1 /* 2 * Copyright (C) 2016 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #define LOG_TAG "keystore" 18 19 #include "KeyStore.h" 20 21 #include <dirent.h> 22 #include <fcntl.h> 23 24 #include <openssl/bio.h> 25 26 #include <utils/String16.h> 27 #include <utils/String8.h> 28 29 #include <android-base/scopeguard.h> 30 #include <android/hardware/keymaster/3.0/IKeymasterDevice.h> 31 #include <android/security/IKeystoreService.h> 32 #include <log/log_event_list.h> 33 34 #include <private/android_logger.h> 35 36 #include "keystore_utils.h" 37 #include "permissions.h" 38 #include <keystore/keystore_hidl_support.h> 39 40 namespace keystore { 41 42 const char* KeyStore::kOldMasterKey = ".masterkey"; 43 const char* KeyStore::kMetaDataFile = ".metadata"; 44 45 const android::String16 KeyStore::kRsaKeyType("RSA"); 46 const android::String16 KeyStore::kEcKeyType("EC"); 47 48 using android::String8; 49 50 sp<Keymaster>& KeymasterDevices::operator[](SecurityLevel secLevel) { 51 static_assert(uint32_t(SecurityLevel::SOFTWARE) == 0 && 52 uint32_t(SecurityLevel::TRUSTED_ENVIRONMENT) == 1 && 53 uint32_t(SecurityLevel::STRONGBOX) == 2, 54 "Numeric values of security levels have changed"); 55 return at(static_cast<uint32_t>(secLevel)); 56 } 57 58 sp<Keymaster> KeymasterDevices::operator[](SecurityLevel secLevel) const { 59 if (static_cast<uint32_t>(secLevel) > static_cast<uint32_t>(SecurityLevel::STRONGBOX)) { 60 LOG(ERROR) << "Invalid security level requested"; 61 return nullptr; 62 } 63 return (*const_cast<KeymasterDevices*>(this))[secLevel]; 64 } 65 66 KeyStore::KeyStore(Entropy* entropy, const KeymasterDevices& kmDevices, 67 SecurityLevel minimalAllowedSecurityLevelForNewKeys) 68 : mEntropy(entropy), mKmDevices(kmDevices), 69 mAllowNewFallback(minimalAllowedSecurityLevelForNewKeys == SecurityLevel::SOFTWARE) { 70 memset(&mMetaData, '\0', sizeof(mMetaData)); 71 } 72 73 KeyStore::~KeyStore() { 74 for (android::Vector<UserState*>::iterator it(mMasterKeys.begin()); it != mMasterKeys.end(); 75 it++) { 76 delete *it; 77 } 78 mMasterKeys.clear(); 79 } 80 81 ResponseCode KeyStore::initialize() { 82 readMetaData(); 83 if (upgradeKeystore()) { 84 writeMetaData(); 85 } 86 87 return ResponseCode::NO_ERROR; 88 } 89 90 ResponseCode KeyStore::initializeUser(const android::String8& pw, uid_t userId) { 91 UserState* userState = getUserState(userId); 92 return userState->initialize(pw, mEntropy); 93 } 94 95 ResponseCode KeyStore::copyMasterKey(uid_t srcUser, uid_t dstUser) { 96 UserState* userState = getUserState(dstUser); 97 UserState* initState = getUserState(srcUser); 98 return userState->copyMasterKey(initState); 99 } 100 101 ResponseCode KeyStore::writeMasterKey(const android::String8& pw, uid_t userId) { 102 UserState* userState = getUserState(userId); 103 return userState->writeMasterKey(pw, mEntropy); 104 } 105 106 ResponseCode KeyStore::readMasterKey(const android::String8& pw, uid_t userId) { 107 UserState* userState = getUserState(userId); 108 return userState->readMasterKey(pw, mEntropy); 109 } 110 111 /* Here is the encoding of keys. This is necessary in order to allow arbitrary 112 * characters in keys. Characters in [0-~] are not encoded. Others are encoded 113 * into two bytes. The first byte is one of [+-.] which represents the first 114 * two bits of the character. The second byte encodes the rest of the bits into 115 * [0-o]. Therefore in the worst case the length of a key gets doubled. Note 116 * that Base64 cannot be used here due to the need of prefix match on keys. */ 117 118 static size_t encode_key_length(const android::String8& keyName) { 119 const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string()); 120 size_t length = keyName.length(); 121 for (int i = length; i > 0; --i, ++in) { 122 if (*in < '0' || *in > '~') { 123 ++length; 124 } 125 } 126 return length; 127 } 128 129 static int encode_key(char* out, const android::String8& keyName) { 130 const uint8_t* in = reinterpret_cast<const uint8_t*>(keyName.string()); 131 size_t length = keyName.length(); 132 for (int i = length; i > 0; --i, ++in, ++out) { 133 if (*in < '0' || *in > '~') { 134 *out = '+' + (*in >> 6); 135 *++out = '0' + (*in & 0x3F); 136 ++length; 137 } else { 138 *out = *in; 139 } 140 } 141 *out = '\0'; 142 return length; 143 } 144 145 android::String8 KeyStore::getKeyName(const android::String8& keyName, const BlobType type) { 146 std::vector<char> encoded(encode_key_length(keyName) + 1); // add 1 for null char 147 encode_key(encoded.data(), keyName); 148 if (type == TYPE_KEY_CHARACTERISTICS) { 149 return android::String8::format(".chr_%s", encoded.data()); 150 } else { 151 return android::String8(encoded.data()); 152 } 153 } 154 155 android::String8 KeyStore::getKeyNameForUid(const android::String8& keyName, uid_t uid, 156 const BlobType type) { 157 std::vector<char> encoded(encode_key_length(keyName) + 1); // add 1 for null char 158 encode_key(encoded.data(), keyName); 159 if (type == TYPE_KEY_CHARACTERISTICS) { 160 return android::String8::format(".%u_chr_%s", uid, encoded.data()); 161 } else { 162 return android::String8::format("%u_%s", uid, encoded.data()); 163 } 164 } 165 166 android::String8 KeyStore::getKeyNameForUidWithDir(const android::String8& keyName, uid_t uid, 167 const BlobType type) { 168 std::vector<char> encoded(encode_key_length(keyName) + 1); // add 1 for null char 169 encode_key(encoded.data(), keyName); 170 171 if (type == TYPE_KEY_CHARACTERISTICS) { 172 return android::String8::format("%s/.%u_chr_%s", getUserStateByUid(uid)->getUserDirName(), 173 uid, encoded.data()); 174 } else { 175 return android::String8::format("%s/%u_%s", getUserStateByUid(uid)->getUserDirName(), uid, 176 encoded.data()); 177 } 178 } 179 180 NullOr<android::String8> KeyStore::getBlobFileNameIfExists(const android::String8& alias, uid_t uid, 181 const BlobType type) { 182 android::String8 filepath8(getKeyNameForUidWithDir(alias, uid, type)); 183 184 if (!access(filepath8.string(), R_OK | W_OK)) return filepath8; 185 186 // If this is one of the legacy UID->UID mappings, use it. 187 uid_t euid = get_keystore_euid(uid); 188 if (euid != uid) { 189 filepath8 = getKeyNameForUidWithDir(alias, euid, type); 190 if (!access(filepath8.string(), R_OK | W_OK)) return filepath8; 191 } 192 193 // They might be using a granted key. 194 auto grant = mGrants.get(uid, alias.string()); 195 if (grant) { 196 filepath8 = String8::format( 197 "%s/%s", grant->owner_dir_name_.c_str(), 198 getKeyNameForUid(String8(grant->alias_.c_str()), grant->owner_uid_, type).c_str()); 199 if (!access(filepath8.string(), R_OK | W_OK)) return filepath8; 200 } 201 return {}; 202 } 203 204 void KeyStore::resetUser(uid_t userId, bool keepUnenryptedEntries) { 205 android::String8 prefix(""); 206 android::Vector<android::String16> aliases; 207 UserState* userState = getUserState(userId); 208 if (list(prefix, &aliases, userId) != ResponseCode::NO_ERROR) { 209 return; 210 } 211 for (uint32_t i = 0; i < aliases.size(); i++) { 212 android::String8 filename(aliases[i]); 213 filename = android::String8::format("%s/%s", userState->getUserDirName(), 214 getKeyName(filename, TYPE_ANY).string()); 215 bool shouldDelete = true; 216 if (keepUnenryptedEntries) { 217 Blob blob; 218 ResponseCode rc = get(filename, &blob, ::TYPE_ANY, userId); 219 220 switch (rc) { 221 case ResponseCode::SYSTEM_ERROR: 222 case ResponseCode::VALUE_CORRUPTED: 223 // If we can't read blobs, delete them. 224 shouldDelete = true; 225 break; 226 227 case ResponseCode::NO_ERROR: 228 case ResponseCode::LOCKED: 229 // Delete encrypted blobs but keep unencrypted blobs and super-encrypted blobs. We 230 // need to keep super-encrypted blobs so we can report that the user is 231 // unauthenticated if a caller tries to use them, rather than reporting that they 232 // don't exist. 233 shouldDelete = blob.isEncrypted(); 234 break; 235 236 default: 237 ALOGE("Got unexpected return code %d from KeyStore::get()", rc); 238 // This shouldn't happen. To be on the safe side, delete it. 239 shouldDelete = true; 240 break; 241 } 242 } 243 if (shouldDelete) { 244 del(filename, ::TYPE_ANY, userId); 245 246 // del() will fail silently if no cached characteristics are present for this alias. 247 android::String8 chr_filename(aliases[i]); 248 chr_filename = android::String8::format( 249 "%s/%s", userState->getUserDirName(), 250 getKeyName(chr_filename, TYPE_KEY_CHARACTERISTICS).string()); 251 del(chr_filename, ::TYPE_KEY_CHARACTERISTICS, userId); 252 } 253 } 254 if (!userState->deleteMasterKey()) { 255 ALOGE("Failed to delete user %d's master key", userId); 256 } 257 if (!keepUnenryptedEntries) { 258 if (!userState->reset()) { 259 ALOGE("Failed to remove user %d's directory", userId); 260 } 261 } 262 } 263 264 bool KeyStore::isEmpty(uid_t userId) const { 265 const UserState* userState = getUserState(userId); 266 if (userState == NULL) { 267 return true; 268 } 269 270 DIR* dir = opendir(userState->getUserDirName()); 271 if (!dir) { 272 return true; 273 } 274 275 bool result = true; 276 struct dirent* file; 277 while ((file = readdir(dir)) != NULL) { 278 // We only care about files. 279 if (file->d_type != DT_REG) { 280 continue; 281 } 282 283 // Skip anything that starts with a "." 284 if (file->d_name[0] == '.') { 285 continue; 286 } 287 288 result = false; 289 break; 290 } 291 closedir(dir); 292 return result; 293 } 294 295 void KeyStore::lock(uid_t userId) { 296 UserState* userState = getUserState(userId); 297 userState->zeroizeMasterKeysInMemory(); 298 userState->setState(STATE_LOCKED); 299 } 300 301 static void maybeLogKeyIntegrityViolation(const char* filename, const BlobType type); 302 303 ResponseCode KeyStore::get(const char* filename, Blob* keyBlob, const BlobType type, uid_t userId) { 304 UserState* userState = getUserState(userId); 305 ResponseCode rc; 306 307 auto logOnScopeExit = android::base::make_scope_guard([&] { 308 if (rc == ResponseCode::VALUE_CORRUPTED) { 309 maybeLogKeyIntegrityViolation(filename, type); 310 } 311 }); 312 313 rc = keyBlob->readBlob(filename, userState->getEncryptionKey(), userState->getState()); 314 if (rc != ResponseCode::NO_ERROR) { 315 return rc; 316 } 317 318 const uint8_t version = keyBlob->getVersion(); 319 if (version < CURRENT_BLOB_VERSION) { 320 /* If we upgrade the key, we need to write it to disk again. Then 321 * it must be read it again since the blob is encrypted each time 322 * it's written. 323 */ 324 if (upgradeBlob(filename, keyBlob, version, type, userId)) { 325 if ((rc = this->put(filename, keyBlob, userId)) != ResponseCode::NO_ERROR || 326 (rc = keyBlob->readBlob(filename, userState->getEncryptionKey(), 327 userState->getState())) != ResponseCode::NO_ERROR) { 328 return rc; 329 } 330 } 331 } 332 333 /* 334 * This will upgrade software-backed keys to hardware-backed keys. 335 */ 336 if (rc == ResponseCode::NO_ERROR && type == TYPE_KEY_PAIR && keyBlob->isFallback()) { 337 ResponseCode imported = 338 importKey(keyBlob->getValue(), keyBlob->getLength(), filename, userId, 339 keyBlob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); 340 341 // The HAL allowed the import, reget the key to have the "fresh" version. 342 if (imported == ResponseCode::NO_ERROR) { 343 rc = get(filename, keyBlob, TYPE_KEY_PAIR, userId); 344 } 345 } 346 347 // Keymaster 0.3 keys are valid keymaster 1.0 keys, so silently upgrade. 348 if (keyBlob->getType() == TYPE_KEY_PAIR) { 349 keyBlob->setType(TYPE_KEYMASTER_10); 350 rc = this->put(filename, keyBlob, userId); 351 } 352 353 if (type != TYPE_ANY && keyBlob->getType() != type) { 354 ALOGW("key found but type doesn't match: %d vs %d", keyBlob->getType(), type); 355 return ResponseCode::KEY_NOT_FOUND; 356 } 357 358 return rc; 359 } 360 361 ResponseCode KeyStore::put(const char* filename, Blob* keyBlob, uid_t userId) { 362 UserState* userState = getUserState(userId); 363 return keyBlob->writeBlob(filename, userState->getEncryptionKey(), userState->getState(), 364 mEntropy); 365 } 366 367 static NullOr<std::tuple<uid_t, std::string>> filename2UidAlias(const std::string& filename); 368 369 ResponseCode KeyStore::del(const char* filename, const BlobType type, uid_t userId) { 370 Blob keyBlob; 371 auto uidAlias = filename2UidAlias(filename); 372 uid_t uid; 373 std::string alias; 374 if (uidAlias.isOk()) { 375 std::tie(uid, alias) = std::move(uidAlias).value(); 376 } 377 ResponseCode rc = get(filename, &keyBlob, type, userId); 378 if (rc == ResponseCode::VALUE_CORRUPTED) { 379 // The file is corrupt, the best we can do is rm it. 380 if (uidAlias.isOk()) { 381 // remove possible grants 382 mGrants.removeAllGrantsToKey(uid, alias); 383 } 384 return (unlink(filename) && errno != ENOENT) ? ResponseCode::SYSTEM_ERROR 385 : ResponseCode::NO_ERROR; 386 } 387 if (rc != ResponseCode::NO_ERROR) { 388 return rc; 389 } 390 391 auto dev = getDevice(keyBlob); 392 393 if (keyBlob.getType() == ::TYPE_KEY_PAIR || keyBlob.getType() == ::TYPE_KEYMASTER_10) { 394 auto ret = KS_HANDLE_HIDL_ERROR(dev->deleteKey(blob2hidlVec(keyBlob))); 395 396 // A device doesn't have to implement delete_key. 397 bool success = ret == ErrorCode::OK || ret == ErrorCode::UNIMPLEMENTED; 398 if (__android_log_security() && uidAlias.isOk()) { 399 android_log_event_list(SEC_TAG_KEY_DESTROYED) 400 << int32_t(success) << alias << int32_t(uid) << LOG_ID_SECURITY; 401 } 402 if (!success) return ResponseCode::SYSTEM_ERROR; 403 } 404 405 rc = 406 (unlink(filename) && errno != ENOENT) ? ResponseCode::SYSTEM_ERROR : ResponseCode::NO_ERROR; 407 408 if (rc == ResponseCode::NO_ERROR && keyBlob.getType() != ::TYPE_KEY_CHARACTERISTICS) { 409 // now that we have successfully deleted a key, let's make sure there are no stale grants 410 if (uidAlias.isOk()) { 411 mGrants.removeAllGrantsToKey(uid, alias); 412 } 413 } 414 return rc; 415 } 416 417 /* 418 * Converts from the "escaped" format on disk to actual name. 419 * This will be smaller than the input string. 420 * 421 * Characters that should combine with the next at the end will be truncated. 422 */ 423 static size_t decode_key_length(const char* in, size_t length) { 424 size_t outLength = 0; 425 426 for (const char* end = in + length; in < end; in++) { 427 /* This combines with the next character. */ 428 if (*in < '0' || *in > '~') { 429 continue; 430 } 431 432 outLength++; 433 } 434 return outLength; 435 } 436 437 static void decode_key(char* out, const char* in, size_t length) { 438 for (const char* end = in + length; in < end; in++) { 439 if (*in < '0' || *in > '~') { 440 /* Truncate combining characters at the end. */ 441 if (in + 1 >= end) { 442 break; 443 } 444 445 *out = (*in++ - '+') << 6; 446 *out++ |= (*in - '0') & 0x3F; 447 } else { 448 *out++ = *in; 449 } 450 } 451 *out = '\0'; 452 } 453 454 static NullOr<std::tuple<uid_t, std::string>> filename2UidAlias(const std::string& filepath) { 455 auto filenamebase = filepath.find_last_of('/'); 456 std::string filename = 457 filenamebase == std::string::npos ? filepath : filepath.substr(filenamebase + 1); 458 459 if (filename[0] == '.') return {}; 460 461 auto sep = filename.find('_'); 462 if (sep == std::string::npos) return {}; 463 464 std::stringstream s(filename.substr(0, sep)); 465 uid_t uid; 466 s >> uid; 467 if (!s) return {}; 468 469 auto alias = filename.substr(sep + 1); 470 471 std::vector<char> alias_buffer(decode_key_length(alias.c_str(), alias.size()) + 1); 472 473 decode_key(alias_buffer.data(), alias.c_str(), alias.size()); 474 return std::tuple<uid_t, std::string>(uid, alias_buffer.data()); 475 } 476 477 ResponseCode KeyStore::list(const android::String8& prefix, 478 android::Vector<android::String16>* matches, uid_t userId) { 479 480 UserState* userState = getUserState(userId); 481 size_t n = prefix.length(); 482 483 DIR* dir = opendir(userState->getUserDirName()); 484 if (!dir) { 485 ALOGW("can't open directory for user: %s", strerror(errno)); 486 return ResponseCode::SYSTEM_ERROR; 487 } 488 489 struct dirent* file; 490 while ((file = readdir(dir)) != NULL) { 491 // We only care about files. 492 if (file->d_type != DT_REG) { 493 continue; 494 } 495 496 // Skip anything that starts with a "." 497 if (file->d_name[0] == '.') { 498 continue; 499 } 500 501 if (!strncmp(prefix.string(), file->d_name, n)) { 502 const char* p = &file->d_name[n]; 503 size_t plen = strlen(p); 504 505 size_t extra = decode_key_length(p, plen); 506 char* match = (char*)malloc(extra + 1); 507 if (match != NULL) { 508 decode_key(match, p, plen); 509 matches->push(android::String16(match, extra)); 510 free(match); 511 } else { 512 ALOGW("could not allocate match of size %zd", extra); 513 } 514 } 515 } 516 closedir(dir); 517 return ResponseCode::NO_ERROR; 518 } 519 520 std::string KeyStore::addGrant(const char* alias, uid_t granterUid, uid_t granteeUid) { 521 return mGrants.put(granteeUid, alias, getUserStateByUid(granterUid)->getUserDirName(), 522 granterUid); 523 } 524 525 bool KeyStore::removeGrant(const char* alias, const uid_t granterUid, const uid_t granteeUid) { 526 return mGrants.removeByFileAlias(granteeUid, granterUid, alias); 527 } 528 void KeyStore::removeAllGrantsToUid(const uid_t granteeUid) { 529 mGrants.removeAllGrantsToUid(granteeUid); 530 } 531 532 ResponseCode KeyStore::importKey(const uint8_t* key, size_t keyLen, const char* filename, 533 uid_t userId, int32_t flags) { 534 Unique_PKCS8_PRIV_KEY_INFO pkcs8(d2i_PKCS8_PRIV_KEY_INFO(NULL, &key, keyLen)); 535 if (!pkcs8.get()) { 536 return ResponseCode::SYSTEM_ERROR; 537 } 538 Unique_EVP_PKEY pkey(EVP_PKCS82PKEY(pkcs8.get())); 539 if (!pkey.get()) { 540 return ResponseCode::SYSTEM_ERROR; 541 } 542 int type = EVP_PKEY_type(pkey->type); 543 AuthorizationSet params; 544 add_legacy_key_authorizations(type, ¶ms); 545 switch (type) { 546 case EVP_PKEY_RSA: 547 params.push_back(TAG_ALGORITHM, Algorithm::RSA); 548 break; 549 case EVP_PKEY_EC: 550 params.push_back(TAG_ALGORITHM, Algorithm::EC); 551 break; 552 default: 553 ALOGW("Unsupported key type %d", type); 554 return ResponseCode::SYSTEM_ERROR; 555 } 556 557 AuthorizationSet opParams(params); 558 hidl_vec<uint8_t> blob; 559 560 ErrorCode error; 561 auto hidlCb = [&](ErrorCode ret, const hidl_vec<uint8_t>& keyBlob, 562 const KeyCharacteristics& /* ignored */) { 563 error = ret; 564 if (error != ErrorCode::OK) return; 565 blob = keyBlob; 566 }; 567 auto input = blob2hidlVec(key, keyLen); 568 569 SecurityLevel securityLevel = flagsToSecurityLevel(flags); 570 auto kmDevice = getDevice(securityLevel); 571 if (!kmDevice) { 572 // As of this writing the only caller is KeyStore::get in an attempt to import legacy 573 // software keys. It only ever requests TEE as target which must always be present. 574 // If we see this error, we probably have a new and unanticipated caller. 575 ALOGE("No implementation for security level %d. Cannot import key.", securityLevel); 576 return ResponseCode::SYSTEM_ERROR; 577 } 578 579 ErrorCode rc = KS_HANDLE_HIDL_ERROR( 580 kmDevice->importKey(params.hidl_data(), KeyFormat::PKCS8, input, hidlCb)); 581 if (rc != ErrorCode::OK) return ResponseCode::SYSTEM_ERROR; 582 if (error != ErrorCode::OK) { 583 ALOGE("Keymaster error %d importing key pair", error); 584 return ResponseCode::SYSTEM_ERROR; 585 } 586 587 Blob keyBlob(&blob[0], blob.size(), NULL, 0, TYPE_KEYMASTER_10); 588 589 keyBlob.setEncrypted(flags & KEYSTORE_FLAG_ENCRYPTED); 590 keyBlob.setSecurityLevel(securityLevel); 591 592 return put(filename, &keyBlob, userId); 593 } 594 595 bool KeyStore::isHardwareBacked(const android::String16& keyType) const { 596 // if strongbox device is present TEE must also be present and of sufficiently high version 597 // to support all keys in hardware 598 if (getDevice(SecurityLevel::STRONGBOX)) return true; 599 if (!getDevice(SecurityLevel::TRUSTED_ENVIRONMENT)) { 600 ALOGW("can't get keymaster device"); 601 return false; 602 } 603 604 auto version = getDevice(SecurityLevel::TRUSTED_ENVIRONMENT)->halVersion(); 605 if (keyType == kRsaKeyType) return true; // All versions support RSA 606 return keyType == kEcKeyType && version.supportsEc; 607 } 608 609 ResponseCode KeyStore::getKeyForName(Blob* keyBlob, const android::String8& keyName, 610 const uid_t uid, const BlobType type) { 611 auto filepath8 = getBlobFileNameIfExists(keyName, uid, type); 612 uid_t userId = get_user_id(uid); 613 614 if (filepath8.isOk()) return get(filepath8.value().string(), keyBlob, type, userId); 615 616 return ResponseCode::KEY_NOT_FOUND; 617 } 618 619 UserState* KeyStore::getUserState(uid_t userId) { 620 for (android::Vector<UserState*>::iterator it(mMasterKeys.begin()); it != mMasterKeys.end(); 621 it++) { 622 UserState* state = *it; 623 if (state->getUserId() == userId) { 624 return state; 625 } 626 } 627 628 UserState* userState = new UserState(userId); 629 if (!userState->initialize()) { 630 /* There's not much we can do if initialization fails. Trying to 631 * unlock the keystore for that user will fail as well, so any 632 * subsequent request for this user will just return SYSTEM_ERROR. 633 */ 634 ALOGE("User initialization failed for %u; subsuquent operations will fail", userId); 635 } 636 mMasterKeys.add(userState); 637 return userState; 638 } 639 640 UserState* KeyStore::getUserStateByUid(uid_t uid) { 641 uid_t userId = get_user_id(uid); 642 return getUserState(userId); 643 } 644 645 const UserState* KeyStore::getUserState(uid_t userId) const { 646 for (android::Vector<UserState*>::const_iterator it(mMasterKeys.begin()); 647 it != mMasterKeys.end(); it++) { 648 UserState* state = *it; 649 if (state->getUserId() == userId) { 650 return state; 651 } 652 } 653 654 return NULL; 655 } 656 657 const UserState* KeyStore::getUserStateByUid(uid_t uid) const { 658 uid_t userId = get_user_id(uid); 659 return getUserState(userId); 660 } 661 662 bool KeyStore::upgradeBlob(const char* filename, Blob* blob, const uint8_t oldVersion, 663 const BlobType type, uid_t userId) { 664 bool updated = false; 665 uint8_t version = oldVersion; 666 667 /* From V0 -> V1: All old types were unknown */ 668 if (version == 0) { 669 ALOGV("upgrading to version 1 and setting type %d", type); 670 671 blob->setType(type); 672 if (type == TYPE_KEY_PAIR) { 673 importBlobAsKey(blob, filename, userId); 674 } 675 version = 1; 676 updated = true; 677 } 678 679 /* From V1 -> V2: All old keys were encrypted */ 680 if (version == 1) { 681 ALOGV("upgrading to version 2"); 682 683 blob->setEncrypted(true); 684 version = 2; 685 updated = true; 686 } 687 688 /* 689 * If we've updated, set the key blob to the right version 690 * and write it. 691 */ 692 if (updated) { 693 ALOGV("updated and writing file %s", filename); 694 blob->setVersion(version); 695 } 696 697 return updated; 698 } 699 700 struct BIO_Delete { 701 void operator()(BIO* p) const { BIO_free(p); } 702 }; 703 typedef std::unique_ptr<BIO, BIO_Delete> Unique_BIO; 704 705 ResponseCode KeyStore::importBlobAsKey(Blob* blob, const char* filename, uid_t userId) { 706 // We won't even write to the blob directly with this BIO, so const_cast is okay. 707 Unique_BIO b(BIO_new_mem_buf(const_cast<uint8_t*>(blob->getValue()), blob->getLength())); 708 if (b.get() == NULL) { 709 ALOGE("Problem instantiating BIO"); 710 return ResponseCode::SYSTEM_ERROR; 711 } 712 713 Unique_EVP_PKEY pkey(PEM_read_bio_PrivateKey(b.get(), NULL, NULL, NULL)); 714 if (pkey.get() == NULL) { 715 ALOGE("Couldn't read old PEM file"); 716 return ResponseCode::SYSTEM_ERROR; 717 } 718 719 Unique_PKCS8_PRIV_KEY_INFO pkcs8(EVP_PKEY2PKCS8(pkey.get())); 720 int len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), NULL); 721 if (len < 0) { 722 ALOGE("Couldn't measure PKCS#8 length"); 723 return ResponseCode::SYSTEM_ERROR; 724 } 725 726 std::unique_ptr<unsigned char[]> pkcs8key(new unsigned char[len]); 727 uint8_t* tmp = pkcs8key.get(); 728 if (i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &tmp) != len) { 729 ALOGE("Couldn't convert to PKCS#8"); 730 return ResponseCode::SYSTEM_ERROR; 731 } 732 733 ResponseCode rc = importKey(pkcs8key.get(), len, filename, userId, 734 blob->isEncrypted() ? KEYSTORE_FLAG_ENCRYPTED : KEYSTORE_FLAG_NONE); 735 if (rc != ResponseCode::NO_ERROR) { 736 return rc; 737 } 738 739 return get(filename, blob, TYPE_KEY_PAIR, userId); 740 } 741 742 void KeyStore::readMetaData() { 743 int in = TEMP_FAILURE_RETRY(open(kMetaDataFile, O_RDONLY)); 744 if (in < 0) { 745 return; 746 } 747 size_t fileLength = readFully(in, (uint8_t*)&mMetaData, sizeof(mMetaData)); 748 if (fileLength != sizeof(mMetaData)) { 749 ALOGI("Metadata file is %zd bytes (%zd experted); upgrade?", fileLength, sizeof(mMetaData)); 750 } 751 close(in); 752 } 753 754 void KeyStore::writeMetaData() { 755 const char* tmpFileName = ".metadata.tmp"; 756 int out = 757 TEMP_FAILURE_RETRY(open(tmpFileName, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR)); 758 if (out < 0) { 759 ALOGE("couldn't write metadata file: %s", strerror(errno)); 760 return; 761 } 762 size_t fileLength = writeFully(out, (uint8_t*)&mMetaData, sizeof(mMetaData)); 763 if (fileLength != sizeof(mMetaData)) { 764 ALOGI("Could only write %zd bytes to metadata file (%zd expected)", fileLength, 765 sizeof(mMetaData)); 766 } 767 close(out); 768 rename(tmpFileName, kMetaDataFile); 769 } 770 771 bool KeyStore::upgradeKeystore() { 772 bool upgraded = false; 773 774 if (mMetaData.version == 0) { 775 UserState* userState = getUserStateByUid(0); 776 777 // Initialize first so the directory is made. 778 userState->initialize(); 779 780 // Migrate the old .masterkey file to user 0. 781 if (access(kOldMasterKey, R_OK) == 0) { 782 if (rename(kOldMasterKey, userState->getMasterKeyFileName()) < 0) { 783 ALOGE("couldn't migrate old masterkey: %s", strerror(errno)); 784 return false; 785 } 786 } 787 788 // Initialize again in case we had a key. 789 userState->initialize(); 790 791 // Try to migrate existing keys. 792 DIR* dir = opendir("."); 793 if (!dir) { 794 // Give up now; maybe we can upgrade later. 795 ALOGE("couldn't open keystore's directory; something is wrong"); 796 return false; 797 } 798 799 struct dirent* file; 800 while ((file = readdir(dir)) != NULL) { 801 // We only care about files. 802 if (file->d_type != DT_REG) { 803 continue; 804 } 805 806 // Skip anything that starts with a "." 807 if (file->d_name[0] == '.') { 808 continue; 809 } 810 811 // Find the current file's user. 812 char* end; 813 unsigned long thisUid = strtoul(file->d_name, &end, 10); 814 if (end[0] != '_' || end[1] == 0) { 815 continue; 816 } 817 UserState* otherUser = getUserStateByUid(thisUid); 818 if (otherUser->getUserId() != 0) { 819 unlinkat(dirfd(dir), file->d_name, 0); 820 } 821 822 // Rename the file into user directory. 823 DIR* otherdir = opendir(otherUser->getUserDirName()); 824 if (otherdir == NULL) { 825 ALOGW("couldn't open user directory for rename"); 826 continue; 827 } 828 if (renameat(dirfd(dir), file->d_name, dirfd(otherdir), file->d_name) < 0) { 829 ALOGW("couldn't rename blob: %s: %s", file->d_name, strerror(errno)); 830 } 831 closedir(otherdir); 832 } 833 closedir(dir); 834 835 mMetaData.version = 1; 836 upgraded = true; 837 } 838 839 return upgraded; 840 } 841 842 static void maybeLogKeyIntegrityViolation(const char* filename, const BlobType type) { 843 if (!__android_log_security() || (type != TYPE_KEY_PAIR && type != TYPE_KEYMASTER_10)) return; 844 845 auto uidAlias = filename2UidAlias(filename); 846 uid_t uid = -1; 847 std::string alias; 848 849 if (uidAlias.isOk()) std::tie(uid, alias) = std::move(uidAlias).value(); 850 851 log_key_integrity_violation(alias.c_str(), uid); 852 } 853 854 } // namespace keystore 855
