1 /*
2  * Copyright (C) 2016 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 #ifndef ANDROID_VOLD_KEYSTORE_H
17 #define ANDROID_VOLD_KEYSTORE_H
18 
19 #include "KeyBuffer.h"
20 
21 #include <memory>
22 #include <string>
23 #include <utility>
24 
25 #include <android-base/macros.h>
26 #include <keymint_support/authorization_set.h>
27 #include <keymint_support/keymint_tags.h>
28 
29 #include <aidl/android/hardware/security/keymint/ErrorCode.h>
30 #include <aidl/android/system/keystore2/IKeystoreService.h>
31 #include <android/binder_manager.h>
32 
33 namespace android {
34 namespace vold {
35 
36 namespace ks2 = ::aidl::android::system::keystore2;
37 namespace km = ::aidl::android::hardware::security::keymint;
38 
39 // C++ wrappers to the Keystore2 AIDL interface.
40 // This is tailored to the needs of KeyStorage, but could be extended to be
41 // a more general interface.
42 
43 // Wrapper for a Keystore2 operation handle representing an
44 // ongoing Keystore2 operation.  Aborts the operation
45 // in the destructor if it is unfinished. Methods log failures
46 // to LOG(ERROR).
47 class KeystoreOperation {
48   public:
49     ~KeystoreOperation();
50     // Is this instance valid? This is false if creation fails, and becomes
51     // false on finish or if an update fails.
52     explicit operator bool() const { return (bool)ks2Operation; }
getErrorCode()53     km::ErrorCode getErrorCode() const { return errorCode; }
getUpgradedBlob()54     std::optional<std::string> getUpgradedBlob() const { return upgradedBlob; }
55     // Call "update" repeatedly until all of the input is consumed, and
56     // concatenate the output. Return true on success.
57     template <class TI, class TO>
updateCompletely(TI & input,TO * output)58     bool updateCompletely(TI& input, TO* output) {
59         if (output) output->clear();
60         return updateCompletely(input.data(), input.size(), [&](const char* b, size_t n) {
61             if (output) std::copy(b, b + n, std::back_inserter(*output));
62         });
63     }
64 
65     // Finish and write the output to this string, unless pointer is null.
66     bool finish(std::string* output);
67     // Move constructor
KeystoreOperation(KeystoreOperation && rhs)68     KeystoreOperation(KeystoreOperation&& rhs) { *this = std::move(rhs); }
69     // Construct an object in an error state for error returns
KeystoreOperation()70     KeystoreOperation() { errorCode = km::ErrorCode::UNKNOWN_ERROR; }
71     // Move Assignment
72     KeystoreOperation& operator=(KeystoreOperation&& rhs) {
73         ks2Operation = rhs.ks2Operation;
74         rhs.ks2Operation = nullptr;
75 
76         upgradedBlob = rhs.upgradedBlob;
77         rhs.upgradedBlob = std::nullopt;
78 
79         errorCode = rhs.errorCode;
80         rhs.errorCode = km::ErrorCode::UNKNOWN_ERROR;
81 
82         return *this;
83     }
84 
85   private:
KeystoreOperation(std::shared_ptr<ks2::IKeystoreOperation> ks2Op,std::optional<std::vector<uint8_t>> blob)86     KeystoreOperation(std::shared_ptr<ks2::IKeystoreOperation> ks2Op,
87                       std::optional<std::vector<uint8_t>> blob)
88         : ks2Operation{ks2Op}, errorCode{km::ErrorCode::OK} {
89         if (blob)
90             upgradedBlob = std::optional(std::string(blob->begin(), blob->end()));
91         else
92             upgradedBlob = std::nullopt;
93     }
94 
KeystoreOperation(km::ErrorCode errCode)95     KeystoreOperation(km::ErrorCode errCode) : errorCode{errCode} {}
96 
97     bool updateCompletely(const char* input, size_t inputLen,
98                           const std::function<void(const char*, size_t)> consumer);
99 
100     std::shared_ptr<ks2::IKeystoreOperation> ks2Operation;
101     std::optional<std::string> upgradedBlob;
102     km::ErrorCode errorCode;
103     DISALLOW_COPY_AND_ASSIGN(KeystoreOperation);
104     friend class Keystore;
105 };
106 
107 // Wrapper for keystore2 methods that vold uses.
108 class Keystore {
109   public:
110     Keystore();
111     // false if we failed to get a keystore2 security level.
112     explicit operator bool() { return (bool)securityLevel; }
113     // Generate a key using keystore2 from the given params.
114     bool generateKey(const km::AuthorizationSet& inParams, std::string* key);
115     // Exports a keystore2 key with STORAGE_KEY tag wrapped with a per-boot ephemeral key
116     bool exportKey(const KeyBuffer& ksKey, std::string* key);
117     // If supported, permanently delete a key from the keymint device it belongs to.
118     bool deleteKey(const std::string& key);
119     // Begin a new cryptographic operation, collecting output parameters if pointer is non-null
120     // If the key was upgraded as a result of a call to this method, the returned KeystoreOperation
121     // also stores the upgraded key blob.
122     KeystoreOperation begin(const std::string& key, const km::AuthorizationSet& inParams,
123                             km::AuthorizationSet* outParams);
124 
125     // Tell all Keymint devices that early boot has ended and early boot-only keys can no longer
126     // be created or used.
127     static void earlyBootEnded();
128 
129     // Tell all Keymint devices to delete all rollback-protected keys.
130     static void deleteAllKeys();
131 
132   private:
133     std::shared_ptr<ks2::IKeystoreSecurityLevel> securityLevel;
134     DISALLOW_COPY_AND_ASSIGN(Keystore);
135 };
136 
137 }  // namespace vold
138 }  // namespace android
139 
140 #endif
141