Home | History | Annotate | Download | only in keystore 
      1 /*
      2  * Copyright (C) 2016 The Android Open Source Project
      3  *
      4  * Licensed under the Apache License, Version 2.0 (the "License");
      5  * you may not use this file except in compliance with the License.
      6  * You may obtain a copy of the License at
      7  *
      8  *      http://www.apache.org/licenses/LICENSE-2.0
      9  *
     10  * Unless required by applicable law or agreed to in writing, software
     11  * distributed under the License is distributed on an "AS IS" BASIS,
     12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     13  * See the License for the specific language governing permissions and
     14  * limitations under the License.
     15  */
     16 
     17 #ifndef KEYSTORE_KEYSTORE_SERVICE_H_
     18 #define KEYSTORE_KEYSTORE_SERVICE_H_
     19 
     20 #include <keystore/IKeystoreService.h>
     21 
     22 #include <keystore/authorization_set.h>
     23 
     24 #include "auth_token_table.h"
     25 #include "keystore.h"
     26 #include "keystore_keymaster_enforcement.h"
     27 #include "operation.h"
     28 #include "permissions.h"
     29 
     30 namespace keystore {
     31 
     32 class KeyStoreService : public android::BnKeystoreService, public android::IBinder::DeathRecipient {
     33     typedef ::android::sp<::android::hardware::keymaster::V3_0::IKeymasterDevice> km_device_t;
     34 
     35   public:
     36     explicit KeyStoreService(KeyStore* keyStore) : mKeyStore(keyStore), mOperationMap(this) {}
     37 
     38     void binderDied(const android::wp<android::IBinder>& who);
     39 
     40     KeyStoreServiceReturnCode getState(int32_t userId) override;
     41 
     42     KeyStoreServiceReturnCode get(const android::String16& name, int32_t uid,
     43                                   hidl_vec<uint8_t>* item) override;
     44     KeyStoreServiceReturnCode insert(const android::String16& name, const hidl_vec<uint8_t>& item,
     45                                      int targetUid, int32_t flags) override;
     46     KeyStoreServiceReturnCode del(const android::String16& name, int targetUid) override;
     47     KeyStoreServiceReturnCode exist(const android::String16& name, int targetUid) override;
     48     KeyStoreServiceReturnCode list(const android::String16& prefix, int targetUid,
     49                                    android::Vector<android::String16>* matches) override;
     50 
     51     KeyStoreServiceReturnCode reset() override;
     52 
     53     KeyStoreServiceReturnCode onUserPasswordChanged(int32_t userId,
     54                                                     const android::String16& password) override;
     55     KeyStoreServiceReturnCode onUserAdded(int32_t userId, int32_t parentId) override;
     56     KeyStoreServiceReturnCode onUserRemoved(int32_t userId) override;
     57 
     58     KeyStoreServiceReturnCode lock(int32_t userId) override;
     59     KeyStoreServiceReturnCode unlock(int32_t userId, const android::String16& pw) override;
     60 
     61     bool isEmpty(int32_t userId) override;
     62 
     63     KeyStoreServiceReturnCode
     64     generate(const android::String16& name, int32_t targetUid, int32_t keyType, int32_t keySize,
     65              int32_t flags, android::Vector<android::sp<android::KeystoreArg>>* args) override;
     66     KeyStoreServiceReturnCode import(const android::String16& name, const hidl_vec<uint8_t>& data,
     67                                      int targetUid, int32_t flags) override;
     68     KeyStoreServiceReturnCode sign(const android::String16& name, const hidl_vec<uint8_t>& data,
     69                                    hidl_vec<uint8_t>* out) override;
     70     KeyStoreServiceReturnCode verify(const android::String16& name, const hidl_vec<uint8_t>& data,
     71                                      const hidl_vec<uint8_t>& signature) override;
     72 
     73     /*
     74      * TODO: The abstraction between things stored in hardware and regular blobs
     75      * of data stored on the filesystem should be moved down to keystore itself.
     76      * Unfortunately the Java code that calls this has naming conventions that it
     77      * knows about. Ideally keystore shouldn't be used to store random blobs of
     78      * data.
     79      *
     80      * Until that happens, it's necessary to have a separate "get_pubkey" and
     81      * "del_key" since the Java code doesn't really communicate what it's
     82      * intentions are.
     83      */
     84     KeyStoreServiceReturnCode get_pubkey(const android::String16& name,
     85                                          hidl_vec<uint8_t>* pubKey) override;
     86 
     87     KeyStoreServiceReturnCode grant(const android::String16& name, int32_t granteeUid) override;
     88     KeyStoreServiceReturnCode ungrant(const android::String16& name, int32_t granteeUid) override;
     89 
     90     int64_t getmtime(const android::String16& name, int32_t uid) override;
     91 
     92     KeyStoreServiceReturnCode duplicate(const android::String16& srcKey, int32_t srcUid,
     93                                         const android::String16& destKey, int32_t destUid) override;
     94 
     95     int32_t is_hardware_backed(const android::String16& keyType) override;
     96 
     97     KeyStoreServiceReturnCode clear_uid(int64_t targetUid64) override;
     98 
     99     KeyStoreServiceReturnCode addRngEntropy(const hidl_vec<uint8_t>& entropy) override;
    100     KeyStoreServiceReturnCode generateKey(const android::String16& name,
    101                                           const hidl_vec<KeyParameter>& params,
    102                                           const hidl_vec<uint8_t>& entropy, int uid, int flags,
    103                                           KeyCharacteristics* outCharacteristics) override;
    104     KeyStoreServiceReturnCode
    105     getKeyCharacteristics(const android::String16& name, const hidl_vec<uint8_t>& clientId,
    106                           const hidl_vec<uint8_t>& appData, int32_t uid,
    107                           KeyCharacteristics* outCharacteristics) override;
    108     KeyStoreServiceReturnCode importKey(const android::String16& name,
    109                                         const hidl_vec<KeyParameter>& params, KeyFormat format,
    110                                         const hidl_vec<uint8_t>& keyData, int uid, int flags,
    111                                         KeyCharacteristics* outCharacteristics) override;
    112     void exportKey(const android::String16& name, KeyFormat format,
    113                    const hidl_vec<uint8_t>& clientId, const hidl_vec<uint8_t>& appData, int32_t uid,
    114                    android::ExportResult* result) override;
    115     void begin(const sp<android::IBinder>& appToken, const android::String16& name,
    116                KeyPurpose purpose, bool pruneable, const hidl_vec<KeyParameter>& params,
    117                const hidl_vec<uint8_t>& entropy, int32_t uid,
    118                android::OperationResult* result) override;
    119     void update(const sp<android::IBinder>& token, const hidl_vec<KeyParameter>& params,
    120                 const hidl_vec<uint8_t>& data, android::OperationResult* result) override;
    121     void finish(const sp<android::IBinder>& token, const hidl_vec<KeyParameter>& params,
    122                 const hidl_vec<uint8_t>& signature, const hidl_vec<uint8_t>& entropy,
    123                 android::OperationResult* result) override;
    124     KeyStoreServiceReturnCode abort(const sp<android::IBinder>& token) override;
    125 
    126     bool isOperationAuthorized(const sp<android::IBinder>& token) override;
    127 
    128     KeyStoreServiceReturnCode addAuthToken(const uint8_t* token, size_t length) override;
    129 
    130     KeyStoreServiceReturnCode attestKey(const android::String16& name,
    131                                         const hidl_vec<KeyParameter>& params,
    132                                         hidl_vec<hidl_vec<uint8_t>>* outChain) override;
    133 
    134     KeyStoreServiceReturnCode attestDeviceIds(const hidl_vec<KeyParameter>& params,
    135                                               hidl_vec<hidl_vec<uint8_t>>* outChain) override;
    136 
    137     KeyStoreServiceReturnCode onDeviceOffBody() override;
    138 
    139   private:
    140     static const int32_t UID_SELF = -1;
    141 
    142     /**
    143      * Prune the oldest pruneable operation.
    144      */
    145     bool pruneOperation();
    146 
    147     /**
    148      * Get the effective target uid for a binder operation that takes an
    149      * optional uid as the target.
    150      */
    151     uid_t getEffectiveUid(int32_t targetUid);
    152 
    153     /**
    154      * Check if the caller of the current binder method has the required
    155      * permission and if acting on other uids the grants to do so.
    156      */
    157     bool checkBinderPermission(perm_t permission, int32_t targetUid = UID_SELF);
    158 
    159     /**
    160      * Check if the caller of the current binder method has the required
    161      * permission and the target uid is the caller or the caller is system.
    162      */
    163     bool checkBinderPermissionSelfOrSystem(perm_t permission, int32_t targetUid);
    164 
    165     /**
    166      * Check if the caller of the current binder method has the required
    167      * permission or the target of the operation is the caller's uid. This is
    168      * for operation where the permission is only for cross-uid activity and all
    169      * uids are allowed to act on their own (ie: clearing all entries for a
    170      * given uid).
    171      */
    172     bool checkBinderPermissionOrSelfTarget(perm_t permission, int32_t targetUid);
    173 
    174     /**
    175      * Helper method to check that the caller has the required permission as
    176      * well as the keystore is in the unlocked state if checkUnlocked is true.
    177      *
    178      * Returns NO_ERROR on success, PERMISSION_DENIED on a permission error and
    179      * otherwise the state of keystore when not unlocked and checkUnlocked is
    180      * true.
    181      */
    182     KeyStoreServiceReturnCode checkBinderPermissionAndKeystoreState(perm_t permission,
    183                                                                     int32_t targetUid = -1,
    184                                                                     bool checkUnlocked = true);
    185 
    186     bool isKeystoreUnlocked(State state);
    187 
    188     /**
    189      * Check that all keymaster_key_param_t's provided by the application are
    190      * allowed. Any parameter that keystore adds itself should be disallowed here.
    191      */
    192     bool checkAllowedOperationParams(const hidl_vec<KeyParameter>& params);
    193 
    194     ErrorCode getOperationCharacteristics(const hidl_vec<uint8_t>& key, km_device_t* dev,
    195                                           const AuthorizationSet& params, KeyCharacteristics* out);
    196 
    197     /**
    198      * Get the auth token for this operation from the auth token table.
    199      *
    200      * Returns ::NO_ERROR if the auth token was set or none was required.
    201      *         ::OP_AUTH_NEEDED if it is a per op authorization, no
    202      *         authorization token exists for that operation and
    203      *         failOnTokenMissing is false.
    204      *         KM_ERROR_KEY_USER_NOT_AUTHENTICATED if there is no valid auth
    205      *         token for the operation
    206      */
    207     KeyStoreServiceReturnCode getAuthToken(const KeyCharacteristics& characteristics,
    208                                            uint64_t handle, KeyPurpose purpose,
    209                                            const HardwareAuthToken** authToken,
    210                                            bool failOnTokenMissing = true);
    211 
    212     /**
    213      * Add the auth token for the operation to the param list if the operation
    214      * requires authorization. Uses the cached result in the OperationMap if available
    215      * otherwise gets the token from the AuthTokenTable and caches the result.
    216      *
    217      * Returns ::NO_ERROR if the auth token was added or not needed.
    218      *         KM_ERROR_KEY_USER_NOT_AUTHENTICATED if the operation is not
    219      *         authenticated.
    220      *         KM_ERROR_INVALID_OPERATION_HANDLE if token is not a valid
    221      *         operation token.
    222      */
    223     KeyStoreServiceReturnCode addOperationAuthTokenIfNeeded(const sp<android::IBinder>& token,
    224                                                             AuthorizationSet* params);
    225 
    226     /**
    227      * Translate a result value to a legacy return value. All keystore errors are
    228      * preserved and keymaster errors become SYSTEM_ERRORs
    229      */
    230     KeyStoreServiceReturnCode translateResultToLegacyResult(int32_t result);
    231 
    232     void addLegacyBeginParams(const android::String16& name, AuthorizationSet* params);
    233 
    234     KeyStoreServiceReturnCode doLegacySignVerify(const android::String16& name,
    235                                                  const hidl_vec<uint8_t>& data,
    236                                                  hidl_vec<uint8_t>* out,
    237                                                  const hidl_vec<uint8_t>& signature,
    238                                                  KeyPurpose purpose);
    239 
    240     /**
    241      * Upgrade a key blob under alias "name", returning the new blob in "blob".  If "blob"
    242      * previously contained data, it will be overwritten.
    243      *
    244      * Returns ::NO_ERROR if the key was upgraded successfully.
    245      *         KM_ERROR_VERSION_MISMATCH if called on a key whose patch level is greater than or
    246      *         equal to the current system patch level.
    247      */
    248     KeyStoreServiceReturnCode upgradeKeyBlob(const android::String16& name, uid_t targetUid,
    249                                              const AuthorizationSet& params, Blob* blob);
    250 
    251     ::KeyStore* mKeyStore;
    252     OperationMap mOperationMap;
    253     keystore::AuthTokenTable mAuthTokenTable;
    254     KeystoreKeymasterEnforcement enforcement_policy;
    255 };
    256 
    257 };  // namespace keystore
    258 
    259 #endif  // KEYSTORE_KEYSTORE_SERVICE_H_
    260