diff options
| -rw-r--r-- | cmds/keystore/Android.mk | 4 | ||||
| -rw-r--r-- | cmds/keystore/keystore.c | 590 | ||||
| -rw-r--r-- | cmds/keystore/keystore.cpp | 812 | ||||
| -rw-r--r-- | cmds/keystore/keystore.h | 20 | ||||
| -rw-r--r-- | cmds/keystore/keystore_cli.cpp (renamed from cmds/keystore/keystore_cli.c) | 46 | ||||
| -rw-r--r-- | core/java/com/android/internal/widget/LockPatternUtils.java | 9 | ||||
| -rw-r--r-- | keystore/java/android/security/KeyStore.java | 70 | ||||
| -rwxr-xr-x | keystore/tests/src/android/security/KeyStoreTest.java | 67 | ||||
| -rw-r--r-- | policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java | 2 | ||||
| -rw-r--r-- | policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java | 2 |
10 files changed, 938 insertions, 684 deletions
diff --git a/cmds/keystore/Android.mk b/cmds/keystore/Android.mk index 15a199f..67dd9f8 100644 --- a/cmds/keystore/Android.mk +++ b/cmds/keystore/Android.mk @@ -19,14 +19,14 @@ ifneq ($(TARGET_SIMULATOR),true) LOCAL_PATH:= $(call my-dir) include $(CLEAR_VARS) -LOCAL_SRC_FILES := keystore.c +LOCAL_SRC_FILES := keystore.cpp LOCAL_C_INCLUDES := external/openssl/include LOCAL_SHARED_LIBRARIES := libcutils libcrypto LOCAL_MODULE:= keystore include $(BUILD_EXECUTABLE) include $(CLEAR_VARS) -LOCAL_SRC_FILES := keystore_cli.c +LOCAL_SRC_FILES := keystore_cli.cpp LOCAL_C_INCLUDES := external/openssl/include LOCAL_SHARED_LIBRARIES := libcutils libcrypto LOCAL_MODULE:= keystore_cli diff --git a/cmds/keystore/keystore.c b/cmds/keystore/keystore.c deleted file mode 100644 index e34053b..0000000 --- a/cmds/keystore/keystore.c +++ /dev/null @@ -1,590 +0,0 @@ -/* - * Copyright (C) 2009 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include <stdio.h> -#include <stdint.h> -#include <string.h> -#include <unistd.h> -#include <signal.h> -#include <errno.h> -#include <dirent.h> -#include <fcntl.h> -#include <limits.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/stat.h> -#include <sys/time.h> -#include <arpa/inet.h> - -#include <openssl/aes.h> -#include <openssl/evp.h> -#include <openssl/md5.h> - -#define LOG_TAG "keystore" -#include <cutils/log.h> -#include <cutils/sockets.h> -#include <private/android_filesystem_config.h> - -#include "keystore.h" - -/* KeyStore is a secured storage for key-value pairs. In this implementation, - * each file stores one key-value pair. Keys are encoded in file names, and - * values are encrypted with checksums. The encryption key is protected by a - * user-defined password. To keep things simple, buffers are always larger than - * the maximum space we needed, so boundary checks on buffers are omitted. */ - -#define KEY_SIZE ((NAME_MAX - 15) / 2) -#define VALUE_SIZE 32768 -#define PASSWORD_SIZE VALUE_SIZE - -/* Here is the encoding of keys. This is necessary in order to allow arbitrary - * characters in keys. Characters in [0-~] are not encoded. Others are encoded - * into two bytes. The first byte is one of [+-.] which represents the first - * two bits of the character. The second byte encodes the rest of the bits into - * [0-o]. Therefore in the worst case the length of a key gets doubled. Note - * that Base64 cannot be used here due to the need of prefix match on keys. */ - -static int encode_key(char *out, uint8_t *in, int length) -{ - int i; - for (i = length; i > 0; --i, ++in, ++out) { - if (*in >= '0' && *in <= '~') { - *out = *in; - } else { - *out = '+' + (*in >> 6); - *++out = '0' + (*in & 0x3F); - ++length; - } - } - *out = 0; - return length; -} - -static int decode_key(uint8_t *out, char *in, int length) -{ - int i; - for (i = 0; i < length; ++i, ++in, ++out) { - if (*in >= '0' && *in <= '~') { - *out = *in; - } else { - *out = (*in - '+') << 6; - *out |= (*++in - '0') & 0x3F; - --length; - } - } - *out = 0; - return length; -} - -/* Here is the protocol used in both requests and responses: - * code [length_1 message_1 ... length_n message_n] end-of-file - * where code is one byte long and lengths are unsigned 16-bit integers in - * network order. Thus the maximum length of a message is 65535 bytes. */ - -static int the_socket = -1; - -static int recv_code(int8_t *code) -{ - return recv(the_socket, code, 1, 0) == 1; -} - -static int recv_message(uint8_t *message, int length) -{ - uint8_t bytes[2]; - if (recv(the_socket, &bytes[0], 1, 0) != 1 || - recv(the_socket, &bytes[1], 1, 0) != 1) { - return -1; - } else { - int offset = bytes[0] << 8 | bytes[1]; - if (length < offset) { - return -1; - } - length = offset; - offset = 0; - while (offset < length) { - int n = recv(the_socket, &message[offset], length - offset, 0); - if (n <= 0) { - return -1; - } - offset += n; - } - } - return length; -} - -static int recv_end_of_file() -{ - uint8_t byte; - return recv(the_socket, &byte, 1, 0) == 0; -} - -static void send_code(int8_t code) -{ - send(the_socket, &code, 1, 0); -} - -static void send_message(uint8_t *message, int length) -{ - uint16_t bytes = htons(length); - send(the_socket, &bytes, 2, 0); - send(the_socket, message, length, 0); -} - -/* Here is the file format. There are two parts in blob.value, the secret and - * the description. The secret is stored in ciphertext, and its original size - * can be found in blob.length. The description is stored after the secret in - * plaintext, and its size is specified in blob.info. The total size of the two - * parts must be no more than VALUE_SIZE bytes. The first three bytes of the - * file are reserved for future use and are always set to zero. Fields other - * than blob.info, blob.length, and blob.value are modified by encrypt_blob() - * and decrypt_blob(). Thus they should not be accessed from outside. */ - -static int the_entropy = -1; - -static struct __attribute__((packed)) { - uint8_t reserved[3]; - uint8_t info; - uint8_t vector[AES_BLOCK_SIZE]; - uint8_t encrypted[0]; - uint8_t digest[MD5_DIGEST_LENGTH]; - uint8_t digested[0]; - int32_t length; - uint8_t value[VALUE_SIZE + AES_BLOCK_SIZE]; -} blob; - -static int8_t encrypt_blob(char *name, AES_KEY *aes_key) -{ - uint8_t vector[AES_BLOCK_SIZE]; - int length; - int fd; - - if (read(the_entropy, blob.vector, AES_BLOCK_SIZE) != AES_BLOCK_SIZE) { - return SYSTEM_ERROR; - } - - length = blob.length + (blob.value - blob.encrypted); - length = (length + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE * AES_BLOCK_SIZE; - - if (blob.info != 0) { - memmove(&blob.encrypted[length], &blob.value[blob.length], blob.info); - } - - blob.length = htonl(blob.length); - MD5(blob.digested, length - (blob.digested - blob.encrypted), blob.digest); - - memcpy(vector, blob.vector, AES_BLOCK_SIZE); - AES_cbc_encrypt(blob.encrypted, blob.encrypted, length, aes_key, vector, - AES_ENCRYPT); - - memset(blob.reserved, 0, sizeof(blob.reserved)); - length += (blob.encrypted - (uint8_t *)&blob) + blob.info; - - fd = open(".tmp", O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); - length -= write(fd, &blob, length); - close(fd); - return (length || rename(".tmp", name)) ? SYSTEM_ERROR : NO_ERROR; -} - -static int8_t decrypt_blob(char *name, AES_KEY *aes_key) -{ - int fd = open(name, O_RDONLY); - int length; - - if (fd == -1) { - return (errno == ENOENT) ? KEY_NOT_FOUND : SYSTEM_ERROR; - } - length = read(fd, &blob, sizeof(blob)); - close(fd); - - length -= (blob.encrypted - (uint8_t *)&blob) + blob.info; - if (length < blob.value - blob.encrypted || length % AES_BLOCK_SIZE != 0) { - return VALUE_CORRUPTED; - } - - AES_cbc_encrypt(blob.encrypted, blob.encrypted, length, aes_key, - blob.vector, AES_DECRYPT); - length -= blob.digested - blob.encrypted; - if (memcmp(blob.digest, MD5(blob.digested, length, NULL), - MD5_DIGEST_LENGTH)) { - return VALUE_CORRUPTED; - } - - length -= blob.value - blob.digested; - blob.length = ntohl(blob.length); - if (blob.length < 0 || blob.length > length) { - return VALUE_CORRUPTED; - } - if (blob.info != 0) { - memmove(&blob.value[blob.length], &blob.value[length], blob.info); - } - return NO_ERROR; -} - -/* Here are the actions. Each of them is a function without arguments. All - * information is defined in global variables, which are set properly before - * performing an action. The number of parameters required by each action is - * fixed and defined in a table. If the return value of an action is positive, - * it will be treated as a response code and transmitted to the client. Note - * that the lengths of parameters are checked when they are received, so - * boundary checks on parameters are omitted. */ - -#define MAX_PARAM 2 -#define MAX_RETRY 4 - -static uid_t uid = -1; -static int8_t state = UNINITIALIZED; -static int8_t retry = MAX_RETRY; - -static struct { - int length; - uint8_t value[VALUE_SIZE]; -} params[MAX_PARAM]; - -static AES_KEY encryption_key; -static AES_KEY decryption_key; - -static int8_t test() -{ - return state; -} - -static int8_t get() -{ - char name[NAME_MAX]; - int n = sprintf(name, "%u_", uid); - encode_key(&name[n], params[0].value, params[0].length); - n = decrypt_blob(name, &decryption_key); - if (n != NO_ERROR) { - return n; - } - send_code(NO_ERROR); - send_message(blob.value, blob.length); - return -NO_ERROR; -} - -static int8_t insert() -{ - char name[NAME_MAX]; - int n = sprintf(name, "%u_", uid); - encode_key(&name[n], params[0].value, params[0].length); - blob.info = 0; - blob.length = params[1].length; - memcpy(blob.value, params[1].value, params[1].length); - return encrypt_blob(name, &encryption_key); -} - -static int8_t delete() -{ - char name[NAME_MAX]; - int n = sprintf(name, "%u_", uid); - encode_key(&name[n], params[0].value, params[0].length); - return (unlink(name) && errno != ENOENT) ? SYSTEM_ERROR : NO_ERROR; -} - -static int8_t exist() -{ - char name[NAME_MAX]; - int n = sprintf(name, "%u_", uid); - encode_key(&name[n], params[0].value, params[0].length); - if (access(name, R_OK) == -1) { - return (errno != ENOENT) ? SYSTEM_ERROR : KEY_NOT_FOUND; - } - return NO_ERROR; -} - -static int8_t saw() -{ - DIR *dir = opendir("."); - struct dirent *file; - char name[NAME_MAX]; - int n; - - if (!dir) { - return SYSTEM_ERROR; - } - n = sprintf(name, "%u_", uid); - n += encode_key(&name[n], params[0].value, params[0].length); - send_code(NO_ERROR); - while ((file = readdir(dir)) != NULL) { - if (!strncmp(name, file->d_name, n)) { - char *p = &file->d_name[n]; - params[0].length = decode_key(params[0].value, p, strlen(p)); - send_message(params[0].value, params[0].length); - } - } - closedir(dir); - return -NO_ERROR; -} - -static int8_t reset() -{ - DIR *dir = opendir("."); - struct dirent *file; - - memset(&encryption_key, 0, sizeof(encryption_key)); - memset(&decryption_key, 0, sizeof(decryption_key)); - state = UNINITIALIZED; - retry = MAX_RETRY; - - if (!dir) { - return SYSTEM_ERROR; - } - while ((file = readdir(dir)) != NULL) { - unlink(file->d_name); - } - closedir(dir); - return NO_ERROR; -} - -#define MASTER_KEY_FILE ".masterkey" -#define MASTER_KEY_SIZE 16 -#define SALT_SIZE 16 - -static void set_key(uint8_t *key, uint8_t *password, int length, uint8_t *salt) -{ - if (salt) { - PKCS5_PBKDF2_HMAC_SHA1((char *)password, length, salt, SALT_SIZE, - 8192, MASTER_KEY_SIZE, key); - } else { - PKCS5_PBKDF2_HMAC_SHA1((char *)password, length, (uint8_t *)"keystore", - sizeof("keystore"), 1024, MASTER_KEY_SIZE, key); - } -} - -/* Here is the history. To improve the security, the parameters to generate the - * master key has been changed. To make a seamless transition, we update the - * file using the same password when the user unlock it for the first time. If - * any thing goes wrong during the transition, the new file will not overwrite - * the old one. This avoids permanent damages of the existing data. */ - -static int8_t password() -{ - uint8_t key[MASTER_KEY_SIZE]; - AES_KEY aes_key; - int8_t response = SYSTEM_ERROR; - - if (state == UNINITIALIZED) { - if (read(the_entropy, blob.value, MASTER_KEY_SIZE) != MASTER_KEY_SIZE) { - return SYSTEM_ERROR; - } - } else { - int fd = open(MASTER_KEY_FILE, O_RDONLY); - uint8_t *salt = NULL; - if (fd != -1) { - int length = read(fd, &blob, sizeof(blob)); - close(fd); - if (length > SALT_SIZE && blob.info == SALT_SIZE) { - salt = (uint8_t *)&blob + length - SALT_SIZE; - } - } - - set_key(key, params[0].value, params[0].length, salt); - AES_set_decrypt_key(key, MASTER_KEY_SIZE * 8, &aes_key); - response = decrypt_blob(MASTER_KEY_FILE, &aes_key); - if (response == SYSTEM_ERROR) { - return SYSTEM_ERROR; - } - if (response != NO_ERROR || blob.length != MASTER_KEY_SIZE) { - if (retry <= 0) { - reset(); - return UNINITIALIZED; - } - return WRONG_PASSWORD + --retry; - } - - if (!salt && params[1].length == -1) { - params[1] = params[0]; - } - } - - if (params[1].length == -1) { - memcpy(key, blob.value, MASTER_KEY_SIZE); - } else { - uint8_t *salt = &blob.value[MASTER_KEY_SIZE]; - if (read(the_entropy, salt, SALT_SIZE) != SALT_SIZE) { - return SYSTEM_ERROR; - } - - set_key(key, params[1].value, params[1].length, salt); - AES_set_encrypt_key(key, MASTER_KEY_SIZE * 8, &aes_key); - memcpy(key, blob.value, MASTER_KEY_SIZE); - blob.info = SALT_SIZE; - blob.length = MASTER_KEY_SIZE; - response = encrypt_blob(MASTER_KEY_FILE, &aes_key); - } - - if (response == NO_ERROR) { - AES_set_encrypt_key(key, MASTER_KEY_SIZE * 8, &encryption_key); - AES_set_decrypt_key(key, MASTER_KEY_SIZE * 8, &decryption_key); - state = NO_ERROR; - retry = MAX_RETRY; - } - return response; -} - -static int8_t lock() -{ - memset(&encryption_key, 0, sizeof(encryption_key)); - memset(&decryption_key, 0, sizeof(decryption_key)); - state = LOCKED; - return NO_ERROR; -} - -static int8_t unlock() -{ - params[1].length = -1; - return password(); -} - -/* Here are the permissions, actions, users, and the main function. */ - -enum perm { - TEST = 1, - GET = 2, - INSERT = 4, - DELETE = 8, - EXIST = 16, - SAW = 32, - RESET = 64, - PASSWORD = 128, - LOCK = 256, - UNLOCK = 512, -}; - -static struct action { - int8_t (*run)(); - int8_t code; - int8_t state; - uint32_t perm; - int lengths[MAX_PARAM]; -} actions[] = { - {test, 't', 0, TEST, {0}}, - {get, 'g', NO_ERROR, GET, {KEY_SIZE}}, - {insert, 'i', NO_ERROR, INSERT, {KEY_SIZE, VALUE_SIZE}}, - {delete, 'd', 0, DELETE, {KEY_SIZE}}, - {exist, 'e', 0, EXIST, {KEY_SIZE}}, - {saw, 's', 0, SAW, {KEY_SIZE}}, - {reset, 'r', 0, RESET, {0}}, - {password, 'p', 0, PASSWORD, {PASSWORD_SIZE, PASSWORD_SIZE}}, - {lock, 'l', NO_ERROR, LOCK, {0}}, - {unlock, 'u', LOCKED, UNLOCK, {PASSWORD_SIZE}}, - {NULL, 0 , 0, 0, {0}}, -}; - -static struct user { - uid_t uid; - uid_t euid; - uint32_t perms; -} users[] = { - {AID_SYSTEM, ~0, ~GET}, - {AID_VPN, AID_SYSTEM, GET}, - {AID_WIFI, AID_SYSTEM, GET}, - {AID_ROOT, AID_SYSTEM, GET}, - {AID_KEYCHAIN, AID_SYSTEM, TEST | GET | SAW}, - {~0, ~0, TEST | GET | INSERT | DELETE | EXIST | SAW}, -}; - -static int8_t process(int8_t code) { - struct user *user = users; - struct action *action = actions; - int i; - - while (~user->uid && user->uid != uid) { - ++user; - } - while (action->code && action->code != code) { - ++action; - } - if (!action->code) { - return UNDEFINED_ACTION; - } - if (!(action->perm & user->perms)) { - return PERMISSION_DENIED; - } - if (action->state && action->state != state) { - return state; - } - if (~user->euid) { - uid = user->euid; - } - for (i = 0; i < MAX_PARAM && action->lengths[i]; ++i) { - params[i].length = recv_message(params[i].value, action->lengths[i]); - if (params[i].length == -1) { - return PROTOCOL_ERROR; - } - } - if (!recv_end_of_file()) { - return PROTOCOL_ERROR; - } - return action->run(); -} - -#define RANDOM_DEVICE "/dev/urandom" - -int main(int argc, char **argv) -{ - int control_socket = android_get_control_socket("keystore"); - if (argc < 2) { - LOGE("A directory must be specified!"); - return 1; - } - if (chdir(argv[1]) == -1) { - LOGE("chdir: %s: %s", argv[1], strerror(errno)); - return 1; - } - if ((the_entropy = open(RANDOM_DEVICE, O_RDONLY)) == -1) { - LOGE("open: %s: %s", RANDOM_DEVICE, strerror(errno)); - return 1; - } - if (listen(control_socket, 3) == -1) { - LOGE("listen: %s", strerror(errno)); - return 1; - } - - signal(SIGPIPE, SIG_IGN); - if (access(MASTER_KEY_FILE, R_OK) == 0) { - state = LOCKED; - } - - while ((the_socket = accept(control_socket, NULL, 0)) != -1) { - struct timeval tv = {.tv_sec = 3}; - struct ucred cred; - socklen_t size = sizeof(cred); - int8_t request; - - setsockopt(the_socket, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)); - setsockopt(the_socket, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)); - - if (getsockopt(the_socket, SOL_SOCKET, SO_PEERCRED, &cred, &size)) { - LOGW("getsockopt: %s", strerror(errno)); - } else if (recv_code(&request)) { - int8_t old_state = state; - int8_t response; - uid = cred.uid; - - if ((response = process(request)) > 0) { - send_code(response); - response = -response; - } - - LOGI("uid: %d action: %c -> %d state: %d -> %d retry: %d", - cred.uid, request, -response, old_state, state, retry); - } - close(the_socket); - } - LOGE("accept: %s", strerror(errno)); - return 1; -} diff --git a/cmds/keystore/keystore.cpp b/cmds/keystore/keystore.cpp new file mode 100644 index 0000000..31db9fd --- /dev/null +++ b/cmds/keystore/keystore.cpp @@ -0,0 +1,812 @@ +/* + * Copyright (C) 2009 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include <stdio.h> +#include <stdint.h> +#include <string.h> +#include <unistd.h> +#include <signal.h> +#include <errno.h> +#include <dirent.h> +#include <fcntl.h> +#include <limits.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/stat.h> +#include <sys/time.h> +#include <arpa/inet.h> + +#include <openssl/aes.h> +#include <openssl/evp.h> +#include <openssl/md5.h> + +#define LOG_TAG "keystore" +#include <cutils/log.h> +#include <cutils/sockets.h> +#include <private/android_filesystem_config.h> + +#include "keystore.h" + +/* KeyStore is a secured storage for key-value pairs. In this implementation, + * each file stores one key-value pair. Keys are encoded in file names, and + * values are encrypted with checksums. The encryption key is protected by a + * user-defined password. To keep things simple, buffers are always larger than + * the maximum space we needed, so boundary checks on buffers are omitted. */ + +#define KEY_SIZE ((NAME_MAX - 15) / 2) +#define VALUE_SIZE 32768 +#define PASSWORD_SIZE VALUE_SIZE + +struct Value { + int length; + uint8_t value[VALUE_SIZE]; +}; + +/* Here is the encoding of keys. This is necessary in order to allow arbitrary + * characters in keys. Characters in [0-~] are not encoded. Others are encoded + * into two bytes. The first byte is one of [+-.] which represents the first + * two bits of the character. The second byte encodes the rest of the bits into + * [0-o]. Therefore in the worst case the length of a key gets doubled. Note + * that Base64 cannot be used here due to the need of prefix match on keys. */ + +static int encode_key(char* out, uid_t uid, const Value* key) { + int n = snprintf(out, NAME_MAX, "%u_", uid); + out += n; + const uint8_t* in = key->value; + int length = key->length; + for (int i = length; i > 0; --i, ++in, ++out) { + if (*in >= '0' && *in <= '~') { + *out = *in; + } else { + *out = '+' + (*in >> 6); + *++out = '0' + (*in & 0x3F); + ++length; + } + } + *out = '\0'; + return n + length; +} + +static int decode_key(uint8_t* out, char* in, int length) { + for (int i = 0; i < length; ++i, ++in, ++out) { + if (*in >= '0' && *in <= '~') { + *out = *in; + } else { + *out = (*in - '+') << 6; + *out |= (*++in - '0') & 0x3F; + --length; + } + } + *out = '\0'; + return length; +} + +static size_t readFully(int fd, uint8_t* data, size_t size) { + size_t remaining = size; + while (remaining > 0) { + ssize_t n = TEMP_FAILURE_RETRY(read(fd, data, size)); + if (n == -1 || n == 0) { + return size-remaining; + } + data += n; + remaining -= n; + } + return size; +} + +static size_t writeFully(int fd, uint8_t* data, size_t size) { + size_t remaining = size; + while (remaining > 0) { + ssize_t n = TEMP_FAILURE_RETRY(write(fd, data, size)); + if (n == -1 || n == 0) { + return size-remaining; + } + data += n; + remaining -= n; + } + return size; +} + +class Entropy { +public: + Entropy() : mRandom(-1) {} + ~Entropy() { + if (mRandom != -1) { + close(mRandom); + } + } + + bool open() { + const char* randomDevice = "/dev/urandom"; + mRandom = ::open(randomDevice, O_RDONLY); + if (mRandom == -1) { + LOGE("open: %s: %s", randomDevice, strerror(errno)); + return false; + } + return true; + } + + bool generate_random_data(uint8_t* data, size_t size) { + return (readFully(mRandom, data, size) == size); + } + +private: + int mRandom; +}; + +/* Here is the file format. There are two parts in blob.value, the secret and + * the description. The secret is stored in ciphertext, and its original size + * can be found in blob.length. The description is stored after the secret in + * plaintext, and its size is specified in blob.info. The total size of the two + * parts must be no more than VALUE_SIZE bytes. The first three bytes of the + * file are reserved for future use and are always set to zero. Fields other + * than blob.info, blob.length, and blob.value are modified by encryptBlob() + * and decryptBlob(). Thus they should not be accessed from outside. */ + +struct __attribute__((packed)) blob { + uint8_t reserved[3]; + uint8_t info; + uint8_t vector[AES_BLOCK_SIZE]; + uint8_t encrypted[0]; + uint8_t digest[MD5_DIGEST_LENGTH]; + uint8_t digested[0]; + int32_t length; // in network byte order when encrypted + uint8_t value[VALUE_SIZE + AES_BLOCK_SIZE]; +}; + +class Blob { +public: + Blob(uint8_t* value, int32_t valueLength, uint8_t* info, uint8_t infoLength) { + mBlob.length = valueLength; + memcpy(mBlob.value, value, valueLength); + + mBlob.info = infoLength; + memcpy(mBlob.value + valueLength, info, infoLength); + } + + Blob(blob b) { + mBlob = b; + } + + Blob() {} + + uint8_t* getValue() { + return mBlob.value; + } + + int32_t getLength() { + return mBlob.length; + } + + uint8_t getInfo() { + return mBlob.info; + } + + ResponseCode encryptBlob(const char* filename, AES_KEY *aes_key, Entropy* entropy) { + if (!entropy->generate_random_data(mBlob.vector, AES_BLOCK_SIZE)) { + return SYSTEM_ERROR; + } + + // data includes the value and the value's length + size_t dataLength = mBlob.length + sizeof(mBlob.length); + // pad data to the AES_BLOCK_SIZE + size_t digestedLength = ((dataLength + AES_BLOCK_SIZE - 1) + / AES_BLOCK_SIZE * AES_BLOCK_SIZE); + // encrypted data includes the digest value + size_t encryptedLength = digestedLength + MD5_DIGEST_LENGTH; + // move info after space for padding + memmove(&mBlob.encrypted[encryptedLength], &mBlob.value[mBlob.length], mBlob.info); + // zero padding area + memset(mBlob.value + mBlob.length, 0, digestedLength - dataLength); + + mBlob.length = htonl(mBlob.length); + MD5(mBlob.digested, digestedLength, mBlob.digest); + + uint8_t vector[AES_BLOCK_SIZE]; + memcpy(vector, mBlob.vector, AES_BLOCK_SIZE); + AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, + aes_key, vector, AES_ENCRYPT); + + memset(mBlob.reserved, 0, sizeof(mBlob.reserved)); + size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob); + size_t fileLength = encryptedLength + headerLength + mBlob.info; + + const char* tmpFileName = ".tmp"; + int out = open(tmpFileName, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR); + if (out == -1) { + return SYSTEM_ERROR; + } + size_t writtenBytes = writeFully(out, (uint8_t*) &mBlob, fileLength); + if (close(out) != 0) { + return SYSTEM_ERROR; + } + if (writtenBytes != fileLength) { + unlink(tmpFileName); + return SYSTEM_ERROR; + } + return (rename(tmpFileName, filename) == 0) ? NO_ERROR : SYSTEM_ERROR; + } + + ResponseCode decryptBlob(const char* filename, AES_KEY *aes_key) { + int in = open(filename, O_RDONLY); + if (in == -1) { + return (errno == ENOENT) ? KEY_NOT_FOUND : SYSTEM_ERROR; + } + // fileLength may be less than sizeof(mBlob) since the in + // memory version has extra padding to tolerate rounding up to + // the AES_BLOCK_SIZE + size_t fileLength = readFully(in, (uint8_t*) &mBlob, sizeof(mBlob)); + if (close(in) != 0) { + return SYSTEM_ERROR; + } + size_t headerLength = (mBlob.encrypted - (uint8_t*) &mBlob); + if (fileLength < headerLength) { + return VALUE_CORRUPTED; + } + + ssize_t encryptedLength = fileLength - (headerLength + mBlob.info); + if (encryptedLength < 0 || encryptedLength % AES_BLOCK_SIZE != 0) { + return VALUE_CORRUPTED; + } + AES_cbc_encrypt(mBlob.encrypted, mBlob.encrypted, encryptedLength, aes_key, + mBlob.vector, AES_DECRYPT); + size_t digestedLength = encryptedLength - MD5_DIGEST_LENGTH; + uint8_t computedDigest[MD5_DIGEST_LENGTH]; + MD5(mBlob.digested, digestedLength, computedDigest); + if (memcmp(mBlob.digest, computedDigest, MD5_DIGEST_LENGTH) != 0) { + return VALUE_CORRUPTED; + } + + ssize_t maxValueLength = digestedLength - sizeof(mBlob.length); + mBlob.length = ntohl(mBlob.length); + if (mBlob.length < 0 || mBlob.length > maxValueLength) { + return VALUE_CORRUPTED; + } + if (mBlob.info != 0) { + // move info from after padding to after data + memmove(&mBlob.value[mBlob.length], &mBlob.value[maxValueLength], mBlob.info); + } + return NO_ERROR; + } + +private: + struct blob mBlob; +}; + +class KeyStore { +public: + KeyStore(Entropy* entropy) : mEntropy(entropy), mRetry(MAX_RETRY) { + if (access(MASTER_KEY_FILE, R_OK) == 0) { + setState(STATE_LOCKED); + } else { + setState(STATE_UNINITIALIZED); + } + } + + State getState() { + return mState; + } + + int8_t getRetry() { + return mRetry; + } + + ResponseCode initialize(Value* pw) { + if (!generateMasterKey()) { + return SYSTEM_ERROR; + } + ResponseCode response = writeMasterKey(pw); + if (response != NO_ERROR) { + return response; + } + setupMasterKeys(); + return NO_ERROR; + } + + ResponseCode writeMasterKey(Value* pw) { + uint8_t passwordKey[MASTER_KEY_SIZE_BYTES]; + generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, mSalt); + AES_KEY passwordAesKey; + AES_set_encrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey); + Blob masterKeyBlob(mMasterKey, sizeof(mMasterKey), mSalt, sizeof(mSalt)); + return masterKeyBlob.encryptBlob(MASTER_KEY_FILE, &passwordAesKey, mEntropy); + } + + ResponseCode readMasterKey(Value* pw) { + int in = open(MASTER_KEY_FILE, O_RDONLY); + if (in == -1) { + return SYSTEM_ERROR; + } + + // we read the raw blob to just to get the salt to generate + // the AES key, then we create the Blob to use with decryptBlob + blob rawBlob; + size_t length = readFully(in, (uint8_t*) &rawBlob, sizeof(rawBlob)); + if (close(in) != 0) { + return SYSTEM_ERROR; + } + // find salt at EOF if present, otherwise we have an old file + uint8_t* salt; + if (length > SALT_SIZE && rawBlob.info == SALT_SIZE) { + salt = (uint8_t*) &rawBlob + length - SALT_SIZE; + } else { + salt = NULL; + } + uint8_t passwordKey[MASTER_KEY_SIZE_BYTES]; + generateKeyFromPassword(passwordKey, MASTER_KEY_SIZE_BYTES, pw, salt); + AES_KEY passwordAesKey; + AES_set_decrypt_key(passwordKey, MASTER_KEY_SIZE_BITS, &passwordAesKey); + Blob masterKeyBlob(rawBlob); + ResponseCode response = masterKeyBlob.decryptBlob(MASTER_KEY_FILE, &passwordAesKey); + if (response == SYSTEM_ERROR) { + return SYSTEM_ERROR; + } + if (response == NO_ERROR && masterKeyBlob.getLength() == MASTER_KEY_SIZE_BYTES) { + // if salt was missing, generate one and write a new master key file with the salt. + if (salt == NULL) { + if (!generateSalt()) { + return SYSTEM_ERROR; + } + response = writeMasterKey(pw); + } + if (response == NO_ERROR) { + setupMasterKeys(); + } + return response; + } + if (mRetry <= 0) { + reset(); + return UNINITIALIZED; + } + --mRetry; + switch (mRetry) { + case 0: return WRONG_PASSWORD_0; + case 1: return WRONG_PASSWORD_1; + case 2: return WRONG_PASSWORD_2; + case 3: return WRONG_PASSWORD_3; + default: return WRONG_PASSWORD_3; + } + } + + bool reset() { + clearMasterKeys(); + setState(STATE_UNINITIALIZED); + + DIR* dir = opendir("."); + struct dirent* file; + + if (!dir) { + return false; + } + while ((file = readdir(dir)) != NULL) { + if (isKeyFile(file->d_name)) { + unlink(file->d_name); + } + } + closedir(dir); + return true; + } + + bool isEmpty() { + DIR* dir = opendir("."); + struct dirent* file; + if (!dir) { + return true; + } + bool result = true; + while ((file = readdir(dir)) != NULL) { + if (isKeyFile(file->d_name)) { + result = false; + break; + } + } + closedir(dir); + return result; + } + + void lock() { + clearMasterKeys(); + setState(STATE_LOCKED); + } + + ResponseCode get(const char* filename, Blob* keyBlob) { + return keyBlob->decryptBlob(filename, &mMasterKeyDecryption); + } + + ResponseCode put(const char* filename, Blob* keyBlob) { + return keyBlob->encryptBlob(filename, &mMasterKeyEncryption, mEntropy); + } + +private: + static const char* MASTER_KEY_FILE; + static const int MASTER_KEY_SIZE_BYTES = 16; + static const int MASTER_KEY_SIZE_BITS = MASTER_KEY_SIZE_BYTES * 8; + + static const int MAX_RETRY = 4; + static const size_t SALT_SIZE = 16; + + Entropy* mEntropy; + + State mState; + int8_t mRetry; + + uint8_t mMasterKey[MASTER_KEY_SIZE_BYTES]; + uint8_t mSalt[SALT_SIZE]; + + AES_KEY mMasterKeyEncryption; + AES_KEY mMasterKeyDecryption; + + void setState(State state) { + mState = state; + if (mState == STATE_NO_ERROR || mState == STATE_UNINITIALIZED) { + mRetry = MAX_RETRY; + } + } + + bool generateSalt() { + return mEntropy->generate_random_data(mSalt, sizeof(mSalt)); + } + + bool generateMasterKey() { + if (!mEntropy->generate_random_data(mMasterKey, sizeof(mMasterKey))) { + return false; + } + if (!generateSalt()) { + return false; + } + return true; + } + + void setupMasterKeys() { + AES_set_encrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyEncryption); + AES_set_decrypt_key(mMasterKey, MASTER_KEY_SIZE_BITS, &mMasterKeyDecryption); + setState(STATE_NO_ERROR); + } + + void clearMasterKeys() { + memset(mMasterKey, 0, sizeof(mMasterKey)); + memset(mSalt, 0, sizeof(mSalt)); + memset(&mMasterKeyEncryption, 0, sizeof(mMasterKeyEncryption)); + memset(&mMasterKeyDecryption, 0, sizeof(mMasterKeyDecryption)); + } + + static void generateKeyFromPassword(uint8_t* key, ssize_t keySize, Value* pw, uint8_t* salt) { + size_t saltSize; + if (salt != NULL) { + saltSize = SALT_SIZE; + } else { + // pre-gingerbread used this hardwired salt, readMasterKey will rewrite these when found + salt = (uint8_t*) "keystore"; + // sizeof = 9, not strlen = 8 + saltSize = sizeof("keystore"); + } + PKCS5_PBKDF2_HMAC_SHA1((char*) pw->value, pw->length, salt, saltSize, 8192, keySize, key); + } + + static bool isKeyFile(const char* filename) { + return ((strcmp(filename, MASTER_KEY_FILE) != 0) + && (strcmp(filename, ".") != 0) + && (strcmp(filename, "..") != 0)); + } +}; + +const char* KeyStore::MASTER_KEY_FILE = ".masterkey"; + +/* Here is the protocol used in both requests and responses: + * code [length_1 message_1 ... length_n message_n] end-of-file + * where code is one byte long and lengths are unsigned 16-bit integers in + * network order. Thus the maximum length of a message is 65535 bytes. */ + +static int recv_code(int sock, int8_t* code) { + return recv(sock, code, 1, 0) == 1; +} + +static int recv_message(int sock, uint8_t* message, int length) { + uint8_t bytes[2]; + if (recv(sock, &bytes[0], 1, 0) != 1 || + recv(sock, &bytes[1], 1, 0) != 1) { + return -1; + } else { + int offset = bytes[0] << 8 | bytes[1]; + if (length < offset) { + return -1; + } + length = offset; + offset = 0; + while (offset < length) { + int n = recv(sock, &message[offset], length - offset, 0); + if (n <= 0) { + return -1; + } + offset += n; + } + } + return length; +} + +static int recv_end_of_file(int sock) { + uint8_t byte; + return recv(sock, &byte, 1, 0) == 0; +} + +static void send_code(int sock, int8_t code) { + send(sock, &code, 1, 0); +} + +static void send_message(int sock, uint8_t* message, int length) { + uint16_t bytes = htons(length); + send(sock, &bytes, 2, 0); + send(sock, message, length, 0); +} + +/* Here are the actions. Each of them is a function without arguments. All + * information is defined in global variables, which are set properly before + * performing an action. The number of parameters required by each action is + * fixed and defined in a table. If the return value of an action is positive, + * it will be treated as a response code and transmitted to the client. Note + * that the lengths of parameters are checked when they are received, so + * boundary checks on parameters are omitted. */ + +static const ResponseCode NO_ERROR_RESPONSE_CODE_SENT = (ResponseCode) 0; + +static ResponseCode test(KeyStore* keyStore, int sock, uid_t uid, Value*, Value*) { + return (ResponseCode) keyStore->getState(); +} + +static ResponseCode get(KeyStore* keyStore, int sock, uid_t uid, Value* keyName, Value*) { + char filename[NAME_MAX]; + encode_key(filename, uid, keyName); + Blob keyBlob; + ResponseCode responseCode = keyStore->get(filename, &keyBlob); + if (responseCode != NO_ERROR) { + return responseCode; + } + send_code(sock, NO_ERROR); + send_message(sock, keyBlob.getValue(), keyBlob.getLength()); + return NO_ERROR_RESPONSE_CODE_SENT; +} + +static ResponseCode insert(KeyStore* keyStore, int sock, uid_t uid, Value* keyName, Value* val) { + char filename[NAME_MAX]; + encode_key(filename, uid, keyName); + Blob keyBlob(val->value, val->length, 0, NULL); + return keyStore->put(filename, &keyBlob); +} + +static ResponseCode del(KeyStore* keyStore, int sock, uid_t uid, Value* keyName, Value*) { + char filename[NAME_MAX]; + encode_key(filename, uid, keyName); + return (unlink(filename) && errno != ENOENT) ? SYSTEM_ERROR : NO_ERROR; +} + +static ResponseCode exist(KeyStore* keyStore, int sock, uid_t uid, Value* keyName, Value*) { + char filename[NAME_MAX]; + encode_key(filename, uid, keyName); + if (access(filename, R_OK) == -1) { + return (errno != ENOENT) ? SYSTEM_ERROR : KEY_NOT_FOUND; + } + return NO_ERROR; +} + +static ResponseCode saw(KeyStore* keyStore, int sock, uid_t uid, Value* keyPrefix, Value*) { + DIR* dir = opendir("."); + if (!dir) { + return SYSTEM_ERROR; + } + char filename[NAME_MAX]; + int n = encode_key(filename, uid, keyPrefix); + send_code(sock, NO_ERROR); + + struct dirent* file; + while ((file = readdir(dir)) != NULL) { + if (!strncmp(filename, file->d_name, n)) { + char* p = &file->d_name[n]; + keyPrefix->length = decode_key(keyPrefix->value, p, strlen(p)); + send_message(sock, keyPrefix->value, keyPrefix->length); + } + } + closedir(dir); + return NO_ERROR_RESPONSE_CODE_SENT; +} + +static ResponseCode reset(KeyStore* keyStore, int sock, uid_t uid, Value*, Value*) { + return keyStore->reset() ? NO_ERROR : SYSTEM_ERROR; +} + +/* Here is the history. To improve the security, the parameters to generate the + * master key has been changed. To make a seamless transition, we update the + * file using the same password when the user unlock it for the first time. If + * any thing goes wrong during the transition, the new file will not overwrite + * the old one. This avoids permanent damages of the existing data. */ + +static ResponseCode password(KeyStore* keyStore, int sock, uid_t uid, Value* pw, Value*) { + switch (keyStore->getState()) { + case STATE_UNINITIALIZED: { + // generate master key, encrypt with password, write to file, initialize mMasterKey*. + return keyStore->initialize(pw); + } + case STATE_NO_ERROR: { + // rewrite master key with new password. + return keyStore->writeMasterKey(pw); + } + case STATE_LOCKED: { + // read master key, decrypt with password, initialize mMasterKey*. + return keyStore->readMasterKey(pw); + } + } + return SYSTEM_ERROR; +} + +static ResponseCode lock(KeyStore* keyStore, int sock, uid_t uid, Value*, Value*) { + keyStore->lock(); + return NO_ERROR; +} + +static ResponseCode unlock(KeyStore* keyStore, int sock, uid_t uid, Value* pw, Value* unused) { + return password(keyStore, sock, uid, pw, unused); +} + +static ResponseCode zero(KeyStore* keyStore, int sock, uid_t uid, Value*, Value*) { + return keyStore->isEmpty() ? KEY_NOT_FOUND : NO_ERROR; +} + +/* Here are the permissions, actions, users, and the main function. */ + +enum perm { + TEST = 1, + GET = 2, + INSERT = 4, + DELETE = 8, + EXIST = 16, + SAW = 32, + RESET = 64, + PASSWORD = 128, + LOCK = 256, + UNLOCK = 512, + ZERO = 1024, +}; + +static const int MAX_PARAM = 2; + +static const State STATE_ANY = (State) 0; + +static struct action { + ResponseCode (*run)(KeyStore* keyStore, int sock, uid_t uid, Value* param1, Value* param2); + int8_t code; + State state; + uint32_t perm; + int lengths[MAX_PARAM]; +} actions[] = { + {test, 't', STATE_ANY, TEST, {0, 0}}, + {get, 'g', STATE_NO_ERROR, GET, {KEY_SIZE, 0}}, + {insert, 'i', STATE_NO_ERROR, INSERT, {KEY_SIZE, VALUE_SIZE}}, + {del, 'd', STATE_ANY, DELETE, {KEY_SIZE, 0}}, + {exist, 'e', STATE_ANY, EXIST, {KEY_SIZE, 0}}, + {saw, 's', STATE_ANY, SAW, {KEY_SIZE, 0}}, + {reset, 'r', STATE_ANY, RESET, {0, 0}}, + {password, 'p', STATE_ANY, PASSWORD, {PASSWORD_SIZE, 0}}, + {lock, 'l', STATE_NO_ERROR, LOCK, {0, 0}}, + {unlock, 'u', STATE_LOCKED, UNLOCK, {PASSWORD_SIZE, 0}}, + {zero, 'z', STATE_ANY, ZERO, {0, 0}}, + {NULL, 0 , STATE_ANY, 0, {0, 0}}, +}; + +static struct user { + uid_t uid; + uid_t euid; + uint32_t perms; +} users[] = { + {AID_SYSTEM, ~0, ~GET}, + {AID_VPN, AID_SYSTEM, GET}, + {AID_WIFI, AID_SYSTEM, GET}, + {AID_ROOT, AID_SYSTEM, GET}, + {AID_KEYCHAIN, AID_SYSTEM, TEST | GET | SAW}, + {~0, ~0, TEST | GET | INSERT | DELETE | EXIST | SAW}, +}; + +static ResponseCode process(KeyStore* keyStore, int sock, uid_t uid, int8_t code) { + struct user* user = users; + struct action* action = actions; + int i; + + while (~user->uid && user->uid != uid) { + ++user; + } + while (action->code && action->code != code) { + ++action; + } + if (!action->code) { + return UNDEFINED_ACTION; + } + if (!(action->perm & user->perms)) { + return PERMISSION_DENIED; + } + if (action->state != STATE_ANY && action->state != keyStore->getState()) { + return (ResponseCode) keyStore->getState(); + } + if (~user->euid) { + uid = user->euid; + } + Value params[MAX_PARAM]; + for (i = 0; i < MAX_PARAM && action->lengths[i] != 0; ++i) { + params[i].length = recv_message(sock, params[i].value, action->lengths[i]); + if (params[i].length < 0) { + return PROTOCOL_ERROR; + } + } + if (!recv_end_of_file(sock)) { + return PROTOCOL_ERROR; + } + return action->run(keyStore, sock, uid, ¶ms[0], ¶ms[1]); +} + +int main(int argc, char* argv[]) { + int controlSocket = android_get_control_socket("keystore"); + if (argc < 2) { + LOGE("A directory must be specified!"); + return 1; + } + if (chdir(argv[1]) == -1) { + LOGE("chdir: %s: %s", argv[1], strerror(errno)); + return 1; + } + + Entropy entropy; + if (!entropy.open()) { + return 1; + } + if (listen(controlSocket, 3) == -1) { + LOGE("listen: %s", strerror(errno)); + return 1; + } + + signal(SIGPIPE, SIG_IGN); + + KeyStore keyStore(&entropy); + int sock; + while ((sock = accept(controlSocket, NULL, 0)) != -1) { + struct timeval tv; + tv.tv_sec = 3; + setsockopt(sock, SOL_SOCKET, SO_RCVTIMEO, &tv, sizeof(tv)); + setsockopt(sock, SOL_SOCKET, SO_SNDTIMEO, &tv, sizeof(tv)); + + struct ucred cred; + socklen_t size = sizeof(cred); + int credResult = getsockopt(sock, SOL_SOCKET, SO_PEERCRED, &cred, &size); + if (credResult != 0) { + LOGW("getsockopt: %s", strerror(errno)); + } else { + int8_t request; + if (recv_code(sock, &request)) { + State old_state = keyStore.getState(); + ResponseCode response = process(&keyStore, sock, cred.uid, request); + if (response == NO_ERROR_RESPONSE_CODE_SENT) { + response = NO_ERROR; + } else { + send_code(sock, response); + } + LOGI("uid: %d action: %c -> %d state: %d -> %d retry: %d", + cred.uid, + request, response, + old_state, keyStore.getState(), + keyStore.getRetry()); + } + } + close(sock); + } + LOGE("accept: %s", strerror(errno)); + return 1; +} diff --git a/cmds/keystore/keystore.h b/cmds/keystore/keystore.h index 5ef51e9..5ae3d24 100644 --- a/cmds/keystore/keystore.h +++ b/cmds/keystore/keystore.h @@ -17,17 +17,27 @@ #ifndef __KEYSTORE_H__ #define __KEYSTORE_H__ -enum response_code { - NO_ERROR = 1, - LOCKED = 2, - UNINITIALIZED = 3, +// note state values overlap with ResponseCode for the purposes of the state() API +enum State { + STATE_NO_ERROR = 1, + STATE_LOCKED = 2, + STATE_UNINITIALIZED = 3, +}; + +enum ResponseCode { + NO_ERROR = STATE_NO_ERROR, // 1 + LOCKED = STATE_LOCKED, // 2 + UNINITIALIZED = STATE_UNINITIALIZED, // 3 SYSTEM_ERROR = 4, PROTOCOL_ERROR = 5, PERMISSION_DENIED = 6, KEY_NOT_FOUND = 7, VALUE_CORRUPTED = 8, UNDEFINED_ACTION = 9, - WRONG_PASSWORD = 10, + WRONG_PASSWORD_0 = 10, + WRONG_PASSWORD_1 = 11, + WRONG_PASSWORD_2 = 12, + WRONG_PASSWORD_3 = 13, // MAX_RETRY = 4 }; #endif diff --git a/cmds/keystore/keystore_cli.c b/cmds/keystore/keystore_cli.cpp index e8afb5a..dcd3bcb 100644 --- a/cmds/keystore/keystore_cli.c +++ b/cmds/keystore/keystore_cli.cpp @@ -24,44 +24,40 @@ #include "keystore.h" -char *responses[256] = { - [NO_ERROR] = "No error", - [LOCKED] = "Locked", - [UNINITIALIZED] = "Uninitialized", - [SYSTEM_ERROR] = "System error", - [PROTOCOL_ERROR] = "Protocol error", - [PERMISSION_DENIED] = "Permission denied", - [KEY_NOT_FOUND] = "Key not found", - [VALUE_CORRUPTED] = "Value corrupted", - [UNDEFINED_ACTION] = "Undefined action", - [WRONG_PASSWORD] = "Wrong password (last chance)", - [WRONG_PASSWORD + 1] = "Wrong password (2 tries left)", - [WRONG_PASSWORD + 2] = "Wrong password (3 tries left)", - [WRONG_PASSWORD + 3] = "Wrong password (4 tries left)", +static const char* responses[] = { + NULL, + /* [NO_ERROR] = */ "No error", + /* [LOCKED] = */ "Locked", + /* [UNINITIALIZED] = */ "Uninitialized", + /* [SYSTEM_ERROR] = */ "System error", + /* [PROTOCOL_ERROR] = */ "Protocol error", + /* [PERMISSION_DENIED] = */ "Permission denied", + /* [KEY_NOT_FOUND] = */ "Key not found", + /* [VALUE_CORRUPTED] = */ "Value corrupted", + /* [UNDEFINED_ACTION] = */ "Undefined action", + /* [WRONG_PASSWORD] = */ "Wrong password (last chance)", + /* [WRONG_PASSWORD + 1] = */ "Wrong password (2 tries left)", + /* [WRONG_PASSWORD + 2] = */ "Wrong password (3 tries left)", + /* [WRONG_PASSWORD + 3] = */ "Wrong password (4 tries left)", }; -#define MAX_RESPONSE (WRONG_PASSWORD + 3) - -int main(int argc, char **argv) +int main(int argc, char* argv[]) { - uint8_t bytes[65536]; - uint8_t code; - int sock, i; - if (argc < 2) { printf("Usage: %s action [parameter ...]\n", argv[0]); return 0; } - sock = socket_local_client("keystore", ANDROID_SOCKET_NAMESPACE_RESERVED, - SOCK_STREAM); + int sock = socket_local_client("keystore", ANDROID_SOCKET_NAMESPACE_RESERVED, + SOCK_STREAM); if (sock == -1) { puts("Failed to connect"); return 1; } send(sock, argv[1], 1, 0); - for (i = 2; i < argc; ++i) { + uint8_t bytes[65536]; + for (int i = 2; i < argc; ++i) { uint16_t length = strlen(argv[i]); bytes[0] = length >> 8; bytes[1] = length; @@ -70,11 +66,13 @@ int main(int argc, char **argv) } shutdown(sock, SHUT_WR); + uint8_t code; if (recv(sock, &code, 1, 0) != 1) { puts("Failed to receive"); return 1; } printf("%d %s\n", code , responses[code] ? responses[code] : "Unknown"); + int i; while ((i = recv(sock, &bytes[0], 1, 0)) == 1) { int length; int offset; diff --git a/core/java/com/android/internal/widget/LockPatternUtils.java b/core/java/com/android/internal/widget/LockPatternUtils.java index 0dc0422..b3666cb 100644 --- a/core/java/com/android/internal/widget/LockPatternUtils.java +++ b/core/java/com/android/internal/widget/LockPatternUtils.java @@ -30,6 +30,7 @@ import android.os.ServiceManager; import android.os.SystemClock; import android.os.storage.IMountService; import android.provider.Settings; +import android.security.KeyStore; import android.telephony.TelephonyManager; import android.text.TextUtils; import android.util.Log; @@ -47,7 +48,7 @@ import java.util.List; import java.util.concurrent.atomic.AtomicBoolean; /** - * Utilities for the lock patten and its settings. + * Utilities for the lock pattern and its settings. */ public class LockPatternUtils { @@ -397,6 +398,7 @@ public class LockPatternUtils { raf.close(); DevicePolicyManager dpm = getDevicePolicyManager(); if (pattern != null) { + KeyStore.getInstance().password(patternToString(pattern)); setBoolean(PATTERN_EVER_CHOSEN_KEY, true); setLong(PASSWORD_TYPE_KEY, DevicePolicyManager.PASSWORD_QUALITY_SOMETHING); dpm.setActivePasswordState(DevicePolicyManager.PASSWORD_QUALITY_SOMETHING, pattern @@ -488,6 +490,9 @@ public class LockPatternUtils { // Update the encryption password. updateEncryptionPassword(password); + // Update the keystore password + KeyStore.getInstance().password(password); + int computedQuality = computePasswordQuality(password); setLong(PASSWORD_TYPE_KEY, Math.max(quality, computedQuality)); if (computedQuality != DevicePolicyManager.PASSWORD_QUALITY_UNSPECIFIED) { @@ -646,7 +651,7 @@ public class LockPatternUtils { * @param password the gesture pattern. * @return the hash of the pattern in a byte array. */ - public byte[] passwordToHash(String password) { + public byte[] passwordToHash(String password) { if (password == null) { return null; } diff --git a/keystore/java/android/security/KeyStore.java b/keystore/java/android/security/KeyStore.java index 7183688..2a48834 100644 --- a/keystore/java/android/security/KeyStore.java +++ b/keystore/java/android/security/KeyStore.java @@ -32,16 +32,21 @@ import java.util.ArrayList; * preclude the use of hardware crypto. */ public class KeyStore { - public static final int NO_ERROR = 1; - public static final int LOCKED = 2; - public static final int UNINITIALIZED = 3; - public static final int SYSTEM_ERROR = 4; - public static final int PROTOCOL_ERROR = 5; - public static final int PERMISSION_DENIED = 6; - public static final int KEY_NOT_FOUND = 7; - public static final int VALUE_CORRUPTED = 8; - public static final int UNDEFINED_ACTION = 9; - public static final int WRONG_PASSWORD = 10; + + // ResponseCodes + private static final int NO_ERROR = 1; + private static final int LOCKED = 2; + private static final int UNINITIALIZED = 3; + private static final int SYSTEM_ERROR = 4; + private static final int PROTOCOL_ERROR = 5; + private static final int PERMISSION_DENIED = 6; + private static final int KEY_NOT_FOUND = 7; + private static final int VALUE_CORRUPTED = 8; + private static final int UNDEFINED_ACTION = 9; + private static final int WRONG_PASSWORD = 10; + + // States + public enum State { UNLOCKED, LOCKED, UNINITIALIZED }; private static final LocalSocketAddress sAddress = new LocalSocketAddress( "keystore", LocalSocketAddress.Namespace.RESERVED); @@ -54,31 +59,35 @@ public class KeyStore { return new KeyStore(); } - public int test() { + public State state() { execute('t'); - return mError; + switch (mError) { + case NO_ERROR: return State.UNLOCKED; + case LOCKED: return State.LOCKED; + case UNINITIALIZED: return State.UNINITIALIZED; + default: throw new AssertionError(mError); + } } - public byte[] get(byte[] key) { + private byte[] get(byte[] key) { ArrayList<byte[]> values = execute('g', key); return (values == null || values.isEmpty()) ? null : values.get(0); } - public String get(String key) { - byte[] value = get(getBytes(key)); - return (value == null) ? null : toString(value); + public byte[] get(String key) { + return get(getBytes(key)); } - public boolean put(byte[] key, byte[] value) { + private boolean put(byte[] key, byte[] value) { execute('i', key, value); return mError == NO_ERROR; } - public boolean put(String key, String value) { - return put(getBytes(key), getBytes(value)); + public boolean put(String key, byte[] value) { + return put(getBytes(key), value); } - public boolean delete(byte[] key) { + private boolean delete(byte[] key) { execute('d', key); return mError == NO_ERROR; } @@ -87,7 +96,7 @@ public class KeyStore { return delete(getBytes(key)); } - public boolean contains(byte[] key) { + private boolean contains(byte[] key) { execute('e', key); return mError == NO_ERROR; } @@ -118,19 +127,11 @@ public class KeyStore { return mError == NO_ERROR; } - public boolean password(byte[] oldPassword, byte[] newPassword) { - execute('p', oldPassword, newPassword); + private boolean password(byte[] password) { + execute('p', password); return mError == NO_ERROR; } - public boolean password(String oldPassword, String newPassword) { - return password(getBytes(oldPassword), getBytes(newPassword)); - } - - public boolean password(byte[] password) { - return password(password, password); - } - public boolean password(String password) { return password(getBytes(password)); } @@ -140,7 +141,7 @@ public class KeyStore { return mError == NO_ERROR; } - public boolean unlock(byte[] password) { + private boolean unlock(byte[] password) { execute('u', password); return mError == NO_ERROR; } @@ -149,6 +150,11 @@ public class KeyStore { return unlock(getBytes(password)); } + public boolean isEmpty() { + execute('z'); + return mError == KEY_NOT_FOUND; + } + public int getLastError() { return mError; } diff --git a/keystore/tests/src/android/security/KeyStoreTest.java b/keystore/tests/src/android/security/KeyStoreTest.java index 6630a4f..4582aa0 100755 --- a/keystore/tests/src/android/security/KeyStoreTest.java +++ b/keystore/tests/src/android/security/KeyStoreTest.java @@ -20,6 +20,9 @@ import android.app.Activity; import android.security.KeyStore; import android.test.ActivityUnitTestCase; import android.test.suitebuilder.annotation.MediumTest; +import java.nio.charset.Charsets; +import java.util.Arrays; +import java.util.HashSet; /** * Junit / Instrumentation test case for KeyStore class @@ -31,16 +34,15 @@ import android.test.suitebuilder.annotation.MediumTest; @MediumTest public class KeyStoreTest extends ActivityUnitTestCase<Activity> { private static final String TEST_PASSWD = "12345678"; - private static final String TEST_EMPTY_PASSWD = ""; - private static final String TEST_SHORT_PASSWD = "short"; private static final String TEST_PASSWD2 = "87654321"; private static final String TEST_KEYNAME = "testkey"; private static final String TEST_KEYNAME1 = "testkey1"; private static final String TEST_KEYNAME2 = "testkey2"; - private static final String TEST_KEYVALUE = "test value"; + private static final byte[] TEST_KEYVALUE = "test value".getBytes(Charsets.UTF_8); // "Hello, World" in Chinese - private static final String TEST_I18N = "\u4F60\u597D, \u4E16\u754C"; + private static final String TEST_I18N_KEY = "\u4F60\u597D, \u4E16\u754C"; + private static final byte[] TEST_I18N_VALUE = TEST_I18N_KEY.getBytes(Charsets.UTF_8); private KeyStore mKeyStore = null; @@ -51,8 +53,10 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { @Override protected void setUp() throws Exception { mKeyStore = KeyStore.getInstance(); - if (mKeyStore.test() != KeyStore.UNINITIALIZED) mKeyStore.reset(); - assertEquals(KeyStore.UNINITIALIZED, mKeyStore.test()); + if (mKeyStore.state() != KeyStore.State.UNINITIALIZED) { + mKeyStore.reset(); + } + assertEquals(KeyStore.State.UNINITIALIZED, mKeyStore.state()); super.setUp(); } @@ -62,21 +66,13 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { super.tearDown(); } - public void testTest() throws Exception { - assertEquals(KeyStore.UNINITIALIZED, mKeyStore.test()); + public void teststate() throws Exception { + assertEquals(KeyStore.State.UNINITIALIZED, mKeyStore.state()); } public void testPassword() throws Exception { - //assertFalse(mKeyStore.password(TEST_EMPTY_PASSWD)); - //assertFalse(mKeyStore.password(TEST_SHORT_PASSWD)); - assertTrue(mKeyStore.password(TEST_PASSWD)); - assertEquals(KeyStore.NO_ERROR, mKeyStore.test()); - - assertFalse(mKeyStore.password(TEST_PASSWD2, TEST_PASSWD2)); - //assertFalse(mKeyStore.password(TEST_PASSWD, TEST_SHORT_PASSWD)); - - assertTrue(mKeyStore.password(TEST_PASSWD, TEST_PASSWD2)); + assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); } public void testPut() throws Exception { @@ -87,11 +83,11 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { } public void testI18n() throws Exception { - assertFalse(mKeyStore.put(TEST_I18N, TEST_I18N)); - assertFalse(mKeyStore.contains(TEST_I18N)); - mKeyStore.password(TEST_I18N); - assertTrue(mKeyStore.put(TEST_I18N, TEST_I18N)); - assertTrue(mKeyStore.contains(TEST_I18N)); + assertFalse(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE)); + assertFalse(mKeyStore.contains(TEST_I18N_KEY)); + mKeyStore.password(TEST_I18N_KEY); + assertTrue(mKeyStore.put(TEST_I18N_KEY, TEST_I18N_VALUE)); + assertTrue(mKeyStore.contains(TEST_I18N_KEY)); } public void testDelete() throws Exception { @@ -114,33 +110,46 @@ public class KeyStoreTest extends ActivityUnitTestCase<Activity> { } public void testSaw() throws Exception { - String[] results = mKeyStore.saw(TEST_KEYNAME); - assertEquals(0, results.length); + String[] emptyResult = mKeyStore.saw(TEST_KEYNAME); + assertNotNull(emptyResult); + assertEquals(0, emptyResult.length); mKeyStore.password(TEST_PASSWD); mKeyStore.put(TEST_KEYNAME1, TEST_KEYVALUE); mKeyStore.put(TEST_KEYNAME2, TEST_KEYVALUE); - results = mKeyStore.saw(TEST_KEYNAME); - assertEquals(2, results.length); + String[] results = mKeyStore.saw(TEST_KEYNAME); + assertEquals(new HashSet(Arrays.asList(TEST_KEYNAME1.substring(TEST_KEYNAME.length()), + TEST_KEYNAME2.substring(TEST_KEYNAME.length()))), + new HashSet(Arrays.asList(results))); } public void testLock() throws Exception { assertFalse(mKeyStore.lock()); mKeyStore.password(TEST_PASSWD); - assertEquals(KeyStore.NO_ERROR, mKeyStore.test()); + assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); assertTrue(mKeyStore.lock()); - assertEquals(KeyStore.LOCKED, mKeyStore.test()); + assertEquals(KeyStore.State.LOCKED, mKeyStore.state()); } public void testUnlock() throws Exception { mKeyStore.password(TEST_PASSWD); - assertEquals(KeyStore.NO_ERROR, mKeyStore.test()); + assertEquals(KeyStore.State.UNLOCKED, mKeyStore.state()); mKeyStore.lock(); assertFalse(mKeyStore.unlock(TEST_PASSWD2)); assertTrue(mKeyStore.unlock(TEST_PASSWD)); } + + public void testIsEmpty() throws Exception { + assertTrue(mKeyStore.isEmpty()); + mKeyStore.password(TEST_PASSWD); + assertTrue(mKeyStore.isEmpty()); + mKeyStore.put(TEST_KEYNAME, TEST_KEYVALUE); + assertFalse(mKeyStore.isEmpty()); + mKeyStore.reset(); + assertTrue(mKeyStore.isEmpty()); + } } diff --git a/policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java b/policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java index ca56c4f..57b6b5e 100644 --- a/policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java +++ b/policy/src/com/android/internal/policy/impl/PasswordUnlockScreen.java @@ -27,6 +27,7 @@ import com.android.internal.widget.PasswordEntryKeyboardView; import android.os.CountDownTimer; import android.os.SystemClock; +import android.security.KeyStore; import android.telephony.TelephonyManager; import android.text.InputType; import android.text.method.DigitsKeyListener; @@ -231,6 +232,7 @@ public class PasswordUnlockScreen extends LinearLayout implements KeyguardScreen mCallback.keyguardDone(true); mCallback.reportSuccessfulUnlockAttempt(); mStatusView.setInstructionText(null); + KeyStore.getInstance().password(entry); } else if (entry.length() > MINIMUM_PASSWORD_LENGTH_BEFORE_REPORT ) { // to avoid accidental lockout, only count attempts that are long enough to be a // real password. This may require some tweaking. diff --git a/policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java b/policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java index 018fe0c..a685497 100644 --- a/policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java +++ b/policy/src/com/android/internal/policy/impl/PatternUnlockScreen.java @@ -20,6 +20,7 @@ import android.content.Context; import android.content.res.Configuration; import android.os.CountDownTimer; import android.os.SystemClock; +import android.security.KeyStore; import android.view.LayoutInflater; import android.view.View; import android.view.ViewGroup; @@ -407,6 +408,7 @@ class PatternUnlockScreen extends LinearLayoutWithDefaultTouchRecepient mStatusView.updateStatusLines(true); mCallback.keyguardDone(true); mCallback.reportSuccessfulUnlockAttempt(); + KeyStore.getInstance().password(LockPatternUtils.patternToString(pattern)); } else { boolean reportFailedAttempt = false; if (pattern.size() > MIN_PATTERN_BEFORE_POKE_WAKELOCK) { |