1 /* 2 * Copyright 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #include <keymaster/soft_keymaster_context.h> 18 19 #include <memory> 20 21 #include <time.h> 22 23 #include <openssl/aes.h> 24 #include <openssl/hmac.h> 25 #include <openssl/rand.h> 26 #include <openssl/sha.h> 27 28 #include <keymaster/android_keymaster_utils.h> 29 #include <keymaster/logger.h> 30 31 #include "aes_key.h" 32 #include "auth_encrypted_key_blob.h" 33 #include "ec_keymaster0_key.h" 34 #include "ec_keymaster1_key.h" 35 #include "hmac_key.h" 36 #include "integrity_assured_key_blob.h" 37 #include "keymaster0_engine.h" 38 #include "ocb_utils.h" 39 #include "openssl_err.h" 40 #include "rsa_keymaster0_key.h" 41 #include "rsa_keymaster1_key.h" 42 43 using std::unique_ptr; 44 45 namespace keymaster { 46 47 namespace { 48 static uint8_t master_key_bytes[AES_BLOCK_SIZE] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 49 const KeymasterKeyBlob MASTER_KEY(master_key_bytes, array_length(master_key_bytes)); 50 51 static uint8_t kRsaAttestKey[] = { 52 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xc0, 0x83, 0x23, 0xdc, 0x56, 53 0x88, 0x1b, 0xb8, 0x30, 0x20, 0x69, 0xf5, 0xb0, 0x85, 0x61, 0xc6, 0xee, 0xbe, 0x7f, 0x05, 0xe2, 54 0xf5, 0xa8, 0x42, 0x04, 0x8a, 0xbe, 0x8b, 0x47, 0xbe, 0x76, 0xfe, 0xae, 0xf2, 0x5c, 0xf2, 0x9b, 55 0x2a, 0xfa, 0x32, 0x00, 0x14, 0x16, 0x01, 0x42, 0x99, 0x89, 0xa1, 0x5f, 0xcf, 0xc6, 0x81, 0x5e, 56 0xb3, 0x63, 0x58, 0x3c, 0x2f, 0xd2, 0xf2, 0x0b, 0xe4, 0x98, 0x32, 0x83, 0xdd, 0x81, 0x4b, 0x16, 57 0xd7, 0xe1, 0x85, 0x41, 0x7a, 0xe5, 0x4a, 0xbc, 0x29, 0x6a, 0x3a, 0x6d, 0xb5, 0xc0, 0x04, 0x08, 58 0x3b, 0x68, 0xc5, 0x56, 0xc1, 0xf0, 0x23, 0x39, 0x91, 0x64, 0x19, 0x86, 0x4d, 0x50, 0xb7, 0x4d, 59 0x40, 0xae, 0xca, 0x48, 0x4c, 0x77, 0x35, 0x6c, 0x89, 0x5a, 0x0c, 0x27, 0x5a, 0xbf, 0xac, 0x49, 60 0x9d, 0x5d, 0x7d, 0x23, 0x62, 0xf2, 0x9c, 0x5e, 0x02, 0xe8, 0x71, 0x02, 0x03, 0x01, 0x00, 0x01, 61 0x02, 0x81, 0x81, 0x00, 0xbe, 0x86, 0x0b, 0x0b, 0x99, 0xa8, 0x02, 0xa6, 0xfb, 0x1a, 0x59, 0x43, 62 0x8a, 0x7b, 0xb7, 0x15, 0x06, 0x5b, 0x09, 0xa3, 0x6d, 0xc6, 0xe9, 0xca, 0xcc, 0x6b, 0xf3, 0xc0, 63 0x2c, 0x34, 0xd7, 0xd7, 0x9e, 0x94, 0xc6, 0x60, 0x64, 0x28, 0xd8, 0x8c, 0x7b, 0x7f, 0x65, 0x77, 64 0xc1, 0xcd, 0xea, 0x64, 0x07, 0x4a, 0xbe, 0x8e, 0x72, 0x86, 0xdf, 0x1f, 0x08, 0x11, 0xdc, 0x97, 65 0x28, 0x26, 0x08, 0x68, 0xde, 0x95, 0xd3, 0x2e, 0xfc, 0x96, 0xb6, 0xd0, 0x84, 0xff, 0x27, 0x1a, 66 0x5f, 0x60, 0xde, 0xfc, 0xc7, 0x03, 0xe7, 0xa3, 0x8e, 0x6e, 0x29, 0xba, 0x9a, 0x3c, 0x5f, 0xc2, 67 0xc2, 0x80, 0x76, 0xb6, 0xa8, 0x96, 0xaf, 0x1d, 0x34, 0xd7, 0x88, 0x28, 0xce, 0x9b, 0xdd, 0xb1, 68 0xf3, 0x4f, 0x9c, 0x94, 0x04, 0x43, 0x07, 0x81, 0x29, 0x8e, 0x20, 0x13, 0x16, 0x72, 0x5b, 0xbd, 69 0xbc, 0x99, 0x3a, 0x41, 0x02, 0x41, 0x00, 0xe1, 0xc6, 0xd9, 0x27, 0x64, 0x6c, 0x09, 0x16, 0xec, 70 0x36, 0x82, 0x6d, 0x59, 0x49, 0x83, 0x74, 0x0c, 0x21, 0xf1, 0xb0, 0x74, 0xc4, 0xa1, 0xa5, 0x98, 71 0x67, 0xc6, 0x69, 0x79, 0x5c, 0x85, 0xd3, 0xdc, 0x46, 0x4c, 0x5b, 0x92, 0x9e, 0x94, 0xbf, 0xb3, 72 0x4e, 0x0d, 0xcc, 0x50, 0x14, 0xb1, 0x0f, 0x13, 0x34, 0x1a, 0xb7, 0xfd, 0xd5, 0xf6, 0x04, 0x14, 73 0xd2, 0xa3, 0x26, 0xca, 0xd4, 0x1c, 0xc5, 0x02, 0x41, 0x00, 0xda, 0x48, 0x59, 0x97, 0x78, 0x5c, 74 0xd5, 0x63, 0x0f, 0xb0, 0xfd, 0x8c, 0x52, 0x54, 0xf9, 0x8e, 0x53, 0x8e, 0x18, 0x98, 0x3a, 0xae, 75 0x9e, 0x6b, 0x7e, 0x6a, 0x5a, 0x7b, 0x5d, 0x34, 0x37, 0x55, 0xb9, 0x21, 0x8e, 0xbd, 0x40, 0x32, 76 0x0d, 0x28, 0x38, 0x7d, 0x78, 0x9f, 0x76, 0xfa, 0x21, 0x8b, 0xcc, 0x2d, 0x8b, 0x68, 0xa5, 0xf6, 77 0x41, 0x8f, 0xbb, 0xec, 0xa5, 0x17, 0x9a, 0xb3, 0xaf, 0xbd, 0x02, 0x40, 0x50, 0xfe, 0xfc, 0x32, 78 0x64, 0x95, 0x59, 0x61, 0x6e, 0xd6, 0x53, 0x4e, 0x15, 0x45, 0x09, 0x32, 0x9d, 0x93, 0xa3, 0xd8, 79 0x10, 0xdb, 0xe5, 0xbd, 0xb9, 0x82, 0x29, 0x2c, 0xf7, 0x8b, 0xd8, 0xba, 0xdb, 0x80, 0x20, 0xae, 80 0x8d, 0x57, 0xf4, 0xb7, 0x1d, 0x05, 0x38, 0x6f, 0xfe, 0x9e, 0x9d, 0xb2, 0x71, 0xca, 0x34, 0x77, 81 0xa3, 0x49, 0x99, 0xdb, 0x76, 0xf8, 0xe5, 0xec, 0xe9, 0xc0, 0xd4, 0x9d, 0x02, 0x40, 0x15, 0xb7, 82 0x4c, 0xf2, 0x7c, 0xce, 0xff, 0x8b, 0xb3, 0x6b, 0xf0, 0x4d, 0x9d, 0x83, 0x46, 0xb0, 0x9a, 0x2f, 83 0x70, 0xd2, 0xf4, 0x43, 0x9b, 0x0f, 0x26, 0xac, 0x7e, 0x03, 0xf7, 0xe9, 0xd1, 0xf7, 0x7d, 0x4b, 84 0x91, 0x5f, 0xd2, 0x9b, 0x28, 0x23, 0xf0, 0x3a, 0xcb, 0x5d, 0x52, 0x00, 0xe0, 0x85, 0x7f, 0xf2, 85 0xa8, 0x03, 0xe9, 0x3e, 0xee, 0x96, 0xd6, 0x23, 0x5c, 0xe9, 0x54, 0x42, 0xbc, 0x21, 0x02, 0x41, 86 0x00, 0x90, 0xa7, 0x45, 0xda, 0x89, 0x70, 0xb2, 0xcd, 0x64, 0x96, 0x60, 0x32, 0x42, 0x28, 0xc5, 87 0xf8, 0x28, 0x56, 0xff, 0xd6, 0x65, 0xba, 0x9a, 0x85, 0xc8, 0xd6, 0x0f, 0x1b, 0x8b, 0xee, 0x71, 88 0x7e, 0xcd, 0x2c, 0x72, 0xea, 0xe0, 0x1d, 0xad, 0x86, 0xba, 0x76, 0x54, 0xd4, 0xcf, 0x45, 0xad, 89 0xb5, 0xf1, 0xf2, 0xb3, 0x1d, 0x9f, 0x81, 0x22, 0xcf, 0xa5, 0xf1, 0xa5, 0x57, 0x0f, 0x9b, 0x2d, 90 0x25, 91 }; 92 93 static uint8_t kRsaAttestCert[] = { 94 0x30, 0x82, 0x02, 0xb6, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x10, 95 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 96 0x30, 0x63, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 97 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 98 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 99 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 100 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 101 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 102 0x64, 0x72, 0x6f, 0x69, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, 0x30, 0x34, 0x31, 103 0x32, 0x34, 0x30, 0x35, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x35, 0x31, 0x32, 0x33, 0x30, 0x31, 0x32, 104 0x34, 0x30, 0x35, 0x33, 0x5a, 0x30, 0x76, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 105 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 106 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 107 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 108 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 109 0x69, 0x64, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x41, 0x6e, 0x64, 110 0x72, 0x6f, 0x69, 0x64, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 111 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x4b, 0x65, 0x79, 0x30, 0x81, 0x9f, 112 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 113 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc0, 0x83, 0x23, 0xdc, 0x56, 0x88, 114 0x1b, 0xb8, 0x30, 0x20, 0x69, 0xf5, 0xb0, 0x85, 0x61, 0xc6, 0xee, 0xbe, 0x7f, 0x05, 0xe2, 0xf5, 115 0xa8, 0x42, 0x04, 0x8a, 0xbe, 0x8b, 0x47, 0xbe, 0x76, 0xfe, 0xae, 0xf2, 0x5c, 0xf2, 0x9b, 0x2a, 116 0xfa, 0x32, 0x00, 0x14, 0x16, 0x01, 0x42, 0x99, 0x89, 0xa1, 0x5f, 0xcf, 0xc6, 0x81, 0x5e, 0xb3, 117 0x63, 0x58, 0x3c, 0x2f, 0xd2, 0xf2, 0x0b, 0xe4, 0x98, 0x32, 0x83, 0xdd, 0x81, 0x4b, 0x16, 0xd7, 118 0xe1, 0x85, 0x41, 0x7a, 0xe5, 0x4a, 0xbc, 0x29, 0x6a, 0x3a, 0x6d, 0xb5, 0xc0, 0x04, 0x08, 0x3b, 119 0x68, 0xc5, 0x56, 0xc1, 0xf0, 0x23, 0x39, 0x91, 0x64, 0x19, 0x86, 0x4d, 0x50, 0xb7, 0x4d, 0x40, 120 0xae, 0xca, 0x48, 0x4c, 0x77, 0x35, 0x6c, 0x89, 0x5a, 0x0c, 0x27, 0x5a, 0xbf, 0xac, 0x49, 0x9d, 121 0x5d, 0x7d, 0x23, 0x62, 0xf2, 0x9c, 0x5e, 0x02, 0xe8, 0x71, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 122 0x66, 0x30, 0x64, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd4, 0x0c, 123 0x10, 0x1b, 0xf8, 0xcd, 0x63, 0xb9, 0xf7, 0x39, 0x52, 0xb5, 0x0e, 0x13, 0x5c, 0xa6, 0xd7, 0x99, 124 0x93, 0x86, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x29, 125 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6, 0xb0, 0xe9, 0x32, 0xe5, 126 0x07, 0xfe, 0x2e, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 127 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 128 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 129 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x9e, 0x2d, 0x48, 0x5f, 0x8c, 0x67, 130 0x33, 0xdc, 0x1a, 0x85, 0xad, 0x99, 0xd7, 0x50, 0x23, 0xea, 0x14, 0xec, 0x43, 0xb0, 0xe1, 0x9d, 131 0xea, 0xc2, 0x23, 0x46, 0x1e, 0x72, 0xb5, 0x19, 0xdc, 0x60, 0x22, 0xe4, 0xa5, 0x68, 0x31, 0x6c, 132 0x0b, 0x55, 0xc4, 0xe6, 0x9c, 0xa2, 0x2d, 0x9f, 0x3a, 0x4f, 0x93, 0x6b, 0x31, 0x8b, 0x16, 0x78, 133 0x16, 0x0d, 0x88, 0xcb, 0xd9, 0x8b, 0xcc, 0x80, 0x9d, 0x84, 0xf0, 0xc2, 0x27, 0xe3, 0x6b, 0x38, 134 0xf1, 0xfd, 0xd1, 0xe7, 0x17, 0x72, 0x31, 0x59, 0x35, 0x7d, 0x96, 0xf3, 0xc5, 0x7f, 0xab, 0x9d, 135 0x8f, 0x96, 0x61, 0x26, 0x4f, 0xb2, 0xbe, 0x81, 0xbb, 0x0d, 0x49, 0x04, 0x22, 0x8a, 0xce, 0x9f, 136 0xf7, 0xf5, 0x42, 0x2e, 0x25, 0x44, 0xfa, 0x21, 0x07, 0x12, 0x5a, 0x83, 0xb5, 0x55, 0xad, 0x18, 137 0x82, 0xf8, 0x40, 0x14, 0x9b, 0x9c, 0x20, 0x63, 0x04, 0x7f, 138 }; 139 140 static uint8_t kRsaAttestRootCert[] = { 141 0x30, 0x82, 0x02, 0xa7, 0x30, 0x82, 0x02, 0x10, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 142 0xff, 0x94, 0xd9, 0xdd, 0x9f, 0x07, 0xc8, 0x0c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 143 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x63, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 144 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 145 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 146 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 147 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 148 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 149 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x30, 0x1e, 0x17, 0x0d, 150 0x31, 0x36, 0x30, 0x31, 0x30, 0x34, 0x31, 0x32, 0x33, 0x31, 0x30, 0x38, 0x5a, 0x17, 0x0d, 0x33, 151 0x35, 0x31, 0x32, 0x33, 0x30, 0x31, 0x32, 0x33, 0x31, 0x30, 0x38, 0x5a, 0x30, 0x63, 0x31, 0x0b, 152 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 153 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 154 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 155 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 156 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 157 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 158 0x64, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 159 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa2, 0x6b, 160 0xad, 0xeb, 0x6e, 0x2e, 0x44, 0x61, 0xef, 0xd5, 0x0e, 0x82, 0xe6, 0xb7, 0x94, 0xd1, 0x75, 0x23, 161 0x1f, 0x77, 0x9b, 0x63, 0x91, 0x63, 0xff, 0xf7, 0xaa, 0xff, 0x0b, 0x72, 0x47, 0x4e, 0xc0, 0x2c, 162 0x43, 0xec, 0x33, 0x7c, 0xd7, 0xac, 0xed, 0x40, 0x3e, 0x8c, 0x28, 0xa0, 0x66, 0xd5, 0xf7, 0x87, 163 0x0b, 0x33, 0x97, 0xde, 0x0e, 0xb8, 0x4e, 0x13, 0x40, 0xab, 0xaf, 0xa5, 0x27, 0xbf, 0x95, 0x69, 164 0xa0, 0x31, 0xdb, 0x06, 0x52, 0x65, 0xf8, 0x44, 0x59, 0x57, 0x61, 0xf0, 0xbb, 0xf2, 0x17, 0x4b, 165 0xb7, 0x41, 0x80, 0x64, 0xc0, 0x28, 0x0e, 0x8f, 0x52, 0x77, 0x8e, 0xdb, 0xd2, 0x47, 0xb6, 0x45, 166 0xe9, 0x19, 0xc8, 0xe9, 0x8b, 0xc3, 0xdb, 0xc2, 0x91, 0x3f, 0xd7, 0xd7, 0x50, 0xc4, 0x1d, 0x35, 167 0x66, 0xf9, 0x57, 0xe4, 0x97, 0x96, 0x0b, 0x09, 0xac, 0xce, 0x92, 0x35, 0x85, 0x9b, 0x02, 0x03, 168 0x01, 0x00, 0x01, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 169 0x04, 0x14, 0x29, 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6, 0xb0, 170 0xe9, 0x32, 0xe5, 0x07, 0xfe, 0x2e, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 171 0x16, 0x80, 0x14, 0x29, 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6, 172 0xb0, 0xe9, 0x32, 0xe5, 0x07, 0xfe, 0x2e, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 173 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 174 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 175 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x4f, 0x72, 0xf3, 0x36, 0x59, 176 0x8d, 0x0e, 0xc1, 0xb9, 0x74, 0x5b, 0x31, 0x59, 0xf6, 0xf0, 0x8d, 0x25, 0x49, 0x30, 0x9e, 0xa3, 177 0x1c, 0x1c, 0x29, 0xd2, 0x45, 0x2d, 0x20, 0xb9, 0x4d, 0x5f, 0x64, 0xb4, 0xe8, 0x80, 0xc7, 0x78, 178 0x7a, 0x9c, 0x39, 0xde, 0xa8, 0xb3, 0xf5, 0xbf, 0x2f, 0x70, 0x5f, 0x47, 0x10, 0x5c, 0xc5, 0xe6, 179 0xeb, 0x4d, 0x06, 0x99, 0x61, 0xd2, 0xae, 0x9a, 0x07, 0xff, 0xf7, 0x7c, 0xb8, 0xab, 0xeb, 0x9c, 180 0x0f, 0x24, 0x07, 0x5e, 0xb1, 0x7f, 0xba, 0x79, 0x71, 0xfd, 0x4d, 0x5b, 0x9e, 0xdf, 0x14, 0xa9, 181 0xfe, 0xdf, 0xed, 0x7c, 0xc0, 0x88, 0x5d, 0xf8, 0xdd, 0x9b, 0x64, 0x32, 0x56, 0xd5, 0x35, 0x9a, 182 0xe2, 0x13, 0xf9, 0x8f, 0xce, 0xc1, 0x7c, 0xdc, 0xef, 0xa4, 0xaa, 0xb2, 0x55, 0xc3, 0x83, 0xa9, 183 0x2e, 0xfb, 0x5c, 0xf6, 0x62, 0xf5, 0x27, 0x52, 0x17, 0xbe, 0x63, 184 }; 185 186 static uint8_t kEcAttestKey[] = { 187 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x21, 0xe0, 0x86, 0x43, 0x2a, 0x15, 0x19, 0x84, 0x59, 188 0xcf, 0x36, 0x3a, 0x50, 0xfc, 0x14, 0xc9, 0xda, 0xad, 0xf9, 0x35, 0xf5, 0x27, 0xc2, 0xdf, 0xd7, 189 0x1e, 0x4d, 0x6d, 0xbc, 0x42, 0xe5, 0x44, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 190 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xeb, 0x9e, 0x79, 0xf8, 0x42, 0x63, 0x59, 191 0xac, 0xcb, 0x2a, 0x91, 0x4c, 0x89, 0x86, 0xcc, 0x70, 0xad, 0x90, 0x66, 0x93, 0x82, 0xa9, 0x73, 192 0x26, 0x13, 0xfe, 0xac, 0xcb, 0xf8, 0x21, 0x27, 0x4c, 0x21, 0x74, 0x97, 0x4a, 0x2a, 0xfe, 0xa5, 193 0xb9, 0x4d, 0x7f, 0x66, 0xd4, 0xe0, 0x65, 0x10, 0x66, 0x35, 0xbc, 0x53, 0xb7, 0xa0, 0xa3, 0xa6, 194 0x71, 0x58, 0x3e, 0xdb, 0x3e, 0x11, 0xae, 0x10, 0x14, 195 }; 196 197 static uint8_t kEcAttestCert[] = { 198 0x30, 0x82, 0x02, 0x78, 0x30, 0x82, 0x02, 0x1e, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x10, 199 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81, 0x98, 200 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 201 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 202 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 203 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 204 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 205 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 206 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2a, 0x41, 0x6e, 207 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x53, 208 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 209 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, 210 0x31, 0x31, 0x30, 0x30, 0x34, 0x36, 0x30, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x30, 0x31, 0x30, 211 0x38, 0x30, 0x30, 0x34, 0x36, 0x30, 0x39, 0x5a, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06, 212 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 213 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x15, 0x30, 214 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 215 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 216 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x3b, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 217 0x32, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 218 0x65, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 219 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69, 220 0x61, 0x74, 0x65, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 221 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xeb, 0x9e, 222 0x79, 0xf8, 0x42, 0x63, 0x59, 0xac, 0xcb, 0x2a, 0x91, 0x4c, 0x89, 0x86, 0xcc, 0x70, 0xad, 0x90, 223 0x66, 0x93, 0x82, 0xa9, 0x73, 0x26, 0x13, 0xfe, 0xac, 0xcb, 0xf8, 0x21, 0x27, 0x4c, 0x21, 0x74, 224 0x97, 0x4a, 0x2a, 0xfe, 0xa5, 0xb9, 0x4d, 0x7f, 0x66, 0xd4, 0xe0, 0x65, 0x10, 0x66, 0x35, 0xbc, 225 0x53, 0xb7, 0xa0, 0xa3, 0xa6, 0x71, 0x58, 0x3e, 0xdb, 0x3e, 0x11, 0xae, 0x10, 0x14, 0xa3, 0x66, 226 0x30, 0x64, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3f, 0xfc, 0xac, 227 0xd6, 0x1a, 0xb1, 0x3a, 0x9e, 0x81, 0x20, 0xb8, 0xd5, 0x25, 0x1c, 0xc5, 0x65, 0xbb, 0x1e, 0x91, 228 0xa9, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xc8, 0xad, 229 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16, 0x10, 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a, 230 0x30, 0xcf, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06, 231 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff, 232 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 233 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x4b, 0x8a, 0x9b, 0x7b, 0xee, 0x82, 0xbc, 234 0xc0, 0x33, 0x87, 0xae, 0x2f, 0xc0, 0x89, 0x98, 0xb4, 0xdd, 0xc3, 0x8d, 0xab, 0x27, 0x2a, 0x45, 235 0x9f, 0x69, 0x0c, 0xc7, 0xc3, 0x92, 0xd4, 0x0f, 0x8e, 0x02, 0x21, 0x00, 0xee, 0xda, 0x01, 0x5d, 236 0xb6, 0xf4, 0x32, 0xe9, 0xd4, 0x84, 0x3b, 0x62, 0x4c, 0x94, 0x04, 0xef, 0x3a, 0x7c, 0xcc, 0xbd, 237 0x5e, 0xfb, 0x22, 0xbb, 0xe7, 0xfe, 0xb9, 0x77, 0x3f, 0x59, 0x3f, 0xfb, 238 }; 239 240 static uint8_t kEcAttestRootCert[] = { 241 0x30, 0x82, 0x02, 0x8b, 0x30, 0x82, 0x02, 0x32, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00, 242 0xa2, 0x05, 0x9e, 0xd1, 0x0e, 0x43, 0x5b, 0x57, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 243 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81, 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 244 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 245 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 246 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 247 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 248 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 249 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 250 0x55, 0x04, 0x03, 0x0c, 0x2a, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 251 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 252 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 253 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, 0x31, 0x31, 0x30, 0x30, 0x34, 0x33, 0x35, 0x30, 0x5a, 254 0x17, 0x0d, 0x33, 0x36, 0x30, 0x31, 0x30, 0x36, 0x30, 0x30, 0x34, 0x33, 0x35, 0x30, 0x5a, 0x30, 255 0x81, 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 256 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 257 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 258 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 259 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 260 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 261 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2a, 262 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 263 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 264 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 265 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 266 0x07, 0x03, 0x42, 0x00, 0x04, 0xee, 0x5d, 0x5e, 0xc7, 0xe1, 0xc0, 0xdb, 0x6d, 0x03, 0xa6, 0x7e, 267 0xe6, 0xb6, 0x1b, 0xec, 0x4d, 0x6a, 0x5d, 0x6a, 0x68, 0x2e, 0x0f, 0xff, 0x7f, 0x49, 0x0e, 0x7d, 268 0x77, 0x1f, 0x44, 0x22, 0x6d, 0xbd, 0xb1, 0xaf, 0xfa, 0x16, 0xcb, 0xc7, 0xad, 0xc5, 0x77, 0xd2, 269 0x56, 0x9c, 0xaa, 0xb7, 0xb0, 0x2d, 0x54, 0x01, 0x5d, 0x3e, 0x43, 0x2b, 0x2a, 0x8e, 0xd7, 0x4e, 270 0xec, 0x48, 0x75, 0x41, 0xa4, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 271 0x04, 0x16, 0x04, 0x14, 0xc8, 0xad, 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16, 0x10, 272 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a, 0x30, 0xcf, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 273 0x18, 0x30, 0x16, 0x80, 0x14, 0xc8, 0xad, 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16, 274 0x10, 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a, 0x30, 0xcf, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 275 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 276 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 277 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x35, 0x21, 0xa3, 278 0xef, 0x8b, 0x34, 0x46, 0x1e, 0x9c, 0xd5, 0x60, 0xf3, 0x1d, 0x58, 0x89, 0x20, 0x6a, 0xdc, 0xa3, 279 0x65, 0x41, 0xf6, 0x0d, 0x9e, 0xce, 0x8a, 0x19, 0x8c, 0x66, 0x48, 0x60, 0x7b, 0x02, 0x20, 0x4d, 280 0x0b, 0xf3, 0x51, 0xd9, 0x30, 0x7c, 0x7d, 0x5b, 0xda, 0x35, 0x34, 0x1d, 0xa8, 0x47, 0x1b, 0x63, 281 0xa5, 0x85, 0x65, 0x3c, 0xad, 0x4f, 0x24, 0xa7, 0xe7, 0x4d, 0xaf, 0x41, 0x7d, 0xf1, 0xbf, 282 }; 283 284 size_t kCertificateChainLength = 2; 285 286 bool UpgradeIntegerTag(keymaster_tag_t tag, uint32_t value, AuthorizationSet* set, 287 bool* set_changed) { 288 int index = set->find(tag); 289 if (index == -1) { 290 keymaster_key_param_t param; 291 param.tag = tag; 292 param.integer = value; 293 set->push_back(param); 294 *set_changed = true; 295 return true; 296 } 297 298 if (set->params[index].integer > value) 299 return false; 300 301 if (set->params[index].integer != value) { 302 set->params[index].integer = value; 303 *set_changed = true; 304 } 305 return true; 306 } 307 308 } // anonymous namespace 309 310 SoftKeymasterContext::SoftKeymasterContext(const std::string& root_of_trust) 311 : rsa_factory_(new RsaKeyFactory(this)), ec_factory_(new EcKeyFactory(this)), 312 aes_factory_(new AesKeyFactory(this)), hmac_factory_(new HmacKeyFactory(this)), 313 km1_dev_(nullptr), root_of_trust_(root_of_trust), os_version_(0), os_patchlevel_(0) {} 314 315 SoftKeymasterContext::~SoftKeymasterContext() {} 316 317 keymaster_error_t SoftKeymasterContext::SetHardwareDevice(keymaster0_device_t* keymaster0_device) { 318 if (!keymaster0_device) 319 return KM_ERROR_UNEXPECTED_NULL_POINTER; 320 321 if ((keymaster0_device->flags & KEYMASTER_SOFTWARE_ONLY) != 0) { 322 LOG_E("SoftKeymasterContext only wraps hardware keymaster0 devices", 0); 323 return KM_ERROR_INVALID_ARGUMENT; 324 } 325 326 km0_engine_.reset(new Keymaster0Engine(keymaster0_device)); 327 rsa_factory_.reset(new RsaKeymaster0KeyFactory(this, km0_engine_.get())); 328 ec_factory_.reset(new EcdsaKeymaster0KeyFactory(this, km0_engine_.get())); 329 // Keep AES and HMAC factories. 330 331 return KM_ERROR_OK; 332 } 333 334 keymaster_error_t SoftKeymasterContext::SetHardwareDevice(keymaster1_device_t* keymaster1_device) { 335 if (!keymaster1_device) 336 return KM_ERROR_UNEXPECTED_NULL_POINTER; 337 338 km1_dev_ = keymaster1_device; 339 340 km1_engine_.reset(new Keymaster1Engine(keymaster1_device)); 341 rsa_factory_.reset(new RsaKeymaster1KeyFactory(this, km1_engine_.get())); 342 ec_factory_.reset(new EcdsaKeymaster1KeyFactory(this, km1_engine_.get())); 343 344 // Use default HMAC and AES key factories. Higher layers will pass HMAC/AES keys/ops that are 345 // supported by the hardware to it and other ones to the software-only factory. 346 347 return KM_ERROR_OK; 348 } 349 350 keymaster_error_t SoftKeymasterContext::SetSystemVersion(uint32_t os_version, 351 uint32_t os_patchlevel) { 352 os_version_ = os_version; 353 os_patchlevel_ = os_patchlevel; 354 return KM_ERROR_OK; 355 } 356 357 void SoftKeymasterContext::GetSystemVersion(uint32_t* os_version, uint32_t* os_patchlevel) const { 358 *os_version = os_version_; 359 *os_patchlevel = os_patchlevel_; 360 } 361 362 KeyFactory* SoftKeymasterContext::GetKeyFactory(keymaster_algorithm_t algorithm) const { 363 switch (algorithm) { 364 case KM_ALGORITHM_RSA: 365 return rsa_factory_.get(); 366 case KM_ALGORITHM_EC: 367 return ec_factory_.get(); 368 case KM_ALGORITHM_AES: 369 return aes_factory_.get(); 370 case KM_ALGORITHM_HMAC: 371 return hmac_factory_.get(); 372 default: 373 return nullptr; 374 } 375 } 376 377 static keymaster_algorithm_t supported_algorithms[] = {KM_ALGORITHM_RSA, KM_ALGORITHM_EC, 378 KM_ALGORITHM_AES, KM_ALGORITHM_HMAC}; 379 380 keymaster_algorithm_t* 381 SoftKeymasterContext::GetSupportedAlgorithms(size_t* algorithms_count) const { 382 *algorithms_count = array_length(supported_algorithms); 383 return supported_algorithms; 384 } 385 386 OperationFactory* SoftKeymasterContext::GetOperationFactory(keymaster_algorithm_t algorithm, 387 keymaster_purpose_t purpose) const { 388 KeyFactory* key_factory = GetKeyFactory(algorithm); 389 if (!key_factory) 390 return nullptr; 391 return key_factory->GetOperationFactory(purpose); 392 } 393 394 static keymaster_error_t TranslateAuthorizationSetError(AuthorizationSet::Error err) { 395 switch (err) { 396 case AuthorizationSet::OK: 397 return KM_ERROR_OK; 398 case AuthorizationSet::ALLOCATION_FAILURE: 399 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 400 case AuthorizationSet::MALFORMED_DATA: 401 return KM_ERROR_UNKNOWN_ERROR; 402 } 403 return KM_ERROR_OK; 404 } 405 406 static keymaster_error_t SetAuthorizations(const AuthorizationSet& key_description, 407 keymaster_key_origin_t origin, uint32_t os_version, 408 uint32_t os_patchlevel, AuthorizationSet* hw_enforced, 409 AuthorizationSet* sw_enforced) { 410 sw_enforced->Clear(); 411 412 for (auto& entry : key_description) { 413 switch (entry.tag) { 414 // These cannot be specified by the client. 415 case KM_TAG_ROOT_OF_TRUST: 416 case KM_TAG_ORIGIN: 417 LOG_E("Root of trust and origin tags may not be specified", 0); 418 return KM_ERROR_INVALID_TAG; 419 420 // These don't work. 421 case KM_TAG_ROLLBACK_RESISTANT: 422 LOG_E("KM_TAG_ROLLBACK_RESISTANT not supported", 0); 423 return KM_ERROR_UNSUPPORTED_TAG; 424 425 // These are hidden. 426 case KM_TAG_APPLICATION_ID: 427 case KM_TAG_APPLICATION_DATA: 428 break; 429 430 // Everything else we just copy into sw_enforced, unless the KeyFactory has placed it in 431 // hw_enforced, in which case we defer to its decision. 432 default: 433 if (hw_enforced->GetTagCount(entry.tag) == 0) 434 sw_enforced->push_back(entry); 435 break; 436 } 437 } 438 439 sw_enforced->push_back(TAG_CREATION_DATETIME, java_time(time(NULL))); 440 sw_enforced->push_back(TAG_ORIGIN, origin); 441 sw_enforced->push_back(TAG_OS_VERSION, os_version); 442 sw_enforced->push_back(TAG_OS_PATCHLEVEL, os_patchlevel); 443 444 return TranslateAuthorizationSetError(sw_enforced->is_valid()); 445 } 446 447 keymaster_error_t SoftKeymasterContext::CreateKeyBlob(const AuthorizationSet& key_description, 448 const keymaster_key_origin_t origin, 449 const KeymasterKeyBlob& key_material, 450 KeymasterKeyBlob* blob, 451 AuthorizationSet* hw_enforced, 452 AuthorizationSet* sw_enforced) const { 453 keymaster_error_t error = SetAuthorizations(key_description, origin, os_version_, 454 os_patchlevel_, hw_enforced, sw_enforced); 455 if (error != KM_ERROR_OK) 456 return error; 457 458 AuthorizationSet hidden; 459 error = BuildHiddenAuthorizations(key_description, &hidden); 460 if (error != KM_ERROR_OK) 461 return error; 462 463 return SerializeIntegrityAssuredBlob(key_material, hidden, *hw_enforced, *sw_enforced, blob); 464 } 465 466 keymaster_error_t SoftKeymasterContext::UpgradeKeyBlob(const KeymasterKeyBlob& key_to_upgrade, 467 const AuthorizationSet& upgrade_params, 468 KeymasterKeyBlob* upgraded_key) const { 469 KeymasterKeyBlob key_material; 470 AuthorizationSet tee_enforced; 471 AuthorizationSet sw_enforced; 472 keymaster_error_t error = 473 ParseKeyBlob(key_to_upgrade, upgrade_params, &key_material, &tee_enforced, &sw_enforced); 474 if (error != KM_ERROR_OK) 475 return error; 476 477 // Three cases here: 478 // 479 // 1. Software key blob. Version info, if present, is in sw_enforced. If not present, we 480 // should add it. 481 // 482 // 2. Keymaster0 hardware key blob. Version info, if present, is in sw_enforced. If not 483 // present we should add it. 484 // 485 // 3. Keymaster1 hardware key blob. Version info is not present and we shouldn't have been 486 // asked to upgrade. 487 488 // Handle case 3. 489 if (km1_dev_ && tee_enforced.Contains(TAG_PURPOSE) && !tee_enforced.Contains(TAG_OS_PATCHLEVEL)) 490 return KM_ERROR_INVALID_ARGUMENT; 491 492 // Handle cases 1 & 2. 493 bool set_changed = false; 494 495 if (os_version_ == 0) { 496 // We need to allow "upgrading" OS version to zero, to support upgrading from proper 497 // numbered releases to unnumbered development and preview releases. 498 499 int key_os_version_pos = sw_enforced.find(TAG_OS_VERSION); 500 if (key_os_version_pos != -1) { 501 uint32_t key_os_version = sw_enforced[key_os_version_pos].integer; 502 if (key_os_version != 0) { 503 sw_enforced[key_os_version_pos].integer = os_version_; 504 set_changed = true; 505 } 506 } 507 } 508 509 if (!UpgradeIntegerTag(TAG_OS_VERSION, os_version_, &sw_enforced, &set_changed) || 510 !UpgradeIntegerTag(TAG_OS_PATCHLEVEL, os_patchlevel_, &sw_enforced, &set_changed)) 511 // One of the version fields would have been a downgrade. Not allowed. 512 return KM_ERROR_INVALID_ARGUMENT; 513 514 if (!set_changed) 515 // Dont' need an upgrade. 516 return KM_ERROR_OK; 517 518 AuthorizationSet hidden; 519 error = BuildHiddenAuthorizations(upgrade_params, &hidden); 520 if (error != KM_ERROR_OK) 521 return error; 522 return SerializeIntegrityAssuredBlob(key_material, hidden, tee_enforced, sw_enforced, 523 upgraded_key); 524 } 525 526 static keymaster_error_t ParseOcbAuthEncryptedBlob(const KeymasterKeyBlob& blob, 527 const AuthorizationSet& hidden, 528 KeymasterKeyBlob* key_material, 529 AuthorizationSet* hw_enforced, 530 AuthorizationSet* sw_enforced) { 531 Buffer nonce, tag; 532 KeymasterKeyBlob encrypted_key_material; 533 keymaster_error_t error = DeserializeAuthEncryptedBlob(blob, &encrypted_key_material, 534 hw_enforced, sw_enforced, &nonce, &tag); 535 if (error != KM_ERROR_OK) 536 return error; 537 538 if (nonce.available_read() != OCB_NONCE_LENGTH || tag.available_read() != OCB_TAG_LENGTH) 539 return KM_ERROR_INVALID_KEY_BLOB; 540 541 return OcbDecryptKey(*hw_enforced, *sw_enforced, hidden, MASTER_KEY, encrypted_key_material, 542 nonce, tag, key_material); 543 } 544 545 // Note: This parsing code in below is from system/security/softkeymaster/keymaster_openssl.cpp's 546 // unwrap_key function, modified for the preferred function signature and formatting. It does some 547 // odd things, but they have been left unchanged to avoid breaking compatibility. 548 static const uint8_t SOFT_KEY_MAGIC[] = {'P', 'K', '#', '8'}; 549 keymaster_error_t SoftKeymasterContext::ParseOldSoftkeymasterBlob( 550 const KeymasterKeyBlob& blob, KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced, 551 AuthorizationSet* sw_enforced) const { 552 long publicLen = 0; 553 long privateLen = 0; 554 const uint8_t* p = blob.key_material; 555 const uint8_t* end = blob.key_material + blob.key_material_size; 556 557 int type = 0; 558 ptrdiff_t min_size = 559 sizeof(SOFT_KEY_MAGIC) + sizeof(type) + sizeof(publicLen) + 1 + sizeof(privateLen) + 1; 560 if (end - p < min_size) { 561 LOG_W("key blob appears to be truncated (if an old SW key)", 0); 562 return KM_ERROR_INVALID_KEY_BLOB; 563 } 564 565 if (memcmp(p, SOFT_KEY_MAGIC, sizeof(SOFT_KEY_MAGIC)) != 0) 566 return KM_ERROR_INVALID_KEY_BLOB; 567 p += sizeof(SOFT_KEY_MAGIC); 568 569 for (size_t i = 0; i < sizeof(type); i++) 570 type = (type << 8) | *p++; 571 572 for (size_t i = 0; i < sizeof(type); i++) 573 publicLen = (publicLen << 8) | *p++; 574 575 if (p + publicLen > end) { 576 LOG_W("public key length encoding error: size=%ld, end=%td", publicLen, end - p); 577 return KM_ERROR_INVALID_KEY_BLOB; 578 } 579 p += publicLen; 580 581 if (end - p < 2) { 582 LOG_W("key blob appears to be truncated (if an old SW key)", 0); 583 return KM_ERROR_INVALID_KEY_BLOB; 584 } 585 586 for (size_t i = 0; i < sizeof(type); i++) 587 privateLen = (privateLen << 8) | *p++; 588 589 if (p + privateLen > end) { 590 LOG_W("private key length encoding error: size=%ld, end=%td", privateLen, end - p); 591 return KM_ERROR_INVALID_KEY_BLOB; 592 } 593 594 // Just to be sure, make sure that the ASN.1 structure parses correctly. We don't actually use 595 // the EVP_PKEY here. 596 const uint8_t* key_start = p; 597 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(d2i_PrivateKey(type, nullptr, &p, privateLen)); 598 if (pkey.get() == nullptr) { 599 LOG_W("Failed to parse PKCS#8 key material (if old SW key)", 0); 600 return KM_ERROR_INVALID_KEY_BLOB; 601 } 602 603 // All auths go into sw_enforced, including those that would be HW-enforced if we were faking 604 // auths for a HW-backed key. 605 hw_enforced->Clear(); 606 keymaster_error_t error = FakeKeyAuthorizations(pkey.get(), sw_enforced, sw_enforced); 607 if (error != KM_ERROR_OK) 608 return error; 609 610 if (!key_material->Reset(privateLen)) 611 return KM_ERROR_MEMORY_ALLOCATION_FAILED; 612 memcpy(key_material->writable_data(), key_start, privateLen); 613 614 return KM_ERROR_OK; 615 } 616 617 keymaster_error_t SoftKeymasterContext::ParseKeyBlob(const KeymasterKeyBlob& blob, 618 const AuthorizationSet& additional_params, 619 KeymasterKeyBlob* key_material, 620 AuthorizationSet* hw_enforced, 621 AuthorizationSet* sw_enforced) const { 622 // This is a little bit complicated. 623 // 624 // The SoftKeymasterContext has to handle a lot of different kinds of key blobs. 625 // 626 // 1. New keymaster1 software key blobs. These are integrity-assured but not encrypted. The 627 // raw key material and auth sets should be extracted and returned. This is the kind 628 // produced by this context when the KeyFactory doesn't use keymaster0 to back the keys. 629 // 630 // 2. Old keymaster1 software key blobs. These are OCB-encrypted with an all-zero master key. 631 // They should be decrypted and the key material and auth sets extracted and returned. 632 // 633 // 3. Old keymaster0 software key blobs. These are raw key material with a small header tacked 634 // on the front. They don't have auth sets, so reasonable defaults are generated and 635 // returned along with the raw key material. 636 // 637 // 4. New keymaster0 hardware key blobs. These are integrity-assured but not encrypted (though 638 // they're protected by the keymaster0 hardware implementation). The keymaster0 key blob 639 // and auth sets should be extracted and returned. 640 // 641 // 5. Keymaster1 hardware key blobs. These are raw hardware key blobs. They contain auth 642 // sets, which we retrieve from the hardware module. 643 // 644 // 6. Old keymaster0 hardware key blobs. These are raw hardware key blobs. They don't have 645 // auth sets so reasonable defaults are generated and returned along with the key blob. 646 // 647 // Determining what kind of blob has arrived is somewhat tricky. What helps is that 648 // integrity-assured and OCB-encrypted blobs are self-consistent and effectively impossible to 649 // parse as anything else. Old keymaster0 software key blobs have a header. It's reasonably 650 // unlikely that hardware keys would have the same header. So anything that is neither 651 // integrity-assured nor OCB-encrypted and lacks the old software key header is assumed to be 652 // keymaster0 hardware. 653 654 AuthorizationSet hidden; 655 keymaster_error_t error = BuildHiddenAuthorizations(additional_params, &hidden); 656 if (error != KM_ERROR_OK) 657 return error; 658 659 // Assume it's an integrity-assured blob (new software-only blob, or new keymaster0-backed 660 // blob). 661 error = DeserializeIntegrityAssuredBlob(blob, hidden, key_material, hw_enforced, sw_enforced); 662 if (error != KM_ERROR_INVALID_KEY_BLOB) 663 return error; 664 665 // Wasn't an integrity-assured blob. Maybe it's an OCB-encrypted blob. 666 error = ParseOcbAuthEncryptedBlob(blob, hidden, key_material, hw_enforced, sw_enforced); 667 if (error == KM_ERROR_OK) 668 LOG_D("Parsed an old keymaster1 software key", 0); 669 if (error != KM_ERROR_INVALID_KEY_BLOB) 670 return error; 671 672 // Wasn't an OCB-encrypted blob. Maybe it's an old softkeymaster blob. 673 error = ParseOldSoftkeymasterBlob(blob, key_material, hw_enforced, sw_enforced); 674 if (error == KM_ERROR_OK) 675 LOG_D("Parsed an old sofkeymaster key", 0); 676 if (error != KM_ERROR_INVALID_KEY_BLOB) 677 return error; 678 679 if (km1_dev_) 680 return ParseKeymaster1HwBlob(blob, additional_params, key_material, hw_enforced, 681 sw_enforced); 682 else if (km0_engine_) 683 return ParseKeymaster0HwBlob(blob, key_material, hw_enforced, sw_enforced); 684 685 return KM_ERROR_INVALID_KEY_BLOB; 686 } 687 688 keymaster_error_t SoftKeymasterContext::DeleteKey(const KeymasterKeyBlob& blob) const { 689 if (km1_engine_) { 690 // HACK. Due to a bug with Qualcomm's Keymaster implementation, which causes the device to 691 // reboot if we pass it a key blob it doesn't understand, we need to check for software 692 // keys. If it looks like a software key there's nothing to do so we just return. 693 KeymasterKeyBlob key_material; 694 AuthorizationSet hw_enforced, sw_enforced; 695 keymaster_error_t error = DeserializeIntegrityAssuredBlob_NoHmacCheck( 696 blob, &key_material, &hw_enforced, &sw_enforced); 697 if (error == KM_ERROR_OK) { 698 return KM_ERROR_OK; 699 } 700 701 return km1_engine_->DeleteKey(blob); 702 } 703 704 if (km0_engine_) { 705 // This could be a keymaster0 hardware key, and it could be either raw or encapsulated in an 706 // integrity-assured blob. If it's integrity-assured, we can't validate it strongly, 707 // because we don't have the necessary additional_params data. However, the probability 708 // that anything other than an integrity-assured blob would have all of the structure 709 // required to decode as a valid blob is low -- unless it's maliciously-constructed, but the 710 // deserializer should be proof against bad data, as should the keymaster0 hardware. 711 // 712 // Thus, we first try to parse it as integrity-assured. If that works, we pass the result 713 // to the underlying hardware. If not, we pass blob unmodified to the underlying hardware. 714 KeymasterKeyBlob key_material; 715 AuthorizationSet hw_enforced, sw_enforced; 716 keymaster_error_t error = DeserializeIntegrityAssuredBlob_NoHmacCheck( 717 blob, &key_material, &hw_enforced, &sw_enforced); 718 if (error == KM_ERROR_OK && km0_engine_->DeleteKey(key_material)) 719 return KM_ERROR_OK; 720 721 km0_engine_->DeleteKey(blob); 722 723 // We succeed unconditionally at this point, even if delete failed. Failure indicates that 724 // either the blob is a software blob (which we can't distinguish with certainty without 725 // additional_params) or because it is a hardware blob and the hardware failed. In the 726 // first case, there is no error. In the second case, the client can't do anything to fix 727 // it anyway, so it's not too harmful to simply swallow the error. This is not ideal, but 728 // it's the least-bad alternative. 729 return KM_ERROR_OK; 730 } 731 732 // Nothing to do for software-only contexts. 733 return KM_ERROR_OK; 734 } 735 736 keymaster_error_t SoftKeymasterContext::DeleteAllKeys() const { 737 if (km1_engine_) 738 return km1_engine_->DeleteAllKeys(); 739 740 if (km0_engine_ && !km0_engine_->DeleteAllKeys()) 741 return KM_ERROR_UNKNOWN_ERROR; 742 743 return KM_ERROR_OK; 744 } 745 746 keymaster_error_t SoftKeymasterContext::AddRngEntropy(const uint8_t* buf, size_t length) const { 747 RAND_add(buf, length, 0 /* Don't assume any entropy is added to the pool. */); 748 return KM_ERROR_OK; 749 } 750 751 keymaster_error_t SoftKeymasterContext::GenerateRandom(uint8_t* buf, size_t length) const { 752 if (RAND_bytes(buf, length) != 1) 753 return KM_ERROR_UNKNOWN_ERROR; 754 return KM_ERROR_OK; 755 } 756 757 void SoftKeymasterContext::AddSystemVersionToSet(AuthorizationSet* auth_set) const { 758 if (!auth_set->Contains(TAG_OS_VERSION)) 759 auth_set->push_back(TAG_OS_VERSION, os_version_); 760 if (!auth_set->Contains(TAG_OS_PATCHLEVEL)) 761 auth_set->push_back(TAG_OS_PATCHLEVEL, os_patchlevel_); 762 } 763 764 EVP_PKEY* SoftKeymasterContext::AttestationKey(keymaster_algorithm_t algorithm, 765 keymaster_error_t* error) const { 766 767 const uint8_t* key; 768 size_t key_length; 769 int evp_key_type; 770 771 switch (algorithm) { 772 case KM_ALGORITHM_RSA: 773 key = kRsaAttestKey; 774 key_length = array_length(kRsaAttestKey); 775 evp_key_type = EVP_PKEY_RSA; 776 break; 777 778 case KM_ALGORITHM_EC: 779 key = kEcAttestKey; 780 key_length = array_length(kEcAttestKey); 781 evp_key_type = EVP_PKEY_EC; 782 break; 783 784 default: 785 *error = KM_ERROR_UNSUPPORTED_ALGORITHM; 786 return nullptr; 787 } 788 789 EVP_PKEY* pkey = d2i_PrivateKey(evp_key_type, nullptr /* pkey */, &key, key_length); 790 if (!pkey) 791 *error = TranslateLastOpenSslError(); 792 793 return pkey; 794 } 795 796 keymaster_cert_chain_t* SoftKeymasterContext::AttestationChain(keymaster_algorithm_t algorithm, 797 keymaster_error_t* error) const { 798 // If we have to bail it will be because of an allocation failure. 799 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED; 800 801 UniquePtr<keymaster_cert_chain_t, CertificateChainDelete> chain(new keymaster_cert_chain_t); 802 if (!chain.get()) 803 return nullptr; 804 memset(chain.get(), 0, sizeof(keymaster_cert_chain_t)); 805 806 chain->entries = new keymaster_blob_t[kCertificateChainLength]; 807 if (!chain->entries) 808 return nullptr; 809 810 memset(chain->entries, 0, sizeof(chain->entries[0]) * kCertificateChainLength); 811 chain->entry_count = kCertificateChainLength; 812 813 size_t entry = 0; 814 815 switch (algorithm) { 816 case KM_ALGORITHM_RSA: 817 chain->entries[entry].data = dup_array(kRsaAttestCert); 818 if (!chain->entries[entry].data) 819 return nullptr; 820 chain->entries[entry].data_length = array_length(kRsaAttestCert); 821 entry++; 822 chain->entries[entry].data = dup_array(kRsaAttestRootCert); 823 if (!chain->entries[entry].data) 824 return nullptr; 825 chain->entries[entry].data_length = array_length(kRsaAttestRootCert); 826 entry++; 827 break; 828 829 case KM_ALGORITHM_EC: 830 chain->entries[entry].data = dup_array(kEcAttestCert); 831 if (!chain->entries[entry].data) 832 return nullptr; 833 chain->entries[entry].data_length = array_length(kEcAttestCert); 834 entry++; 835 chain->entries[entry].data = dup_array(kEcAttestRootCert); 836 if (!chain->entries[entry].data) 837 return nullptr; 838 chain->entries[entry].data_length = array_length(kEcAttestRootCert); 839 entry++; 840 break; 841 842 default: 843 *error = KM_ERROR_UNSUPPORTED_ALGORITHM; 844 return nullptr; 845 }; 846 847 assert(entry == kCertificateChainLength); 848 849 *error = KM_ERROR_OK; 850 return chain.release(); 851 } 852 853 keymaster_error_t SoftKeymasterContext::GenerateUniqueId( 854 uint64_t /* creation_date_time */, const keymaster_blob_t& /* application_id */, 855 bool /* reset_since_rotation */, Buffer* /* unique_id */) const { 856 // SoftKeymasterDevice cannot generate unique IDs. 857 return KM_ERROR_UNIMPLEMENTED; 858 } 859 860 keymaster_error_t SoftKeymasterContext::ParseKeymaster1HwBlob( 861 const KeymasterKeyBlob& blob, const AuthorizationSet& additional_params, 862 KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced, 863 AuthorizationSet* sw_enforced) const { 864 assert(km1_dev_); 865 866 keymaster_blob_t client_id = {nullptr, 0}; 867 keymaster_blob_t app_data = {nullptr, 0}; 868 keymaster_blob_t* client_id_ptr = nullptr; 869 keymaster_blob_t* app_data_ptr = nullptr; 870 if (additional_params.GetTagValue(TAG_APPLICATION_ID, &client_id)) 871 client_id_ptr = &client_id; 872 if (additional_params.GetTagValue(TAG_APPLICATION_DATA, &app_data)) 873 app_data_ptr = &app_data; 874 875 // Get key characteristics, which incidentally verifies that the HW recognizes the key. 876 keymaster_key_characteristics_t* characteristics; 877 keymaster_error_t error = km1_dev_->get_key_characteristics(km1_dev_, &blob, client_id_ptr, 878 app_data_ptr, &characteristics); 879 if (error != KM_ERROR_OK) 880 return error; 881 unique_ptr<keymaster_key_characteristics_t, Characteristics_Delete> characteristics_deleter( 882 characteristics); 883 884 LOG_D("Module \"%s\" accepted key", km1_dev_->common.module->name); 885 886 hw_enforced->Reinitialize(characteristics->hw_enforced); 887 sw_enforced->Reinitialize(characteristics->sw_enforced); 888 *key_material = blob; 889 return KM_ERROR_OK; 890 } 891 892 keymaster_error_t SoftKeymasterContext::ParseKeymaster0HwBlob(const KeymasterKeyBlob& blob, 893 KeymasterKeyBlob* key_material, 894 AuthorizationSet* hw_enforced, 895 AuthorizationSet* sw_enforced) const { 896 assert(km0_engine_); 897 898 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> tmp_key(km0_engine_->GetKeymaster0PublicKey(blob)); 899 900 if (!tmp_key) 901 return KM_ERROR_INVALID_KEY_BLOB; 902 903 LOG_D("Module \"%s\" accepted key", km0_engine_->device()->common.module->name); 904 keymaster_error_t error = FakeKeyAuthorizations(tmp_key.get(), hw_enforced, sw_enforced); 905 if (error == KM_ERROR_OK) 906 *key_material = blob; 907 908 return error; 909 } 910 911 keymaster_error_t SoftKeymasterContext::FakeKeyAuthorizations(EVP_PKEY* pubkey, 912 AuthorizationSet* hw_enforced, 913 AuthorizationSet* sw_enforced) const { 914 hw_enforced->Clear(); 915 sw_enforced->Clear(); 916 917 switch (EVP_PKEY_type(pubkey->type)) { 918 case EVP_PKEY_RSA: { 919 hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA); 920 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_NONE); 921 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_MD5); 922 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA1); 923 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_224); 924 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); 925 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384); 926 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_512); 927 hw_enforced->push_back(TAG_PADDING, KM_PAD_NONE); 928 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN); 929 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT); 930 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PSS); 931 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_OAEP); 932 933 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN); 934 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY); 935 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_ENCRYPT); 936 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_DECRYPT); 937 938 unique_ptr<RSA, RSA_Delete> rsa(EVP_PKEY_get1_RSA(pubkey)); 939 if (!rsa) 940 return TranslateLastOpenSslError(); 941 hw_enforced->push_back(TAG_KEY_SIZE, RSA_size(rsa.get()) * 8); 942 uint64_t public_exponent = BN_get_word(rsa->e); 943 if (public_exponent == 0xffffffffL) 944 return KM_ERROR_INVALID_KEY_BLOB; 945 hw_enforced->push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent); 946 break; 947 } 948 949 case EVP_PKEY_EC: { 950 hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA); 951 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_NONE); 952 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_MD5); 953 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA1); 954 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_224); 955 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256); 956 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384); 957 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_512); 958 959 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN); 960 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY); 961 962 UniquePtr<EC_KEY, EC_KEY_Delete> ec_key(EVP_PKEY_get1_EC_KEY(pubkey)); 963 if (!ec_key.get()) 964 return TranslateLastOpenSslError(); 965 size_t key_size_bits; 966 keymaster_error_t error = 967 ec_get_group_size(EC_KEY_get0_group(ec_key.get()), &key_size_bits); 968 if (error != KM_ERROR_OK) 969 return error; 970 hw_enforced->push_back(TAG_KEY_SIZE, key_size_bits); 971 break; 972 } 973 974 default: 975 return KM_ERROR_UNSUPPORTED_ALGORITHM; 976 } 977 978 sw_enforced->push_back(TAG_ALL_USERS); 979 sw_enforced->push_back(TAG_NO_AUTH_REQUIRED); 980 981 return KM_ERROR_OK; 982 } 983 984 keymaster_error_t SoftKeymasterContext::BuildHiddenAuthorizations(const AuthorizationSet& input_set, 985 AuthorizationSet* hidden) const { 986 keymaster_blob_t entry; 987 if (input_set.GetTagValue(TAG_APPLICATION_ID, &entry)) 988 hidden->push_back(TAG_APPLICATION_ID, entry.data, entry.data_length); 989 if (input_set.GetTagValue(TAG_APPLICATION_DATA, &entry)) 990 hidden->push_back(TAG_APPLICATION_DATA, entry.data, entry.data_length); 991 992 hidden->push_back(TAG_ROOT_OF_TRUST, reinterpret_cast<const uint8_t*>(root_of_trust_.data()), 993 root_of_trust_.size()); 994 995 return TranslateAuthorizationSetError(hidden->is_valid()); 996 } 997 998 } // namespace keymaster 999
