1 // Copyright 2020, The Android Open Source Project 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 use crate::{ 16 boot_level_keys::{get_level_zero_key, BootLevelKeyCache}, 17 database::BlobMetaData, 18 database::BlobMetaEntry, 19 database::EncryptedBy, 20 database::KeyEntry, 21 database::KeyType, 22 database::{KeyEntryLoadBits, KeyIdGuard, KeyMetaData, KeyMetaEntry, KeystoreDB}, 23 ec_crypto::ECDHPrivateKey, 24 enforcements::Enforcements, 25 error::Error, 26 error::ResponseCode, 27 key_parameter::{KeyParameter, KeyParameterValue}, 28 ks_err, 29 legacy_importer::LegacyImporter, 30 raw_device::KeyMintDevice, 31 utils::{watchdog as wd, AesGcm, AID_KEYSTORE}, 32 }; 33 use android_hardware_security_keymint::aidl::android::hardware::security::keymint::{ 34 Algorithm::Algorithm, BlockMode::BlockMode, HardwareAuthToken::HardwareAuthToken, 35 HardwareAuthenticatorType::HardwareAuthenticatorType, KeyFormat::KeyFormat, 36 KeyParameter::KeyParameter as KmKeyParameter, KeyPurpose::KeyPurpose, PaddingMode::PaddingMode, 37 SecurityLevel::SecurityLevel, 38 }; 39 use android_system_keystore2::aidl::android::system::keystore2::{ 40 Domain::Domain, KeyDescriptor::KeyDescriptor, 41 }; 42 use anyhow::{Context, Result}; 43 use keystore2_crypto::{ 44 aes_gcm_decrypt, aes_gcm_encrypt, generate_aes256_key, generate_salt, Password, ZVec, 45 AES_256_KEY_LENGTH, 46 }; 47 use rustutils::system_properties::PropertyWatcher; 48 use std::{ 49 collections::HashMap, 50 sync::Arc, 51 sync::{Mutex, RwLock, Weak}, 52 }; 53 use std::{convert::TryFrom, ops::Deref}; 54 55 const MAX_MAX_BOOT_LEVEL: usize = 1_000_000_000; 56 /// Allow up to 15 seconds between the user unlocking using a biometric, and the auth 57 /// token being used to unlock in [`SuperKeyManager::try_unlock_user_with_biometric`]. 58 /// This seems short enough for security purposes, while long enough that even the 59 /// very slowest device will present the auth token in time. 60 const BIOMETRIC_AUTH_TIMEOUT_S: i32 = 15; // seconds 61 62 type UserId = u32; 63 64 /// Encryption algorithm used by a particular type of superencryption key 65 #[derive(Debug, Clone, Copy, PartialEq, Eq)] 66 pub enum SuperEncryptionAlgorithm { 67 /// Symmetric encryption with AES-256-GCM 68 Aes256Gcm, 69 /// Public-key encryption with ECDH P-521 70 EcdhP521, 71 } 72 73 /// A particular user may have several superencryption keys in the database, each for a 74 /// different purpose, distinguished by alias. Each is associated with a static 75 /// constant of this type. 76 pub struct SuperKeyType<'a> { 77 /// Alias used to look up the key in the `persistent.keyentry` table. 78 pub alias: &'a str, 79 /// Encryption algorithm 80 pub algorithm: SuperEncryptionAlgorithm, 81 /// What to call this key in log messages. Not used for anything else. 82 pub name: &'a str, 83 } 84 85 /// The user's AfterFirstUnlock super key. This super key is loaded into memory when the user first 86 /// unlocks the device, and it remains in memory until the device reboots. This is used to encrypt 87 /// keys that require user authentication but not an unlocked device. 88 pub const USER_AFTER_FIRST_UNLOCK_SUPER_KEY: SuperKeyType = SuperKeyType { 89 alias: "USER_SUPER_KEY", 90 algorithm: SuperEncryptionAlgorithm::Aes256Gcm, 91 name: "AfterFirstUnlock super key", 92 }; 93 94 /// The user's UnlockedDeviceRequired symmetric super key. This super key is loaded into memory each 95 /// time the user unlocks the device, and it is cleared from memory each time the user locks the 96 /// device. This is used to encrypt keys that use the UnlockedDeviceRequired key parameter. 97 pub const USER_UNLOCKED_DEVICE_REQUIRED_SYMMETRIC_SUPER_KEY: SuperKeyType = SuperKeyType { 98 alias: "USER_SCREEN_LOCK_BOUND_KEY", 99 algorithm: SuperEncryptionAlgorithm::Aes256Gcm, 100 name: "UnlockedDeviceRequired symmetric super key", 101 }; 102 103 /// The user's UnlockedDeviceRequired asymmetric super key. This is used to allow, while the device 104 /// is locked, the creation of keys that use the UnlockedDeviceRequired key parameter. The private 105 /// part of this key is loaded and cleared when the symmetric key is loaded and cleared. 106 pub const USER_UNLOCKED_DEVICE_REQUIRED_P521_SUPER_KEY: SuperKeyType = SuperKeyType { 107 alias: "USER_SCREEN_LOCK_BOUND_P521_KEY", 108 algorithm: SuperEncryptionAlgorithm::EcdhP521, 109 name: "UnlockedDeviceRequired asymmetric super key", 110 }; 111 112 /// Superencryption to apply to a new key. 113 #[derive(Debug, Clone, Copy)] 114 pub enum SuperEncryptionType { 115 /// Do not superencrypt this key. 116 None, 117 /// Superencrypt with the AfterFirstUnlock super key. 118 AfterFirstUnlock, 119 /// Superencrypt with an UnlockedDeviceRequired super key. 120 UnlockedDeviceRequired, 121 /// Superencrypt with a key based on the desired boot level 122 BootLevel(i32), 123 } 124 125 #[derive(Debug, Clone, Copy)] 126 pub enum SuperKeyIdentifier { 127 /// id of the super key in the database. 128 DatabaseId(i64), 129 /// Boot level of the encrypting boot level key 130 BootLevel(i32), 131 } 132 133 impl SuperKeyIdentifier { from_metadata(metadata: &BlobMetaData) -> Option<Self>134 fn from_metadata(metadata: &BlobMetaData) -> Option<Self> { 135 if let Some(EncryptedBy::KeyId(key_id)) = metadata.encrypted_by() { 136 Some(SuperKeyIdentifier::DatabaseId(*key_id)) 137 } else { 138 metadata.max_boot_level().map(|boot_level| SuperKeyIdentifier::BootLevel(*boot_level)) 139 } 140 } 141 add_to_metadata(&self, metadata: &mut BlobMetaData)142 fn add_to_metadata(&self, metadata: &mut BlobMetaData) { 143 match self { 144 SuperKeyIdentifier::DatabaseId(id) => { 145 metadata.add(BlobMetaEntry::EncryptedBy(EncryptedBy::KeyId(*id))); 146 } 147 SuperKeyIdentifier::BootLevel(level) => { 148 metadata.add(BlobMetaEntry::MaxBootLevel(*level)); 149 } 150 } 151 } 152 } 153 154 pub struct SuperKey { 155 algorithm: SuperEncryptionAlgorithm, 156 key: ZVec, 157 /// Identifier of the encrypting key, used to write an encrypted blob 158 /// back to the database after re-encryption eg on a key update. 159 id: SuperKeyIdentifier, 160 /// ECDH is more expensive than AES. So on ECDH private keys we set the 161 /// reencrypt_with field to point at the corresponding AES key, and the 162 /// keys will be re-encrypted with AES on first use. 163 reencrypt_with: Option<Arc<SuperKey>>, 164 } 165 166 impl AesGcm for SuperKey { decrypt(&self, data: &[u8], iv: &[u8], tag: &[u8]) -> Result<ZVec>167 fn decrypt(&self, data: &[u8], iv: &[u8], tag: &[u8]) -> Result<ZVec> { 168 if self.algorithm == SuperEncryptionAlgorithm::Aes256Gcm { 169 aes_gcm_decrypt(data, iv, tag, &self.key).context(ks_err!("Decryption failed.")) 170 } else { 171 Err(Error::sys()).context(ks_err!("Key is not an AES key.")) 172 } 173 } 174 encrypt(&self, plaintext: &[u8]) -> Result<(Vec<u8>, Vec<u8>, Vec<u8>)>175 fn encrypt(&self, plaintext: &[u8]) -> Result<(Vec<u8>, Vec<u8>, Vec<u8>)> { 176 if self.algorithm == SuperEncryptionAlgorithm::Aes256Gcm { 177 aes_gcm_encrypt(plaintext, &self.key).context(ks_err!("Encryption failed.")) 178 } else { 179 Err(Error::sys()).context(ks_err!("Key is not an AES key.")) 180 } 181 } 182 } 183 184 /// A SuperKey that has been encrypted with an AES-GCM key. For 185 /// encryption the key is in memory, and for decryption it is in KM. 186 struct LockedKey { 187 algorithm: SuperEncryptionAlgorithm, 188 id: SuperKeyIdentifier, 189 nonce: Vec<u8>, 190 ciphertext: Vec<u8>, // with tag appended 191 } 192 193 impl LockedKey { new(key: &[u8], to_encrypt: &Arc<SuperKey>) -> Result<Self>194 fn new(key: &[u8], to_encrypt: &Arc<SuperKey>) -> Result<Self> { 195 let (mut ciphertext, nonce, mut tag) = aes_gcm_encrypt(&to_encrypt.key, key)?; 196 ciphertext.append(&mut tag); 197 Ok(LockedKey { algorithm: to_encrypt.algorithm, id: to_encrypt.id, nonce, ciphertext }) 198 } 199 decrypt( &self, db: &mut KeystoreDB, km_dev: &KeyMintDevice, key_id_guard: &KeyIdGuard, key_entry: &KeyEntry, auth_token: &HardwareAuthToken, reencrypt_with: Option<Arc<SuperKey>>, ) -> Result<Arc<SuperKey>>200 fn decrypt( 201 &self, 202 db: &mut KeystoreDB, 203 km_dev: &KeyMintDevice, 204 key_id_guard: &KeyIdGuard, 205 key_entry: &KeyEntry, 206 auth_token: &HardwareAuthToken, 207 reencrypt_with: Option<Arc<SuperKey>>, 208 ) -> Result<Arc<SuperKey>> { 209 let key_blob = key_entry 210 .key_blob_info() 211 .as_ref() 212 .map(|(key_blob, _)| KeyBlob::Ref(key_blob)) 213 .ok_or(Error::Rc(ResponseCode::KEY_NOT_FOUND)) 214 .context(ks_err!("Missing key blob info."))?; 215 let key_params = vec![ 216 KeyParameterValue::Algorithm(Algorithm::AES), 217 KeyParameterValue::KeySize(256), 218 KeyParameterValue::BlockMode(BlockMode::GCM), 219 KeyParameterValue::PaddingMode(PaddingMode::NONE), 220 KeyParameterValue::Nonce(self.nonce.clone()), 221 KeyParameterValue::MacLength(128), 222 ]; 223 let key_params: Vec<KmKeyParameter> = key_params.into_iter().map(|x| x.into()).collect(); 224 let key = ZVec::try_from(km_dev.use_key_in_one_step( 225 db, 226 key_id_guard, 227 &key_blob, 228 KeyPurpose::DECRYPT, 229 &key_params, 230 Some(auth_token), 231 &self.ciphertext, 232 )?)?; 233 Ok(Arc::new(SuperKey { algorithm: self.algorithm, key, id: self.id, reencrypt_with })) 234 } 235 } 236 237 /// A user's UnlockedDeviceRequired super keys, encrypted with a biometric-bound key, and 238 /// information about that biometric-bound key. 239 struct BiometricUnlock { 240 /// List of auth token SIDs that are accepted by the encrypting biometric-bound key. 241 sids: Vec<i64>, 242 /// Key descriptor of the encrypting biometric-bound key. 243 key_desc: KeyDescriptor, 244 /// The UnlockedDeviceRequired super keys, encrypted with a biometric-bound key. 245 symmetric: LockedKey, 246 private: LockedKey, 247 } 248 249 #[derive(Default)] 250 struct UserSuperKeys { 251 /// The AfterFirstUnlock super key is used for synthetic password binding of authentication 252 /// bound keys. There is one key per android user. The key is stored on flash encrypted with a 253 /// key derived from a secret, that is itself derived from the user's synthetic password. (In 254 /// most cases, the user's synthetic password can, in turn, only be decrypted using the user's 255 /// Lock Screen Knowledge Factor or LSKF.) When the user unlocks the device for the first time, 256 /// this key is unlocked, i.e., decrypted, and stays memory resident until the device reboots. 257 after_first_unlock: Option<Arc<SuperKey>>, 258 /// The UnlockedDeviceRequired symmetric super key works like the AfterFirstUnlock super key 259 /// with the distinction that it is cleared from memory when the device is locked. 260 unlocked_device_required_symmetric: Option<Arc<SuperKey>>, 261 /// When the device is locked, keys that use the UnlockedDeviceRequired key parameter can still 262 /// be created, using ECDH public-key encryption. This field holds the decryption private key. 263 unlocked_device_required_private: Option<Arc<SuperKey>>, 264 /// Versions of the above two keys, locked behind a biometric. 265 biometric_unlock: Option<BiometricUnlock>, 266 } 267 268 #[derive(Default)] 269 struct SkmState { 270 user_keys: HashMap<UserId, UserSuperKeys>, 271 key_index: HashMap<i64, Weak<SuperKey>>, 272 boot_level_key_cache: Option<Mutex<BootLevelKeyCache>>, 273 } 274 275 impl SkmState { add_key_to_key_index(&mut self, super_key: &Arc<SuperKey>) -> Result<()>276 fn add_key_to_key_index(&mut self, super_key: &Arc<SuperKey>) -> Result<()> { 277 if let SuperKeyIdentifier::DatabaseId(id) = super_key.id { 278 self.key_index.insert(id, Arc::downgrade(super_key)); 279 Ok(()) 280 } else { 281 Err(Error::sys()).context(ks_err!("Cannot add key with ID {:?}", super_key.id)) 282 } 283 } 284 } 285 286 #[derive(Default)] 287 pub struct SuperKeyManager { 288 data: SkmState, 289 } 290 291 impl SuperKeyManager { set_up_boot_level_cache(skm: &Arc<RwLock<Self>>, db: &mut KeystoreDB) -> Result<()>292 pub fn set_up_boot_level_cache(skm: &Arc<RwLock<Self>>, db: &mut KeystoreDB) -> Result<()> { 293 let mut skm_guard = skm.write().unwrap(); 294 if skm_guard.data.boot_level_key_cache.is_some() { 295 log::info!("In set_up_boot_level_cache: called for a second time"); 296 return Ok(()); 297 } 298 let level_zero_key = 299 get_level_zero_key(db).context(ks_err!("get_level_zero_key failed"))?; 300 skm_guard.data.boot_level_key_cache = 301 Some(Mutex::new(BootLevelKeyCache::new(level_zero_key))); 302 log::info!("Starting boot level watcher."); 303 let clone = skm.clone(); 304 std::thread::spawn(move || { 305 Self::watch_boot_level(clone) 306 .unwrap_or_else(|e| log::error!("watch_boot_level failed:\n{:?}", e)); 307 }); 308 Ok(()) 309 } 310 311 /// Watch the `keystore.boot_level` system property, and keep boot level up to date. 312 /// Blocks waiting for system property changes, so must be run in its own thread. watch_boot_level(skm: Arc<RwLock<Self>>) -> Result<()>313 fn watch_boot_level(skm: Arc<RwLock<Self>>) -> Result<()> { 314 let mut w = PropertyWatcher::new("keystore.boot_level") 315 .context(ks_err!("PropertyWatcher::new failed"))?; 316 loop { 317 let level = w 318 .read(|_n, v| v.parse::<usize>().map_err(std::convert::Into::into)) 319 .context(ks_err!("read of property failed"))?; 320 321 // This scope limits the skm_guard life, so we don't hold the skm_guard while 322 // waiting. 323 { 324 let mut skm_guard = skm.write().unwrap(); 325 let boot_level_key_cache = skm_guard 326 .data 327 .boot_level_key_cache 328 .as_mut() 329 .ok_or_else(Error::sys) 330 .context(ks_err!("Boot level cache not initialized"))? 331 .get_mut() 332 .unwrap(); 333 if level < MAX_MAX_BOOT_LEVEL { 334 log::info!("Read keystore.boot_level value {}", level); 335 boot_level_key_cache 336 .advance_boot_level(level) 337 .context(ks_err!("advance_boot_level failed"))?; 338 } else { 339 log::info!( 340 "keystore.boot_level {} hits maximum {}, finishing.", 341 level, 342 MAX_MAX_BOOT_LEVEL 343 ); 344 boot_level_key_cache.finish(); 345 break; 346 } 347 } 348 w.wait(None).context(ks_err!("property wait failed"))?; 349 } 350 Ok(()) 351 } 352 level_accessible(&self, boot_level: i32) -> bool353 pub fn level_accessible(&self, boot_level: i32) -> bool { 354 self.data 355 .boot_level_key_cache 356 .as_ref() 357 .map_or(false, |c| c.lock().unwrap().level_accessible(boot_level as usize)) 358 } 359 forget_all_keys_for_user(&mut self, user: UserId)360 pub fn forget_all_keys_for_user(&mut self, user: UserId) { 361 self.data.user_keys.remove(&user); 362 } 363 install_after_first_unlock_key_for_user( &mut self, user: UserId, super_key: Arc<SuperKey>, ) -> Result<()>364 fn install_after_first_unlock_key_for_user( 365 &mut self, 366 user: UserId, 367 super_key: Arc<SuperKey>, 368 ) -> Result<()> { 369 self.data 370 .add_key_to_key_index(&super_key) 371 .context(ks_err!("add_key_to_key_index failed"))?; 372 self.data.user_keys.entry(user).or_default().after_first_unlock = Some(super_key); 373 Ok(()) 374 } 375 lookup_key(&self, key_id: &SuperKeyIdentifier) -> Result<Option<Arc<SuperKey>>>376 fn lookup_key(&self, key_id: &SuperKeyIdentifier) -> Result<Option<Arc<SuperKey>>> { 377 Ok(match key_id { 378 SuperKeyIdentifier::DatabaseId(id) => { 379 self.data.key_index.get(id).and_then(|k| k.upgrade()) 380 } 381 SuperKeyIdentifier::BootLevel(level) => self 382 .data 383 .boot_level_key_cache 384 .as_ref() 385 .map(|b| b.lock().unwrap().aes_key(*level as usize)) 386 .transpose() 387 .context(ks_err!("aes_key failed"))? 388 .flatten() 389 .map(|key| { 390 Arc::new(SuperKey { 391 algorithm: SuperEncryptionAlgorithm::Aes256Gcm, 392 key, 393 id: *key_id, 394 reencrypt_with: None, 395 }) 396 }), 397 }) 398 } 399 400 /// Returns the AfterFirstUnlock superencryption key for the given user ID, or None if the user 401 /// has not yet unlocked the device since boot. get_after_first_unlock_key_by_user_id( &self, user_id: UserId, ) -> Option<Arc<dyn AesGcm + Send + Sync>>402 pub fn get_after_first_unlock_key_by_user_id( 403 &self, 404 user_id: UserId, 405 ) -> Option<Arc<dyn AesGcm + Send + Sync>> { 406 self.get_after_first_unlock_key_by_user_id_internal(user_id) 407 .map(|sk| -> Arc<dyn AesGcm + Send + Sync> { sk }) 408 } 409 get_after_first_unlock_key_by_user_id_internal( &self, user_id: UserId, ) -> Option<Arc<SuperKey>>410 fn get_after_first_unlock_key_by_user_id_internal( 411 &self, 412 user_id: UserId, 413 ) -> Option<Arc<SuperKey>> { 414 self.data.user_keys.get(&user_id).and_then(|e| e.after_first_unlock.as_ref().cloned()) 415 } 416 417 /// Check if a given key is super-encrypted, from its metadata. If so, unwrap the key using 418 /// the relevant super key. unwrap_key_if_required<'a>( &self, metadata: &BlobMetaData, blob: &'a [u8], ) -> Result<KeyBlob<'a>>419 pub fn unwrap_key_if_required<'a>( 420 &self, 421 metadata: &BlobMetaData, 422 blob: &'a [u8], 423 ) -> Result<KeyBlob<'a>> { 424 Ok(if let Some(key_id) = SuperKeyIdentifier::from_metadata(metadata) { 425 let super_key = self 426 .lookup_key(&key_id) 427 .context(ks_err!("lookup_key failed"))? 428 .ok_or(Error::Rc(ResponseCode::LOCKED)) 429 .context(ks_err!("Required super decryption key is not in memory."))?; 430 KeyBlob::Sensitive { 431 key: Self::unwrap_key_with_key(blob, metadata, &super_key) 432 .context(ks_err!("unwrap_key_with_key failed"))?, 433 reencrypt_with: super_key.reencrypt_with.as_ref().unwrap_or(&super_key).clone(), 434 force_reencrypt: super_key.reencrypt_with.is_some(), 435 } 436 } else { 437 KeyBlob::Ref(blob) 438 }) 439 } 440 441 /// Unwraps an encrypted key blob given an encryption key. unwrap_key_with_key(blob: &[u8], metadata: &BlobMetaData, key: &SuperKey) -> Result<ZVec>442 fn unwrap_key_with_key(blob: &[u8], metadata: &BlobMetaData, key: &SuperKey) -> Result<ZVec> { 443 match key.algorithm { 444 SuperEncryptionAlgorithm::Aes256Gcm => match (metadata.iv(), metadata.aead_tag()) { 445 (Some(iv), Some(tag)) => { 446 key.decrypt(blob, iv, tag).context(ks_err!("Failed to decrypt the key blob.")) 447 } 448 (iv, tag) => Err(Error::Rc(ResponseCode::VALUE_CORRUPTED)).context(ks_err!( 449 "Key has incomplete metadata. Present: iv: {}, aead_tag: {}.", 450 iv.is_some(), 451 tag.is_some(), 452 )), 453 }, 454 SuperEncryptionAlgorithm::EcdhP521 => { 455 match (metadata.public_key(), metadata.salt(), metadata.iv(), metadata.aead_tag()) { 456 (Some(public_key), Some(salt), Some(iv), Some(aead_tag)) => { 457 ECDHPrivateKey::from_private_key(&key.key) 458 .and_then(|k| k.decrypt_message(public_key, salt, iv, blob, aead_tag)) 459 .context(ks_err!("Failed to decrypt the key blob with ECDH.")) 460 } 461 (public_key, salt, iv, aead_tag) => { 462 Err(Error::Rc(ResponseCode::VALUE_CORRUPTED)).context(ks_err!( 463 concat!( 464 "Key has incomplete metadata. ", 465 "Present: public_key: {}, salt: {}, iv: {}, aead_tag: {}." 466 ), 467 public_key.is_some(), 468 salt.is_some(), 469 iv.is_some(), 470 aead_tag.is_some(), 471 )) 472 } 473 } 474 } 475 } 476 } 477 478 /// Checks if the user's AfterFirstUnlock super key exists in the database (or legacy database). 479 /// The reference to self is unused but it is required to prevent calling this function 480 /// concurrently with skm state database changes. super_key_exists_in_db_for_user( &self, db: &mut KeystoreDB, legacy_importer: &LegacyImporter, user_id: UserId, ) -> Result<bool>481 fn super_key_exists_in_db_for_user( 482 &self, 483 db: &mut KeystoreDB, 484 legacy_importer: &LegacyImporter, 485 user_id: UserId, 486 ) -> Result<bool> { 487 let key_in_db = db 488 .key_exists( 489 Domain::APP, 490 user_id as u64 as i64, 491 USER_AFTER_FIRST_UNLOCK_SUPER_KEY.alias, 492 KeyType::Super, 493 ) 494 .context(ks_err!())?; 495 496 if key_in_db { 497 Ok(key_in_db) 498 } else { 499 legacy_importer.has_super_key(user_id).context(ks_err!("Trying to query legacy db.")) 500 } 501 } 502 503 // Helper function to populate super key cache from the super key blob loaded from the database. populate_cache_from_super_key_blob( &mut self, user_id: UserId, algorithm: SuperEncryptionAlgorithm, entry: KeyEntry, pw: &Password, ) -> Result<Arc<SuperKey>>504 fn populate_cache_from_super_key_blob( 505 &mut self, 506 user_id: UserId, 507 algorithm: SuperEncryptionAlgorithm, 508 entry: KeyEntry, 509 pw: &Password, 510 ) -> Result<Arc<SuperKey>> { 511 let super_key = Self::extract_super_key_from_key_entry(algorithm, entry, pw, None) 512 .context(ks_err!("Failed to extract super key from key entry"))?; 513 self.install_after_first_unlock_key_for_user(user_id, super_key.clone()) 514 .context(ks_err!("Failed to install AfterFirstUnlock super key for user!"))?; 515 Ok(super_key) 516 } 517 518 /// Extracts super key from the entry loaded from the database. extract_super_key_from_key_entry( algorithm: SuperEncryptionAlgorithm, entry: KeyEntry, pw: &Password, reencrypt_with: Option<Arc<SuperKey>>, ) -> Result<Arc<SuperKey>>519 pub fn extract_super_key_from_key_entry( 520 algorithm: SuperEncryptionAlgorithm, 521 entry: KeyEntry, 522 pw: &Password, 523 reencrypt_with: Option<Arc<SuperKey>>, 524 ) -> Result<Arc<SuperKey>> { 525 if let Some((blob, metadata)) = entry.key_blob_info() { 526 let key = match ( 527 metadata.encrypted_by(), 528 metadata.salt(), 529 metadata.iv(), 530 metadata.aead_tag(), 531 ) { 532 (Some(&EncryptedBy::Password), Some(salt), Some(iv), Some(tag)) => { 533 // Note that password encryption is AES no matter the value of algorithm. 534 let key = pw 535 .derive_key_hkdf(salt, AES_256_KEY_LENGTH) 536 .context(ks_err!("Failed to derive key from password."))?; 537 538 aes_gcm_decrypt(blob, iv, tag, &key).or_else(|_e| { 539 // Handle old key stored before the switch to HKDF. 540 let key = pw 541 .derive_key_pbkdf2(salt, AES_256_KEY_LENGTH) 542 .context(ks_err!("Failed to derive key from password (PBKDF2)."))?; 543 aes_gcm_decrypt(blob, iv, tag, &key) 544 .context(ks_err!("Failed to decrypt key blob.")) 545 })? 546 } 547 (enc_by, salt, iv, tag) => { 548 return Err(Error::Rc(ResponseCode::VALUE_CORRUPTED)).context(ks_err!( 549 concat!( 550 "Super key has incomplete metadata.", 551 "encrypted_by: {:?}; Present: salt: {}, iv: {}, aead_tag: {}." 552 ), 553 enc_by, 554 salt.is_some(), 555 iv.is_some(), 556 tag.is_some() 557 )); 558 } 559 }; 560 Ok(Arc::new(SuperKey { 561 algorithm, 562 key, 563 id: SuperKeyIdentifier::DatabaseId(entry.id()), 564 reencrypt_with, 565 })) 566 } else { 567 Err(Error::Rc(ResponseCode::VALUE_CORRUPTED)).context(ks_err!("No key blob info.")) 568 } 569 } 570 571 /// Encrypts the super key from a key derived from the password, before storing in the database. 572 /// This does not stretch the password; i.e., it assumes that the password is a high-entropy 573 /// synthetic password, not a low-entropy user provided password. encrypt_with_password( super_key: &[u8], pw: &Password, ) -> Result<(Vec<u8>, BlobMetaData)>574 pub fn encrypt_with_password( 575 super_key: &[u8], 576 pw: &Password, 577 ) -> Result<(Vec<u8>, BlobMetaData)> { 578 let salt = generate_salt().context("In encrypt_with_password: Failed to generate salt.")?; 579 let derived_key = if android_security_flags::fix_unlocked_device_required_keys_v2() { 580 pw.derive_key_hkdf(&salt, AES_256_KEY_LENGTH) 581 .context(ks_err!("Failed to derive key from password."))? 582 } else { 583 pw.derive_key_pbkdf2(&salt, AES_256_KEY_LENGTH) 584 .context(ks_err!("Failed to derive password."))? 585 }; 586 let mut metadata = BlobMetaData::new(); 587 metadata.add(BlobMetaEntry::EncryptedBy(EncryptedBy::Password)); 588 metadata.add(BlobMetaEntry::Salt(salt)); 589 let (encrypted_key, iv, tag) = aes_gcm_encrypt(super_key, &derived_key) 590 .context(ks_err!("Failed to encrypt new super key."))?; 591 metadata.add(BlobMetaEntry::Iv(iv)); 592 metadata.add(BlobMetaEntry::AeadTag(tag)); 593 Ok((encrypted_key, metadata)) 594 } 595 596 // Helper function to encrypt a key with the given super key. Callers should select which super 597 // key to be used. This is called when a key is super encrypted at its creation as well as at 598 // its upgrade. encrypt_with_aes_super_key( key_blob: &[u8], super_key: &SuperKey, ) -> Result<(Vec<u8>, BlobMetaData)>599 fn encrypt_with_aes_super_key( 600 key_blob: &[u8], 601 super_key: &SuperKey, 602 ) -> Result<(Vec<u8>, BlobMetaData)> { 603 if super_key.algorithm != SuperEncryptionAlgorithm::Aes256Gcm { 604 return Err(Error::sys()).context(ks_err!("unexpected algorithm")); 605 } 606 let mut metadata = BlobMetaData::new(); 607 let (encrypted_key, iv, tag) = aes_gcm_encrypt(key_blob, &(super_key.key)) 608 .context(ks_err!("Failed to encrypt new super key."))?; 609 metadata.add(BlobMetaEntry::Iv(iv)); 610 metadata.add(BlobMetaEntry::AeadTag(tag)); 611 super_key.id.add_to_metadata(&mut metadata); 612 Ok((encrypted_key, metadata)) 613 } 614 615 // Encrypts a given key_blob using a hybrid approach, which can either use the symmetric super 616 // key or the public super key depending on which is available. 617 // 618 // If the symmetric_key is available, the key_blob is encrypted using symmetric encryption with 619 // the provided symmetric super key. Otherwise, the function loads the public super key from 620 // the KeystoreDB and encrypts the key_blob using ECDH encryption and marks the keyblob to be 621 // re-encrypted with the symmetric super key on the first use. 622 // 623 // This hybrid scheme allows keys that use the UnlockedDeviceRequired key parameter to be 624 // created while the device is locked. encrypt_with_hybrid_super_key( key_blob: &[u8], symmetric_key: Option<&SuperKey>, public_key_type: &SuperKeyType, db: &mut KeystoreDB, user_id: UserId, ) -> Result<(Vec<u8>, BlobMetaData)>625 fn encrypt_with_hybrid_super_key( 626 key_blob: &[u8], 627 symmetric_key: Option<&SuperKey>, 628 public_key_type: &SuperKeyType, 629 db: &mut KeystoreDB, 630 user_id: UserId, 631 ) -> Result<(Vec<u8>, BlobMetaData)> { 632 if let Some(super_key) = symmetric_key { 633 Self::encrypt_with_aes_super_key(key_blob, super_key).context(ks_err!( 634 "Failed to encrypt with UnlockedDeviceRequired symmetric super key." 635 )) 636 } else { 637 // Symmetric key is not available, use public key encryption 638 let loaded = db 639 .load_super_key(public_key_type, user_id) 640 .context(ks_err!("load_super_key failed."))?; 641 let (key_id_guard, key_entry) = 642 loaded.ok_or_else(Error::sys).context(ks_err!("User ECDH super key missing."))?; 643 let public_key = key_entry 644 .metadata() 645 .sec1_public_key() 646 .ok_or_else(Error::sys) 647 .context(ks_err!("sec1_public_key missing."))?; 648 let mut metadata = BlobMetaData::new(); 649 let (ephem_key, salt, iv, encrypted_key, aead_tag) = 650 ECDHPrivateKey::encrypt_message(public_key, key_blob) 651 .context(ks_err!("ECDHPrivateKey::encrypt_message failed."))?; 652 metadata.add(BlobMetaEntry::PublicKey(ephem_key)); 653 metadata.add(BlobMetaEntry::Salt(salt)); 654 metadata.add(BlobMetaEntry::Iv(iv)); 655 metadata.add(BlobMetaEntry::AeadTag(aead_tag)); 656 SuperKeyIdentifier::DatabaseId(key_id_guard.id()).add_to_metadata(&mut metadata); 657 Ok((encrypted_key, metadata)) 658 } 659 } 660 661 /// Check if super encryption is required and if so, super-encrypt the key to be stored in 662 /// the database. 663 #[allow(clippy::too_many_arguments)] handle_super_encryption_on_key_init( &self, db: &mut KeystoreDB, legacy_importer: &LegacyImporter, domain: &Domain, key_parameters: &[KeyParameter], flags: Option<i32>, user_id: UserId, key_blob: &[u8], ) -> Result<(Vec<u8>, BlobMetaData)>664 pub fn handle_super_encryption_on_key_init( 665 &self, 666 db: &mut KeystoreDB, 667 legacy_importer: &LegacyImporter, 668 domain: &Domain, 669 key_parameters: &[KeyParameter], 670 flags: Option<i32>, 671 user_id: UserId, 672 key_blob: &[u8], 673 ) -> Result<(Vec<u8>, BlobMetaData)> { 674 match Enforcements::super_encryption_required(domain, key_parameters, flags) { 675 SuperEncryptionType::None => Ok((key_blob.to_vec(), BlobMetaData::new())), 676 SuperEncryptionType::AfterFirstUnlock => { 677 // Encrypt the given key blob with the user's AfterFirstUnlock super key. If the 678 // user has not unlocked the device since boot or the super keys were never 679 // initialized for the user for some reason, an error is returned. 680 match self 681 .get_user_state(db, legacy_importer, user_id) 682 .context(ks_err!("Failed to get user state for user {user_id}"))? 683 { 684 UserState::AfterFirstUnlock(super_key) => { 685 Self::encrypt_with_aes_super_key(key_blob, &super_key).context(ks_err!( 686 "Failed to encrypt with AfterFirstUnlock super key for user {user_id}" 687 )) 688 } 689 UserState::BeforeFirstUnlock => { 690 Err(Error::Rc(ResponseCode::LOCKED)).context(ks_err!("Device is locked.")) 691 } 692 UserState::Uninitialized => Err(Error::Rc(ResponseCode::UNINITIALIZED)) 693 .context(ks_err!("User {user_id} does not have super keys")), 694 } 695 } 696 SuperEncryptionType::UnlockedDeviceRequired => { 697 let symmetric_key = self 698 .data 699 .user_keys 700 .get(&user_id) 701 .and_then(|e| e.unlocked_device_required_symmetric.as_ref()) 702 .map(|arc| arc.as_ref()); 703 Self::encrypt_with_hybrid_super_key( 704 key_blob, 705 symmetric_key, 706 &USER_UNLOCKED_DEVICE_REQUIRED_P521_SUPER_KEY, 707 db, 708 user_id, 709 ) 710 .context(ks_err!("Failed to encrypt with UnlockedDeviceRequired hybrid scheme.")) 711 } 712 SuperEncryptionType::BootLevel(level) => { 713 let key_id = SuperKeyIdentifier::BootLevel(level); 714 let super_key = self 715 .lookup_key(&key_id) 716 .context(ks_err!("lookup_key failed"))? 717 .ok_or(Error::Rc(ResponseCode::LOCKED)) 718 .context(ks_err!("Boot stage key absent"))?; 719 Self::encrypt_with_aes_super_key(key_blob, &super_key) 720 .context(ks_err!("Failed to encrypt with BootLevel key.")) 721 } 722 } 723 } 724 725 /// Check if a given key needs re-super-encryption, from its KeyBlob type. 726 /// If so, re-super-encrypt the key and return a new set of metadata, 727 /// containing the new super encryption information. reencrypt_if_required<'a>( key_blob_before_upgrade: &KeyBlob, key_after_upgrade: &'a [u8], ) -> Result<(KeyBlob<'a>, Option<BlobMetaData>)>728 pub fn reencrypt_if_required<'a>( 729 key_blob_before_upgrade: &KeyBlob, 730 key_after_upgrade: &'a [u8], 731 ) -> Result<(KeyBlob<'a>, Option<BlobMetaData>)> { 732 match key_blob_before_upgrade { 733 KeyBlob::Sensitive { reencrypt_with: super_key, .. } => { 734 let (key, metadata) = 735 Self::encrypt_with_aes_super_key(key_after_upgrade, super_key) 736 .context(ks_err!("Failed to re-super-encrypt key."))?; 737 Ok((KeyBlob::NonSensitive(key), Some(metadata))) 738 } 739 _ => Ok((KeyBlob::Ref(key_after_upgrade), None)), 740 } 741 } 742 create_super_key( &mut self, db: &mut KeystoreDB, user_id: UserId, key_type: &SuperKeyType, password: &Password, reencrypt_with: Option<Arc<SuperKey>>, ) -> Result<Arc<SuperKey>>743 fn create_super_key( 744 &mut self, 745 db: &mut KeystoreDB, 746 user_id: UserId, 747 key_type: &SuperKeyType, 748 password: &Password, 749 reencrypt_with: Option<Arc<SuperKey>>, 750 ) -> Result<Arc<SuperKey>> { 751 log::info!("Creating {} for user {}", key_type.name, user_id); 752 let (super_key, public_key) = match key_type.algorithm { 753 SuperEncryptionAlgorithm::Aes256Gcm => { 754 (generate_aes256_key().context(ks_err!("Failed to generate AES-256 key."))?, None) 755 } 756 SuperEncryptionAlgorithm::EcdhP521 => { 757 let key = 758 ECDHPrivateKey::generate().context(ks_err!("Failed to generate ECDH key"))?; 759 ( 760 key.private_key().context(ks_err!("private_key failed"))?, 761 Some(key.public_key().context(ks_err!("public_key failed"))?), 762 ) 763 } 764 }; 765 // Derive an AES-256 key from the password and re-encrypt the super key before we insert it 766 // in the database. 767 let (encrypted_super_key, blob_metadata) = 768 Self::encrypt_with_password(&super_key, password).context(ks_err!())?; 769 let mut key_metadata = KeyMetaData::new(); 770 if let Some(pk) = public_key { 771 key_metadata.add(KeyMetaEntry::Sec1PublicKey(pk)); 772 } 773 let key_entry = db 774 .store_super_key(user_id, key_type, &encrypted_super_key, &blob_metadata, &key_metadata) 775 .context(ks_err!("Failed to store super key."))?; 776 Ok(Arc::new(SuperKey { 777 algorithm: key_type.algorithm, 778 key: super_key, 779 id: SuperKeyIdentifier::DatabaseId(key_entry.id()), 780 reencrypt_with, 781 })) 782 } 783 784 /// Fetch a superencryption key from the database, or create it if it doesn't already exist. 785 /// When this is called, the caller must hold the lock on the SuperKeyManager. 786 /// So it's OK that the check and creation are different DB transactions. get_or_create_super_key( &mut self, db: &mut KeystoreDB, user_id: UserId, key_type: &SuperKeyType, password: &Password, reencrypt_with: Option<Arc<SuperKey>>, ) -> Result<Arc<SuperKey>>787 fn get_or_create_super_key( 788 &mut self, 789 db: &mut KeystoreDB, 790 user_id: UserId, 791 key_type: &SuperKeyType, 792 password: &Password, 793 reencrypt_with: Option<Arc<SuperKey>>, 794 ) -> Result<Arc<SuperKey>> { 795 let loaded_key = db.load_super_key(key_type, user_id)?; 796 if let Some((_, key_entry)) = loaded_key { 797 Ok(Self::extract_super_key_from_key_entry( 798 key_type.algorithm, 799 key_entry, 800 password, 801 reencrypt_with, 802 )?) 803 } else { 804 self.create_super_key(db, user_id, key_type, password, reencrypt_with) 805 } 806 } 807 808 /// Decrypt the UnlockedDeviceRequired super keys for this user using the password and store 809 /// them in memory. If these keys don't exist yet, create them. unlock_unlocked_device_required_keys( &mut self, db: &mut KeystoreDB, user_id: UserId, password: &Password, ) -> Result<()>810 pub fn unlock_unlocked_device_required_keys( 811 &mut self, 812 db: &mut KeystoreDB, 813 user_id: UserId, 814 password: &Password, 815 ) -> Result<()> { 816 let (symmetric, private) = self 817 .data 818 .user_keys 819 .get(&user_id) 820 .map(|e| { 821 ( 822 e.unlocked_device_required_symmetric.clone(), 823 e.unlocked_device_required_private.clone(), 824 ) 825 }) 826 .unwrap_or((None, None)); 827 828 if symmetric.is_some() && private.is_some() { 829 // Already unlocked. 830 return Ok(()); 831 } 832 833 let aes = if let Some(symmetric) = symmetric { 834 // This is weird. If this point is reached only one of the UnlockedDeviceRequired super 835 // keys was initialized. This should never happen. 836 symmetric 837 } else { 838 self.get_or_create_super_key( 839 db, 840 user_id, 841 &USER_UNLOCKED_DEVICE_REQUIRED_SYMMETRIC_SUPER_KEY, 842 password, 843 None, 844 ) 845 .context(ks_err!("Trying to get or create symmetric key."))? 846 }; 847 848 let ecdh = if let Some(private) = private { 849 // This is weird. If this point is reached only one of the UnlockedDeviceRequired super 850 // keys was initialized. This should never happen. 851 private 852 } else { 853 self.get_or_create_super_key( 854 db, 855 user_id, 856 &USER_UNLOCKED_DEVICE_REQUIRED_P521_SUPER_KEY, 857 password, 858 Some(aes.clone()), 859 ) 860 .context(ks_err!("Trying to get or create asymmetric key."))? 861 }; 862 863 self.data.add_key_to_key_index(&aes)?; 864 self.data.add_key_to_key_index(&ecdh)?; 865 let entry = self.data.user_keys.entry(user_id).or_default(); 866 entry.unlocked_device_required_symmetric = Some(aes); 867 entry.unlocked_device_required_private = Some(ecdh); 868 Ok(()) 869 } 870 871 /// Protects the user's UnlockedDeviceRequired super keys in a way such that they can only be 872 /// unlocked by the enabled unlock methods. lock_unlocked_device_required_keys( &mut self, db: &mut KeystoreDB, user_id: UserId, unlocking_sids: &[i64], weak_unlock_enabled: bool, )873 pub fn lock_unlocked_device_required_keys( 874 &mut self, 875 db: &mut KeystoreDB, 876 user_id: UserId, 877 unlocking_sids: &[i64], 878 weak_unlock_enabled: bool, 879 ) { 880 let entry = self.data.user_keys.entry(user_id).or_default(); 881 if unlocking_sids.is_empty() { 882 if android_security_flags::fix_unlocked_device_required_keys_v2() { 883 entry.biometric_unlock = None; 884 } 885 } else if let (Some(aes), Some(ecdh)) = ( 886 entry.unlocked_device_required_symmetric.as_ref().cloned(), 887 entry.unlocked_device_required_private.as_ref().cloned(), 888 ) { 889 // If class 3 biometric unlock methods are enabled, create a biometric-encrypted copy of 890 // the keys. Do this even if weak unlock methods are enabled too; in that case we'll 891 // also retain a plaintext copy of the keys, but that copy will be wiped later if weak 892 // unlock methods expire. So we need the biometric-encrypted copy too just in case. 893 let res = (|| -> Result<()> { 894 let key_desc = 895 KeyMintDevice::internal_descriptor(format!("biometric_unlock_key_{}", user_id)); 896 let encrypting_key = generate_aes256_key()?; 897 let km_dev: KeyMintDevice = KeyMintDevice::get(SecurityLevel::TRUSTED_ENVIRONMENT) 898 .context(ks_err!("KeyMintDevice::get failed"))?; 899 let mut key_params = vec![ 900 KeyParameterValue::Algorithm(Algorithm::AES), 901 KeyParameterValue::KeySize(256), 902 KeyParameterValue::BlockMode(BlockMode::GCM), 903 KeyParameterValue::PaddingMode(PaddingMode::NONE), 904 KeyParameterValue::CallerNonce, 905 KeyParameterValue::KeyPurpose(KeyPurpose::DECRYPT), 906 KeyParameterValue::MinMacLength(128), 907 KeyParameterValue::AuthTimeout(BIOMETRIC_AUTH_TIMEOUT_S), 908 KeyParameterValue::HardwareAuthenticatorType( 909 HardwareAuthenticatorType::FINGERPRINT, 910 ), 911 ]; 912 for sid in unlocking_sids { 913 key_params.push(KeyParameterValue::UserSecureID(*sid)); 914 } 915 let key_params: Vec<KmKeyParameter> = 916 key_params.into_iter().map(|x| x.into()).collect(); 917 km_dev.create_and_store_key( 918 db, 919 &key_desc, 920 KeyType::Client, /* TODO Should be Super b/189470584 */ 921 |dev| { 922 let _wp = 923 wd::watch("In lock_unlocked_device_required_keys: calling importKey."); 924 dev.importKey(key_params.as_slice(), KeyFormat::RAW, &encrypting_key, None) 925 }, 926 )?; 927 entry.biometric_unlock = Some(BiometricUnlock { 928 sids: unlocking_sids.into(), 929 key_desc, 930 symmetric: LockedKey::new(&encrypting_key, &aes)?, 931 private: LockedKey::new(&encrypting_key, &ecdh)?, 932 }); 933 Ok(()) 934 })(); 935 if let Err(e) = res { 936 log::error!("Error setting up biometric unlock: {:#?}", e); 937 // The caller can't do anything about the error, and for security reasons we still 938 // wipe the keys (unless a weak unlock method is enabled). So just log the error. 939 } 940 } 941 // Wipe the plaintext copy of the keys, unless a weak unlock method is enabled. 942 if !weak_unlock_enabled { 943 entry.unlocked_device_required_symmetric = None; 944 entry.unlocked_device_required_private = None; 945 } 946 Self::log_status_of_unlocked_device_required_keys(user_id, entry); 947 } 948 wipe_plaintext_unlocked_device_required_keys(&mut self, user_id: UserId)949 pub fn wipe_plaintext_unlocked_device_required_keys(&mut self, user_id: UserId) { 950 let entry = self.data.user_keys.entry(user_id).or_default(); 951 entry.unlocked_device_required_symmetric = None; 952 entry.unlocked_device_required_private = None; 953 Self::log_status_of_unlocked_device_required_keys(user_id, entry); 954 } 955 wipe_all_unlocked_device_required_keys(&mut self, user_id: UserId)956 pub fn wipe_all_unlocked_device_required_keys(&mut self, user_id: UserId) { 957 let entry = self.data.user_keys.entry(user_id).or_default(); 958 entry.unlocked_device_required_symmetric = None; 959 entry.unlocked_device_required_private = None; 960 entry.biometric_unlock = None; 961 Self::log_status_of_unlocked_device_required_keys(user_id, entry); 962 } 963 log_status_of_unlocked_device_required_keys(user_id: UserId, entry: &UserSuperKeys)964 fn log_status_of_unlocked_device_required_keys(user_id: UserId, entry: &UserSuperKeys) { 965 let status = match ( 966 // Note: the status of the symmetric and private keys should always be in sync. 967 // So we only check one here. 968 entry.unlocked_device_required_symmetric.is_some(), 969 entry.biometric_unlock.is_some(), 970 ) { 971 (false, false) => "fully protected", 972 (false, true) => "biometric-encrypted", 973 (true, false) => "retained in plaintext", 974 (true, true) => "retained in plaintext, with biometric-encrypted copy too", 975 }; 976 log::info!("UnlockedDeviceRequired super keys for user {user_id} are {status}."); 977 } 978 979 /// User has unlocked, not using a password. See if any of our stored auth tokens can be used 980 /// to unlock the keys protecting UNLOCKED_DEVICE_REQUIRED keys. try_unlock_user_with_biometric( &mut self, db: &mut KeystoreDB, user_id: UserId, ) -> Result<()>981 pub fn try_unlock_user_with_biometric( 982 &mut self, 983 db: &mut KeystoreDB, 984 user_id: UserId, 985 ) -> Result<()> { 986 let entry = self.data.user_keys.entry(user_id).or_default(); 987 if android_security_flags::fix_unlocked_device_required_keys_v2() 988 && entry.unlocked_device_required_symmetric.is_some() 989 && entry.unlocked_device_required_private.is_some() 990 { 991 // If the keys are already cached in plaintext, then there is no need to decrypt the 992 // biometric-encrypted copy. Both copies can be present here if the user has both 993 // class 3 biometric and weak unlock methods enabled, and the device was unlocked before 994 // the weak unlock methods expired. 995 return Ok(()); 996 } 997 if let Some(biometric) = entry.biometric_unlock.as_ref() { 998 let (key_id_guard, key_entry) = db 999 .load_key_entry( 1000 &biometric.key_desc, 1001 KeyType::Client, // This should not be a Client key. 1002 KeyEntryLoadBits::KM, 1003 AID_KEYSTORE, 1004 |_, _| Ok(()), 1005 ) 1006 .context(ks_err!("load_key_entry failed"))?; 1007 let km_dev: KeyMintDevice = KeyMintDevice::get(SecurityLevel::TRUSTED_ENVIRONMENT) 1008 .context(ks_err!("KeyMintDevice::get failed"))?; 1009 let mut errs = vec![]; 1010 for sid in &biometric.sids { 1011 let sid = *sid; 1012 if let Some(auth_token_entry) = db.find_auth_token_entry(|entry| { 1013 entry.auth_token().userId == sid || entry.auth_token().authenticatorId == sid 1014 }) { 1015 let res: Result<(Arc<SuperKey>, Arc<SuperKey>)> = (|| { 1016 let symmetric = biometric.symmetric.decrypt( 1017 db, 1018 &km_dev, 1019 &key_id_guard, 1020 &key_entry, 1021 auth_token_entry.auth_token(), 1022 None, 1023 )?; 1024 let private = biometric.private.decrypt( 1025 db, 1026 &km_dev, 1027 &key_id_guard, 1028 &key_entry, 1029 auth_token_entry.auth_token(), 1030 Some(symmetric.clone()), 1031 )?; 1032 Ok((symmetric, private)) 1033 })(); 1034 match res { 1035 Ok((symmetric, private)) => { 1036 entry.unlocked_device_required_symmetric = Some(symmetric.clone()); 1037 entry.unlocked_device_required_private = Some(private.clone()); 1038 self.data.add_key_to_key_index(&symmetric)?; 1039 self.data.add_key_to_key_index(&private)?; 1040 log::info!("Successfully unlocked user {user_id} with biometric {sid}",); 1041 return Ok(()); 1042 } 1043 Err(e) => { 1044 // Don't log an error yet, as some other biometric SID might work. 1045 errs.push((sid, e)); 1046 } 1047 } 1048 } 1049 } 1050 if !errs.is_empty() { 1051 log::warn!("biometric unlock failed for all SIDs, with errors:"); 1052 for (sid, err) in errs { 1053 log::warn!(" biometric {sid}: {err}"); 1054 } 1055 } 1056 } 1057 Ok(()) 1058 } 1059 1060 /// Returns the keystore locked state of the given user. It requires the thread local 1061 /// keystore database and a reference to the legacy migrator because it may need to 1062 /// import the super key from the legacy blob database to the keystore database. get_user_state( &self, db: &mut KeystoreDB, legacy_importer: &LegacyImporter, user_id: UserId, ) -> Result<UserState>1063 pub fn get_user_state( 1064 &self, 1065 db: &mut KeystoreDB, 1066 legacy_importer: &LegacyImporter, 1067 user_id: UserId, 1068 ) -> Result<UserState> { 1069 match self.get_after_first_unlock_key_by_user_id_internal(user_id) { 1070 Some(super_key) => Ok(UserState::AfterFirstUnlock(super_key)), 1071 None => { 1072 // Check if a super key exists in the database or legacy database. 1073 // If so, return locked user state. 1074 if self 1075 .super_key_exists_in_db_for_user(db, legacy_importer, user_id) 1076 .context(ks_err!())? 1077 { 1078 Ok(UserState::BeforeFirstUnlock) 1079 } else { 1080 Ok(UserState::Uninitialized) 1081 } 1082 } 1083 } 1084 } 1085 1086 /// Deletes all keys and super keys for the given user. 1087 /// This is called when a user is deleted. remove_user( &mut self, db: &mut KeystoreDB, legacy_importer: &LegacyImporter, user_id: UserId, ) -> Result<()>1088 pub fn remove_user( 1089 &mut self, 1090 db: &mut KeystoreDB, 1091 legacy_importer: &LegacyImporter, 1092 user_id: UserId, 1093 ) -> Result<()> { 1094 log::info!("remove_user(user={user_id})"); 1095 // Mark keys created on behalf of the user as unreferenced. 1096 legacy_importer 1097 .bulk_delete_user(user_id, false) 1098 .context(ks_err!("Trying to delete legacy keys."))?; 1099 db.unbind_keys_for_user(user_id, false).context(ks_err!("Error in unbinding keys."))?; 1100 1101 // Delete super key in cache, if exists. 1102 self.forget_all_keys_for_user(user_id); 1103 Ok(()) 1104 } 1105 1106 /// Deletes all authentication bound keys and super keys for the given user. The user must be 1107 /// unlocked before this function is called. This function is used to transition a user to 1108 /// swipe. reset_user( &mut self, db: &mut KeystoreDB, legacy_importer: &LegacyImporter, user_id: UserId, ) -> Result<()>1109 pub fn reset_user( 1110 &mut self, 1111 db: &mut KeystoreDB, 1112 legacy_importer: &LegacyImporter, 1113 user_id: UserId, 1114 ) -> Result<()> { 1115 log::info!("reset_user(user={user_id})"); 1116 match self.get_user_state(db, legacy_importer, user_id)? { 1117 UserState::Uninitialized => { 1118 Err(Error::sys()).context(ks_err!("Tried to reset an uninitialized user!")) 1119 } 1120 UserState::BeforeFirstUnlock => { 1121 Err(Error::sys()).context(ks_err!("Tried to reset a locked user's password!")) 1122 } 1123 UserState::AfterFirstUnlock(_) => { 1124 // Mark keys created on behalf of the user as unreferenced. 1125 legacy_importer 1126 .bulk_delete_user(user_id, true) 1127 .context(ks_err!("Trying to delete legacy keys."))?; 1128 db.unbind_keys_for_user(user_id, true) 1129 .context(ks_err!("Error in unbinding keys."))?; 1130 1131 // Delete super key in cache, if exists. 1132 self.forget_all_keys_for_user(user_id); 1133 Ok(()) 1134 } 1135 } 1136 } 1137 1138 /// If the user hasn't been initialized yet, then this function generates the user's 1139 /// AfterFirstUnlock super key and sets the user's state to AfterFirstUnlock. Otherwise this 1140 /// function returns an error. init_user( &mut self, db: &mut KeystoreDB, legacy_importer: &LegacyImporter, user_id: UserId, password: &Password, ) -> Result<()>1141 pub fn init_user( 1142 &mut self, 1143 db: &mut KeystoreDB, 1144 legacy_importer: &LegacyImporter, 1145 user_id: UserId, 1146 password: &Password, 1147 ) -> Result<()> { 1148 log::info!("init_user(user={user_id})"); 1149 match self.get_user_state(db, legacy_importer, user_id)? { 1150 UserState::AfterFirstUnlock(_) | UserState::BeforeFirstUnlock => { 1151 Err(Error::sys()).context(ks_err!("Tried to re-init an initialized user!")) 1152 } 1153 UserState::Uninitialized => { 1154 // Generate a new super key. 1155 let super_key = 1156 generate_aes256_key().context(ks_err!("Failed to generate AES 256 key."))?; 1157 // Derive an AES256 key from the password and re-encrypt the super key 1158 // before we insert it in the database. 1159 let (encrypted_super_key, blob_metadata) = 1160 Self::encrypt_with_password(&super_key, password) 1161 .context(ks_err!("Failed to encrypt super key with password!"))?; 1162 1163 let key_entry = db 1164 .store_super_key( 1165 user_id, 1166 &USER_AFTER_FIRST_UNLOCK_SUPER_KEY, 1167 &encrypted_super_key, 1168 &blob_metadata, 1169 &KeyMetaData::new(), 1170 ) 1171 .context(ks_err!("Failed to store super key."))?; 1172 1173 self.populate_cache_from_super_key_blob( 1174 user_id, 1175 USER_AFTER_FIRST_UNLOCK_SUPER_KEY.algorithm, 1176 key_entry, 1177 password, 1178 ) 1179 .context(ks_err!("Failed to initialize user!"))?; 1180 Ok(()) 1181 } 1182 } 1183 } 1184 1185 /// Initializes the given user by creating their super keys, both AfterFirstUnlock and 1186 /// UnlockedDeviceRequired. If allow_existing is true, then the user already being initialized 1187 /// is not considered an error. initialize_user( &mut self, db: &mut KeystoreDB, legacy_importer: &LegacyImporter, user_id: UserId, password: &Password, allow_existing: bool, ) -> Result<()>1188 pub fn initialize_user( 1189 &mut self, 1190 db: &mut KeystoreDB, 1191 legacy_importer: &LegacyImporter, 1192 user_id: UserId, 1193 password: &Password, 1194 allow_existing: bool, 1195 ) -> Result<()> { 1196 // Create the AfterFirstUnlock super key. 1197 if self.super_key_exists_in_db_for_user(db, legacy_importer, user_id)? { 1198 log::info!("AfterFirstUnlock super key already exists"); 1199 if !allow_existing { 1200 return Err(Error::sys()).context(ks_err!("Tried to re-init an initialized user!")); 1201 } 1202 } else { 1203 let super_key = self 1204 .create_super_key(db, user_id, &USER_AFTER_FIRST_UNLOCK_SUPER_KEY, password, None) 1205 .context(ks_err!("Failed to create AfterFirstUnlock super key"))?; 1206 1207 self.install_after_first_unlock_key_for_user(user_id, super_key) 1208 .context(ks_err!("Failed to install AfterFirstUnlock super key for user"))?; 1209 } 1210 1211 // Create the UnlockedDeviceRequired super keys. 1212 self.unlock_unlocked_device_required_keys(db, user_id, password) 1213 .context(ks_err!("Failed to create UnlockedDeviceRequired super keys")) 1214 } 1215 1216 /// Unlocks the given user with the given password. 1217 /// 1218 /// If the user state is BeforeFirstUnlock: 1219 /// - Unlock the user's AfterFirstUnlock super key 1220 /// - Unlock the user's UnlockedDeviceRequired super keys 1221 /// 1222 /// If the user state is AfterFirstUnlock: 1223 /// - Unlock the user's UnlockedDeviceRequired super keys only 1224 /// unlock_user( &mut self, db: &mut KeystoreDB, legacy_importer: &LegacyImporter, user_id: UserId, password: &Password, ) -> Result<()>1225 pub fn unlock_user( 1226 &mut self, 1227 db: &mut KeystoreDB, 1228 legacy_importer: &LegacyImporter, 1229 user_id: UserId, 1230 password: &Password, 1231 ) -> Result<()> { 1232 log::info!("unlock_user(user={user_id})"); 1233 match self.get_user_state(db, legacy_importer, user_id)? { 1234 UserState::AfterFirstUnlock(_) => { 1235 self.unlock_unlocked_device_required_keys(db, user_id, password) 1236 } 1237 UserState::Uninitialized => { 1238 Err(Error::sys()).context(ks_err!("Tried to unlock an uninitialized user!")) 1239 } 1240 UserState::BeforeFirstUnlock => { 1241 let alias = &USER_AFTER_FIRST_UNLOCK_SUPER_KEY; 1242 let result = legacy_importer 1243 .with_try_import_super_key(user_id, password, || { 1244 db.load_super_key(alias, user_id) 1245 }) 1246 .context(ks_err!("Failed to load super key"))?; 1247 1248 match result { 1249 Some((_, entry)) => { 1250 self.populate_cache_from_super_key_blob( 1251 user_id, 1252 alias.algorithm, 1253 entry, 1254 password, 1255 ) 1256 .context(ks_err!("Failed when unlocking user."))?; 1257 self.unlock_unlocked_device_required_keys(db, user_id, password) 1258 } 1259 None => { 1260 Err(Error::sys()).context(ks_err!("Locked user does not have a super key!")) 1261 } 1262 } 1263 } 1264 } 1265 } 1266 } 1267 1268 /// This enum represents different states of the user's life cycle in the device. 1269 /// For now, only three states are defined. More states may be added later. 1270 pub enum UserState { 1271 // The user's super keys exist, and the user has unlocked the device at least once since boot. 1272 // Hence, the AfterFirstUnlock super key is available in the cache. 1273 AfterFirstUnlock(Arc<SuperKey>), 1274 // The user's super keys exist, but the user hasn't unlocked the device at least once since 1275 // boot. Hence, the AfterFirstUnlock and UnlockedDeviceRequired super keys are not available in 1276 // the cache. However, they exist in the database in encrypted form. 1277 BeforeFirstUnlock, 1278 // The user's super keys don't exist. I.e., there's no user with the given user ID, or the user 1279 // is in the process of being created or destroyed. 1280 Uninitialized, 1281 } 1282 1283 /// This enum represents three states a KeyMint Blob can be in, w.r.t super encryption. 1284 /// `Sensitive` holds the non encrypted key and a reference to its super key. 1285 /// `NonSensitive` holds a non encrypted key that is never supposed to be encrypted. 1286 /// `Ref` holds a reference to a key blob when it does not need to be modified if its 1287 /// life time allows it. 1288 pub enum KeyBlob<'a> { 1289 Sensitive { 1290 key: ZVec, 1291 /// If KeyMint reports that the key must be upgraded, we must 1292 /// re-encrypt the key before writing to the database; we use 1293 /// this key. 1294 reencrypt_with: Arc<SuperKey>, 1295 /// If this key was decrypted with an ECDH key, we want to 1296 /// re-encrypt it on first use whether it was upgraded or not; 1297 /// this field indicates that that's necessary. 1298 force_reencrypt: bool, 1299 }, 1300 NonSensitive(Vec<u8>), 1301 Ref(&'a [u8]), 1302 } 1303 1304 impl<'a> KeyBlob<'a> { force_reencrypt(&self) -> bool1305 pub fn force_reencrypt(&self) -> bool { 1306 if let KeyBlob::Sensitive { force_reencrypt, .. } = self { 1307 *force_reencrypt 1308 } else { 1309 false 1310 } 1311 } 1312 } 1313 1314 /// Deref returns a reference to the key material in any variant. 1315 impl<'a> Deref for KeyBlob<'a> { 1316 type Target = [u8]; 1317 deref(&self) -> &Self::Target1318 fn deref(&self) -> &Self::Target { 1319 match self { 1320 Self::Sensitive { key, .. } => key, 1321 Self::NonSensitive(key) => key, 1322 Self::Ref(key) => key, 1323 } 1324 } 1325 } 1326 1327 #[cfg(test)] 1328 mod tests { 1329 use super::*; 1330 use crate::database::tests::make_bootlevel_key_entry; 1331 use crate::database::tests::make_test_key_entry; 1332 use crate::database::tests::new_test_db; 1333 use rand::prelude::*; 1334 const USER_ID: u32 = 0; 1335 const TEST_KEY_ALIAS: &str = "TEST_KEY"; 1336 const TEST_BOOT_KEY_ALIAS: &str = "TEST_BOOT_KEY"; 1337 generate_password_blob() -> Password<'static>1338 pub fn generate_password_blob() -> Password<'static> { 1339 let mut rng = rand::thread_rng(); 1340 let mut password = vec![0u8; 64]; 1341 rng.fill_bytes(&mut password); 1342 1343 let mut zvec = ZVec::new(64).expect("Failed to create ZVec"); 1344 zvec[..].copy_from_slice(&password[..]); 1345 1346 Password::Owned(zvec) 1347 } 1348 setup_test(pw: &Password) -> (Arc<RwLock<SuperKeyManager>>, KeystoreDB, LegacyImporter)1349 fn setup_test(pw: &Password) -> (Arc<RwLock<SuperKeyManager>>, KeystoreDB, LegacyImporter) { 1350 let mut keystore_db = new_test_db().unwrap(); 1351 let mut legacy_importer = LegacyImporter::new(Arc::new(Default::default())); 1352 legacy_importer.set_empty(); 1353 let skm: Arc<RwLock<SuperKeyManager>> = Default::default(); 1354 assert!(skm 1355 .write() 1356 .unwrap() 1357 .init_user(&mut keystore_db, &legacy_importer, USER_ID, pw) 1358 .is_ok()); 1359 (skm, keystore_db, legacy_importer) 1360 } 1361 assert_unlocked( skm: &Arc<RwLock<SuperKeyManager>>, keystore_db: &mut KeystoreDB, legacy_importer: &LegacyImporter, user_id: u32, err_msg: &str, )1362 fn assert_unlocked( 1363 skm: &Arc<RwLock<SuperKeyManager>>, 1364 keystore_db: &mut KeystoreDB, 1365 legacy_importer: &LegacyImporter, 1366 user_id: u32, 1367 err_msg: &str, 1368 ) { 1369 let user_state = 1370 skm.write().unwrap().get_user_state(keystore_db, legacy_importer, user_id).unwrap(); 1371 match user_state { 1372 UserState::AfterFirstUnlock(_) => {} 1373 _ => panic!("{}", err_msg), 1374 } 1375 } 1376 assert_locked( skm: &Arc<RwLock<SuperKeyManager>>, keystore_db: &mut KeystoreDB, legacy_importer: &LegacyImporter, user_id: u32, err_msg: &str, )1377 fn assert_locked( 1378 skm: &Arc<RwLock<SuperKeyManager>>, 1379 keystore_db: &mut KeystoreDB, 1380 legacy_importer: &LegacyImporter, 1381 user_id: u32, 1382 err_msg: &str, 1383 ) { 1384 let user_state = 1385 skm.write().unwrap().get_user_state(keystore_db, legacy_importer, user_id).unwrap(); 1386 match user_state { 1387 UserState::BeforeFirstUnlock => {} 1388 _ => panic!("{}", err_msg), 1389 } 1390 } 1391 assert_uninitialized( skm: &Arc<RwLock<SuperKeyManager>>, keystore_db: &mut KeystoreDB, legacy_importer: &LegacyImporter, user_id: u32, err_msg: &str, )1392 fn assert_uninitialized( 1393 skm: &Arc<RwLock<SuperKeyManager>>, 1394 keystore_db: &mut KeystoreDB, 1395 legacy_importer: &LegacyImporter, 1396 user_id: u32, 1397 err_msg: &str, 1398 ) { 1399 let user_state = 1400 skm.write().unwrap().get_user_state(keystore_db, legacy_importer, user_id).unwrap(); 1401 match user_state { 1402 UserState::Uninitialized => {} 1403 _ => panic!("{}", err_msg), 1404 } 1405 } 1406 1407 #[test] test_init_user()1408 fn test_init_user() { 1409 let pw: Password = generate_password_blob(); 1410 let (skm, mut keystore_db, legacy_importer) = setup_test(&pw); 1411 assert_unlocked( 1412 &skm, 1413 &mut keystore_db, 1414 &legacy_importer, 1415 USER_ID, 1416 "The user was not unlocked after initialization!", 1417 ); 1418 } 1419 1420 #[test] test_unlock_user()1421 fn test_unlock_user() { 1422 let pw: Password = generate_password_blob(); 1423 let (skm, mut keystore_db, legacy_importer) = setup_test(&pw); 1424 assert_unlocked( 1425 &skm, 1426 &mut keystore_db, 1427 &legacy_importer, 1428 USER_ID, 1429 "The user was not unlocked after initialization!", 1430 ); 1431 1432 skm.write().unwrap().data.user_keys.clear(); 1433 assert_locked( 1434 &skm, 1435 &mut keystore_db, 1436 &legacy_importer, 1437 USER_ID, 1438 "Clearing the cache did not lock the user!", 1439 ); 1440 1441 assert!(skm 1442 .write() 1443 .unwrap() 1444 .unlock_user(&mut keystore_db, &legacy_importer, USER_ID, &pw) 1445 .is_ok()); 1446 assert_unlocked( 1447 &skm, 1448 &mut keystore_db, 1449 &legacy_importer, 1450 USER_ID, 1451 "The user did not unlock!", 1452 ); 1453 } 1454 1455 #[test] test_unlock_wrong_password()1456 fn test_unlock_wrong_password() { 1457 let pw: Password = generate_password_blob(); 1458 let wrong_pw: Password = generate_password_blob(); 1459 let (skm, mut keystore_db, legacy_importer) = setup_test(&pw); 1460 assert_unlocked( 1461 &skm, 1462 &mut keystore_db, 1463 &legacy_importer, 1464 USER_ID, 1465 "The user was not unlocked after initialization!", 1466 ); 1467 1468 skm.write().unwrap().data.user_keys.clear(); 1469 assert_locked( 1470 &skm, 1471 &mut keystore_db, 1472 &legacy_importer, 1473 USER_ID, 1474 "Clearing the cache did not lock the user!", 1475 ); 1476 1477 assert!(skm 1478 .write() 1479 .unwrap() 1480 .unlock_user(&mut keystore_db, &legacy_importer, USER_ID, &wrong_pw) 1481 .is_err()); 1482 assert_locked( 1483 &skm, 1484 &mut keystore_db, 1485 &legacy_importer, 1486 USER_ID, 1487 "The user was unlocked with an incorrect password!", 1488 ); 1489 } 1490 1491 #[test] test_unlock_user_idempotent()1492 fn test_unlock_user_idempotent() { 1493 let pw: Password = generate_password_blob(); 1494 let (skm, mut keystore_db, legacy_importer) = setup_test(&pw); 1495 assert_unlocked( 1496 &skm, 1497 &mut keystore_db, 1498 &legacy_importer, 1499 USER_ID, 1500 "The user was not unlocked after initialization!", 1501 ); 1502 1503 skm.write().unwrap().data.user_keys.clear(); 1504 assert_locked( 1505 &skm, 1506 &mut keystore_db, 1507 &legacy_importer, 1508 USER_ID, 1509 "Clearing the cache did not lock the user!", 1510 ); 1511 1512 for _ in 0..5 { 1513 assert!(skm 1514 .write() 1515 .unwrap() 1516 .unlock_user(&mut keystore_db, &legacy_importer, USER_ID, &pw) 1517 .is_ok()); 1518 assert_unlocked( 1519 &skm, 1520 &mut keystore_db, 1521 &legacy_importer, 1522 USER_ID, 1523 "The user did not unlock!", 1524 ); 1525 } 1526 } 1527 test_user_removal(locked: bool)1528 fn test_user_removal(locked: bool) { 1529 let pw: Password = generate_password_blob(); 1530 let (skm, mut keystore_db, legacy_importer) = setup_test(&pw); 1531 assert_unlocked( 1532 &skm, 1533 &mut keystore_db, 1534 &legacy_importer, 1535 USER_ID, 1536 "The user was not unlocked after initialization!", 1537 ); 1538 1539 assert!(make_test_key_entry( 1540 &mut keystore_db, 1541 Domain::APP, 1542 USER_ID.into(), 1543 TEST_KEY_ALIAS, 1544 None 1545 ) 1546 .is_ok()); 1547 assert!(make_bootlevel_key_entry( 1548 &mut keystore_db, 1549 Domain::APP, 1550 USER_ID.into(), 1551 TEST_BOOT_KEY_ALIAS, 1552 false 1553 ) 1554 .is_ok()); 1555 1556 assert!(keystore_db 1557 .key_exists(Domain::APP, USER_ID.into(), TEST_KEY_ALIAS, KeyType::Client) 1558 .unwrap()); 1559 assert!(keystore_db 1560 .key_exists(Domain::APP, USER_ID.into(), TEST_BOOT_KEY_ALIAS, KeyType::Client) 1561 .unwrap()); 1562 1563 if locked { 1564 skm.write().unwrap().data.user_keys.clear(); 1565 assert_locked( 1566 &skm, 1567 &mut keystore_db, 1568 &legacy_importer, 1569 USER_ID, 1570 "Clearing the cache did not lock the user!", 1571 ); 1572 } 1573 1574 assert!(skm 1575 .write() 1576 .unwrap() 1577 .remove_user(&mut keystore_db, &legacy_importer, USER_ID) 1578 .is_ok()); 1579 assert_uninitialized( 1580 &skm, 1581 &mut keystore_db, 1582 &legacy_importer, 1583 USER_ID, 1584 "The user was not removed!", 1585 ); 1586 1587 assert!(!skm 1588 .write() 1589 .unwrap() 1590 .super_key_exists_in_db_for_user(&mut keystore_db, &legacy_importer, USER_ID) 1591 .unwrap()); 1592 1593 assert!(!keystore_db 1594 .key_exists(Domain::APP, USER_ID.into(), TEST_KEY_ALIAS, KeyType::Client) 1595 .unwrap()); 1596 assert!(!keystore_db 1597 .key_exists(Domain::APP, USER_ID.into(), TEST_BOOT_KEY_ALIAS, KeyType::Client) 1598 .unwrap()); 1599 } 1600 test_user_reset(locked: bool)1601 fn test_user_reset(locked: bool) { 1602 let pw: Password = generate_password_blob(); 1603 let (skm, mut keystore_db, legacy_importer) = setup_test(&pw); 1604 assert_unlocked( 1605 &skm, 1606 &mut keystore_db, 1607 &legacy_importer, 1608 USER_ID, 1609 "The user was not unlocked after initialization!", 1610 ); 1611 1612 assert!(make_test_key_entry( 1613 &mut keystore_db, 1614 Domain::APP, 1615 USER_ID.into(), 1616 TEST_KEY_ALIAS, 1617 None 1618 ) 1619 .is_ok()); 1620 assert!(make_bootlevel_key_entry( 1621 &mut keystore_db, 1622 Domain::APP, 1623 USER_ID.into(), 1624 TEST_BOOT_KEY_ALIAS, 1625 false 1626 ) 1627 .is_ok()); 1628 assert!(keystore_db 1629 .key_exists(Domain::APP, USER_ID.into(), TEST_KEY_ALIAS, KeyType::Client) 1630 .unwrap()); 1631 assert!(keystore_db 1632 .key_exists(Domain::APP, USER_ID.into(), TEST_BOOT_KEY_ALIAS, KeyType::Client) 1633 .unwrap()); 1634 1635 if locked { 1636 skm.write().unwrap().data.user_keys.clear(); 1637 assert_locked( 1638 &skm, 1639 &mut keystore_db, 1640 &legacy_importer, 1641 USER_ID, 1642 "Clearing the cache did not lock the user!", 1643 ); 1644 assert!(skm 1645 .write() 1646 .unwrap() 1647 .reset_user(&mut keystore_db, &legacy_importer, USER_ID) 1648 .is_err()); 1649 assert_locked( 1650 &skm, 1651 &mut keystore_db, 1652 &legacy_importer, 1653 USER_ID, 1654 "User state should not have changed!", 1655 ); 1656 1657 // Keys should still exist. 1658 assert!(keystore_db 1659 .key_exists(Domain::APP, USER_ID.into(), TEST_KEY_ALIAS, KeyType::Client) 1660 .unwrap()); 1661 assert!(keystore_db 1662 .key_exists(Domain::APP, USER_ID.into(), TEST_BOOT_KEY_ALIAS, KeyType::Client) 1663 .unwrap()); 1664 } else { 1665 assert!(skm 1666 .write() 1667 .unwrap() 1668 .reset_user(&mut keystore_db, &legacy_importer, USER_ID) 1669 .is_ok()); 1670 assert_uninitialized( 1671 &skm, 1672 &mut keystore_db, 1673 &legacy_importer, 1674 USER_ID, 1675 "The user was not reset!", 1676 ); 1677 assert!(!skm 1678 .write() 1679 .unwrap() 1680 .super_key_exists_in_db_for_user(&mut keystore_db, &legacy_importer, USER_ID) 1681 .unwrap()); 1682 1683 // Auth bound key should no longer exist. 1684 assert!(!keystore_db 1685 .key_exists(Domain::APP, USER_ID.into(), TEST_KEY_ALIAS, KeyType::Client) 1686 .unwrap()); 1687 assert!(keystore_db 1688 .key_exists(Domain::APP, USER_ID.into(), TEST_BOOT_KEY_ALIAS, KeyType::Client) 1689 .unwrap()); 1690 } 1691 } 1692 1693 #[test] test_remove_unlocked_user()1694 fn test_remove_unlocked_user() { 1695 test_user_removal(false); 1696 } 1697 1698 #[test] test_remove_locked_user()1699 fn test_remove_locked_user() { 1700 test_user_removal(true); 1701 } 1702 1703 #[test] test_reset_unlocked_user()1704 fn test_reset_unlocked_user() { 1705 test_user_reset(false); 1706 } 1707 1708 #[test] test_reset_locked_user()1709 fn test_reset_locked_user() { 1710 test_user_reset(true); 1711 } 1712 } 1713