diff --git a/crypto/fscrypt/FsCrypt.cpp b/crypto/fscrypt/FsCrypt.cpp index f1c88099..28e7747f 100755 --- a/crypto/fscrypt/FsCrypt.cpp +++ b/crypto/fscrypt/FsCrypt.cpp @@ -16,6 +16,7 @@ #include "FsCrypt.h" +#include "Keymaster.h" #include "KeyStorage.h" #include "KeyUtil.h" #include "Utils.h" @@ -65,6 +66,8 @@ using android::base::StringPrintf; using android::fs_mgr::GetEntryForMountPoint; using android::vold::kEmptyAuthentication; using android::vold::KeyBuffer; +using android::vold::Keymaster; +using android::hardware::keymaster::V4_0::KeyFormat; // using android::vold::writeStringToFile; // Store main DE raw ref / policy @@ -207,12 +210,45 @@ static bool read_and_fixate_user_ce_key(userid_t user_id, return false; } +static bool is_wrapped_key_supported_common(const std::string& mount_point) { + struct fstab_rec* rec = fs_mgr_get_entry_for_mount_point(fstab_default, mount_point); + char const* contents_mode = NULL; + char const* filenames_mode = NULL; + + fs_mgr_get_file_encryption_modes(rec, &contents_mode, &filenames_mode); + if (!contents_mode || !filenames_mode) { + LOG(ERROR) << "Couldn't read file or contents mode, returning false"; + return false; + } + + if (strcmp(contents_mode, "ice_wrapped_key_supported") == 0) + return true; + else + return false; +} + +bool is_wrapped_key_supported() { + return is_wrapped_key_supported_common(DATA_MNT_POINT); +} + +bool is_wrapped_key_supported_external() { + return false; +} + static bool read_and_install_user_ce_key(userid_t user_id, const android::vold::KeyAuthentication& auth) { if (s_ce_key_raw_refs.count(user_id) != 0) return true; KeyBuffer ce_key; if (!read_and_fixate_user_ce_key(user_id, auth, &ce_key)) return false; std::string ce_raw_ref; + if (is_wrapped_key_supported()) { + KeyBuffer ephemeral_wrapped_key; + if (!getEphemeralWrappedKey(KeyFormat::RAW, ce_key, &ephemeral_wrapped_key)) { + LOG(ERROR) << "Failed to export ce key"; + return false; + } + ce_key = std::move(ephemeral_wrapped_key); + } if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false; s_ce_keys[user_id] = std::move(ce_key); s_ce_key_raw_refs[user_id] = ce_raw_ref; @@ -242,8 +278,15 @@ static bool destroy_dir(const std::string& dir) { // it creates keys in a fixed location. static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral) { KeyBuffer de_key, ce_key; - if (!android::vold::randomKey(&de_key)) return false; - if (!android::vold::randomKey(&ce_key)) return false; + + if(is_wrapped_key_supported()) { + if (!generateWrappedKey(user_id, android::vold::KeyType::DE_USER, &de_key)) return false; + if (!generateWrappedKey(user_id, android::vold::KeyType::CE_USER, &ce_key)) return false; + } else { + if (!android::vold::randomKey(&de_key)) return false; + if (!android::vold::randomKey(&ce_key)) return false; + } + if (create_ephemeral) { // If the key should be created as ephemeral, don't store it. s_ephemeral_users.insert(user_id); @@ -262,12 +305,33 @@ static bool create_and_install_user_keys(userid_t user_id, bool create_ephemeral kEmptyAuthentication, de_key)) return false; } - if (!android::vold::installKey(de_key, &de_raw_ref)) return false; - s_de_key_raw_refs[user_id] = de_raw_ref; + std::string ce_raw_ref; + if (is_wrapped_key_supported()) { + KeyBuffer ephemeral_wrapped_de_key; + KeyBuffer ephemeral_wrapped_ce_key; + + /* Export and install the DE keys */ + if (!getEphemeralWrappedKey(KeyFormat::RAW, de_key, &ephemeral_wrapped_de_key)) { + LOG(ERROR) << "Failed to export de_key"; + return false; + } + /* Export and install the CE keys */ + if (!getEphemeralWrappedKey(KeyFormat::RAW, ce_key, &ephemeral_wrapped_ce_key)) { + LOG(ERROR) << "Failed to export de_key"; + return false; + } + + de_key = std::move(ephemeral_wrapped_de_key); + ce_key = std::move(ephemeral_wrapped_ce_key); + } + if (!android::vold::installKey(de_key, &de_raw_ref)) return false; if (!android::vold::installKey(ce_key, &ce_raw_ref)) return false; - s_ce_keys[user_id] = ce_key; + s_ce_keys[user_id] = std::move(ce_key); + + s_de_key_raw_refs[user_id] = de_raw_ref; s_ce_key_raw_refs[user_id] = ce_raw_ref; + LOG(DEBUG) << "Created keys for user " << user_id; return true; } @@ -337,6 +401,14 @@ static bool load_all_de_keys() { KeyBuffer key; if (!android::vold::retrieveKey(key_path, kEmptyAuthentication, &key)) return false; std::string raw_ref; + if (is_wrapped_key_supported()) { + KeyBuffer ephemeral_wrapped_key; + if (!getEphemeralWrappedKey(KeyFormat::RAW, key, &ephemeral_wrapped_key)) { + LOG(ERROR) << "Failed to export de_key in create_and_install_user_keys"; + return false; + } + key = std::move(ephemeral_wrapped_key); + } if (!android::vold::installKey(key, &raw_ref)) return false; s_de_key_raw_refs[user_id] = raw_ref; LOG(DEBUG) << "Installed de key for user " << user_id; @@ -349,6 +421,7 @@ static bool load_all_de_keys() { bool fscrypt_initialize_systemwide_keys() { LOG(INFO) << "fscrypt_initialize_systemwide_keys"; + bool wrapped_key_supported = false; if (s_systemwide_keys_initialized) { LOG(INFO) << "Already initialized"; @@ -356,8 +429,11 @@ bool fscrypt_initialize_systemwide_keys() { } PolicyKeyRef device_ref; - if (!android::vold::retrieveAndInstallKey(true, kEmptyAuthentication, device_key_path, - device_key_temp, &device_ref.key_raw_ref)) + wrapped_key_supported = is_wrapped_key_supported(); + + if (!android::vold::retrieveAndInstallKey(true, kEmptyAuthentication, + device_key_path, device_key_temp, + &device_ref.key_raw_ref, wrapped_key_supported)) return false; get_data_file_encryption_modes(&device_ref); @@ -537,6 +613,7 @@ static bool read_or_create_volkey(const std::string& misc_path, const std::strin PolicyKeyRef* key_ref) { auto secdiscardable_path = volume_secdiscardable_path(volume_uuid); std::string secdiscardable_hash; + bool wrapped_key_supported = false; if (android::vold::pathExists(secdiscardable_path)) { if (!android::vold::readSecdiscardable(secdiscardable_path, &secdiscardable_hash)) return false; @@ -554,8 +631,10 @@ static bool read_or_create_volkey(const std::string& misc_path, const std::strin return false; } android::vold::KeyAuthentication auth("", secdiscardable_hash); + wrapped_key_supported = is_wrapped_key_supported_external(); + if (!android::vold::retrieveAndInstallKey(true, auth, key_path, key_path + "_tmp", - &key_ref->key_raw_ref)) + &key_ref->key_raw_ref, wrapped_key_supported)) return false; key_ref->contents_mode = android::base::GetProperty("ro.crypto.volume.contents_mode", "aes-256-xts"); @@ -581,14 +660,28 @@ bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& if (!parse_hex(secret_hex, &secret)) return false; auto auth = secret.empty() ? kEmptyAuthentication : android::vold::KeyAuthentication(token, secret); - auto it = s_ce_keys.find(user_id); - if (it == s_ce_keys.end()) { - LOG(ERROR) << "Key not loaded into memory, can't change for user " << user_id; - return false; - } - const auto& ce_key = it->second; auto const directory_path = get_ce_key_directory_path(user_id); auto const paths = get_ce_key_paths(directory_path); + + KeyBuffer ce_key; + if(is_wrapped_key_supported()) { + std::string ce_key_current_path = get_ce_key_current_path(directory_path); + if (android::vold::retrieveKey(ce_key_current_path, kEmptyAuthentication, &ce_key)) { + LOG(DEBUG) << "Successfully retrieved key"; + } else { + if (android::vold::retrieveKey(ce_key_current_path, auth, &ce_key)) { + LOG(DEBUG) << "Successfully retrieved key"; + } + } + } else { + auto it = s_ce_keys.find(user_id); + if (it == s_ce_keys.end()) { + LOG(ERROR) << "Key not loaded into memory, can't change for user " << user_id; + return false; + } + ce_key = it->second; + } + std::string ce_key_path; if (!get_ce_key_new_path(directory_path, paths, &ce_key_path)) return false; if (!android::vold::storeKeyAtomically(ce_key_path, user_key_temp, auth, ce_key)) return false; @@ -596,6 +689,46 @@ bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& return true; } +bool fscrypt_clear_user_key_auth(userid_t user_id, int serial, const std::string& token_hex, + const std::string& secret_hex) { + LOG(DEBUG) << "fscrypt_clear_user_key_auth " << user_id << " serial=" << serial + << " token_present=" << (token_hex != "!"); + if (!fscrypt_is_native()) return true; + if (s_ephemeral_users.count(user_id) != 0) return true; + std::string token, secret; + + if (!parse_hex(token_hex, &token)) return false; + if (!parse_hex(secret_hex, &secret)) return false; + + if (is_wrapped_key_supported()) { + auto const directory_path = get_ce_key_directory_path(user_id); + auto const paths = get_ce_key_paths(directory_path); + + KeyBuffer ce_key; + std::string ce_key_current_path = get_ce_key_current_path(directory_path); + + auto auth = android::vold::KeyAuthentication(token, secret); + /* Retrieve key while removing a pin. A secret is needed */ + if (android::vold::retrieveKey(ce_key_current_path, auth, &ce_key)) { + LOG(DEBUG) << "Successfully retrieved key"; + } else { + /* Retrieve key when going None to swipe and vice versa when a + synthetic password is present */ + if (android::vold::retrieveKey(ce_key_current_path, kEmptyAuthentication, &ce_key)) { + LOG(DEBUG) << "Successfully retrieved key"; + } + } + + std::string ce_key_path; + if (!get_ce_key_new_path(directory_path, paths, &ce_key_path)) return false; + if (!android::vold::storeKeyAtomically(ce_key_path, user_key_temp, kEmptyAuthentication, ce_key)) + return false; + } else { + if(!fscrypt_add_user_key_auth(user_id, serial, "!", "!")) return false; + } + return true; +} + bool fscrypt_fixate_newest_user_key_auth(userid_t user_id) { LOG(DEBUG) << "fscrypt_fixate_newest_user_key_auth " << user_id; if (!fscrypt_is_native()) return true; diff --git a/crypto/fscrypt/FsCrypt.h b/crypto/fscrypt/FsCrypt.h index ff32bc87..11a338fb 100755 --- a/crypto/fscrypt/FsCrypt.h +++ b/crypto/fscrypt/FsCrypt.h @@ -27,6 +27,8 @@ bool fscrypt_vold_create_user_key(userid_t user_id, int serial, bool ephemeral); bool fscrypt_destroy_user_key(userid_t user_id); bool fscrypt_add_user_key_auth(userid_t user_id, int serial, const std::string& token, const std::string& secret); +bool fscrypt_clear_user_key_auth(userid_t user_id, int serial, const std::string& token_hex, + const std::string& secret_hex); bool fscrypt_fixate_newest_user_key_auth(userid_t user_id); bool fscrypt_unlock_user_key(userid_t user_id, int serial, const std::string& token, @@ -38,6 +40,7 @@ bool fscrypt_prepare_user_storage(const std::string& volume_uuid, userid_t user_ bool fscrypt_destroy_user_storage(const std::string& volume_uuid, userid_t user_id, int flags); bool fscrypt_destroy_volume_keys(const std::string& volume_uuid); - +bool is_wrapped_key_supported(); +bool is_wrapped_key_supported_external(); bool lookup_key_ref(const std::map& key_map, userid_t user_id, std::string* raw_ref); \ No newline at end of file diff --git a/crypto/fscrypt/KeyStorage.cpp b/crypto/fscrypt/KeyStorage.cpp index c68daa1d..766cc610 100755 --- a/crypto/fscrypt/KeyStorage.cpp +++ b/crypto/fscrypt/KeyStorage.cpp @@ -64,6 +64,7 @@ static constexpr size_t SECDISCARDABLE_BYTES = 1 << 14; static constexpr size_t STRETCHED_BYTES = 1 << 6; static constexpr uint32_t AUTH_TIMEOUT = 30; // Seconds +constexpr int EXT4_AES_256_XTS_KEY_SIZE = 64; static const char* kCurrentVersion = "1"; static const char* kRmPath = "/system/bin/rm"; @@ -129,6 +130,47 @@ static bool generateKeymasterKey(Keymaster& keymaster, const KeyAuthentication& return keymaster.generateKey(paramBuilder, key); } +bool generateWrappedKey(userid_t user_id, KeyType key_type, + KeyBuffer* key) { + Keymaster keymaster; + if (!keymaster) return false; + *key = KeyBuffer(EXT4_AES_256_XTS_KEY_SIZE); + std::string key_temp; + auto paramBuilder = km::AuthorizationSetBuilder() + .AesEncryptionKey(AES_KEY_BYTES * 8) + .GcmModeMinMacLen(GCM_MAC_BYTES * 8) + .Authorization(km::TAG_USER_ID, user_id); + km::KeyParameter param1; + param1.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_FBE_ICE); + param1.f.boolValue = true; + paramBuilder.push_back(param1); + + km::KeyParameter param2; + if ((key_type == KeyType::DE_USER) || (key_type == KeyType::DE_SYS)) { + param2.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_KEY_TYPE); + param2.f.integer = 0; + } else if (key_type == KeyType::CE_USER) { + param2.tag = (km::Tag) (android::hardware::keymaster::V4_0::KM_TAG_KEY_TYPE); + param2.f.integer = 1; + } + paramBuilder.push_back(param2); + + if (!keymaster.generateKey(paramBuilder, &key_temp)) return false; + *key = KeyBuffer(key_temp.size()); + memcpy(reinterpret_cast(key->data()), key_temp.c_str(), key->size()); + return true; +} + +bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* key) { + std::string key_temp; + Keymaster keymaster; + if (!keymaster) return false; + if (!keymaster.exportKey(format, kmKey, "!", "!", &key_temp)) return false; + *key = KeyBuffer(key_temp.size()); + memcpy(reinterpret_cast(key->data()), key_temp.c_str(), key->size()); + return true; +} + static std::pair beginParams( const KeyAuthentication& auth, const std::string& appId) { auto paramBuilder = km::AuthorizationSetBuilder() diff --git a/crypto/fscrypt/KeyStorage.h b/crypto/fscrypt/KeyStorage.h index 276b6b93..72ddfc47 100755 --- a/crypto/fscrypt/KeyStorage.h +++ b/crypto/fscrypt/KeyStorage.h @@ -17,8 +17,9 @@ #ifndef ANDROID_VOLD_KEYSTORAGE_H #define ANDROID_VOLD_KEYSTORAGE_H +#include "Keymaster.h" #include "KeyBuffer.h" - +#include #include namespace android { @@ -39,6 +40,12 @@ class KeyAuthentication { const std::string secret; }; +enum class KeyType { + DE_SYS, + DE_USER, + CE_USER +}; + extern const KeyAuthentication kEmptyAuthentication; // Checks if path "path" exists. @@ -68,6 +75,8 @@ bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, KeyBuffe bool destroyKey(const std::string& dir); bool runSecdiscardSingle(const std::string& file); +bool generateWrappedKey(userid_t user_id, KeyType key_type, KeyBuffer* key); +bool getEphemeralWrappedKey(km::KeyFormat format, KeyBuffer& kmKey, KeyBuffer* key); } // namespace vold } // namespace android diff --git a/crypto/fscrypt/KeyUtil.cpp b/crypto/fscrypt/KeyUtil.cpp index 91d6b37d..70a551c0 100755 --- a/crypto/fscrypt/KeyUtil.cpp +++ b/crypto/fscrypt/KeyUtil.cpp @@ -27,9 +27,14 @@ #include #include +#include "FsCrypt.h" #include "KeyStorage.h" #include "Utils.h" +#define MAX_USER_ID 0xFFFFFFFF + +using android::hardware::keymaster::V4_0::KeyFormat; +using android::vold::KeyType; namespace android { namespace vold { @@ -105,7 +110,14 @@ bool installKey(const KeyBuffer& key, std::string* raw_ref) { fscrypt_key& fs_key = *reinterpret_cast(fsKeyBuffer.data()); if (!fillKey(key, &fs_key)) return false; - *raw_ref = generateKeyRef(fs_key.raw, fs_key.size); + if (is_wrapped_key_supported()) { + /* When wrapped key is supported, only the first 32 bytes are + the same per boot. The second 32 bytes can change as the ephemeral + key is different. */ + *raw_ref = generateKeyRef(fs_key.raw, (fs_key.size)/2); + } else { + *raw_ref = generateKeyRef(fs_key.raw, fs_key.size); + } key_serial_t device_keyring; if (!fscryptKeyring(&device_keyring)) return false; for (char const* const* name_prefix = NAME_PREFIXES; *name_prefix != nullptr; name_prefix++) { @@ -146,7 +158,7 @@ bool evictKey(const std::string& raw_ref) { bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication, const std::string& key_path, const std::string& tmp_path, - std::string* key_ref) { + std::string* key_ref, bool wrapped_key_supported) { KeyBuffer key; if (pathExists(key_path)) { LOG(DEBUG) << "Key exists, using: " << key_path; @@ -157,10 +169,23 @@ bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_a return false; } LOG(INFO) << "Creating new key in " << key_path; - if (!randomKey(&key)) return false; + if (wrapped_key_supported) { + if(!generateWrappedKey(MAX_USER_ID, KeyType::DE_SYS, &key)) return false; + } else { + if (!randomKey(&key)) return false; + } if (!storeKeyAtomically(key_path, tmp_path, key_authentication, key)) return false; } + if (wrapped_key_supported) { + KeyBuffer ephemeral_wrapped_key; + if (!getEphemeralWrappedKey(KeyFormat::RAW, key, &ephemeral_wrapped_key)) { + LOG(ERROR) << "Failed to export key in retrieveAndInstallKey"; + return false; + } + key = std::move(ephemeral_wrapped_key); + } + if (!installKey(key, key_ref)) { LOG(ERROR) << "Failed to install key in " << key_path; return false; diff --git a/crypto/fscrypt/KeyUtil.h b/crypto/fscrypt/KeyUtil.h index 7ee67254..2839b4a0 100755 --- a/crypto/fscrypt/KeyUtil.h +++ b/crypto/fscrypt/KeyUtil.h @@ -19,6 +19,7 @@ #include "KeyBuffer.h" #include "KeyStorage.h" +#include "Keymaster.h" #include #include @@ -31,7 +32,7 @@ bool installKey(const KeyBuffer& key, std::string* raw_ref); bool evictKey(const std::string& raw_ref); bool retrieveAndInstallKey(bool create_if_absent, const KeyAuthentication& key_authentication, const std::string& key_path, const std::string& tmp_path, - std::string* key_ref); + std::string* key_ref, bool wrapped_key_supported); bool retrieveKey(bool create_if_absent, const std::string& key_path, const std::string& tmp_path, KeyBuffer* key, bool keepOld = true); diff --git a/crypto/fscrypt/Keymaster.cpp b/crypto/fscrypt/Keymaster.cpp index aad43874..ab39ef8d 100755 --- a/crypto/fscrypt/Keymaster.cpp +++ b/crypto/fscrypt/Keymaster.cpp @@ -138,6 +138,32 @@ bool Keymaster::generateKey(const km::AuthorizationSet& inParams, std::string* k return true; } +bool Keymaster::exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId, + const std::string& appData, std::string* key) { + auto kmKeyBlob = km::support::blob2hidlVec(std::string(kmKey.data(), kmKey.size())); + auto emptyAssign = NULL; + auto kmClientId = (clientId == "!") ? emptyAssign: km::support::blob2hidlVec(clientId); + auto kmAppData = (appData == "!") ? emptyAssign: km::support::blob2hidlVec(appData); + km::ErrorCode km_error; + auto hidlCb = [&](km::ErrorCode ret, const hidl_vec& exportedKeyBlob) { + km_error = ret; + if (km_error != km::ErrorCode::OK) return; + if(key) + key->assign(reinterpret_cast(&exportedKeyBlob[0]), + exportedKeyBlob.size()); + }; + auto error = mDevice->exportKey(format, kmKeyBlob, kmClientId, kmAppData, hidlCb); + if (!error.isOk()) { + LOG(ERROR) << "export_key failed: " << error.description(); + return false; + } + if (km_error != km::ErrorCode::OK) { + LOG(ERROR) << "export_key failed, code " << int32_t(km_error); + return false; + } + return true; +} + bool Keymaster::deleteKey(const std::string& key) { auto keyBlob = km::support::blob2hidlVec(key); auto error = mDevice->deleteKey(keyBlob); diff --git a/crypto/fscrypt/Keymaster.h b/crypto/fscrypt/Keymaster.h index 42a2b5d4..4301a9cf 100644 --- a/crypto/fscrypt/Keymaster.h +++ b/crypto/fscrypt/Keymaster.h @@ -102,6 +102,9 @@ class Keymaster { explicit operator bool() { return mDevice.get() != nullptr; } // Generate a key in the keymaster from the given params. bool generateKey(const km::AuthorizationSet& inParams, std::string* key); + // Export a key from keymaster. + bool exportKey(km::KeyFormat format, KeyBuffer& kmKey, const std::string& clientId, + const std::string& appData, std::string* key); // If the keymaster supports it, permanently delete a key. bool deleteKey(const std::string& key); // Replace stored key blob in response to KM_ERROR_KEY_REQUIRES_UPGRADE.