gugelfrei
/
android_system_vold
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'gugelfrei'
${ noResults }
android_system_vold/KeyStorage.h

92 lines
3.7 KiB
Raw Permalink Normal View History Unescape

Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
8 years ago
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef ANDROID_VOLD_KEYSTORAGE_H
#define ANDROID_VOLD_KEYSTORAGE_H
Zero memory used for encryuption keys. std::vector with custom zeroing allocator is used instead of std::string for data that can contain encryption keys. Bug: 64201177 Test: manually created a managed profile, changed it's credentials Test: manually upgraded a phone with profile from O to MR1. Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd
7 years ago
#include "KeyBuffer.h"
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
8 years ago
#include <string>
namespace android {
namespace vold {
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
8 years ago
// Represents the information needed to decrypt a disk encryption key.
// If "token" is nonempty, it is passed in as a required Gatekeeper auth token.
Support keys with a secret but no token, which are handled not using Keymaster but in-process crypto. Bug: 33384925 Test: manual for now: patch KeyAuthentication.usesKeymaster() to always return true; flash a FBE device, add a device PIN, reboot and verify PIN can unlock FBE. Then clear device PIN, reboot and verify FBE is unlocked automatically. In both cases, check there is no keymaster_key_blob in /data/misc/vold/user_keys/ce/0/current/ Unit tests to be added. Change-Id: Ia94e2b39d60bfd98c7a8347a5ba043eeab6928c5
7 years ago
// If "token" and "secret" are nonempty, "secret" is appended to the application-specific
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
8 years ago
// binary needed to unlock.
Support keys with a secret but no token, which are handled not using Keymaster but in-process crypto. Bug: 33384925 Test: manual for now: patch KeyAuthentication.usesKeymaster() to always return true; flash a FBE device, add a device PIN, reboot and verify PIN can unlock FBE. Then clear device PIN, reboot and verify FBE is unlocked automatically. In both cases, check there is no keymaster_key_blob in /data/misc/vold/user_keys/ce/0/current/ Unit tests to be added. Change-Id: Ia94e2b39d60bfd98c7a8347a5ba043eeab6928c5
7 years ago
// If only "secret" is nonempty, it is used to decrypt in a non-Keymaster process.
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
8 years ago
class KeyAuthentication {
Run clang-format over ext4crypt related code The formatting here is inconsistent with Android house style; use clang-format to bring it back into line. Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
8 years ago
public:
vold: Pass std::string by const reference In a couple places, we change to pass a std::string argument instead of by copy. Test: TreeHugger Change-Id: Ib179299a2322fcbab4e6d192051218823ad66a36
5 years ago
KeyAuthentication(const std::string& t, const std::string& s) : token{t}, secret{s} {};
Support keys with a secret but no token, which are handled not using Keymaster but in-process crypto. Bug: 33384925 Test: manual for now: patch KeyAuthentication.usesKeymaster() to always return true; flash a FBE device, add a device PIN, reboot and verify PIN can unlock FBE. Then clear device PIN, reboot and verify FBE is unlocked automatically. In both cases, check there is no keymaster_key_blob in /data/misc/vold/user_keys/ce/0/current/ Unit tests to be added. Change-Id: Ia94e2b39d60bfd98c7a8347a5ba043eeab6928c5
7 years ago
bool usesKeymaster() const { return !token.empty() || secret.empty(); };
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
8 years ago
const std::string token;
const std::string secret;
};
extern const KeyAuthentication kEmptyAuthentication;
Refactor to lay the groundwork for metadata encryption Bug: 26778031 Test: Angler, Marlin build and boot Change-Id: Ic136dfe6195a650f7db76d3489f36da6a1929dc5
8 years ago
// Checks if path "path" exists.
bool pathExists(const std::string& path);
When we forget a volume, forget per-volume key Protect all per-volume-per-user keys with a per-volume key, which is forgotten when the volume is forgotten. This means that the user's key is securely lost even when their storage is encrypted at forgetting time. Bug: 25861755 Test: create a volume, forget it, check logs and filesystem. Change-Id: I8df77bc91bbfa2258e082ddd54d6160dbf39b378
7 years ago
bool createSecdiscardable(const std::string& path, std::string* hash);
bool readSecdiscardable(const std::string& path, std::string* hash);
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
8 years ago
// Create a directory at the named path, and store "key" in it,
// in such a way that it can only be retrieved via Keymaster and
// can be securely deleted.
// It's safe to move/rename the directory after creation.
Zero memory used for encryuption keys. std::vector with custom zeroing allocator is used instead of std::string for data that can contain encryption keys. Bug: 64201177 Test: manually created a managed profile, changed it's credentials Test: manually upgraded a phone with profile from O to MR1. Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd
7 years ago
bool storeKey(const std::string& dir, const KeyAuthentication& auth, const KeyBuffer& key);
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
8 years ago
Refactor to lay the groundwork for metadata encryption Bug: 26778031 Test: Angler, Marlin build and boot Change-Id: Ic136dfe6195a650f7db76d3489f36da6a1929dc5
8 years ago
// Create a directory at the named path, and store "key" in it as storeKey
// This version creates the key in "tmp_path" then atomically renames "tmp_path"
// to "key_path" thereby ensuring that the key is either stored entirely or
// not at all.
bool storeKeyAtomically(const std::string& key_path, const std::string& tmp_path,
Zero memory used for encryuption keys. std::vector with custom zeroing allocator is used instead of std::string for data that can contain encryption keys. Bug: 64201177 Test: manually created a managed profile, changed it's credentials Test: manually upgraded a phone with profile from O to MR1. Change-Id: Ic31877049f69eba9f8ea64fd99acaaca5a01d3dd
7 years ago
const KeyAuthentication& auth, const KeyBuffer& key);
Refactor to lay the groundwork for metadata encryption Bug: 26778031 Test: Angler, Marlin build and boot Change-Id: Ic136dfe6195a650f7db76d3489f36da6a1929dc5
8 years ago
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
8 years ago
// Retrieve the key from the named directory.
KeyUtil: don't use keepOld=true for system DE and volume keys Commit 77df7f207dce / http://aosp/1217657 ("Refactor to use EncryptionPolicy everywhere we used to use raw_ref") unintentionally made fscrypt_initialize_systemwide_keys() start specifying keepOld=true (via default parameter value) when retrieving the system DE key, and likewise for read_or_create_volkey() and volume keys. As a result, if the associated Keymaster key needs to be upgraded, the upgraded key blob gets written to "keymaster_key_blob_upgraded", but it doesn't replace the original "keymaster_key_blob", nor is the original key deleted from Keymaster. This happens at every boot, eventually resulting in the RPMB partition in Keymaster becoming full. Only the metadata encryption key ever needs keepOld=true, since it's the only key that isn't stored in /data, and the purpose of keepOld=true is to allow a key that isn't stored in /data to be committed or rolled back when a userdata checkpoint is committed or rolled back. So, fix this bug by removing the default value of keepOld, and specifying false everywhere except the metadata encryption key. Note that when an affected device gets this fix, it will finally upgrade its system DE key correctly. However, this fix doesn't free up space in Keymaster that was consumed by this bug. Test: On bramble: - Flashed rvc-d1-dev build, with wiping userdata - Flashed a newer build, without wiping userdata - Log expectedly shows key upgrades: $ adb logcat | grep 'Upgrading key' D vold : Upgrading key: /metadata/vold/metadata_encryption/key D vold : Upgrading key: /data/unencrypted/key D vold : Upgrading key: /data/misc/vold/user_keys/de/0 D vold : Upgrading key: /data/misc/vold/user_keys/ce/0/current - Rebooted - Log unexpectedly shows the system DE key being upgraded again: $ adb logcat | grep 'Upgrading key' D vold : Upgrading key: /data/unencrypted/key - "keymaster_key_blob_upgraded" unexpectedly still exists: $ adb shell find /data /metadata -name keymaster_key_blob_upgraded /data/unencrypted/key/keymaster_key_blob_upgraded - Applied this fix and flashed, without wiping userdata - Log shows system DE key being upgraded (expected because due to the bug, the upgraded key didn't replace the original one before) $ adb logcat | grep 'Upgrading key' D vold : Upgrading key: /data/unencrypted/key - "keymaster_key_blob_upgraded" expectedly no longer exists $ adb shell find /data /metadata -name keymaster_key_blob_upgraded - Rebooted - Log expectedly doesn't show any more key upgrades $ adb logcat | grep 'Upgrading key' Bug: 171944521 Bug: 172019387 (cherry picked from commit c493903732d0c17b33091cf722cbcc3262292801) Merged-In: I42d3f5fbe32cb2ec229f4b614cfb271412a3ed29 Change-Id: I42d3f5fbe32cb2ec229f4b614cfb271412a3ed29
4 years ago
//
// If the key is wrapped by a Keymaster key that requires an upgrade, then that
// Keymaster key is upgraded. If |keepOld| is false, then the upgraded
// Keymaster key replaces the original one. As part of this, the original is
// deleted from Keymaster; however, if a user data checkpoint is active, this
// part is delayed until the checkpoint is committed.
//
// If instead |keepOld| is true, then the upgraded key doesn't actually replace
// the original one. This is needed *only* if |dir| isn't located in /data and
// a user data checkpoint is active. In this case the caller must handle
// replacing the original key if the checkpoint is committed, and deleting the
// upgraded key if the checkpoint is rolled back.
Add Support for metadata key with rollback This adds the ability to upgrade a key and retain the old one for rollback purposes. We delete the old key if we boot successfully and delete the new key if we do not. Test: Enable checkpointing and test rolling back between two versions Bug: 111020314 Change-Id: I19f31a1ac06a811c0644fc956e61b5ca84e7241a
6 years ago
bool retrieveKey(const std::string& dir, const KeyAuthentication& auth, KeyBuffer* key,
KeyUtil: don't use keepOld=true for system DE and volume keys Commit 77df7f207dce / http://aosp/1217657 ("Refactor to use EncryptionPolicy everywhere we used to use raw_ref") unintentionally made fscrypt_initialize_systemwide_keys() start specifying keepOld=true (via default parameter value) when retrieving the system DE key, and likewise for read_or_create_volkey() and volume keys. As a result, if the associated Keymaster key needs to be upgraded, the upgraded key blob gets written to "keymaster_key_blob_upgraded", but it doesn't replace the original "keymaster_key_blob", nor is the original key deleted from Keymaster. This happens at every boot, eventually resulting in the RPMB partition in Keymaster becoming full. Only the metadata encryption key ever needs keepOld=true, since it's the only key that isn't stored in /data, and the purpose of keepOld=true is to allow a key that isn't stored in /data to be committed or rolled back when a userdata checkpoint is committed or rolled back. So, fix this bug by removing the default value of keepOld, and specifying false everywhere except the metadata encryption key. Note that when an affected device gets this fix, it will finally upgrade its system DE key correctly. However, this fix doesn't free up space in Keymaster that was consumed by this bug. Test: On bramble: - Flashed rvc-d1-dev build, with wiping userdata - Flashed a newer build, without wiping userdata - Log expectedly shows key upgrades: $ adb logcat | grep 'Upgrading key' D vold : Upgrading key: /metadata/vold/metadata_encryption/key D vold : Upgrading key: /data/unencrypted/key D vold : Upgrading key: /data/misc/vold/user_keys/de/0 D vold : Upgrading key: /data/misc/vold/user_keys/ce/0/current - Rebooted - Log unexpectedly shows the system DE key being upgraded again: $ adb logcat | grep 'Upgrading key' D vold : Upgrading key: /data/unencrypted/key - "keymaster_key_blob_upgraded" unexpectedly still exists: $ adb shell find /data /metadata -name keymaster_key_blob_upgraded /data/unencrypted/key/keymaster_key_blob_upgraded - Applied this fix and flashed, without wiping userdata - Log shows system DE key being upgraded (expected because due to the bug, the upgraded key didn't replace the original one before) $ adb logcat | grep 'Upgrading key' D vold : Upgrading key: /data/unencrypted/key - "keymaster_key_blob_upgraded" expectedly no longer exists $ adb shell find /data /metadata -name keymaster_key_blob_upgraded - Rebooted - Log expectedly doesn't show any more key upgrades $ adb logcat | grep 'Upgrading key' Bug: 171944521 Bug: 172019387 (cherry picked from commit c493903732d0c17b33091cf722cbcc3262292801) Merged-In: I42d3f5fbe32cb2ec229f4b614cfb271412a3ed29 Change-Id: I42d3f5fbe32cb2ec229f4b614cfb271412a3ed29
4 years ago
bool keepOld);
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
8 years ago
// Securely destroy the key stored in the named directory and delete the directory.
Run clang-format over ext4crypt related code The formatting here is inconsistent with Android house style; use clang-format to bring it back into line. Change-Id: Id1fe6ff54e9b668ca88c3fc021ae0a5bdd1327eb
8 years ago
bool destroyKey(const std::string& dir);
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
8 years ago
Add secdiscard command for secure deletion of files This is used by LockSettingsService to delete sensitive credential files. Bug: 34600579 Test: manual - change device lock under synthetic password, verify old data on disk is erased. Change-Id: I5e11b559ad8818bd2ad2b321d67d21477aab7555
7 years ago
bool runSecdiscardSingle(const std::string& file);
vold: Support Storage keys for FBE To prevent keys from being compromised if an attacker acquires read access to kernel memory, some inline encryption hardware supports protecting the keys in hardware without software having access to or the ability to set the plaintext keys. Instead, software only sees "wrapped keys", which may differ on every boot. 'wrappedkey_v0' fileencryption flag is used to denote that the device supports inline encryption hardware that supports this feature. On such devices keymaster is used to generate keys with STORAGE_KEY tag and export a per-boot ephemerally wrapped storage key to install it in the kernel. The wrapped key framework in the linux kernel ensures the wrapped key is provided to the inline encryption hardware where it is unwrapped and the file contents key is derived to encrypt contents without revealing the plaintext key in the clear. Test: FBE validation with Fscrypt v2 + inline crypt + wrapped key changes kernel. Bug: 147733587 Change-Id: I1f0de61b56534ec1df9baef075acb74bacd00758
4 years ago
// Generate wrapped storage key using keymaster. Uses STORAGE_KEY tag in keymaster.
bool generateWrappedStorageKey(KeyBuffer* key);
// Export the per-boot boot wrapped storage key using keymaster.
bool exportWrappedStorageKey(const KeyBuffer& kmKey, KeyBuffer* key);
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
8 years ago
} // namespace vold
} // namespace android
#endif