1*789431f2SAndroid Build Coastguard Worker /*
2*789431f2SAndroid Build Coastguard Worker * Copyright 2015 The Android Open Source Project
3*789431f2SAndroid Build Coastguard Worker *
4*789431f2SAndroid Build Coastguard Worker * Licensed under the Apache License, Version 2.0 (the "License");
5*789431f2SAndroid Build Coastguard Worker * you may not use this file except in compliance with the License.
6*789431f2SAndroid Build Coastguard Worker * You may obtain a copy of the License at
7*789431f2SAndroid Build Coastguard Worker *
8*789431f2SAndroid Build Coastguard Worker * http://www.apache.org/licenses/LICENSE-2.0
9*789431f2SAndroid Build Coastguard Worker *
10*789431f2SAndroid Build Coastguard Worker * Unless required by applicable law or agreed to in writing, software
11*789431f2SAndroid Build Coastguard Worker * distributed under the License is distributed on an "AS IS" BASIS,
12*789431f2SAndroid Build Coastguard Worker * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13*789431f2SAndroid Build Coastguard Worker * See the License for the specific language governing permissions and
14*789431f2SAndroid Build Coastguard Worker * limitations under the License.
15*789431f2SAndroid Build Coastguard Worker */
16*789431f2SAndroid Build Coastguard Worker
17*789431f2SAndroid Build Coastguard Worker #include <keymaster/contexts/soft_keymaster_context.h>
18*789431f2SAndroid Build Coastguard Worker
19*789431f2SAndroid Build Coastguard Worker #include <memory>
20*789431f2SAndroid Build Coastguard Worker
21*789431f2SAndroid Build Coastguard Worker #include <openssl/rand.h>
22*789431f2SAndroid Build Coastguard Worker
23*789431f2SAndroid Build Coastguard Worker #include <keymaster/android_keymaster_utils.h>
24*789431f2SAndroid Build Coastguard Worker #include <keymaster/key_blob_utils/auth_encrypted_key_blob.h>
25*789431f2SAndroid Build Coastguard Worker #include <keymaster/key_blob_utils/integrity_assured_key_blob.h>
26*789431f2SAndroid Build Coastguard Worker #include <keymaster/key_blob_utils/ocb_utils.h>
27*789431f2SAndroid Build Coastguard Worker #include <keymaster/key_blob_utils/software_keyblobs.h>
28*789431f2SAndroid Build Coastguard Worker #include <keymaster/km_openssl/aes_key.h>
29*789431f2SAndroid Build Coastguard Worker #include <keymaster/km_openssl/asymmetric_key.h>
30*789431f2SAndroid Build Coastguard Worker #include <keymaster/km_openssl/attestation_utils.h>
31*789431f2SAndroid Build Coastguard Worker #include <keymaster/km_openssl/certificate_utils.h>
32*789431f2SAndroid Build Coastguard Worker #include <keymaster/km_openssl/hmac_key.h>
33*789431f2SAndroid Build Coastguard Worker #include <keymaster/km_openssl/openssl_err.h>
34*789431f2SAndroid Build Coastguard Worker #include <keymaster/km_openssl/triple_des_key.h>
35*789431f2SAndroid Build Coastguard Worker #include <keymaster/legacy_support/ec_keymaster1_key.h>
36*789431f2SAndroid Build Coastguard Worker #include <keymaster/legacy_support/rsa_keymaster1_key.h>
37*789431f2SAndroid Build Coastguard Worker #include <keymaster/logger.h>
38*789431f2SAndroid Build Coastguard Worker
39*789431f2SAndroid Build Coastguard Worker #include <keymaster/contexts/soft_attestation_cert.h>
40*789431f2SAndroid Build Coastguard Worker
41*789431f2SAndroid Build Coastguard Worker using std::unique_ptr;
42*789431f2SAndroid Build Coastguard Worker
43*789431f2SAndroid Build Coastguard Worker namespace keymaster {
44*789431f2SAndroid Build Coastguard Worker
45*789431f2SAndroid Build Coastguard Worker namespace {
46*789431f2SAndroid Build Coastguard Worker
string2Blob(const std::string & str)47*789431f2SAndroid Build Coastguard Worker KeymasterBlob string2Blob(const std::string& str) {
48*789431f2SAndroid Build Coastguard Worker return KeymasterBlob(reinterpret_cast<const uint8_t*>(str.data()), str.size());
49*789431f2SAndroid Build Coastguard Worker }
50*789431f2SAndroid Build Coastguard Worker
51*789431f2SAndroid Build Coastguard Worker } // anonymous namespace
52*789431f2SAndroid Build Coastguard Worker
SoftKeymasterContext(KmVersion version,const std::string & root_of_trust)53*789431f2SAndroid Build Coastguard Worker SoftKeymasterContext::SoftKeymasterContext(KmVersion version, const std::string& root_of_trust)
54*789431f2SAndroid Build Coastguard Worker : SoftAttestationContext(version), //
55*789431f2SAndroid Build Coastguard Worker rsa_factory_(new (std::nothrow) RsaKeyFactory(*this /* blob_maker */, *this /* context */)),
56*789431f2SAndroid Build Coastguard Worker ec_factory_(new (std::nothrow) EcKeyFactory(*this /* blob_maker */, *this /* context */)),
57*789431f2SAndroid Build Coastguard Worker aes_factory_(new (std::nothrow)
58*789431f2SAndroid Build Coastguard Worker AesKeyFactory(*this /* blob_maker */, *this /* random_source */)),
59*789431f2SAndroid Build Coastguard Worker tdes_factory_(new (std::nothrow)
60*789431f2SAndroid Build Coastguard Worker TripleDesKeyFactory(*this /* blob_maker */, *this /* random_source */)),
61*789431f2SAndroid Build Coastguard Worker hmac_factory_(new (std::nothrow)
62*789431f2SAndroid Build Coastguard Worker HmacKeyFactory(*this /* blob_maker */, *this /* random_source */)),
63*789431f2SAndroid Build Coastguard Worker km1_dev_(nullptr), root_of_trust_(string2Blob(root_of_trust)), os_version_(0),
64*789431f2SAndroid Build Coastguard Worker os_patchlevel_(0) {}
65*789431f2SAndroid Build Coastguard Worker
~SoftKeymasterContext()66*789431f2SAndroid Build Coastguard Worker SoftKeymasterContext::~SoftKeymasterContext() {}
67*789431f2SAndroid Build Coastguard Worker
SetHardwareDevice(keymaster1_device_t * keymaster1_device)68*789431f2SAndroid Build Coastguard Worker keymaster_error_t SoftKeymasterContext::SetHardwareDevice(keymaster1_device_t* keymaster1_device) {
69*789431f2SAndroid Build Coastguard Worker if (!keymaster1_device) return KM_ERROR_UNEXPECTED_NULL_POINTER;
70*789431f2SAndroid Build Coastguard Worker
71*789431f2SAndroid Build Coastguard Worker km1_dev_ = keymaster1_device;
72*789431f2SAndroid Build Coastguard Worker
73*789431f2SAndroid Build Coastguard Worker km1_engine_.reset(new (std::nothrow) Keymaster1Engine(keymaster1_device));
74*789431f2SAndroid Build Coastguard Worker rsa_factory_.reset(new (std::nothrow) RsaKeymaster1KeyFactory(
75*789431f2SAndroid Build Coastguard Worker *this /* blob_maker */, *this /* attestation_context */, km1_engine_.get()));
76*789431f2SAndroid Build Coastguard Worker ec_factory_.reset(new (std::nothrow) EcdsaKeymaster1KeyFactory(
77*789431f2SAndroid Build Coastguard Worker *this /* blob_maker */, *this /* attestation_context */, km1_engine_.get()));
78*789431f2SAndroid Build Coastguard Worker
79*789431f2SAndroid Build Coastguard Worker // Use default HMAC and AES key factories. Higher layers will pass HMAC/AES keys/ops that are
80*789431f2SAndroid Build Coastguard Worker // supported by the hardware to it and other ones to the software-only factory.
81*789431f2SAndroid Build Coastguard Worker
82*789431f2SAndroid Build Coastguard Worker return KM_ERROR_OK;
83*789431f2SAndroid Build Coastguard Worker }
84*789431f2SAndroid Build Coastguard Worker
SetSystemVersion(uint32_t os_version,uint32_t os_patchlevel)85*789431f2SAndroid Build Coastguard Worker keymaster_error_t SoftKeymasterContext::SetSystemVersion(uint32_t os_version,
86*789431f2SAndroid Build Coastguard Worker uint32_t os_patchlevel) {
87*789431f2SAndroid Build Coastguard Worker os_version_ = os_version;
88*789431f2SAndroid Build Coastguard Worker os_patchlevel_ = os_patchlevel;
89*789431f2SAndroid Build Coastguard Worker return KM_ERROR_OK;
90*789431f2SAndroid Build Coastguard Worker }
91*789431f2SAndroid Build Coastguard Worker
GetSystemVersion(uint32_t * os_version,uint32_t * os_patchlevel) const92*789431f2SAndroid Build Coastguard Worker void SoftKeymasterContext::GetSystemVersion(uint32_t* os_version, uint32_t* os_patchlevel) const {
93*789431f2SAndroid Build Coastguard Worker *os_version = os_version_;
94*789431f2SAndroid Build Coastguard Worker *os_patchlevel = os_patchlevel_;
95*789431f2SAndroid Build Coastguard Worker }
96*789431f2SAndroid Build Coastguard Worker
GetKeyFactory(keymaster_algorithm_t algorithm) const97*789431f2SAndroid Build Coastguard Worker KeyFactory* SoftKeymasterContext::GetKeyFactory(keymaster_algorithm_t algorithm) const {
98*789431f2SAndroid Build Coastguard Worker switch (algorithm) {
99*789431f2SAndroid Build Coastguard Worker case KM_ALGORITHM_RSA:
100*789431f2SAndroid Build Coastguard Worker return rsa_factory_.get();
101*789431f2SAndroid Build Coastguard Worker case KM_ALGORITHM_EC:
102*789431f2SAndroid Build Coastguard Worker return ec_factory_.get();
103*789431f2SAndroid Build Coastguard Worker case KM_ALGORITHM_AES:
104*789431f2SAndroid Build Coastguard Worker return aes_factory_.get();
105*789431f2SAndroid Build Coastguard Worker case KM_ALGORITHM_TRIPLE_DES:
106*789431f2SAndroid Build Coastguard Worker return tdes_factory_.get();
107*789431f2SAndroid Build Coastguard Worker case KM_ALGORITHM_HMAC:
108*789431f2SAndroid Build Coastguard Worker return hmac_factory_.get();
109*789431f2SAndroid Build Coastguard Worker default:
110*789431f2SAndroid Build Coastguard Worker return nullptr;
111*789431f2SAndroid Build Coastguard Worker }
112*789431f2SAndroid Build Coastguard Worker }
113*789431f2SAndroid Build Coastguard Worker
114*789431f2SAndroid Build Coastguard Worker static keymaster_algorithm_t supported_algorithms[] = {KM_ALGORITHM_RSA, KM_ALGORITHM_EC,
115*789431f2SAndroid Build Coastguard Worker KM_ALGORITHM_AES, KM_ALGORITHM_HMAC};
116*789431f2SAndroid Build Coastguard Worker
117*789431f2SAndroid Build Coastguard Worker keymaster_algorithm_t*
GetSupportedAlgorithms(size_t * algorithms_count) const118*789431f2SAndroid Build Coastguard Worker SoftKeymasterContext::GetSupportedAlgorithms(size_t* algorithms_count) const {
119*789431f2SAndroid Build Coastguard Worker *algorithms_count = array_length(supported_algorithms);
120*789431f2SAndroid Build Coastguard Worker return supported_algorithms;
121*789431f2SAndroid Build Coastguard Worker }
122*789431f2SAndroid Build Coastguard Worker
GetOperationFactory(keymaster_algorithm_t algorithm,keymaster_purpose_t purpose) const123*789431f2SAndroid Build Coastguard Worker OperationFactory* SoftKeymasterContext::GetOperationFactory(keymaster_algorithm_t algorithm,
124*789431f2SAndroid Build Coastguard Worker keymaster_purpose_t purpose) const {
125*789431f2SAndroid Build Coastguard Worker KeyFactory* key_factory = GetKeyFactory(algorithm);
126*789431f2SAndroid Build Coastguard Worker if (!key_factory) return nullptr;
127*789431f2SAndroid Build Coastguard Worker return key_factory->GetOperationFactory(purpose);
128*789431f2SAndroid Build Coastguard Worker }
129*789431f2SAndroid Build Coastguard Worker
TranslateAuthorizationSetError(AuthorizationSet::Error err)130*789431f2SAndroid Build Coastguard Worker static keymaster_error_t TranslateAuthorizationSetError(AuthorizationSet::Error err) {
131*789431f2SAndroid Build Coastguard Worker switch (err) {
132*789431f2SAndroid Build Coastguard Worker case AuthorizationSet::OK:
133*789431f2SAndroid Build Coastguard Worker return KM_ERROR_OK;
134*789431f2SAndroid Build Coastguard Worker case AuthorizationSet::ALLOCATION_FAILURE:
135*789431f2SAndroid Build Coastguard Worker return KM_ERROR_MEMORY_ALLOCATION_FAILED;
136*789431f2SAndroid Build Coastguard Worker case AuthorizationSet::MALFORMED_DATA:
137*789431f2SAndroid Build Coastguard Worker return KM_ERROR_UNKNOWN_ERROR;
138*789431f2SAndroid Build Coastguard Worker }
139*789431f2SAndroid Build Coastguard Worker return KM_ERROR_OK;
140*789431f2SAndroid Build Coastguard Worker }
141*789431f2SAndroid Build Coastguard Worker
SetAuthorizations(const AuthorizationSet & key_description,keymaster_key_origin_t origin,uint32_t os_version,uint32_t os_patchlevel,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced)142*789431f2SAndroid Build Coastguard Worker static keymaster_error_t SetAuthorizations(const AuthorizationSet& key_description,
143*789431f2SAndroid Build Coastguard Worker keymaster_key_origin_t origin, uint32_t os_version,
144*789431f2SAndroid Build Coastguard Worker uint32_t os_patchlevel, AuthorizationSet* hw_enforced,
145*789431f2SAndroid Build Coastguard Worker AuthorizationSet* sw_enforced) {
146*789431f2SAndroid Build Coastguard Worker sw_enforced->Clear();
147*789431f2SAndroid Build Coastguard Worker
148*789431f2SAndroid Build Coastguard Worker for (auto& entry : key_description) {
149*789431f2SAndroid Build Coastguard Worker switch (entry.tag) {
150*789431f2SAndroid Build Coastguard Worker // These cannot be specified by the client.
151*789431f2SAndroid Build Coastguard Worker case KM_TAG_ROOT_OF_TRUST:
152*789431f2SAndroid Build Coastguard Worker case KM_TAG_ORIGIN:
153*789431f2SAndroid Build Coastguard Worker LOG_E("Root of trust and origin tags may not be specified");
154*789431f2SAndroid Build Coastguard Worker return KM_ERROR_INVALID_TAG;
155*789431f2SAndroid Build Coastguard Worker
156*789431f2SAndroid Build Coastguard Worker // These don't work.
157*789431f2SAndroid Build Coastguard Worker case KM_TAG_ROLLBACK_RESISTANT:
158*789431f2SAndroid Build Coastguard Worker LOG_E("KM_TAG_ROLLBACK_RESISTANT not supported");
159*789431f2SAndroid Build Coastguard Worker return KM_ERROR_UNSUPPORTED_TAG;
160*789431f2SAndroid Build Coastguard Worker
161*789431f2SAndroid Build Coastguard Worker // These are hidden.
162*789431f2SAndroid Build Coastguard Worker case KM_TAG_APPLICATION_ID:
163*789431f2SAndroid Build Coastguard Worker case KM_TAG_APPLICATION_DATA:
164*789431f2SAndroid Build Coastguard Worker break;
165*789431f2SAndroid Build Coastguard Worker
166*789431f2SAndroid Build Coastguard Worker // Everything else we just copy into sw_enforced, unless the KeyFactory has placed it in
167*789431f2SAndroid Build Coastguard Worker // hw_enforced, in which case we defer to its decision.
168*789431f2SAndroid Build Coastguard Worker default:
169*789431f2SAndroid Build Coastguard Worker if (hw_enforced->GetTagCount(entry.tag) == 0) sw_enforced->push_back(entry);
170*789431f2SAndroid Build Coastguard Worker break;
171*789431f2SAndroid Build Coastguard Worker }
172*789431f2SAndroid Build Coastguard Worker }
173*789431f2SAndroid Build Coastguard Worker
174*789431f2SAndroid Build Coastguard Worker sw_enforced->push_back(TAG_CREATION_DATETIME, java_time(time(nullptr)));
175*789431f2SAndroid Build Coastguard Worker sw_enforced->push_back(TAG_ORIGIN, origin);
176*789431f2SAndroid Build Coastguard Worker sw_enforced->push_back(TAG_OS_VERSION, os_version);
177*789431f2SAndroid Build Coastguard Worker sw_enforced->push_back(TAG_OS_PATCHLEVEL, os_patchlevel);
178*789431f2SAndroid Build Coastguard Worker
179*789431f2SAndroid Build Coastguard Worker return TranslateAuthorizationSetError(sw_enforced->is_valid());
180*789431f2SAndroid Build Coastguard Worker }
181*789431f2SAndroid Build Coastguard Worker
CreateKeyBlob(const AuthorizationSet & key_description,const keymaster_key_origin_t origin,const KeymasterKeyBlob & key_material,KeymasterKeyBlob * blob,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const182*789431f2SAndroid Build Coastguard Worker keymaster_error_t SoftKeymasterContext::CreateKeyBlob(const AuthorizationSet& key_description,
183*789431f2SAndroid Build Coastguard Worker const keymaster_key_origin_t origin,
184*789431f2SAndroid Build Coastguard Worker const KeymasterKeyBlob& key_material,
185*789431f2SAndroid Build Coastguard Worker KeymasterKeyBlob* blob,
186*789431f2SAndroid Build Coastguard Worker AuthorizationSet* hw_enforced,
187*789431f2SAndroid Build Coastguard Worker AuthorizationSet* sw_enforced) const {
188*789431f2SAndroid Build Coastguard Worker keymaster_error_t error = SetAuthorizations(key_description, origin, os_version_,
189*789431f2SAndroid Build Coastguard Worker os_patchlevel_, hw_enforced, sw_enforced);
190*789431f2SAndroid Build Coastguard Worker if (error != KM_ERROR_OK) return error;
191*789431f2SAndroid Build Coastguard Worker
192*789431f2SAndroid Build Coastguard Worker AuthorizationSet hidden;
193*789431f2SAndroid Build Coastguard Worker error = BuildHiddenAuthorizations(key_description, &hidden, root_of_trust_);
194*789431f2SAndroid Build Coastguard Worker if (error != KM_ERROR_OK) return error;
195*789431f2SAndroid Build Coastguard Worker
196*789431f2SAndroid Build Coastguard Worker return SerializeIntegrityAssuredBlob(key_material, hidden, *hw_enforced, *sw_enforced, blob);
197*789431f2SAndroid Build Coastguard Worker }
198*789431f2SAndroid Build Coastguard Worker
UpgradeKeyBlob(const KeymasterKeyBlob & key_to_upgrade,const AuthorizationSet & upgrade_params,KeymasterKeyBlob * upgraded_key) const199*789431f2SAndroid Build Coastguard Worker keymaster_error_t SoftKeymasterContext::UpgradeKeyBlob(const KeymasterKeyBlob& key_to_upgrade,
200*789431f2SAndroid Build Coastguard Worker const AuthorizationSet& upgrade_params,
201*789431f2SAndroid Build Coastguard Worker KeymasterKeyBlob* upgraded_key) const {
202*789431f2SAndroid Build Coastguard Worker UniquePtr<Key> key;
203*789431f2SAndroid Build Coastguard Worker keymaster_error_t error = ParseKeyBlob(key_to_upgrade, upgrade_params, &key);
204*789431f2SAndroid Build Coastguard Worker if (error != KM_ERROR_OK) return error;
205*789431f2SAndroid Build Coastguard Worker
206*789431f2SAndroid Build Coastguard Worker // Three cases here:
207*789431f2SAndroid Build Coastguard Worker //
208*789431f2SAndroid Build Coastguard Worker // 1. Software key blob. Version info, if present, is in sw_enforced. If not present, we
209*789431f2SAndroid Build Coastguard Worker // should add it.
210*789431f2SAndroid Build Coastguard Worker //
211*789431f2SAndroid Build Coastguard Worker // 2. Keymaster0 hardware key blob. Version info, if present, is in sw_enforced. If not
212*789431f2SAndroid Build Coastguard Worker // present we should add it.
213*789431f2SAndroid Build Coastguard Worker //
214*789431f2SAndroid Build Coastguard Worker // 3. Keymaster1 hardware key blob. Version info is not present and we shouldn't have been
215*789431f2SAndroid Build Coastguard Worker // asked to upgrade.
216*789431f2SAndroid Build Coastguard Worker
217*789431f2SAndroid Build Coastguard Worker // Handle case 3.
218*789431f2SAndroid Build Coastguard Worker if (km1_dev_ && key->hw_enforced().Contains(TAG_PURPOSE) &&
219*789431f2SAndroid Build Coastguard Worker !key->hw_enforced().Contains(TAG_OS_PATCHLEVEL))
220*789431f2SAndroid Build Coastguard Worker return KM_ERROR_INVALID_ARGUMENT;
221*789431f2SAndroid Build Coastguard Worker
222*789431f2SAndroid Build Coastguard Worker // Handle case 1 and 2
223*789431f2SAndroid Build Coastguard Worker return UpgradeSoftKeyBlob(key, os_version_, os_patchlevel_, upgrade_params, upgraded_key);
224*789431f2SAndroid Build Coastguard Worker }
225*789431f2SAndroid Build Coastguard Worker
ParseKeyBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & additional_params,UniquePtr<Key> * key) const226*789431f2SAndroid Build Coastguard Worker keymaster_error_t SoftKeymasterContext::ParseKeyBlob(const KeymasterKeyBlob& blob,
227*789431f2SAndroid Build Coastguard Worker const AuthorizationSet& additional_params,
228*789431f2SAndroid Build Coastguard Worker UniquePtr<Key>* key) const {
229*789431f2SAndroid Build Coastguard Worker // This is a little bit complicated.
230*789431f2SAndroid Build Coastguard Worker //
231*789431f2SAndroid Build Coastguard Worker // The SoftKeymasterContext has to handle a lot of different kinds of key blobs.
232*789431f2SAndroid Build Coastguard Worker //
233*789431f2SAndroid Build Coastguard Worker // 1. New keymaster1 software key blobs. These are integrity-assured but not encrypted. The
234*789431f2SAndroid Build Coastguard Worker // raw key material and auth sets should be extracted and returned. This is the kind
235*789431f2SAndroid Build Coastguard Worker // produced by this context when the KeyFactory doesn't use keymaster0 to back the keys.
236*789431f2SAndroid Build Coastguard Worker //
237*789431f2SAndroid Build Coastguard Worker // 2. Old keymaster1 software key blobs. These are OCB-encrypted with an all-zero master key.
238*789431f2SAndroid Build Coastguard Worker // They should be decrypted and the key material and auth sets extracted and returned.
239*789431f2SAndroid Build Coastguard Worker //
240*789431f2SAndroid Build Coastguard Worker // 3. Old keymaster0 software key blobs. These are raw key material with a small header tacked
241*789431f2SAndroid Build Coastguard Worker // on the front. They don't have auth sets, so reasonable defaults are generated and
242*789431f2SAndroid Build Coastguard Worker // returned along with the raw key material.
243*789431f2SAndroid Build Coastguard Worker //
244*789431f2SAndroid Build Coastguard Worker // 4. New keymaster0 hardware key blobs. These are integrity-assured but not encrypted (though
245*789431f2SAndroid Build Coastguard Worker // they're protected by the keymaster0 hardware implementation). The keymaster0 key blob
246*789431f2SAndroid Build Coastguard Worker // and auth sets should be extracted and returned.
247*789431f2SAndroid Build Coastguard Worker //
248*789431f2SAndroid Build Coastguard Worker // 5. Keymaster1 hardware key blobs. These are raw hardware key blobs. They contain auth
249*789431f2SAndroid Build Coastguard Worker // sets, which we retrieve from the hardware module.
250*789431f2SAndroid Build Coastguard Worker //
251*789431f2SAndroid Build Coastguard Worker // 6. Old keymaster0 hardware key blobs. These are raw hardware key blobs. They don't have
252*789431f2SAndroid Build Coastguard Worker // auth sets so reasonable defaults are generated and returned along with the key blob.
253*789431f2SAndroid Build Coastguard Worker //
254*789431f2SAndroid Build Coastguard Worker // Determining what kind of blob has arrived is somewhat tricky. What helps is that
255*789431f2SAndroid Build Coastguard Worker // integrity-assured and OCB-encrypted blobs are self-consistent and effectively impossible to
256*789431f2SAndroid Build Coastguard Worker // parse as anything else. Old keymaster0 software key blobs have a header. It's reasonably
257*789431f2SAndroid Build Coastguard Worker // unlikely that hardware keys would have the same header. So anything that is neither
258*789431f2SAndroid Build Coastguard Worker // integrity-assured nor OCB-encrypted and lacks the old software key header is assumed to be
259*789431f2SAndroid Build Coastguard Worker // keymaster0 hardware.
260*789431f2SAndroid Build Coastguard Worker
261*789431f2SAndroid Build Coastguard Worker AuthorizationSet hw_enforced;
262*789431f2SAndroid Build Coastguard Worker AuthorizationSet sw_enforced;
263*789431f2SAndroid Build Coastguard Worker KeymasterKeyBlob key_material;
264*789431f2SAndroid Build Coastguard Worker AuthorizationSet hidden;
265*789431f2SAndroid Build Coastguard Worker keymaster_error_t error;
266*789431f2SAndroid Build Coastguard Worker
267*789431f2SAndroid Build Coastguard Worker auto constructKey = [&, this]() mutable -> keymaster_error_t {
268*789431f2SAndroid Build Coastguard Worker // GetKeyFactory
269*789431f2SAndroid Build Coastguard Worker if (error != KM_ERROR_OK) return error;
270*789431f2SAndroid Build Coastguard Worker keymaster_algorithm_t algorithm;
271*789431f2SAndroid Build Coastguard Worker if (!hw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm) &&
272*789431f2SAndroid Build Coastguard Worker !sw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm)) {
273*789431f2SAndroid Build Coastguard Worker return KM_ERROR_INVALID_ARGUMENT;
274*789431f2SAndroid Build Coastguard Worker }
275*789431f2SAndroid Build Coastguard Worker auto factory = GetKeyFactory(algorithm);
276*789431f2SAndroid Build Coastguard Worker return factory->LoadKey(std::move(key_material), additional_params, std::move(hw_enforced),
277*789431f2SAndroid Build Coastguard Worker std::move(sw_enforced), key);
278*789431f2SAndroid Build Coastguard Worker };
279*789431f2SAndroid Build Coastguard Worker
280*789431f2SAndroid Build Coastguard Worker error = BuildHiddenAuthorizations(additional_params, &hidden, root_of_trust_);
281*789431f2SAndroid Build Coastguard Worker if (error != KM_ERROR_OK) return error;
282*789431f2SAndroid Build Coastguard Worker
283*789431f2SAndroid Build Coastguard Worker // Assume it's an integrity-assured blob (new software-only blob, or new keymaster0-backed
284*789431f2SAndroid Build Coastguard Worker // blob).
285*789431f2SAndroid Build Coastguard Worker error =
286*789431f2SAndroid Build Coastguard Worker DeserializeIntegrityAssuredBlob(blob, hidden, &key_material, &hw_enforced, &sw_enforced);
287*789431f2SAndroid Build Coastguard Worker if (error != KM_ERROR_INVALID_KEY_BLOB) return constructKey();
288*789431f2SAndroid Build Coastguard Worker
289*789431f2SAndroid Build Coastguard Worker // Wasn't an integrity-assured blob. Maybe it's an Auth-encrypted blob.
290*789431f2SAndroid Build Coastguard Worker error = ParseAuthEncryptedBlob(blob, hidden, &key_material, &hw_enforced, &sw_enforced);
291*789431f2SAndroid Build Coastguard Worker if (error == KM_ERROR_OK) LOG_D("Parsed an old keymaster1 software key");
292*789431f2SAndroid Build Coastguard Worker if (error != KM_ERROR_INVALID_KEY_BLOB) return constructKey();
293*789431f2SAndroid Build Coastguard Worker
294*789431f2SAndroid Build Coastguard Worker // Wasn't an OCB-encrypted blob. Maybe it's an old softkeymaster blob.
295*789431f2SAndroid Build Coastguard Worker error = ParseOldSoftkeymasterBlob(blob, &key_material, &hw_enforced, &sw_enforced);
296*789431f2SAndroid Build Coastguard Worker if (error == KM_ERROR_OK) LOG_D("Parsed an old sofkeymaster key");
297*789431f2SAndroid Build Coastguard Worker if (error != KM_ERROR_INVALID_KEY_BLOB) return constructKey();
298*789431f2SAndroid Build Coastguard Worker
299*789431f2SAndroid Build Coastguard Worker if (km1_dev_) {
300*789431f2SAndroid Build Coastguard Worker error = ParseKeymaster1HwBlob(blob, additional_params, &key_material, &hw_enforced,
301*789431f2SAndroid Build Coastguard Worker &sw_enforced);
302*789431f2SAndroid Build Coastguard Worker } else {
303*789431f2SAndroid Build Coastguard Worker return KM_ERROR_INVALID_KEY_BLOB;
304*789431f2SAndroid Build Coastguard Worker }
305*789431f2SAndroid Build Coastguard Worker return constructKey();
306*789431f2SAndroid Build Coastguard Worker }
307*789431f2SAndroid Build Coastguard Worker
DeleteKey(const KeymasterKeyBlob & blob) const308*789431f2SAndroid Build Coastguard Worker keymaster_error_t SoftKeymasterContext::DeleteKey(const KeymasterKeyBlob& blob) const {
309*789431f2SAndroid Build Coastguard Worker if (km1_engine_) {
310*789431f2SAndroid Build Coastguard Worker // HACK. Due to a bug with Qualcomm's Keymaster implementation, which causes the device to
311*789431f2SAndroid Build Coastguard Worker // reboot if we pass it a key blob it doesn't understand, we need to check for software
312*789431f2SAndroid Build Coastguard Worker // keys. If it looks like a software key there's nothing to do so we just return.
313*789431f2SAndroid Build Coastguard Worker KeymasterKeyBlob key_material;
314*789431f2SAndroid Build Coastguard Worker AuthorizationSet hw_enforced, sw_enforced;
315*789431f2SAndroid Build Coastguard Worker keymaster_error_t error = DeserializeIntegrityAssuredBlob_NoHmacCheck(
316*789431f2SAndroid Build Coastguard Worker blob, &key_material, &hw_enforced, &sw_enforced);
317*789431f2SAndroid Build Coastguard Worker if (error == KM_ERROR_OK) {
318*789431f2SAndroid Build Coastguard Worker return KM_ERROR_OK;
319*789431f2SAndroid Build Coastguard Worker }
320*789431f2SAndroid Build Coastguard Worker
321*789431f2SAndroid Build Coastguard Worker return km1_engine_->DeleteKey(blob);
322*789431f2SAndroid Build Coastguard Worker }
323*789431f2SAndroid Build Coastguard Worker
324*789431f2SAndroid Build Coastguard Worker // Nothing to do for software-only contexts.
325*789431f2SAndroid Build Coastguard Worker return KM_ERROR_OK;
326*789431f2SAndroid Build Coastguard Worker }
327*789431f2SAndroid Build Coastguard Worker
DeleteAllKeys() const328*789431f2SAndroid Build Coastguard Worker keymaster_error_t SoftKeymasterContext::DeleteAllKeys() const {
329*789431f2SAndroid Build Coastguard Worker if (km1_engine_) return km1_engine_->DeleteAllKeys();
330*789431f2SAndroid Build Coastguard Worker return KM_ERROR_OK;
331*789431f2SAndroid Build Coastguard Worker }
332*789431f2SAndroid Build Coastguard Worker
AddRngEntropy(const uint8_t * buf,size_t length) const333*789431f2SAndroid Build Coastguard Worker keymaster_error_t SoftKeymasterContext::AddRngEntropy(const uint8_t* buf, size_t length) const {
334*789431f2SAndroid Build Coastguard Worker RAND_add(buf, length, 0 /* Don't assume any entropy is added to the pool. */);
335*789431f2SAndroid Build Coastguard Worker return KM_ERROR_OK;
336*789431f2SAndroid Build Coastguard Worker }
337*789431f2SAndroid Build Coastguard Worker
ParseKeymaster1HwBlob(const KeymasterKeyBlob & blob,const AuthorizationSet & additional_params,KeymasterKeyBlob * key_material,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const338*789431f2SAndroid Build Coastguard Worker keymaster_error_t SoftKeymasterContext::ParseKeymaster1HwBlob(
339*789431f2SAndroid Build Coastguard Worker const KeymasterKeyBlob& blob, const AuthorizationSet& additional_params,
340*789431f2SAndroid Build Coastguard Worker KeymasterKeyBlob* key_material, AuthorizationSet* hw_enforced,
341*789431f2SAndroid Build Coastguard Worker AuthorizationSet* sw_enforced) const {
342*789431f2SAndroid Build Coastguard Worker assert(km1_dev_);
343*789431f2SAndroid Build Coastguard Worker
344*789431f2SAndroid Build Coastguard Worker keymaster_blob_t client_id = {nullptr, 0};
345*789431f2SAndroid Build Coastguard Worker keymaster_blob_t app_data = {nullptr, 0};
346*789431f2SAndroid Build Coastguard Worker keymaster_blob_t* client_id_ptr = nullptr;
347*789431f2SAndroid Build Coastguard Worker keymaster_blob_t* app_data_ptr = nullptr;
348*789431f2SAndroid Build Coastguard Worker if (additional_params.GetTagValue(TAG_APPLICATION_ID, &client_id)) client_id_ptr = &client_id;
349*789431f2SAndroid Build Coastguard Worker if (additional_params.GetTagValue(TAG_APPLICATION_DATA, &app_data)) app_data_ptr = &app_data;
350*789431f2SAndroid Build Coastguard Worker
351*789431f2SAndroid Build Coastguard Worker // Get key characteristics, which incidentally verifies that the HW recognizes the key.
352*789431f2SAndroid Build Coastguard Worker keymaster_key_characteristics_t* characteristics;
353*789431f2SAndroid Build Coastguard Worker keymaster_error_t error = km1_dev_->get_key_characteristics(km1_dev_, &blob, client_id_ptr,
354*789431f2SAndroid Build Coastguard Worker app_data_ptr, &characteristics);
355*789431f2SAndroid Build Coastguard Worker if (error != KM_ERROR_OK) return error;
356*789431f2SAndroid Build Coastguard Worker unique_ptr<keymaster_key_characteristics_t, Characteristics_Delete> characteristics_deleter(
357*789431f2SAndroid Build Coastguard Worker characteristics);
358*789431f2SAndroid Build Coastguard Worker
359*789431f2SAndroid Build Coastguard Worker LOG_D("Module \"%s\" accepted key", km1_dev_->common.module->name);
360*789431f2SAndroid Build Coastguard Worker
361*789431f2SAndroid Build Coastguard Worker hw_enforced->Reinitialize(characteristics->hw_enforced);
362*789431f2SAndroid Build Coastguard Worker sw_enforced->Reinitialize(characteristics->sw_enforced);
363*789431f2SAndroid Build Coastguard Worker *key_material = blob;
364*789431f2SAndroid Build Coastguard Worker return KM_ERROR_OK;
365*789431f2SAndroid Build Coastguard Worker }
366*789431f2SAndroid Build Coastguard Worker
367*789431f2SAndroid Build Coastguard Worker CertificateChain
GenerateAttestation(const Key & key,const AuthorizationSet & attest_params,UniquePtr<Key>,const KeymasterBlob &,keymaster_error_t * error) const368*789431f2SAndroid Build Coastguard Worker SoftKeymasterContext::GenerateAttestation(const Key& key, //
369*789431f2SAndroid Build Coastguard Worker const AuthorizationSet& attest_params,
370*789431f2SAndroid Build Coastguard Worker UniquePtr<Key> /* attest_key */,
371*789431f2SAndroid Build Coastguard Worker const KeymasterBlob& /* issuer_subject */, //
372*789431f2SAndroid Build Coastguard Worker keymaster_error_t* error) const {
373*789431f2SAndroid Build Coastguard Worker keymaster_algorithm_t key_algorithm;
374*789431f2SAndroid Build Coastguard Worker if (!key.authorizations().GetTagValue(TAG_ALGORITHM, &key_algorithm)) {
375*789431f2SAndroid Build Coastguard Worker *error = KM_ERROR_UNKNOWN_ERROR;
376*789431f2SAndroid Build Coastguard Worker return {};
377*789431f2SAndroid Build Coastguard Worker }
378*789431f2SAndroid Build Coastguard Worker
379*789431f2SAndroid Build Coastguard Worker if ((key_algorithm != KM_ALGORITHM_RSA && key_algorithm != KM_ALGORITHM_EC)) {
380*789431f2SAndroid Build Coastguard Worker *error = KM_ERROR_INCOMPATIBLE_ALGORITHM;
381*789431f2SAndroid Build Coastguard Worker return {};
382*789431f2SAndroid Build Coastguard Worker }
383*789431f2SAndroid Build Coastguard Worker
384*789431f2SAndroid Build Coastguard Worker // We have established that the given key has the correct algorithm, and because this is the
385*789431f2SAndroid Build Coastguard Worker // SoftKeymasterContext we can assume that the Key is an AsymmetricKey. So we can downcast.
386*789431f2SAndroid Build Coastguard Worker const AsymmetricKey& asymmetric_key = static_cast<const AsymmetricKey&>(key);
387*789431f2SAndroid Build Coastguard Worker
388*789431f2SAndroid Build Coastguard Worker return generate_attestation(asymmetric_key, attest_params, {} /* attest_key */, *this, error);
389*789431f2SAndroid Build Coastguard Worker }
390*789431f2SAndroid Build Coastguard Worker
GenerateSelfSignedCertificate(const Key & key,const AuthorizationSet & cert_params,bool fake_signature,keymaster_error_t * error) const391*789431f2SAndroid Build Coastguard Worker CertificateChain SoftKeymasterContext::GenerateSelfSignedCertificate(
392*789431f2SAndroid Build Coastguard Worker const Key& key, const AuthorizationSet& cert_params, bool fake_signature,
393*789431f2SAndroid Build Coastguard Worker keymaster_error_t* error) const {
394*789431f2SAndroid Build Coastguard Worker keymaster_algorithm_t key_algorithm;
395*789431f2SAndroid Build Coastguard Worker if (!key.authorizations().GetTagValue(TAG_ALGORITHM, &key_algorithm)) {
396*789431f2SAndroid Build Coastguard Worker *error = KM_ERROR_UNKNOWN_ERROR;
397*789431f2SAndroid Build Coastguard Worker return {};
398*789431f2SAndroid Build Coastguard Worker }
399*789431f2SAndroid Build Coastguard Worker
400*789431f2SAndroid Build Coastguard Worker if ((key_algorithm != KM_ALGORITHM_RSA && key_algorithm != KM_ALGORITHM_EC)) {
401*789431f2SAndroid Build Coastguard Worker *error = KM_ERROR_INCOMPATIBLE_ALGORITHM;
402*789431f2SAndroid Build Coastguard Worker return {};
403*789431f2SAndroid Build Coastguard Worker }
404*789431f2SAndroid Build Coastguard Worker
405*789431f2SAndroid Build Coastguard Worker // We have established that the given key has the correct algorithm, and because this is the
406*789431f2SAndroid Build Coastguard Worker // SoftKeymasterContext we can assume that the Key is an AsymmetricKey. So we can downcast.
407*789431f2SAndroid Build Coastguard Worker const AsymmetricKey& asymmetric_key = static_cast<const AsymmetricKey&>(key);
408*789431f2SAndroid Build Coastguard Worker
409*789431f2SAndroid Build Coastguard Worker return generate_self_signed_cert(asymmetric_key, cert_params, fake_signature, error);
410*789431f2SAndroid Build Coastguard Worker }
411*789431f2SAndroid Build Coastguard Worker
UnwrapKey(const KeymasterKeyBlob &,const KeymasterKeyBlob &,const AuthorizationSet &,const KeymasterKeyBlob &,AuthorizationSet *,keymaster_key_format_t *,KeymasterKeyBlob *) const412*789431f2SAndroid Build Coastguard Worker keymaster_error_t SoftKeymasterContext::UnwrapKey(const KeymasterKeyBlob&, const KeymasterKeyBlob&,
413*789431f2SAndroid Build Coastguard Worker const AuthorizationSet&, const KeymasterKeyBlob&,
414*789431f2SAndroid Build Coastguard Worker AuthorizationSet*, keymaster_key_format_t*,
415*789431f2SAndroid Build Coastguard Worker KeymasterKeyBlob*) const {
416*789431f2SAndroid Build Coastguard Worker return KM_ERROR_UNIMPLEMENTED;
417*789431f2SAndroid Build Coastguard Worker }
418*789431f2SAndroid Build Coastguard Worker
419*789431f2SAndroid Build Coastguard Worker } // namespace keymaster
420