1 /* 2 * Copyright 2015 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 #ifndef TRUSTY_APP_KEYMASTER_TRUSTY_KEYMASTER_CONTEXT_H_ 18 #define TRUSTY_APP_KEYMASTER_TRUSTY_KEYMASTER_CONTEXT_H_ 19 20 #include <stdlib.h> 21 22 #include <keymaster/UniquePtr.h> 23 #include <keymaster/attestation_context.h> 24 #include <keymaster/keymaster_context.h> 25 #include <keymaster/soft_key_factory.h> 26 27 #include <keymaster/km_openssl/software_random_source.h> 28 29 #include "trusty_keymaster_enforcement.h" 30 #include "trusty_remote_provisioning_context.h" 31 #include "trusty_secure_deletion_secret_storage.h" 32 33 namespace keymaster { 34 35 class KeyFactory; 36 37 static const int kAuthTokenKeySize = 32; 38 39 class TrustyKeymasterContext : public KeymasterContext, 40 AttestationContext, 41 SoftwareKeyBlobMaker, 42 SoftwareRandomSource { 43 public: 44 TrustyKeymasterContext(); 45 GetKmVersion()46 KmVersion GetKmVersion() const override { 47 return AttestationContext::version_; 48 } 49 SetKmVersion(KmVersion version)50 void SetKmVersion(KmVersion version) { 51 AttestationContext::version_ = version; 52 } 53 GetSecurityLevel()54 keymaster_security_level_t GetSecurityLevel() const override { 55 return KM_SECURITY_LEVEL_TRUSTED_ENVIRONMENT; 56 } 57 58 keymaster_error_t SetSystemVersion(uint32_t os_version, 59 uint32_t os_patchlevel) override; 60 void GetSystemVersion(uint32_t* os_version, 61 uint32_t* os_patchlevel) const override; 62 63 const KeyFactory* GetKeyFactory( 64 keymaster_algorithm_t algorithm) const override; 65 OperationFactory* GetOperationFactory( 66 keymaster_algorithm_t algorithm, 67 keymaster_purpose_t purpose) const override; 68 const keymaster_algorithm_t* GetSupportedAlgorithms( 69 size_t* algorithms_count) const override; 70 71 const VerifiedBootParams* GetVerifiedBootParams( 72 keymaster_error_t* error) const override; 73 74 keymaster_error_t CreateKeyBlob( 75 const AuthorizationSet& key_description, 76 keymaster_key_origin_t origin, 77 const KeymasterKeyBlob& key_material, 78 KeymasterKeyBlob* blob, 79 AuthorizationSet* hw_enforced, 80 AuthorizationSet* sw_enforced) const override; 81 82 keymaster_error_t UpgradeKeyBlob( 83 const KeymasterKeyBlob& key_to_upgrade, 84 const AuthorizationSet& upgrade_params, 85 KeymasterKeyBlob* upgraded_key) const override; 86 87 keymaster_error_t ParseKeyBlob(const KeymasterKeyBlob& blob, 88 const AuthorizationSet& additional_params, 89 UniquePtr<Key>* key) const override; 90 91 keymaster_error_t DeleteKey(const KeymasterKeyBlob& blob) const override; 92 keymaster_error_t DeleteAllKeys() const override; 93 94 keymaster_error_t AddRngEntropy(const uint8_t* buf, 95 size_t length) const override; 96 97 keymaster_error_t GetAuthTokenKey(keymaster_key_blob_t* key) const; 98 99 std::unique_ptr<cppbor::Map> GetDeviceIds() const; 100 enforcement_policy()101 KeymasterEnforcement* enforcement_policy() override { 102 return &enforcement_policy_; 103 } 104 attestation_context()105 AttestationContext* attestation_context() override { return this; } 106 secure_deletion_secret_storage()107 SecureDeletionSecretStorage* secure_deletion_secret_storage() override { 108 return &secure_deletion_secret_storage_; 109 } 110 111 keymaster_error_t VerifyAndCopyDeviceIds( 112 const AuthorizationSet& attestation_params, 113 AuthorizationSet* values_to_attest) const override; 114 115 Buffer GenerateUniqueId(uint64_t creation_date_time, 116 const keymaster_blob_t& application_id, 117 bool reset_since_rotation, 118 keymaster_error_t* error) const override; 119 120 KeymasterKeyBlob GetAttestationKey(keymaster_algorithm_t algorithm, 121 keymaster_error_t* error) const override; 122 123 CertificateChain GetAttestationChain( 124 keymaster_algorithm_t algorithm, 125 keymaster_error_t* error) const override; 126 127 CertificateChain GenerateAttestation( 128 const Key& key, 129 const AuthorizationSet& attest_params, 130 UniquePtr<Key> attest_key, 131 const KeymasterBlob& issuer_subject, 132 keymaster_error_t* error) const override; 133 134 CertificateChain GenerateSelfSignedCertificate( 135 const Key& key, 136 const AuthorizationSet& cert_params, 137 bool fake_signature, 138 keymaster_error_t* error) const override; 139 140 keymaster_error_t SetBootParams( 141 uint32_t /* os_version */, 142 uint32_t /* os_patchlevel */, 143 const Buffer& verified_boot_key, 144 keymaster_verified_boot_t verified_boot_state, 145 bool device_locked, 146 const Buffer& verified_boot_hash); 147 148 virtual keymaster_error_t UnwrapKey( 149 const KeymasterKeyBlob& wrapped_key_blob, 150 const KeymasterKeyBlob& wrapping_key_blob, 151 const AuthorizationSet& wrapping_key_params, 152 const KeymasterKeyBlob& masking_key, 153 AuthorizationSet* wrapped_key_params, 154 keymaster_key_format_t* wrapped_key_format, 155 KeymasterKeyBlob* wrapped_key_material) const override; 156 157 keymaster_error_t CheckConfirmationToken( 158 const uint8_t* input_data, 159 size_t input_data_size, 160 const uint8_t confirmation_token[kConfirmationTokenSize]) 161 const override; 162 GetRemoteProvisioningContext()163 RemoteProvisioningContext* GetRemoteProvisioningContext() const override { 164 return trusty_remote_provisioning_context_.get(); 165 } 166 SetVendorPatchlevel(uint32_t vendor_patchlevel)167 keymaster_error_t SetVendorPatchlevel(uint32_t vendor_patchlevel) override { 168 if (vendor_patchlevel_.has_value() && 169 vendor_patchlevel != vendor_patchlevel_.value()) { 170 // Can't set patchlevel to a different value. 171 return KM_ERROR_INVALID_ARGUMENT; 172 } 173 vendor_patchlevel_ = vendor_patchlevel; 174 trusty_remote_provisioning_context_->SetVendorPatchlevel( 175 vendor_patchlevel); 176 return KM_ERROR_OK; 177 } 178 SetBootPatchlevel(uint32_t boot_patchlevel)179 keymaster_error_t SetBootPatchlevel(uint32_t boot_patchlevel) override { 180 if (boot_patchlevel_.has_value() && 181 boot_patchlevel != boot_patchlevel_.value()) { 182 // Can't set patchlevel to a different value. 183 return KM_ERROR_INVALID_ARGUMENT; 184 } 185 boot_patchlevel_ = boot_patchlevel; 186 trusty_remote_provisioning_context_->SetBootPatchlevel(boot_patchlevel); 187 return KM_ERROR_OK; 188 } 189 GetVendorPatchlevel()190 std::optional<uint32_t> GetVendorPatchlevel() const override { 191 return vendor_patchlevel_; 192 } 193 GetBootPatchlevel()194 std::optional<uint32_t> GetBootPatchlevel() const override { 195 return boot_patchlevel_; 196 } 197 198 keymaster_error_t SetModuleHash( 199 const keymaster_blob_t& module_hash) override; 200 201 private: 202 bool SeedRngIfNeeded() const; 203 bool ShouldReseedRng() const; 204 bool ReseedRng(); 205 bool InitializeAuthTokenKey(); 206 keymaster_error_t SetAuthorizations(const AuthorizationSet& key_description, 207 keymaster_key_origin_t origin, 208 AuthorizationSet* hw_enforced, 209 AuthorizationSet* sw_enforced, 210 bool has_secure_deletion) const; 211 keymaster_error_t BuildHiddenAuthorizations( 212 const AuthorizationSet& input_set, 213 AuthorizationSet* hidden) const; 214 keymaster_error_t DeriveMasterKey(KeymasterKeyBlob* master_key, 215 const EncryptedKey& enc_key) const; 216 keymaster_error_t GetKdfState(EncryptedKey* info) const; 217 KmErrorOr<DeserializedKey> DeserializeKmCompatKeyBlob( 218 const KeymasterKeyBlob& blob) const; 219 KmErrorOr<DeserializedKey> DeserializeKeyBlob( 220 const KeymasterKeyBlob& blob) const; 221 222 /* 223 * CreateAuthEncryptedKeyBlob takes a key description authorization set, key 224 * material, and hardware and software authorization sets and produces an 225 * encrypted and integrity-checked key blob. 226 * 227 * This method is called by CreateKeyBlob and UpgradeKeyBlob. 228 */ 229 keymaster_error_t CreateAuthEncryptedKeyBlob( 230 const AuthorizationSet& key_description, 231 const KeymasterKeyBlob& key_material, 232 const AuthorizationSet& hw_enforced, 233 const AuthorizationSet& sw_enforced, 234 const std::optional<SecureDeletionData>& secure_deletion_data, 235 KeymasterKeyBlob* blob) const; 236 237 TrustyKeymasterEnforcement enforcement_policy_; 238 TrustySecureDeletionSecretStorage secure_deletion_secret_storage_; 239 240 UniquePtr<KeyFactory> aes_factory_; 241 UniquePtr<KeyFactory> ec_factory_; 242 UniquePtr<KeyFactory> hmac_factory_; 243 UniquePtr<KeyFactory> rsa_factory_; 244 UniquePtr<KeyFactory> tdes_factory_; 245 246 bool rng_initialized_; 247 mutable int calls_since_reseed_; 248 uint8_t auth_token_key_[kAuthTokenKeySize]; 249 bool auth_token_key_initialized_; 250 251 bool root_of_trust_set_ = false; 252 bool version_info_set_ = false; 253 BootParams boot_params_; 254 VerifiedBootParams verified_boot_params_ = { 255 .verified_boot_key = {}, 256 .verified_boot_hash = {}, 257 .verified_boot_state = KM_VERIFIED_BOOT_UNVERIFIED, 258 .device_locked = false}; 259 UniquePtr<TrustyRemoteProvisioningContext> 260 trusty_remote_provisioning_context_; 261 std::optional<uint32_t> vendor_patchlevel_; 262 std::optional<uint32_t> boot_patchlevel_; 263 std::optional<std::vector<uint8_t>> module_hash_; 264 mutable std::vector<uint8_t> unique_id_hbk_; 265 }; 266 267 } // namespace keymaster 268 269 #endif // TRUSTY_APP_KEYMASTER_TRUSTY_KEYMASTER_CONTEXT_H_ 270