1 /*
2 * Copyright 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <keymaster/soft_keymaster_context.h>
18
19 #include <memory>
20 #include <time.h>
21
22 #include <openssl/aes.h>
23 #include <openssl/hmac.h>
24 #include <openssl/rand.h>
25 #include <openssl/sha.h>
26
27 #include <keymaster/android_keymaster_utils.h>
28 #include <keymaster/logger.h>
29
30 #include "aes_key.h"
31 #include "auth_encrypted_key_blob.h"
32 #include "ec_keymaster0_key.h"
33 #include "ec_keymaster1_key.h"
34 #include "hmac_key.h"
35 #include "integrity_assured_key_blob.h"
36 #include "keymaster0_engine.h"
37 #include "ocb_utils.h"
38 #include "openssl_err.h"
39 #include "rsa_keymaster0_key.h"
40 #include "rsa_keymaster1_key.h"
41
42 using std::unique_ptr;
43
44 namespace keymaster {
45
46 namespace {
47 static uint8_t master_key_bytes[AES_BLOCK_SIZE] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
48 const KeymasterKeyBlob MASTER_KEY(master_key_bytes, array_length(master_key_bytes));
49
50 static uint8_t kRsaAttestKey[] = {
51 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xc0, 0x83, 0x23, 0xdc, 0x56,
52 0x88, 0x1b, 0xb8, 0x30, 0x20, 0x69, 0xf5, 0xb0, 0x85, 0x61, 0xc6, 0xee, 0xbe, 0x7f, 0x05, 0xe2,
53 0xf5, 0xa8, 0x42, 0x04, 0x8a, 0xbe, 0x8b, 0x47, 0xbe, 0x76, 0xfe, 0xae, 0xf2, 0x5c, 0xf2, 0x9b,
54 0x2a, 0xfa, 0x32, 0x00, 0x14, 0x16, 0x01, 0x42, 0x99, 0x89, 0xa1, 0x5f, 0xcf, 0xc6, 0x81, 0x5e,
55 0xb3, 0x63, 0x58, 0x3c, 0x2f, 0xd2, 0xf2, 0x0b, 0xe4, 0x98, 0x32, 0x83, 0xdd, 0x81, 0x4b, 0x16,
56 0xd7, 0xe1, 0x85, 0x41, 0x7a, 0xe5, 0x4a, 0xbc, 0x29, 0x6a, 0x3a, 0x6d, 0xb5, 0xc0, 0x04, 0x08,
57 0x3b, 0x68, 0xc5, 0x56, 0xc1, 0xf0, 0x23, 0x39, 0x91, 0x64, 0x19, 0x86, 0x4d, 0x50, 0xb7, 0x4d,
58 0x40, 0xae, 0xca, 0x48, 0x4c, 0x77, 0x35, 0x6c, 0x89, 0x5a, 0x0c, 0x27, 0x5a, 0xbf, 0xac, 0x49,
59 0x9d, 0x5d, 0x7d, 0x23, 0x62, 0xf2, 0x9c, 0x5e, 0x02, 0xe8, 0x71, 0x02, 0x03, 0x01, 0x00, 0x01,
60 0x02, 0x81, 0x81, 0x00, 0xbe, 0x86, 0x0b, 0x0b, 0x99, 0xa8, 0x02, 0xa6, 0xfb, 0x1a, 0x59, 0x43,
61 0x8a, 0x7b, 0xb7, 0x15, 0x06, 0x5b, 0x09, 0xa3, 0x6d, 0xc6, 0xe9, 0xca, 0xcc, 0x6b, 0xf3, 0xc0,
62 0x2c, 0x34, 0xd7, 0xd7, 0x9e, 0x94, 0xc6, 0x60, 0x64, 0x28, 0xd8, 0x8c, 0x7b, 0x7f, 0x65, 0x77,
63 0xc1, 0xcd, 0xea, 0x64, 0x07, 0x4a, 0xbe, 0x8e, 0x72, 0x86, 0xdf, 0x1f, 0x08, 0x11, 0xdc, 0x97,
64 0x28, 0x26, 0x08, 0x68, 0xde, 0x95, 0xd3, 0x2e, 0xfc, 0x96, 0xb6, 0xd0, 0x84, 0xff, 0x27, 0x1a,
65 0x5f, 0x60, 0xde, 0xfc, 0xc7, 0x03, 0xe7, 0xa3, 0x8e, 0x6e, 0x29, 0xba, 0x9a, 0x3c, 0x5f, 0xc2,
66 0xc2, 0x80, 0x76, 0xb6, 0xa8, 0x96, 0xaf, 0x1d, 0x34, 0xd7, 0x88, 0x28, 0xce, 0x9b, 0xdd, 0xb1,
67 0xf3, 0x4f, 0x9c, 0x94, 0x04, 0x43, 0x07, 0x81, 0x29, 0x8e, 0x20, 0x13, 0x16, 0x72, 0x5b, 0xbd,
68 0xbc, 0x99, 0x3a, 0x41, 0x02, 0x41, 0x00, 0xe1, 0xc6, 0xd9, 0x27, 0x64, 0x6c, 0x09, 0x16, 0xec,
69 0x36, 0x82, 0x6d, 0x59, 0x49, 0x83, 0x74, 0x0c, 0x21, 0xf1, 0xb0, 0x74, 0xc4, 0xa1, 0xa5, 0x98,
70 0x67, 0xc6, 0x69, 0x79, 0x5c, 0x85, 0xd3, 0xdc, 0x46, 0x4c, 0x5b, 0x92, 0x9e, 0x94, 0xbf, 0xb3,
71 0x4e, 0x0d, 0xcc, 0x50, 0x14, 0xb1, 0x0f, 0x13, 0x34, 0x1a, 0xb7, 0xfd, 0xd5, 0xf6, 0x04, 0x14,
72 0xd2, 0xa3, 0x26, 0xca, 0xd4, 0x1c, 0xc5, 0x02, 0x41, 0x00, 0xda, 0x48, 0x59, 0x97, 0x78, 0x5c,
73 0xd5, 0x63, 0x0f, 0xb0, 0xfd, 0x8c, 0x52, 0x54, 0xf9, 0x8e, 0x53, 0x8e, 0x18, 0x98, 0x3a, 0xae,
74 0x9e, 0x6b, 0x7e, 0x6a, 0x5a, 0x7b, 0x5d, 0x34, 0x37, 0x55, 0xb9, 0x21, 0x8e, 0xbd, 0x40, 0x32,
75 0x0d, 0x28, 0x38, 0x7d, 0x78, 0x9f, 0x76, 0xfa, 0x21, 0x8b, 0xcc, 0x2d, 0x8b, 0x68, 0xa5, 0xf6,
76 0x41, 0x8f, 0xbb, 0xec, 0xa5, 0x17, 0x9a, 0xb3, 0xaf, 0xbd, 0x02, 0x40, 0x50, 0xfe, 0xfc, 0x32,
77 0x64, 0x95, 0x59, 0x61, 0x6e, 0xd6, 0x53, 0x4e, 0x15, 0x45, 0x09, 0x32, 0x9d, 0x93, 0xa3, 0xd8,
78 0x10, 0xdb, 0xe5, 0xbd, 0xb9, 0x82, 0x29, 0x2c, 0xf7, 0x8b, 0xd8, 0xba, 0xdb, 0x80, 0x20, 0xae,
79 0x8d, 0x57, 0xf4, 0xb7, 0x1d, 0x05, 0x38, 0x6f, 0xfe, 0x9e, 0x9d, 0xb2, 0x71, 0xca, 0x34, 0x77,
80 0xa3, 0x49, 0x99, 0xdb, 0x76, 0xf8, 0xe5, 0xec, 0xe9, 0xc0, 0xd4, 0x9d, 0x02, 0x40, 0x15, 0xb7,
81 0x4c, 0xf2, 0x7c, 0xce, 0xff, 0x8b, 0xb3, 0x6b, 0xf0, 0x4d, 0x9d, 0x83, 0x46, 0xb0, 0x9a, 0x2f,
82 0x70, 0xd2, 0xf4, 0x43, 0x9b, 0x0f, 0x26, 0xac, 0x7e, 0x03, 0xf7, 0xe9, 0xd1, 0xf7, 0x7d, 0x4b,
83 0x91, 0x5f, 0xd2, 0x9b, 0x28, 0x23, 0xf0, 0x3a, 0xcb, 0x5d, 0x52, 0x00, 0xe0, 0x85, 0x7f, 0xf2,
84 0xa8, 0x03, 0xe9, 0x3e, 0xee, 0x96, 0xd6, 0x23, 0x5c, 0xe9, 0x54, 0x42, 0xbc, 0x21, 0x02, 0x41,
85 0x00, 0x90, 0xa7, 0x45, 0xda, 0x89, 0x70, 0xb2, 0xcd, 0x64, 0x96, 0x60, 0x32, 0x42, 0x28, 0xc5,
86 0xf8, 0x28, 0x56, 0xff, 0xd6, 0x65, 0xba, 0x9a, 0x85, 0xc8, 0xd6, 0x0f, 0x1b, 0x8b, 0xee, 0x71,
87 0x7e, 0xcd, 0x2c, 0x72, 0xea, 0xe0, 0x1d, 0xad, 0x86, 0xba, 0x76, 0x54, 0xd4, 0xcf, 0x45, 0xad,
88 0xb5, 0xf1, 0xf2, 0xb3, 0x1d, 0x9f, 0x81, 0x22, 0xcf, 0xa5, 0xf1, 0xa5, 0x57, 0x0f, 0x9b, 0x2d,
89 0x25,
90 };
91
92 static uint8_t kRsaAttestCert[] = {
93 0x30, 0x82, 0x02, 0xb6, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x10,
94 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
95 0x30, 0x63, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
96 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
97 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
98 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13,
99 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49,
100 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e,
101 0x64, 0x72, 0x6f, 0x69, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, 0x30, 0x34, 0x31,
102 0x32, 0x34, 0x30, 0x35, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x35, 0x31, 0x32, 0x33, 0x30, 0x31, 0x32,
103 0x34, 0x30, 0x35, 0x33, 0x5a, 0x30, 0x76, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
104 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43,
105 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55,
106 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
107 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f,
108 0x69, 0x64, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x41, 0x6e, 0x64,
109 0x72, 0x6f, 0x69, 0x64, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74,
110 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x4b, 0x65, 0x79, 0x30, 0x81, 0x9f,
111 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
112 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc0, 0x83, 0x23, 0xdc, 0x56, 0x88,
113 0x1b, 0xb8, 0x30, 0x20, 0x69, 0xf5, 0xb0, 0x85, 0x61, 0xc6, 0xee, 0xbe, 0x7f, 0x05, 0xe2, 0xf5,
114 0xa8, 0x42, 0x04, 0x8a, 0xbe, 0x8b, 0x47, 0xbe, 0x76, 0xfe, 0xae, 0xf2, 0x5c, 0xf2, 0x9b, 0x2a,
115 0xfa, 0x32, 0x00, 0x14, 0x16, 0x01, 0x42, 0x99, 0x89, 0xa1, 0x5f, 0xcf, 0xc6, 0x81, 0x5e, 0xb3,
116 0x63, 0x58, 0x3c, 0x2f, 0xd2, 0xf2, 0x0b, 0xe4, 0x98, 0x32, 0x83, 0xdd, 0x81, 0x4b, 0x16, 0xd7,
117 0xe1, 0x85, 0x41, 0x7a, 0xe5, 0x4a, 0xbc, 0x29, 0x6a, 0x3a, 0x6d, 0xb5, 0xc0, 0x04, 0x08, 0x3b,
118 0x68, 0xc5, 0x56, 0xc1, 0xf0, 0x23, 0x39, 0x91, 0x64, 0x19, 0x86, 0x4d, 0x50, 0xb7, 0x4d, 0x40,
119 0xae, 0xca, 0x48, 0x4c, 0x77, 0x35, 0x6c, 0x89, 0x5a, 0x0c, 0x27, 0x5a, 0xbf, 0xac, 0x49, 0x9d,
120 0x5d, 0x7d, 0x23, 0x62, 0xf2, 0x9c, 0x5e, 0x02, 0xe8, 0x71, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
121 0x66, 0x30, 0x64, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd4, 0x0c,
122 0x10, 0x1b, 0xf8, 0xcd, 0x63, 0xb9, 0xf7, 0x39, 0x52, 0xb5, 0x0e, 0x13, 0x5c, 0xa6, 0xd7, 0x99,
123 0x93, 0x86, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x29,
124 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6, 0xb0, 0xe9, 0x32, 0xe5,
125 0x07, 0xfe, 0x2e, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30,
126 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01,
127 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
128 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x9e, 0x2d, 0x48, 0x5f, 0x8c, 0x67,
129 0x33, 0xdc, 0x1a, 0x85, 0xad, 0x99, 0xd7, 0x50, 0x23, 0xea, 0x14, 0xec, 0x43, 0xb0, 0xe1, 0x9d,
130 0xea, 0xc2, 0x23, 0x46, 0x1e, 0x72, 0xb5, 0x19, 0xdc, 0x60, 0x22, 0xe4, 0xa5, 0x68, 0x31, 0x6c,
131 0x0b, 0x55, 0xc4, 0xe6, 0x9c, 0xa2, 0x2d, 0x9f, 0x3a, 0x4f, 0x93, 0x6b, 0x31, 0x8b, 0x16, 0x78,
132 0x16, 0x0d, 0x88, 0xcb, 0xd9, 0x8b, 0xcc, 0x80, 0x9d, 0x84, 0xf0, 0xc2, 0x27, 0xe3, 0x6b, 0x38,
133 0xf1, 0xfd, 0xd1, 0xe7, 0x17, 0x72, 0x31, 0x59, 0x35, 0x7d, 0x96, 0xf3, 0xc5, 0x7f, 0xab, 0x9d,
134 0x8f, 0x96, 0x61, 0x26, 0x4f, 0xb2, 0xbe, 0x81, 0xbb, 0x0d, 0x49, 0x04, 0x22, 0x8a, 0xce, 0x9f,
135 0xf7, 0xf5, 0x42, 0x2e, 0x25, 0x44, 0xfa, 0x21, 0x07, 0x12, 0x5a, 0x83, 0xb5, 0x55, 0xad, 0x18,
136 0x82, 0xf8, 0x40, 0x14, 0x9b, 0x9c, 0x20, 0x63, 0x04, 0x7f,
137 };
138
139 static uint8_t kRsaAttestRootCert[] = {
140 0x30, 0x82, 0x02, 0xa7, 0x30, 0x82, 0x02, 0x10, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
141 0xff, 0x94, 0xd9, 0xdd, 0x9f, 0x07, 0xc8, 0x0c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
142 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x63, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
143 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
144 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06,
145 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56,
146 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f,
147 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
148 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x30, 0x1e, 0x17, 0x0d,
149 0x31, 0x36, 0x30, 0x31, 0x30, 0x34, 0x31, 0x32, 0x33, 0x31, 0x30, 0x38, 0x5a, 0x17, 0x0d, 0x33,
150 0x35, 0x31, 0x32, 0x33, 0x30, 0x31, 0x32, 0x33, 0x31, 0x30, 0x38, 0x5a, 0x30, 0x63, 0x31, 0x0b,
151 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
152 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61,
153 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74,
154 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04,
155 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31,
156 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69,
157 0x64, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
158 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa2, 0x6b,
159 0xad, 0xeb, 0x6e, 0x2e, 0x44, 0x61, 0xef, 0xd5, 0x0e, 0x82, 0xe6, 0xb7, 0x94, 0xd1, 0x75, 0x23,
160 0x1f, 0x77, 0x9b, 0x63, 0x91, 0x63, 0xff, 0xf7, 0xaa, 0xff, 0x0b, 0x72, 0x47, 0x4e, 0xc0, 0x2c,
161 0x43, 0xec, 0x33, 0x7c, 0xd7, 0xac, 0xed, 0x40, 0x3e, 0x8c, 0x28, 0xa0, 0x66, 0xd5, 0xf7, 0x87,
162 0x0b, 0x33, 0x97, 0xde, 0x0e, 0xb8, 0x4e, 0x13, 0x40, 0xab, 0xaf, 0xa5, 0x27, 0xbf, 0x95, 0x69,
163 0xa0, 0x31, 0xdb, 0x06, 0x52, 0x65, 0xf8, 0x44, 0x59, 0x57, 0x61, 0xf0, 0xbb, 0xf2, 0x17, 0x4b,
164 0xb7, 0x41, 0x80, 0x64, 0xc0, 0x28, 0x0e, 0x8f, 0x52, 0x77, 0x8e, 0xdb, 0xd2, 0x47, 0xb6, 0x45,
165 0xe9, 0x19, 0xc8, 0xe9, 0x8b, 0xc3, 0xdb, 0xc2, 0x91, 0x3f, 0xd7, 0xd7, 0x50, 0xc4, 0x1d, 0x35,
166 0x66, 0xf9, 0x57, 0xe4, 0x97, 0x96, 0x0b, 0x09, 0xac, 0xce, 0x92, 0x35, 0x85, 0x9b, 0x02, 0x03,
167 0x01, 0x00, 0x01, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
168 0x04, 0x14, 0x29, 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6, 0xb0,
169 0xe9, 0x32, 0xe5, 0x07, 0xfe, 0x2e, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
170 0x16, 0x80, 0x14, 0x29, 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6,
171 0xb0, 0xe9, 0x32, 0xe5, 0x07, 0xfe, 0x2e, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01,
172 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
173 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
174 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x4f, 0x72, 0xf3, 0x36, 0x59,
175 0x8d, 0x0e, 0xc1, 0xb9, 0x74, 0x5b, 0x31, 0x59, 0xf6, 0xf0, 0x8d, 0x25, 0x49, 0x30, 0x9e, 0xa3,
176 0x1c, 0x1c, 0x29, 0xd2, 0x45, 0x2d, 0x20, 0xb9, 0x4d, 0x5f, 0x64, 0xb4, 0xe8, 0x80, 0xc7, 0x78,
177 0x7a, 0x9c, 0x39, 0xde, 0xa8, 0xb3, 0xf5, 0xbf, 0x2f, 0x70, 0x5f, 0x47, 0x10, 0x5c, 0xc5, 0xe6,
178 0xeb, 0x4d, 0x06, 0x99, 0x61, 0xd2, 0xae, 0x9a, 0x07, 0xff, 0xf7, 0x7c, 0xb8, 0xab, 0xeb, 0x9c,
179 0x0f, 0x24, 0x07, 0x5e, 0xb1, 0x7f, 0xba, 0x79, 0x71, 0xfd, 0x4d, 0x5b, 0x9e, 0xdf, 0x14, 0xa9,
180 0xfe, 0xdf, 0xed, 0x7c, 0xc0, 0x88, 0x5d, 0xf8, 0xdd, 0x9b, 0x64, 0x32, 0x56, 0xd5, 0x35, 0x9a,
181 0xe2, 0x13, 0xf9, 0x8f, 0xce, 0xc1, 0x7c, 0xdc, 0xef, 0xa4, 0xaa, 0xb2, 0x55, 0xc3, 0x83, 0xa9,
182 0x2e, 0xfb, 0x5c, 0xf6, 0x62, 0xf5, 0x27, 0x52, 0x17, 0xbe, 0x63,
183 };
184
185 static uint8_t kEcAttestKey[] = {
186 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x21, 0xe0, 0x86, 0x43, 0x2a, 0x15, 0x19, 0x84, 0x59,
187 0xcf, 0x36, 0x3a, 0x50, 0xfc, 0x14, 0xc9, 0xda, 0xad, 0xf9, 0x35, 0xf5, 0x27, 0xc2, 0xdf, 0xd7,
188 0x1e, 0x4d, 0x6d, 0xbc, 0x42, 0xe5, 0x44, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
189 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xeb, 0x9e, 0x79, 0xf8, 0x42, 0x63, 0x59,
190 0xac, 0xcb, 0x2a, 0x91, 0x4c, 0x89, 0x86, 0xcc, 0x70, 0xad, 0x90, 0x66, 0x93, 0x82, 0xa9, 0x73,
191 0x26, 0x13, 0xfe, 0xac, 0xcb, 0xf8, 0x21, 0x27, 0x4c, 0x21, 0x74, 0x97, 0x4a, 0x2a, 0xfe, 0xa5,
192 0xb9, 0x4d, 0x7f, 0x66, 0xd4, 0xe0, 0x65, 0x10, 0x66, 0x35, 0xbc, 0x53, 0xb7, 0xa0, 0xa3, 0xa6,
193 0x71, 0x58, 0x3e, 0xdb, 0x3e, 0x11, 0xae, 0x10, 0x14,
194 };
195
196 static uint8_t kEcAttestCert[] = {
197 0x30, 0x82, 0x02, 0x78, 0x30, 0x82, 0x02, 0x1e, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x10,
198 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81, 0x98,
199 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
200 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e,
201 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75,
202 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
203 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63,
204 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72,
205 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2a, 0x41, 0x6e,
206 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x53,
207 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74,
208 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31,
209 0x31, 0x31, 0x30, 0x30, 0x34, 0x36, 0x30, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x30, 0x31, 0x30,
210 0x38, 0x30, 0x30, 0x34, 0x36, 0x30, 0x39, 0x5a, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06,
211 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
212 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x15, 0x30,
213 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20,
214 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41,
215 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x3b, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
216 0x32, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72,
217 0x65, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73,
218 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69,
219 0x61, 0x74, 0x65, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
220 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xeb, 0x9e,
221 0x79, 0xf8, 0x42, 0x63, 0x59, 0xac, 0xcb, 0x2a, 0x91, 0x4c, 0x89, 0x86, 0xcc, 0x70, 0xad, 0x90,
222 0x66, 0x93, 0x82, 0xa9, 0x73, 0x26, 0x13, 0xfe, 0xac, 0xcb, 0xf8, 0x21, 0x27, 0x4c, 0x21, 0x74,
223 0x97, 0x4a, 0x2a, 0xfe, 0xa5, 0xb9, 0x4d, 0x7f, 0x66, 0xd4, 0xe0, 0x65, 0x10, 0x66, 0x35, 0xbc,
224 0x53, 0xb7, 0xa0, 0xa3, 0xa6, 0x71, 0x58, 0x3e, 0xdb, 0x3e, 0x11, 0xae, 0x10, 0x14, 0xa3, 0x66,
225 0x30, 0x64, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3f, 0xfc, 0xac,
226 0xd6, 0x1a, 0xb1, 0x3a, 0x9e, 0x81, 0x20, 0xb8, 0xd5, 0x25, 0x1c, 0xc5, 0x65, 0xbb, 0x1e, 0x91,
227 0xa9, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xc8, 0xad,
228 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16, 0x10, 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a,
229 0x30, 0xcf, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06,
230 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff,
231 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04,
232 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x4b, 0x8a, 0x9b, 0x7b, 0xee, 0x82, 0xbc,
233 0xc0, 0x33, 0x87, 0xae, 0x2f, 0xc0, 0x89, 0x98, 0xb4, 0xdd, 0xc3, 0x8d, 0xab, 0x27, 0x2a, 0x45,
234 0x9f, 0x69, 0x0c, 0xc7, 0xc3, 0x92, 0xd4, 0x0f, 0x8e, 0x02, 0x21, 0x00, 0xee, 0xda, 0x01, 0x5d,
235 0xb6, 0xf4, 0x32, 0xe9, 0xd4, 0x84, 0x3b, 0x62, 0x4c, 0x94, 0x04, 0xef, 0x3a, 0x7c, 0xcc, 0xbd,
236 0x5e, 0xfb, 0x22, 0xbb, 0xe7, 0xfe, 0xb9, 0x77, 0x3f, 0x59, 0x3f, 0xfb,
237 };
238
239 static uint8_t kEcAttestRootCert[] = {
240 0x30, 0x82, 0x02, 0x8b, 0x30, 0x82, 0x02, 0x32, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
241 0xa2, 0x05, 0x9e, 0xd1, 0x0e, 0x43, 0x5b, 0x57, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,
242 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81, 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
243 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43,
244 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55,
245 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65,
246 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67,
247 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
248 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03,
249 0x55, 0x04, 0x03, 0x0c, 0x2a, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79,
250 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41,
251 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30,
252 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, 0x31, 0x31, 0x30, 0x30, 0x34, 0x33, 0x35, 0x30, 0x5a,
253 0x17, 0x0d, 0x33, 0x36, 0x30, 0x31, 0x30, 0x36, 0x30, 0x30, 0x34, 0x33, 0x35, 0x30, 0x5a, 0x30,
254 0x81, 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
255 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
256 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
257 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13,
258 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49,
259 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e,
260 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2a,
261 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65,
262 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74,
263 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
264 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01,
265 0x07, 0x03, 0x42, 0x00, 0x04, 0xee, 0x5d, 0x5e, 0xc7, 0xe1, 0xc0, 0xdb, 0x6d, 0x03, 0xa6, 0x7e,
266 0xe6, 0xb6, 0x1b, 0xec, 0x4d, 0x6a, 0x5d, 0x6a, 0x68, 0x2e, 0x0f, 0xff, 0x7f, 0x49, 0x0e, 0x7d,
267 0x77, 0x1f, 0x44, 0x22, 0x6d, 0xbd, 0xb1, 0xaf, 0xfa, 0x16, 0xcb, 0xc7, 0xad, 0xc5, 0x77, 0xd2,
268 0x56, 0x9c, 0xaa, 0xb7, 0xb0, 0x2d, 0x54, 0x01, 0x5d, 0x3e, 0x43, 0x2b, 0x2a, 0x8e, 0xd7, 0x4e,
269 0xec, 0x48, 0x75, 0x41, 0xa4, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
270 0x04, 0x16, 0x04, 0x14, 0xc8, 0xad, 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16, 0x10,
271 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a, 0x30, 0xcf, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
272 0x18, 0x30, 0x16, 0x80, 0x14, 0xc8, 0xad, 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16,
273 0x10, 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a, 0x30, 0xcf, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13,
274 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d,
275 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86,
276 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x35, 0x21, 0xa3,
277 0xef, 0x8b, 0x34, 0x46, 0x1e, 0x9c, 0xd5, 0x60, 0xf3, 0x1d, 0x58, 0x89, 0x20, 0x6a, 0xdc, 0xa3,
278 0x65, 0x41, 0xf6, 0x0d, 0x9e, 0xce, 0x8a, 0x19, 0x8c, 0x66, 0x48, 0x60, 0x7b, 0x02, 0x20, 0x4d,
279 0x0b, 0xf3, 0x51, 0xd9, 0x30, 0x7c, 0x7d, 0x5b, 0xda, 0x35, 0x34, 0x1d, 0xa8, 0x47, 0x1b, 0x63,
280 0xa5, 0x85, 0x65, 0x3c, 0xad, 0x4f, 0x24, 0xa7, 0xe7, 0x4d, 0xaf, 0x41, 0x7d, 0xf1, 0xbf,
281 };
282
283 size_t kCertificateChainLength = 2;
284
UpgradeIntegerTag(keymaster_tag_t tag,uint32_t value,AuthorizationSet * set,bool * set_changed)285 bool UpgradeIntegerTag(keymaster_tag_t tag, uint32_t value, AuthorizationSet* set,
286 bool* set_changed) {
287 int index = set->find(tag);
288 if (index == -1) {
289 keymaster_key_param_t param;
290 param.tag = tag;
291 param.integer = value;
292 set->push_back(param);
293 *set_changed = true;
294 return true;
295 }
296
297 if (set->params[index].integer > value)
298 return false;
299
300 if (set->params[index].integer != value) {
301 set->params[index].integer = value;
302 *set_changed = true;
303 }
304 return true;
305 }
306
307 } // anonymous namespace
308
SoftKeymasterContext(const std::string & root_of_trust)309 SoftKeymasterContext::SoftKeymasterContext(const std::string& root_of_trust)
310 : rsa_factory_(new RsaKeyFactory(this)), ec_factory_(new EcKeyFactory(this)),
311 aes_factory_(new AesKeyFactory(this)), hmac_factory_(new HmacKeyFactory(this)),
312 km1_dev_(nullptr), root_of_trust_(root_of_trust), os_version_(0), os_patchlevel_(0) {}
313
~SoftKeymasterContext()314 SoftKeymasterContext::~SoftKeymasterContext() {}
315
SetHardwareDevice(keymaster0_device_t * keymaster0_device)316 keymaster_error_t SoftKeymasterContext::SetHardwareDevice(keymaster0_device_t* keymaster0_device) {
317 if (!keymaster0_device)
318 return KM_ERROR_UNEXPECTED_NULL_POINTER;
319
320 if ((keymaster0_device->flags & KEYMASTER_SOFTWARE_ONLY) != 0) {
321 LOG_E("SoftKeymasterContext only wraps hardware keymaster0 devices", 0);
322 return KM_ERROR_INVALID_ARGUMENT;
323 }
324
325 km0_engine_.reset(new Keymaster0Engine(keymaster0_device));
326 rsa_factory_.reset(new RsaKeymaster0KeyFactory(this, km0_engine_.get()));
327 ec_factory_.reset(new EcdsaKeymaster0KeyFactory(this, km0_engine_.get()));
328 // Keep AES and HMAC factories.
329
330 return KM_ERROR_OK;
331 }
332
SetHardwareDevice(keymaster1_device_t * keymaster1_device)333 keymaster_error_t SoftKeymasterContext::SetHardwareDevice(keymaster1_device_t* keymaster1_device) {
334 if (!keymaster1_device)
335 return KM_ERROR_UNEXPECTED_NULL_POINTER;
336
337 km1_dev_ = keymaster1_device;
338
339 km1_engine_.reset(new Keymaster1Engine(keymaster1_device));
340 rsa_factory_.reset(new RsaKeymaster1KeyFactory(this, km1_engine_.get()));
341 ec_factory_.reset(new EcdsaKeymaster1KeyFactory(this, km1_engine_.get()));
342
343 // All AES and HMAC operations should be passed directly to the keymaster1 device. Explicitly
344 // do not handle them, to provoke errors in case the higher layers fail to send them to the
345 // device.
346 aes_factory_.reset(nullptr);
347 hmac_factory_.reset(nullptr);
348
349 return KM_ERROR_OK;
350 }
351
SetSystemVersion(uint32_t os_version,uint32_t os_patchlevel)352 keymaster_error_t SoftKeymasterContext::SetSystemVersion(uint32_t os_version,
353 uint32_t os_patchlevel) {
354 os_version_ = os_version;
355 os_patchlevel_ = os_patchlevel;
356 return KM_ERROR_OK;
357 }
358
GetSystemVersion(uint32_t * os_version,uint32_t * os_patchlevel) const359 void SoftKeymasterContext::GetSystemVersion(uint32_t* os_version, uint32_t* os_patchlevel) const {
360 *os_version = os_version_;
361 *os_patchlevel = os_patchlevel_;
362 }
363
GetKeyFactory(keymaster_algorithm_t algorithm) const364 KeyFactory* SoftKeymasterContext::GetKeyFactory(keymaster_algorithm_t algorithm) const {
365 switch (algorithm) {
366 case KM_ALGORITHM_RSA:
367 return rsa_factory_.get();
368 case KM_ALGORITHM_EC:
369 return ec_factory_.get();
370 case KM_ALGORITHM_AES:
371 return aes_factory_.get();
372 case KM_ALGORITHM_HMAC:
373 return hmac_factory_.get();
374 default:
375 return nullptr;
376 }
377 }
378
379 static keymaster_algorithm_t supported_algorithms[] = {KM_ALGORITHM_RSA, KM_ALGORITHM_EC,
380 KM_ALGORITHM_AES, KM_ALGORITHM_HMAC};
381
382 keymaster_algorithm_t*
GetSupportedAlgorithms(size_t * algorithms_count) const383 SoftKeymasterContext::GetSupportedAlgorithms(size_t* algorithms_count) const {
384 *algorithms_count = array_length(supported_algorithms);
385 return supported_algorithms;
386 }
387
GetOperationFactory(keymaster_algorithm_t algorithm,keymaster_purpose_t purpose) const388 OperationFactory* SoftKeymasterContext::GetOperationFactory(keymaster_algorithm_t algorithm,
389 keymaster_purpose_t purpose) const {
390 KeyFactory* key_factory = GetKeyFactory(algorithm);
391 if (!key_factory)
392 return nullptr;
393 return key_factory->GetOperationFactory(purpose);
394 }
395
TranslateAuthorizationSetError(AuthorizationSet::Error err)396 static keymaster_error_t TranslateAuthorizationSetError(AuthorizationSet::Error err) {
397 switch (err) {
398 case AuthorizationSet::OK:
399 return KM_ERROR_OK;
400 case AuthorizationSet::ALLOCATION_FAILURE:
401 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
402 case AuthorizationSet::MALFORMED_DATA:
403 return KM_ERROR_UNKNOWN_ERROR;
404 }
405 return KM_ERROR_OK;
406 }
407
SetAuthorizations(const AuthorizationSet & key_description,keymaster_key_origin_t origin,uint32_t os_version,uint32_t os_patchlevel,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced)408 static keymaster_error_t SetAuthorizations(const AuthorizationSet& key_description,
409 keymaster_key_origin_t origin, uint32_t os_version,
410 uint32_t os_patchlevel, AuthorizationSet* hw_enforced,
411 AuthorizationSet* sw_enforced) {
412 sw_enforced->Clear();
413
414 for (auto& entry : key_description) {
415 switch (entry.tag) {
416 // These cannot be specified by the client.
417 case KM_TAG_ROOT_OF_TRUST:
418 case KM_TAG_ORIGIN:
419 LOG_E("Root of trust and origin tags may not be specified", 0);
420 return KM_ERROR_INVALID_TAG;
421
422 // These don't work.
423 case KM_TAG_ROLLBACK_RESISTANT:
424 LOG_E("KM_TAG_ROLLBACK_RESISTANT not supported", 0);
425 return KM_ERROR_UNSUPPORTED_TAG;
426
427 // These are hidden.
428 case KM_TAG_APPLICATION_ID:
429 case KM_TAG_APPLICATION_DATA:
430 break;
431
432 // Everything else we just copy into sw_enforced, unless the KeyFactory has placed it in
433 // hw_enforced, in which case we defer to its decision.
434 default:
435 if (hw_enforced->GetTagCount(entry.tag) == 0)
436 sw_enforced->push_back(entry);
437 break;
438 }
439 }
440
441 sw_enforced->push_back(TAG_CREATION_DATETIME, java_time(time(NULL)));
442 sw_enforced->push_back(TAG_ORIGIN, origin);
443 sw_enforced->push_back(TAG_OS_VERSION, os_version);
444 sw_enforced->push_back(TAG_OS_PATCHLEVEL, os_patchlevel);
445
446 return TranslateAuthorizationSetError(sw_enforced->is_valid());
447 }
448
CreateKeyBlob(const AuthorizationSet & key_description,const keymaster_key_origin_t origin,const KeymasterKeyBlob & key_material,KeymasterKeyBlob * blob,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const449 keymaster_error_t SoftKeymasterContext::CreateKeyBlob(const AuthorizationSet& key_description,
450 const keymaster_key_origin_t origin,
451 const KeymasterKeyBlob& key_material,
452 KeymasterKeyBlob* blob,
453 AuthorizationSet* hw_enforced,
454 AuthorizationSet* sw_enforced) const {
455 keymaster_error_t error = SetAuthorizations(key_description, origin, os_version_,
456 os_patchlevel_, hw_enforced, sw_enforced);
457 if (error != KM_ERROR_OK)
458 return error;
459
460 AuthorizationSet hidden;
461 error = BuildHiddenAuthorizations(key_description, &hidden);
462 if (error != KM_ERROR_OK)
463 return error;
464
465 return SerializeIntegrityAssuredBlob(key_material, hidden, *hw_enforced, *sw_enforced, blob);
466 }
467
UpgradeKeyBlob(const KeymasterKeyBlob & key_to_upgrade,const AuthorizationSet & upgrade_params,KeymasterKeyBlob * upgraded_key) const468 keymaster_error_t SoftKeymasterContext::UpgradeKeyBlob(const KeymasterKeyBlob& key_to_upgrade,
469 const AuthorizationSet& upgrade_params,
470 KeymasterKeyBlob* upgraded_key) const {
471 KeymasterKeyBlob key_material;
472 AuthorizationSet tee_enforced;
473 AuthorizationSet sw_enforced;
474 keymaster_error_t error =
475 ParseKeyBlob(key_to_upgrade, upgrade_params, &key_material, &tee_enforced, &sw_enforced);
476 if (error != KM_ERROR_OK)
477 return error;
478
479 // Three cases here:
480 //
481 // 1. Software key blob. Version info, if present, is in sw_enforced. If not present, we
482 // should add it.
483 //
484 // 2. Keymaster0 hardware key blob. Version info, if present, is in sw_enforced. If not
485 // present we should add it.
486 //
487 // 3. Keymaster1 hardware key blob. Version info is not present and we shouldn't have been
488 // asked to upgrade.
489
490 // Handle case 3.
491 if (km1_dev_ && tee_enforced.Contains(TAG_PURPOSE) && !tee_enforced.Contains(TAG_OS_PATCHLEVEL))
492 return KM_ERROR_INVALID_ARGUMENT;
493
494 // Handle cases 1 & 2.
495 bool set_changed = false;
496 if (!UpgradeIntegerTag(TAG_OS_VERSION, os_version_, &sw_enforced, &set_changed) ||
497 !UpgradeIntegerTag(TAG_OS_PATCHLEVEL, os_patchlevel_, &sw_enforced, &set_changed))
498 // One of the version fields would have been a downgrade. Not allowed.
499 return KM_ERROR_INVALID_ARGUMENT;
500
501 if (!set_changed)
502 // Dont' need an upgrade.
503 return KM_ERROR_OK;
504
505 AuthorizationSet hidden;
506 error = BuildHiddenAuthorizations(upgrade_params, &hidden);
507 if (error != KM_ERROR_OK)
508 return error;
509 return SerializeIntegrityAssuredBlob(key_material, hidden, tee_enforced, sw_enforced,
510 upgraded_key);
511 }
512
ParseOcbAuthEncryptedBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & hidden,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced)513 static keymaster_error_t ParseOcbAuthEncryptedBlob(const KeymasterKeyBlob& blob,
514 const AuthorizationSet& hidden,
515 KeymasterKeyBlob* key_material,
516 AuthorizationSet* hw_enforced,
517 AuthorizationSet* sw_enforced) {
518 Buffer nonce, tag;
519 KeymasterKeyBlob encrypted_key_material;
520 keymaster_error_t error = DeserializeAuthEncryptedBlob(blob, &encrypted_key_material,
521 hw_enforced, sw_enforced, &nonce, &tag);
522 if (error != KM_ERROR_OK)
523 return error;
524
525 if (nonce.available_read() != OCB_NONCE_LENGTH || tag.available_read() != OCB_TAG_LENGTH)
526 return KM_ERROR_INVALID_KEY_BLOB;
527
528 return OcbDecryptKey(*hw_enforced, *sw_enforced, hidden, MASTER_KEY, encrypted_key_material,
529 nonce, tag, key_material);
530 }
531
532 // Note: This parsing code in below is from system/security/softkeymaster/keymaster_openssl.cpp's
533 // unwrap_key function, modified for the preferred function signature and formatting. It does some
534 // odd things, but they have been left unchanged to avoid breaking compatibility.
535 static const uint8_t SOFT_KEY_MAGIC[] = {'P', 'K', '#', '8'};
ParseOldSoftkeymasterBlob(const KeymasterKeyBlob & blob,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const536 keymaster_error_t SoftKeymasterContext::ParseOldSoftkeymasterBlob(
537 const KeymasterKeyBlob& blob, KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced,
538 AuthorizationSet* sw_enforced) const {
539 long publicLen = 0;
540 long privateLen = 0;
541 const uint8_t* p = blob.key_material;
542 const uint8_t* end = blob.key_material + blob.key_material_size;
543
544 int type = 0;
545 ptrdiff_t min_size =
546 sizeof(SOFT_KEY_MAGIC) + sizeof(type) + sizeof(publicLen) + 1 + sizeof(privateLen) + 1;
547 if (end - p < min_size) {
548 LOG_W("key blob appears to be truncated (if an old SW key)", 0);
549 return KM_ERROR_INVALID_KEY_BLOB;
550 }
551
552 if (memcmp(p, SOFT_KEY_MAGIC, sizeof(SOFT_KEY_MAGIC)) != 0)
553 return KM_ERROR_INVALID_KEY_BLOB;
554 p += sizeof(SOFT_KEY_MAGIC);
555
556 for (size_t i = 0; i < sizeof(type); i++)
557 type = (type << 8) | *p++;
558
559 for (size_t i = 0; i < sizeof(type); i++)
560 publicLen = (publicLen << 8) | *p++;
561
562 if (p + publicLen > end) {
563 LOG_W("public key length encoding error: size=%ld, end=%td", publicLen, end - p);
564 return KM_ERROR_INVALID_KEY_BLOB;
565 }
566 p += publicLen;
567
568 if (end - p < 2) {
569 LOG_W("key blob appears to be truncated (if an old SW key)", 0);
570 return KM_ERROR_INVALID_KEY_BLOB;
571 }
572
573 for (size_t i = 0; i < sizeof(type); i++)
574 privateLen = (privateLen << 8) | *p++;
575
576 if (p + privateLen > end) {
577 LOG_W("private key length encoding error: size=%ld, end=%td", privateLen, end - p);
578 return KM_ERROR_INVALID_KEY_BLOB;
579 }
580
581 // Just to be sure, make sure that the ASN.1 structure parses correctly. We don't actually use
582 // the EVP_PKEY here.
583 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(EVP_PKEY_new());
584 if (pkey.get() == nullptr)
585 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
586
587 EVP_PKEY* tmp = pkey.get();
588 const uint8_t* key_start = p;
589 if (d2i_PrivateKey(type, &tmp, &p, privateLen) == NULL) {
590 LOG_W("Failed to parse PKCS#8 key material (if old SW key)", 0);
591 return KM_ERROR_INVALID_KEY_BLOB;
592 }
593
594 // All auths go into sw_enforced, including those that would be HW-enforced if we were faking
595 // auths for a HW-backed key.
596 hw_enforced->Clear();
597 keymaster_error_t error = FakeKeyAuthorizations(pkey.get(), sw_enforced, sw_enforced);
598 if (error != KM_ERROR_OK)
599 return error;
600
601 if (!key_material->Reset(privateLen))
602 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
603 memcpy(key_material->writable_data(), key_start, privateLen);
604
605 return KM_ERROR_OK;
606 }
607
ParseKeyBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & additional_params,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const608 keymaster_error_t SoftKeymasterContext::ParseKeyBlob(const KeymasterKeyBlob& blob,
609 const AuthorizationSet& additional_params,
610 KeymasterKeyBlob* key_material,
611 AuthorizationSet* hw_enforced,
612 AuthorizationSet* sw_enforced) const {
613 // This is a little bit complicated.
614 //
615 // The SoftKeymasterContext has to handle a lot of different kinds of key blobs.
616 //
617 // 1. New keymaster1 software key blobs. These are integrity-assured but not encrypted. The
618 // raw key material and auth sets should be extracted and returned. This is the kind
619 // produced by this context when the KeyFactory doesn't use keymaster0 to back the keys.
620 //
621 // 2. Old keymaster1 software key blobs. These are OCB-encrypted with an all-zero master key.
622 // They should be decrypted and the key material and auth sets extracted and returned.
623 //
624 // 3. Old keymaster0 software key blobs. These are raw key material with a small header tacked
625 // on the front. They don't have auth sets, so reasonable defaults are generated and
626 // returned along with the raw key material.
627 //
628 // 4. New keymaster0 hardware key blobs. These are integrity-assured but not encrypted (though
629 // they're protected by the keymaster0 hardware implementation). The keymaster0 key blob
630 // and auth sets should be extracted and returned.
631 //
632 // 5. Keymaster1 hardware key blobs. These are raw hardware key blobs. They contain auth
633 // sets, which we retrieve from the hardware module.
634 //
635 // 6. Old keymaster0 hardware key blobs. These are raw hardware key blobs. They don't have
636 // auth sets so reasonable defaults are generated and returned along with the key blob.
637 //
638 // Determining what kind of blob has arrived is somewhat tricky. What helps is that
639 // integrity-assured and OCB-encrypted blobs are self-consistent and effectively impossible to
640 // parse as anything else. Old keymaster0 software key blobs have a header. It's reasonably
641 // unlikely that hardware keys would have the same header. So anything that is neither
642 // integrity-assured nor OCB-encrypted and lacks the old software key header is assumed to be
643 // keymaster0 hardware.
644
645 AuthorizationSet hidden;
646 keymaster_error_t error = BuildHiddenAuthorizations(additional_params, &hidden);
647 if (error != KM_ERROR_OK)
648 return error;
649
650 // Assume it's an integrity-assured blob (new software-only blob, or new keymaster0-backed
651 // blob).
652 error = DeserializeIntegrityAssuredBlob(blob, hidden, key_material, hw_enforced, sw_enforced);
653 if (error != KM_ERROR_INVALID_KEY_BLOB)
654 return error;
655
656 // Wasn't an integrity-assured blob. Maybe it's an OCB-encrypted blob.
657 error = ParseOcbAuthEncryptedBlob(blob, hidden, key_material, hw_enforced, sw_enforced);
658 if (error == KM_ERROR_OK)
659 LOG_D("Parsed an old keymaster1 software key", 0);
660 if (error != KM_ERROR_INVALID_KEY_BLOB)
661 return error;
662
663 // Wasn't an OCB-encrypted blob. Maybe it's an old softkeymaster blob.
664 error = ParseOldSoftkeymasterBlob(blob, key_material, hw_enforced, sw_enforced);
665 if (error == KM_ERROR_OK)
666 LOG_D("Parsed an old sofkeymaster key", 0);
667 if (error != KM_ERROR_INVALID_KEY_BLOB)
668 return error;
669
670 if (km1_dev_)
671 return ParseKeymaster1HwBlob(blob, additional_params, key_material, hw_enforced,
672 sw_enforced);
673 else if (km0_engine_)
674 return ParseKeymaster0HwBlob(blob, key_material, hw_enforced, sw_enforced);
675
676 LOG_E("Failed to parse key; not a valid software blob, no hardware module configured", 0);
677 return KM_ERROR_INVALID_KEY_BLOB;
678 }
679
DeleteKey(const KeymasterKeyBlob & blob) const680 keymaster_error_t SoftKeymasterContext::DeleteKey(const KeymasterKeyBlob& blob) const {
681 if (km1_engine_) {
682 keymaster_error_t error = km1_engine_->DeleteKey(blob);
683 if (error == KM_ERROR_INVALID_KEY_BLOB) {
684 // Note that we succeed on invalid blob, because it probably just indicates that the
685 // blob is a software blob, not a hardware blob.
686 error = KM_ERROR_OK;
687 }
688 return error;
689 }
690
691 if (km0_engine_) {
692 // This could be a keymaster0 hardware key, and it could be either raw or encapsulated in an
693 // integrity-assured blob. If it's integrity-assured, we can't validate it strongly,
694 // because we don't have the necessary additional_params data. However, the probability
695 // that anything other than an integrity-assured blob would have all of the structure
696 // required to decode as a valid blob is low -- unless it's maliciously-constructed, but the
697 // deserializer should be proof against bad data, as should the keymaster0 hardware.
698 //
699 // Thus, we first try to parse it as integrity-assured. If that works, we pass the result
700 // to the underlying hardware. If not, we pass blob unmodified to the underlying hardware.
701 KeymasterKeyBlob key_material;
702 AuthorizationSet hw_enforced, sw_enforced;
703 keymaster_error_t error = DeserializeIntegrityAssuredBlob_NoHmacCheck(
704 blob, &key_material, &hw_enforced, &sw_enforced);
705 if (error == KM_ERROR_OK && km0_engine_->DeleteKey(key_material))
706 return KM_ERROR_OK;
707
708 km0_engine_->DeleteKey(blob);
709
710 // We succeed unconditionally at this point, even if delete failed. Failure indicates that
711 // either the blob is a software blob (which we can't distinguish with certainty without
712 // additional_params) or because it is a hardware blob and the hardware failed. In the
713 // first case, there is no error. In the second case, the client can't do anything to fix
714 // it anyway, so it's not too harmful to simply swallow the error. This is not ideal, but
715 // it's the least-bad alternative.
716 return KM_ERROR_OK;
717 }
718
719 // Nothing to do for software-only contexts.
720 return KM_ERROR_OK;
721 }
722
DeleteAllKeys() const723 keymaster_error_t SoftKeymasterContext::DeleteAllKeys() const {
724 if (km1_engine_)
725 return km1_engine_->DeleteAllKeys();
726
727 if (km0_engine_ && !km0_engine_->DeleteAllKeys())
728 return KM_ERROR_UNKNOWN_ERROR;
729
730 return KM_ERROR_OK;
731 }
732
AddRngEntropy(const uint8_t * buf,size_t length) const733 keymaster_error_t SoftKeymasterContext::AddRngEntropy(const uint8_t* buf, size_t length) const {
734 RAND_add(buf, length, 0 /* Don't assume any entropy is added to the pool. */);
735 return KM_ERROR_OK;
736 }
737
GenerateRandom(uint8_t * buf,size_t length) const738 keymaster_error_t SoftKeymasterContext::GenerateRandom(uint8_t* buf, size_t length) const {
739 if (RAND_bytes(buf, length) != 1)
740 return KM_ERROR_UNKNOWN_ERROR;
741 return KM_ERROR_OK;
742 }
743
AddSystemVersionToSet(AuthorizationSet * auth_set) const744 void SoftKeymasterContext::AddSystemVersionToSet(AuthorizationSet* auth_set) const {
745 if (!auth_set->Contains(TAG_OS_VERSION))
746 auth_set->push_back(TAG_OS_VERSION, os_version_);
747 if (!auth_set->Contains(TAG_OS_PATCHLEVEL))
748 auth_set->push_back(TAG_OS_PATCHLEVEL, os_patchlevel_);
749 }
750
AttestationKey(keymaster_algorithm_t algorithm,keymaster_error_t * error) const751 EVP_PKEY* SoftKeymasterContext::AttestationKey(keymaster_algorithm_t algorithm,
752 keymaster_error_t* error) const {
753
754 const uint8_t* key;
755 size_t key_length;
756 int evp_key_type;
757
758 switch (algorithm) {
759 case KM_ALGORITHM_RSA:
760 key = kRsaAttestKey;
761 key_length = array_length(kRsaAttestKey);
762 evp_key_type = EVP_PKEY_RSA;
763 break;
764
765 case KM_ALGORITHM_EC:
766 key = kEcAttestKey;
767 key_length = array_length(kEcAttestKey);
768 evp_key_type = EVP_PKEY_EC;
769 break;
770
771 default:
772 *error = KM_ERROR_UNSUPPORTED_ALGORITHM;
773 return nullptr;
774 }
775
776 EVP_PKEY* pkey = d2i_PrivateKey(evp_key_type, nullptr /* pkey */, &key, key_length);
777 if (!pkey)
778 *error = TranslateLastOpenSslError();
779
780 return pkey;
781 }
782
AttestationChain(keymaster_algorithm_t algorithm,keymaster_error_t * error) const783 keymaster_cert_chain_t* SoftKeymasterContext::AttestationChain(keymaster_algorithm_t algorithm,
784 keymaster_error_t* error) const {
785 // If we have to bail it will be because of an allocation failure.
786 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
787
788 UniquePtr<keymaster_cert_chain_t, CertificateChainDelete> chain(new keymaster_cert_chain_t);
789 if (!chain.get())
790 return nullptr;
791 memset(chain.get(), 0, sizeof(keymaster_cert_chain_t));
792
793 chain->entries = new keymaster_blob_t[kCertificateChainLength];
794 if (!chain->entries)
795 return nullptr;
796
797 memset(chain->entries, 0, sizeof(chain->entries[0]) * kCertificateChainLength);
798 chain->entry_count = kCertificateChainLength;
799
800 size_t entry = 0;
801
802 switch (algorithm) {
803 case KM_ALGORITHM_RSA:
804 chain->entries[entry].data = dup_array(kRsaAttestCert);
805 if (!chain->entries[entry].data)
806 return nullptr;
807 chain->entries[entry].data_length = array_length(kRsaAttestCert);
808 entry++;
809 chain->entries[entry].data = dup_array(kRsaAttestRootCert);
810 if (!chain->entries[entry].data)
811 return nullptr;
812 chain->entries[entry].data_length = array_length(kRsaAttestRootCert);
813 entry++;
814 break;
815
816 case KM_ALGORITHM_EC:
817 chain->entries[entry].data = dup_array(kEcAttestCert);
818 if (!chain->entries[entry].data)
819 return nullptr;
820 chain->entries[entry].data_length = array_length(kEcAttestCert);
821 entry++;
822 chain->entries[entry].data = dup_array(kEcAttestRootCert);
823 if (!chain->entries[entry].data)
824 return nullptr;
825 chain->entries[entry].data_length = array_length(kEcAttestRootCert);
826 entry++;
827 break;
828
829 default:
830 *error = KM_ERROR_UNSUPPORTED_ALGORITHM;
831 return nullptr;
832 };
833
834 assert(entry == kCertificateChainLength);
835
836 *error = KM_ERROR_OK;
837 return chain.release();
838 }
839
GenerateUniqueId(uint64_t,const keymaster_blob_t &,bool,Buffer *) const840 keymaster_error_t SoftKeymasterContext::GenerateUniqueId(
841 uint64_t /* creation_date_time */, const keymaster_blob_t& /* application_id */,
842 bool /* reset_since_rotation */, Buffer* /* unique_id */) const {
843 // SoftKeymasterDevice cannot generate unique IDs.
844 return KM_ERROR_UNIMPLEMENTED;
845 }
846
ParseKeymaster1HwBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & additional_params,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const847 keymaster_error_t SoftKeymasterContext::ParseKeymaster1HwBlob(
848 const KeymasterKeyBlob& blob, const AuthorizationSet& additional_params,
849 KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced,
850 AuthorizationSet* sw_enforced) const {
851 assert(km1_dev_);
852
853 keymaster_blob_t client_id = {nullptr, 0};
854 keymaster_blob_t app_data = {nullptr, 0};
855 keymaster_blob_t* client_id_ptr = nullptr;
856 keymaster_blob_t* app_data_ptr = nullptr;
857 if (additional_params.GetTagValue(TAG_APPLICATION_ID, &client_id))
858 client_id_ptr = &client_id;
859 if (additional_params.GetTagValue(TAG_APPLICATION_DATA, &app_data))
860 app_data_ptr = &app_data;
861
862 // Get key characteristics, which incidentally verifies that the HW recognizes the key.
863 keymaster_key_characteristics_t* characteristics;
864 keymaster_error_t error = km1_dev_->get_key_characteristics(km1_dev_, &blob, client_id_ptr,
865 app_data_ptr, &characteristics);
866 if (error != KM_ERROR_OK)
867 return error;
868 unique_ptr<keymaster_key_characteristics_t, Characteristics_Delete> characteristics_deleter(
869 characteristics);
870
871 LOG_D("Module \"%s\" accepted key", km1_dev_->common.module->name);
872
873 hw_enforced->Reinitialize(characteristics->hw_enforced);
874 sw_enforced->Reinitialize(characteristics->sw_enforced);
875 *key_material = blob;
876 return KM_ERROR_OK;
877 }
878
ParseKeymaster0HwBlob(const KeymasterKeyBlob & blob,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const879 keymaster_error_t SoftKeymasterContext::ParseKeymaster0HwBlob(const KeymasterKeyBlob& blob,
880 KeymasterKeyBlob* key_material,
881 AuthorizationSet* hw_enforced,
882 AuthorizationSet* sw_enforced) const {
883 assert(km0_engine_);
884
885 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> tmp_key(km0_engine_->GetKeymaster0PublicKey(blob));
886
887 if (!tmp_key)
888 return KM_ERROR_INVALID_KEY_BLOB;
889
890 LOG_D("Module \"%s\" accepted key", km0_engine_->device()->common.module->name);
891 keymaster_error_t error = FakeKeyAuthorizations(tmp_key.get(), hw_enforced, sw_enforced);
892 if (error == KM_ERROR_OK)
893 *key_material = blob;
894
895 return error;
896 }
897
FakeKeyAuthorizations(EVP_PKEY * pubkey,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const898 keymaster_error_t SoftKeymasterContext::FakeKeyAuthorizations(EVP_PKEY* pubkey,
899 AuthorizationSet* hw_enforced,
900 AuthorizationSet* sw_enforced) const {
901 hw_enforced->Clear();
902 sw_enforced->Clear();
903
904 switch (EVP_PKEY_type(pubkey->type)) {
905 case EVP_PKEY_RSA: {
906 hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
907 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_NONE);
908 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_MD5);
909 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA1);
910 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_224);
911 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
912 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384);
913 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_512);
914 hw_enforced->push_back(TAG_PADDING, KM_PAD_NONE);
915 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
916 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
917 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PSS);
918 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
919
920 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN);
921 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY);
922 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_ENCRYPT);
923 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_DECRYPT);
924
925 unique_ptr<RSA, RSA_Delete> rsa(EVP_PKEY_get1_RSA(pubkey));
926 if (!rsa)
927 return TranslateLastOpenSslError();
928 hw_enforced->push_back(TAG_KEY_SIZE, RSA_size(rsa.get()) * 8);
929 uint64_t public_exponent = BN_get_word(rsa->e);
930 if (public_exponent == 0xffffffffL)
931 return KM_ERROR_INVALID_KEY_BLOB;
932 hw_enforced->push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent);
933 break;
934 }
935
936 case EVP_PKEY_EC: {
937 hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
938 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_NONE);
939 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_MD5);
940 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA1);
941 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_224);
942 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
943 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384);
944 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_512);
945
946 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN);
947 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY);
948
949 UniquePtr<EC_KEY, EC_KEY_Delete> ec_key(EVP_PKEY_get1_EC_KEY(pubkey));
950 if (!ec_key.get())
951 return TranslateLastOpenSslError();
952 size_t key_size_bits;
953 keymaster_error_t error =
954 ec_get_group_size(EC_KEY_get0_group(ec_key.get()), &key_size_bits);
955 if (error != KM_ERROR_OK)
956 return error;
957 hw_enforced->push_back(TAG_KEY_SIZE, key_size_bits);
958 break;
959 }
960
961 default:
962 return KM_ERROR_UNSUPPORTED_ALGORITHM;
963 }
964
965 sw_enforced->push_back(TAG_ALL_USERS);
966 sw_enforced->push_back(TAG_NO_AUTH_REQUIRED);
967
968 return KM_ERROR_OK;
969 }
970
BuildHiddenAuthorizations(const AuthorizationSet & input_set,AuthorizationSet * hidden) const971 keymaster_error_t SoftKeymasterContext::BuildHiddenAuthorizations(const AuthorizationSet& input_set,
972 AuthorizationSet* hidden) const {
973 keymaster_blob_t entry;
974 if (input_set.GetTagValue(TAG_APPLICATION_ID, &entry))
975 hidden->push_back(TAG_APPLICATION_ID, entry.data, entry.data_length);
976 if (input_set.GetTagValue(TAG_APPLICATION_DATA, &entry))
977 hidden->push_back(TAG_APPLICATION_DATA, entry.data, entry.data_length);
978
979 hidden->push_back(TAG_ROOT_OF_TRUST, reinterpret_cast<const uint8_t*>(root_of_trust_.data()),
980 root_of_trust_.size());
981
982 return TranslateAuthorizationSetError(hidden->is_valid());
983 }
984
985 } // namespace keymaster
986