| /* |
| * Copyright 2015 The Android Open Source Project |
| * |
| * Licensed under the Apache License, Version 2.0 (the "License"); |
| * you may not use this file except in compliance with the License. |
| * You may obtain a copy of the License at |
| * |
| * http://www.apache.org/licenses/LICENSE-2.0 |
| * |
| * Unless required by applicable law or agreed to in writing, software |
| * distributed under the License is distributed on an "AS IS" BASIS, |
| * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| * See the License for the specific language governing permissions and |
| * limitations under the License. |
| */ |
| |
| #include <keymaster/soft_keymaster_context.h> |
| |
| #include <memory> |
| #include <time.h> |
| |
| #include <openssl/aes.h> |
| #include <openssl/hmac.h> |
| #include <openssl/rand.h> |
| #include <openssl/sha.h> |
| |
| #include <keymaster/android_keymaster_utils.h> |
| #include <keymaster/logger.h> |
| |
| #include "aes_key.h" |
| #include "auth_encrypted_key_blob.h" |
| #include "ec_keymaster0_key.h" |
| #include "ec_keymaster1_key.h" |
| #include "hmac_key.h" |
| #include "integrity_assured_key_blob.h" |
| #include "keymaster0_engine.h" |
| #include "ocb_utils.h" |
| #include "openssl_err.h" |
| #include "rsa_keymaster0_key.h" |
| #include "rsa_keymaster1_key.h" |
| |
| using std::unique_ptr; |
| |
| namespace keymaster { |
| |
| namespace { |
| static uint8_t master_key_bytes[AES_BLOCK_SIZE] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; |
| const KeymasterKeyBlob MASTER_KEY(master_key_bytes, array_length(master_key_bytes)); |
| |
| static uint8_t kRsaAttestKey[] = { |
| 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xc0, 0x83, 0x23, 0xdc, 0x56, |
| 0x88, 0x1b, 0xb8, 0x30, 0x20, 0x69, 0xf5, 0xb0, 0x85, 0x61, 0xc6, 0xee, 0xbe, 0x7f, 0x05, 0xe2, |
| 0xf5, 0xa8, 0x42, 0x04, 0x8a, 0xbe, 0x8b, 0x47, 0xbe, 0x76, 0xfe, 0xae, 0xf2, 0x5c, 0xf2, 0x9b, |
| 0x2a, 0xfa, 0x32, 0x00, 0x14, 0x16, 0x01, 0x42, 0x99, 0x89, 0xa1, 0x5f, 0xcf, 0xc6, 0x81, 0x5e, |
| 0xb3, 0x63, 0x58, 0x3c, 0x2f, 0xd2, 0xf2, 0x0b, 0xe4, 0x98, 0x32, 0x83, 0xdd, 0x81, 0x4b, 0x16, |
| 0xd7, 0xe1, 0x85, 0x41, 0x7a, 0xe5, 0x4a, 0xbc, 0x29, 0x6a, 0x3a, 0x6d, 0xb5, 0xc0, 0x04, 0x08, |
| 0x3b, 0x68, 0xc5, 0x56, 0xc1, 0xf0, 0x23, 0x39, 0x91, 0x64, 0x19, 0x86, 0x4d, 0x50, 0xb7, 0x4d, |
| 0x40, 0xae, 0xca, 0x48, 0x4c, 0x77, 0x35, 0x6c, 0x89, 0x5a, 0x0c, 0x27, 0x5a, 0xbf, 0xac, 0x49, |
| 0x9d, 0x5d, 0x7d, 0x23, 0x62, 0xf2, 0x9c, 0x5e, 0x02, 0xe8, 0x71, 0x02, 0x03, 0x01, 0x00, 0x01, |
| 0x02, 0x81, 0x81, 0x00, 0xbe, 0x86, 0x0b, 0x0b, 0x99, 0xa8, 0x02, 0xa6, 0xfb, 0x1a, 0x59, 0x43, |
| 0x8a, 0x7b, 0xb7, 0x15, 0x06, 0x5b, 0x09, 0xa3, 0x6d, 0xc6, 0xe9, 0xca, 0xcc, 0x6b, 0xf3, 0xc0, |
| 0x2c, 0x34, 0xd7, 0xd7, 0x9e, 0x94, 0xc6, 0x60, 0x64, 0x28, 0xd8, 0x8c, 0x7b, 0x7f, 0x65, 0x77, |
| 0xc1, 0xcd, 0xea, 0x64, 0x07, 0x4a, 0xbe, 0x8e, 0x72, 0x86, 0xdf, 0x1f, 0x08, 0x11, 0xdc, 0x97, |
| 0x28, 0x26, 0x08, 0x68, 0xde, 0x95, 0xd3, 0x2e, 0xfc, 0x96, 0xb6, 0xd0, 0x84, 0xff, 0x27, 0x1a, |
| 0x5f, 0x60, 0xde, 0xfc, 0xc7, 0x03, 0xe7, 0xa3, 0x8e, 0x6e, 0x29, 0xba, 0x9a, 0x3c, 0x5f, 0xc2, |
| 0xc2, 0x80, 0x76, 0xb6, 0xa8, 0x96, 0xaf, 0x1d, 0x34, 0xd7, 0x88, 0x28, 0xce, 0x9b, 0xdd, 0xb1, |
| 0xf3, 0x4f, 0x9c, 0x94, 0x04, 0x43, 0x07, 0x81, 0x29, 0x8e, 0x20, 0x13, 0x16, 0x72, 0x5b, 0xbd, |
| 0xbc, 0x99, 0x3a, 0x41, 0x02, 0x41, 0x00, 0xe1, 0xc6, 0xd9, 0x27, 0x64, 0x6c, 0x09, 0x16, 0xec, |
| 0x36, 0x82, 0x6d, 0x59, 0x49, 0x83, 0x74, 0x0c, 0x21, 0xf1, 0xb0, 0x74, 0xc4, 0xa1, 0xa5, 0x98, |
| 0x67, 0xc6, 0x69, 0x79, 0x5c, 0x85, 0xd3, 0xdc, 0x46, 0x4c, 0x5b, 0x92, 0x9e, 0x94, 0xbf, 0xb3, |
| 0x4e, 0x0d, 0xcc, 0x50, 0x14, 0xb1, 0x0f, 0x13, 0x34, 0x1a, 0xb7, 0xfd, 0xd5, 0xf6, 0x04, 0x14, |
| 0xd2, 0xa3, 0x26, 0xca, 0xd4, 0x1c, 0xc5, 0x02, 0x41, 0x00, 0xda, 0x48, 0x59, 0x97, 0x78, 0x5c, |
| 0xd5, 0x63, 0x0f, 0xb0, 0xfd, 0x8c, 0x52, 0x54, 0xf9, 0x8e, 0x53, 0x8e, 0x18, 0x98, 0x3a, 0xae, |
| 0x9e, 0x6b, 0x7e, 0x6a, 0x5a, 0x7b, 0x5d, 0x34, 0x37, 0x55, 0xb9, 0x21, 0x8e, 0xbd, 0x40, 0x32, |
| 0x0d, 0x28, 0x38, 0x7d, 0x78, 0x9f, 0x76, 0xfa, 0x21, 0x8b, 0xcc, 0x2d, 0x8b, 0x68, 0xa5, 0xf6, |
| 0x41, 0x8f, 0xbb, 0xec, 0xa5, 0x17, 0x9a, 0xb3, 0xaf, 0xbd, 0x02, 0x40, 0x50, 0xfe, 0xfc, 0x32, |
| 0x64, 0x95, 0x59, 0x61, 0x6e, 0xd6, 0x53, 0x4e, 0x15, 0x45, 0x09, 0x32, 0x9d, 0x93, 0xa3, 0xd8, |
| 0x10, 0xdb, 0xe5, 0xbd, 0xb9, 0x82, 0x29, 0x2c, 0xf7, 0x8b, 0xd8, 0xba, 0xdb, 0x80, 0x20, 0xae, |
| 0x8d, 0x57, 0xf4, 0xb7, 0x1d, 0x05, 0x38, 0x6f, 0xfe, 0x9e, 0x9d, 0xb2, 0x71, 0xca, 0x34, 0x77, |
| 0xa3, 0x49, 0x99, 0xdb, 0x76, 0xf8, 0xe5, 0xec, 0xe9, 0xc0, 0xd4, 0x9d, 0x02, 0x40, 0x15, 0xb7, |
| 0x4c, 0xf2, 0x7c, 0xce, 0xff, 0x8b, 0xb3, 0x6b, 0xf0, 0x4d, 0x9d, 0x83, 0x46, 0xb0, 0x9a, 0x2f, |
| 0x70, 0xd2, 0xf4, 0x43, 0x9b, 0x0f, 0x26, 0xac, 0x7e, 0x03, 0xf7, 0xe9, 0xd1, 0xf7, 0x7d, 0x4b, |
| 0x91, 0x5f, 0xd2, 0x9b, 0x28, 0x23, 0xf0, 0x3a, 0xcb, 0x5d, 0x52, 0x00, 0xe0, 0x85, 0x7f, 0xf2, |
| 0xa8, 0x03, 0xe9, 0x3e, 0xee, 0x96, 0xd6, 0x23, 0x5c, 0xe9, 0x54, 0x42, 0xbc, 0x21, 0x02, 0x41, |
| 0x00, 0x90, 0xa7, 0x45, 0xda, 0x89, 0x70, 0xb2, 0xcd, 0x64, 0x96, 0x60, 0x32, 0x42, 0x28, 0xc5, |
| 0xf8, 0x28, 0x56, 0xff, 0xd6, 0x65, 0xba, 0x9a, 0x85, 0xc8, 0xd6, 0x0f, 0x1b, 0x8b, 0xee, 0x71, |
| 0x7e, 0xcd, 0x2c, 0x72, 0xea, 0xe0, 0x1d, 0xad, 0x86, 0xba, 0x76, 0x54, 0xd4, 0xcf, 0x45, 0xad, |
| 0xb5, 0xf1, 0xf2, 0xb3, 0x1d, 0x9f, 0x81, 0x22, 0xcf, 0xa5, 0xf1, 0xa5, 0x57, 0x0f, 0x9b, 0x2d, |
| 0x25, |
| }; |
| |
| static uint8_t kRsaAttestCert[] = { |
| 0x30, 0x82, 0x02, 0xb6, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x10, |
| 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, |
| 0x30, 0x63, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, |
| 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, |
| 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, |
| 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, |
| 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, |
| 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, |
| 0x64, 0x72, 0x6f, 0x69, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, 0x30, 0x34, 0x31, |
| 0x32, 0x34, 0x30, 0x35, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x35, 0x31, 0x32, 0x33, 0x30, 0x31, 0x32, |
| 0x34, 0x30, 0x35, 0x33, 0x5a, 0x30, 0x76, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, |
| 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, |
| 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, |
| 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, |
| 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, |
| 0x69, 0x64, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x41, 0x6e, 0x64, |
| 0x72, 0x6f, 0x69, 0x64, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, |
| 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x4b, 0x65, 0x79, 0x30, 0x81, 0x9f, |
| 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, |
| 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc0, 0x83, 0x23, 0xdc, 0x56, 0x88, |
| 0x1b, 0xb8, 0x30, 0x20, 0x69, 0xf5, 0xb0, 0x85, 0x61, 0xc6, 0xee, 0xbe, 0x7f, 0x05, 0xe2, 0xf5, |
| 0xa8, 0x42, 0x04, 0x8a, 0xbe, 0x8b, 0x47, 0xbe, 0x76, 0xfe, 0xae, 0xf2, 0x5c, 0xf2, 0x9b, 0x2a, |
| 0xfa, 0x32, 0x00, 0x14, 0x16, 0x01, 0x42, 0x99, 0x89, 0xa1, 0x5f, 0xcf, 0xc6, 0x81, 0x5e, 0xb3, |
| 0x63, 0x58, 0x3c, 0x2f, 0xd2, 0xf2, 0x0b, 0xe4, 0x98, 0x32, 0x83, 0xdd, 0x81, 0x4b, 0x16, 0xd7, |
| 0xe1, 0x85, 0x41, 0x7a, 0xe5, 0x4a, 0xbc, 0x29, 0x6a, 0x3a, 0x6d, 0xb5, 0xc0, 0x04, 0x08, 0x3b, |
| 0x68, 0xc5, 0x56, 0xc1, 0xf0, 0x23, 0x39, 0x91, 0x64, 0x19, 0x86, 0x4d, 0x50, 0xb7, 0x4d, 0x40, |
| 0xae, 0xca, 0x48, 0x4c, 0x77, 0x35, 0x6c, 0x89, 0x5a, 0x0c, 0x27, 0x5a, 0xbf, 0xac, 0x49, 0x9d, |
| 0x5d, 0x7d, 0x23, 0x62, 0xf2, 0x9c, 0x5e, 0x02, 0xe8, 0x71, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, |
| 0x66, 0x30, 0x64, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd4, 0x0c, |
| 0x10, 0x1b, 0xf8, 0xcd, 0x63, 0xb9, 0xf7, 0x39, 0x52, 0xb5, 0x0e, 0x13, 0x5c, 0xa6, 0xd7, 0x99, |
| 0x93, 0x86, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x29, |
| 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6, 0xb0, 0xe9, 0x32, 0xe5, |
| 0x07, 0xfe, 0x2e, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, |
| 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, |
| 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, |
| 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x9e, 0x2d, 0x48, 0x5f, 0x8c, 0x67, |
| 0x33, 0xdc, 0x1a, 0x85, 0xad, 0x99, 0xd7, 0x50, 0x23, 0xea, 0x14, 0xec, 0x43, 0xb0, 0xe1, 0x9d, |
| 0xea, 0xc2, 0x23, 0x46, 0x1e, 0x72, 0xb5, 0x19, 0xdc, 0x60, 0x22, 0xe4, 0xa5, 0x68, 0x31, 0x6c, |
| 0x0b, 0x55, 0xc4, 0xe6, 0x9c, 0xa2, 0x2d, 0x9f, 0x3a, 0x4f, 0x93, 0x6b, 0x31, 0x8b, 0x16, 0x78, |
| 0x16, 0x0d, 0x88, 0xcb, 0xd9, 0x8b, 0xcc, 0x80, 0x9d, 0x84, 0xf0, 0xc2, 0x27, 0xe3, 0x6b, 0x38, |
| 0xf1, 0xfd, 0xd1, 0xe7, 0x17, 0x72, 0x31, 0x59, 0x35, 0x7d, 0x96, 0xf3, 0xc5, 0x7f, 0xab, 0x9d, |
| 0x8f, 0x96, 0x61, 0x26, 0x4f, 0xb2, 0xbe, 0x81, 0xbb, 0x0d, 0x49, 0x04, 0x22, 0x8a, 0xce, 0x9f, |
| 0xf7, 0xf5, 0x42, 0x2e, 0x25, 0x44, 0xfa, 0x21, 0x07, 0x12, 0x5a, 0x83, 0xb5, 0x55, 0xad, 0x18, |
| 0x82, 0xf8, 0x40, 0x14, 0x9b, 0x9c, 0x20, 0x63, 0x04, 0x7f, |
| }; |
| |
| static uint8_t kRsaAttestRootCert[] = { |
| 0x30, 0x82, 0x02, 0xa7, 0x30, 0x82, 0x02, 0x10, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, |
| 0xff, 0x94, 0xd9, 0xdd, 0x9f, 0x07, 0xc8, 0x0c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, |
| 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x63, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, |
| 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, |
| 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, |
| 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, |
| 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, |
| 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, |
| 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x30, 0x1e, 0x17, 0x0d, |
| 0x31, 0x36, 0x30, 0x31, 0x30, 0x34, 0x31, 0x32, 0x33, 0x31, 0x30, 0x38, 0x5a, 0x17, 0x0d, 0x33, |
| 0x35, 0x31, 0x32, 0x33, 0x30, 0x31, 0x32, 0x33, 0x31, 0x30, 0x38, 0x5a, 0x30, 0x63, 0x31, 0x0b, |
| 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, |
| 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, |
| 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, |
| 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, |
| 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, |
| 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, |
| 0x64, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, |
| 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa2, 0x6b, |
| 0xad, 0xeb, 0x6e, 0x2e, 0x44, 0x61, 0xef, 0xd5, 0x0e, 0x82, 0xe6, 0xb7, 0x94, 0xd1, 0x75, 0x23, |
| 0x1f, 0x77, 0x9b, 0x63, 0x91, 0x63, 0xff, 0xf7, 0xaa, 0xff, 0x0b, 0x72, 0x47, 0x4e, 0xc0, 0x2c, |
| 0x43, 0xec, 0x33, 0x7c, 0xd7, 0xac, 0xed, 0x40, 0x3e, 0x8c, 0x28, 0xa0, 0x66, 0xd5, 0xf7, 0x87, |
| 0x0b, 0x33, 0x97, 0xde, 0x0e, 0xb8, 0x4e, 0x13, 0x40, 0xab, 0xaf, 0xa5, 0x27, 0xbf, 0x95, 0x69, |
| 0xa0, 0x31, 0xdb, 0x06, 0x52, 0x65, 0xf8, 0x44, 0x59, 0x57, 0x61, 0xf0, 0xbb, 0xf2, 0x17, 0x4b, |
| 0xb7, 0x41, 0x80, 0x64, 0xc0, 0x28, 0x0e, 0x8f, 0x52, 0x77, 0x8e, 0xdb, 0xd2, 0x47, 0xb6, 0x45, |
| 0xe9, 0x19, 0xc8, 0xe9, 0x8b, 0xc3, 0xdb, 0xc2, 0x91, 0x3f, 0xd7, 0xd7, 0x50, 0xc4, 0x1d, 0x35, |
| 0x66, 0xf9, 0x57, 0xe4, 0x97, 0x96, 0x0b, 0x09, 0xac, 0xce, 0x92, 0x35, 0x85, 0x9b, 0x02, 0x03, |
| 0x01, 0x00, 0x01, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, |
| 0x04, 0x14, 0x29, 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6, 0xb0, |
| 0xe9, 0x32, 0xe5, 0x07, 0xfe, 0x2e, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, |
| 0x16, 0x80, 0x14, 0x29, 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6, |
| 0xb0, 0xe9, 0x32, 0xe5, 0x07, 0xfe, 0x2e, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, |
| 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, |
| 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, |
| 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x4f, 0x72, 0xf3, 0x36, 0x59, |
| 0x8d, 0x0e, 0xc1, 0xb9, 0x74, 0x5b, 0x31, 0x59, 0xf6, 0xf0, 0x8d, 0x25, 0x49, 0x30, 0x9e, 0xa3, |
| 0x1c, 0x1c, 0x29, 0xd2, 0x45, 0x2d, 0x20, 0xb9, 0x4d, 0x5f, 0x64, 0xb4, 0xe8, 0x80, 0xc7, 0x78, |
| 0x7a, 0x9c, 0x39, 0xde, 0xa8, 0xb3, 0xf5, 0xbf, 0x2f, 0x70, 0x5f, 0x47, 0x10, 0x5c, 0xc5, 0xe6, |
| 0xeb, 0x4d, 0x06, 0x99, 0x61, 0xd2, 0xae, 0x9a, 0x07, 0xff, 0xf7, 0x7c, 0xb8, 0xab, 0xeb, 0x9c, |
| 0x0f, 0x24, 0x07, 0x5e, 0xb1, 0x7f, 0xba, 0x79, 0x71, 0xfd, 0x4d, 0x5b, 0x9e, 0xdf, 0x14, 0xa9, |
| 0xfe, 0xdf, 0xed, 0x7c, 0xc0, 0x88, 0x5d, 0xf8, 0xdd, 0x9b, 0x64, 0x32, 0x56, 0xd5, 0x35, 0x9a, |
| 0xe2, 0x13, 0xf9, 0x8f, 0xce, 0xc1, 0x7c, 0xdc, 0xef, 0xa4, 0xaa, 0xb2, 0x55, 0xc3, 0x83, 0xa9, |
| 0x2e, 0xfb, 0x5c, 0xf6, 0x62, 0xf5, 0x27, 0x52, 0x17, 0xbe, 0x63, |
| }; |
| |
| static uint8_t kEcAttestKey[] = { |
| 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x21, 0xe0, 0x86, 0x43, 0x2a, 0x15, 0x19, 0x84, 0x59, |
| 0xcf, 0x36, 0x3a, 0x50, 0xfc, 0x14, 0xc9, 0xda, 0xad, 0xf9, 0x35, 0xf5, 0x27, 0xc2, 0xdf, 0xd7, |
| 0x1e, 0x4d, 0x6d, 0xbc, 0x42, 0xe5, 0x44, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, |
| 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xeb, 0x9e, 0x79, 0xf8, 0x42, 0x63, 0x59, |
| 0xac, 0xcb, 0x2a, 0x91, 0x4c, 0x89, 0x86, 0xcc, 0x70, 0xad, 0x90, 0x66, 0x93, 0x82, 0xa9, 0x73, |
| 0x26, 0x13, 0xfe, 0xac, 0xcb, 0xf8, 0x21, 0x27, 0x4c, 0x21, 0x74, 0x97, 0x4a, 0x2a, 0xfe, 0xa5, |
| 0xb9, 0x4d, 0x7f, 0x66, 0xd4, 0xe0, 0x65, 0x10, 0x66, 0x35, 0xbc, 0x53, 0xb7, 0xa0, 0xa3, 0xa6, |
| 0x71, 0x58, 0x3e, 0xdb, 0x3e, 0x11, 0xae, 0x10, 0x14, |
| }; |
| |
| static uint8_t kEcAttestCert[] = { |
| 0x30, 0x82, 0x02, 0x78, 0x30, 0x82, 0x02, 0x1e, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x10, |
| 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81, 0x98, |
| 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, |
| 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, |
| 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, |
| 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, |
| 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, |
| 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, |
| 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2a, 0x41, 0x6e, |
| 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x53, |
| 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, |
| 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, |
| 0x31, 0x31, 0x30, 0x30, 0x34, 0x36, 0x30, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x30, 0x31, 0x30, |
| 0x38, 0x30, 0x30, 0x34, 0x36, 0x30, 0x39, 0x5a, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, |
| 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, |
| 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x15, 0x30, |
| 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, |
| 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, |
| 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x3b, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, |
| 0x32, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, |
| 0x65, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, |
| 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, |
| 0x61, 0x74, 0x65, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, |
| 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xeb, 0x9e, |
| 0x79, 0xf8, 0x42, 0x63, 0x59, 0xac, 0xcb, 0x2a, 0x91, 0x4c, 0x89, 0x86, 0xcc, 0x70, 0xad, 0x90, |
| 0x66, 0x93, 0x82, 0xa9, 0x73, 0x26, 0x13, 0xfe, 0xac, 0xcb, 0xf8, 0x21, 0x27, 0x4c, 0x21, 0x74, |
| 0x97, 0x4a, 0x2a, 0xfe, 0xa5, 0xb9, 0x4d, 0x7f, 0x66, 0xd4, 0xe0, 0x65, 0x10, 0x66, 0x35, 0xbc, |
| 0x53, 0xb7, 0xa0, 0xa3, 0xa6, 0x71, 0x58, 0x3e, 0xdb, 0x3e, 0x11, 0xae, 0x10, 0x14, 0xa3, 0x66, |
| 0x30, 0x64, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3f, 0xfc, 0xac, |
| 0xd6, 0x1a, 0xb1, 0x3a, 0x9e, 0x81, 0x20, 0xb8, 0xd5, 0x25, 0x1c, 0xc5, 0x65, 0xbb, 0x1e, 0x91, |
| 0xa9, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xc8, 0xad, |
| 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16, 0x10, 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a, |
| 0x30, 0xcf, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, |
| 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, |
| 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, |
| 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x4b, 0x8a, 0x9b, 0x7b, 0xee, 0x82, 0xbc, |
| 0xc0, 0x33, 0x87, 0xae, 0x2f, 0xc0, 0x89, 0x98, 0xb4, 0xdd, 0xc3, 0x8d, 0xab, 0x27, 0x2a, 0x45, |
| 0x9f, 0x69, 0x0c, 0xc7, 0xc3, 0x92, 0xd4, 0x0f, 0x8e, 0x02, 0x21, 0x00, 0xee, 0xda, 0x01, 0x5d, |
| 0xb6, 0xf4, 0x32, 0xe9, 0xd4, 0x84, 0x3b, 0x62, 0x4c, 0x94, 0x04, 0xef, 0x3a, 0x7c, 0xcc, 0xbd, |
| 0x5e, 0xfb, 0x22, 0xbb, 0xe7, 0xfe, 0xb9, 0x77, 0x3f, 0x59, 0x3f, 0xfb, |
| }; |
| |
| static uint8_t kEcAttestRootCert[] = { |
| 0x30, 0x82, 0x02, 0x8b, 0x30, 0x82, 0x02, 0x32, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, |
| 0xa2, 0x05, 0x9e, 0xd1, 0x0e, 0x43, 0x5b, 0x57, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, |
| 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81, 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, |
| 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, |
| 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, |
| 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, |
| 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, |
| 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, |
| 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, |
| 0x55, 0x04, 0x03, 0x0c, 0x2a, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, |
| 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, |
| 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, |
| 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, 0x31, 0x31, 0x30, 0x30, 0x34, 0x33, 0x35, 0x30, 0x5a, |
| 0x17, 0x0d, 0x33, 0x36, 0x30, 0x31, 0x30, 0x36, 0x30, 0x30, 0x34, 0x33, 0x35, 0x30, 0x5a, 0x30, |
| 0x81, 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, |
| 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, |
| 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, |
| 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, |
| 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, |
| 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, |
| 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2a, |
| 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, |
| 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, |
| 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, |
| 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, |
| 0x07, 0x03, 0x42, 0x00, 0x04, 0xee, 0x5d, 0x5e, 0xc7, 0xe1, 0xc0, 0xdb, 0x6d, 0x03, 0xa6, 0x7e, |
| 0xe6, 0xb6, 0x1b, 0xec, 0x4d, 0x6a, 0x5d, 0x6a, 0x68, 0x2e, 0x0f, 0xff, 0x7f, 0x49, 0x0e, 0x7d, |
| 0x77, 0x1f, 0x44, 0x22, 0x6d, 0xbd, 0xb1, 0xaf, 0xfa, 0x16, 0xcb, 0xc7, 0xad, 0xc5, 0x77, 0xd2, |
| 0x56, 0x9c, 0xaa, 0xb7, 0xb0, 0x2d, 0x54, 0x01, 0x5d, 0x3e, 0x43, 0x2b, 0x2a, 0x8e, 0xd7, 0x4e, |
| 0xec, 0x48, 0x75, 0x41, 0xa4, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, |
| 0x04, 0x16, 0x04, 0x14, 0xc8, 0xad, 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16, 0x10, |
| 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a, 0x30, 0xcf, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, |
| 0x18, 0x30, 0x16, 0x80, 0x14, 0xc8, 0xad, 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16, |
| 0x10, 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a, 0x30, 0xcf, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, |
| 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, |
| 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, |
| 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x35, 0x21, 0xa3, |
| 0xef, 0x8b, 0x34, 0x46, 0x1e, 0x9c, 0xd5, 0x60, 0xf3, 0x1d, 0x58, 0x89, 0x20, 0x6a, 0xdc, 0xa3, |
| 0x65, 0x41, 0xf6, 0x0d, 0x9e, 0xce, 0x8a, 0x19, 0x8c, 0x66, 0x48, 0x60, 0x7b, 0x02, 0x20, 0x4d, |
| 0x0b, 0xf3, 0x51, 0xd9, 0x30, 0x7c, 0x7d, 0x5b, 0xda, 0x35, 0x34, 0x1d, 0xa8, 0x47, 0x1b, 0x63, |
| 0xa5, 0x85, 0x65, 0x3c, 0xad, 0x4f, 0x24, 0xa7, 0xe7, 0x4d, 0xaf, 0x41, 0x7d, 0xf1, 0xbf, |
| }; |
| |
| size_t kCertificateChainLength = 2; |
| |
| bool UpgradeIntegerTag(keymaster_tag_t tag, uint32_t value, AuthorizationSet* set, |
| bool* set_changed) { |
| int index = set->find(tag); |
| if (index == -1) { |
| keymaster_key_param_t param; |
| param.tag = tag; |
| param.integer = value; |
| set->push_back(param); |
| *set_changed = true; |
| return true; |
| } |
| |
| if (set->params[index].integer > value) |
| return false; |
| |
| if (set->params[index].integer != value) { |
| set->params[index].integer = value; |
| *set_changed = true; |
| } |
| return true; |
| } |
| |
| } // anonymous namespace |
| |
| SoftKeymasterContext::SoftKeymasterContext(const std::string& root_of_trust) |
| : rsa_factory_(new RsaKeyFactory(this)), ec_factory_(new EcKeyFactory(this)), |
| aes_factory_(new AesKeyFactory(this)), hmac_factory_(new HmacKeyFactory(this)), |
| km1_dev_(nullptr), root_of_trust_(root_of_trust), os_version_(0), os_patchlevel_(0) {} |
| |
| SoftKeymasterContext::~SoftKeymasterContext() {} |
| |
| keymaster_error_t SoftKeymasterContext::SetHardwareDevice(keymaster0_device_t* keymaster0_device) { |
| if (!keymaster0_device) |
| return KM_ERROR_UNEXPECTED_NULL_POINTER; |
| |
| if ((keymaster0_device->flags & KEYMASTER_SOFTWARE_ONLY) != 0) { |
| LOG_E("SoftKeymasterContext only wraps hardware keymaster0 devices", 0); |
| return KM_ERROR_INVALID_ARGUMENT; |
| } |
| |
| km0_engine_.reset(new Keymaster0Engine(keymaster0_device)); |
| rsa_factory_.reset(new RsaKeymaster0KeyFactory(this, km0_engine_.get())); |
| ec_factory_.reset(new EcdsaKeymaster0KeyFactory(this, km0_engine_.get())); |
| // Keep AES and HMAC factories. |
| |
| return KM_ERROR_OK; |
| } |
| |
| keymaster_error_t SoftKeymasterContext::SetHardwareDevice(keymaster1_device_t* keymaster1_device) { |
| if (!keymaster1_device) |
| return KM_ERROR_UNEXPECTED_NULL_POINTER; |
| |
| km1_dev_ = keymaster1_device; |
| |
| km1_engine_.reset(new Keymaster1Engine(keymaster1_device)); |
| rsa_factory_.reset(new RsaKeymaster1KeyFactory(this, km1_engine_.get())); |
| ec_factory_.reset(new EcdsaKeymaster1KeyFactory(this, km1_engine_.get())); |
| |
| // All AES and HMAC operations should be passed directly to the keymaster1 device. Explicitly |
| // do not handle them, to provoke errors in case the higher layers fail to send them to the |
| // device. |
| aes_factory_.reset(nullptr); |
| hmac_factory_.reset(nullptr); |
| |
| return KM_ERROR_OK; |
| } |
| |
| keymaster_error_t SoftKeymasterContext::SetSystemVersion(uint32_t os_version, |
| uint32_t os_patchlevel) { |
| os_version_ = os_version; |
| os_patchlevel_ = os_patchlevel; |
| return KM_ERROR_OK; |
| } |
| |
| void SoftKeymasterContext::GetSystemVersion(uint32_t* os_version, uint32_t* os_patchlevel) const { |
| *os_version = os_version_; |
| *os_patchlevel = os_patchlevel_; |
| } |
| |
| KeyFactory* SoftKeymasterContext::GetKeyFactory(keymaster_algorithm_t algorithm) const { |
| switch (algorithm) { |
| case KM_ALGORITHM_RSA: |
| return rsa_factory_.get(); |
| case KM_ALGORITHM_EC: |
| return ec_factory_.get(); |
| case KM_ALGORITHM_AES: |
| return aes_factory_.get(); |
| case KM_ALGORITHM_HMAC: |
| return hmac_factory_.get(); |
| default: |
| return nullptr; |
| } |
| } |
| |
| static keymaster_algorithm_t supported_algorithms[] = {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, |
| KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}; |
| |
| keymaster_algorithm_t* |
| SoftKeymasterContext::GetSupportedAlgorithms(size_t* algorithms_count) const { |
| *algorithms_count = array_length(supported_algorithms); |
| return supported_algorithms; |
| } |
| |
| OperationFactory* SoftKeymasterContext::GetOperationFactory(keymaster_algorithm_t algorithm, |
| keymaster_purpose_t purpose) const { |
| KeyFactory* key_factory = GetKeyFactory(algorithm); |
| if (!key_factory) |
| return nullptr; |
| return key_factory->GetOperationFactory(purpose); |
| } |
| |
| static keymaster_error_t TranslateAuthorizationSetError(AuthorizationSet::Error err) { |
| switch (err) { |
| case AuthorizationSet::OK: |
| return KM_ERROR_OK; |
| case AuthorizationSet::ALLOCATION_FAILURE: |
| return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| case AuthorizationSet::MALFORMED_DATA: |
| return KM_ERROR_UNKNOWN_ERROR; |
| } |
| return KM_ERROR_OK; |
| } |
| |
| static keymaster_error_t SetAuthorizations(const AuthorizationSet& key_description, |
| keymaster_key_origin_t origin, uint32_t os_version, |
| uint32_t os_patchlevel, AuthorizationSet* hw_enforced, |
| AuthorizationSet* sw_enforced) { |
| sw_enforced->Clear(); |
| |
| for (auto& entry : key_description) { |
| switch (entry.tag) { |
| // These cannot be specified by the client. |
| case KM_TAG_ROOT_OF_TRUST: |
| case KM_TAG_ORIGIN: |
| LOG_E("Root of trust and origin tags may not be specified", 0); |
| return KM_ERROR_INVALID_TAG; |
| |
| // These don't work. |
| case KM_TAG_ROLLBACK_RESISTANT: |
| LOG_E("KM_TAG_ROLLBACK_RESISTANT not supported", 0); |
| return KM_ERROR_UNSUPPORTED_TAG; |
| |
| // These are hidden. |
| case KM_TAG_APPLICATION_ID: |
| case KM_TAG_APPLICATION_DATA: |
| break; |
| |
| // Everything else we just copy into sw_enforced, unless the KeyFactory has placed it in |
| // hw_enforced, in which case we defer to its decision. |
| default: |
| if (hw_enforced->GetTagCount(entry.tag) == 0) |
| sw_enforced->push_back(entry); |
| break; |
| } |
| } |
| |
| sw_enforced->push_back(TAG_CREATION_DATETIME, java_time(time(NULL))); |
| sw_enforced->push_back(TAG_ORIGIN, origin); |
| sw_enforced->push_back(TAG_OS_VERSION, os_version); |
| sw_enforced->push_back(TAG_OS_PATCHLEVEL, os_patchlevel); |
| |
| return TranslateAuthorizationSetError(sw_enforced->is_valid()); |
| } |
| |
| keymaster_error_t SoftKeymasterContext::CreateKeyBlob(const AuthorizationSet& key_description, |
| const keymaster_key_origin_t origin, |
| const KeymasterKeyBlob& key_material, |
| KeymasterKeyBlob* blob, |
| AuthorizationSet* hw_enforced, |
| AuthorizationSet* sw_enforced) const { |
| keymaster_error_t error = SetAuthorizations(key_description, origin, os_version_, |
| os_patchlevel_, hw_enforced, sw_enforced); |
| if (error != KM_ERROR_OK) |
| return error; |
| |
| AuthorizationSet hidden; |
| error = BuildHiddenAuthorizations(key_description, &hidden); |
| if (error != KM_ERROR_OK) |
| return error; |
| |
| return SerializeIntegrityAssuredBlob(key_material, hidden, *hw_enforced, *sw_enforced, blob); |
| } |
| |
| keymaster_error_t SoftKeymasterContext::UpgradeKeyBlob(const KeymasterKeyBlob& key_to_upgrade, |
| const AuthorizationSet& upgrade_params, |
| KeymasterKeyBlob* upgraded_key) const { |
| KeymasterKeyBlob key_material; |
| AuthorizationSet tee_enforced; |
| AuthorizationSet sw_enforced; |
| keymaster_error_t error = |
| ParseKeyBlob(key_to_upgrade, upgrade_params, &key_material, &tee_enforced, &sw_enforced); |
| if (error != KM_ERROR_OK) |
| return error; |
| |
| // Three cases here: |
| // |
| // 1. Software key blob. Version info, if present, is in sw_enforced. If not present, we |
| // should add it. |
| // |
| // 2. Keymaster0 hardware key blob. Version info, if present, is in sw_enforced. If not |
| // present we should add it. |
| // |
| // 3. Keymaster1 hardware key blob. Version info is not present and we shouldn't have been |
| // asked to upgrade. |
| |
| // Handle case 3. |
| if (km1_dev_ && tee_enforced.Contains(TAG_PURPOSE) && !tee_enforced.Contains(TAG_OS_PATCHLEVEL)) |
| return KM_ERROR_INVALID_ARGUMENT; |
| |
| // Handle cases 1 & 2. |
| bool set_changed = false; |
| |
| if (os_version_ == 0) { |
| // We need to allow "upgrading" OS version to zero, to support upgrading from proper |
| // numbered releases to unnumbered development and preview releases. |
| |
| int key_os_version_pos = sw_enforced.find(TAG_OS_VERSION); |
| if (key_os_version_pos != -1) { |
| uint32_t key_os_version = sw_enforced[key_os_version_pos].integer; |
| if (key_os_version != 0) { |
| sw_enforced[key_os_version_pos].integer = os_version_; |
| set_changed = true; |
| } |
| } |
| } |
| |
| if (!UpgradeIntegerTag(TAG_OS_VERSION, os_version_, &sw_enforced, &set_changed) || |
| !UpgradeIntegerTag(TAG_OS_PATCHLEVEL, os_patchlevel_, &sw_enforced, &set_changed)) |
| // One of the version fields would have been a downgrade. Not allowed. |
| return KM_ERROR_INVALID_ARGUMENT; |
| |
| if (!set_changed) |
| // Dont' need an upgrade. |
| return KM_ERROR_OK; |
| |
| AuthorizationSet hidden; |
| error = BuildHiddenAuthorizations(upgrade_params, &hidden); |
| if (error != KM_ERROR_OK) |
| return error; |
| return SerializeIntegrityAssuredBlob(key_material, hidden, tee_enforced, sw_enforced, |
| upgraded_key); |
| } |
| |
| static keymaster_error_t ParseOcbAuthEncryptedBlob(const KeymasterKeyBlob& blob, |
| const AuthorizationSet& hidden, |
| KeymasterKeyBlob* key_material, |
| AuthorizationSet* hw_enforced, |
| AuthorizationSet* sw_enforced) { |
| Buffer nonce, tag; |
| KeymasterKeyBlob encrypted_key_material; |
| keymaster_error_t error = DeserializeAuthEncryptedBlob(blob, &encrypted_key_material, |
| hw_enforced, sw_enforced, &nonce, &tag); |
| if (error != KM_ERROR_OK) |
| return error; |
| |
| if (nonce.available_read() != OCB_NONCE_LENGTH || tag.available_read() != OCB_TAG_LENGTH) |
| return KM_ERROR_INVALID_KEY_BLOB; |
| |
| return OcbDecryptKey(*hw_enforced, *sw_enforced, hidden, MASTER_KEY, encrypted_key_material, |
| nonce, tag, key_material); |
| } |
| |
| // Note: This parsing code in below is from system/security/softkeymaster/keymaster_openssl.cpp's |
| // unwrap_key function, modified for the preferred function signature and formatting. It does some |
| // odd things, but they have been left unchanged to avoid breaking compatibility. |
| static const uint8_t SOFT_KEY_MAGIC[] = {'P', 'K', '#', '8'}; |
| keymaster_error_t SoftKeymasterContext::ParseOldSoftkeymasterBlob( |
| const KeymasterKeyBlob& blob, KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced, |
| AuthorizationSet* sw_enforced) const { |
| long publicLen = 0; |
| long privateLen = 0; |
| const uint8_t* p = blob.key_material; |
| const uint8_t* end = blob.key_material + blob.key_material_size; |
| |
| int type = 0; |
| ptrdiff_t min_size = |
| sizeof(SOFT_KEY_MAGIC) + sizeof(type) + sizeof(publicLen) + 1 + sizeof(privateLen) + 1; |
| if (end - p < min_size) { |
| LOG_W("key blob appears to be truncated (if an old SW key)", 0); |
| return KM_ERROR_INVALID_KEY_BLOB; |
| } |
| |
| if (memcmp(p, SOFT_KEY_MAGIC, sizeof(SOFT_KEY_MAGIC)) != 0) |
| return KM_ERROR_INVALID_KEY_BLOB; |
| p += sizeof(SOFT_KEY_MAGIC); |
| |
| for (size_t i = 0; i < sizeof(type); i++) |
| type = (type << 8) | *p++; |
| |
| for (size_t i = 0; i < sizeof(type); i++) |
| publicLen = (publicLen << 8) | *p++; |
| |
| if (p + publicLen > end) { |
| LOG_W("public key length encoding error: size=%ld, end=%td", publicLen, end - p); |
| return KM_ERROR_INVALID_KEY_BLOB; |
| } |
| p += publicLen; |
| |
| if (end - p < 2) { |
| LOG_W("key blob appears to be truncated (if an old SW key)", 0); |
| return KM_ERROR_INVALID_KEY_BLOB; |
| } |
| |
| for (size_t i = 0; i < sizeof(type); i++) |
| privateLen = (privateLen << 8) | *p++; |
| |
| if (p + privateLen > end) { |
| LOG_W("private key length encoding error: size=%ld, end=%td", privateLen, end - p); |
| return KM_ERROR_INVALID_KEY_BLOB; |
| } |
| |
| // Just to be sure, make sure that the ASN.1 structure parses correctly. We don't actually use |
| // the EVP_PKEY here. |
| const uint8_t* key_start = p; |
| unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(d2i_PrivateKey(type, nullptr, &p, privateLen)); |
| if (pkey.get() == nullptr) { |
| LOG_W("Failed to parse PKCS#8 key material (if old SW key)", 0); |
| return KM_ERROR_INVALID_KEY_BLOB; |
| } |
| |
| // All auths go into sw_enforced, including those that would be HW-enforced if we were faking |
| // auths for a HW-backed key. |
| hw_enforced->Clear(); |
| keymaster_error_t error = FakeKeyAuthorizations(pkey.get(), sw_enforced, sw_enforced); |
| if (error != KM_ERROR_OK) |
| return error; |
| |
| if (!key_material->Reset(privateLen)) |
| return KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| memcpy(key_material->writable_data(), key_start, privateLen); |
| |
| return KM_ERROR_OK; |
| } |
| |
| keymaster_error_t SoftKeymasterContext::ParseKeyBlob(const KeymasterKeyBlob& blob, |
| const AuthorizationSet& additional_params, |
| KeymasterKeyBlob* key_material, |
| AuthorizationSet* hw_enforced, |
| AuthorizationSet* sw_enforced) const { |
| // This is a little bit complicated. |
| // |
| // The SoftKeymasterContext has to handle a lot of different kinds of key blobs. |
| // |
| // 1. New keymaster1 software key blobs. These are integrity-assured but not encrypted. The |
| // raw key material and auth sets should be extracted and returned. This is the kind |
| // produced by this context when the KeyFactory doesn't use keymaster0 to back the keys. |
| // |
| // 2. Old keymaster1 software key blobs. These are OCB-encrypted with an all-zero master key. |
| // They should be decrypted and the key material and auth sets extracted and returned. |
| // |
| // 3. Old keymaster0 software key blobs. These are raw key material with a small header tacked |
| // on the front. They don't have auth sets, so reasonable defaults are generated and |
| // returned along with the raw key material. |
| // |
| // 4. New keymaster0 hardware key blobs. These are integrity-assured but not encrypted (though |
| // they're protected by the keymaster0 hardware implementation). The keymaster0 key blob |
| // and auth sets should be extracted and returned. |
| // |
| // 5. Keymaster1 hardware key blobs. These are raw hardware key blobs. They contain auth |
| // sets, which we retrieve from the hardware module. |
| // |
| // 6. Old keymaster0 hardware key blobs. These are raw hardware key blobs. They don't have |
| // auth sets so reasonable defaults are generated and returned along with the key blob. |
| // |
| // Determining what kind of blob has arrived is somewhat tricky. What helps is that |
| // integrity-assured and OCB-encrypted blobs are self-consistent and effectively impossible to |
| // parse as anything else. Old keymaster0 software key blobs have a header. It's reasonably |
| // unlikely that hardware keys would have the same header. So anything that is neither |
| // integrity-assured nor OCB-encrypted and lacks the old software key header is assumed to be |
| // keymaster0 hardware. |
| |
| AuthorizationSet hidden; |
| keymaster_error_t error = BuildHiddenAuthorizations(additional_params, &hidden); |
| if (error != KM_ERROR_OK) |
| return error; |
| |
| // Assume it's an integrity-assured blob (new software-only blob, or new keymaster0-backed |
| // blob). |
| error = DeserializeIntegrityAssuredBlob(blob, hidden, key_material, hw_enforced, sw_enforced); |
| if (error != KM_ERROR_INVALID_KEY_BLOB) |
| return error; |
| |
| // Wasn't an integrity-assured blob. Maybe it's an OCB-encrypted blob. |
| error = ParseOcbAuthEncryptedBlob(blob, hidden, key_material, hw_enforced, sw_enforced); |
| if (error == KM_ERROR_OK) |
| LOG_D("Parsed an old keymaster1 software key", 0); |
| if (error != KM_ERROR_INVALID_KEY_BLOB) |
| return error; |
| |
| // Wasn't an OCB-encrypted blob. Maybe it's an old softkeymaster blob. |
| error = ParseOldSoftkeymasterBlob(blob, key_material, hw_enforced, sw_enforced); |
| if (error == KM_ERROR_OK) |
| LOG_D("Parsed an old sofkeymaster key", 0); |
| if (error != KM_ERROR_INVALID_KEY_BLOB) |
| return error; |
| |
| if (km1_dev_) |
| return ParseKeymaster1HwBlob(blob, additional_params, key_material, hw_enforced, |
| sw_enforced); |
| else if (km0_engine_) |
| return ParseKeymaster0HwBlob(blob, key_material, hw_enforced, sw_enforced); |
| |
| LOG_E("Failed to parse key; not a valid software blob, no hardware module configured", 0); |
| return KM_ERROR_INVALID_KEY_BLOB; |
| } |
| |
| keymaster_error_t SoftKeymasterContext::DeleteKey(const KeymasterKeyBlob& blob) const { |
| if (km1_engine_) { |
| keymaster_error_t error = km1_engine_->DeleteKey(blob); |
| if (error == KM_ERROR_INVALID_KEY_BLOB) { |
| // Note that we succeed on invalid blob, because it probably just indicates that the |
| // blob is a software blob, not a hardware blob. |
| error = KM_ERROR_OK; |
| } |
| return error; |
| } |
| |
| if (km0_engine_) { |
| // This could be a keymaster0 hardware key, and it could be either raw or encapsulated in an |
| // integrity-assured blob. If it's integrity-assured, we can't validate it strongly, |
| // because we don't have the necessary additional_params data. However, the probability |
| // that anything other than an integrity-assured blob would have all of the structure |
| // required to decode as a valid blob is low -- unless it's maliciously-constructed, but the |
| // deserializer should be proof against bad data, as should the keymaster0 hardware. |
| // |
| // Thus, we first try to parse it as integrity-assured. If that works, we pass the result |
| // to the underlying hardware. If not, we pass blob unmodified to the underlying hardware. |
| KeymasterKeyBlob key_material; |
| AuthorizationSet hw_enforced, sw_enforced; |
| keymaster_error_t error = DeserializeIntegrityAssuredBlob_NoHmacCheck( |
| blob, &key_material, &hw_enforced, &sw_enforced); |
| if (error == KM_ERROR_OK && km0_engine_->DeleteKey(key_material)) |
| return KM_ERROR_OK; |
| |
| km0_engine_->DeleteKey(blob); |
| |
| // We succeed unconditionally at this point, even if delete failed. Failure indicates that |
| // either the blob is a software blob (which we can't distinguish with certainty without |
| // additional_params) or because it is a hardware blob and the hardware failed. In the |
| // first case, there is no error. In the second case, the client can't do anything to fix |
| // it anyway, so it's not too harmful to simply swallow the error. This is not ideal, but |
| // it's the least-bad alternative. |
| return KM_ERROR_OK; |
| } |
| |
| // Nothing to do for software-only contexts. |
| return KM_ERROR_OK; |
| } |
| |
| keymaster_error_t SoftKeymasterContext::DeleteAllKeys() const { |
| if (km1_engine_) |
| return km1_engine_->DeleteAllKeys(); |
| |
| if (km0_engine_ && !km0_engine_->DeleteAllKeys()) |
| return KM_ERROR_UNKNOWN_ERROR; |
| |
| return KM_ERROR_OK; |
| } |
| |
| keymaster_error_t SoftKeymasterContext::AddRngEntropy(const uint8_t* buf, size_t length) const { |
| RAND_add(buf, length, 0 /* Don't assume any entropy is added to the pool. */); |
| return KM_ERROR_OK; |
| } |
| |
| keymaster_error_t SoftKeymasterContext::GenerateRandom(uint8_t* buf, size_t length) const { |
| if (RAND_bytes(buf, length) != 1) |
| return KM_ERROR_UNKNOWN_ERROR; |
| return KM_ERROR_OK; |
| } |
| |
| void SoftKeymasterContext::AddSystemVersionToSet(AuthorizationSet* auth_set) const { |
| if (!auth_set->Contains(TAG_OS_VERSION)) |
| auth_set->push_back(TAG_OS_VERSION, os_version_); |
| if (!auth_set->Contains(TAG_OS_PATCHLEVEL)) |
| auth_set->push_back(TAG_OS_PATCHLEVEL, os_patchlevel_); |
| } |
| |
| EVP_PKEY* SoftKeymasterContext::AttestationKey(keymaster_algorithm_t algorithm, |
| keymaster_error_t* error) const { |
| |
| const uint8_t* key; |
| size_t key_length; |
| int evp_key_type; |
| |
| switch (algorithm) { |
| case KM_ALGORITHM_RSA: |
| key = kRsaAttestKey; |
| key_length = array_length(kRsaAttestKey); |
| evp_key_type = EVP_PKEY_RSA; |
| break; |
| |
| case KM_ALGORITHM_EC: |
| key = kEcAttestKey; |
| key_length = array_length(kEcAttestKey); |
| evp_key_type = EVP_PKEY_EC; |
| break; |
| |
| default: |
| *error = KM_ERROR_UNSUPPORTED_ALGORITHM; |
| return nullptr; |
| } |
| |
| EVP_PKEY* pkey = d2i_PrivateKey(evp_key_type, nullptr /* pkey */, &key, key_length); |
| if (!pkey) |
| *error = TranslateLastOpenSslError(); |
| |
| return pkey; |
| } |
| |
| keymaster_cert_chain_t* SoftKeymasterContext::AttestationChain(keymaster_algorithm_t algorithm, |
| keymaster_error_t* error) const { |
| // If we have to bail it will be because of an allocation failure. |
| *error = KM_ERROR_MEMORY_ALLOCATION_FAILED; |
| |
| UniquePtr<keymaster_cert_chain_t, CertificateChainDelete> chain(new keymaster_cert_chain_t); |
| if (!chain.get()) |
| return nullptr; |
| memset(chain.get(), 0, sizeof(keymaster_cert_chain_t)); |
| |
| chain->entries = new keymaster_blob_t[kCertificateChainLength]; |
| if (!chain->entries) |
| return nullptr; |
| |
| memset(chain->entries, 0, sizeof(chain->entries[0]) * kCertificateChainLength); |
| chain->entry_count = kCertificateChainLength; |
| |
| size_t entry = 0; |
| |
| switch (algorithm) { |
| case KM_ALGORITHM_RSA: |
| chain->entries[entry].data = dup_array(kRsaAttestCert); |
| if (!chain->entries[entry].data) |
| return nullptr; |
| chain->entries[entry].data_length = array_length(kRsaAttestCert); |
| entry++; |
| chain->entries[entry].data = dup_array(kRsaAttestRootCert); |
| if (!chain->entries[entry].data) |
| return nullptr; |
| chain->entries[entry].data_length = array_length(kRsaAttestRootCert); |
| entry++; |
| break; |
| |
| case KM_ALGORITHM_EC: |
| chain->entries[entry].data = dup_array(kEcAttestCert); |
| if (!chain->entries[entry].data) |
| return nullptr; |
| chain->entries[entry].data_length = array_length(kEcAttestCert); |
| entry++; |
| chain->entries[entry].data = dup_array(kEcAttestRootCert); |
| if (!chain->entries[entry].data) |
| return nullptr; |
| chain->entries[entry].data_length = array_length(kEcAttestRootCert); |
| entry++; |
| break; |
| |
| default: |
| *error = KM_ERROR_UNSUPPORTED_ALGORITHM; |
| return nullptr; |
| }; |
| |
| assert(entry == kCertificateChainLength); |
| |
| *error = KM_ERROR_OK; |
| return chain.release(); |
| } |
| |
| keymaster_error_t SoftKeymasterContext::GenerateUniqueId( |
| uint64_t /* creation_date_time */, const keymaster_blob_t& /* application_id */, |
| bool /* reset_since_rotation */, Buffer* /* unique_id */) const { |
| // SoftKeymasterDevice cannot generate unique IDs. |
| return KM_ERROR_UNIMPLEMENTED; |
| } |
| |
| keymaster_error_t SoftKeymasterContext::ParseKeymaster1HwBlob( |
| const KeymasterKeyBlob& blob, const AuthorizationSet& additional_params, |
| KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced, |
| AuthorizationSet* sw_enforced) const { |
| assert(km1_dev_); |
| |
| keymaster_blob_t client_id = {nullptr, 0}; |
| keymaster_blob_t app_data = {nullptr, 0}; |
| keymaster_blob_t* client_id_ptr = nullptr; |
| keymaster_blob_t* app_data_ptr = nullptr; |
| if (additional_params.GetTagValue(TAG_APPLICATION_ID, &client_id)) |
| client_id_ptr = &client_id; |
| if (additional_params.GetTagValue(TAG_APPLICATION_DATA, &app_data)) |
| app_data_ptr = &app_data; |
| |
| // Get key characteristics, which incidentally verifies that the HW recognizes the key. |
| keymaster_key_characteristics_t* characteristics; |
| keymaster_error_t error = km1_dev_->get_key_characteristics(km1_dev_, &blob, client_id_ptr, |
| app_data_ptr, &characteristics); |
| if (error != KM_ERROR_OK) |
| return error; |
| unique_ptr<keymaster_key_characteristics_t, Characteristics_Delete> characteristics_deleter( |
| characteristics); |
| |
| LOG_D("Module \"%s\" accepted key", km1_dev_->common.module->name); |
| |
| hw_enforced->Reinitialize(characteristics->hw_enforced); |
| sw_enforced->Reinitialize(characteristics->sw_enforced); |
| *key_material = blob; |
| return KM_ERROR_OK; |
| } |
| |
| keymaster_error_t SoftKeymasterContext::ParseKeymaster0HwBlob(const KeymasterKeyBlob& blob, |
| KeymasterKeyBlob* key_material, |
| AuthorizationSet* hw_enforced, |
| AuthorizationSet* sw_enforced) const { |
| assert(km0_engine_); |
| |
| unique_ptr<EVP_PKEY, EVP_PKEY_Delete> tmp_key(km0_engine_->GetKeymaster0PublicKey(blob)); |
| |
| if (!tmp_key) |
| return KM_ERROR_INVALID_KEY_BLOB; |
| |
| LOG_D("Module \"%s\" accepted key", km0_engine_->device()->common.module->name); |
| keymaster_error_t error = FakeKeyAuthorizations(tmp_key.get(), hw_enforced, sw_enforced); |
| if (error == KM_ERROR_OK) |
| *key_material = blob; |
| |
| return error; |
| } |
| |
| keymaster_error_t SoftKeymasterContext::FakeKeyAuthorizations(EVP_PKEY* pubkey, |
| AuthorizationSet* hw_enforced, |
| AuthorizationSet* sw_enforced) const { |
| hw_enforced->Clear(); |
| sw_enforced->Clear(); |
| |
| switch (EVP_PKEY_type(pubkey->type)) { |
| case EVP_PKEY_RSA: { |
| hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA); |
| hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_NONE); |
| hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_MD5); |
| hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA1); |
| hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_224); |
| hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); |
| hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384); |
| hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_512); |
| hw_enforced->push_back(TAG_PADDING, KM_PAD_NONE); |
| hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN); |
| hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT); |
| hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PSS); |
| hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_OAEP); |
| |
| sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN); |
| sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY); |
| sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_ENCRYPT); |
| sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_DECRYPT); |
| |
| unique_ptr<RSA, RSA_Delete> rsa(EVP_PKEY_get1_RSA(pubkey)); |
| if (!rsa) |
| return TranslateLastOpenSslError(); |
| hw_enforced->push_back(TAG_KEY_SIZE, RSA_size(rsa.get()) * 8); |
| uint64_t public_exponent = BN_get_word(rsa->e); |
| if (public_exponent == 0xffffffffL) |
| return KM_ERROR_INVALID_KEY_BLOB; |
| hw_enforced->push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent); |
| break; |
| } |
| |
| case EVP_PKEY_EC: { |
| hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA); |
| hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_NONE); |
| hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_MD5); |
| hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA1); |
| hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_224); |
| hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); |
| hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384); |
| hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_512); |
| |
| sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN); |
| sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY); |
| |
| UniquePtr<EC_KEY, EC_KEY_Delete> ec_key(EVP_PKEY_get1_EC_KEY(pubkey)); |
| if (!ec_key.get()) |
| return TranslateLastOpenSslError(); |
| size_t key_size_bits; |
| keymaster_error_t error = |
| ec_get_group_size(EC_KEY_get0_group(ec_key.get()), &key_size_bits); |
| if (error != KM_ERROR_OK) |
| return error; |
| hw_enforced->push_back(TAG_KEY_SIZE, key_size_bits); |
| break; |
| } |
| |
| default: |
| return KM_ERROR_UNSUPPORTED_ALGORITHM; |
| } |
| |
| sw_enforced->push_back(TAG_ALL_USERS); |
| sw_enforced->push_back(TAG_NO_AUTH_REQUIRED); |
| |
| return KM_ERROR_OK; |
| } |
| |
| keymaster_error_t SoftKeymasterContext::BuildHiddenAuthorizations(const AuthorizationSet& input_set, |
| AuthorizationSet* hidden) const { |
| keymaster_blob_t entry; |
| if (input_set.GetTagValue(TAG_APPLICATION_ID, &entry)) |
| hidden->push_back(TAG_APPLICATION_ID, entry.data, entry.data_length); |
| if (input_set.GetTagValue(TAG_APPLICATION_DATA, &entry)) |
| hidden->push_back(TAG_APPLICATION_DATA, entry.data, entry.data_length); |
| |
| hidden->push_back(TAG_ROOT_OF_TRUST, reinterpret_cast<const uint8_t*>(root_of_trust_.data()), |
| root_of_trust_.size()); |
| |
| return TranslateAuthorizationSetError(hidden->is_valid()); |
| } |
| |
| } // namespace keymaster |