xref: /aosp_15_r20/hardware/interfaces/gatekeeper/aidl/software/SharedSecret.cpp (revision 4d7e907c777eeecc4c5bd7cf640a754fac206ff7) 
1*4d7e907cSAndroid Build Coastguard Worker /*
2*4d7e907cSAndroid Build Coastguard Worker  * Copyright 2024, The Android Open Source Project
3*4d7e907cSAndroid Build Coastguard Worker  *
4*4d7e907cSAndroid Build Coastguard Worker  * Licensed under the Apache License, Version 2.0 (the "License");
5*4d7e907cSAndroid Build Coastguard Worker  * you may not use this file except in compliance with the License.
6*4d7e907cSAndroid Build Coastguard Worker  * You may obtain a copy of the License at
7*4d7e907cSAndroid Build Coastguard Worker  *
8*4d7e907cSAndroid Build Coastguard Worker  *     http://www.apache.org/licenses/LICENSE-2.0
9*4d7e907cSAndroid Build Coastguard Worker  *
10*4d7e907cSAndroid Build Coastguard Worker  * Unless required by applicable law or agreed to in writing, software
11*4d7e907cSAndroid Build Coastguard Worker  * distributed under the License is distributed on an "AS IS" BASIS,
12*4d7e907cSAndroid Build Coastguard Worker  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*4d7e907cSAndroid Build Coastguard Worker  * See the License for the specific language governing permissions and
14*4d7e907cSAndroid Build Coastguard Worker  * limitations under the License.
15*4d7e907cSAndroid Build Coastguard Worker  */
16*4d7e907cSAndroid Build Coastguard Worker 
17*4d7e907cSAndroid Build Coastguard Worker #include "SharedSecret.h"
18*4d7e907cSAndroid Build Coastguard Worker 
19*4d7e907cSAndroid Build Coastguard Worker #include <algorithm>
20*4d7e907cSAndroid Build Coastguard Worker #include <cstring>
21*4d7e907cSAndroid Build Coastguard Worker #include <mutex>
22*4d7e907cSAndroid Build Coastguard Worker #include <vector>
23*4d7e907cSAndroid Build Coastguard Worker 
24*4d7e907cSAndroid Build Coastguard Worker #include <openssl/rand.h>
25*4d7e907cSAndroid Build Coastguard Worker 
26*4d7e907cSAndroid Build Coastguard Worker #include <KeyMintUtils.h>
27*4d7e907cSAndroid Build Coastguard Worker #include <aidl/android/hardware/security/sharedsecret/BnSharedSecret.h>
28*4d7e907cSAndroid Build Coastguard Worker #include <aidl/android/hardware/security/sharedsecret/SharedSecretParameters.h>
29*4d7e907cSAndroid Build Coastguard Worker #include <android-base/logging.h>
30*4d7e907cSAndroid Build Coastguard Worker #include <keymaster/android_keymaster_messages.h>
31*4d7e907cSAndroid Build Coastguard Worker #include <keymaster/android_keymaster_utils.h>
32*4d7e907cSAndroid Build Coastguard Worker #include <keymaster/km_openssl/ckdf.h>
33*4d7e907cSAndroid Build Coastguard Worker #include <keymaster/km_openssl/hmac.h>
34*4d7e907cSAndroid Build Coastguard Worker 
35*4d7e907cSAndroid Build Coastguard Worker namespace aidl::android::hardware::security::sharedsecret {
36*4d7e907cSAndroid Build Coastguard Worker 
getSharedSecretParameters(SharedSecretParameters * out_params)37*4d7e907cSAndroid Build Coastguard Worker ::ndk::ScopedAStatus SoftSharedSecret::getSharedSecretParameters(
38*4d7e907cSAndroid Build Coastguard Worker         SharedSecretParameters* out_params) {
39*4d7e907cSAndroid Build Coastguard Worker     std::lock_guard lock(mutex_);
40*4d7e907cSAndroid Build Coastguard Worker     if (seed_.empty()) {
41*4d7e907cSAndroid Build Coastguard Worker         seed_.resize(32, 0);
42*4d7e907cSAndroid Build Coastguard Worker     }
43*4d7e907cSAndroid Build Coastguard Worker     out_params->seed = seed_;
44*4d7e907cSAndroid Build Coastguard Worker     if (nonce_.empty()) {
45*4d7e907cSAndroid Build Coastguard Worker         nonce_.resize(32, 0);
46*4d7e907cSAndroid Build Coastguard Worker         RAND_bytes(nonce_.data(), 32);
47*4d7e907cSAndroid Build Coastguard Worker     }
48*4d7e907cSAndroid Build Coastguard Worker     out_params->nonce = nonce_;
49*4d7e907cSAndroid Build Coastguard Worker     LOG(INFO) << "Presented shared secret parameters with seed size " << out_params->seed.size()
50*4d7e907cSAndroid Build Coastguard Worker               << " and nonce size " << out_params->nonce.size();
51*4d7e907cSAndroid Build Coastguard Worker     return ::ndk::ScopedAStatus::ok();
52*4d7e907cSAndroid Build Coastguard Worker }
53*4d7e907cSAndroid Build Coastguard Worker 
computeSharedSecret(const std::vector<SharedSecretParameters> & params,std::vector<uint8_t> * sharing_check)54*4d7e907cSAndroid Build Coastguard Worker ::ndk::ScopedAStatus SoftSharedSecret::computeSharedSecret(
55*4d7e907cSAndroid Build Coastguard Worker         const std::vector<SharedSecretParameters>& params, std::vector<uint8_t>* sharing_check) {
56*4d7e907cSAndroid Build Coastguard Worker     std::lock_guard lock(mutex_);
57*4d7e907cSAndroid Build Coastguard Worker     LOG(INFO) << "Computing shared secret";
58*4d7e907cSAndroid Build Coastguard Worker     // Reimplemented based on SoftKeymasterEnforcement, which does not expose
59*4d7e907cSAndroid Build Coastguard Worker     // enough functionality to satisfy the GateKeeper interface
60*4d7e907cSAndroid Build Coastguard Worker     keymaster::KeymasterKeyBlob key_agreement_key;
61*4d7e907cSAndroid Build Coastguard Worker     if (key_agreement_key.Reset(32) == nullptr) {
62*4d7e907cSAndroid Build Coastguard Worker         LOG(ERROR) << "key agreement key memory allocation failed";
63*4d7e907cSAndroid Build Coastguard Worker         return keymint::km_utils::kmError2ScopedAStatus(KM_ERROR_MEMORY_ALLOCATION_FAILED);
64*4d7e907cSAndroid Build Coastguard Worker     }
65*4d7e907cSAndroid Build Coastguard Worker     // Matching:
66*4d7e907cSAndroid Build Coastguard Worker     // - kFakeAgreementKey in system/keymaster/km_openssl/soft_keymaster_enforcement.cpp
67*4d7e907cSAndroid Build Coastguard Worker     // - Keys::kak in hardware/interfaces/security/keymint/aidl/default/ta/soft.rs
68*4d7e907cSAndroid Build Coastguard Worker     std::memset(key_agreement_key.writable_data(), 0, 32);
69*4d7e907cSAndroid Build Coastguard Worker     keymaster::KeymasterBlob label((uint8_t*)KEY_AGREEMENT_LABEL, strlen(KEY_AGREEMENT_LABEL));
70*4d7e907cSAndroid Build Coastguard Worker     if (label.data == nullptr) {
71*4d7e907cSAndroid Build Coastguard Worker         LOG(ERROR) << "label memory allocation failed";
72*4d7e907cSAndroid Build Coastguard Worker         return keymint::km_utils::kmError2ScopedAStatus(KM_ERROR_MEMORY_ALLOCATION_FAILED);
73*4d7e907cSAndroid Build Coastguard Worker     }
74*4d7e907cSAndroid Build Coastguard Worker 
75*4d7e907cSAndroid Build Coastguard Worker     static_assert(sizeof(keymaster_blob_t) == sizeof(keymaster::KeymasterBlob));
76*4d7e907cSAndroid Build Coastguard Worker 
77*4d7e907cSAndroid Build Coastguard Worker     bool found_mine = false;
78*4d7e907cSAndroid Build Coastguard Worker     std::vector<keymaster::KeymasterBlob> context_blobs;
79*4d7e907cSAndroid Build Coastguard Worker     for (const auto& param : params) {
80*4d7e907cSAndroid Build Coastguard Worker         auto& seed_blob = context_blobs.emplace_back();
81*4d7e907cSAndroid Build Coastguard Worker         if (seed_blob.Reset(param.seed.size()) == nullptr) {
82*4d7e907cSAndroid Build Coastguard Worker             LOG(ERROR) << "seed memory allocation failed";
83*4d7e907cSAndroid Build Coastguard Worker             return keymint::km_utils::kmError2ScopedAStatus(KM_ERROR_MEMORY_ALLOCATION_FAILED);
84*4d7e907cSAndroid Build Coastguard Worker         }
85*4d7e907cSAndroid Build Coastguard Worker         std::copy(param.seed.begin(), param.seed.end(), seed_blob.writable_data());
86*4d7e907cSAndroid Build Coastguard Worker         auto& nonce_blob = context_blobs.emplace_back();
87*4d7e907cSAndroid Build Coastguard Worker         if (nonce_blob.Reset(param.nonce.size()) == nullptr) {
88*4d7e907cSAndroid Build Coastguard Worker             LOG(ERROR) << "Nonce memory allocation failed";
89*4d7e907cSAndroid Build Coastguard Worker             return keymint::km_utils::kmError2ScopedAStatus(KM_ERROR_MEMORY_ALLOCATION_FAILED);
90*4d7e907cSAndroid Build Coastguard Worker         }
91*4d7e907cSAndroid Build Coastguard Worker         std::copy(param.nonce.begin(), param.nonce.end(), nonce_blob.writable_data());
92*4d7e907cSAndroid Build Coastguard Worker         if (param.seed == seed_ && param.nonce == nonce_) {
93*4d7e907cSAndroid Build Coastguard Worker             found_mine = true;
94*4d7e907cSAndroid Build Coastguard Worker         }
95*4d7e907cSAndroid Build Coastguard Worker     }
96*4d7e907cSAndroid Build Coastguard Worker     if (!found_mine) {
97*4d7e907cSAndroid Build Coastguard Worker         LOG(ERROR) << "Did not receive my own shared secret parameter back";
98*4d7e907cSAndroid Build Coastguard Worker         return keymint::km_utils::kmError2ScopedAStatus(KM_ERROR_INVALID_ARGUMENT);
99*4d7e907cSAndroid Build Coastguard Worker     }
100*4d7e907cSAndroid Build Coastguard Worker     auto context_blobs_ptr = reinterpret_cast<keymaster_blob_t*>(context_blobs.data());
101*4d7e907cSAndroid Build Coastguard Worker     if (hmac_key_.Reset(32) == nullptr) {
102*4d7e907cSAndroid Build Coastguard Worker         LOG(ERROR) << "hmac key allocation failed";
103*4d7e907cSAndroid Build Coastguard Worker         return keymint::km_utils::kmError2ScopedAStatus(KM_ERROR_MEMORY_ALLOCATION_FAILED);
104*4d7e907cSAndroid Build Coastguard Worker     }
105*4d7e907cSAndroid Build Coastguard Worker     auto error = keymaster::ckdf(key_agreement_key, label, context_blobs_ptr, context_blobs.size(),
106*4d7e907cSAndroid Build Coastguard Worker                                  &hmac_key_);
107*4d7e907cSAndroid Build Coastguard Worker     if (error != KM_ERROR_OK) {
108*4d7e907cSAndroid Build Coastguard Worker         LOG(ERROR) << "CKDF failed";
109*4d7e907cSAndroid Build Coastguard Worker         return keymint::km_utils::kmError2ScopedAStatus(error);
110*4d7e907cSAndroid Build Coastguard Worker     }
111*4d7e907cSAndroid Build Coastguard Worker 
112*4d7e907cSAndroid Build Coastguard Worker     keymaster::HmacSha256 hmac_impl;
113*4d7e907cSAndroid Build Coastguard Worker     if (!hmac_impl.Init(hmac_key_.key_material, hmac_key_.key_material_size)) {
114*4d7e907cSAndroid Build Coastguard Worker         LOG(ERROR) << "hmac initialization failed";
115*4d7e907cSAndroid Build Coastguard Worker         return ::ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_STATE);
116*4d7e907cSAndroid Build Coastguard Worker     }
117*4d7e907cSAndroid Build Coastguard Worker     sharing_check->clear();
118*4d7e907cSAndroid Build Coastguard Worker     sharing_check->resize(32, 0);
119*4d7e907cSAndroid Build Coastguard Worker     if (!hmac_impl.Sign((const uint8_t*)KEY_CHECK_LABEL, strlen(KEY_CHECK_LABEL),
120*4d7e907cSAndroid Build Coastguard Worker                         sharing_check->data(), sharing_check->size())) {
121*4d7e907cSAndroid Build Coastguard Worker         return ::ndk::ScopedAStatus::fromExceptionCode(EX_ILLEGAL_STATE);
122*4d7e907cSAndroid Build Coastguard Worker     }
123*4d7e907cSAndroid Build Coastguard Worker     return ::ndk::ScopedAStatus::ok();
124*4d7e907cSAndroid Build Coastguard Worker }
125*4d7e907cSAndroid Build Coastguard Worker 
HmacKey() const126*4d7e907cSAndroid Build Coastguard Worker keymaster::KeymasterKeyBlob SoftSharedSecret::HmacKey() const {
127*4d7e907cSAndroid Build Coastguard Worker     std::lock_guard lock(mutex_);
128*4d7e907cSAndroid Build Coastguard Worker     return hmac_key_;
129*4d7e907cSAndroid Build Coastguard Worker }
130*4d7e907cSAndroid Build Coastguard Worker 
131*4d7e907cSAndroid Build Coastguard Worker }  // namespace aidl::android::hardware::security::sharedsecret
132