pw_sid = authenticators 767 .iter() 768 .find_map(|a| match a.authenticatorType { 769 HardwareAuthenticatorType::PASSWORD => Some(a.authenticatorId), 770 _ => None, 771 }) 772 .unwrap_or(-1); 773 774 let fp_sid = authenticators 775 .iter() 776 .find_map(|a| match a.authenticatorType { 777 HardwareAuthenticatorType::FINGERPRINT => Some(a.authenticatorId), 778 _ => None, 779 }) 780 .unwrap_or(-1); 781 782 let masking_key = masking_key.unwrap_or(ZERO_BLOB_32); 783 784 let (creation_result, _) = self 785 .upgrade_keyblob_if_required_with( 786 &*self.keymint, 787 Some(wrapping_key_id_guard), 788 &wrapping_key_blob, 789 wrapping_blob_metadata.km_uuid().copied(), 790 &[], 791 |wrapping_blob| { 792 let _wp = self.watch_millis( 793 "In KeystoreSecurityLevel::import_wrapped_key: calling importWrappedKey.", 794 500, 795 ); 796 let creation_result = map_km_error(self.keymint.importWrappedKey( 797 wrapped_data, 798 wrapping_blob, 799 masking_key, 800 params, 801 pw_sid, 802 fp_sid, 803 ))?; 804 Ok(creation_result) 805 }, 806 ) 807 .context(ks_err!())?; 808 809 self.store_new_key(key, creation_result, user_id, None) 810 .context(ks_err!("Trying to store the new key.")) 811 } 812 store_upgraded_keyblob( key_id_guard: KeyIdGuard, km_uuid: Option<Uuid>, key_blob: &KeyBlob, upgraded_blob: &[u8], ) -> Result<()>813 fn store_upgraded_keyblob( 814 key_id_guard: KeyIdGuard, 815 km_uuid: Option<Uuid>, 816 key_blob: &KeyBlob, 817 upgraded_blob: &[u8], 818 ) -> Result<()> { 819 let (upgraded_blob_to_be_stored, new_blob_metadata) = 820 SuperKeyManager::reencrypt_if_required(key_blob, upgraded_blob) 821 .context(ks_err!("Failed to handle super encryption."))?; 822 823 let mut new_blob_metadata = new_blob_metadata.unwrap_or_default(); 824 if let Some(uuid) = km_uuid { 825 new_blob_metadata.add(BlobMetaEntry::KmUuid(uuid)); 826 } 827 828 DB.with(|db| { 829 let mut db = db.borrow_mut(); 830 db.set_blob( 831 &key_id_guard, 832 SubComponentType::KEY_BLOB, 833 Some(&upgraded_blob_to_be_stored), 834 Some(&new_blob_metadata), 835 ) 836 }) 837 .context(ks_err!("Failed to insert upgraded blob into the database.")) 838 } 839 upgrade_keyblob_if_required_with<T, F>( &self, km_dev: &dyn IKeyMintDevice, mut key_id_guard: Option<KeyIdGuard>, key_blob: &KeyBlob, km_uuid: Option<Uuid>, params: &[KeyParameter], f: F, ) -> Result<(T, Option<Vec<u8>>)> where F: Fn(&[u8]) -> Result<T, Error>,840 fn upgrade_keyblob_if_required_with<T, F>( 841 &self, 842 km_dev: &dyn IKeyMintDevice, 843 mut key_id_guard: Option<KeyIdGuard>, 844 key_blob: &KeyBlob, 845 km_uuid: Option<Uuid>, 846 params: &[KeyParameter], 847 f: F, 848 ) -> Result<(T, Option<Vec<u8>>)> 849 where 850 F: Fn(&[u8]) -> Result<T, Error>, 851 { 852 let (v, upgraded_blob) = crate::utils::upgrade_keyblob_if_required_with( 853 km_dev, 854 key_blob, 855 params, 856 f, 857 |upgraded_blob| { 858 if key_id_guard.is_some() { 859 // Unwrap cannot panic, because the is_some was true. 860 let kid = key_id_guard.take().unwrap(); 861 Self::store_upgraded_keyblob(kid, km_uuid, key_blob, upgraded_blob) 862 .context(ks_err!("store_upgraded_keyblob failed")) 863 } else { 864 Ok(()) 865 } 866 }, 867 ) 868 .context(ks_err!())?; 869 870 // If no upgrade was needed, use the opportunity to reencrypt the blob if required 871 // and if the a key_id_guard is held. Note: key_id_guard can only be Some if no 872 // upgrade was performed above and if one was given in the first place. 873 if key_blob.force_reencrypt() { 874 if let Some(kid) = key_id_guard { 875 Self::store_upgraded_keyblob(kid, km_uuid, key_blob, key_blob) 876 .context(ks_err!("store_upgraded_keyblob failed in forced reencrypt"))?; 877 } 878 } 879 Ok((v, upgraded_blob)) 880 } 881 upgrade_rkpd_keyblob_if_required_with<T, F>( &self, key_blob: &[u8], params: &[KeyParameter], f: F, ) -> Result<(T, Option<Vec<u8>>)> where F: Fn(&[u8]) -> Result<T, Error>,882 fn upgrade_rkpd_keyblob_if_required_with<T, F>( 883 &self, 884 key_blob: &[u8], 885 params: &[KeyParameter], 886 f: F, 887 ) -> Result<(T, Option<Vec<u8>>)> 888 where 889 F: Fn(&[u8]) -> Result<T, Error>, 890 { 891 crate::utils::upgrade_keyblob_if_required_with( 892 &*self.keymint, 893 key_blob, 894 params, 895 f, 896 |upgraded_blob| { 897 store_rkpd_attestation_key(&self.security_level, key_blob, upgraded_blob) 898 .context(ks_err!("Failed store_rkpd_attestation_key().")) 899 }, 900 ) 901 .context(ks_err!()) 902 } 903 convert_storage_key_to_ephemeral( &self, storage_key: &KeyDescriptor, ) -> Result<EphemeralStorageKeyResponse>904 fn convert_storage_key_to_ephemeral( 905 &self, 906 storage_key: &KeyDescriptor, 907 ) -> Result<EphemeralStorageKeyResponse> { 908 if storage_key.domain != Domain::BLOB { 909 return Err(error::Error::Km(ErrorCode::INVALID_ARGUMENT)) 910 .context(ks_err!("Key must be of Domain::BLOB")); 911 } 912 let key_blob = storage_key 913 .blob 914 .as_ref() 915 .ok_or(error::Error::Km(ErrorCode::INVALID_ARGUMENT)) 916 .context(ks_err!("No key blob specified"))?; 917 918 // convert_storage_key_to_ephemeral requires the associated permission 919 check_key_permission(KeyPerm::ConvertStorageKeyToEphemeral, storage_key, &None) 920 .context(ks_err!("Check permission"))?; 921 922 let km_dev = &self.keymint; 923 match { 924 let _wp = self.watch_millis( 925 concat!( 926 "In IKeystoreSecurityLevel::convert_storage_key_to_ephemeral: ", 927 "calling convertStorageKeyToEphemeral (1)" 928 ), 929 500, 930 ); 931 map_km_error(km_dev.convertStorageKeyToEphemeral(key_blob)) 932 } { 933 Ok(result) => { 934 Ok(EphemeralStorageKeyResponse { ephemeralKey: result, upgradedBlob: None }) 935 } 936 Err(error::Error::Km(ErrorCode::KEY_REQUIRES_UPGRADE)) => { 937 let upgraded_blob = { 938 let _wp = self.watch_millis( 939 "In convert_storage_key_to_ephemeral: calling upgradeKey", 940 500, 941 ); 942 map_km_error(km_dev.upgradeKey(key_blob, &[])) 943 } 944 .context(ks_err!("Failed to upgrade key blob."))?; 945 let ephemeral_key = { 946 let _wp = self.watch_millis( 947 "In convert_storage_key_to_ephemeral: calling convertStorageKeyToEphemeral (2)", 948 500, 949 ); 950 map_km_error(km_dev.convertStorageKeyToEphemeral(&upgraded_blob)) 951 } 952 .context(ks_err!( 953 "Failed to retrieve ephemeral key (after upgrade)." 954 ))?; 955 Ok(EphemeralStorageKeyResponse { 956 ephemeralKey: ephemeral_key, 957 upgradedBlob: Some(upgraded_blob), 958 }) 959 } 960 Err(e) => Err(e).context(ks_err!("Failed to retrieve ephemeral key.")), 961 } 962 } 963 delete_key(&self, key: &KeyDescriptor) -> Result<()>964 fn delete_key(&self, key: &KeyDescriptor) -> Result<()> { 965 if key.domain != Domain::BLOB { 966 return Err(error::Error::Km(ErrorCode::INVALID_ARGUMENT)) 967 .context(ks_err!("delete_key: Key must be of Domain::BLOB")); 968 } 969 970 let key_blob = key 971 .blob 972 .as_ref() 973 .ok_or(error::Error::Km(ErrorCode::INVALID_ARGUMENT)) 974 .context(ks_err!("delete_key: No key blob specified"))?; 975 976 check_key_permission(KeyPerm::Delete, key, &None) 977 .context(ks_err!("delete_key: Checking delete permissions"))?; 978 979 let km_dev = &self.keymint; 980 { 981 let _wp = 982 self.watch_millis("In KeystoreSecuritylevel::delete_key: calling deleteKey", 500); 983 map_km_error(km_dev.deleteKey(key_blob)).context(ks_err!("keymint device deleteKey")) 984 } 985 } 986 } 987 988 impl binder::Interface for KeystoreSecurityLevel {} 989 990 impl IKeystoreSecurityLevel for KeystoreSecurityLevel { createOperation( &self, key: &KeyDescriptor, operation_parameters: &[KeyParameter], forced: bool, ) -> binder::Result<CreateOperationResponse>991 fn createOperation( 992 &self, 993 key: &KeyDescriptor, 994 operation_parameters: &[KeyParameter], 995 forced: bool, 996 ) -> binder::Result<CreateOperationResponse> { 997 let _wp = self.watch_millis("IKeystoreSecurityLevel::createOperation", 500); 998 map_or_log_err(self.create_operation(key, operation_parameters, forced), Ok) 999 } generateKey( &self, key: &KeyDescriptor, attestation_key: Option<&KeyDescriptor>, params: &[KeyParameter], flags: i32, entropy: &[u8], ) -> binder::Result<KeyMetadata>1000 fn generateKey( 1001 &self, 1002 key: &KeyDescriptor, 1003 attestation_key: Option<&KeyDescriptor>, 1004 params: &[KeyParameter], 1005 flags: i32, 1006 entropy: &[u8], 1007 ) -> binder::Result<KeyMetadata> { 1008 // Duration is set to 5 seconds, because generateKey - especially for RSA keys, takes more 1009 // time than other operations 1010 let _wp = self.watch_millis("IKeystoreSecurityLevel::generateKey", 5000); 1011 let result = self.generate_key(key, attestation_key, params, flags, entropy); 1012 log_key_creation_event_stats(self.security_level, params, &result); 1013 log_key_generated(key, ThreadState::get_calling_uid(), result.is_ok()); 1014 map_or_log_err(result, Ok) 1015 } importKey( &self, key: &KeyDescriptor, attestation_key: Option<&KeyDescriptor>, params: &[KeyParameter], flags: i32, key_data: &[u8], ) -> binder::Result<KeyMetadata>1016 fn importKey( 1017 &self, 1018 key: &KeyDescriptor, 1019 attestation_key: Option<&KeyDescriptor>, 1020 params: &[KeyParameter], 1021 flags: i32, 1022 key_data: &[u8], 1023 ) -> binder::Result<KeyMetadata> { 1024 let _wp = self.watch_millis("IKeystoreSecurityLevel::importKey", 500); 1025 let result = self.import_key(key, attestation_key, params, flags, key_data); 1026 log_key_creation_event_stats(self.security_level, params, &result); 1027 log_key_imported(key, ThreadState::get_calling_uid(), result.is_ok()); 1028 map_or_log_err(result, Ok) 1029 } importWrappedKey( &self, key: &KeyDescriptor, wrapping_key: &KeyDescriptor, masking_key: Option<&[u8]>, params: &[KeyParameter], authenticators: &[AuthenticatorSpec], ) -> binder::Result<KeyMetadata>1030 fn importWrappedKey( 1031 &self, 1032 key: &KeyDescriptor, 1033 wrapping_key: &KeyDescriptor, 1034 masking_key: Option<&[u8]>, 1035 params: &[KeyParameter], 1036 authenticators: &[AuthenticatorSpec], 1037 ) -> binder::Result<KeyMetadata> { 1038 let _wp = self.watch_millis("IKeystoreSecurityLevel::importWrappedKey", 500); 1039 let result = 1040 self.import_wrapped_key(key, wrapping_key, masking_key, params, authenticators); 1041 log_key_creation_event_stats(self.security_level, params, &result); 1042 log_key_imported(key, ThreadState::get_calling_uid(), result.is_ok()); 1043 map_or_log_err(result, Ok) 1044 } convertStorageKeyToEphemeral( &self, storage_key: &KeyDescriptor, ) -> binder::Result<EphemeralStorageKeyResponse>1045 fn convertStorageKeyToEphemeral( 1046 &self, 1047 storage_key: &KeyDescriptor, 1048 ) -> binder::Result<EphemeralStorageKeyResponse> { 1049 let _wp = self.watch_millis("IKeystoreSecurityLevel::convertStorageKeyToEphemeral", 500); 1050 map_or_log_err(self.convert_storage_key_to_ephemeral(storage_key), Ok) 1051 } deleteKey(&self, key: &KeyDescriptor) -> binder::Result<()>1052 fn deleteKey(&self, key: &KeyDescriptor) -> binder::Result<()> { 1053 let _wp = self.watch_millis("IKeystoreSecurityLevel::deleteKey", 500); 1054 let result = self.delete_key(key); 1055 log_key_deleted(key, ThreadState::get_calling_uid(), result.is_ok()); 1056 map_or_log_err(result, Ok) 1057 } 1058 } 1059