1 /* 2 * Copyright 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <keymaster/soft_keymaster_context.h> 18 19 #include <memory> 20 #include <time.h> 21 22 #include <openssl/aes.h> 23 #include <openssl/hmac.h> 24 #include <openssl/rand.h> 25 #include <openssl/sha.h> 26 27 #include <keymaster/android_keymaster_utils.h> 28 #include <keymaster/logger.h> 29 30 #include "aes_key.h" 31 #include "auth_encrypted_key_blob.h" 32 #include "ec_keymaster0_key.h" 33 #include "ec_keymaster1_key.h" 34 #include "hmac_key.h" 35 #include "integrity_assured_key_blob.h" 36 #include "keymaster0_engine.h" 37 #include "ocb_utils.h" 38 #include "openssl_err.h" 39 #include "rsa_keymaster0_key.h" 40 #include "rsa_keymaster1_key.h" 41 42 using std::unique_ptr; 43 44 namespace keymaster { 45 46 namespace { 47 static uint8_t master_key_bytes[AES_BLOCK_SIZE] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 48 const KeymasterKeyBlob MASTER_KEY(master_key_bytes, array_length(master_key_bytes)); 49 50 static uint8_t kRsaAttestKey[] = { 51 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xc0, 0x83, 0x23, 0xdc, 0x56, 52 0x88, 0x1b, 0xb8, 0x30, 0x20, 0x69, 0xf5, 0xb0, 0x85, 0x61, 0xc6, 0xee, 0xbe, 0x7f, 0x05, 0xe2, 53 0xf5, 0xa8, 0x42, 0x04, 0x8a, 0xbe, 0x8b, 0x47, 0xbe, 0x76, 0xfe, 0xae, 0xf2, 0x5c, 0xf2, 0x9b, 54 0x2a, 0xfa, 0x32, 0x00, 0x14, 0x16, 0x01, 0x42, 0x99, 0x89, 0xa1, 0x5f, 0xcf, 0xc6, 0x81, 0x5e, 55 0xb3, 0x63, 0x58, 0x3c, 0x2f, 0xd2, 0xf2, 0x0b, 0xe4, 0x98, 0x32, 0x83, 0xdd, 0x81, 0x4b, 0x16, 56 0xd7, 0xe1, 0x85, 0x41, 0x7a, 0xe5, 0x4a, 0xbc, 0x29, 0x6a, 0x3a, 0x6d, 0xb5, 0xc0, 0x04, 0x08, 57 0x3b, 0x68, 0xc5, 0x56, 0xc1, 0xf0, 0x23, 0x39, 0x91, 0x64, 0x19, 0x86, 0x4d, 0x50, 0xb7, 0x4d, 58 0x40, 0xae, 0xca, 0x48, 0x4c, 0x77, 0x35, 0x6c, 0x89, 0x5a, 0x0c, 0x27, 0x5a, 0xbf, 0xac, 0x49, 59 0x9d, 0x5d, 0x7d, 0x23, 0x62, 0xf2, 0x9c, 0x5e, 0x02, 0xe8, 0x71, 0x02, 0x03, 0x01, 0x00, 0x01, 60 0x02, 0x81, 0x81, 0x00, 0xbe, 0x86, 0x0b, 0x0b, 0x99, 0xa8, 0x02, 0xa6, 0xfb, 0x1a, 0x59, 0x43, 61 0x8a, 0x7b, 0xb7, 0x15, 0x06, 0x5b, 0x09, 0xa3, 0x6d, 0xc6, 0xe9, 0xca, 0xcc, 0x6b, 0xf3, 0xc0, 62 0x2c, 0x34, 0xd7, 0xd7, 0x9e, 0x94, 0xc6, 0x60, 0x64, 0x28, 0xd8, 0x8c, 0x7b, 0x7f, 0x65, 0x77, 63 0xc1, 0xcd, 0xea, 0x64, 0x07, 0x4a, 0xbe, 0x8e, 0x72, 0x86, 0xdf, 0x1f, 0x08, 0x11, 0xdc, 0x97, 64 0x28, 0x26, 0x08, 0x68, 0xde, 0x95, 0xd3, 0x2e, 0xfc, 0x96, 0xb6, 0xd0, 0x84, 0xff, 0x27, 0x1a, 65 0x5f, 0x60, 0xde, 0xfc, 0xc7, 0x03, 0xe7, 0xa3, 0x8e, 0x6e, 0x29, 0xba, 0x9a, 0x3c, 0x5f, 0xc2, 66 0xc2, 0x80, 0x76, 0xb6, 0xa8, 0x96, 0xaf, 0x1d, 0x34, 0xd7, 0x88, 0x28, 0xce, 0x9b, 0xdd, 0xb1, 67 0xf3, 0x4f, 0x9c, 0x94, 0x04, 0x43, 0x07, 0x81, 0x29, 0x8e, 0x20, 0x13, 0x16, 0x72, 0x5b, 0xbd, 68 0xbc, 0x99, 0x3a, 0x41, 0x02, 0x41, 0x00, 0xe1, 0xc6, 0xd9, 0x27, 0x64, 0x6c, 0x09, 0x16, 0xec, 69 0x36, 0x82, 0x6d, 0x59, 0x49, 0x83, 0x74, 0x0c, 0x21, 0xf1, 0xb0, 0x74, 0xc4, 0xa1, 0xa5, 0x98, 70 0x67, 0xc6, 0x69, 0x79, 0x5c, 0x85, 0xd3, 0xdc, 0x46, 0x4c, 0x5b, 0x92, 0x9e, 0x94, 0xbf, 0xb3, 71 0x4e, 0x0d, 0xcc, 0x50, 0x14, 0xb1, 0x0f, 0x13, 0x34, 0x1a, 0xb7, 0xfd, 0xd5, 0xf6, 0x04, 0x14, 72 0xd2, 0xa3, 0x26, 0xca, 0xd4, 0x1c, 0xc5, 0x02, 0x41, 0x00, 0xda, 0x48, 0x59, 0x97, 0x78, 0x5c, 73 0xd5, 0x63, 0x0f, 0xb0, 0xfd, 0x8c, 0x52, 0x54, 0xf9, 0x8e, 0x53, 0x8e, 0x18, 0x98, 0x3a, 0xae, 74 0x9e, 0x6b, 0x7e, 0x6a, 0x5a, 0x7b, 0x5d, 0x34, 0x37, 0x55, 0xb9, 0x21, 0x8e, 0xbd, 0x40, 0x32, 75 0x0d, 0x28, 0x38, 0x7d, 0x78, 0x9f, 0x76, 0xfa, 0x21, 0x8b, 0xcc, 0x2d, 0x8b, 0x68, 0xa5, 0xf6, 76 0x41, 0x8f, 0xbb, 0xec, 0xa5, 0x17, 0x9a, 0xb3, 0xaf, 0xbd, 0x02, 0x40, 0x50, 0xfe, 0xfc, 0x32, 77 0x64, 0x95, 0x59, 0x61, 0x6e, 0xd6, 0x53, 0x4e, 0x15, 0x45, 0x09, 0x32, 0x9d, 0x93, 0xa3, 0xd8, 78 0x10, 0xdb, 0xe5, 0xbd, 0xb9, 0x82, 0x29, 0x2c, 0xf7, 0x8b, 0xd8, 0xba, 0xdb, 0x80, 0x20, 0xae, 79 0x8d, 0x57, 0xf4, 0xb7, 0x1d, 0x05, 0x38, 0x6f, 0xfe, 0x9e, 0x9d, 0xb2, 0x71, 0xca, 0x34, 0x77, 80 0xa3, 0x49, 0x99, 0xdb, 0x76, 0xf8, 0xe5, 0xec, 0xe9, 0xc0, 0xd4, 0x9d, 0x02, 0x40, 0x15, 0xb7, 81 0x4c, 0xf2, 0x7c, 0xce, 0xff, 0x8b, 0xb3, 0x6b, 0xf0, 0x4d, 0x9d, 0x83, 0x46, 0xb0, 0x9a, 0x2f, 82 0x70, 0xd2, 0xf4, 0x43, 0x9b, 0x0f, 0x26, 0xac, 0x7e, 0x03, 0xf7, 0xe9, 0xd1, 0xf7, 0x7d, 0x4b, 83 0x91, 0x5f, 0xd2, 0x9b, 0x28, 0x23, 0xf0, 0x3a, 0xcb, 0x5d, 0x52, 0x00, 0xe0, 0x85, 0x7f, 0xf2, 84 0xa8, 0x03, 0xe9, 0x3e, 0xee, 0x96, 0xd6, 0x23, 0x5c, 0xe9, 0x54, 0x42, 0xbc, 0x21, 0x02, 0x41, 85 0x00, 0x90, 0xa7, 0x45, 0xda, 0x89, 0x70, 0xb2, 0xcd, 0x64, 0x96, 0x60, 0x32, 0x42, 0x28, 0xc5, 86 0xf8, 0x28, 0x56, 0xff, 0xd6, 0x65, 0xba, 0x9a, 0x85, 0xc8, 0xd6, 0x0f, 0x1b, 0x8b, 0xee, 0x71, 87 0x7e, 0xcd, 0x2c, 0x72, 0xea, 0xe0, 0x1d, 0xad, 0x86, 0xba, 0x76, 0x54, 0xd4, 0xcf, 0x45, 0xad, 88 0xb5, 0xf1, 0xf2, 0xb3, 0x1d, 0x9f, 0x81, 0x22, 0xcf, 0xa5, 0xf1, 0xa5, 0x57, 0x0f, 0x9b, 0x2d, 89 0x25, 90 }; 91 92 static uint8_t kRsaAttestCert[] = { 93 0x30, 0x82, 0x02, 0xb6, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x10, 94 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 95 0x30, 0x63, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 96 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 97 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 98 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 99 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 100 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 101 0x64, 0x72, 0x6f, 0x69, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, 0x30, 0x34, 0x31, 102 0x32, 0x34, 0x30, 0x35, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x35, 0x31, 0x32, 0x33, 0x30, 0x31, 0x32, 103 0x34, 0x30, 0x35, 0x33, 0x5a, 0x30, 0x76, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 104 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 105 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 106 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 107 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 108 0x69, 0x64, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x41, 0x6e, 0x64, 109 0x72, 0x6f, 0x69, 0x64, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 110 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x4b, 0x65, 0x79, 0x30, 0x81, 0x9f, 111 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 112 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc0, 0x83, 0x23, 0xdc, 0x56, 0x88, 113 0x1b, 0xb8, 0x30, 0x20, 0x69, 0xf5, 0xb0, 0x85, 0x61, 0xc6, 0xee, 0xbe, 0x7f, 0x05, 0xe2, 0xf5, 114 0xa8, 0x42, 0x04, 0x8a, 0xbe, 0x8b, 0x47, 0xbe, 0x76, 0xfe, 0xae, 0xf2, 0x5c, 0xf2, 0x9b, 0x2a, 115 0xfa, 0x32, 0x00, 0x14, 0x16, 0x01, 0x42, 0x99, 0x89, 0xa1, 0x5f, 0xcf, 0xc6, 0x81, 0x5e, 0xb3, 116 0x63, 0x58, 0x3c, 0x2f, 0xd2, 0xf2, 0x0b, 0xe4, 0x98, 0x32, 0x83, 0xdd, 0x81, 0x4b, 0x16, 0xd7, 117 0xe1, 0x85, 0x41, 0x7a, 0xe5, 0x4a, 0xbc, 0x29, 0x6a, 0x3a, 0x6d, 0xb5, 0xc0, 0x04, 0x08, 0x3b, 118 0x68, 0xc5, 0x56, 0xc1, 0xf0, 0x23, 0x39, 0x91, 0x64, 0x19, 0x86, 0x4d, 0x50, 0xb7, 0x4d, 0x40, 119 0xae, 0xca, 0x48, 0x4c, 0x77, 0x35, 0x6c, 0x89, 0x5a, 0x0c, 0x27, 0x5a, 0xbf, 0xac, 0x49, 0x9d, 120 0x5d, 0x7d, 0x23, 0x62, 0xf2, 0x9c, 0x5e, 0x02, 0xe8, 0x71, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 121 0x66, 0x30, 0x64, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd4, 0x0c, 122 0x10, 0x1b, 0xf8, 0xcd, 0x63, 0xb9, 0xf7, 0x39, 0x52, 0xb5, 0x0e, 0x13, 0x5c, 0xa6, 0xd7, 0x99, 123 0x93, 0x86, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x29, 124 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6, 0xb0, 0xe9, 0x32, 0xe5, 125 0x07, 0xfe, 0x2e, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 126 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 127 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 128 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x9e, 0x2d, 0x48, 0x5f, 0x8c, 0x67, 129 0x33, 0xdc, 0x1a, 0x85, 0xad, 0x99, 0xd7, 0x50, 0x23, 0xea, 0x14, 0xec, 0x43, 0xb0, 0xe1, 0x9d, 130 0xea, 0xc2, 0x23, 0x46, 0x1e, 0x72, 0xb5, 0x19, 0xdc, 0x60, 0x22, 0xe4, 0xa5, 0x68, 0x31, 0x6c, 131 0x0b, 0x55, 0xc4, 0xe6, 0x9c, 0xa2, 0x2d, 0x9f, 0x3a, 0x4f, 0x93, 0x6b, 0x31, 0x8b, 0x16, 0x78, 132 0x16, 0x0d, 0x88, 0xcb, 0xd9, 0x8b, 0xcc, 0x80, 0x9d, 0x84, 0xf0, 0xc2, 0x27, 0xe3, 0x6b, 0x38, 133 0xf1, 0xfd, 0xd1, 0xe7, 0x17, 0x72, 0x31, 0x59, 0x35, 0x7d, 0x96, 0xf3, 0xc5, 0x7f, 0xab, 0x9d, 134 0x8f, 0x96, 0x61, 0x26, 0x4f, 0xb2, 0xbe, 0x81, 0xbb, 0x0d, 0x49, 0x04, 0x22, 0x8a, 0xce, 0x9f, 135 0xf7, 0xf5, 0x42, 0x2e, 0x25, 0x44, 0xfa, 0x21, 0x07, 0x12, 0x5a, 0x83, 0xb5, 0x55, 0xad, 0x18, 136 0x82, 0xf8, 0x40, 0x14, 0x9b, 0x9c, 0x20, 0x63, 0x04, 0x7f, 137 }; 138 139 static uint8_t kRsaAttestRootCert[] = { 140 0x30, 0x82, 0x02, 0xa7, 0x30, 0x82, 0x02, 0x10, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 141 0xff, 0x94, 0xd9, 0xdd, 0x9f, 0x07, 0xc8, 0x0c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 142 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x63, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 143 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 144 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 145 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 146 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 147 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 148 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x30, 0x1e, 0x17, 0x0d, 149 0x31, 0x36, 0x30, 0x31, 0x30, 0x34, 0x31, 0x32, 0x33, 0x31, 0x30, 0x38, 0x5a, 0x17, 0x0d, 0x33, 150 0x35, 0x31, 0x32, 0x33, 0x30, 0x31, 0x32, 0x33, 0x31, 0x30, 0x38, 0x5a, 0x30, 0x63, 0x31, 0x0b, 151 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 152 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 153 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 154 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 155 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 156 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 157 0x64, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 158 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa2, 0x6b, 159 0xad, 0xeb, 0x6e, 0x2e, 0x44, 0x61, 0xef, 0xd5, 0x0e, 0x82, 0xe6, 0xb7, 0x94, 0xd1, 0x75, 0x23, 160 0x1f, 0x77, 0x9b, 0x63, 0x91, 0x63, 0xff, 0xf7, 0xaa, 0xff, 0x0b, 0x72, 0x47, 0x4e, 0xc0, 0x2c, 161 0x43, 0xec, 0x33, 0x7c, 0xd7, 0xac, 0xed, 0x40, 0x3e, 0x8c, 0x28, 0xa0, 0x66, 0xd5, 0xf7, 0x87, 162 0x0b, 0x33, 0x97, 0xde, 0x0e, 0xb8, 0x4e, 0x13, 0x40, 0xab, 0xaf, 0xa5, 0x27, 0xbf, 0x95, 0x69, 163 0xa0, 0x31, 0xdb, 0x06, 0x52, 0x65, 0xf8, 0x44, 0x59, 0x57, 0x61, 0xf0, 0xbb, 0xf2, 0x17, 0x4b, 164 0xb7, 0x41, 0x80, 0x64, 0xc0, 0x28, 0x0e, 0x8f, 0x52, 0x77, 0x8e, 0xdb, 0xd2, 0x47, 0xb6, 0x45, 165 0xe9, 0x19, 0xc8, 0xe9, 0x8b, 0xc3, 0xdb, 0xc2, 0x91, 0x3f, 0xd7, 0xd7, 0x50, 0xc4, 0x1d, 0x35, 166 0x66, 0xf9, 0x57, 0xe4, 0x97, 0x96, 0x0b, 0x09, 0xac, 0xce, 0x92, 0x35, 0x85, 0x9b, 0x02, 0x03, 167 0x01, 0x00, 0x01, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 168 0x04, 0x14, 0x29, 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6, 0xb0, 169 0xe9, 0x32, 0xe5, 0x07, 0xfe, 0x2e, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 170 0x16, 0x80, 0x14, 0x29, 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6, 171 0xb0, 0xe9, 0x32, 0xe5, 0x07, 0xfe, 0x2e, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 172 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 173 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 174 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x4f, 0x72, 0xf3, 0x36, 0x59, 175 0x8d, 0x0e, 0xc1, 0xb9, 0x74, 0x5b, 0x31, 0x59, 0xf6, 0xf0, 0x8d, 0x25, 0x49, 0x30, 0x9e, 0xa3, 176 0x1c, 0x1c, 0x29, 0xd2, 0x45, 0x2d, 0x20, 0xb9, 0x4d, 0x5f, 0x64, 0xb4, 0xe8, 0x80, 0xc7, 0x78, 177 0x7a, 0x9c, 0x39, 0xde, 0xa8, 0xb3, 0xf5, 0xbf, 0x2f, 0x70, 0x5f, 0x47, 0x10, 0x5c, 0xc5, 0xe6, 178 0xeb, 0x4d, 0x06, 0x99, 0x61, 0xd2, 0xae, 0x9a, 0x07, 0xff, 0xf7, 0x7c, 0xb8, 0xab, 0xeb, 0x9c, 179 0x0f, 0x24, 0x07, 0x5e, 0xb1, 0x7f, 0xba, 0x79, 0x71, 0xfd, 0x4d, 0x5b, 0x9e, 0xdf, 0x14, 0xa9, 180 0xfe, 0xdf, 0xed, 0x7c, 0xc0, 0x88, 0x5d, 0xf8, 0xdd, 0x9b, 0x64, 0x32, 0x56, 0xd5, 0x35, 0x9a, 181 0xe2, 0x13, 0xf9, 0x8f, 0xce, 0xc1, 0x7c, 0xdc, 0xef, 0xa4, 0xaa, 0xb2, 0x55, 0xc3, 0x83, 0xa9, 182 0x2e, 0xfb, 0x5c, 0xf6, 0x62, 0xf5, 0x27, 0x52, 0x17, 0xbe, 0x63, 183 }; 184 185 static uint8_t kEcAttestKey[] = { 186 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x21, 0xe0, 0x86, 0x43, 0x2a, 0x15, 0x19, 0x84, 0x59, 187 0xcf, 0x36, 0x3a, 0x50, 0xfc, 0x14, 0xc9, 0xda, 0xad, 0xf9, 0x35, 0xf5, 0x27, 0xc2, 0xdf, 0xd7, 188 0x1e, 0x4d, 0x6d, 0xbc, 0x42, 0xe5, 0x44, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 189 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xeb, 0x9e, 0x79, 0xf8, 0x42, 0x63, 0x59, 190 0xac, 0xcb, 0x2a, 0x91, 0x4c, 0x89, 0x86, 0xcc, 0x70, 0xad, 0x90, 0x66, 0x93, 0x82, 0xa9, 0x73, 191 0x26, 0x13, 0xfe, 0xac, 0xcb, 0xf8, 0x21, 0x27, 0x4c, 0x21, 0x74, 0x97, 0x4a, 0x2a, 0xfe, 0xa5, 192 0xb9, 0x4d, 0x7f, 0x66, 0xd4, 0xe0, 0x65, 0x10, 0x66, 0x35, 0xbc, 0x53, 0xb7, 0xa0, 0xa3, 0xa6, 193 0x71, 0x58, 0x3e, 0xdb, 0x3e, 0x11, 0xae, 0x10, 0x14, 194 }; 195 196 static uint8_t kEcAttestCert[] = { 197 0x30, 0x82, 0x02, 0x78, 0x30, 0x82, 0x02, 0x1e, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x10, 198 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81, 0x98, 199 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 200 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 201 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 202 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 203 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 204 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 205 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2a, 0x41, 0x6e, 206 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x53, 207 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 208 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, 209 0x31, 0x31, 0x30, 0x30, 0x34, 0x36, 0x30, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x30, 0x31, 0x30, 210 0x38, 0x30, 0x30, 0x34, 0x36, 0x30, 0x39, 0x5a, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 211 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 212 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x15, 0x30, 213 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 214 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 215 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x3b, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 216 0x32, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 217 0x65, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 218 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 219 0x61, 0x74, 0x65, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 220 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xeb, 0x9e, 221 0x79, 0xf8, 0x42, 0x63, 0x59, 0xac, 0xcb, 0x2a, 0x91, 0x4c, 0x89, 0x86, 0xcc, 0x70, 0xad, 0x90, 222 0x66, 0x93, 0x82, 0xa9, 0x73, 0x26, 0x13, 0xfe, 0xac, 0xcb, 0xf8, 0x21, 0x27, 0x4c, 0x21, 0x74, 223 0x97, 0x4a, 0x2a, 0xfe, 0xa5, 0xb9, 0x4d, 0x7f, 0x66, 0xd4, 0xe0, 0x65, 0x10, 0x66, 0x35, 0xbc, 224 0x53, 0xb7, 0xa0, 0xa3, 0xa6, 0x71, 0x58, 0x3e, 0xdb, 0x3e, 0x11, 0xae, 0x10, 0x14, 0xa3, 0x66, 225 0x30, 0x64, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3f, 0xfc, 0xac, 226 0xd6, 0x1a, 0xb1, 0x3a, 0x9e, 0x81, 0x20, 0xb8, 0xd5, 0x25, 0x1c, 0xc5, 0x65, 0xbb, 0x1e, 0x91, 227 0xa9, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xc8, 0xad, 228 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16, 0x10, 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a, 229 0x30, 0xcf, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 230 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 231 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 232 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x4b, 0x8a, 0x9b, 0x7b, 0xee, 0x82, 0xbc, 233 0xc0, 0x33, 0x87, 0xae, 0x2f, 0xc0, 0x89, 0x98, 0xb4, 0xdd, 0xc3, 0x8d, 0xab, 0x27, 0x2a, 0x45, 234 0x9f, 0x69, 0x0c, 0xc7, 0xc3, 0x92, 0xd4, 0x0f, 0x8e, 0x02, 0x21, 0x00, 0xee, 0xda, 0x01, 0x5d, 235 0xb6, 0xf4, 0x32, 0xe9, 0xd4, 0x84, 0x3b, 0x62, 0x4c, 0x94, 0x04, 0xef, 0x3a, 0x7c, 0xcc, 0xbd, 236 0x5e, 0xfb, 0x22, 0xbb, 0xe7, 0xfe, 0xb9, 0x77, 0x3f, 0x59, 0x3f, 0xfb, 237 }; 238 239 static uint8_t kEcAttestRootCert[] = { 240 0x30, 0x82, 0x02, 0x8b, 0x30, 0x82, 0x02, 0x32, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 241 0xa2, 0x05, 0x9e, 0xd1, 0x0e, 0x43, 0x5b, 0x57, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 242 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81, 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 243 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 244 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 245 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 246 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 247 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 248 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 249 0x55, 0x04, 0x03, 0x0c, 0x2a, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 250 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 251 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 252 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, 0x31, 0x31, 0x30, 0x30, 0x34, 0x33, 0x35, 0x30, 0x5a, 253 0x17, 0x0d, 0x33, 0x36, 0x30, 0x31, 0x30, 0x36, 0x30, 0x30, 0x34, 0x33, 0x35, 0x30, 0x5a, 0x30, 254 0x81, 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 255 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 256 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 257 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 258 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 259 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 260 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2a, 261 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 262 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 263 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 264 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 265 0x07, 0x03, 0x42, 0x00, 0x04, 0xee, 0x5d, 0x5e, 0xc7, 0xe1, 0xc0, 0xdb, 0x6d, 0x03, 0xa6, 0x7e, 266 0xe6, 0xb6, 0x1b, 0xec, 0x4d, 0x6a, 0x5d, 0x6a, 0x68, 0x2e, 0x0f, 0xff, 0x7f, 0x49, 0x0e, 0x7d, 267 0x77, 0x1f, 0x44, 0x22, 0x6d, 0xbd, 0xb1, 0xaf, 0xfa, 0x16, 0xcb, 0xc7, 0xad, 0xc5, 0x77, 0xd2, 268 0x56, 0x9c, 0xaa, 0xb7, 0xb0, 0x2d, 0x54, 0x01, 0x5d, 0x3e, 0x43, 0x2b, 0x2a, 0x8e, 0xd7, 0x4e, 269 0xec, 0x48, 0x75, 0x41, 0xa4, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 270 0x04, 0x16, 0x04, 0x14, 0xc8, 0xad, 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16, 0x10, 271 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a, 0x30, 0xcf, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 272 0x18, 0x30, 0x16, 0x80, 0x14, 0xc8, 0xad, 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16, 273 0x10, 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a, 0x30, 0xcf, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 274 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 275 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 276 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x35, 0x21, 0xa3, 277 0xef, 0x8b, 0x34, 0x46, 0x1e, 0x9c, 0xd5, 0x60, 0xf3, 0x1d, 0x58, 0x89, 0x20, 0x6a, 0xdc, 0xa3, 278 0x65, 0x41, 0xf6, 0x0d, 0x9e, 0xce, 0x8a, 0x19, 0x8c, 0x66, 0x48, 0x60, 0x7b, 0x02, 0x20, 0x4d, 279 0x0b, 0xf3, 0x51, 0xd9, 0x30, 0x7c, 0x7d, 0x5b, 0xda, 0x35, 0x34, 0x1d, 0xa8, 0x47, 0x1b, 0x63, 280 0xa5, 0x85, 0x65, 0x3c, 0xad, 0x4f, 0x24, 0xa7, 0xe7, 0x4d, 0xaf, 0x41, 0x7d, 0xf1, 0xbf, 281 }; 282 283 size_t kCertificateChainLength = 2; 284 285 bool UpgradeIntegerTag(keymaster_tag_t tag, uint32_t value, AuthorizationSet* set, 286 bool* set_changed) { 287 int index = set->find(tag); 288 if (index == -1) { 289 keymaster_key_param_t param; 290 param.tag = tag; 291 param.integer = value; 292 set->push_back(param); 293 *set_changed = true; 294 return true; 295 } 296 297 if (set->params[index].integer > value) 298 return false; 299 300 if (set->params[index].integer != value) { 301 set->params[index].integer = value; 302 *set_changed = true; 303 } 304 return true; 305 } 306 307 } // anonymous namespace 308 309 SoftKeymasterContext::SoftKeymasterContext(const std::string& root_of_trust) 310 : rsa_factory_(new RsaKeyFactory(this)), ec_factory_(new EcKeyFactory(this)), 311 aes_factory_(new AesKeyFactory(this)), hmac_factory_(new HmacKeyFactory(this)), 312 km1_dev_(nullptr), root_of_trust_(root_of_trust), os_version_(0), os_patchlevel_(0) {} 313 314 SoftKeymasterContext::~SoftKeymasterContext() {} 315 316 keymaster_error_t SoftKeymasterContext::SetHardwareDevice(keymaster0_device_t* keymaster0_device) { 317 if (!keymaster0_device) 318 return KM_ERROR_UNEXPECTED_NULL_POINTER; 319 320 if ((keymaster0_device->flags & KEYMASTER_SOFTWARE_ONLY) != 0) { 321 LOG_E("SoftKeymasterContext only wraps hardware keymaster0 devices", 0); 322 return KM_ERROR_INVALID_ARGUMENT; 323 } 324 325 km0_engine_.reset(new Keymaster0Engine(keymaster0_device)); 326 rsa_factory_.reset(new RsaKeymaster0KeyFactory(this, km0_engine_.get())); 327 ec_factory_.reset(new EcdsaKeymaster0KeyFactory(this, km0_engine_.get())); 328 // Keep AES and HMAC factories. 329 330 return KM_ERROR_OK; 331 } 332 333 keymaster_error_t SoftKeymasterContext::SetHardwareDevice(keymaster1_device_t* keymaster1_device) { 334 if (!keymaster1_device) 335 return KM_ERROR_UNEXPECTED_NULL_POINTER; 336 337 km1_dev_ = keymaster1_device; 338 339 km1_engine_.reset(new Keymaster1Engine(keymaster1_device)); 340 rsa_factory_.reset(new RsaKeymaster1KeyFactory(this, km1_engine_.get())); 341 ec_factory_.reset(new EcdsaKeymaster1KeyFactory(this, km1_engine_.get())); 342 343 // All AES and HMAC operations should be passed directly to the keymaster1 device. Explicitly 344 // do not handle them, to provoke errors in case the higher layers fail to send them to the 345 // device. 346 aes_factory_.reset(nullptr); 347 hmac_factory_.reset(nullptr); 348 349 return KM_ERROR_OK; 350 } 351 352 keymaster_error_t SoftKeymasterContext::SetSystemVersion(uint32_t os_version, 353 uint32_t os_patchlevel) { 354 os_version_ = os_version; 355 os_patchlevel_ = os_patchlevel; 356 return KM_ERROR_OK; 357 } 358 359 void SoftKeymasterContext::GetSystemVersion(uint32_t* os_version, uint32_t* os_patchlevel) const { 360 *os_version = os_version_; 361 *os_patchlevel = os_patchlevel_; 362 } 363 364 KeyFactory* SoftKeymasterContext::GetKeyFactory(keymaster_algorithm_t algorithm) const { 365 switch (algorithm) { 366 case KM_ALGORITHM_RSA: 367 return rsa_factory_.get(); 368 case KM_ALGORITHM_EC: 369 return ec_factory_.get(); 370 case KM_ALGORITHM_AES: 371 return aes_factory_.get(); 372 case KM_ALGORITHM_HMAC: 373 return hmac_factory_.get(); 374 default: 375 return nullptr; 376 } 377 } 378 379 static keymaster_algorithm_t supported_algorithms[] = {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, 380 KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}; 381 382 keymaster_algorithm_t* 383 SoftKeymasterContext::GetSupportedAlgorithms(size_t* algorithms_count) const { 384 *algorithms_count = array_length(supported_algorithms); 385 return supported_algorithms; 386 } 387 388 OperationFactory* SoftKeymasterContext::GetOperationFactory(keymaster_algorithm_t algorithm, 389 keymaster_purpose_t purpose) const { 390 KeyFactory* key_factory = GetKeyFactory(algorithm); 391 if (!key_factory) 392 return nullptr; 393 return key_factory->GetOperationFactory(purpose); 394 } 395 396 static keymaster_error_t TranslateAuthorizationSetError(AuthorizationSet::Error err) { 397 switch (err) { 398 case AuthorizationSet::OK: 399 return KM_ERROR_OK; 400 case AuthorizationSet::ALLOCATION_FAILURE: 401 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 402 case AuthorizationSet::MALFORMED_DATA: 403 return KM_ERROR_UNKNOWN_ERROR; 404 } 405 return KM_ERROR_OK; 406 } 407 408 static keymaster_error_t SetAuthorizations(const AuthorizationSet& key_description, 409 keymaster_key_origin_t origin, uint32_t os_version, 410 uint32_t os_patchlevel, AuthorizationSet* hw_enforced, 411 AuthorizationSet* sw_enforced) { 412 sw_enforced->Clear(); 413 414 for (auto& entry : key_description) { 415 switch (entry.tag) { 416 // These cannot be specified by the client. 417 case KM_TAG_ROOT_OF_TRUST: 418 case KM_TAG_ORIGIN: 419 LOG_E("Root of trust and origin tags may not be specified", 0); 420 return KM_ERROR_INVALID_TAG; 421 422 // These don't work. 423 case KM_TAG_ROLLBACK_RESISTANT: 424 LOG_E("KM_TAG_ROLLBACK_RESISTANT not supported", 0); 425 return KM_ERROR_UNSUPPORTED_TAG; 426 427 // These are hidden. 428 case KM_TAG_APPLICATION_ID: 429 case KM_TAG_APPLICATION_DATA: 430 break; 431 432 // Everything else we just copy into sw_enforced, unless the KeyFactory has placed it in 433 // hw_enforced, in which case we defer to its decision. 434 default: 435 if (hw_enforced->GetTagCount(entry.tag) == 0) 436 sw_enforced->push_back(entry); 437 break; 438 } 439 } 440 441 sw_enforced->push_back(TAG_CREATION_DATETIME, java_time(time(NULL))); 442 sw_enforced->push_back(TAG_ORIGIN, origin); 443 sw_enforced->push_back(TAG_OS_VERSION, os_version); 444 sw_enforced->push_back(TAG_OS_PATCHLEVEL, os_patchlevel); 445 446 return TranslateAuthorizationSetError(sw_enforced->is_valid()); 447 } 448 449 keymaster_error_t SoftKeymasterContext::CreateKeyBlob(const AuthorizationSet& key_description, 450 const keymaster_key_origin_t origin, 451 const KeymasterKeyBlob& key_material, 452 KeymasterKeyBlob* blob, 453 AuthorizationSet* hw_enforced, 454 AuthorizationSet* sw_enforced) const { 455 keymaster_error_t error = SetAuthorizations(key_description, origin, os_version_, 456 os_patchlevel_, hw_enforced, sw_enforced); 457 if (error != KM_ERROR_OK) 458 return error; 459 460 AuthorizationSet hidden; 461 error = BuildHiddenAuthorizations(key_description, &hidden); 462 if (error != KM_ERROR_OK) 463 return error; 464 465 return SerializeIntegrityAssuredBlob(key_material, hidden, *hw_enforced, *sw_enforced, blob); 466 } 467 468 keymaster_error_t SoftKeymasterContext::UpgradeKeyBlob(const KeymasterKeyBlob& key_to_upgrade, 469 const AuthorizationSet& upgrade_params, 470 KeymasterKeyBlob* upgraded_key) const { 471 KeymasterKeyBlob key_material; 472 AuthorizationSet tee_enforced; 473 AuthorizationSet sw_enforced; 474 keymaster_error_t error = 475 ParseKeyBlob(key_to_upgrade, upgrade_params, &key_material, &tee_enforced, &sw_enforced); 476 if (error != KM_ERROR_OK) 477 return error; 478 479 // Three cases here: 480 // 481 // 1. Software key blob. Version info, if present, is in sw_enforced. If not present, we 482 // should add it. 483 // 484 // 2. Keymaster0 hardware key blob. Version info, if present, is in sw_enforced. If not 485 // present we should add it. 486 // 487 // 3. Keymaster1 hardware key blob. Version info is not present and we shouldn't have been 488 // asked to upgrade. 489 490 // Handle case 3. 491 if (km1_dev_ && tee_enforced.Contains(TAG_PURPOSE) && !tee_enforced.Contains(TAG_OS_PATCHLEVEL)) 492 return KM_ERROR_INVALID_ARGUMENT; 493 494 // Handle cases 1 & 2. 495 bool set_changed = false; 496 if (!UpgradeIntegerTag(TAG_OS_VERSION, os_version_, &sw_enforced, &set_changed) || 497 !UpgradeIntegerTag(TAG_OS_PATCHLEVEL, os_patchlevel_, &sw_enforced, &set_changed)) 498 // One of the version fields would have been a downgrade. Not allowed. 499 return KM_ERROR_INVALID_ARGUMENT; 500 501 if (!set_changed) 502 // Dont' need an upgrade. 503 return KM_ERROR_OK; 504 505 AuthorizationSet hidden; 506 error = BuildHiddenAuthorizations(upgrade_params, &hidden); 507 if (error != KM_ERROR_OK) 508 return error; 509 return SerializeIntegrityAssuredBlob(key_material, hidden, tee_enforced, sw_enforced, 510 upgraded_key); 511 } 512 513 static keymaster_error_t ParseOcbAuthEncryptedBlob(const KeymasterKeyBlob& blob, 514 const AuthorizationSet& hidden, 515 KeymasterKeyBlob* key_material, 516 AuthorizationSet* hw_enforced, 517 AuthorizationSet* sw_enforced) { 518 Buffer nonce, tag; 519 KeymasterKeyBlob encrypted_key_material; 520 keymaster_error_t error = DeserializeAuthEncryptedBlob(blob, &encrypted_key_material, 521 hw_enforced, sw_enforced, &nonce, &tag); 522 if (error != KM_ERROR_OK) 523 return error; 524 525 if (nonce.available_read() != OCB_NONCE_LENGTH || tag.available_read() != OCB_TAG_LENGTH) 526 return KM_ERROR_INVALID_KEY_BLOB; 527 528 return OcbDecryptKey(*hw_enforced, *sw_enforced, hidden, MASTER_KEY, encrypted_key_material, 529 nonce, tag, key_material); 530 } 531 532 // Note: This parsing code in below is from system/security/softkeymaster/keymaster_openssl.cpp's 533 // unwrap_key function, modified for the preferred function signature and formatting. It does some 534 // odd things, but they have been left unchanged to avoid breaking compatibility. 535 static const uint8_t SOFT_KEY_MAGIC[] = {'P', 'K', '#', '8'}; 536 keymaster_error_t SoftKeymasterContext::ParseOldSoftkeymasterBlob( 537 const KeymasterKeyBlob& blob, KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced, 538 AuthorizationSet* sw_enforced) const { 539 long publicLen = 0; 540 long privateLen = 0; 541 const uint8_t* p = blob.key_material; 542 const uint8_t* end = blob.key_material + blob.key_material_size; 543 544 int type = 0; 545 ptrdiff_t min_size = 546 sizeof(SOFT_KEY_MAGIC) + sizeof(type) + sizeof(publicLen) + 1 + sizeof(privateLen) + 1; 547 if (end - p < min_size) { 548 LOG_W("key blob appears to be truncated (if an old SW key)", 0); 549 return KM_ERROR_INVALID_KEY_BLOB; 550 } 551 552 if (memcmp(p, SOFT_KEY_MAGIC, sizeof(SOFT_KEY_MAGIC)) != 0) 553 return KM_ERROR_INVALID_KEY_BLOB; 554 p += sizeof(SOFT_KEY_MAGIC); 555 556 for (size_t i = 0; i < sizeof(type); i++) 557 type = (type << 8) | *p++; 558 559 for (size_t i = 0; i < sizeof(type); i++) 560 publicLen = (publicLen << 8) | *p++; 561 562 if (p + publicLen > end) { 563 LOG_W("public key length encoding error: size=%ld, end=%td", publicLen, end - p); 564 return KM_ERROR_INVALID_KEY_BLOB; 565 } 566 p += publicLen; 567 568 if (end - p < 2) { 569 LOG_W("key blob appears to be truncated (if an old SW key)", 0); 570 return KM_ERROR_INVALID_KEY_BLOB; 571 } 572 573 for (size_t i = 0; i < sizeof(type); i++) 574 privateLen = (privateLen << 8) | *p++; 575 576 if (p + privateLen > end) { 577 LOG_W("private key length encoding error: size=%ld, end=%td", privateLen, end - p); 578 return KM_ERROR_INVALID_KEY_BLOB; 579 } 580 581 // Just to be sure, make sure that the ASN.1 structure parses correctly. We don't actually use 582 // the EVP_PKEY here. 583 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new()); 584 if (pkey.get() == nullptr) 585 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 586 587 EVP_PKEY* tmp = pkey.get(); 588 const uint8_t* key_start = p; 589 if (d2i_PrivateKey(type, &tmp, &p, privateLen) == NULL) { 590 LOG_W("Failed to parse PKCS#8 key material (if old SW key)", 0); 591 return KM_ERROR_INVALID_KEY_BLOB; 592 } 593 594 // All auths go into sw_enforced, including those that would be HW-enforced if we were faking 595 // auths for a HW-backed key. 596 hw_enforced->Clear(); 597 keymaster_error_t error = FakeKeyAuthorizations(pkey.get(), sw_enforced, sw_enforced); 598 if (error != KM_ERROR_OK) 599 return error; 600 601 if (!key_material->Reset(privateLen)) 602 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 603 memcpy(key_material->writable_data(), key_start, privateLen); 604 605 return KM_ERROR_OK; 606 } 607 608 keymaster_error_t SoftKeymasterContext::ParseKeyBlob(const KeymasterKeyBlob& blob, 609 const AuthorizationSet& additional_params, 610 KeymasterKeyBlob* key_material, 611 AuthorizationSet* hw_enforced, 612 AuthorizationSet* sw_enforced) const { 613 // This is a little bit complicated. 614 // 615 // The SoftKeymasterContext has to handle a lot of different kinds of key blobs. 616 // 617 // 1. New keymaster1 software key blobs. These are integrity-assured but not encrypted. The 618 // raw key material and auth sets should be extracted and returned. This is the kind 619 // produced by this context when the KeyFactory doesn't use keymaster0 to back the keys. 620 // 621 // 2. Old keymaster1 software key blobs. These are OCB-encrypted with an all-zero master key. 622 // They should be decrypted and the key material and auth sets extracted and returned. 623 // 624 // 3. Old keymaster0 software key blobs. These are raw key material with a small header tacked 625 // on the front. They don't have auth sets, so reasonable defaults are generated and 626 // returned along with the raw key material. 627 // 628 // 4. New keymaster0 hardware key blobs. These are integrity-assured but not encrypted (though 629 // they're protected by the keymaster0 hardware implementation). The keymaster0 key blob 630 // and auth sets should be extracted and returned. 631 // 632 // 5. Keymaster1 hardware key blobs. These are raw hardware key blobs. They contain auth 633 // sets, which we retrieve from the hardware module. 634 // 635 // 6. Old keymaster0 hardware key blobs. These are raw hardware key blobs. They don't have 636 // auth sets so reasonable defaults are generated and returned along with the key blob. 637 // 638 // Determining what kind of blob has arrived is somewhat tricky. What helps is that 639 // integrity-assured and OCB-encrypted blobs are self-consistent and effectively impossible to 640 // parse as anything else. Old keymaster0 software key blobs have a header. It's reasonably 641 // unlikely that hardware keys would have the same header. So anything that is neither 642 // integrity-assured nor OCB-encrypted and lacks the old software key header is assumed to be 643 // keymaster0 hardware. 644 645 AuthorizationSet hidden; 646 keymaster_error_t error = BuildHiddenAuthorizations(additional_params, &hidden); 647 if (error != KM_ERROR_OK) 648 return error; 649 650 // Assume it's an integrity-assured blob (new software-only blob, or new keymaster0-backed 651 // blob). 652 error = DeserializeIntegrityAssuredBlob(blob, hidden, key_material, hw_enforced, sw_enforced); 653 if (error != KM_ERROR_INVALID_KEY_BLOB) 654 return error; 655 656 // Wasn't an integrity-assured blob. Maybe it's an OCB-encrypted blob. 657 error = ParseOcbAuthEncryptedBlob(blob, hidden, key_material, hw_enforced, sw_enforced); 658 if (error == KM_ERROR_OK) 659 LOG_D("Parsed an old keymaster1 software key", 0); 660 if (error != KM_ERROR_INVALID_KEY_BLOB) 661 return error; 662 663 // Wasn't an OCB-encrypted blob. Maybe it's an old softkeymaster blob. 664 error = ParseOldSoftkeymasterBlob(blob, key_material, hw_enforced, sw_enforced); 665 if (error == KM_ERROR_OK) 666 LOG_D("Parsed an old sofkeymaster key", 0); 667 if (error != KM_ERROR_INVALID_KEY_BLOB) 668 return error; 669 670 if (km1_dev_) 671 return ParseKeymaster1HwBlob(blob, additional_params, key_material, hw_enforced, 672 sw_enforced); 673 else if (km0_engine_) 674 return ParseKeymaster0HwBlob(blob, key_material, hw_enforced, sw_enforced); 675 676 LOG_E("Failed to parse key; not a valid software blob, no hardware module configured", 0); 677 return KM_ERROR_INVALID_KEY_BLOB; 678 } 679 680 keymaster_error_t SoftKeymasterContext::DeleteKey(const KeymasterKeyBlob& blob) const { 681 if (km1_engine_) { 682 keymaster_error_t error = km1_engine_->DeleteKey(blob); 683 if (error == KM_ERROR_INVALID_KEY_BLOB) { 684 // Note that we succeed on invalid blob, because it probably just indicates that the 685 // blob is a software blob, not a hardware blob. 686 error = KM_ERROR_OK; 687 } 688 return error; 689 } 690 691 if (km0_engine_) { 692 // This could be a keymaster0 hardware key, and it could be either raw or encapsulated in an 693 // integrity-assured blob. If it's integrity-assured, we can't validate it strongly, 694 // because we don't have the necessary additional_params data. However, the probability 695 // that anything other than an integrity-assured blob would have all of the structure 696 // required to decode as a valid blob is low -- unless it's maliciously-constructed, but the 697 // deserializer should be proof against bad data, as should the keymaster0 hardware. 698 // 699 // Thus, we first try to parse it as integrity-assured. If that works, we pass the result 700 // to the underlying hardware. If not, we pass blob unmodified to the underlying hardware. 701 KeymasterKeyBlob key_material; 702 AuthorizationSet hw_enforced, sw_enforced; 703 keymaster_error_t error = DeserializeIntegrityAssuredBlob_NoHmacCheck( 704 blob, &key_material, &hw_enforced, &sw_enforced); 705 if (error == KM_ERROR_OK && km0_engine_->DeleteKey(key_material)) 706 return KM_ERROR_OK; 707 708 km0_engine_->DeleteKey(blob); 709 710 // We succeed unconditionally at this point, even if delete failed. Failure indicates that 711 // either the blob is a software blob (which we can't distinguish with certainty without 712 // additional_params) or because it is a hardware blob and the hardware failed. In the 713 // first case, there is no error. In the second case, the client can't do anything to fix 714 // it anyway, so it's not too harmful to simply swallow the error. This is not ideal, but 715 // it's the least-bad alternative. 716 return KM_ERROR_OK; 717 } 718 719 // Nothing to do for software-only contexts. 720 return KM_ERROR_OK; 721 } 722 723 keymaster_error_t SoftKeymasterContext::DeleteAllKeys() const { 724 if (km1_engine_) 725 return km1_engine_->DeleteAllKeys(); 726 727 if (km0_engine_ && !km0_engine_->DeleteAllKeys()) 728 return KM_ERROR_UNKNOWN_ERROR; 729 730 return KM_ERROR_OK; 731 } 732 733 keymaster_error_t SoftKeymasterContext::AddRngEntropy(const uint8_t* buf, size_t length) const { 734 RAND_add(buf, length, 0 /* Don't assume any entropy is added to the pool. */); 735 return KM_ERROR_OK; 736 } 737 738 keymaster_error_t SoftKeymasterContext::GenerateRandom(uint8_t* buf, size_t length) const { 739 if (RAND_bytes(buf, length) != 1) 740 return KM_ERROR_UNKNOWN_ERROR; 741 return KM_ERROR_OK; 742 } 743 744 void SoftKeymasterContext::AddSystemVersionToSet(AuthorizationSet* auth_set) const { 745 if (!auth_set->Contains(TAG_OS_VERSION)) 746 auth_set->push_back(TAG_OS_VERSION, os_version_); 747 if (!auth_set->Contains(TAG_OS_PATCHLEVEL)) 748 auth_set->push_back(TAG_OS_PATCHLEVEL, os_patchlevel_); 749 } 750 751 EVP_PKEY* SoftKeymasterContext::AttestationKey(keymaster_algorithm_t algorithm, 752 keymaster_error_t* error) const { 753 754 const uint8_t* key; 755 size_t key_length; 756 int evp_key_type; 757 758 switch (algorithm) { 759 case KM_ALGORITHM_RSA: 760 key = kRsaAttestKey; 761 key_length = array_length(kRsaAttestKey); 762 evp_key_type = EVP_PKEY_RSA; 763 break; 764 765 case KM_ALGORITHM_EC: 766 key = kEcAttestKey; 767 key_length = array_length(kEcAttestKey); 768 evp_key_type = EVP_PKEY_EC; 769 break; 770 771 default: 772 *error = KM_ERROR_UNSUPPORTED_ALGORITHM; 773 return nullptr; 774 } 775 776 EVP_PKEY* pkey = d2i_PrivateKey(evp_key_type, nullptr /* pkey */, &key, key_length); 777 if (!pkey) 778 *error = TranslateLastOpenSslError(); 779 780 return pkey; 781 } 782 783 keymaster_cert_chain_t* SoftKeymasterContext::AttestationChain(keymaster_algorithm_t algorithm, 784 keymaster_error_t* error) const { 785 // If we have to bail it will be because of an allocation failure. 786 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED; 787 788 UniquePtr<keymaster_cert_chain_t, CertificateChainDelete> chain(new keymaster_cert_chain_t); 789 if (!chain.get()) 790 return nullptr; 791 memset(chain.get(), 0, sizeof(keymaster_cert_chain_t)); 792 793 chain->entries = new keymaster_blob_t[kCertificateChainLength]; 794 if (!chain->entries) 795 return nullptr; 796 797 memset(chain->entries, 0, sizeof(chain->entries[0]) * kCertificateChainLength); 798 chain->entry_count = kCertificateChainLength; 799 800 size_t entry = 0; 801 802 switch (algorithm) { 803 case KM_ALGORITHM_RSA: 804 chain->entries[entry].data = dup_array(kRsaAttestCert); 805 if (!chain->entries[entry].data) 806 return nullptr; 807 chain->entries[entry].data_length = array_length(kRsaAttestCert); 808 entry++; 809 chain->entries[entry].data = dup_array(kRsaAttestRootCert); 810 if (!chain->entries[entry].data) 811 return nullptr; 812 chain->entries[entry].data_length = array_length(kRsaAttestRootCert); 813 entry++; 814 break; 815 816 case KM_ALGORITHM_EC: 817 chain->entries[entry].data = dup_array(kEcAttestCert); 818 if (!chain->entries[entry].data) 819 return nullptr; 820 chain->entries[entry].data_length = array_length(kEcAttestCert); 821 entry++; 822 chain->entries[entry].data = dup_array(kEcAttestRootCert); 823 if (!chain->entries[entry].data) 824 return nullptr; 825 chain->entries[entry].data_length = array_length(kEcAttestRootCert); 826 entry++; 827 break; 828 829 default: 830 *error = KM_ERROR_UNSUPPORTED_ALGORITHM; 831 return nullptr; 832 }; 833 834 assert(entry == kCertificateChainLength); 835 836 *error = KM_ERROR_OK; 837 return chain.release(); 838 } 839 840 keymaster_error_t SoftKeymasterContext::GenerateUniqueId( 841 uint64_t /* creation_date_time */, const keymaster_blob_t& /* application_id */, 842 bool /* reset_since_rotation */, Buffer* /* unique_id */) const { 843 // SoftKeymasterDevice cannot generate unique IDs. 844 return KM_ERROR_UNIMPLEMENTED; 845 } 846 847 keymaster_error_t SoftKeymasterContext::ParseKeymaster1HwBlob( 848 const KeymasterKeyBlob& blob, const AuthorizationSet& additional_params, 849 KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced, 850 AuthorizationSet* sw_enforced) const { 851 assert(km1_dev_); 852 853 keymaster_blob_t client_id = {nullptr, 0}; 854 keymaster_blob_t app_data = {nullptr, 0}; 855 keymaster_blob_t* client_id_ptr = nullptr; 856 keymaster_blob_t* app_data_ptr = nullptr; 857 if (additional_params.GetTagValue(TAG_APPLICATION_ID, &client_id)) 858 client_id_ptr = &client_id; 859 if (additional_params.GetTagValue(TAG_APPLICATION_DATA, &app_data)) 860 app_data_ptr = &app_data; 861 862 // Get key characteristics, which incidentally verifies that the HW recognizes the key. 863 keymaster_key_characteristics_t* characteristics; 864 keymaster_error_t error = km1_dev_->get_key_characteristics(km1_dev_, &blob, client_id_ptr, 865 app_data_ptr, &characteristics); 866 if (error != KM_ERROR_OK) 867 return error; 868 unique_ptr<keymaster_key_characteristics_t, Characteristics_Delete> characteristics_deleter( 869 characteristics); 870 871 LOG_D("Module \"%s\" accepted key", km1_dev_->common.module->name); 872 873 hw_enforced->Reinitialize(characteristics->hw_enforced); 874 sw_enforced->Reinitialize(characteristics->sw_enforced); 875 *key_material = blob; 876 return KM_ERROR_OK; 877 } 878 879 keymaster_error_t SoftKeymasterContext::ParseKeymaster0HwBlob(const KeymasterKeyBlob& blob, 880 KeymasterKeyBlob* key_material, 881 AuthorizationSet* hw_enforced, 882 AuthorizationSet* sw_enforced) const { 883 assert(km0_engine_); 884 885 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> tmp_key(km0_engine_->GetKeymaster0PublicKey(blob)); 886 887 if (!tmp_key) 888 return KM_ERROR_INVALID_KEY_BLOB; 889 890 LOG_D("Module \"%s\" accepted key", km0_engine_->device()->common.module->name); 891 keymaster_error_t error = FakeKeyAuthorizations(tmp_key.get(), hw_enforced, sw_enforced); 892 if (error == KM_ERROR_OK) 893 *key_material = blob; 894 895 return error; 896 } 897 898 keymaster_error_t SoftKeymasterContext::FakeKeyAuthorizations(EVP_PKEY* pubkey, 899 AuthorizationSet* hw_enforced, 900 AuthorizationSet* sw_enforced) const { 901 hw_enforced->Clear(); 902 sw_enforced->Clear(); 903 904 switch (EVP_PKEY_type(pubkey->type)) { 905 case EVP_PKEY_RSA: { 906 hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA); 907 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_NONE); 908 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_MD5); 909 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA1); 910 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_224); 911 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); 912 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384); 913 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_512); 914 hw_enforced->push_back(TAG_PADDING, KM_PAD_NONE); 915 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN); 916 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT); 917 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PSS); 918 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_OAEP); 919 920 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN); 921 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY); 922 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_ENCRYPT); 923 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_DECRYPT); 924 925 unique_ptr<RSA, RSA_Delete> rsa(EVP_PKEY_get1_RSA(pubkey)); 926 if (!rsa) 927 return TranslateLastOpenSslError(); 928 hw_enforced->push_back(TAG_KEY_SIZE, RSA_size(rsa.get()) * 8); 929 uint64_t public_exponent = BN_get_word(rsa->e); 930 if (public_exponent == 0xffffffffL) 931 return KM_ERROR_INVALID_KEY_BLOB; 932 hw_enforced->push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent); 933 break; 934 } 935 936 case EVP_PKEY_EC: { 937 hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA); 938 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_NONE); 939 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_MD5); 940 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA1); 941 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_224); 942 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); 943 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384); 944 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_512); 945 946 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN); 947 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY); 948 949 UniquePtr<EC_KEY, EC_KEY_Delete> ec_key(EVP_PKEY_get1_EC_KEY(pubkey)); 950 if (!ec_key.get()) 951 return TranslateLastOpenSslError(); 952 size_t key_size_bits; 953 keymaster_error_t error = 954 ec_get_group_size(EC_KEY_get0_group(ec_key.get()), &key_size_bits); 955 if (error != KM_ERROR_OK) 956 return error; 957 hw_enforced->push_back(TAG_KEY_SIZE, key_size_bits); 958 break; 959 } 960 961 default: 962 return KM_ERROR_UNSUPPORTED_ALGORITHM; 963 } 964 965 sw_enforced->push_back(TAG_ALL_USERS); 966 sw_enforced->push_back(TAG_NO_AUTH_REQUIRED); 967 968 return KM_ERROR_OK; 969 } 970 971 keymaster_error_t SoftKeymasterContext::BuildHiddenAuthorizations(const AuthorizationSet& input_set, 972 AuthorizationSet* hidden) const { 973 keymaster_blob_t entry; 974 if (input_set.GetTagValue(TAG_APPLICATION_ID, &entry)) 975 hidden->push_back(TAG_APPLICATION_ID, entry.data, entry.data_length); 976 if (input_set.GetTagValue(TAG_APPLICATION_DATA, &entry)) 977 hidden->push_back(TAG_APPLICATION_DATA, entry.data, entry.data_length); 978 979 hidden->push_back(TAG_ROOT_OF_TRUST, reinterpret_cast<const uint8_t*>(root_of_trust_.data()), 980 root_of_trust_.size()); 981 982 return TranslateAuthorizationSetError(hidden->is_valid()); 983 } 984 985 } // namespace keymaster 986
