feat: implement createOperation for ISecurityLevel experimentally

Signed-off-by: qwq233 <[email protected]>

Author: qwq233

service/src/main/java/io/github/a13e300/tricky_store/Cache.kt

@@ -31,18 +31,20 @@ object Cache {
 
     // generated key section
     data class Key(val uid: Int, val alias: String)
-    data class Info(val keyPair: KeyPair, val chain: List<Certificate>, val response: KeyEntryResponse)
+    data class Info(val key: Key, val keyPair: KeyPair, val chain: List<Certificate>, val response: KeyEntryResponse)
 
     private val keys = ConcurrentHashMap<Key, Info>()
 
     fun putKey(uid: Int, alias: String, keyPair: KeyPair, chain: List<Certificate>, response: KeyEntryResponse) {
-        keys[Key(uid, alias)] = Info(keyPair, chain, response)
+        keys[Key(uid, alias)] = Info(Key(uid, alias), keyPair, chain, response)
     }
 
     fun putKey(key: Key, info: Info) {
         keys[key] = info
     }
 
+    fun getInfoByNspace(nspace: Long): Info? = keys.values.firstOrNull { it.response.metadata?.key?.nspace == nspace }
+
     fun getKeyResponse(uid: Int, alias: String): KeyEntryResponse? = keys[Key(uid, alias)]?.response
 
     fun getKeyPairs(uid: Int, alias: String): Pair<KeyPair, List<Certificate>>? = keys[Key(uid, alias)]?.let { Pair(it.keyPair, it.chain) }

service/src/main/java/io/github/a13e300/tricky_store/SecurityLevelInterceptor.kt

@@ -7,16 +7,18 @@ import android.hardware.security.keymint.Tag
 import android.os.IBinder
 import android.os.Parcel
 import android.system.keystore2.Authorization
+import android.system.keystore2.CreateOperationResponse
+import android.system.keystore2.IKeystoreOperation
 import android.system.keystore2.IKeystoreSecurityLevel
 import android.system.keystore2.KeyDescriptor
 import android.system.keystore2.KeyEntryResponse
 import android.system.keystore2.KeyMetadata
-import io.github.a13e300.tricky_store.Cache.Info
-import io.github.a13e300.tricky_store.Cache.Key
 import io.github.a13e300.tricky_store.binder.BinderInterceptor
 import io.github.a13e300.tricky_store.keystore.CertHack
 import io.github.a13e300.tricky_store.keystore.Utils
 import java.security.KeyFactory
+import java.security.PrivateKey
+import java.security.Signature
 import java.security.cert.Certificate
 
 class SecurityLevelInterceptor(
@@ -48,7 +50,7 @@ class SecurityLevelInterceptor(
                 // Logger.e("warn: attestation key not supported now")
                 val pair = CertHack.generateKeyPair(callingUid, keyDescriptor, attestationKeyDescriptor, kgp) ?: return@runCatching
                 val response = buildResponse(pair.second, kgp, attestationKeyDescriptor ?: keyDescriptor)
-                Cache.putKey(Key(callingUid, keyDescriptor.alias), Info(pair.first, pair.second, response))
+                Cache.putKey(callingUid, keyDescriptor.alias, pair.first, pair.second, response)
                 val p = Parcel.obtain()
                 p.writeNoException()
                 p.writeTypedObject(response.metadata, 0)
@@ -94,7 +96,7 @@ class SecurityLevelInterceptor(
                         Pair(pair.first.first, pair.second)
                     }
                     val response = buildResponse(pair.second, kgp, attestationKeyDescriptor ?: keyDescriptor)
-                    Cache.putKey(Key(callingUid, keyDescriptor.alias), Info(pair.first, pair.second, response))
+                    Cache.putKey(callingUid, keyDescriptor.alias, pair.first, pair.second, response)
 
                     Logger.d("imported key generated uid=$callingUid alias=${keyDescriptor.alias}")
                 }
@@ -105,14 +107,78 @@ class SecurityLevelInterceptor(
             }
 
             createOperationTransaction -> runCatching {
+                data.enforceInterface(IKeystoreSecurityLevel.DESCRIPTOR)
+                Logger.d("createOperationTransaction uid=$callingUid pid=$callingPid")
+
+                val keyDescriptor = data.readTypedObject(KeyDescriptor.CREATOR) ?: return Skip
+                val params = data.createTypedArray(KeyParameter.CREATOR) ?: return Skip
+                val kgp = CertHack.KeyGenParameters(params)
+
+                val info = Cache.getInfoByNspace(keyDescriptor.nspace)
+                if (info == null) {
+                    return Skip
+                }
+                if (keyDescriptor.domain != 4) throw IllegalArgumentException("unsupported domain ${keyDescriptor.domain}")
+                kgp.purpose.any { it != 2 /* sign */ && it != 7 /* attest */ } ||
+                        throw IllegalArgumentException("unsupported purpose ${kgp.purpose}")
+                kgp.digest.any { it != 4 } ||
+                        throw IllegalArgumentException("unsupported digest ${kgp.digest}")
+                val algorithm = when (kgp.algorithm) {
+                    Algorithm.EC -> "SHA256withECDSA"
+                    Algorithm.RSA -> "SHA256withRSA"
+                    else -> throw IllegalArgumentException("unsupported algorithm ${kgp.algorithm}")
+                }
+                if (info.key.uid != callingUid) {
+                    Logger.e("key uid mismatch ${info.key.uid} != $callingUid")
+                    return Skip
+                }
 
+                val op = KeyStoreOperation(info.keyPair.private, algorithm)
+                val parcel = Parcel.obtain()
+                parcel.writeNoException()
+                val createOperationResponse = CreateOperationResponse().apply {
+                    iOperation = op
+                }
+                parcel.writeTypedObject(createOperationResponse, 0)
+
+                return OverrideReply(0, parcel)
             }.onFailure {
                 Logger.e("", it)
             }
         }
         return Skip
     }
 
+    private class KeyStoreOperation : IKeystoreOperation.Stub {
+        val signature: Signature
+        var isAborted = false
+
+        constructor(privateKey: PrivateKey, algorithm: String) {
+            signature = Signature.getInstance(algorithm)
+            signature.initSign(privateKey)
+        }
+
+        override fun updateAad(aadInput: ByteArray?) {
+            // do nothing for now
+        }
+
+        override fun update(input: ByteArray): ByteArray? {
+            if (isAborted) throw IllegalStateException("operation aborted")
+            signature.update(input)
+            return null
+        }
+
+        override fun finish(input: ByteArray?, signature: ByteArray?): ByteArray? {
+            if (isAborted) throw IllegalStateException("operation aborted")
+            this.signature.update(input)
+            return this.signature.sign()
+        }
+
+        override fun abort() {
+            isAborted = true
+        }
+    }
+
     private fun buildResponse(
         chain: List<Certificate>,
         params: CertHack.KeyGenParameters,

stub/src/main/java/android/system/keystore2/CreateOperationResponse.java

@@ -0,0 +1,46 @@
+//
+// Decompiled by FernFlower - 648ms
+//
+package android.system.keystore2;
+
+import android.os.Parcel;
+import android.os.Parcelable;
+
+public class CreateOperationResponse implements Parcelable {
+    public static final Creator<CreateOperationResponse> CREATOR = new Creator<>() {
+        @Override
+        public CreateOperationResponse createFromParcel(Parcel in) {
+            throw new RuntimeException();
+        }
+
+        @Override
+        public CreateOperationResponse[] newArray(int size) {
+            throw new RuntimeException();
+        }
+    };
+    public IKeystoreOperation iOperation;
+    public OperationChallenge operationChallenge;
+    public KeyParameters parameters;
+    public byte[] upgradedBlob;
+
+    private int describeContents(Object var1) {
+        throw new RuntimeException("Stub!");
+    }
+
+    public int describeContents() {
+        throw new RuntimeException("Stub!");
+    }
+
+    public final int getStability() {
+        throw new RuntimeException("Stub!");
+    }
+
+    public final void readFromParcel(Parcel var1) {
+        throw new RuntimeException("Stub!");
+    }
+
+    public final void writeToParcel(Parcel var1, int var2) {
+        throw new RuntimeException("Stub!");
+    }
+}
+

stub/src/main/java/android/system/keystore2/IKeystoreOperation.java

@@ -0,0 +1,146 @@
+package android.system.keystore2;
+
+import android.os.IBinder;
+import android.os.IInterface;
+
+import androidx.annotation.Nullable;
+
+/**
+ * {@code IKeystoreOperation} represents a cryptographic operation using a Keystore key.
+ *
+ * <p>The lifecycle of an operation begins with {@link KeystoreSecurityLevel#create}
+ * and ends with a call to {@link #finish}, {@link #abort}, or when the reference to
+ * the binder object is released.
+ *
+ * <p>During the operation lifecycle, {@link #update} may be called multiple times.
+ * For AEAD operations, {@link #updateAad} may be called to add associated data, but
+ * it must be called before the first call to {@link #update}.
+ *
+ * <h2>Error Conditions</h2>
+ * <p>Error conditions are reported as service-specific errors:
+ * <ul>
+ *   <li>Positive error codes correspond to {@code android.system.keystore2.ResponseCode}
+ *       and indicate error conditions diagnosed by the Keystore 2.0 service.</li>
+ *   <li>Negative error codes correspond to {@code android.hardware.security.keymint.ErrorCode}
+ *       and indicate KeyMint backend errors. Refer to the KeyMint interface specification
+ *       for detailed information.</li>
+ * </ul>
+ */
+public interface IKeystoreOperation extends IInterface {
+    String DESCRIPTOR = "android.system.keystore2.IKeystoreOperation";
+
+    /**
+     * Advances an operation by adding Additional Authenticated Data (AAD) to AEAD mode
+     * encryption or decryption operations. This method cannot be called after {@link #update},
+     * and attempting to do so will result in {@code ErrorCode.INVALID_TAG}. This error code
+     * is used for historical reasons, dating back when AAD was passed as an additional
+     * {@code KeyParameter} with the tag {@code ASSOCIATED_DATA}.
+     *
+     * <h2>Error Conditions</h2>
+     * <ul>
+     *   <li>{@code ResponseCode.TOO_MUCH_DATA} if {@code aadInput} exceeds 32KiB.</li>
+     *   <li>{@code ResponseCode.OPERATION_BUSY} if {@code updateAad} is called concurrently
+     *       with any other {@code IKeystoreOperation} API call.</li>
+     *   <li>{@code ErrorCode.INVALID_TAG} if {@code updateAad} is called after {@link #update}
+     *       on a given operation.</li>
+     *   <li>{@code ErrorCode.INVALID_OPERATION_HANDLE} if the operation has been finalized
+     *       for any reason.</li>
+     * </ul>
+     * <p>
+     * Note: Any error condition except {@code ResponseCode.OPERATION_BUSY} finalizes the
+     * operation, causing subsequent API calls to return {@code INVALID_OPERATION_HANDLE}.
+     *
+     * @param aadInput the Additional Authenticated Data to be added to the operation
+     */
+    void updateAad(byte[] aadInput);
+
+    /**
+     * Advances the operation by processing additional input data. The input data may be
+     * plain text to be encrypted or signed, or cipher text to be decrypted. During
+     * encryption operations, this method returns the resulting cipher text. During
+     * decryption operations, it returns the resulting plain text. No data is returned
+     * for signing operations.
+     *
+     * <h2>Error Conditions</h2>
+     * <ul>
+     *   <li>{@code ResponseCode.TOO_MUCH_DATA} if the {@code input} exceeds 32KiB.</li>
+     *   <li>{@code ResponseCode.OPERATION_BUSY} if {@code updateAad} is called concurrently
+     *       with any other {@code IKeystoreOperation} API call.</li>
+     *   <li>{@code ErrorCode.INVALID_OPERATION_HANDLE} if the operation has been finalized
+     *       for any reason.</li>
+     * </ul>
+     * <p>
+     * Note: Any error condition except {@code ResponseCode.OPERATION_BUSY} finalizes the
+     * operation, causing subsequent API calls to return {@code INVALID_OPERATION_HANDLE}.
+     *
+     * @param input the input data to process
+     * @return the output data, which may be cipher text during encryption, plain text
+     * during decryption, or {@code null} for signing operations
+     */
+    byte[] update(byte[] input);
+
+    /**
+     * Finalizes the operation. This method takes a final chunk of input data similar to
+     * {@link #update}. The output varies depending on the operation type: it may be a
+     * signature for signing operations, plain text for decryption operations, or cipher
+     * text for encryption operations.
+     *
+     * <h2>Error Conditions</h2>
+     * <ul>
+     *   <li>{@code ResponseCode.TOO_MUCH_DATA} if the {@code input} exceeds 32KiB.</li>
+     *   <li>{@code ResponseCode.OPERATION_BUSY} if {@code updateAad} is called concurrently
+     *       with any other {@code IKeystoreOperation} API call.</li>
+     *   <li>{@code ErrorCode.INVALID_OPERATION_HANDLE} if the operation has already been
+     *       finalized for any reason.</li>
+     * </ul>
+     * <p>
+     * Note: {@code finish} finalizes the operation regardless of the outcome, unless
+     * {@code ResponseCode.OPERATION_BUSY} is returned.
+     *
+     * @param input     the final chunk of input data to process
+     * @param signature an optional HMAC signature for HMAC verification operations
+     * @return the operation result, which may be a signature for signing operations,
+     * an AEAD message tag for authenticated encryption, or the final chunk of
+     * cipher/plain text for encryption/decryption operations respectively
+     */
+    byte[] finish(@Nullable byte[] input, @Nullable byte[] signature);
+
+    /**
+     * Aborts the operation immediately.
+     *
+     * <p>Note: {@code abort} finalizes the operation regardless of the outcome, unless
+     * {@code ResponseCode.OPERATION_BUSY} is returned.
+     */
+    void abort();
+
+    class Stub implements IKeystoreOperation {
+        public static IKeystoreOperation asInterface(IBinder b) {
+            throw new RuntimeException("Stub!");
+        }
+
+        @Override
+        public void updateAad(byte[] aadInput) {
+            throw new RuntimeException("Stub!");
+        }
+
+        @Override
+        public byte[] update(byte[] input) {
+            throw new RuntimeException("Stub!");
+        }
+
+        @Override
+        public byte[] finish(@Nullable byte[] input, @Nullable byte[] signature) {
+            throw new RuntimeException("Stub!");
+        }
+
+        @Override
+        public void abort() {
+            throw new RuntimeException("Stub!");
+        }
+
+        @Override
+        public IBinder asBinder() {
+            throw new RuntimeException("Stub!");
+        }
+    }
+}

stub/src/main/java/android/system/keystore2/KeyParameters.java

@@ -0,0 +1,44 @@
+//
+// Decompiled by FernFlower - 531ms
+//
+package android.system.keystore2;
+
+import android.hardware.security.keymint.KeyParameter;
+import android.os.Parcel;
+import android.os.Parcelable;
+
+public class KeyParameters implements Parcelable {
+    public static final Creator<KeyParameters> CREATOR = new Creator<>() {
+        @Override
+        public KeyParameters createFromParcel(Parcel in) {
+            throw new RuntimeException();
+        }
+
+        @Override
+        public KeyParameters[] newArray(int size) {
+            throw new RuntimeException();
+        }
+    };
+    public KeyParameter[] keyParameter;
+
+    private int describeContents(Object var1) {
+        throw new RuntimeException("Stub!");
+    }
+
+    public int describeContents() {
+        throw new RuntimeException("Stub!");
+    }
+
+    public final int getStability() {
+        throw new RuntimeException("Stub!");
+    }
+
+    public final void readFromParcel(Parcel var1) {
+        throw new RuntimeException("Stub!");
+    }
+
+    public final void writeToParcel(Parcel var1, int var2) {
+        throw new RuntimeException("Stub!");
+    }
+}
+