1 /*
2 * Copyright 2015 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <keymaster/soft_keymaster_context.h>
18
19 #include <memory>
20
21 #include <time.h>
22
23 #include <openssl/aes.h>
24 #include <openssl/hmac.h>
25 #include <openssl/rand.h>
26 #include <openssl/sha.h>
27
28 #include <keymaster/android_keymaster_utils.h>
29 #include <keymaster/logger.h>
30
31 #include "aes_key.h"
32 #include "auth_encrypted_key_blob.h"
33 #include "ec_keymaster0_key.h"
34 #include "ec_keymaster1_key.h"
35 #include "hmac_key.h"
36 #include "integrity_assured_key_blob.h"
37 #include "keymaster0_engine.h"
38 #include "ocb_utils.h"
39 #include "openssl_err.h"
40 #include "rsa_keymaster0_key.h"
41 #include "rsa_keymaster1_key.h"
42
43 using std::unique_ptr;
44
45 namespace keymaster {
46
47 namespace {
48 static uint8_t master_key_bytes[AES_BLOCK_SIZE] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
49 const KeymasterKeyBlob MASTER_KEY(master_key_bytes, array_length(master_key_bytes));
50
51 static uint8_t kRsaAttestKey[] = {
52 0x30, 0x82, 0x02, 0x5d, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xc0, 0x83, 0x23, 0xdc, 0x56,
53 0x88, 0x1b, 0xb8, 0x30, 0x20, 0x69, 0xf5, 0xb0, 0x85, 0x61, 0xc6, 0xee, 0xbe, 0x7f, 0x05, 0xe2,
54 0xf5, 0xa8, 0x42, 0x04, 0x8a, 0xbe, 0x8b, 0x47, 0xbe, 0x76, 0xfe, 0xae, 0xf2, 0x5c, 0xf2, 0x9b,
55 0x2a, 0xfa, 0x32, 0x00, 0x14, 0x16, 0x01, 0x42, 0x99, 0x89, 0xa1, 0x5f, 0xcf, 0xc6, 0x81, 0x5e,
56 0xb3, 0x63, 0x58, 0x3c, 0x2f, 0xd2, 0xf2, 0x0b, 0xe4, 0x98, 0x32, 0x83, 0xdd, 0x81, 0x4b, 0x16,
57 0xd7, 0xe1, 0x85, 0x41, 0x7a, 0xe5, 0x4a, 0xbc, 0x29, 0x6a, 0x3a, 0x6d, 0xb5, 0xc0, 0x04, 0x08,
58 0x3b, 0x68, 0xc5, 0x56, 0xc1, 0xf0, 0x23, 0x39, 0x91, 0x64, 0x19, 0x86, 0x4d, 0x50, 0xb7, 0x4d,
59 0x40, 0xae, 0xca, 0x48, 0x4c, 0x77, 0x35, 0x6c, 0x89, 0x5a, 0x0c, 0x27, 0x5a, 0xbf, 0xac, 0x49,
60 0x9d, 0x5d, 0x7d, 0x23, 0x62, 0xf2, 0x9c, 0x5e, 0x02, 0xe8, 0x71, 0x02, 0x03, 0x01, 0x00, 0x01,
61 0x02, 0x81, 0x81, 0x00, 0xbe, 0x86, 0x0b, 0x0b, 0x99, 0xa8, 0x02, 0xa6, 0xfb, 0x1a, 0x59, 0x43,
62 0x8a, 0x7b, 0xb7, 0x15, 0x06, 0x5b, 0x09, 0xa3, 0x6d, 0xc6, 0xe9, 0xca, 0xcc, 0x6b, 0xf3, 0xc0,
63 0x2c, 0x34, 0xd7, 0xd7, 0x9e, 0x94, 0xc6, 0x60, 0x64, 0x28, 0xd8, 0x8c, 0x7b, 0x7f, 0x65, 0x77,
64 0xc1, 0xcd, 0xea, 0x64, 0x07, 0x4a, 0xbe, 0x8e, 0x72, 0x86, 0xdf, 0x1f, 0x08, 0x11, 0xdc, 0x97,
65 0x28, 0x26, 0x08, 0x68, 0xde, 0x95, 0xd3, 0x2e, 0xfc, 0x96, 0xb6, 0xd0, 0x84, 0xff, 0x27, 0x1a,
66 0x5f, 0x60, 0xde, 0xfc, 0xc7, 0x03, 0xe7, 0xa3, 0x8e, 0x6e, 0x29, 0xba, 0x9a, 0x3c, 0x5f, 0xc2,
67 0xc2, 0x80, 0x76, 0xb6, 0xa8, 0x96, 0xaf, 0x1d, 0x34, 0xd7, 0x88, 0x28, 0xce, 0x9b, 0xdd, 0xb1,
68 0xf3, 0x4f, 0x9c, 0x94, 0x04, 0x43, 0x07, 0x81, 0x29, 0x8e, 0x20, 0x13, 0x16, 0x72, 0x5b, 0xbd,
69 0xbc, 0x99, 0x3a, 0x41, 0x02, 0x41, 0x00, 0xe1, 0xc6, 0xd9, 0x27, 0x64, 0x6c, 0x09, 0x16, 0xec,
70 0x36, 0x82, 0x6d, 0x59, 0x49, 0x83, 0x74, 0x0c, 0x21, 0xf1, 0xb0, 0x74, 0xc4, 0xa1, 0xa5, 0x98,
71 0x67, 0xc6, 0x69, 0x79, 0x5c, 0x85, 0xd3, 0xdc, 0x46, 0x4c, 0x5b, 0x92, 0x9e, 0x94, 0xbf, 0xb3,
72 0x4e, 0x0d, 0xcc, 0x50, 0x14, 0xb1, 0x0f, 0x13, 0x34, 0x1a, 0xb7, 0xfd, 0xd5, 0xf6, 0x04, 0x14,
73 0xd2, 0xa3, 0x26, 0xca, 0xd4, 0x1c, 0xc5, 0x02, 0x41, 0x00, 0xda, 0x48, 0x59, 0x97, 0x78, 0x5c,
74 0xd5, 0x63, 0x0f, 0xb0, 0xfd, 0x8c, 0x52, 0x54, 0xf9, 0x8e, 0x53, 0x8e, 0x18, 0x98, 0x3a, 0xae,
75 0x9e, 0x6b, 0x7e, 0x6a, 0x5a, 0x7b, 0x5d, 0x34, 0x37, 0x55, 0xb9, 0x21, 0x8e, 0xbd, 0x40, 0x32,
76 0x0d, 0x28, 0x38, 0x7d, 0x78, 0x9f, 0x76, 0xfa, 0x21, 0x8b, 0xcc, 0x2d, 0x8b, 0x68, 0xa5, 0xf6,
77 0x41, 0x8f, 0xbb, 0xec, 0xa5, 0x17, 0x9a, 0xb3, 0xaf, 0xbd, 0x02, 0x40, 0x50, 0xfe, 0xfc, 0x32,
78 0x64, 0x95, 0x59, 0x61, 0x6e, 0xd6, 0x53, 0x4e, 0x15, 0x45, 0x09, 0x32, 0x9d, 0x93, 0xa3, 0xd8,
79 0x10, 0xdb, 0xe5, 0xbd, 0xb9, 0x82, 0x29, 0x2c, 0xf7, 0x8b, 0xd8, 0xba, 0xdb, 0x80, 0x20, 0xae,
80 0x8d, 0x57, 0xf4, 0xb7, 0x1d, 0x05, 0x38, 0x6f, 0xfe, 0x9e, 0x9d, 0xb2, 0x71, 0xca, 0x34, 0x77,
81 0xa3, 0x49, 0x99, 0xdb, 0x76, 0xf8, 0xe5, 0xec, 0xe9, 0xc0, 0xd4, 0x9d, 0x02, 0x40, 0x15, 0xb7,
82 0x4c, 0xf2, 0x7c, 0xce, 0xff, 0x8b, 0xb3, 0x6b, 0xf0, 0x4d, 0x9d, 0x83, 0x46, 0xb0, 0x9a, 0x2f,
83 0x70, 0xd2, 0xf4, 0x43, 0x9b, 0x0f, 0x26, 0xac, 0x7e, 0x03, 0xf7, 0xe9, 0xd1, 0xf7, 0x7d, 0x4b,
84 0x91, 0x5f, 0xd2, 0x9b, 0x28, 0x23, 0xf0, 0x3a, 0xcb, 0x5d, 0x52, 0x00, 0xe0, 0x85, 0x7f, 0xf2,
85 0xa8, 0x03, 0xe9, 0x3e, 0xee, 0x96, 0xd6, 0x23, 0x5c, 0xe9, 0x54, 0x42, 0xbc, 0x21, 0x02, 0x41,
86 0x00, 0x90, 0xa7, 0x45, 0xda, 0x89, 0x70, 0xb2, 0xcd, 0x64, 0x96, 0x60, 0x32, 0x42, 0x28, 0xc5,
87 0xf8, 0x28, 0x56, 0xff, 0xd6, 0x65, 0xba, 0x9a, 0x85, 0xc8, 0xd6, 0x0f, 0x1b, 0x8b, 0xee, 0x71,
88 0x7e, 0xcd, 0x2c, 0x72, 0xea, 0xe0, 0x1d, 0xad, 0x86, 0xba, 0x76, 0x54, 0xd4, 0xcf, 0x45, 0xad,
89 0xb5, 0xf1, 0xf2, 0xb3, 0x1d, 0x9f, 0x81, 0x22, 0xcf, 0xa5, 0xf1, 0xa5, 0x57, 0x0f, 0x9b, 0x2d,
90 0x25,
91 };
92
93 static uint8_t kRsaAttestCert[] = {
94 0x30, 0x82, 0x02, 0xb6, 0x30, 0x82, 0x02, 0x1f, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x10,
95 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00,
96 0x30, 0x63, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
97 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
98 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
99 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13,
100 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49,
101 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e,
102 0x64, 0x72, 0x6f, 0x69, 0x64, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, 0x30, 0x34, 0x31,
103 0x32, 0x34, 0x30, 0x35, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x35, 0x31, 0x32, 0x33, 0x30, 0x31, 0x32,
104 0x34, 0x30, 0x35, 0x33, 0x5a, 0x30, 0x76, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
105 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43,
106 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55,
107 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e,
108 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f,
109 0x69, 0x64, 0x31, 0x29, 0x30, 0x27, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x20, 0x41, 0x6e, 0x64,
110 0x72, 0x6f, 0x69, 0x64, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74,
111 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x4b, 0x65, 0x79, 0x30, 0x81, 0x9f,
112 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03,
113 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xc0, 0x83, 0x23, 0xdc, 0x56, 0x88,
114 0x1b, 0xb8, 0x30, 0x20, 0x69, 0xf5, 0xb0, 0x85, 0x61, 0xc6, 0xee, 0xbe, 0x7f, 0x05, 0xe2, 0xf5,
115 0xa8, 0x42, 0x04, 0x8a, 0xbe, 0x8b, 0x47, 0xbe, 0x76, 0xfe, 0xae, 0xf2, 0x5c, 0xf2, 0x9b, 0x2a,
116 0xfa, 0x32, 0x00, 0x14, 0x16, 0x01, 0x42, 0x99, 0x89, 0xa1, 0x5f, 0xcf, 0xc6, 0x81, 0x5e, 0xb3,
117 0x63, 0x58, 0x3c, 0x2f, 0xd2, 0xf2, 0x0b, 0xe4, 0x98, 0x32, 0x83, 0xdd, 0x81, 0x4b, 0x16, 0xd7,
118 0xe1, 0x85, 0x41, 0x7a, 0xe5, 0x4a, 0xbc, 0x29, 0x6a, 0x3a, 0x6d, 0xb5, 0xc0, 0x04, 0x08, 0x3b,
119 0x68, 0xc5, 0x56, 0xc1, 0xf0, 0x23, 0x39, 0x91, 0x64, 0x19, 0x86, 0x4d, 0x50, 0xb7, 0x4d, 0x40,
120 0xae, 0xca, 0x48, 0x4c, 0x77, 0x35, 0x6c, 0x89, 0x5a, 0x0c, 0x27, 0x5a, 0xbf, 0xac, 0x49, 0x9d,
121 0x5d, 0x7d, 0x23, 0x62, 0xf2, 0x9c, 0x5e, 0x02, 0xe8, 0x71, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3,
122 0x66, 0x30, 0x64, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0xd4, 0x0c,
123 0x10, 0x1b, 0xf8, 0xcd, 0x63, 0xb9, 0xf7, 0x39, 0x52, 0xb5, 0x0e, 0x13, 0x5c, 0xa6, 0xd7, 0x99,
124 0x93, 0x86, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x29,
125 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6, 0xb0, 0xe9, 0x32, 0xe5,
126 0x07, 0xfe, 0x2e, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30,
127 0x06, 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01,
128 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7,
129 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x9e, 0x2d, 0x48, 0x5f, 0x8c, 0x67,
130 0x33, 0xdc, 0x1a, 0x85, 0xad, 0x99, 0xd7, 0x50, 0x23, 0xea, 0x14, 0xec, 0x43, 0xb0, 0xe1, 0x9d,
131 0xea, 0xc2, 0x23, 0x46, 0x1e, 0x72, 0xb5, 0x19, 0xdc, 0x60, 0x22, 0xe4, 0xa5, 0x68, 0x31, 0x6c,
132 0x0b, 0x55, 0xc4, 0xe6, 0x9c, 0xa2, 0x2d, 0x9f, 0x3a, 0x4f, 0x93, 0x6b, 0x31, 0x8b, 0x16, 0x78,
133 0x16, 0x0d, 0x88, 0xcb, 0xd9, 0x8b, 0xcc, 0x80, 0x9d, 0x84, 0xf0, 0xc2, 0x27, 0xe3, 0x6b, 0x38,
134 0xf1, 0xfd, 0xd1, 0xe7, 0x17, 0x72, 0x31, 0x59, 0x35, 0x7d, 0x96, 0xf3, 0xc5, 0x7f, 0xab, 0x9d,
135 0x8f, 0x96, 0x61, 0x26, 0x4f, 0xb2, 0xbe, 0x81, 0xbb, 0x0d, 0x49, 0x04, 0x22, 0x8a, 0xce, 0x9f,
136 0xf7, 0xf5, 0x42, 0x2e, 0x25, 0x44, 0xfa, 0x21, 0x07, 0x12, 0x5a, 0x83, 0xb5, 0x55, 0xad, 0x18,
137 0x82, 0xf8, 0x40, 0x14, 0x9b, 0x9c, 0x20, 0x63, 0x04, 0x7f,
138 };
139
140 static uint8_t kRsaAttestRootCert[] = {
141 0x30, 0x82, 0x02, 0xa7, 0x30, 0x82, 0x02, 0x10, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
142 0xff, 0x94, 0xd9, 0xdd, 0x9f, 0x07, 0xc8, 0x0c, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
143 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x63, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55,
144 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c,
145 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06,
146 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56,
147 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f,
148 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03,
149 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x30, 0x1e, 0x17, 0x0d,
150 0x31, 0x36, 0x30, 0x31, 0x30, 0x34, 0x31, 0x32, 0x33, 0x31, 0x30, 0x38, 0x5a, 0x17, 0x0d, 0x33,
151 0x35, 0x31, 0x32, 0x33, 0x30, 0x31, 0x32, 0x33, 0x31, 0x30, 0x38, 0x5a, 0x30, 0x63, 0x31, 0x0b,
152 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06,
153 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61,
154 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74,
155 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04,
156 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31,
157 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69,
158 0x64, 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01,
159 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xa2, 0x6b,
160 0xad, 0xeb, 0x6e, 0x2e, 0x44, 0x61, 0xef, 0xd5, 0x0e, 0x82, 0xe6, 0xb7, 0x94, 0xd1, 0x75, 0x23,
161 0x1f, 0x77, 0x9b, 0x63, 0x91, 0x63, 0xff, 0xf7, 0xaa, 0xff, 0x0b, 0x72, 0x47, 0x4e, 0xc0, 0x2c,
162 0x43, 0xec, 0x33, 0x7c, 0xd7, 0xac, 0xed, 0x40, 0x3e, 0x8c, 0x28, 0xa0, 0x66, 0xd5, 0xf7, 0x87,
163 0x0b, 0x33, 0x97, 0xde, 0x0e, 0xb8, 0x4e, 0x13, 0x40, 0xab, 0xaf, 0xa5, 0x27, 0xbf, 0x95, 0x69,
164 0xa0, 0x31, 0xdb, 0x06, 0x52, 0x65, 0xf8, 0x44, 0x59, 0x57, 0x61, 0xf0, 0xbb, 0xf2, 0x17, 0x4b,
165 0xb7, 0x41, 0x80, 0x64, 0xc0, 0x28, 0x0e, 0x8f, 0x52, 0x77, 0x8e, 0xdb, 0xd2, 0x47, 0xb6, 0x45,
166 0xe9, 0x19, 0xc8, 0xe9, 0x8b, 0xc3, 0xdb, 0xc2, 0x91, 0x3f, 0xd7, 0xd7, 0x50, 0xc4, 0x1d, 0x35,
167 0x66, 0xf9, 0x57, 0xe4, 0x97, 0x96, 0x0b, 0x09, 0xac, 0xce, 0x92, 0x35, 0x85, 0x9b, 0x02, 0x03,
168 0x01, 0x00, 0x01, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16,
169 0x04, 0x14, 0x29, 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6, 0xb0,
170 0xe9, 0x32, 0xe5, 0x07, 0xfe, 0x2e, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30,
171 0x16, 0x80, 0x14, 0x29, 0xfa, 0xf1, 0xac, 0xcc, 0x4d, 0xd2, 0x4c, 0x96, 0x40, 0x27, 0x75, 0xb6,
172 0xb0, 0xe9, 0x32, 0xe5, 0x07, 0xfe, 0x2e, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01,
173 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01,
174 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86,
175 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x81, 0x81, 0x00, 0x4f, 0x72, 0xf3, 0x36, 0x59,
176 0x8d, 0x0e, 0xc1, 0xb9, 0x74, 0x5b, 0x31, 0x59, 0xf6, 0xf0, 0x8d, 0x25, 0x49, 0x30, 0x9e, 0xa3,
177 0x1c, 0x1c, 0x29, 0xd2, 0x45, 0x2d, 0x20, 0xb9, 0x4d, 0x5f, 0x64, 0xb4, 0xe8, 0x80, 0xc7, 0x78,
178 0x7a, 0x9c, 0x39, 0xde, 0xa8, 0xb3, 0xf5, 0xbf, 0x2f, 0x70, 0x5f, 0x47, 0x10, 0x5c, 0xc5, 0xe6,
179 0xeb, 0x4d, 0x06, 0x99, 0x61, 0xd2, 0xae, 0x9a, 0x07, 0xff, 0xf7, 0x7c, 0xb8, 0xab, 0xeb, 0x9c,
180 0x0f, 0x24, 0x07, 0x5e, 0xb1, 0x7f, 0xba, 0x79, 0x71, 0xfd, 0x4d, 0x5b, 0x9e, 0xdf, 0x14, 0xa9,
181 0xfe, 0xdf, 0xed, 0x7c, 0xc0, 0x88, 0x5d, 0xf8, 0xdd, 0x9b, 0x64, 0x32, 0x56, 0xd5, 0x35, 0x9a,
182 0xe2, 0x13, 0xf9, 0x8f, 0xce, 0xc1, 0x7c, 0xdc, 0xef, 0xa4, 0xaa, 0xb2, 0x55, 0xc3, 0x83, 0xa9,
183 0x2e, 0xfb, 0x5c, 0xf6, 0x62, 0xf5, 0x27, 0x52, 0x17, 0xbe, 0x63,
184 };
185
186 static uint8_t kEcAttestKey[] = {
187 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x21, 0xe0, 0x86, 0x43, 0x2a, 0x15, 0x19, 0x84, 0x59,
188 0xcf, 0x36, 0x3a, 0x50, 0xfc, 0x14, 0xc9, 0xda, 0xad, 0xf9, 0x35, 0xf5, 0x27, 0xc2, 0xdf, 0xd7,
189 0x1e, 0x4d, 0x6d, 0xbc, 0x42, 0xe5, 0x44, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
190 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xeb, 0x9e, 0x79, 0xf8, 0x42, 0x63, 0x59,
191 0xac, 0xcb, 0x2a, 0x91, 0x4c, 0x89, 0x86, 0xcc, 0x70, 0xad, 0x90, 0x66, 0x93, 0x82, 0xa9, 0x73,
192 0x26, 0x13, 0xfe, 0xac, 0xcb, 0xf8, 0x21, 0x27, 0x4c, 0x21, 0x74, 0x97, 0x4a, 0x2a, 0xfe, 0xa5,
193 0xb9, 0x4d, 0x7f, 0x66, 0xd4, 0xe0, 0x65, 0x10, 0x66, 0x35, 0xbc, 0x53, 0xb7, 0xa0, 0xa3, 0xa6,
194 0x71, 0x58, 0x3e, 0xdb, 0x3e, 0x11, 0xae, 0x10, 0x14,
195 };
196
197 static uint8_t kEcAttestCert[] = {
198 0x30, 0x82, 0x02, 0x78, 0x30, 0x82, 0x02, 0x1e, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x02, 0x10,
199 0x01, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81, 0x98,
200 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30,
201 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e,
202 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75,
203 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03,
204 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63,
205 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72,
206 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2a, 0x41, 0x6e,
207 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x53,
208 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74,
209 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31,
210 0x31, 0x31, 0x30, 0x30, 0x34, 0x36, 0x30, 0x39, 0x5a, 0x17, 0x0d, 0x32, 0x36, 0x30, 0x31, 0x30,
211 0x38, 0x30, 0x30, 0x34, 0x36, 0x30, 0x39, 0x5a, 0x30, 0x81, 0x88, 0x31, 0x0b, 0x30, 0x09, 0x06,
212 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04,
213 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x15, 0x30,
214 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20,
215 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41,
216 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x3b, 0x30, 0x39, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c,
217 0x32, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72,
218 0x65, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73,
219 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, 0x64, 0x69,
220 0x61, 0x74, 0x65, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01,
221 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0xeb, 0x9e,
222 0x79, 0xf8, 0x42, 0x63, 0x59, 0xac, 0xcb, 0x2a, 0x91, 0x4c, 0x89, 0x86, 0xcc, 0x70, 0xad, 0x90,
223 0x66, 0x93, 0x82, 0xa9, 0x73, 0x26, 0x13, 0xfe, 0xac, 0xcb, 0xf8, 0x21, 0x27, 0x4c, 0x21, 0x74,
224 0x97, 0x4a, 0x2a, 0xfe, 0xa5, 0xb9, 0x4d, 0x7f, 0x66, 0xd4, 0xe0, 0x65, 0x10, 0x66, 0x35, 0xbc,
225 0x53, 0xb7, 0xa0, 0xa3, 0xa6, 0x71, 0x58, 0x3e, 0xdb, 0x3e, 0x11, 0xae, 0x10, 0x14, 0xa3, 0x66,
226 0x30, 0x64, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x3f, 0xfc, 0xac,
227 0xd6, 0x1a, 0xb1, 0x3a, 0x9e, 0x81, 0x20, 0xb8, 0xd5, 0x25, 0x1c, 0xc5, 0x65, 0xbb, 0x1e, 0x91,
228 0xa9, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0xc8, 0xad,
229 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16, 0x10, 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a,
230 0x30, 0xcf, 0x30, 0x12, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x08, 0x30, 0x06,
231 0x01, 0x01, 0xff, 0x02, 0x01, 0x00, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x01, 0x01, 0xff,
232 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04,
233 0x03, 0x02, 0x03, 0x48, 0x00, 0x30, 0x45, 0x02, 0x20, 0x4b, 0x8a, 0x9b, 0x7b, 0xee, 0x82, 0xbc,
234 0xc0, 0x33, 0x87, 0xae, 0x2f, 0xc0, 0x89, 0x98, 0xb4, 0xdd, 0xc3, 0x8d, 0xab, 0x27, 0x2a, 0x45,
235 0x9f, 0x69, 0x0c, 0xc7, 0xc3, 0x92, 0xd4, 0x0f, 0x8e, 0x02, 0x21, 0x00, 0xee, 0xda, 0x01, 0x5d,
236 0xb6, 0xf4, 0x32, 0xe9, 0xd4, 0x84, 0x3b, 0x62, 0x4c, 0x94, 0x04, 0xef, 0x3a, 0x7c, 0xcc, 0xbd,
237 0x5e, 0xfb, 0x22, 0xbb, 0xe7, 0xfe, 0xb9, 0x77, 0x3f, 0x59, 0x3f, 0xfb,
238 };
239
240 static uint8_t kEcAttestRootCert[] = {
241 0x30, 0x82, 0x02, 0x8b, 0x30, 0x82, 0x02, 0x32, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x09, 0x00,
242 0xa2, 0x05, 0x9e, 0xd1, 0x0e, 0x43, 0x5b, 0x57, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce,
243 0x3d, 0x04, 0x03, 0x02, 0x30, 0x81, 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06,
244 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43,
245 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55,
246 0x04, 0x07, 0x0c, 0x0d, 0x4d, 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65,
247 0x77, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67,
248 0x6c, 0x65, 0x2c, 0x20, 0x49, 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04,
249 0x0b, 0x0c, 0x07, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03,
250 0x55, 0x04, 0x03, 0x0c, 0x2a, 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79,
251 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41,
252 0x74, 0x74, 0x65, 0x73, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30,
253 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x31, 0x31, 0x31, 0x30, 0x30, 0x34, 0x33, 0x35, 0x30, 0x5a,
254 0x17, 0x0d, 0x33, 0x36, 0x30, 0x31, 0x30, 0x36, 0x30, 0x30, 0x34, 0x33, 0x35, 0x30, 0x5a, 0x30,
255 0x81, 0x98, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31,
256 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f,
257 0x72, 0x6e, 0x69, 0x61, 0x31, 0x16, 0x30, 0x14, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x0d, 0x4d,
258 0x6f, 0x75, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x20, 0x56, 0x69, 0x65, 0x77, 0x31, 0x15, 0x30, 0x13,
259 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x0c, 0x47, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2c, 0x20, 0x49,
260 0x6e, 0x63, 0x2e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x41, 0x6e,
261 0x64, 0x72, 0x6f, 0x69, 0x64, 0x31, 0x33, 0x30, 0x31, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x2a,
262 0x41, 0x6e, 0x64, 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4b, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65,
263 0x20, 0x53, 0x6f, 0x66, 0x74, 0x77, 0x61, 0x72, 0x65, 0x20, 0x41, 0x74, 0x74, 0x65, 0x73, 0x74,
264 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x20, 0x52, 0x6f, 0x6f, 0x74, 0x30, 0x59, 0x30, 0x13, 0x06, 0x07,
265 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01,
266 0x07, 0x03, 0x42, 0x00, 0x04, 0xee, 0x5d, 0x5e, 0xc7, 0xe1, 0xc0, 0xdb, 0x6d, 0x03, 0xa6, 0x7e,
267 0xe6, 0xb6, 0x1b, 0xec, 0x4d, 0x6a, 0x5d, 0x6a, 0x68, 0x2e, 0x0f, 0xff, 0x7f, 0x49, 0x0e, 0x7d,
268 0x77, 0x1f, 0x44, 0x22, 0x6d, 0xbd, 0xb1, 0xaf, 0xfa, 0x16, 0xcb, 0xc7, 0xad, 0xc5, 0x77, 0xd2,
269 0x56, 0x9c, 0xaa, 0xb7, 0xb0, 0x2d, 0x54, 0x01, 0x5d, 0x3e, 0x43, 0x2b, 0x2a, 0x8e, 0xd7, 0x4e,
270 0xec, 0x48, 0x75, 0x41, 0xa4, 0xa3, 0x63, 0x30, 0x61, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e,
271 0x04, 0x16, 0x04, 0x14, 0xc8, 0xad, 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16, 0x10,
272 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a, 0x30, 0xcf, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04,
273 0x18, 0x30, 0x16, 0x80, 0x14, 0xc8, 0xad, 0xe9, 0x77, 0x4c, 0x45, 0xc3, 0xa3, 0xcf, 0x0d, 0x16,
274 0x10, 0xe4, 0x79, 0x43, 0x3a, 0x21, 0x5a, 0x30, 0xcf, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13,
275 0x01, 0x01, 0xff, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d,
276 0x0f, 0x01, 0x01, 0xff, 0x04, 0x04, 0x03, 0x02, 0x02, 0x84, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86,
277 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x47, 0x00, 0x30, 0x44, 0x02, 0x20, 0x35, 0x21, 0xa3,
278 0xef, 0x8b, 0x34, 0x46, 0x1e, 0x9c, 0xd5, 0x60, 0xf3, 0x1d, 0x58, 0x89, 0x20, 0x6a, 0xdc, 0xa3,
279 0x65, 0x41, 0xf6, 0x0d, 0x9e, 0xce, 0x8a, 0x19, 0x8c, 0x66, 0x48, 0x60, 0x7b, 0x02, 0x20, 0x4d,
280 0x0b, 0xf3, 0x51, 0xd9, 0x30, 0x7c, 0x7d, 0x5b, 0xda, 0x35, 0x34, 0x1d, 0xa8, 0x47, 0x1b, 0x63,
281 0xa5, 0x85, 0x65, 0x3c, 0xad, 0x4f, 0x24, 0xa7, 0xe7, 0x4d, 0xaf, 0x41, 0x7d, 0xf1, 0xbf,
282 };
283
284 size_t kCertificateChainLength = 2;
285
UpgradeIntegerTag(keymaster_tag_t tag,uint32_t value,AuthorizationSet * set,bool * set_changed)286 bool UpgradeIntegerTag(keymaster_tag_t tag, uint32_t value, AuthorizationSet* set,
287 bool* set_changed) {
288 int index = set->find(tag);
289 if (index == -1) {
290 keymaster_key_param_t param;
291 param.tag = tag;
292 param.integer = value;
293 set->push_back(param);
294 *set_changed = true;
295 return true;
296 }
297
298 if (set->params[index].integer > value)
299 return false;
300
301 if (set->params[index].integer != value) {
302 set->params[index].integer = value;
303 *set_changed = true;
304 }
305 return true;
306 }
307
308 } // anonymous namespace
309
SoftKeymasterContext(const std::string & root_of_trust)310 SoftKeymasterContext::SoftKeymasterContext(const std::string& root_of_trust)
311 : rsa_factory_(new RsaKeyFactory(this)), ec_factory_(new EcKeyFactory(this)),
312 aes_factory_(new AesKeyFactory(this)), hmac_factory_(new HmacKeyFactory(this)),
313 km1_dev_(nullptr), root_of_trust_(root_of_trust), os_version_(0), os_patchlevel_(0) {}
314
~SoftKeymasterContext()315 SoftKeymasterContext::~SoftKeymasterContext() {}
316
SetHardwareDevice(keymaster0_device_t * keymaster0_device)317 keymaster_error_t SoftKeymasterContext::SetHardwareDevice(keymaster0_device_t* keymaster0_device) {
318 if (!keymaster0_device)
319 return KM_ERROR_UNEXPECTED_NULL_POINTER;
320
321 if ((keymaster0_device->flags & KEYMASTER_SOFTWARE_ONLY) != 0) {
322 LOG_E("SoftKeymasterContext only wraps hardware keymaster0 devices", 0);
323 return KM_ERROR_INVALID_ARGUMENT;
324 }
325
326 km0_engine_.reset(new Keymaster0Engine(keymaster0_device));
327 rsa_factory_.reset(new RsaKeymaster0KeyFactory(this, km0_engine_.get()));
328 ec_factory_.reset(new EcdsaKeymaster0KeyFactory(this, km0_engine_.get()));
329 // Keep AES and HMAC factories.
330
331 return KM_ERROR_OK;
332 }
333
SetHardwareDevice(keymaster1_device_t * keymaster1_device)334 keymaster_error_t SoftKeymasterContext::SetHardwareDevice(keymaster1_device_t* keymaster1_device) {
335 if (!keymaster1_device)
336 return KM_ERROR_UNEXPECTED_NULL_POINTER;
337
338 km1_dev_ = keymaster1_device;
339
340 km1_engine_.reset(new Keymaster1Engine(keymaster1_device));
341 rsa_factory_.reset(new RsaKeymaster1KeyFactory(this, km1_engine_.get()));
342 ec_factory_.reset(new EcdsaKeymaster1KeyFactory(this, km1_engine_.get()));
343
344 // Use default HMAC and AES key factories. Higher layers will pass HMAC/AES keys/ops that are
345 // supported by the hardware to it and other ones to the software-only factory.
346
347 return KM_ERROR_OK;
348 }
349
SetSystemVersion(uint32_t os_version,uint32_t os_patchlevel)350 keymaster_error_t SoftKeymasterContext::SetSystemVersion(uint32_t os_version,
351 uint32_t os_patchlevel) {
352 os_version_ = os_version;
353 os_patchlevel_ = os_patchlevel;
354 return KM_ERROR_OK;
355 }
356
GetSystemVersion(uint32_t * os_version,uint32_t * os_patchlevel) const357 void SoftKeymasterContext::GetSystemVersion(uint32_t* os_version, uint32_t* os_patchlevel) const {
358 *os_version = os_version_;
359 *os_patchlevel = os_patchlevel_;
360 }
361
GetKeyFactory(keymaster_algorithm_t algorithm) const362 KeyFactory* SoftKeymasterContext::GetKeyFactory(keymaster_algorithm_t algorithm) const {
363 switch (algorithm) {
364 case KM_ALGORITHM_RSA:
365 return rsa_factory_.get();
366 case KM_ALGORITHM_EC:
367 return ec_factory_.get();
368 case KM_ALGORITHM_AES:
369 return aes_factory_.get();
370 case KM_ALGORITHM_HMAC:
371 return hmac_factory_.get();
372 default:
373 return nullptr;
374 }
375 }
376
377 static keymaster_algorithm_t supported_algorithms[] = {KM_ALGORITHM_RSA, KM_ALGORITHM_EC,
378 KM_ALGORITHM_AES, KM_ALGORITHM_HMAC};
379
380 keymaster_algorithm_t*
GetSupportedAlgorithms(size_t * algorithms_count) const381 SoftKeymasterContext::GetSupportedAlgorithms(size_t* algorithms_count) const {
382 *algorithms_count = array_length(supported_algorithms);
383 return supported_algorithms;
384 }
385
GetOperationFactory(keymaster_algorithm_t algorithm,keymaster_purpose_t purpose) const386 OperationFactory* SoftKeymasterContext::GetOperationFactory(keymaster_algorithm_t algorithm,
387 keymaster_purpose_t purpose) const {
388 KeyFactory* key_factory = GetKeyFactory(algorithm);
389 if (!key_factory)
390 return nullptr;
391 return key_factory->GetOperationFactory(purpose);
392 }
393
TranslateAuthorizationSetError(AuthorizationSet::Error err)394 static keymaster_error_t TranslateAuthorizationSetError(AuthorizationSet::Error err) {
395 switch (err) {
396 case AuthorizationSet::OK:
397 return KM_ERROR_OK;
398 case AuthorizationSet::ALLOCATION_FAILURE:
399 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
400 case AuthorizationSet::MALFORMED_DATA:
401 return KM_ERROR_UNKNOWN_ERROR;
402 }
403 return KM_ERROR_OK;
404 }
405
SetAuthorizations(const AuthorizationSet & key_description,keymaster_key_origin_t origin,uint32_t os_version,uint32_t os_patchlevel,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced)406 static keymaster_error_t SetAuthorizations(const AuthorizationSet& key_description,
407 keymaster_key_origin_t origin, uint32_t os_version,
408 uint32_t os_patchlevel, AuthorizationSet* hw_enforced,
409 AuthorizationSet* sw_enforced) {
410 sw_enforced->Clear();
411
412 for (auto& entry : key_description) {
413 switch (entry.tag) {
414 // These cannot be specified by the client.
415 case KM_TAG_ROOT_OF_TRUST:
416 case KM_TAG_ORIGIN:
417 LOG_E("Root of trust and origin tags may not be specified", 0);
418 return KM_ERROR_INVALID_TAG;
419
420 // These don't work.
421 case KM_TAG_ROLLBACK_RESISTANT:
422 LOG_E("KM_TAG_ROLLBACK_RESISTANT not supported", 0);
423 return KM_ERROR_UNSUPPORTED_TAG;
424
425 // These are hidden.
426 case KM_TAG_APPLICATION_ID:
427 case KM_TAG_APPLICATION_DATA:
428 break;
429
430 // Everything else we just copy into sw_enforced, unless the KeyFactory has placed it in
431 // hw_enforced, in which case we defer to its decision.
432 default:
433 if (hw_enforced->GetTagCount(entry.tag) == 0)
434 sw_enforced->push_back(entry);
435 break;
436 }
437 }
438
439 sw_enforced->push_back(TAG_CREATION_DATETIME, java_time(time(NULL)));
440 sw_enforced->push_back(TAG_ORIGIN, origin);
441 sw_enforced->push_back(TAG_OS_VERSION, os_version);
442 sw_enforced->push_back(TAG_OS_PATCHLEVEL, os_patchlevel);
443
444 return TranslateAuthorizationSetError(sw_enforced->is_valid());
445 }
446
CreateKeyBlob(const AuthorizationSet & key_description,const keymaster_key_origin_t origin,const KeymasterKeyBlob & key_material,KeymasterKeyBlob * blob,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const447 keymaster_error_t SoftKeymasterContext::CreateKeyBlob(const AuthorizationSet& key_description,
448 const keymaster_key_origin_t origin,
449 const KeymasterKeyBlob& key_material,
450 KeymasterKeyBlob* blob,
451 AuthorizationSet* hw_enforced,
452 AuthorizationSet* sw_enforced) const {
453 keymaster_error_t error = SetAuthorizations(key_description, origin, os_version_,
454 os_patchlevel_, hw_enforced, sw_enforced);
455 if (error != KM_ERROR_OK)
456 return error;
457
458 AuthorizationSet hidden;
459 error = BuildHiddenAuthorizations(key_description, &hidden);
460 if (error != KM_ERROR_OK)
461 return error;
462
463 return SerializeIntegrityAssuredBlob(key_material, hidden, *hw_enforced, *sw_enforced, blob);
464 }
465
UpgradeKeyBlob(const KeymasterKeyBlob & key_to_upgrade,const AuthorizationSet & upgrade_params,KeymasterKeyBlob * upgraded_key) const466 keymaster_error_t SoftKeymasterContext::UpgradeKeyBlob(const KeymasterKeyBlob& key_to_upgrade,
467 const AuthorizationSet& upgrade_params,
468 KeymasterKeyBlob* upgraded_key) const {
469 KeymasterKeyBlob key_material;
470 AuthorizationSet tee_enforced;
471 AuthorizationSet sw_enforced;
472 keymaster_error_t error =
473 ParseKeyBlob(key_to_upgrade, upgrade_params, &key_material, &tee_enforced, &sw_enforced);
474 if (error != KM_ERROR_OK)
475 return error;
476
477 // Three cases here:
478 //
479 // 1. Software key blob. Version info, if present, is in sw_enforced. If not present, we
480 // should add it.
481 //
482 // 2. Keymaster0 hardware key blob. Version info, if present, is in sw_enforced. If not
483 // present we should add it.
484 //
485 // 3. Keymaster1 hardware key blob. Version info is not present and we shouldn't have been
486 // asked to upgrade.
487
488 // Handle case 3.
489 if (km1_dev_ && tee_enforced.Contains(TAG_PURPOSE) && !tee_enforced.Contains(TAG_OS_PATCHLEVEL))
490 return KM_ERROR_INVALID_ARGUMENT;
491
492 // Handle cases 1 & 2.
493 bool set_changed = false;
494
495 if (os_version_ == 0) {
496 // We need to allow "upgrading" OS version to zero, to support upgrading from proper
497 // numbered releases to unnumbered development and preview releases.
498
499 int key_os_version_pos = sw_enforced.find(TAG_OS_VERSION);
500 if (key_os_version_pos != -1) {
501 uint32_t key_os_version = sw_enforced[key_os_version_pos].integer;
502 if (key_os_version != 0) {
503 sw_enforced[key_os_version_pos].integer = os_version_;
504 set_changed = true;
505 }
506 }
507 }
508
509 if (!UpgradeIntegerTag(TAG_OS_VERSION, os_version_, &sw_enforced, &set_changed) ||
510 !UpgradeIntegerTag(TAG_OS_PATCHLEVEL, os_patchlevel_, &sw_enforced, &set_changed))
511 // One of the version fields would have been a downgrade. Not allowed.
512 return KM_ERROR_INVALID_ARGUMENT;
513
514 if (!set_changed)
515 // Dont' need an upgrade.
516 return KM_ERROR_OK;
517
518 AuthorizationSet hidden;
519 error = BuildHiddenAuthorizations(upgrade_params, &hidden);
520 if (error != KM_ERROR_OK)
521 return error;
522 return SerializeIntegrityAssuredBlob(key_material, hidden, tee_enforced, sw_enforced,
523 upgraded_key);
524 }
525
ParseOcbAuthEncryptedBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & hidden,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced)526 static keymaster_error_t ParseOcbAuthEncryptedBlob(const KeymasterKeyBlob& blob,
527 const AuthorizationSet& hidden,
528 KeymasterKeyBlob* key_material,
529 AuthorizationSet* hw_enforced,
530 AuthorizationSet* sw_enforced) {
531 Buffer nonce, tag;
532 KeymasterKeyBlob encrypted_key_material;
533 keymaster_error_t error = DeserializeAuthEncryptedBlob(blob, &encrypted_key_material,
534 hw_enforced, sw_enforced, &nonce, &tag);
535 if (error != KM_ERROR_OK)
536 return error;
537
538 if (nonce.available_read() != OCB_NONCE_LENGTH || tag.available_read() != OCB_TAG_LENGTH)
539 return KM_ERROR_INVALID_KEY_BLOB;
540
541 return OcbDecryptKey(*hw_enforced, *sw_enforced, hidden, MASTER_KEY, encrypted_key_material,
542 nonce, tag, key_material);
543 }
544
545 // Note: This parsing code in below is from system/security/softkeymaster/keymaster_openssl.cpp's
546 // unwrap_key function, modified for the preferred function signature and formatting. It does some
547 // odd things, but they have been left unchanged to avoid breaking compatibility.
548 static const uint8_t SOFT_KEY_MAGIC[] = {'P', 'K', '#', '8'};
ParseOldSoftkeymasterBlob(const KeymasterKeyBlob & blob,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const549 keymaster_error_t SoftKeymasterContext::ParseOldSoftkeymasterBlob(
550 const KeymasterKeyBlob& blob, KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced,
551 AuthorizationSet* sw_enforced) const {
552 long publicLen = 0;
553 long privateLen = 0;
554 const uint8_t* p = blob.key_material;
555 const uint8_t* end = blob.key_material + blob.key_material_size;
556
557 int type = 0;
558 ptrdiff_t min_size =
559 sizeof(SOFT_KEY_MAGIC) + sizeof(type) + sizeof(publicLen) + 1 + sizeof(privateLen) + 1;
560 if (end - p < min_size) {
561 LOG_W("key blob appears to be truncated (if an old SW key)", 0);
562 return KM_ERROR_INVALID_KEY_BLOB;
563 }
564
565 if (memcmp(p, SOFT_KEY_MAGIC, sizeof(SOFT_KEY_MAGIC)) != 0)
566 return KM_ERROR_INVALID_KEY_BLOB;
567 p += sizeof(SOFT_KEY_MAGIC);
568
569 for (size_t i = 0; i < sizeof(type); i++)
570 type = (type << 8) | *p++;
571
572 for (size_t i = 0; i < sizeof(type); i++)
573 publicLen = (publicLen << 8) | *p++;
574
575 if (p + publicLen > end) {
576 LOG_W("public key length encoding error: size=%ld, end=%td", publicLen, end - p);
577 return KM_ERROR_INVALID_KEY_BLOB;
578 }
579 p += publicLen;
580
581 if (end - p < 2) {
582 LOG_W("key blob appears to be truncated (if an old SW key)", 0);
583 return KM_ERROR_INVALID_KEY_BLOB;
584 }
585
586 for (size_t i = 0; i < sizeof(type); i++)
587 privateLen = (privateLen << 8) | *p++;
588
589 if (p + privateLen > end) {
590 LOG_W("private key length encoding error: size=%ld, end=%td", privateLen, end - p);
591 return KM_ERROR_INVALID_KEY_BLOB;
592 }
593
594 // Just to be sure, make sure that the ASN.1 structure parses correctly. We don't actually use
595 // the EVP_PKEY here.
596 const uint8_t* key_start = p;
597 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> pkey(d2i_PrivateKey(type, nullptr, &p, privateLen));
598 if (pkey.get() == nullptr) {
599 LOG_W("Failed to parse PKCS#8 key material (if old SW key)", 0);
600 return KM_ERROR_INVALID_KEY_BLOB;
601 }
602
603 // All auths go into sw_enforced, including those that would be HW-enforced if we were faking
604 // auths for a HW-backed key.
605 hw_enforced->Clear();
606 keymaster_error_t error = FakeKeyAuthorizations(pkey.get(), sw_enforced, sw_enforced);
607 if (error != KM_ERROR_OK)
608 return error;
609
610 if (!key_material->Reset(privateLen))
611 return KM_ERROR_MEMORY_ALLOCATION_FAILED;
612 memcpy(key_material->writable_data(), key_start, privateLen);
613
614 return KM_ERROR_OK;
615 }
616
ParseKeyBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & additional_params,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const617 keymaster_error_t SoftKeymasterContext::ParseKeyBlob(const KeymasterKeyBlob& blob,
618 const AuthorizationSet& additional_params,
619 KeymasterKeyBlob* key_material,
620 AuthorizationSet* hw_enforced,
621 AuthorizationSet* sw_enforced) const {
622 // This is a little bit complicated.
623 //
624 // The SoftKeymasterContext has to handle a lot of different kinds of key blobs.
625 //
626 // 1. New keymaster1 software key blobs. These are integrity-assured but not encrypted. The
627 // raw key material and auth sets should be extracted and returned. This is the kind
628 // produced by this context when the KeyFactory doesn't use keymaster0 to back the keys.
629 //
630 // 2. Old keymaster1 software key blobs. These are OCB-encrypted with an all-zero master key.
631 // They should be decrypted and the key material and auth sets extracted and returned.
632 //
633 // 3. Old keymaster0 software key blobs. These are raw key material with a small header tacked
634 // on the front. They don't have auth sets, so reasonable defaults are generated and
635 // returned along with the raw key material.
636 //
637 // 4. New keymaster0 hardware key blobs. These are integrity-assured but not encrypted (though
638 // they're protected by the keymaster0 hardware implementation). The keymaster0 key blob
639 // and auth sets should be extracted and returned.
640 //
641 // 5. Keymaster1 hardware key blobs. These are raw hardware key blobs. They contain auth
642 // sets, which we retrieve from the hardware module.
643 //
644 // 6. Old keymaster0 hardware key blobs. These are raw hardware key blobs. They don't have
645 // auth sets so reasonable defaults are generated and returned along with the key blob.
646 //
647 // Determining what kind of blob has arrived is somewhat tricky. What helps is that
648 // integrity-assured and OCB-encrypted blobs are self-consistent and effectively impossible to
649 // parse as anything else. Old keymaster0 software key blobs have a header. It's reasonably
650 // unlikely that hardware keys would have the same header. So anything that is neither
651 // integrity-assured nor OCB-encrypted and lacks the old software key header is assumed to be
652 // keymaster0 hardware.
653
654 AuthorizationSet hidden;
655 keymaster_error_t error = BuildHiddenAuthorizations(additional_params, &hidden);
656 if (error != KM_ERROR_OK)
657 return error;
658
659 // Assume it's an integrity-assured blob (new software-only blob, or new keymaster0-backed
660 // blob).
661 error = DeserializeIntegrityAssuredBlob(blob, hidden, key_material, hw_enforced, sw_enforced);
662 if (error != KM_ERROR_INVALID_KEY_BLOB)
663 return error;
664
665 // Wasn't an integrity-assured blob. Maybe it's an OCB-encrypted blob.
666 error = ParseOcbAuthEncryptedBlob(blob, hidden, key_material, hw_enforced, sw_enforced);
667 if (error == KM_ERROR_OK)
668 LOG_D("Parsed an old keymaster1 software key", 0);
669 if (error != KM_ERROR_INVALID_KEY_BLOB)
670 return error;
671
672 // Wasn't an OCB-encrypted blob. Maybe it's an old softkeymaster blob.
673 error = ParseOldSoftkeymasterBlob(blob, key_material, hw_enforced, sw_enforced);
674 if (error == KM_ERROR_OK)
675 LOG_D("Parsed an old sofkeymaster key", 0);
676 if (error != KM_ERROR_INVALID_KEY_BLOB)
677 return error;
678
679 if (km1_dev_)
680 return ParseKeymaster1HwBlob(blob, additional_params, key_material, hw_enforced,
681 sw_enforced);
682 else if (km0_engine_)
683 return ParseKeymaster0HwBlob(blob, key_material, hw_enforced, sw_enforced);
684
685 return KM_ERROR_INVALID_KEY_BLOB;
686 }
687
DeleteKey(const KeymasterKeyBlob & blob) const688 keymaster_error_t SoftKeymasterContext::DeleteKey(const KeymasterKeyBlob& blob) const {
689 if (km1_engine_) {
690 // HACK. Due to a bug with Qualcomm's Keymaster implementation, which causes the device to
691 // reboot if we pass it a key blob it doesn't understand, we need to check for software
692 // keys. If it looks like a software key there's nothing to do so we just return.
693 KeymasterKeyBlob key_material;
694 AuthorizationSet hw_enforced, sw_enforced;
695 keymaster_error_t error = DeserializeIntegrityAssuredBlob_NoHmacCheck(
696 blob, &key_material, &hw_enforced, &sw_enforced);
697 if (error == KM_ERROR_OK) {
698 return KM_ERROR_OK;
699 }
700
701 return km1_engine_->DeleteKey(blob);
702 }
703
704 if (km0_engine_) {
705 // This could be a keymaster0 hardware key, and it could be either raw or encapsulated in an
706 // integrity-assured blob. If it's integrity-assured, we can't validate it strongly,
707 // because we don't have the necessary additional_params data. However, the probability
708 // that anything other than an integrity-assured blob would have all of the structure
709 // required to decode as a valid blob is low -- unless it's maliciously-constructed, but the
710 // deserializer should be proof against bad data, as should the keymaster0 hardware.
711 //
712 // Thus, we first try to parse it as integrity-assured. If that works, we pass the result
713 // to the underlying hardware. If not, we pass blob unmodified to the underlying hardware.
714 KeymasterKeyBlob key_material;
715 AuthorizationSet hw_enforced, sw_enforced;
716 keymaster_error_t error = DeserializeIntegrityAssuredBlob_NoHmacCheck(
717 blob, &key_material, &hw_enforced, &sw_enforced);
718 if (error == KM_ERROR_OK && km0_engine_->DeleteKey(key_material))
719 return KM_ERROR_OK;
720
721 km0_engine_->DeleteKey(blob);
722
723 // We succeed unconditionally at this point, even if delete failed. Failure indicates that
724 // either the blob is a software blob (which we can't distinguish with certainty without
725 // additional_params) or because it is a hardware blob and the hardware failed. In the
726 // first case, there is no error. In the second case, the client can't do anything to fix
727 // it anyway, so it's not too harmful to simply swallow the error. This is not ideal, but
728 // it's the least-bad alternative.
729 return KM_ERROR_OK;
730 }
731
732 // Nothing to do for software-only contexts.
733 return KM_ERROR_OK;
734 }
735
DeleteAllKeys() const736 keymaster_error_t SoftKeymasterContext::DeleteAllKeys() const {
737 if (km1_engine_)
738 return km1_engine_->DeleteAllKeys();
739
740 if (km0_engine_ && !km0_engine_->DeleteAllKeys())
741 return KM_ERROR_UNKNOWN_ERROR;
742
743 return KM_ERROR_OK;
744 }
745
AddRngEntropy(const uint8_t * buf,size_t length) const746 keymaster_error_t SoftKeymasterContext::AddRngEntropy(const uint8_t* buf, size_t length) const {
747 RAND_add(buf, length, 0 /* Don't assume any entropy is added to the pool. */);
748 return KM_ERROR_OK;
749 }
750
GenerateRandom(uint8_t * buf,size_t length) const751 keymaster_error_t SoftKeymasterContext::GenerateRandom(uint8_t* buf, size_t length) const {
752 if (RAND_bytes(buf, length) != 1)
753 return KM_ERROR_UNKNOWN_ERROR;
754 return KM_ERROR_OK;
755 }
756
AddSystemVersionToSet(AuthorizationSet * auth_set) const757 void SoftKeymasterContext::AddSystemVersionToSet(AuthorizationSet* auth_set) const {
758 if (!auth_set->Contains(TAG_OS_VERSION))
759 auth_set->push_back(TAG_OS_VERSION, os_version_);
760 if (!auth_set->Contains(TAG_OS_PATCHLEVEL))
761 auth_set->push_back(TAG_OS_PATCHLEVEL, os_patchlevel_);
762 }
763
AttestationKey(keymaster_algorithm_t algorithm,keymaster_error_t * error) const764 EVP_PKEY* SoftKeymasterContext::AttestationKey(keymaster_algorithm_t algorithm,
765 keymaster_error_t* error) const {
766
767 const uint8_t* key;
768 size_t key_length;
769 int evp_key_type;
770
771 switch (algorithm) {
772 case KM_ALGORITHM_RSA:
773 key = kRsaAttestKey;
774 key_length = array_length(kRsaAttestKey);
775 evp_key_type = EVP_PKEY_RSA;
776 break;
777
778 case KM_ALGORITHM_EC:
779 key = kEcAttestKey;
780 key_length = array_length(kEcAttestKey);
781 evp_key_type = EVP_PKEY_EC;
782 break;
783
784 default:
785 *error = KM_ERROR_UNSUPPORTED_ALGORITHM;
786 return nullptr;
787 }
788
789 EVP_PKEY* pkey = d2i_PrivateKey(evp_key_type, nullptr /* pkey */, &key, key_length);
790 if (!pkey)
791 *error = TranslateLastOpenSslError();
792
793 return pkey;
794 }
795
AttestationChain(keymaster_algorithm_t algorithm,keymaster_error_t * error) const796 keymaster_cert_chain_t* SoftKeymasterContext::AttestationChain(keymaster_algorithm_t algorithm,
797 keymaster_error_t* error) const {
798 // If we have to bail it will be because of an allocation failure.
799 *error = KM_ERROR_MEMORY_ALLOCATION_FAILED;
800
801 UniquePtr<keymaster_cert_chain_t, CertificateChainDelete> chain(new keymaster_cert_chain_t);
802 if (!chain.get())
803 return nullptr;
804 memset(chain.get(), 0, sizeof(keymaster_cert_chain_t));
805
806 chain->entries = new keymaster_blob_t[kCertificateChainLength];
807 if (!chain->entries)
808 return nullptr;
809
810 memset(chain->entries, 0, sizeof(chain->entries[0]) * kCertificateChainLength);
811 chain->entry_count = kCertificateChainLength;
812
813 size_t entry = 0;
814
815 switch (algorithm) {
816 case KM_ALGORITHM_RSA:
817 chain->entries[entry].data = dup_array(kRsaAttestCert);
818 if (!chain->entries[entry].data)
819 return nullptr;
820 chain->entries[entry].data_length = array_length(kRsaAttestCert);
821 entry++;
822 chain->entries[entry].data = dup_array(kRsaAttestRootCert);
823 if (!chain->entries[entry].data)
824 return nullptr;
825 chain->entries[entry].data_length = array_length(kRsaAttestRootCert);
826 entry++;
827 break;
828
829 case KM_ALGORITHM_EC:
830 chain->entries[entry].data = dup_array(kEcAttestCert);
831 if (!chain->entries[entry].data)
832 return nullptr;
833 chain->entries[entry].data_length = array_length(kEcAttestCert);
834 entry++;
835 chain->entries[entry].data = dup_array(kEcAttestRootCert);
836 if (!chain->entries[entry].data)
837 return nullptr;
838 chain->entries[entry].data_length = array_length(kEcAttestRootCert);
839 entry++;
840 break;
841
842 default:
843 *error = KM_ERROR_UNSUPPORTED_ALGORITHM;
844 return nullptr;
845 };
846
847 assert(entry == kCertificateChainLength);
848
849 *error = KM_ERROR_OK;
850 return chain.release();
851 }
852
GenerateUniqueId(uint64_t,const keymaster_blob_t &,bool,Buffer *) const853 keymaster_error_t SoftKeymasterContext::GenerateUniqueId(
854 uint64_t /* creation_date_time */, const keymaster_blob_t& /* application_id */,
855 bool /* reset_since_rotation */, Buffer* /* unique_id */) const {
856 // SoftKeymasterDevice cannot generate unique IDs.
857 return KM_ERROR_UNIMPLEMENTED;
858 }
859
ParseKeymaster1HwBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & additional_params,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const860 keymaster_error_t SoftKeymasterContext::ParseKeymaster1HwBlob(
861 const KeymasterKeyBlob& blob, const AuthorizationSet& additional_params,
862 KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced,
863 AuthorizationSet* sw_enforced) const {
864 assert(km1_dev_);
865
866 keymaster_blob_t client_id = {nullptr, 0};
867 keymaster_blob_t app_data = {nullptr, 0};
868 keymaster_blob_t* client_id_ptr = nullptr;
869 keymaster_blob_t* app_data_ptr = nullptr;
870 if (additional_params.GetTagValue(TAG_APPLICATION_ID, &client_id))
871 client_id_ptr = &client_id;
872 if (additional_params.GetTagValue(TAG_APPLICATION_DATA, &app_data))
873 app_data_ptr = &app_data;
874
875 // Get key characteristics, which incidentally verifies that the HW recognizes the key.
876 keymaster_key_characteristics_t* characteristics;
877 keymaster_error_t error = km1_dev_->get_key_characteristics(km1_dev_, &blob, client_id_ptr,
878 app_data_ptr, &characteristics);
879 if (error != KM_ERROR_OK)
880 return error;
881 unique_ptr<keymaster_key_characteristics_t, Characteristics_Delete> characteristics_deleter(
882 characteristics);
883
884 LOG_D("Module \"%s\" accepted key", km1_dev_->common.module->name);
885
886 hw_enforced->Reinitialize(characteristics->hw_enforced);
887 sw_enforced->Reinitialize(characteristics->sw_enforced);
888 *key_material = blob;
889 return KM_ERROR_OK;
890 }
891
ParseKeymaster0HwBlob(const KeymasterKeyBlob & blob,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const892 keymaster_error_t SoftKeymasterContext::ParseKeymaster0HwBlob(const KeymasterKeyBlob& blob,
893 KeymasterKeyBlob* key_material,
894 AuthorizationSet* hw_enforced,
895 AuthorizationSet* sw_enforced) const {
896 assert(km0_engine_);
897
898 unique_ptr<EVP_PKEY, EVP_PKEY_Delete> tmp_key(km0_engine_->GetKeymaster0PublicKey(blob));
899
900 if (!tmp_key)
901 return KM_ERROR_INVALID_KEY_BLOB;
902
903 LOG_D("Module \"%s\" accepted key", km0_engine_->device()->common.module->name);
904 keymaster_error_t error = FakeKeyAuthorizations(tmp_key.get(), hw_enforced, sw_enforced);
905 if (error == KM_ERROR_OK)
906 *key_material = blob;
907
908 return error;
909 }
910
FakeKeyAuthorizations(EVP_PKEY * pubkey,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const911 keymaster_error_t SoftKeymasterContext::FakeKeyAuthorizations(EVP_PKEY* pubkey,
912 AuthorizationSet* hw_enforced,
913 AuthorizationSet* sw_enforced) const {
914 hw_enforced->Clear();
915 sw_enforced->Clear();
916
917 switch (EVP_PKEY_type(pubkey->type)) {
918 case EVP_PKEY_RSA: {
919 hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
920 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_NONE);
921 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_MD5);
922 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA1);
923 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_224);
924 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
925 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384);
926 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_512);
927 hw_enforced->push_back(TAG_PADDING, KM_PAD_NONE);
928 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_SIGN);
929 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PKCS1_1_5_ENCRYPT);
930 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_PSS);
931 hw_enforced->push_back(TAG_PADDING, KM_PAD_RSA_OAEP);
932
933 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN);
934 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY);
935 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_ENCRYPT);
936 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_DECRYPT);
937
938 unique_ptr<RSA, RSA_Delete> rsa(EVP_PKEY_get1_RSA(pubkey));
939 if (!rsa)
940 return TranslateLastOpenSslError();
941 hw_enforced->push_back(TAG_KEY_SIZE, RSA_size(rsa.get()) * 8);
942 uint64_t public_exponent = BN_get_word(rsa->e);
943 if (public_exponent == 0xffffffffL)
944 return KM_ERROR_INVALID_KEY_BLOB;
945 hw_enforced->push_back(TAG_RSA_PUBLIC_EXPONENT, public_exponent);
946 break;
947 }
948
949 case EVP_PKEY_EC: {
950 hw_enforced->push_back(TAG_ALGORITHM, KM_ALGORITHM_RSA);
951 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_NONE);
952 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_MD5);
953 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA1);
954 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_224);
955 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_256);
956 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_384);
957 hw_enforced->push_back(TAG_DIGEST, KM_DIGEST_SHA_2_512);
958
959 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_SIGN);
960 sw_enforced->push_back(TAG_PURPOSE, KM_PURPOSE_VERIFY);
961
962 UniquePtr<EC_KEY, EC_KEY_Delete> ec_key(EVP_PKEY_get1_EC_KEY(pubkey));
963 if (!ec_key.get())
964 return TranslateLastOpenSslError();
965 size_t key_size_bits;
966 keymaster_error_t error =
967 ec_get_group_size(EC_KEY_get0_group(ec_key.get()), &key_size_bits);
968 if (error != KM_ERROR_OK)
969 return error;
970 hw_enforced->push_back(TAG_KEY_SIZE, key_size_bits);
971 break;
972 }
973
974 default:
975 return KM_ERROR_UNSUPPORTED_ALGORITHM;
976 }
977
978 sw_enforced->push_back(TAG_ALL_USERS);
979 sw_enforced->push_back(TAG_NO_AUTH_REQUIRED);
980
981 return KM_ERROR_OK;
982 }
983
BuildHiddenAuthorizations(const AuthorizationSet & input_set,AuthorizationSet * hidden) const984 keymaster_error_t SoftKeymasterContext::BuildHiddenAuthorizations(const AuthorizationSet& input_set,
985 AuthorizationSet* hidden) const {
986 keymaster_blob_t entry;
987 if (input_set.GetTagValue(TAG_APPLICATION_ID, &entry))
988 hidden->push_back(TAG_APPLICATION_ID, entry.data, entry.data_length);
989 if (input_set.GetTagValue(TAG_APPLICATION_DATA, &entry))
990 hidden->push_back(TAG_APPLICATION_DATA, entry.data, entry.data_length);
991
992 hidden->push_back(TAG_ROOT_OF_TRUST, reinterpret_cast<const uint8_t*>(root_of_trust_.data()),
993 root_of_trust_.size());
994
995 return TranslateAuthorizationSetError(hidden->is_valid());
996 }
997
998 } // namespace keymaster
999