diff options
author | Janis Danisevskis <jdanis@google.com> | 2017-09-01 14:31:36 -0700 |
---|---|---|
committer | Shawn Willden <swillden@google.com> | 2017-09-12 04:13:57 +0000 |
commit | d714a676de8bf2bf87ea9b7efc04bc5a743eef45 (patch) | |
tree | 63b58c2641d5ca5bc92b1cc9ca39281cc6c3fd16 | |
parent | 2f96c79a9c07b58bcfce0411e57894de55a52b6e (diff) | |
download | security-d714a676de8bf2bf87ea9b7efc04bc5a743eef45.tar.gz |
Fix use of auth-bound keys after screen lock removal
When auth-bound keys are used after the screen lock has been removed it
is expected that getKeyCharacteristics still succeeds. However, when the
super encrypt feature was introduced the key blob is no longer
accessible, and thus, the retrieving the key characteristics fails.
This patch retrieves the key characteristics from the characteristics
cache file, which is not super encrypted. Using such a key still fails
but in ways expected by the framework.
Bug: 65200397
Test: CtsVerifier ScreenLockBoundKeysTest:
1. Run test
2. with CtsVerifier in the background remove the screen lock
through the settings dialog
3. Select VtsVerifier in 'recents'
4. Run test again
Change-Id: Ifa88c58a41c376e4f800a76114d4cf9149506ac0
(cherry picked from commit 36316d673ef836a0a34a62ab4ccce67d22c8a0d2)
-rw-r--r-- | keystore/blob.cpp | 5 | ||||
-rw-r--r-- | keystore/key_store_service.cpp | 21 | ||||
-rw-r--r-- | keystore/keystore.cpp | 2 |
3 files changed, 24 insertions, 4 deletions
diff --git a/keystore/blob.cpp b/keystore/blob.cpp index a33334ee..625d0576 100644 --- a/keystore/blob.cpp +++ b/keystore/blob.cpp @@ -272,8 +272,9 @@ ResponseCode Blob::readBlob(const std::string& filename, const uint8_t* aes_key, return ResponseCode::VALUE_CORRUPTED; } - if ((isEncrypted() || isSuperEncrypted()) && (state != STATE_NO_ERROR)) { - return ResponseCode::LOCKED; + if ((isEncrypted() || isSuperEncrypted())) { + if (state == STATE_LOCKED) return ResponseCode::LOCKED; + if (state == STATE_UNINITIALIZED) return ResponseCode::UNINITIALIZED; } if (fileLength < offsetof(blobv3, value)) return ResponseCode::VALUE_CORRUPTED; diff --git a/keystore/key_store_service.cpp b/keystore/key_store_service.cpp index c33a1d06..f04ffc14 100644 --- a/keystore/key_store_service.cpp +++ b/keystore/key_store_service.cpp @@ -800,7 +800,26 @@ KeyStoreService::getKeyCharacteristics(const String16& name, const hidl_vec<uint KeyStoreServiceReturnCode rc = mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_KEYMASTER_10); - if (!rc.isOk()) { + if (rc == ResponseCode::UNINITIALIZED) { + /* + * If we fail reading the blob because the master key is missing we try to retrieve the + * key characteristics from the characteristics file. This happens when auth-bound + * keys are used after a screen lock has been removed by the user. + */ + rc = mKeyStore->getKeyForName(&keyBlob, name8, targetUid, TYPE_KEY_CHARACTERISTICS); + if (!rc.isOk()) { + return rc; + } + AuthorizationSet keyCharacteristics; + // TODO write one shot stream buffer to avoid copying (twice here) + std::string charBuffer(reinterpret_cast<const char*>(keyBlob.getValue()), + keyBlob.getLength()); + std::stringstream charStream(charBuffer); + keyCharacteristics.Deserialize(&charStream); + + outCharacteristics->softwareEnforced = keyCharacteristics.hidl_data(); + return rc; + } else if (!rc.isOk()) { return rc; } diff --git a/keystore/keystore.cpp b/keystore/keystore.cpp index ab386ad8..1564a641 100644 --- a/keystore/keystore.cpp +++ b/keystore/keystore.cpp @@ -502,7 +502,7 @@ ResponseCode KeyStore::getKeyForName(Blob* keyBlob, const android::String8& keyN uid_t userId = get_user_id(uid); ResponseCode responseCode = get(filepath8.string(), keyBlob, type, userId); - if (responseCode == ResponseCode::NO_ERROR) { + if (responseCode != ResponseCode::KEY_NOT_FOUND) { return responseCode; } |