Keymaster.cpp

   1 /*
   2  * Copyright (C) 2016 The Android Open Source Project
   3  *
   4  * Licensed under the Apache License, Version 2.0 (the "License");
   5  * you may not use this file except in compliance with the License.
   6  * You may obtain a copy of the License at
   7  *
   8  *      http://www.apache.org/licenses/LICENSE-2.0
   9  *
  10  * Unless required by applicable law or agreed to in writing, software
  11  * distributed under the License is distributed on an "AS IS" BASIS,
  12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13  * See the License for the specific language governing permissions and
  14  * limitations under the License.
  15  */
  16
  17 #include "Keymaster.h"
  18
  19 #include <android-base/logging.h>
  20 #include <keymasterV4_0/authorization_set.h>
  21 #include <keymasterV4_0/keymaster_utils.h>
  22
  23 namespace android {
  24 namespace vold {
  25
  26 using ::android::hardware::hidl_string;
  27 using ::android::hardware::hidl_vec;
  28 using ::android::hardware::keymaster::V4_0::SecurityLevel;
  29
  30 KeymasterOperation::~KeymasterOperation() {
  31     if (mDevice) mDevice->abort(mOpHandle);
  32 }
  33
  34 bool KeymasterOperation::updateCompletely(const char* input, size_t inputLen,
  35                                           const std::function<void(const char*, size_t)> consumer) {
  36     uint32_t inputConsumed = 0;
  37
  38     km::ErrorCode km_error;
  39     auto hidlCB = [&](km::ErrorCode ret, uint32_t inputConsumedDelta,
  40                       const hidl_vec<km::KeyParameter>& /*ignored*/,
  41                       const hidl_vec<uint8_t>& _output) {
  42         km_error = ret;
  43         if (km_error != km::ErrorCode::OK) return;
  44         inputConsumed += inputConsumedDelta;
  45         consumer(reinterpret_cast<const char*>(&_output[0]), _output.size());
  46     };
  47
  48     while (inputConsumed != inputLen) {
  49         size_t toRead = static_cast<size_t>(inputLen - inputConsumed);
  50         auto inputBlob = km::support::blob2hidlVec(
  51             reinterpret_cast<const uint8_t*>(&input[inputConsumed]), toRead);
  52         auto error = mDevice->update(mOpHandle, hidl_vec<km::KeyParameter>(), inputBlob,
  53                                      km::HardwareAuthToken(), km::VerificationToken(), hidlCB);
  54         if (!error.isOk()) {
  55             LOG(ERROR) << "update failed: " << error.description();
  56             mDevice = nullptr;
  57             return false;
  58         }
  59         if (km_error != km::ErrorCode::OK) {
  60             LOG(ERROR) << "update failed, code " << int32_t(km_error);
  61             mDevice = nullptr;
  62             return false;
  63         }
  64         if (inputConsumed > inputLen) {
  65             LOG(ERROR) << "update reported too much input consumed";
  66             mDevice = nullptr;
  67             return false;
  68         }
  69     }
  70     return true;
  71 }
  72
  73 bool KeymasterOperation::finish(std::string* output) {
  74     km::ErrorCode km_error;
  75     auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<km::KeyParameter>& /*ignored*/,
  76                       const hidl_vec<uint8_t>& _output) {
  77         km_error = ret;
  78         if (km_error != km::ErrorCode::OK) return;
  79         if (output) output->assign(reinterpret_cast<const char*>(&_output[0]), _output.size());
  80     };
  81     auto error = mDevice->finish(mOpHandle, hidl_vec<km::KeyParameter>(), hidl_vec<uint8_t>(),
  82                                  hidl_vec<uint8_t>(), km::HardwareAuthToken(),
  83                                  km::VerificationToken(), hidlCb);
  84     mDevice = nullptr;
  85     if (!error.isOk()) {
  86         LOG(ERROR) << "finish failed: " << error.description();
  87         return false;
  88     }
  89     if (km_error != km::ErrorCode::OK) {
  90         LOG(ERROR) << "finish failed, code " << int32_t(km_error);
  91         return false;
  92     }
  93     return true;
  94 }
  95
  96 /* static */ bool Keymaster::hmacKeyGenerated = false;
  97
  98 Keymaster::Keymaster() {
  99     auto devices = KmDevice::enumerateAvailableDevices();
 100     if (!hmacKeyGenerated) {
 101         KmDevice::performHmacKeyAgreement(devices);
 102         hmacKeyGenerated = true;
 103     }
 104     for (auto& dev : devices) {
 105         // Do not use StrongBox for device encryption / credential encryption.  If a security chip
 106         // is present it will have Weaver, which already strengthens CE.  We get no additional
 107         // benefit from using StrongBox here, so skip it.
 108         if (dev->halVersion().securityLevel != SecurityLevel::STRONGBOX) {
 109             mDevice = std::move(dev);
 110             break;
 111         }
 112     }
 113     if (!mDevice) return;
 114     auto& version = mDevice->halVersion();
 115     LOG(INFO) << "Using " << version.keymasterName << " from " << version.authorName
 116               << " for encryption.  Security level: " << toString(version.securityLevel)
 117               << ", HAL: " << mDevice->descriptor() << "/" << mDevice->instanceName();
 118 }
 119
 120 bool Keymaster::generateKey(const km::AuthorizationSet& inParams, std::string* key) {
 121     km::ErrorCode km_error;
 122     auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<uint8_t>& keyBlob,
 123                       const km::KeyCharacteristics& /*ignored*/) {
 124         km_error = ret;
 125         if (km_error != km::ErrorCode::OK) return;
 126         if (key) key->assign(reinterpret_cast<const char*>(&keyBlob[0]), keyBlob.size());
 127     };
 128
 129     auto error = mDevice->generateKey(inParams.hidl_data(), hidlCb);
 130     if (!error.isOk()) {
 131         LOG(ERROR) << "generate_key failed: " << error.description();
 132         return false;
 133     }
 134     if (km_error != km::ErrorCode::OK) {
 135         LOG(ERROR) << "generate_key failed, code " << int32_t(km_error);
 136         return false;
 137     }
 138     return true;
 139 }
 140
 141 bool Keymaster::deleteKey(const std::string& key) {
 142     auto keyBlob = km::support::blob2hidlVec(key);
 143     auto error = mDevice->deleteKey(keyBlob);
 144     if (!error.isOk()) {
 145         LOG(ERROR) << "delete_key failed: " << error.description();
 146         return false;
 147     }
 148     if (error != km::ErrorCode::OK) {
 149         LOG(ERROR) << "delete_key failed, code " << int32_t(km::ErrorCode(error));
 150         return false;
 151     }
 152     return true;
 153 }
 154
 155 bool Keymaster::upgradeKey(const std::string& oldKey, const km::AuthorizationSet& inParams,
 156                            std::string* newKey) {
 157     auto oldKeyBlob = km::support::blob2hidlVec(oldKey);
 158     km::ErrorCode km_error;
 159     auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<uint8_t>& upgradedKeyBlob) {
 160         km_error = ret;
 161         if (km_error != km::ErrorCode::OK) return;
 162         if (newKey)
 163             newKey->assign(reinterpret_cast<const char*>(&upgradedKeyBlob[0]),
 164                            upgradedKeyBlob.size());
 165     };
 166     auto error = mDevice->upgradeKey(oldKeyBlob, inParams.hidl_data(), hidlCb);
 167     if (!error.isOk()) {
 168         LOG(ERROR) << "upgrade_key failed: " << error.description();
 169         return false;
 170     }
 171     if (km_error != km::ErrorCode::OK) {
 172         LOG(ERROR) << "upgrade_key failed, code " << int32_t(km_error);
 173         return false;
 174     }
 175     return true;
 176 }
 177
 178 KeymasterOperation Keymaster::begin(km::KeyPurpose purpose, const std::string& key,
 179                                     const km::AuthorizationSet& inParams,
 180                                     const km::HardwareAuthToken& authToken,
 181                                     km::AuthorizationSet* outParams) {
 182     auto keyBlob = km::support::blob2hidlVec(key);
 183     uint64_t mOpHandle;
 184     km::ErrorCode km_error;
 185
 186     auto hidlCb = [&](km::ErrorCode ret, const hidl_vec<km::KeyParameter>& _outParams,
 187                       uint64_t operationHandle) {
 188         km_error = ret;
 189         if (km_error != km::ErrorCode::OK) return;
 190         if (outParams) *outParams = _outParams;
 191         mOpHandle = operationHandle;
 192     };
 193
 194     auto error = mDevice->begin(purpose, keyBlob, inParams.hidl_data(), authToken, hidlCb);
 195     if (!error.isOk()) {
 196         LOG(ERROR) << "begin failed: " << error.description();
 197         return KeymasterOperation(km::ErrorCode::UNKNOWN_ERROR);
 198     }
 199     if (km_error != km::ErrorCode::OK) {
 200         LOG(ERROR) << "begin failed, code " << int32_t(km_error);
 201         return KeymasterOperation(km_error);
 202     }
 203     return KeymasterOperation(mDevice.get(), mOpHandle);
 204 }
 205
 206 bool Keymaster::isSecure() {
 207     return mDevice->halVersion().securityLevel != km::SecurityLevel::SOFTWARE;
 208 }
 209
 210 }  // namespace vold
 211 }  // namespace android
 212
 213 using namespace ::android::vold;
 214
 215 int keymaster_compatibility_cryptfs_scrypt() {
 216     Keymaster dev;
 217     if (!dev) {
 218         LOG(ERROR) << "Failed to initiate keymaster session";
 219         return -1;
 220     }
 221     return dev.isSecure();
 222 }
 223
 224 static bool write_string_to_buf(const std::string& towrite, uint8_t* buffer, uint32_t buffer_size,
 225                                 uint32_t* out_size) {
 226     if (!buffer || !out_size) {
 227         LOG(ERROR) << "Missing target pointers";
 228         return false;
 229     }
 230     *out_size = towrite.size();
 231     if (buffer_size < towrite.size()) {
 232         LOG(ERROR) << "Buffer too small " << buffer_size << " < " << towrite.size();
 233         return false;
 234     }
 235     memset(buffer, '\0', buffer_size);
 236     std::copy(towrite.begin(), towrite.end(), buffer);
 237     return true;
 238 }
 239
 240 static km::AuthorizationSet keyParams(uint32_t rsa_key_size, uint64_t rsa_exponent,
 241                                       uint32_t ratelimit) {
 242     return km::AuthorizationSetBuilder()
 243         .RsaSigningKey(rsa_key_size, rsa_exponent)
 244         .NoDigestOrPadding()
 245         .Authorization(km::TAG_BLOB_USAGE_REQUIREMENTS, km::KeyBlobUsageRequirements::STANDALONE)
 246         .Authorization(km::TAG_NO_AUTH_REQUIRED)
 247         .Authorization(km::TAG_MIN_SECONDS_BETWEEN_OPS, ratelimit);
 248 }
 249
 250 int keymaster_create_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
 251                                             uint32_t ratelimit, uint8_t* key_buffer,
 252                                             uint32_t key_buffer_size, uint32_t* key_out_size) {
 253     if (key_out_size) {
 254         *key_out_size = 0;
 255     }
 256     Keymaster dev;
 257     if (!dev) {
 258         LOG(ERROR) << "Failed to initiate keymaster session";
 259         return -1;
 260     }
 261     std::string key;
 262     if (!dev.generateKey(keyParams(rsa_key_size, rsa_exponent, ratelimit), &key)) return -1;
 263     if (!write_string_to_buf(key, key_buffer, key_buffer_size, key_out_size)) return -1;
 264     return 0;
 265 }
 266
 267 int keymaster_upgrade_key_for_cryptfs_scrypt(uint32_t rsa_key_size, uint64_t rsa_exponent,
 268                                              uint32_t ratelimit, const uint8_t* key_blob,
 269                                              size_t key_blob_size, uint8_t* key_buffer,
 270                                              uint32_t key_buffer_size, uint32_t* key_out_size) {
 271     if (key_out_size) {
 272         *key_out_size = 0;
 273     }
 274     Keymaster dev;
 275     if (!dev) {
 276         LOG(ERROR) << "Failed to initiate keymaster session";
 277         return -1;
 278     }
 279     std::string old_key(reinterpret_cast<const char*>(key_blob), key_blob_size);
 280     std::string new_key;
 281     if (!dev.upgradeKey(old_key, keyParams(rsa_key_size, rsa_exponent, ratelimit), &new_key))
 282         return -1;
 283     if (!write_string_to_buf(new_key, key_buffer, key_buffer_size, key_out_size)) return -1;
 284     return 0;
 285 }
 286
 287 KeymasterSignResult keymaster_sign_object_for_cryptfs_scrypt(
 288     const uint8_t* key_blob, size_t key_blob_size, uint32_t ratelimit, const uint8_t* object,
 289     const size_t object_size, uint8_t** signature_buffer, size_t* signature_buffer_size) {
 290     Keymaster dev;
 291     if (!dev) {
 292         LOG(ERROR) << "Failed to initiate keymaster session";
 293         return KeymasterSignResult::error;
 294     }
 295     if (!key_blob || !object || !signature_buffer || !signature_buffer_size) {
 296         LOG(ERROR) << __FILE__ << ":" << __LINE__ << ":Invalid argument";
 297         return KeymasterSignResult::error;
 298     }
 299
 300     km::AuthorizationSet outParams;
 301     std::string key(reinterpret_cast<const char*>(key_blob), key_blob_size);
 302     std::string input(reinterpret_cast<const char*>(object), object_size);
 303     std::string output;
 304     KeymasterOperation op;
 305
 306     auto paramBuilder = km::AuthorizationSetBuilder().NoDigestOrPadding();
 307     while (true) {
 308         op = dev.begin(km::KeyPurpose::SIGN, key, paramBuilder, km::HardwareAuthToken(), &outParams);
 309         if (op.errorCode() == km::ErrorCode::KEY_RATE_LIMIT_EXCEEDED) {
 310             sleep(ratelimit);
 311             continue;
 312         } else
 313             break;
 314     }
 315
 316     if (op.errorCode() == km::ErrorCode::KEY_REQUIRES_UPGRADE) {
 317         LOG(ERROR) << "Keymaster key requires upgrade";
 318         return KeymasterSignResult::upgrade;
 319     }
 320
 321     if (op.errorCode() != km::ErrorCode::OK) {
 322         LOG(ERROR) << "Error starting keymaster signature transaction: " << int32_t(op.errorCode());
 323         return KeymasterSignResult::error;
 324     }
 325
 326     if (!op.updateCompletely(input, &output)) {
 327         LOG(ERROR) << "Error sending data to keymaster signature transaction: "
 328                    << uint32_t(op.errorCode());
 329         return KeymasterSignResult::error;
 330     }
 331
 332     if (!op.finish(&output)) {
 333         LOG(ERROR) << "Error finalizing keymaster signature transaction: "
 334                    << int32_t(op.errorCode());
 335         return KeymasterSignResult::error;
 336     }
 337
 338     *signature_buffer = reinterpret_cast<uint8_t*>(malloc(output.size()));
 339     if (*signature_buffer == nullptr) {
 340         LOG(ERROR) << "Error allocation buffer for keymaster signature";
 341         return KeymasterSignResult::error;
 342     }
 343     *signature_buffer_size = output.size();
 344     std::copy(output.data(), output.data() + output.size(), *signature_buffer);
 345     return KeymasterSignResult::ok;
 346 }