gugelfrei
/
android_system_vold
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd9b9295b8c'
${ noResults }
android_system_vold/KeyStorage.cpp

342 lines
13 KiB
Raw Normal View History Unescape

Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
/*
* Copyright (C) 2016 The Android Open Source Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "KeyStorage.h"
#include "Keymaster.h"
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
9 years ago
#include "ScryptParameters.h"
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
#include "Utils.h"
#include <vector>
#include <errno.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <openssl/sha.h>
#include <android-base/file.h>
#include <android-base/logging.h>
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
9 years ago
#include <cutils/properties.h>
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
#include <keymaster/authorization_set.h>
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
9 years ago
extern "C" {
#include "crypto_scrypt.h"
}
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
namespace android {
namespace vold {
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
9 years ago
const KeyAuthentication kEmptyAuthentication { "", "" };
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
static constexpr size_t AES_KEY_BYTES = 32;
static constexpr size_t GCM_NONCE_BYTES = 12;
static constexpr size_t GCM_MAC_BYTES = 16;
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
9 years ago
static constexpr size_t SALT_BYTES = 1<<4;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
static constexpr size_t SECDISCARDABLE_BYTES = 1<<14;
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
9 years ago
static constexpr size_t STRETCHED_BYTES = 1<<6;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
9 years ago
static const char* kCurrentVersion = "1";
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
static const char* kRmPath = "/system/bin/rm";
static const char* kSecdiscardPath = "/system/bin/secdiscard";
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
9 years ago
static const char* kStretch_none = "none";
static const char* kStretch_nopassword = "nopassword";
static const std::string kStretchPrefix_scrypt = "scrypt ";
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
static const char* kFn_encrypted_key = "encrypted_key";
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
9 years ago
static const char* kFn_keymaster_key_blob = "keymaster_key_blob";
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
9 years ago
static const char* kFn_salt = "salt";
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
static const char* kFn_secdiscardable = "secdiscardable";
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
9 years ago
static const char* kFn_stretching = "stretching";
static const char* kFn_version = "version";
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
static bool checkSize(const std::string& kind, size_t actual, size_t expected) {
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
if (actual != expected) {
LOG(ERROR) << "Wrong number of bytes in " << kind << ", expected " << expected
<< " got " << actual;
return false;
}
return true;
}
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
static std::string hashSecdiscardable(const std::string &secdiscardable) {
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
SHA512_CTX c;
SHA512_Init(&c);
// Personalise the hashing by introducing a fixed prefix.
// Hashing applications should use personalization except when there is a
// specific reason not to; see section 4.11 of https://www.schneier.com/skein1.3.pdf
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
std::string secdiscardableHashingPrefix = "Android secdiscardable SHA512";
secdiscardableHashingPrefix.resize(SHA512_CBLOCK);
SHA512_Update(&c, secdiscardableHashingPrefix.data(), secdiscardableHashingPrefix.size());
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
SHA512_Update(&c, secdiscardable.data(), secdiscardable.size());
std::string res(SHA512_DIGEST_LENGTH, '\0');
SHA512_Final(reinterpret_cast<uint8_t *>(&res[0]), &c);
return res;
}
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
static bool generateKeymasterKey(Keymaster &keymaster,
const keymaster::AuthorizationSet &extraParams,
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
std::string &key) {
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
auto params = keymaster::AuthorizationSetBuilder()
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
.AesEncryptionKey(AES_KEY_BYTES * 8)
.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_GCM)
.Authorization(keymaster::TAG_MIN_MAC_LENGTH, GCM_MAC_BYTES * 8)
.Authorization(keymaster::TAG_PADDING, KM_PAD_NONE)
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
.Authorization(keymaster::TAG_NO_AUTH_REQUIRED) // FIXME integrate with gatekeeper
.build();
params.push_back(extraParams);
return keymaster.generateKey(params, key);
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
}
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
static bool encryptWithKeymasterKey(
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
Keymaster &keymaster,
const std::string &key,
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
const keymaster::AuthorizationSet &extraParams,
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
const std::string &message,
std::string &ciphertext) {
// FIXME fix repetition
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
auto params = keymaster::AuthorizationSetBuilder()
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_GCM)
.Authorization(keymaster::TAG_MAC_LENGTH, GCM_MAC_BYTES * 8)
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
.Authorization(keymaster::TAG_PADDING, KM_PAD_NONE)
.build();
params.push_back(extraParams);
keymaster::AuthorizationSet outParams;
auto opHandle = keymaster.begin(KM_PURPOSE_ENCRYPT, key, params, outParams);
if (!opHandle) return false;
keymaster_blob_t nonceBlob;
if (!outParams.GetTagValue(keymaster::TAG_NONCE, &nonceBlob)) {
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
LOG(ERROR) << "GCM encryption but no nonce generated";
return false;
}
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
// nonceBlob here is just a pointer into existing data, must not be freed
std::string nonce(reinterpret_cast<const char *>(nonceBlob.data), nonceBlob.data_length);
if (!checkSize("nonce", nonce.size(), GCM_NONCE_BYTES)) return false;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
std::string body;
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
if (!opHandle.updateCompletely(message, body)) return false;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
std::string mac;
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
if (!opHandle.finishWithOutput(mac)) return false;
if (!checkSize("mac", mac.size(), GCM_MAC_BYTES)) return false;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
ciphertext = nonce + body + mac;
return true;
}
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
static bool decryptWithKeymasterKey(
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
Keymaster &keymaster, const std::string &key,
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
const keymaster::AuthorizationSet &extraParams,
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
const std::string &ciphertext,
std::string &message) {
auto nonce = ciphertext.substr(0, GCM_NONCE_BYTES);
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
auto bodyAndMac = ciphertext.substr(GCM_NONCE_BYTES);
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
// FIXME fix repetition
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
auto params = addStringParam(keymaster::AuthorizationSetBuilder(), keymaster::TAG_NONCE, nonce)
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_GCM)
.Authorization(keymaster::TAG_MAC_LENGTH, GCM_MAC_BYTES * 8)
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
.Authorization(keymaster::TAG_PADDING, KM_PAD_NONE)
.build();
params.push_back(extraParams);
auto opHandle = keymaster.begin(KM_PURPOSE_DECRYPT, key, params);
if (!opHandle) return false;
if (!opHandle.updateCompletely(bodyAndMac, message)) return false;
if (!opHandle.finish()) return false;
return true;
}
static bool readFileToString(const std::string &filename, std::string &result) {
if (!android::base::ReadFileToString(filename, &result)) {
PLOG(ERROR) << "Failed to read from " << filename;
return false;
}
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
return true;
}
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
static bool writeStringToFile(const std::string &payload, const std::string &filename) {
if (!android::base::WriteStringToFile(payload, filename)) {
PLOG(ERROR) << "Failed to write to " << filename;
return false;
}
return true;
}
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
9 years ago
static std::string getStretching() {
char paramstr[PROPERTY_VALUE_MAX];
property_get(SCRYPT_PROP, paramstr, SCRYPT_DEFAULTS);
return std::string() + kStretchPrefix_scrypt + paramstr;
}
static bool stretchingNeedsSalt(const std::string &stretching) {
return stretching != kStretch_nopassword && stretching != kStretch_none;
}
static bool stretchSecret(const std::string &stretching, const std::string &secret,
const std::string &salt, std::string &stretched) {
if (stretching == kStretch_nopassword) {
if (!secret.empty()) {
Fix memory leak in generate_key wrapper. Other fixes. - catch errors in looking for the keyring - static_assert to prevent a buffer overrun - remove obsolete, misleading comment - dial down priority of some log messages - explain why we ignore some errors - idiomatic C++11 Bug: 27552432 Change-Id: Ic3ee05b41eae45e7c6b571a459b326a483663526
8 years ago
LOG(WARNING) << "Password present but stretching is nopassword";
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
9 years ago
// Continue anyway
}
stretched.clear();
} else if (stretching == kStretch_none) {
stretched = secret;
} else if (std::equal(kStretchPrefix_scrypt.begin(),
kStretchPrefix_scrypt.end(), stretching.begin())) {
int Nf, rf, pf;
if (!parse_scrypt_parameters(
stretching.substr(kStretchPrefix_scrypt.size()).c_str(), &Nf, &rf, &pf)) {
LOG(ERROR) << "Unable to parse scrypt params in stretching: " << stretching;
return false;
}
stretched.assign(STRETCHED_BYTES, '\0');
if (crypto_scrypt(
reinterpret_cast<const uint8_t *>(secret.data()), secret.size(),
reinterpret_cast<const uint8_t *>(salt.data()), salt.size(),
1 << Nf, 1 << rf, 1 << pf,
reinterpret_cast<uint8_t *>(&stretched[0]), stretched.size()) != 0) {
LOG(ERROR) << "scrypt failed with params: " << stretching;
return false;
}
} else {
LOG(ERROR) << "Unknown stretching type: " << stretching;
return false;
}
return true;
}
static bool buildParams(const KeyAuthentication &auth, const std::string &stretching,
const std::string &salt, const std::string &secdiscardable,
keymaster::AuthorizationSet &result) {
std::string stretched;
if (!stretchSecret(stretching, auth.secret, salt, stretched)) return false;
auto appId = hashSecdiscardable(secdiscardable) + stretched;
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
9 years ago
keymaster::AuthorizationSetBuilder paramBuilder;
addStringParam(paramBuilder, keymaster::TAG_APPLICATION_ID, appId);
if (!auth.token.empty()) {
addStringParam(paramBuilder, keymaster::TAG_AUTH_TOKEN, auth.token);
}
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
9 years ago
result = paramBuilder.build();
return true;
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
9 years ago
}
bool storeKey(const std::string &dir, const KeyAuthentication &auth, const std::string &key) {
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
if (TEMP_FAILURE_RETRY(mkdir(dir.c_str(), 0700)) == -1) {
PLOG(ERROR) << "key mkdir " << dir;
return false;
}
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
9 years ago
if (!writeStringToFile(kCurrentVersion, dir + "/" + kFn_version)) return false;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
std::string secdiscardable;
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
if (ReadRandomBytes(SECDISCARDABLE_BYTES, secdiscardable) != OK) {
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
// TODO status_t plays badly with PLOG, fix it.
LOG(ERROR) << "Random read failed";
return false;
}
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
if (!writeStringToFile(secdiscardable, dir + "/" + kFn_secdiscardable)) return false;
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
9 years ago
std::string stretching = auth.secret.empty() ? kStretch_nopassword : getStretching();
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
9 years ago
if (!writeStringToFile(stretching, dir + "/" + kFn_stretching)) return false;
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
9 years ago
std::string salt;
if (stretchingNeedsSalt(stretching)) {
if (ReadRandomBytes(SALT_BYTES, salt) != OK) {
LOG(ERROR) << "Random read failed";
return false;
}
if (!writeStringToFile(salt, dir + "/" + kFn_salt)) return false;
}
keymaster::AuthorizationSet extraParams;
if (!buildParams(auth, stretching, salt, secdiscardable, extraParams)) return false;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
Keymaster keymaster;
if (!keymaster) return false;
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
std::string kmKey;
if (!generateKeymasterKey(keymaster, extraParams, kmKey)) return false;
std::string encryptedKey;
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
9 years ago
if (!encryptWithKeymasterKey(keymaster, kmKey, extraParams, key, encryptedKey)) return false;
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
if (!writeStringToFile(kmKey, dir + "/" + kFn_keymaster_key_blob)) return false;
if (!writeStringToFile(encryptedKey, dir + "/" + kFn_encrypted_key)) return false;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
return true;
}
Password security for FBE disk encryption keys Added a new call change_user_key which changes the way that disk encryption keys are protected; a key can now be protected with a combination of an auth token and a secret which is a hashed password. Both of these are passed to unlock_user_key. This change introduces a security bug, b/26948053, which must be fixed before we ship. Bug: 22950892 Change-Id: Iac1e45bb6f86f2af5c472c70a0fe3228b02115bf
9 years ago
bool retrieveKey(const std::string &dir, const KeyAuthentication &auth, std::string &key) {
std::string version;
if (!readFileToString(dir + "/" + kFn_version, version)) return false;
if (version != kCurrentVersion) {
LOG(ERROR) << "Version mismatch, expected " << kCurrentVersion << " got " << version;
return false;
}
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
std::string secdiscardable;
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
if (!readFileToString(dir + "/" + kFn_secdiscardable, secdiscardable)) return false;
Add scrypt-based password stretching. Bug: 27056334 Change-Id: Ifa7f776c21c439f89dad7836175fbd045e1c603e
9 years ago
std::string stretching;
if (!readFileToString(dir + "/" + kFn_stretching, stretching)) return false;
std::string salt;
if (stretchingNeedsSalt(stretching)) {
if (!readFileToString(dir + "/" + kFn_salt, salt)) return false;
}
keymaster::AuthorizationSet extraParams;
if (!buildParams(auth, stretching, salt, secdiscardable, extraParams)) return false;
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
std::string kmKey;
if (!readFileToString(dir + "/" + kFn_keymaster_key_blob, kmKey)) return false;
std::string encryptedMessage;
if (!readFileToString(dir + "/" + kFn_encrypted_key, encryptedMessage)) return false;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
Keymaster keymaster;
if (!keymaster) return false;
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
return decryptWithKeymasterKey(keymaster, kmKey, extraParams, encryptedMessage, key);
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
}
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
static bool deleteKey(const std::string &dir) {
std::string kmKey;
if (!readFileToString(dir + "/" + kFn_keymaster_key_blob, kmKey)) return false;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
Keymaster keymaster;
if (!keymaster) return false;
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
if (!keymaster.deleteKey(kmKey)) return false;
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
return true;
}
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
static bool secdiscardSecdiscardable(const std::string &dir) {
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
if (ForkExecvp(std::vector<std::string> {
kSecdiscardPath, "--", dir + "/" + kFn_secdiscardable}) != 0) {
LOG(ERROR) << "secdiscard failed";
return false;
}
return true;
}
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
static bool recursiveDeleteKey(const std::string &dir) {
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
if (ForkExecvp(std::vector<std::string> {
kRmPath, "-rf", dir}) != 0) {
LOG(ERROR) << "recursive delete failed";
return false;
}
return true;
}
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
bool destroyKey(const std::string &dir) {
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
bool success = true;
// Try each thing, even if previous things failed.
Improvements to the key storage module The key storage module didn't comply with Android coding standards and had room for improvemnet in a few other ways, so have cleaned up. Change-Id: I260ccff316423169cf887e538113b5ea400892f2
9 years ago
success &= deleteKey(dir);
success &= secdiscardSecdiscardable(dir);
success &= recursiveDeleteKey(dir);
Use a keymaster-based key storage module Instead of writing raw keys, encrypt the keys with keymaster. This paves the way to protecting them with auth tokens and passwords later. In addition, fold in the hash of a 16k file into their encryption, to ensure secure deletion works properly. Now even C++ier! Bug: 22502684 Bug: 22950892 Change-Id: If70f139e342373533c42d5a298444b8438428322
9 years ago
return success;
}
} // namespace vold
} // namespace android