1 // Copyright 2015 The Android Open Source Project
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #define LOG_TAG "keystore_client"
16
17 #include "keystore/keystore_client_impl.h"
18
19 #include <string>
20 #include <vector>
21
22 #include "binder/IBinder.h"
23 #include "binder/IInterface.h"
24 #include "binder/IServiceManager.h"
25 #include "keystore/IKeystoreService.h"
26 #include "keystore/keystore.h"
27 #include "log/log.h"
28 #include "utils/String16.h"
29 #include "utils/String8.h"
30
31 #include "keystore_client.pb.h"
32
33 using android::ExportResult;
34 using android::KeyCharacteristics;
35 using android::KeymasterArguments;
36 using android::OperationResult;
37 using android::String16;
38 using keymaster::AuthorizationSet;
39 using keymaster::AuthorizationSetBuilder;
40
41 namespace {
42
43 // Use the UID of the current process.
44 const int kDefaultUID = -1;
45 const char kEncryptSuffix[] = "_ENC";
46 const char kAuthenticateSuffix[] = "_AUTH";
47 const uint32_t kAESKeySize = 256; // bits
48 const uint32_t kHMACKeySize = 256; // bits
49 const uint32_t kHMACOutputSize = 256; // bits
50
StringAsByteArray(const std::string & s)51 const uint8_t* StringAsByteArray(const std::string& s) {
52 return reinterpret_cast<const uint8_t*>(s.data());
53 }
54
ByteArrayAsString(const uint8_t * data,size_t data_size)55 std::string ByteArrayAsString(const uint8_t* data, size_t data_size) {
56 return std::string(reinterpret_cast<const char*>(data), data_size);
57 }
58
CopyParameters(const AuthorizationSet & in,std::vector<keymaster_key_param_t> * out)59 void CopyParameters(const AuthorizationSet& in, std::vector<keymaster_key_param_t>* out) {
60 keymaster_key_param_set_t tmp;
61 in.CopyToParamSet(&tmp);
62 out->assign(&tmp.params[0], &tmp.params[tmp.length]);
63 free(tmp.params);
64 }
65
66 } // namespace
67
68 namespace keystore {
69
KeystoreClientImpl()70 KeystoreClientImpl::KeystoreClientImpl() {
71 service_manager_ = android::defaultServiceManager();
72 keystore_binder_ = service_manager_->getService(String16("android.security.keystore"));
73 keystore_ = android::interface_cast<android::IKeystoreService>(keystore_binder_);
74 }
75
encryptWithAuthentication(const std::string & key_name,const std::string & data,std::string * encrypted_data)76 bool KeystoreClientImpl::encryptWithAuthentication(const std::string& key_name,
77 const std::string& data,
78 std::string* encrypted_data) {
79 // The encryption algorithm is AES-256-CBC with PKCS #7 padding and a random
80 // IV. The authentication algorithm is HMAC-SHA256 and is computed over the
81 // cipher-text (i.e. Encrypt-then-MAC approach). This was chosen over AES-GCM
82 // because hardware support for GCM is not mandatory for all Brillo devices.
83 std::string encryption_key_name = key_name + kEncryptSuffix;
84 if (!createOrVerifyEncryptionKey(encryption_key_name)) {
85 return false;
86 }
87 std::string authentication_key_name = key_name + kAuthenticateSuffix;
88 if (!createOrVerifyAuthenticationKey(authentication_key_name)) {
89 return false;
90 }
91 AuthorizationSetBuilder encrypt_params;
92 encrypt_params.Padding(KM_PAD_PKCS7);
93 encrypt_params.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_CBC);
94 AuthorizationSet output_params;
95 std::string raw_encrypted_data;
96 if (!oneShotOperation(KM_PURPOSE_ENCRYPT, encryption_key_name, encrypt_params.build(), data,
97 std::string(), /* signature_to_verify */
98 &output_params, &raw_encrypted_data)) {
99 ALOGE("Encrypt: AES operation failed.");
100 return false;
101 }
102 keymaster_blob_t init_vector_blob;
103 if (!output_params.GetTagValue(keymaster::TAG_NONCE, &init_vector_blob)) {
104 ALOGE("Encrypt: Missing initialization vector.");
105 return false;
106 }
107 std::string init_vector =
108 ByteArrayAsString(init_vector_blob.data, init_vector_blob.data_length);
109
110 AuthorizationSetBuilder authenticate_params;
111 authenticate_params.Digest(KM_DIGEST_SHA_2_256);
112 authenticate_params.Authorization(keymaster::TAG_MAC_LENGTH, kHMACOutputSize);
113 std::string raw_authentication_data;
114 if (!oneShotOperation(KM_PURPOSE_SIGN, authentication_key_name, authenticate_params.build(),
115 init_vector + raw_encrypted_data, std::string(), /* signature_to_verify */
116 &output_params, &raw_authentication_data)) {
117 ALOGE("Encrypt: HMAC operation failed.");
118 return false;
119 }
120 EncryptedData protobuf;
121 protobuf.set_init_vector(init_vector);
122 protobuf.set_authentication_data(raw_authentication_data);
123 protobuf.set_encrypted_data(raw_encrypted_data);
124 if (!protobuf.SerializeToString(encrypted_data)) {
125 ALOGE("Encrypt: Failed to serialize EncryptedData protobuf.");
126 return false;
127 }
128 return true;
129 }
130
decryptWithAuthentication(const std::string & key_name,const std::string & encrypted_data,std::string * data)131 bool KeystoreClientImpl::decryptWithAuthentication(const std::string& key_name,
132 const std::string& encrypted_data,
133 std::string* data) {
134 EncryptedData protobuf;
135 if (!protobuf.ParseFromString(encrypted_data)) {
136 ALOGE("Decrypt: Failed to parse EncryptedData protobuf.");
137 }
138 // Verify authentication before attempting decryption.
139 std::string authentication_key_name = key_name + kAuthenticateSuffix;
140 AuthorizationSetBuilder authenticate_params;
141 authenticate_params.Digest(KM_DIGEST_SHA_2_256);
142 AuthorizationSet output_params;
143 std::string output_data;
144 if (!oneShotOperation(KM_PURPOSE_VERIFY, authentication_key_name, authenticate_params.build(),
145 protobuf.init_vector() + protobuf.encrypted_data(),
146 protobuf.authentication_data(), &output_params, &output_data)) {
147 ALOGE("Decrypt: HMAC operation failed.");
148 return false;
149 }
150 std::string encryption_key_name = key_name + kEncryptSuffix;
151 AuthorizationSetBuilder encrypt_params;
152 encrypt_params.Padding(KM_PAD_PKCS7);
153 encrypt_params.Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_CBC);
154 encrypt_params.Authorization(keymaster::TAG_NONCE, protobuf.init_vector().data(),
155 protobuf.init_vector().size());
156 if (!oneShotOperation(KM_PURPOSE_DECRYPT, encryption_key_name, encrypt_params.build(),
157 protobuf.encrypted_data(), std::string(), /* signature_to_verify */
158 &output_params, data)) {
159 ALOGE("Decrypt: AES operation failed.");
160 return false;
161 }
162 return true;
163 }
164
oneShotOperation(keymaster_purpose_t purpose,const std::string & key_name,const keymaster::AuthorizationSet & input_parameters,const std::string & input_data,const std::string & signature_to_verify,keymaster::AuthorizationSet * output_parameters,std::string * output_data)165 bool KeystoreClientImpl::oneShotOperation(keymaster_purpose_t purpose, const std::string& key_name,
166 const keymaster::AuthorizationSet& input_parameters,
167 const std::string& input_data,
168 const std::string& signature_to_verify,
169 keymaster::AuthorizationSet* output_parameters,
170 std::string* output_data) {
171 keymaster_operation_handle_t handle;
172 int32_t result =
173 beginOperation(purpose, key_name, input_parameters, output_parameters, &handle);
174 if (result != KM_ERROR_OK) {
175 ALOGE("BeginOperation failed: %d", result);
176 return false;
177 }
178 AuthorizationSet empty_params;
179 size_t num_input_bytes_consumed;
180 AuthorizationSet ignored_params;
181 result = updateOperation(handle, empty_params, input_data, &num_input_bytes_consumed,
182 &ignored_params, output_data);
183 if (result != KM_ERROR_OK) {
184 ALOGE("UpdateOperation failed: %d", result);
185 return false;
186 }
187 result =
188 finishOperation(handle, empty_params, signature_to_verify, &ignored_params, output_data);
189 if (result != KM_ERROR_OK) {
190 ALOGE("FinishOperation failed: %d", result);
191 return false;
192 }
193 return true;
194 }
195
addRandomNumberGeneratorEntropy(const std::string & entropy)196 int32_t KeystoreClientImpl::addRandomNumberGeneratorEntropy(const std::string& entropy) {
197 return mapKeystoreError(keystore_->addRngEntropy(StringAsByteArray(entropy), entropy.size()));
198 }
199
generateKey(const std::string & key_name,const AuthorizationSet & key_parameters,AuthorizationSet * hardware_enforced_characteristics,AuthorizationSet * software_enforced_characteristics)200 int32_t KeystoreClientImpl::generateKey(const std::string& key_name,
201 const AuthorizationSet& key_parameters,
202 AuthorizationSet* hardware_enforced_characteristics,
203 AuthorizationSet* software_enforced_characteristics) {
204 String16 key_name16(key_name.data(), key_name.size());
205 KeymasterArguments key_arguments;
206 CopyParameters(key_parameters, &key_arguments.params);
207 KeyCharacteristics characteristics;
208 int32_t result =
209 keystore_->generateKey(key_name16, key_arguments, NULL /*entropy*/, 0 /*entropyLength*/,
210 kDefaultUID, KEYSTORE_FLAG_NONE, &characteristics);
211 hardware_enforced_characteristics->Reinitialize(characteristics.characteristics.hw_enforced);
212 software_enforced_characteristics->Reinitialize(characteristics.characteristics.sw_enforced);
213 return mapKeystoreError(result);
214 }
215
216 int32_t
getKeyCharacteristics(const std::string & key_name,AuthorizationSet * hardware_enforced_characteristics,AuthorizationSet * software_enforced_characteristics)217 KeystoreClientImpl::getKeyCharacteristics(const std::string& key_name,
218 AuthorizationSet* hardware_enforced_characteristics,
219 AuthorizationSet* software_enforced_characteristics) {
220 String16 key_name16(key_name.data(), key_name.size());
221 keymaster_blob_t client_id_blob = {nullptr, 0};
222 keymaster_blob_t app_data_blob = {nullptr, 0};
223 KeyCharacteristics characteristics;
224 int32_t result = keystore_->getKeyCharacteristics(key_name16, &client_id_blob, &app_data_blob,
225 kDefaultUID, &characteristics);
226 hardware_enforced_characteristics->Reinitialize(characteristics.characteristics.hw_enforced);
227 software_enforced_characteristics->Reinitialize(characteristics.characteristics.sw_enforced);
228 return mapKeystoreError(result);
229 }
230
importKey(const std::string & key_name,const AuthorizationSet & key_parameters,keymaster_key_format_t key_format,const std::string & key_data,AuthorizationSet * hardware_enforced_characteristics,AuthorizationSet * software_enforced_characteristics)231 int32_t KeystoreClientImpl::importKey(const std::string& key_name,
232 const AuthorizationSet& key_parameters,
233 keymaster_key_format_t key_format,
234 const std::string& key_data,
235 AuthorizationSet* hardware_enforced_characteristics,
236 AuthorizationSet* software_enforced_characteristics) {
237 String16 key_name16(key_name.data(), key_name.size());
238 KeymasterArguments key_arguments;
239 CopyParameters(key_parameters, &key_arguments.params);
240 KeyCharacteristics characteristics;
241 int32_t result =
242 keystore_->importKey(key_name16, key_arguments, key_format, StringAsByteArray(key_data),
243 key_data.size(), kDefaultUID, KEYSTORE_FLAG_NONE, &characteristics);
244 hardware_enforced_characteristics->Reinitialize(characteristics.characteristics.hw_enforced);
245 software_enforced_characteristics->Reinitialize(characteristics.characteristics.sw_enforced);
246 return mapKeystoreError(result);
247 }
248
exportKey(keymaster_key_format_t export_format,const std::string & key_name,std::string * export_data)249 int32_t KeystoreClientImpl::exportKey(keymaster_key_format_t export_format,
250 const std::string& key_name, std::string* export_data) {
251 String16 key_name16(key_name.data(), key_name.size());
252 keymaster_blob_t client_id_blob = {nullptr, 0};
253 keymaster_blob_t app_data_blob = {nullptr, 0};
254 ExportResult export_result;
255 keystore_->exportKey(key_name16, export_format, &client_id_blob, &app_data_blob,
256 kDefaultUID, &export_result);
257 *export_data = ByteArrayAsString(export_result.exportData.get(), export_result.dataLength);
258 return mapKeystoreError(export_result.resultCode);
259 }
260
deleteKey(const std::string & key_name)261 int32_t KeystoreClientImpl::deleteKey(const std::string& key_name) {
262 String16 key_name16(key_name.data(), key_name.size());
263 return mapKeystoreError(keystore_->del(key_name16, kDefaultUID));
264 }
265
deleteAllKeys()266 int32_t KeystoreClientImpl::deleteAllKeys() {
267 return mapKeystoreError(keystore_->clear_uid(kDefaultUID));
268 }
269
beginOperation(keymaster_purpose_t purpose,const std::string & key_name,const AuthorizationSet & input_parameters,AuthorizationSet * output_parameters,keymaster_operation_handle_t * handle)270 int32_t KeystoreClientImpl::beginOperation(keymaster_purpose_t purpose, const std::string& key_name,
271 const AuthorizationSet& input_parameters,
272 AuthorizationSet* output_parameters,
273 keymaster_operation_handle_t* handle) {
274 android::sp<android::IBinder> token(new android::BBinder);
275 String16 key_name16(key_name.data(), key_name.size());
276 KeymasterArguments input_arguments;
277 CopyParameters(input_parameters, &input_arguments.params);
278 OperationResult result;
279 keystore_->begin(token, key_name16, purpose, true /*pruneable*/, input_arguments,
280 NULL /*entropy*/, 0 /*entropyLength*/, kDefaultUID, &result);
281 int32_t error_code = mapKeystoreError(result.resultCode);
282 if (error_code == KM_ERROR_OK) {
283 *handle = getNextVirtualHandle();
284 active_operations_[*handle] = result.token;
285 if (!result.outParams.params.empty()) {
286 output_parameters->Reinitialize(&*result.outParams.params.begin(),
287 result.outParams.params.size());
288 }
289 }
290 return error_code;
291 }
292
updateOperation(keymaster_operation_handle_t handle,const AuthorizationSet & input_parameters,const std::string & input_data,size_t * num_input_bytes_consumed,AuthorizationSet * output_parameters,std::string * output_data)293 int32_t KeystoreClientImpl::updateOperation(keymaster_operation_handle_t handle,
294 const AuthorizationSet& input_parameters,
295 const std::string& input_data,
296 size_t* num_input_bytes_consumed,
297 AuthorizationSet* output_parameters,
298 std::string* output_data) {
299 if (active_operations_.count(handle) == 0) {
300 return KM_ERROR_INVALID_OPERATION_HANDLE;
301 }
302 KeymasterArguments input_arguments;
303 CopyParameters(input_parameters, &input_arguments.params);
304 OperationResult result;
305 keystore_->update(active_operations_[handle], input_arguments, StringAsByteArray(input_data),
306 input_data.size(), &result);
307 int32_t error_code = mapKeystoreError(result.resultCode);
308 if (error_code == KM_ERROR_OK) {
309 *num_input_bytes_consumed = result.inputConsumed;
310 if (!result.outParams.params.empty()) {
311 output_parameters->Reinitialize(&*result.outParams.params.begin(),
312 result.outParams.params.size());
313 }
314 output_data->append(ByteArrayAsString(result.data.get(), result.dataLength));
315 }
316 return error_code;
317 }
318
finishOperation(keymaster_operation_handle_t handle,const AuthorizationSet & input_parameters,const std::string & signature_to_verify,AuthorizationSet * output_parameters,std::string * output_data)319 int32_t KeystoreClientImpl::finishOperation(keymaster_operation_handle_t handle,
320 const AuthorizationSet& input_parameters,
321 const std::string& signature_to_verify,
322 AuthorizationSet* output_parameters,
323 std::string* output_data) {
324 if (active_operations_.count(handle) == 0) {
325 return KM_ERROR_INVALID_OPERATION_HANDLE;
326 }
327 KeymasterArguments input_arguments;
328 CopyParameters(input_parameters, &input_arguments.params);
329 OperationResult result;
330 keystore_->finish(active_operations_[handle], input_arguments,
331 StringAsByteArray(signature_to_verify), signature_to_verify.size(),
332 NULL /*entropy*/, 0 /*entropyLength*/, &result);
333 int32_t error_code = mapKeystoreError(result.resultCode);
334 if (error_code == KM_ERROR_OK) {
335 if (!result.outParams.params.empty()) {
336 output_parameters->Reinitialize(&*result.outParams.params.begin(),
337 result.outParams.params.size());
338 }
339 output_data->append(ByteArrayAsString(result.data.get(), result.dataLength));
340 active_operations_.erase(handle);
341 }
342 return error_code;
343 }
344
abortOperation(keymaster_operation_handle_t handle)345 int32_t KeystoreClientImpl::abortOperation(keymaster_operation_handle_t handle) {
346 if (active_operations_.count(handle) == 0) {
347 return KM_ERROR_INVALID_OPERATION_HANDLE;
348 }
349 int32_t error_code = mapKeystoreError(keystore_->abort(active_operations_[handle]));
350 if (error_code == KM_ERROR_OK) {
351 active_operations_.erase(handle);
352 }
353 return error_code;
354 }
355
doesKeyExist(const std::string & key_name)356 bool KeystoreClientImpl::doesKeyExist(const std::string& key_name) {
357 String16 key_name16(key_name.data(), key_name.size());
358 int32_t error_code = mapKeystoreError(keystore_->exist(key_name16, kDefaultUID));
359 return (error_code == KM_ERROR_OK);
360 }
361
listKeys(const std::string & prefix,std::vector<std::string> * key_name_list)362 bool KeystoreClientImpl::listKeys(const std::string& prefix,
363 std::vector<std::string>* key_name_list) {
364 String16 prefix16(prefix.data(), prefix.size());
365 android::Vector<String16> matches;
366 int32_t error_code = mapKeystoreError(keystore_->list(prefix16, kDefaultUID, &matches));
367 if (error_code == KM_ERROR_OK) {
368 for (const auto& match : matches) {
369 android::String8 key_name(match);
370 key_name_list->push_back(prefix + std::string(key_name.string(), key_name.size()));
371 }
372 return true;
373 }
374 return false;
375 }
376
getNextVirtualHandle()377 keymaster_operation_handle_t KeystoreClientImpl::getNextVirtualHandle() {
378 return next_virtual_handle_++;
379 }
380
mapKeystoreError(int32_t keystore_error)381 int32_t KeystoreClientImpl::mapKeystoreError(int32_t keystore_error) {
382 // See notes in keystore_client.h for rationale.
383 if (keystore_error == ::NO_ERROR) {
384 return KM_ERROR_OK;
385 }
386 return keystore_error;
387 }
388
createOrVerifyEncryptionKey(const std::string & key_name)389 bool KeystoreClientImpl::createOrVerifyEncryptionKey(const std::string& key_name) {
390 bool key_exists = doesKeyExist(key_name);
391 if (key_exists) {
392 bool verified = false;
393 if (!verifyEncryptionKeyAttributes(key_name, &verified)) {
394 return false;
395 }
396 if (!verified) {
397 int32_t result = deleteKey(key_name);
398 if (result != KM_ERROR_OK) {
399 ALOGE("Failed to delete invalid encryption key: %d", result);
400 return false;
401 }
402 key_exists = false;
403 }
404 }
405 if (!key_exists) {
406 AuthorizationSetBuilder key_parameters;
407 key_parameters.AesEncryptionKey(kAESKeySize)
408 .Padding(KM_PAD_PKCS7)
409 .Authorization(keymaster::TAG_BLOCK_MODE, KM_MODE_CBC)
410 .Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
411 AuthorizationSet hardware_enforced_characteristics;
412 AuthorizationSet software_enforced_characteristics;
413 int32_t result =
414 generateKey(key_name, key_parameters.build(), &hardware_enforced_characteristics,
415 &software_enforced_characteristics);
416 if (result != KM_ERROR_OK) {
417 ALOGE("Failed to generate encryption key: %d", result);
418 return false;
419 }
420 if (hardware_enforced_characteristics.size() == 0) {
421 ALOGW("WARNING: Encryption key is not hardware-backed.");
422 }
423 }
424 return true;
425 }
426
createOrVerifyAuthenticationKey(const std::string & key_name)427 bool KeystoreClientImpl::createOrVerifyAuthenticationKey(const std::string& key_name) {
428 bool key_exists = doesKeyExist(key_name);
429 if (key_exists) {
430 bool verified = false;
431 if (!verifyAuthenticationKeyAttributes(key_name, &verified)) {
432 return false;
433 }
434 if (!verified) {
435 int32_t result = deleteKey(key_name);
436 if (result != KM_ERROR_OK) {
437 ALOGE("Failed to delete invalid authentication key: %d", result);
438 return false;
439 }
440 key_exists = false;
441 }
442 }
443 if (!key_exists) {
444 AuthorizationSetBuilder key_parameters;
445 key_parameters.HmacKey(kHMACKeySize)
446 .Digest(KM_DIGEST_SHA_2_256)
447 .Authorization(keymaster::TAG_MIN_MAC_LENGTH, kHMACOutputSize)
448 .Authorization(keymaster::TAG_NO_AUTH_REQUIRED);
449 AuthorizationSet hardware_enforced_characteristics;
450 AuthorizationSet software_enforced_characteristics;
451 int32_t result =
452 generateKey(key_name, key_parameters.build(), &hardware_enforced_characteristics,
453 &software_enforced_characteristics);
454 if (result != KM_ERROR_OK) {
455 ALOGE("Failed to generate authentication key: %d", result);
456 return false;
457 }
458 if (hardware_enforced_characteristics.size() == 0) {
459 ALOGW("WARNING: Authentication key is not hardware-backed.");
460 }
461 }
462 return true;
463 }
464
verifyEncryptionKeyAttributes(const std::string & key_name,bool * verified)465 bool KeystoreClientImpl::verifyEncryptionKeyAttributes(const std::string& key_name,
466 bool* verified) {
467 AuthorizationSet hardware_enforced_characteristics;
468 AuthorizationSet software_enforced_characteristics;
469 int32_t result = getKeyCharacteristics(key_name, &hardware_enforced_characteristics,
470 &software_enforced_characteristics);
471 if (result != KM_ERROR_OK) {
472 ALOGE("Failed to query encryption key: %d", result);
473 return false;
474 }
475 *verified = true;
476 keymaster_algorithm_t algorithm = KM_ALGORITHM_RSA;
477 if ((!hardware_enforced_characteristics.GetTagValue(keymaster::TAG_ALGORITHM, &algorithm) &&
478 !software_enforced_characteristics.GetTagValue(keymaster::TAG_ALGORITHM, &algorithm)) ||
479 algorithm != KM_ALGORITHM_AES) {
480 ALOGW("Found encryption key with invalid algorithm.");
481 *verified = false;
482 }
483 uint32_t key_size = 0;
484 if ((!hardware_enforced_characteristics.GetTagValue(keymaster::TAG_KEY_SIZE, &key_size) &&
485 !software_enforced_characteristics.GetTagValue(keymaster::TAG_KEY_SIZE, &key_size)) ||
486 key_size != kAESKeySize) {
487 ALOGW("Found encryption key with invalid size.");
488 *verified = false;
489 }
490 keymaster_block_mode_t block_mode = KM_MODE_ECB;
491 if ((!hardware_enforced_characteristics.GetTagValue(keymaster::TAG_BLOCK_MODE, &block_mode) &&
492 !software_enforced_characteristics.GetTagValue(keymaster::TAG_BLOCK_MODE, &block_mode)) ||
493 block_mode != KM_MODE_CBC) {
494 ALOGW("Found encryption key with invalid block mode.");
495 *verified = false;
496 }
497 keymaster_padding_t padding_mode = KM_PAD_NONE;
498 if ((!hardware_enforced_characteristics.GetTagValue(keymaster::TAG_PADDING, &padding_mode) &&
499 !software_enforced_characteristics.GetTagValue(keymaster::TAG_PADDING, &padding_mode)) ||
500 padding_mode != KM_PAD_PKCS7) {
501 ALOGW("Found encryption key with invalid padding mode.");
502 *verified = false;
503 }
504 if (hardware_enforced_characteristics.size() == 0) {
505 ALOGW("WARNING: Encryption key is not hardware-backed.");
506 }
507 return true;
508 }
509
verifyAuthenticationKeyAttributes(const std::string & key_name,bool * verified)510 bool KeystoreClientImpl::verifyAuthenticationKeyAttributes(const std::string& key_name,
511 bool* verified) {
512 AuthorizationSet hardware_enforced_characteristics;
513 AuthorizationSet software_enforced_characteristics;
514 int32_t result = getKeyCharacteristics(key_name, &hardware_enforced_characteristics,
515 &software_enforced_characteristics);
516 if (result != KM_ERROR_OK) {
517 ALOGE("Failed to query authentication key: %d", result);
518 return false;
519 }
520 *verified = true;
521 keymaster_algorithm_t algorithm = KM_ALGORITHM_RSA;
522 if ((!hardware_enforced_characteristics.GetTagValue(keymaster::TAG_ALGORITHM, &algorithm) &&
523 !software_enforced_characteristics.GetTagValue(keymaster::TAG_ALGORITHM, &algorithm)) ||
524 algorithm != KM_ALGORITHM_HMAC) {
525 ALOGW("Found authentication key with invalid algorithm.");
526 *verified = false;
527 }
528 uint32_t key_size = 0;
529 if ((!hardware_enforced_characteristics.GetTagValue(keymaster::TAG_KEY_SIZE, &key_size) &&
530 !software_enforced_characteristics.GetTagValue(keymaster::TAG_KEY_SIZE, &key_size)) ||
531 key_size != kHMACKeySize) {
532 ALOGW("Found authentication key with invalid size.");
533 *verified = false;
534 }
535 uint32_t mac_size = 0;
536 if ((!hardware_enforced_characteristics.GetTagValue(keymaster::TAG_MIN_MAC_LENGTH, &mac_size) &&
537 !software_enforced_characteristics.GetTagValue(keymaster::TAG_MIN_MAC_LENGTH,
538 &mac_size)) ||
539 mac_size != kHMACOutputSize) {
540 ALOGW("Found authentication key with invalid minimum mac size.");
541 *verified = false;
542 }
543 keymaster_digest_t digest = KM_DIGEST_NONE;
544 if ((!hardware_enforced_characteristics.GetTagValue(keymaster::TAG_DIGEST, &digest) &&
545 !software_enforced_characteristics.GetTagValue(keymaster::TAG_DIGEST, &digest)) ||
546 digest != KM_DIGEST_SHA_2_256) {
547 ALOGW("Found authentication key with invalid digest list.");
548 *verified = false;
549 }
550 if (hardware_enforced_characteristics.size() == 0) {
551 ALOGW("WARNING: Authentication key is not hardware-backed.");
552 }
553 return true;
554 }
555
556 } // namespace keystore
557