1 //
2 // Copyright (C) 2020 The Android Open Source Project
3 //
4 // Licensed under the Apache License, Version 2.0 (the "License");
5 // you may not use this file except in compliance with the License.
6 // You may obtain a copy of the License at
7 //
8 // http://www.apache.org/licenses/LICENSE-2.0
9 //
10 // Unless required by applicable law or agreed to in writing, software
11 // distributed under the License is distributed on an "AS IS" BASIS,
12 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 // See the License for the specific language governing permissions and
14 // limitations under the License.
15
16 #include "tpm_key_blob_maker.h"
17
18 #include <vector>
19
20 #include <android-base/logging.h>
21 #include <tss2/tss2_mu.h>
22 #include <tss2/tss2_rc.h>
23
24 #include "host/commands/secure_env/composite_serialization.h"
25 #include "host/commands/secure_env/encrypted_serializable.h"
26 #include "host/commands/secure_env/hmac_serializable.h"
27 #include "host/commands/secure_env/primary_key_builder.h"
28
29 using keymaster::AuthorizationSet;
30 using keymaster::KeymasterKeyBlob;
31 using keymaster::Serializable;
32
33 static constexpr char kUniqueKey[] = "TpmKeyBlobMaker";
34
35 /**
36 * Distinguish what properties the secure_env implementation handles. If
37 * secure_env handles it, the property is put in `hw_enforced`. Otherwise, the
38 * property is put in `sw_enforced`, and the Keystore process inside Android
39 * will try to enforce the property.
40 */
SplitEnforcedProperties(const keymaster::AuthorizationSet & key_description,keymaster::AuthorizationSet * hw_enforced,keymaster::AuthorizationSet * sw_enforced)41 static keymaster_error_t SplitEnforcedProperties(
42 const keymaster::AuthorizationSet& key_description,
43 keymaster::AuthorizationSet* hw_enforced,
44 keymaster::AuthorizationSet* sw_enforced) {
45 for (auto& entry : key_description) {
46 switch (entry.tag) {
47 case KM_TAG_PURPOSE:
48 case KM_TAG_ALGORITHM:
49 case KM_TAG_KEY_SIZE:
50 case KM_TAG_RSA_PUBLIC_EXPONENT:
51 case KM_TAG_BLOB_USAGE_REQUIREMENTS:
52 case KM_TAG_DIGEST:
53 case KM_TAG_PADDING:
54 case KM_TAG_BLOCK_MODE:
55 case KM_TAG_MIN_SECONDS_BETWEEN_OPS:
56 case KM_TAG_MAX_USES_PER_BOOT:
57 case KM_TAG_USER_SECURE_ID:
58 case KM_TAG_NO_AUTH_REQUIRED:
59 case KM_TAG_AUTH_TIMEOUT:
60 case KM_TAG_CALLER_NONCE:
61 case KM_TAG_MIN_MAC_LENGTH:
62 case KM_TAG_KDF:
63 case KM_TAG_EC_CURVE:
64 case KM_TAG_ECIES_SINGLE_HASH_MODE:
65 case KM_TAG_USER_AUTH_TYPE:
66 case KM_TAG_ORIGIN:
67 case KM_TAG_OS_VERSION:
68 case KM_TAG_OS_PATCHLEVEL:
69 case KM_TAG_EARLY_BOOT_ONLY:
70 case KM_TAG_UNLOCKED_DEVICE_REQUIRED:
71 hw_enforced->push_back(entry);
72 break;
73 default:
74 sw_enforced->push_back(entry);
75 }
76 }
77 return KM_ERROR_OK;
78 }
79
SerializableToKeyBlob(const Serializable & serializable)80 static KeymasterKeyBlob SerializableToKeyBlob(
81 const Serializable& serializable) {
82 std::vector<uint8_t> data(serializable.SerializedSize() + 1);
83 uint8_t* buf = data.data();
84 uint8_t* buf_end = buf + data.size();
85 buf = serializable.Serialize(buf, buf_end);
86 if (buf != (buf_end - 1)) {
87 LOG(ERROR) << "Serialized size did not match up with actual usage.";
88 return {};
89 }
90 return KeymasterKeyBlob(data.data(), buf - data.data());
91 }
92
93
TpmKeyBlobMaker(TpmResourceManager & resource_manager)94 TpmKeyBlobMaker::TpmKeyBlobMaker(TpmResourceManager& resource_manager)
95 : resource_manager_(resource_manager) {
96 }
97
CreateKeyBlob(const AuthorizationSet & key_description,keymaster_key_origin_t origin,const KeymasterKeyBlob & key_material,KeymasterKeyBlob * blob,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced) const98 keymaster_error_t TpmKeyBlobMaker::CreateKeyBlob(
99 const AuthorizationSet& key_description,
100 keymaster_key_origin_t origin,
101 const KeymasterKeyBlob& key_material,
102 KeymasterKeyBlob* blob,
103 AuthorizationSet* hw_enforced,
104 AuthorizationSet* sw_enforced) const {
105 std::set<keymaster_tag_t> protected_tags = {
106 KM_TAG_ROOT_OF_TRUST,
107 KM_TAG_ORIGIN,
108 KM_TAG_OS_VERSION,
109 KM_TAG_OS_PATCHLEVEL,
110 };
111 for (auto tag : protected_tags) {
112 if (key_description.Contains(tag)) {
113 LOG(ERROR) << "Invalid tag " << tag;
114 return KM_ERROR_INVALID_TAG;
115 }
116 }
117 auto rc =
118 SplitEnforcedProperties(key_description, hw_enforced, sw_enforced);
119 if (rc != KM_ERROR_OK) {
120 return rc;
121 }
122 hw_enforced->push_back(keymaster::TAG_ORIGIN, origin);
123
124 // TODO(schuffelen): Set the os level and patch level properly.
125 hw_enforced->push_back(keymaster::TAG_OS_VERSION, os_version_);
126 hw_enforced->push_back(keymaster::TAG_OS_PATCHLEVEL, os_patchlevel_);
127
128 return UnvalidatedCreateKeyBlob(key_material, *hw_enforced, *sw_enforced,
129 blob);
130 }
131
UnvalidatedCreateKeyBlob(const KeymasterKeyBlob & key_material,const AuthorizationSet & hw_enforced,const AuthorizationSet & sw_enforced,KeymasterKeyBlob * blob) const132 keymaster_error_t TpmKeyBlobMaker::UnvalidatedCreateKeyBlob(
133 const KeymasterKeyBlob& key_material, const AuthorizationSet& hw_enforced,
134 const AuthorizationSet& sw_enforced, KeymasterKeyBlob* blob) const {
135 keymaster::Buffer key_material_buffer(
136 key_material.key_material, key_material.key_material_size);
137 AuthorizationSet hw_enforced_mutable = hw_enforced;
138 AuthorizationSet sw_enforced_mutable = sw_enforced;
139 CompositeSerializable sensitive_material(
140 {&key_material_buffer, &hw_enforced_mutable, &sw_enforced_mutable});
141 auto parent_key_fn = ParentKeyCreator(kUniqueKey);
142 EncryptedSerializable encryption(
143 resource_manager_, parent_key_fn, sensitive_material);
144 auto signing_key_fn = SigningKeyCreator(kUniqueKey);
145 HmacSerializable sign_check(
146 resource_manager_, signing_key_fn, TPM2_SHA256_DIGEST_SIZE, &encryption);
147 auto generated_blob = SerializableToKeyBlob(sign_check);
148 LOG(VERBOSE) << "Keymaster key size: " << generated_blob.key_material_size;
149 if (generated_blob.key_material_size != 0) {
150 *blob = generated_blob;
151 return KM_ERROR_OK;
152 }
153 LOG(ERROR) << "Failed to serialize key.";
154 return KM_ERROR_UNKNOWN_ERROR;
155 }
156
UnwrapKeyBlob(const keymaster_key_blob_t & blob,AuthorizationSet * hw_enforced,AuthorizationSet * sw_enforced,KeymasterKeyBlob * key_material) const157 keymaster_error_t TpmKeyBlobMaker::UnwrapKeyBlob(
158 const keymaster_key_blob_t& blob,
159 AuthorizationSet* hw_enforced,
160 AuthorizationSet* sw_enforced,
161 KeymasterKeyBlob* key_material) const {
162 keymaster::Buffer key_material_buffer(blob.key_material_size);
163 CompositeSerializable sensitive_material(
164 {&key_material_buffer, hw_enforced, sw_enforced});
165 auto parent_key_fn = ParentKeyCreator(kUniqueKey);
166 EncryptedSerializable encryption(
167 resource_manager_, parent_key_fn, sensitive_material);
168 auto signing_key_fn = SigningKeyCreator(kUniqueKey);
169 HmacSerializable sign_check(
170 resource_manager_, signing_key_fn, TPM2_SHA256_DIGEST_SIZE, &encryption);
171 auto buf = blob.key_material;
172 auto buf_end = buf + blob.key_material_size;
173 if (!sign_check.Deserialize(&buf, buf_end)) {
174 LOG(ERROR) << "Failed to deserialize key.";
175 return KM_ERROR_UNKNOWN_ERROR;
176 }
177 if (key_material_buffer.available_read() == 0) {
178 LOG(ERROR) << "Key material was corrupted and the size was too large";
179 return KM_ERROR_UNKNOWN_ERROR;
180 }
181 *key_material = KeymasterKeyBlob(
182 key_material_buffer.peek_read(), key_material_buffer.available_read());
183 return KM_ERROR_OK;
184 }
185
SetSystemVersion(uint32_t os_version,uint32_t os_patchlevel)186 keymaster_error_t TpmKeyBlobMaker::SetSystemVersion(
187 uint32_t os_version, uint32_t os_patchlevel) {
188 // TODO(b/155697375): Only accept new values of these from the bootloader
189 os_version_ = os_version;
190 os_patchlevel_ = os_patchlevel;
191 return KM_ERROR_OK;
192 }
193